ports/167363: [MAINTAINER] update mail/rubygem-mail to 2.4.4

Eric Freeman freebsdports at chillibear.com
Fri Apr 27 15:20:09 UTC 2012 

>Number:         167363
>Category:       ports
>Synopsis:       [MAINTAINER] update mail/rubygem-mail to 2.4.4
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Apr 27 15:20:09 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Eric Freeman
>Release:        9.0
>Organization:
Sundive Networks
>Environment:
FreeBSD bsd9.local 9.0-CURRENT-201008 FreeBSD 9.0-CURRENT-201008 #0: Tue Aug  3 20:09:44 UTC 2010     root at farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64
>Description:
Eitan Adler alerted me to two flaws that are present in the version of the 'mail' gem currently in ports.  These are both fixed in the current (2.4.4) version.

Please see http://seclists.org/oss-sec/2012/q2/190 for details of the flaws.

These will have CVE-2012-2139 and CVE-2012-2140 assigned.


The patch in this PR updates the mail gem to 2.4.4  As it stands by the gemspecs there should be some version mismatches with 2.4.4, some pre-existing, some new[1].  That said I've successfully installed on a clean system and run test scripts using

 - mail/rubygem-actionmailer
 - mail/rubygem-pony
 - mail/rubygem-mail

to send email, so I'm fairly confident this wont break rails or anything.
I have removed the active-support dependency, since this appears to have been removed back in version 2.3.0


[1] By the gemspec mail requires:
    * i18n       >= 0.4.0  
    * mime-types ~> 1.16
    * treetop    ~> 1.4.8

    Currently ports has:
    * devel/rubygem-i18n      0.6.0
    * misc/rubygem-mime-types 1.17.2
    * devel/rubygem-treetop   1.4.10

    So mime-types and treetop are currently wrong, but it still appears to work without issues I can see with my limited testing.
>How-To-Repeat:
See 
http://seclists.org/oss-sec/2012/q2/190
CVE-2012-2139
CVE-2012-2140
>Fix:
--- mail/rubygem-mail.old/Makefile	2012-04-26 20:44:48.000000000 +0100
+++ mail/rubygem-mail/Makefile	2012-04-26 20:47:28.000000000 +0100
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	mail
-PORTVERSION=	2.4.1
+PORTVERSION=	2.4.4
 PORTEPOCH=	1
 CATEGORIES=	mail rubygems
 MASTER_SITES=	RG
@@ -18,7 +18,6 @@
 
 RUN_DEPENDS=	rubygem-treetop>=1.4.8:${PORTSDIR}/devel/rubygem-treetop \
 		rubygem-mime-types>=1.16:${PORTSDIR}/misc/rubygem-mime-types \
-		rubygem-activesupport>=2.3.6:${PORTSDIR}/devel/rubygem-activesupport \
 		rubygem-i18n>=0.4.0:${PORTSDIR}/devel/rubygem-i18n
 
 USE_RUBY=		yes
diff -ru mail/rubygem-mail.old/distinfo mail/rubygem-mail/distinfo
--- mail/rubygem-mail.old/distinfo	2012-04-26 20:44:48.000000000 +0100
+++ mail/rubygem-mail/distinfo	2012-04-26 20:47:40.000000000 +0100
@@ -1,2 +1,2 @@
-SHA256 (rubygem/mail-2.4.1.gem) = 80d742e6f93c01e7f25015f2cd1f88e8869b9ef4bce3fc22f0f568ce925c050e
-SIZE (rubygem/mail-2.4.1.gem) = 121856
+SHA256 (rubygem/mail-2.4.4.gem) = 237625b7e70f8cd9615658e0963c9880094a974cfa9dda7325e3537bcba7be45
+SIZE (rubygem/mail-2.4.4.gem) = 121856

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list