cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

ruby: update to 2.7.1

Browse Source 
New subpackages (reflect of ongoing ruby gemification)
- ruby-benchmark (from ruby-debuglib)
- ruby-delegate (from ruby-misc)
- ruby-getoptlong (from ruby-misc)
- ruby-net-pop (from ruby-net)
- ruby-net-imap (from ruby-net)
- ruby-observer (from ruby-patterns, now gone)
- ruby-open3 (from ruby-misc)
- ruby-readline-ext (was ruby-readline, while ruby-readline now selects either
    ruby-readline-ext or ruby-reline)
- ruby-reline (alternative to ruby-readline-ext as pure ruby)
- ruby-singleton (from ruby-patterns, now gone)
- ruby-timeout (from ruby-multithread)

Dropped subpackages:
- ruby-cmath (gone in 2.7.0)
- ruby-e2mmap (gone in 2.7.0)
- ruby-patterns (splitted into ruby-observer, ruby-singleton)
- ruby-scanf (gone in 2.7.0)
- ruby-shell (gone in 2.7.0)
- ruby-sync (gone in 2.7.0)
- ruby-thwait (gone in 2.7.0)

Ruby 2.7.0 also dropped profile.rb and profiler.rb (they were in ruby-debuglib)

Patches changes:
- Dropped patch 001_fix_isnan_isinf_finite_with_uclibc.patch (now in release)
- Added 100-musl.patch, fixing mainly coroutine implementation selection

Helper scripts changes:
- ruby_missingfiles: do not ignore ruby-dev files
- ruby_find_pkgsdeps: better detect circular dependencies

Ruby 2.7.1 fixes these security issues:

* CVE-2020-10663: Unsafe Object Creation Vulnerability in JSON (Additional fix)
* CVE-2020-10933: Heap exposure vulnerability in the socket library

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This commit is contained in:
Luiz Angelo Daros de Luca
2019-12-30 22:03:18 -03:00
parent e086343cb5
commit 366828f0e7
5 changed files with 181 additions and 185 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lang/ruby/ruby_find_pkgsdeps
+14 -5
View File
@@ -22,11 +22,12 @@ end
require_regex=/^require ["']([^"']+)["'].*/
require_regex_ignore=/^require ([a-zA-Z\$]|["']$|.*\/$)/
require_ignore=%w{drb/invokemethod16 foo rubygems/defaults/operating_system win32console java Win32API
require_ignore=%w{foo rubygems/defaults/operating_system win32console java Win32API
builder/xchar json/pure simplecov win32/sspi rdoc/markdown/literals_1_8 enumerator win32/resolv rbtree
nqxml/streamingparser nqxml/treeparser xmlscan/parser xmlscan/scanner xmltreebuilder xml/parser xmlparser xml/encoding-ja xmlencoding-ja
xmlscan/parser xmlscan/scanner xmltreebuilder xml/parser xmlparser xml/encoding-ja xmlencoding-ja
iconv uconv win32ole gettext/po_parser gettext/mo libxml psych.jar psych_jars jar-dependencies thread minitest/proveit
bundler pry bcrypt net/http/pipeline capistrano/version rubygems/builder rubygems/format diff/lcs graphviz
win32api racc/cparse-jruby.jar profile profiler
}
builtin_enc=[
@@ -85,7 +86,7 @@ packages.each do
next
end
if not require_regex =~ line
$stderr.puts "Unknown require: '#{line}' at file #{file}:#{lineno}"
puts "Unknown require: '#{line}' at file #{file}:#{lineno}"
failed=true
end
require=line.gsub(require_regex,"\\1")
@@ -141,10 +142,12 @@ weak_dependency.merge!({
"ruby-debuglib"=>["ruby-readline"], #debug.rb
"ruby-drb"=>["ruby-openssl"], #drb/ssl.rb
"ruby-irb"=>["ruby-rdoc", "ruby-readline"], #irb/cmd/help.rb
"ruby-gems"=>["ruby-openssl","ruby-io-console","ruby-webrick"], #rubygems/commands/cert_command.rb rubygems/user_interaction.rb rubygems/server.rb
"ruby-gems"=>["ruby-openssl","ruby-io-console","ruby-webrick", #rubygems/commands/cert_command.rb rubygems/user_interaction.rb rubygems/server.rb
"ruby-bundler"], #rubygems.rb
"ruby-mkmf"=>["ruby-webrick"], #un.rb
"ruby-net"=>["ruby-openssl","ruby-io-console","ruby-zlib"], #net/*.rb
"ruby-optparse"=>["ruby-uri","ruby-datetime"], #optparse/date.rb optparse/uri.rb
"ruby-racc"=>["ruby-gems"], #/usr/bin/racc*
"ruby-rake"=>["ruby-net","ruby-gems"], #rake/contrib/ftptools.rb /usr/bin/rake
"ruby-rdoc"=>["ruby-gems","ruby-readline","ruby-webrick", #/usr/bin/rdoc and others
"ruby-io-console"], #rdoc/stats/normal.rb
@@ -198,11 +201,17 @@ begin
package_dependencies.each do
|(pkg,deps)|
next if deps.empty?
deps.each {|dep| puts "#{pkg}: #{dep} also depends on #{pkg}" if package_dependencies[dep].include?(pkg) }
deps_new = deps.collect {|dep| [dep] + package_dependencies[dep] }.inject([],:+).uniq.sort
if not deps == deps_new
puts "#{pkg}: #{deps.join(",")}"
puts "#{pkg}: #{deps_new.join(",")}"
package_dependencies[pkg]=deps_new
if deps_new.include?(pkg)
$stderr.puts "#{pkg}: Circular dependency detected (#1)!"
exit 1
end
changed=true
end
end
@@ -218,7 +227,7 @@ puts "Checking for mutual dependencies..."
package_dependencies.each do
|(pkg,deps)|
if deps.include? pkg
$stderr.puts "#{pkg}: Cycle dependency detected! "
$stderr.puts "#{pkg}: Circular dependency detected (#2)!"
failed = true
end
end