Wednesday, March 11, 2026

Update: Ruby 3.4.9

Update to the latest release of Ruby 3.4. Release notes at:
https://www.ruby-lang.org/en/news/2026/03/11/ruby-3-4-9-released/

Fixes CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader

Tested on amd64. I plan on committing in a couple days unless I hear
objections.

If someone could handle the -stable backport, I would appreciate it.

Best,
Jeremy

Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/3.4/Makefile,v
retrieving revision 1.11
diff -u -p -u -p -r1.11 Makefile
--- Makefile 19 Dec 2025 02:51:40 -0000 1.11
+++ Makefile 12 Mar 2026 00:01:43 -0000
@@ -1,4 +1,4 @@
-VERSION = 3.4.8
+VERSION = 3.4.9
DISTNAME = ruby-${VERSION}
PKGNAME-main = ruby-${VERSION}
PKGNAME-ri_docs = ruby${BINREV}-ri_docs-${VERSION}
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/3.4/distinfo,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 distinfo
--- distinfo 19 Dec 2025 02:51:40 -0000 1.8
+++ distinfo 12 Mar 2026 00:01:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (ruby-3.4.8.tar.gz) = U8TdrUH7thifH17g21elHVS9H4f4dVs9aGBBVqNbBFs=
-SIZE (ruby-3.4.8.tar.gz) = 23288284
+SHA256 (ruby-3.4.9.tar.gz) = e7TU9egHzCclHRTZ1ghtGCxbJYdRkeRKsVtwnNen3Zw=
+SIZE (ruby-3.4.9.tar.gz) = 22456968
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/lang/ruby/3.4/pkg/PLIST-main,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 PLIST-main
--- pkg/PLIST-main 19 Dec 2025 02:51:40 -0000 1.8
+++ pkg/PLIST-main 12 Mar 2026 00:01:44 -0000
@@ -3276,7 +3276,7 @@ lib/ruby/gems/${REV}/gems/un-0.3.0/
lib/ruby/gems/${REV}/gems/uri-1.0.4/
lib/ruby/gems/${REV}/gems/weakref-0.1.3/
lib/ruby/gems/${REV}/gems/yaml-0.4.0/
-lib/ruby/gems/${REV}/gems/zlib-3.2.1/
+lib/ruby/gems/${REV}/gems/zlib-3.2.3/
lib/ruby/gems/${REV}/plugins/
lib/ruby/gems/${REV}/specifications/
lib/ruby/gems/${REV}/specifications/abbrev-0.1.2.gemspec
@@ -3342,7 +3342,7 @@ lib/ruby/gems/${REV}/specifications/defa
lib/ruby/gems/${REV}/specifications/default/uri-1.0.4.gemspec
lib/ruby/gems/${REV}/specifications/default/weakref-0.1.3.gemspec
lib/ruby/gems/${REV}/specifications/default/yaml-0.4.0.gemspec
-lib/ruby/gems/${REV}/specifications/default/zlib-3.2.1.gemspec
+lib/ruby/gems/${REV}/specifications/default/zlib-3.2.3.gemspec
lib/ruby/gems/${REV}/specifications/drb-2.2.1.gemspec
lib/ruby/gems/${REV}/specifications/getoptlong-0.2.1.gemspec
lib/ruby/gems/${REV}/specifications/matrix-0.4.2.gemspec

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)