diff options
| author |   Hans de Graaff <graaff@gentoo.org> | 2017-07-23 10:48:51 +0200 |
|---|---|---|
| committer | Hans de Graaff <graaff@gentoo.org> | 2017-07-23 10:48:51 +0200 |
| commit | 0073ad68aa2f375dfd8ad1ee012a45250099fa7e (patch) | |
| tree | 777f6fbd279ac341cca82e36a6ec67bf84eeaa9a /dev-lang/ruby | |
| parent | dev-lang/ruby: backport fix for security bug 621878 (diff) | |
| download | gentoo-0073ad68aa2f375dfd8ad1ee012a45250099fa7e.tar.gz gentoo-0073ad68aa2f375dfd8ad1ee012a45250099fa7e.tar.bz2 gentoo-0073ad68aa2f375dfd8ad1ee012a45250099fa7e.zip | |
dev-lang/ruby: fix security bugs
Fix SMTP command injection, bug 621878
Fix weak DH group, bug 571194
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Diffstat (limited to 'dev-lang/ruby')
| -rw-r--r-- | dev-lang/ruby/Manifest | 1 | ||||
| -rw-r--r-- | dev-lang/ruby/ruby-2.3.4-r3.ebuild | 242 |
2 files changed, 243 insertions, 0 deletions
diff --git a/dev-lang/ruby/Manifest b/dev-lang/ruby/Manifest index 28dedaabd351..69b34e9440d3 100644 --- a/dev-lang/ruby/Manifest +++ b/dev-lang/ruby/Manifest @@ -13,6 +13,7 @@ DIST ruby-patches-2.2.7-r3.tar.bz2 5757 SHA256 3470915805a6264ad74a9c7cb7280c4be DIST ruby-patches-2.3.3-r1.tar.bz2 2223 SHA256 f0a803173564368e5cf31162e1dba901c46640f9e861255f6cbe14256d18f3eb SHA512 bb47000e516017c1fedf7c5313b0628fa734030e69bd0fed1c06a38dd115b8c50837e3dd917f272e24abf5609c4c12793ae4570bfd7d6210290785bf2f8287bd WHIRLPOOL 0b0d4dcf7df4ff3ff11610bfe7a7b29ed621b45b412cb7618a6572f98a568ac67419bd852b193cfc3aa0968382cf9400a578511e9e8fb8b2125bc876e733bd64 DIST ruby-patches-2.3.4-r1.tar.bz2 2255 SHA256 32bb888f3ea9e81e4fdff5e852493aafc8f12bfcf9997981f7b7588d6e8ec9c1 SHA512 af7ad3255cf8450859e3c5564393ca106893fd1e40178ad153fb8e66871d30e326f63d48c1904fac5c353408f71e767c72d49fdbf47198c041a628b41c51c868 WHIRLPOOL dc412a788ec77dc9dad4fd631fc8aa5c909b9d21bf6b0b538c4ba398c1670cb01fbf1e4d92a38fa869b96f786707a9c45c7fe5ca7e04f75ff428b20d9fb34c53 DIST ruby-patches-2.3.4-r2.tar.bz2 3423 SHA256 5bea5f60033bfaf711c62004dfb4ed3d677b3a96d98de30ffe18ccd40c8533c3 SHA512 502bceb711e4ae1add64dde1ca94cfbb09c8a69010b8e640bb41d8278c0bb8073d3b6c3350217b9775a76746d3bdbc46f0b51342f4812e36341f0671c574d28e WHIRLPOOL cae21a87e76e3da40ee8d2a73c028bc658c6e6b6860b9f4e656fb769830734396a1ccf47453f355636e252fe3f8d3fc44d427d08249c08f37a6fdbffcdc25c8e +DIST ruby-patches-2.3.4-r3.tar.bz2 4698 SHA256 196bbafe0c43718b4e2120e2e4d681befe9ccba1d2607fb9459d670c74d5bd38 SHA512 f2867c3460e3a276849b09bd367949024aa8c0e4631fef6bd46e1ef44d56dfe2a7baa88ea640b8953252e566d7927178da50195b6382d8fd8e1b9ef7d9ceb2fc WHIRLPOOL 9ba584dcc0055f4401f4345da7b161d08b4a4651ea669b7a26c7504d3aeb650051080d089652c2ae39e0163609cbef1f480a46555a4f3af8297180215929d472 DIST ruby-patches-2.3.4.tar.bz2 2255 SHA256 32bb888f3ea9e81e4fdff5e852493aafc8f12bfcf9997981f7b7588d6e8ec9c1 SHA512 af7ad3255cf8450859e3c5564393ca106893fd1e40178ad153fb8e66871d30e326f63d48c1904fac5c353408f71e767c72d49fdbf47198c041a628b41c51c868 WHIRLPOOL dc412a788ec77dc9dad4fd631fc8aa5c909b9d21bf6b0b538c4ba398c1670cb01fbf1e4d92a38fa869b96f786707a9c45c7fe5ca7e04f75ff428b20d9fb34c53 DIST ruby-patches-2.4.1-r1.tar.bz2 2047 SHA256 9560b8e8dc4a5517814df07aa635c9269f5e7cff5a15827a25a9f0811194e450 SHA512 b35db875a7e4a226e75eb6f7bc68b4bc97cc699bdc5f6930015e55cdc324b67b9883a2aa574c9c9a8b5dc5345c4df8a5ca8ace5b794b3e4de6517f3eefd25745 WHIRLPOOL fc5d226f46fe4ee1c86f6fff51ec9184b8c0ec08a1793eab365437d4ce2fd573cfc8857386cd10932f7dde05254bc975eff5b7986aea429730c606147fae2a5c DIST ruby-patches-2.4.1-r2.tar.bz2 4030 SHA256 f1beac832d3bd94b8a0be137da845ce96edd574be61f25945150e9a351e4ee73 SHA512 e3f141710a23e4716696fdd5fd898386b32ce6e9d729738591bde8a74f9af8353e0a3f5f9c48403443c6c1ee074b5c2f3b5e9503d96b57de5c6c484ccb337b40 WHIRLPOOL 327404741b8448f7d49ad3ca3cfe915b60881348fc98e18027276f26d4381237f67b7f8d849df765e76184c2f4a92861b585ddf9b25dcb485e4ac5e2b4ad43cd diff --git a/dev-lang/ruby/ruby-2.3.4-r3.ebuild b/dev-lang/ruby/ruby-2.3.4-r3.ebuild new file mode 100644 index 000000000000..c3c8f0b92772 --- /dev/null +++ b/dev-lang/ruby/ruby-2.3.4-r3.ebuild @@ -0,0 +1,242 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +#PATCHSET=1 + +inherit autotools eutils flag-o-matic multilib versionator + +MY_P="${PN}-$(get_version_component_range 1-3)" +S=${WORKDIR}/${MY_P} + +SLOT=$(get_version_component_range 1-2) +MY_SUFFIX=$(delete_version_separator 1 ${SLOT}) +RUBYVERSION=2.3.0 + +if [[ -n ${PATCHSET} ]]; then + if [[ ${PVR} == ${PV} ]]; then + PATCHSET="${PV}-r0.${PATCHSET}" + else + PATCHSET="${PVR}.${PATCHSET}" + fi +else + PATCHSET="${PVR}" +fi + +DESCRIPTION="An object-oriented scripting language" +HOMEPAGE="http://www.ruby-lang.org/" +SRC_URI="mirror://ruby/${SLOT}/${MY_P}.tar.xz + https://dev.gentoo.org/~flameeyes/ruby-team/${PN}-patches-${PATCHSET}.tar.bz2" + +LICENSE="|| ( Ruby-BSD BSD-2 )" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd" +IUSE="berkdb debug doc examples gdbm ipv6 jemalloc libressl +rdoc rubytests socks5 ssl tk xemacs ncurses +readline" + +RDEPEND=" + berkdb? ( sys-libs/db:= ) + gdbm? ( sys-libs/gdbm ) + jemalloc? ( dev-libs/jemalloc ) + ssl? ( + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl ) + ) + socks5? ( >=net-proxy/dante-1.1.13 ) + tk? ( + dev-lang/tcl:0=[threads] + dev-lang/tk:0=[threads] + ) + ncurses? ( sys-libs/ncurses:0= ) + readline? ( sys-libs/readline:0= ) + dev-libs/libyaml + virtual/libffi + sys-libs/zlib + >=app-eselect/eselect-ruby-20151229 + !<dev-ruby/rdoc-3.9.4 + !<dev-ruby/rubygems-1.8.10-r1" + +DEPEND="${RDEPEND}" + +BUNDLED_GEMS=" + >=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23] + >=dev-ruby/minitest-5.8.3[ruby_targets_ruby23] + >=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23] + >=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23] + >=dev-ruby/rake-10.4.2[ruby_targets_ruby23] + >=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23] +" + +PDEPEND=" + ${BUNDLED_GEMS} + virtual/rubygems[ruby_targets_ruby23] + >=dev-ruby/json-1.8.3[ruby_targets_ruby23] + rdoc? ( >=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23] ) + xemacs? ( app-xemacs/ruby-modes )" + +src_prepare() { + EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ + epatch "${WORKDIR}/patches" + + einfo "Unbundling gems..." + cd "$S" + # Remove bundled gems that we will install via PDEPEND, bug + # 539700. Use explicit version numbers to ensure rm fails when they + # change so we can update dependencies accordingly. + rm -f gems/{did_you_mean-1.0.0,minitest-5.8.3,net-telnet-0.1.1,power_assert-0.2.6,rake-10.4.2,test-unit-3.1.5}.gem || die + + # Fix a hardcoded lib path in configure script + sed -i -e "s:\(RUBY_LIB_PREFIX=\"\${prefix}/\)lib:\1$(get_libdir):" \ + configure.in || die "sed failed" + + eautoreconf +} + +src_configure() { + local modules= myconf= + + # -fomit-frame-pointer makes ruby segfault, see bug #150413. + filter-flags -fomit-frame-pointer + # In many places aliasing rules are broken; play it safe + # as it's risky with newer compilers to leave it as it is. + append-flags -fno-strict-aliasing + # SuperH needs this + use sh && append-flags -mieee + + # Socks support via dante + if use socks5 ; then + # Socks support can't be disabled as long as SOCKS_SERVER is + # set and socks library is present, so need to unset + # SOCKS_SERVER in that case. + unset SOCKS_SERVER + fi + + # Increase GC_MALLOC_LIMIT if set (default is 8000000) + if [ -n "${RUBY_GC_MALLOC_LIMIT}" ] ; then + append-flags "-DGC_MALLOC_LIMIT=${RUBY_GC_MALLOC_LIMIT}" + fi + + # ipv6 hack, bug 168939. Needs --enable-ipv6. + use ipv6 || myconf="${myconf} --with-lookup-order-hack=INET" + + # Determine which modules *not* to build depending in the USE flags. + if ! use readline ; then + modules="${modules},readline" + fi + if ! use berkdb ; then + modules="${modules},dbm" + fi + if ! use gdbm ; then + modules="${modules},gdbm" + fi + if ! use ssl ; then + modules="${modules},openssl" + fi + if ! use ncurses ; then + modules="${modules},curses" + fi + if ! use tk ; then + modules="${modules},tk" + fi + + # Provide an empty LIBPATHENV because we disable rpath but we do not + # need LD_LIBRARY_PATH by default since that breaks USE=multitarget + # #564272 + INSTALL="${EPREFIX}/usr/bin/install -c" LIBPATHENV="" econf \ + --program-suffix=${MY_SUFFIX} \ + --with-soname=ruby${MY_SUFFIX} \ + --docdir=${EPREFIX}/usr/share/doc/${P} \ + --enable-shared \ + --enable-pthread \ + --disable-rpath \ + --with-out-ext="${modules}" \ + $(use_with jemalloc jemalloc) \ + $(use_enable socks5 socks) \ + $(use_enable doc install-doc) \ + --enable-ipv6 \ + $(use_enable debug) \ + ${myconf} \ + --enable-option-checking=no \ + || die "econf failed" +} + +src_compile() { + emake V=1 EXTLDFLAGS="${LDFLAGS}" || die "emake failed" +} + +src_test() { + emake -j1 V=1 test || die "make test failed" + + elog "Ruby's make test has been run. Ruby also ships with a make check" + elog "that cannot be run until after ruby has been installed." + elog + if use rubytests; then + elog "You have enabled rubytests, so they will be installed to" + elog "/usr/share/${PN}-${SLOT}/test. To run them you must be a user other" + elog "than root, and you must place them into a writeable directory." + elog "Then call: " + elog + elog "ruby${MY_SUFFIX} -C /location/of/tests runner.rb" + else + elog "Enable the rubytests USE flag to install the make check tests" + fi +} + +src_install() { + # Remove the remaining bundled gems. We do this late in the process + # since they are used during the build to e.g. create the + # documentation. + rm -rf ext/json || die + + # Ruby is involved in the install process, we don't want interference here. + unset RUBYOPT + + local MINIRUBY=$(echo -e 'include Makefile\ngetminiruby:\n\t@echo $(MINIRUBY)'|make -f - getminiruby) + + LD_LIBRARY_PATH="${S}:${D}/usr/$(get_libdir)${LD_LIBRARY_PATH+:}${LD_LIBRARY_PATH}" + RUBYLIB="${S}:${D}/usr/$(get_libdir)/ruby/${RUBYVERSION}" + for d in $(find "${S}/ext" -type d) ; do + RUBYLIB="${RUBYLIB}:$d" + done + export LD_LIBRARY_PATH RUBYLIB + + emake V=1 DESTDIR="${D}" install || die "make install failed" + + # Remove installed rubygems and rdoc copy + rm -rf "${D}/usr/$(get_libdir)/ruby/${RUBYVERSION}/rubygems" || die "rm rubygems failed" + rm -rf "${D}/usr/bin/"gem"${MY_SUFFIX}" || die "rm rdoc bins failed" + rm -rf "${D}/usr/$(get_libdir)/ruby/${RUBYVERSION}"/rdoc* || die "rm rdoc failed" + rm -rf "${D}/usr/bin/"{ri,rdoc}"${MY_SUFFIX}" || die "rm rdoc bins failed" + + if use doc; then + make DESTDIR="${D}" install-doc || die "make install-doc failed" + fi + + if use examples; then + insinto /usr/share/doc/${PF} + doins -r sample + fi + + dodoc ChangeLog NEWS doc/NEWS* README* || die + + if use rubytests; then + pushd test + insinto /usr/share/${PN}-${SLOT}/test + doins -r . + popd + fi +} + +pkg_postinst() { + if [[ ! -n $(readlink "${ROOT}"usr/bin/ruby) ]] ; then + eselect ruby set ruby${MY_SUFFIX} + fi + + elog + elog "To switch between available Ruby profiles, execute as root:" + elog "\teselect ruby set ruby(19|20|...)" + elog +} + +pkg_postrm() { + eselect ruby cleanup +} |