maintainer-feedback requested: [Bug 197875] [PATCH] lang/ruby22: fix false-positive vulnerabilities when set as default ruby version.

[bugzilla-noreply at freebsd.org]

Yasuhiro KIMURA <freebsd.org at pob01.utahime.jp> has reassigned Bugzilla
Automation <bugzilla at FreeBSD.org>'s request for maintainer-feedback to
ruby at FreeBSD.org:
Bug 197875: [PATCH] lang/ruby22: fix false-positive vulnerabilities when set as
default ruby version.
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197875



--- Description ---
When set as default ruby version, lang/ruby22 fails to build because of
false-positive vulnerabilities as following:

root at rolling-vm-freebsd1:/ # grep DEFAULT_VERSIONS /etc/make.conf
DEFAULT_VERSIONS=	apache=2.4 perl5=5.20 php=5.5 ruby=2.2
root at rolling-vm-freebsd1:/ # cd /usr/ports/lang/ruby22/
root at rolling-vm-freebsd1:/usr/ports/lang/ruby22 # make
===>  ruby-2.2.0 has known vulnerabilities:
ruby-2.2.0 is vulnerable:
ruby -- multiple vulnerabilities
CVE: CVE-2006-3694
WWW: http://vuxml.FreeBSD.org/freebsd/76562594-1f19-11db-b7d4-0008743bf21a.html

ruby-2.2.0 is vulnerable:
Multiple implementations -- DoS via hash algorithm collision
CVE: CVE-2011-5037
CVE: CVE-2011-5036
CVE: CVE-2011-4815
CVE: CVE-2011-4838
WWW: http://vuxml.FreeBSD.org/freebsd/91be81e7-3fea-11e1-afc7-2c4138874f7d.html

1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update
available.
=> If you wish to ignore this vulnerability rebuild with 'make
DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[1]: stopped in /am/eastasia/usr0/freebsd/ports/ports/lang/ruby22
*** Error code 1

Stop.
make: stopped in /am/eastasia/usr0/freebsd/ports/ports/lang/ruby22
root at rolling-vm-freebsd1:/usr/ports/lang/ruby22 #

Attached patch fixes the issue.

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer ruby at FreeBSD.org