commit: 0073ad68aa2f375dfd8ad1ee012a45250099fa7e
Author: Hans de Graaff <graaff <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 23 08:48:51 2017 +0000
Commit: Hans de Graaff <graaff <AT> gentoo <DOT> org>
CommitDate: Sun Jul 23 08:48:51 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0073ad68
dev-lang/ruby: fix security bugs
Fix SMTP command injection, bug 621878
Fix weak DH group, bug 571194
Package-Manager: Portage-2.3.6, Repoman-2.3.2
dev-lang/ruby/Manifest | 1 +
dev-lang/ruby/ruby-2.3.4-r3.ebuild | 242 +++++++++++++++++++++++++++++++++++++
2 files changed, 243 insertions(+)
diff --git a/dev-lang/ruby/Manifest b/dev-lang/ruby/Manifest
index 28dedaabd35..69b34e9440d 100644
--- a/dev-lang/ruby/Manifest
+++ b/dev-lang/ruby/Manifest
@@ -13,6 +13,7 @@ DIST ruby-patches-2.2.7-r3.tar.bz2 5757 SHA256
3470915805a6264ad74a9c7cb7280c4be
DIST ruby-patches-2.3.3-r1.tar.bz2 2223 SHA256
f0a803173564368e5cf31162e1dba901c46640f9e861255f6cbe14256d18f3eb SHA512
bb47000e516017c1fedf7c5313b0628fa734030e69bd0fed1c06a38dd115b8c50837e3dd917f272e24abf5609c4c12793ae4570bfd7d6210290785bf2f8287bd
WHIRLPOOL
0b0d4dcf7df4ff3ff11610bfe7a7b29ed621b45b412cb7618a6572f98a568ac67419bd852b193cfc3aa0968382cf9400a578511e9e8fb8b2125bc876e733bd64
DIST ruby-patches-2.3.4-r1.tar.bz2 2255 SHA256
32bb888f3ea9e81e4fdff5e852493aafc8f12bfcf9997981f7b7588d6e8ec9c1 SHA512
af7ad3255cf8450859e3c5564393ca106893fd1e40178ad153fb8e66871d30e326f63d48c1904fac5c353408f71e767c72d49fdbf47198c041a628b41c51c868
WHIRLPOOL
dc412a788ec77dc9dad4fd631fc8aa5c909b9d21bf6b0b538c4ba398c1670cb01fbf1e4d92a38fa869b96f786707a9c45c7fe5ca7e04f75ff428b20d9fb34c53
DIST ruby-patches-2.3.4-r2.tar.bz2 3423 SHA256
5bea5f60033bfaf711c62004dfb4ed3d677b3a96d98de30ffe18ccd40c8533c3 SHA512
502bceb711e4ae1add64dde1ca94cfbb09c8a69010b8e640bb41d8278c0bb8073d3b6c3350217b9775a76746d3bdbc46f0b51342f4812e36341f0671c574d28e
WHIRLPOOL
cae21a87e76e3da40ee8d2a73c028bc658c6e6b6860b9f4e656fb769830734396a1ccf47453f355636e252fe3f8d3fc44d427d08249c08f37a6fdbffcdc25c8e
+DIST ruby-patches-2.3.4-r3.tar.bz2 4698 SHA256
196bbafe0c43718b4e2120e2e4d681befe9ccba1d2607fb9459d670c74d5bd38 SHA512
f2867c3460e3a276849b09bd367949024aa8c0e4631fef6bd46e1ef44d56dfe2a7baa88ea640b8953252e566d7927178da50195b6382d8fd8e1b9ef7d9ceb2fc
WHIRLPOOL
9ba584dcc0055f4401f4345da7b161d08b4a4651ea669b7a26c7504d3aeb650051080d089652c2ae39e0163609cbef1f480a46555a4f3af8297180215929d472
DIST ruby-patches-2.3.4.tar.bz2 2255 SHA256
32bb888f3ea9e81e4fdff5e852493aafc8f12bfcf9997981f7b7588d6e8ec9c1 SHA512
af7ad3255cf8450859e3c5564393ca106893fd1e40178ad153fb8e66871d30e326f63d48c1904fac5c353408f71e767c72d49fdbf47198c041a628b41c51c868
WHIRLPOOL
dc412a788ec77dc9dad4fd631fc8aa5c909b9d21bf6b0b538c4ba398c1670cb01fbf1e4d92a38fa869b96f786707a9c45c7fe5ca7e04f75ff428b20d9fb34c53
DIST ruby-patches-2.4.1-r1.tar.bz2 2047 SHA256
9560b8e8dc4a5517814df07aa635c9269f5e7cff5a15827a25a9f0811194e450 SHA512
b35db875a7e4a226e75eb6f7bc68b4bc97cc699bdc5f6930015e55cdc324b67b9883a2aa574c9c9a8b5dc5345c4df8a5ca8ace5b794b3e4de6517f3eefd25745
WHIRLPOOL
fc5d226f46fe4ee1c86f6fff51ec9184b8c0ec08a1793eab365437d4ce2fd573cfc8857386cd10932f7dde05254bc975eff5b7986aea429730c606147fae2a5c
DIST ruby-patches-2.4.1-r2.tar.bz2 4030 SHA256
f1beac832d3bd94b8a0be137da845ce96edd574be61f25945150e9a351e4ee73 SHA512
e3f141710a23e4716696fdd5fd898386b32ce6e9d729738591bde8a74f9af8353e0a3f5f9c48403443c6c1ee074b5c2f3b5e9503d96b57de5c6c484ccb337b40
WHIRLPOOL
327404741b8448f7d49ad3ca3cfe915b60881348fc98e18027276f26d4381237f67b7f8d849df765e76184c2f4a92861b585ddf9b25dcb485e4ac5e2b4ad43cd
diff --git a/dev-lang/ruby/ruby-2.3.4-r3.ebuild
b/dev-lang/ruby/ruby-2.3.4-r3.ebuild
new file mode 100644
index 00000000000..c3c8f0b9277
--- /dev/null
+++ b/dev-lang/ruby/ruby-2.3.4-r3.ebuild
@@ -0,0 +1,242 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+#PATCHSET=1
+
+inherit autotools eutils flag-o-matic multilib versionator
+
+MY_P="${PN}-$(get_version_component_range 1-3)"
+S=${WORKDIR}/${MY_P}
+
+SLOT=$(get_version_component_range 1-2)
+MY_SUFFIX=$(delete_version_separator 1 ${SLOT})
+RUBYVERSION=2.3.0
+
+if [[ -n ${PATCHSET} ]]; then
+ if [[ ${PVR} == ${PV} ]]; then
+ PATCHSET="${PV}-r0.${PATCHSET}"
+ else
+ PATCHSET="${PVR}.${PATCHSET}"
+ fi
+else
+ PATCHSET="${PVR}"
+fi
+
+DESCRIPTION="An object-oriented scripting language"
+HOMEPAGE="http://www.ruby-lang.org/";
+SRC_URI="mirror://ruby/${SLOT}/${MY_P}.tar.xz
+
https://dev.gentoo.org/~flameeyes/ruby-team/${PN}-patches-${PATCHSET}.tar.bz2";
+
+LICENSE="|| ( Ruby-BSD BSD-2 )"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh
~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="berkdb debug doc examples gdbm ipv6 jemalloc libressl +rdoc rubytests
socks5 ssl tk xemacs ncurses +readline"
+
+RDEPEND="
+ berkdb? ( sys-libs/db:= )
+ gdbm? ( sys-libs/gdbm )
+ jemalloc? ( dev-libs/jemalloc )
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl )
+ )
+ socks5? ( >=net-proxy/dante-1.1.13 )
+ tk? (
+ dev-lang/tcl:0=[threads]
+ dev-lang/tk:0=[threads]
+ )
+ ncurses? ( sys-libs/ncurses:0= )
+ readline? ( sys-libs/readline:0= )
+ dev-libs/libyaml
+ virtual/libffi
+ sys-libs/zlib
+ >=app-eselect/eselect-ruby-20151229
+ !<dev-ruby/rdoc-3.9.4
+ !<dev-ruby/rubygems-1.8.10-r1"
+
+DEPEND="${RDEPEND}"
+
+BUNDLED_GEMS="
+ >=dev-ruby/did_you_mean-1.0.0:1[ruby_targets_ruby23]
+ >=dev-ruby/minitest-5.8.3[ruby_targets_ruby23]
+ >=dev-ruby/net-telnet-0.1.1[ruby_targets_ruby23]
+ >=dev-ruby/power_assert-0.2.6[ruby_targets_ruby23]
+ >=dev-ruby/rake-10.4.2[ruby_targets_ruby23]
+ >=dev-ruby/test-unit-3.1.5[ruby_targets_ruby23]
+"
+
+PDEPEND="
+ ${BUNDLED_GEMS}
+ virtual/rubygems[ruby_targets_ruby23]
+ >=dev-ruby/json-1.8.3[ruby_targets_ruby23]
+ rdoc? ( >=dev-ruby/rdoc-4.2.1[ruby_targets_ruby23] )
+ xemacs? ( app-xemacs/ruby-modes )"
+
+src_prepare() {
+ EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \
+ epatch "${WORKDIR}/patches"
+
+ einfo "Unbundling gems..."
+ cd "$S"
+ # Remove bundled gems that we will install via PDEPEND, bug
+ # 539700. Use explicit version numbers to ensure rm fails when they
+ # change so we can update dependencies accordingly.
+ rm -f
gems/{did_you_mean-1.0.0,minitest-5.8.3,net-telnet-0.1.1,power_assert-0.2.6,rake-10.4.2,test-unit-3.1.5}.gem
|| die
+
+ # Fix a hardcoded lib path in configure script
+ sed -i -e "s:\(RUBY_LIB_PREFIX=\"\${prefix}/\)lib:\1$(get_libdir):" \
+ configure.in || die "sed failed"
+
+ eautoreconf
+}
+
+src_configure() {
+ local modules= myconf=
+
+ # -fomit-frame-pointer makes ruby segfault, see bug #150413.
+ filter-flags -fomit-frame-pointer
+ # In many places aliasing rules are broken; play it safe
+ # as it's risky with newer compilers to leave it as it is.
+ append-flags -fno-strict-aliasing
+ # SuperH needs this
+ use sh && append-flags -mieee
+
+ # Socks support via dante
+ if use socks5 ; then
+ # Socks support can't be disabled as long as SOCKS_SERVER is
+ # set and socks library is present, so need to unset
+ # SOCKS_SERVER in that case.
+ unset SOCKS_SERVER
+ fi
+
+ # Increase GC_MALLOC_LIMIT if set (default is 8000000)
+ if [ -n "${RUBY_GC_MALLOC_LIMIT}" ] ; then
+ append-flags "-DGC_MALLOC_LIMIT=${RUBY_GC_MALLOC_LIMIT}"
+ fi
+
+ # ipv6 hack, bug 168939. Needs --enable-ipv6.
+ use ipv6 || myconf="${myconf} --with-lookup-order-hack=INET"
+
+ # Determine which modules *not* to build depending in the USE flags.
+ if ! use readline ; then
+ modules="${modules},readline"
+ fi
+ if ! use berkdb ; then
+ modules="${modules},dbm"
+ fi
+ if ! use gdbm ; then
+ modules="${modules},gdbm"
+ fi
+ if ! use ssl ; then
+ modules="${modules},openssl"
+ fi
+ if ! use ncurses ; then
+ modules="${modules},curses"
+ fi
+ if ! use tk ; then
+ modules="${modules},tk"
+ fi
+
+ # Provide an empty LIBPATHENV because we disable rpath but we do not
+ # need LD_LIBRARY_PATH by default since that breaks USE=multitarget
+ # #564272
+ INSTALL="${EPREFIX}/usr/bin/install -c" LIBPATHENV="" econf \
+ --program-suffix=${MY_SUFFIX} \
+ --with-soname=ruby${MY_SUFFIX} \
+ --docdir=${EPREFIX}/usr/share/doc/${P} \
+ --enable-shared \
+ --enable-pthread \
+ --disable-rpath \
+ --with-out-ext="${modules}" \
+ $(use_with jemalloc jemalloc) \
+ $(use_enable socks5 socks) \
+ $(use_enable doc install-doc) \
+ --enable-ipv6 \
+ $(use_enable debug) \
+ ${myconf} \
+ --enable-option-checking=no \
+ || die "econf failed"
+}
+
+src_compile() {
+ emake V=1 EXTLDFLAGS="${LDFLAGS}" || die "emake failed"
+}
+
+src_test() {
+ emake -j1 V=1 test || die "make test failed"
+
+ elog "Ruby's make test has been run. Ruby also ships with a make check"
+ elog "that cannot be run until after ruby has been installed."
+ elog
+ if use rubytests; then
+ elog "You have enabled rubytests, so they will be installed to"
+ elog "/usr/share/${PN}-${SLOT}/test. To run them you must be a
user other"
+ elog "than root, and you must place them into a writeable
directory."
+ elog "Then call: "
+ elog
+ elog "ruby${MY_SUFFIX} -C /location/of/tests runner.rb"
+ else
+ elog "Enable the rubytests USE flag to install the make check
tests"
+ fi
+}
+
+src_install() {
+ # Remove the remaining bundled gems. We do this late in the process
+ # since they are used during the build to e.g. create the
+ # documentation.
+ rm -rf ext/json || die
+
+ # Ruby is involved in the install process, we don't want interference
here.
+ unset RUBYOPT
+
+ local MINIRUBY=$(echo -e 'include Makefile\ngetminiruby:\n\t@echo
$(MINIRUBY)'|make -f - getminiruby)
+
+
LD_LIBRARY_PATH="${S}:${D}/usr/$(get_libdir)${LD_LIBRARY_PATH+:}${LD_LIBRARY_PATH}"
+ RUBYLIB="${S}:${D}/usr/$(get_libdir)/ruby/${RUBYVERSION}"
+ for d in $(find "${S}/ext" -type d) ; do
+ RUBYLIB="${RUBYLIB}:$d"
+ done
+ export LD_LIBRARY_PATH RUBYLIB
+
+ emake V=1 DESTDIR="${D}" install || die "make install failed"
+
+ # Remove installed rubygems and rdoc copy
+ rm -rf "${D}/usr/$(get_libdir)/ruby/${RUBYVERSION}/rubygems" || die "rm
rubygems failed"
+ rm -rf "${D}/usr/bin/"gem"${MY_SUFFIX}" || die "rm rdoc bins failed"
+ rm -rf "${D}/usr/$(get_libdir)/ruby/${RUBYVERSION}"/rdoc* || die "rm
rdoc failed"
+ rm -rf "${D}/usr/bin/"{ri,rdoc}"${MY_SUFFIX}" || die "rm rdoc bins
failed"
+
+ if use doc; then
+ make DESTDIR="${D}" install-doc || die "make install-doc failed"
+ fi
+
+ if use examples; then
+ insinto /usr/share/doc/${PF}
+ doins -r sample
+ fi
+
+ dodoc ChangeLog NEWS doc/NEWS* README* || die
+
+ if use rubytests; then
+ pushd test
+ insinto /usr/share/${PN}-${SLOT}/test
+ doins -r .
+ popd
+ fi
+}
+
+pkg_postinst() {
+ if [[ ! -n $(readlink "${ROOT}"usr/bin/ruby) ]] ; then
+ eselect ruby set ruby${MY_SUFFIX}
+ fi
+
+ elog
+ elog "To switch between available Ruby profiles, execute as root:"
+ elog "\teselect ruby set ruby(19|20|...)"
+ elog
+}
+
+pkg_postrm() {
+ eselect ruby cleanup
+}
