Download raw body.
Update: Ruby 4.0.3
This updates Ruby 4.0 to the latest release. Release announcement at
https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
This fixes CVE-2026-41316, so it should be backported to -stable after
the 7.8 stable branch opens. If someone could take care of that, I would
appreciate it. More information on the vulnerability at
https://www.ruby-lang.org/en/news/2026/04/21/erb-cve-2026-41316/
The only change in this release is the security fix, there were no other
changes apart from version bumps.
Tested on amd64. I plan on committing in a couple days unless I hear
objections.
Best,
Jeremy
Index: Makefile
===================================================================
RCS file: /cvs/ports/lang/ruby/4.0/Makefile,v
diff -u -p -u -p -r1.8 Makefile
--- Makefile 27 Mar 2026 16:41:27 -0000 1.8
+++ Makefile 8 May 2026 00:14:59 -0000
@@ -1,5 +1,4 @@
-VERSION = 4.0.2
-REVISION = 1
+VERSION = 4.0.3
DISTNAME = ruby-${VERSION}
PKGNAME-main = ruby-${VERSION}
PKGNAME-ri_docs = ruby${BINREV}-ri_docs-${VERSION}
Index: distinfo
===================================================================
RCS file: /cvs/ports/lang/ruby/4.0/distinfo,v
diff -u -p -u -p -r1.3 distinfo
--- distinfo 20 Mar 2026 01:39:32 -0000 1.3
+++ distinfo 8 May 2026 00:14:59 -0000
@@ -1,6 +1,6 @@
-SHA256 (ruby-4.0.2.tar.gz) = UVArJrULaN9JYzNspB42jN6SySj6+RZU3kxMF5H4Kqw=
+SHA256 (ruby-4.0.3.tar.gz) = d5ZKzDcNXIN1uVAuW6bBPAPvkaueufUhyE+0K5yaaw8=
SHA256 (ruby-box-test-fix.patch) = GbHsCPL9ZNdpXZl62mqghVbwkVoqKj6H3KtVJOoSrdk=
SHA256 (ruby402-gem-fix.patch) = KyimCdjFgcYMTU1LJvA0SW/Wrj9IG5Ip/MumzjafhA8=
-SIZE (ruby-4.0.2.tar.gz) = 23824654
+SIZE (ruby-4.0.3.tar.gz) = 23806898
SIZE (ruby-box-test-fix.patch) = 1047
SIZE (ruby402-gem-fix.patch) = 2248
Index: patches/patch-lib_rubygems_rb
===================================================================
RCS file: /cvs/ports/lang/ruby/4.0/patches/patch-lib_rubygems_rb,v
diff -u -p -u -p -r1.2 patch-lib_rubygems_rb
--- patches/patch-lib_rubygems_rb 20 Mar 2026 01:39:32 -0000 1.2
+++ patches/patch-lib_rubygems_rb 8 May 2026 00:14:59 -0000
@@ -9,7 +9,7 @@ The ENV usage is to skip this logic duri
Index: lib/rubygems.rb
--- lib/rubygems.rb.orig
+++ lib/rubygems.rb
-@@ -1245,6 +1245,13 @@ An Array (#{env.inspect}) was passed in from #{caller[
+@@ -1246,6 +1246,13 @@ An Array (#{env.inspect}) was passed in from #{caller[
attr_accessor :disable_system_update_message
Index: pkg/PLIST-main
===================================================================
RCS file: /cvs/ports/lang/ruby/4.0/pkg/PLIST-main,v
diff -u -p -u -p -r1.3 PLIST-main
--- pkg/PLIST-main 20 Mar 2026 01:39:32 -0000 1.3
+++ pkg/PLIST-main 8 May 2026 00:15:00 -0000
@@ -1567,9 +1567,9 @@ lib/ruby/gems/${REV}/gems/drb-2.2.3/lib/
lib/ruby/gems/${REV}/gems/drb-2.2.3/lib/drb/version.rb
lib/ruby/gems/${REV}/gems/drb-2.2.3/lib/drb/weakidconv.rb
lib/ruby/gems/${REV}/gems/english-0.8.1/
-lib/ruby/gems/${REV}/gems/erb-6.0.1/
-lib/ruby/gems/${REV}/gems/erb-6.0.1/libexec/
-lib/ruby/gems/${REV}/gems/erb-6.0.1/libexec/erb
+lib/ruby/gems/${REV}/gems/erb-6.0.1.1/
+lib/ruby/gems/${REV}/gems/erb-6.0.1.1/libexec/
+lib/ruby/gems/${REV}/gems/erb-6.0.1.1/libexec/erb
lib/ruby/gems/${REV}/gems/error_highlight-0.7.1/
lib/ruby/gems/${REV}/gems/etc-1.4.6/
lib/ruby/gems/${REV}/gems/fcntl-1.3.0/
@@ -3475,7 +3475,7 @@ lib/ruby/gems/${REV}/specifications/defa
lib/ruby/gems/${REV}/specifications/default/did_you_mean-2.0.0.gemspec
lib/ruby/gems/${REV}/specifications/default/digest-3.2.1.gemspec
lib/ruby/gems/${REV}/specifications/default/english-0.8.1.gemspec
-lib/ruby/gems/${REV}/specifications/default/erb-6.0.1.gemspec
+lib/ruby/gems/${REV}/specifications/default/erb-6.0.1.1.gemspec
lib/ruby/gems/${REV}/specifications/default/error_highlight-0.7.1.gemspec
lib/ruby/gems/${REV}/specifications/default/etc-1.4.6.gemspec
lib/ruby/gems/${REV}/specifications/default/fcntl-1.3.0.gemspec
Update: Ruby 4.0.3