Re: [OE-core][scarthgap][PATCH 1/1] Revert "ruby: upgrade 3.2.2 -> 3.3.5"

Wed, 04 Dec 2024 13:23:32 -0800 

On 2024-12-04 3:49 p.m., Steve Sakoman wrote:

Sigh, I'm sorry I didn't catch this :-(

I think my eyes saw ruby "upgrade 3.3.2 -> 3.3.5", I checked the link
in the commit message to verify that the changes were all bug/security
fixes and I merged it.

We've already done a release with this update in it.  Perhaps we can
discuss it in the bug meeting tomorrow?

Steve


Yogita,
Please note, that only PATCH level updates are allowed (almost all the time) on stable releases. 
See: https://semver.org/


All,

Yikes!
Yes, we should discuss what to do in the bug meeting tomorrow and reply here to fill people in on the plans. If anyone has a strong opinion please let us know.
I didn't even notice that the change was from 3.2.x to 3.3.y when reviewing it. 
It seems that I assumed that no one would do that!
We're all so used to the rule of not changing MAJOR.MINOR that several people overlooked 
that MINOR was bumped by one.

For the 3.2.2..3.2.5 update, we have:
❯ git log v3_2_2..v3_2_5 --oneline  | wc -l
242


We could even take 3.2.6:

❯ git log v3_2_5..v3_2_6 --oneline | rg -v "merge revision"  | wc -l
20

https://github.com/ruby/ruby/commits/ruby_3_2/
It might be worth having a version comparison check tool to run before release. 

Thanks,

../Randy


On Wed, Dec 4, 2024 at 11:51 AM Randy MacLeod via
lists.openembedded.org
<[email protected]> wrote:

Add Robert and Hongxu who working with Yogita on this, iirc.

On 2024-12-03 5:14 a.m., Urade, Yogita via lists.openembedded.org wrote:

From: Yogita Urade<[email protected]>

This reverts commit 0402f54b66438ec6e9f06f02652e148dce6480b3.

This isn't a minor version upgrade.
$git log v3_2_2..v3_3_5 --oneline  | wc -l
6924

Do we have any ruby experts to comment on the stability of the 4.2 branch
and the update to 3.2.5?

They claim to be following a semantic versioning scheme:
   
https://www.ruby-lang.org/en/news/2013/12/21/ruby-version-policy-changes-with-2-1-0/


Ruby is a fairly large code base:
--------------------------------------------------------------------------------
  Language             Files        Lines        Blank      Comment         Code
--------------------------------------------------------------------------------
  Ruby                  7914      1480730       202190        82299      1196241
...
--------------------------------------------------------------------------------
  Total                 9409      2188531       271762       197233      1719536
--------------------------------------------------------------------------------

The git repo does have a branch for each release which would indicate
that they are at least familiar with the idea of stable releases.

Other than the number of commits being large, do we have
any data to support the idea that this is not a stable release update?

Yogita,
   What are the before, after and diff ptest results?

../Randy




Signed-off-by: Yogita Urade<[email protected]>
---
  ...Alignof-to-define-ALIGN_OF-when-poss.patch | 51 ++++++++++
  ...e.in-do-not-write-host-cross-cc-item.patch | 32 +++++++
  ...Obey-LDFLAGS-for-the-link-of-libruby.patch | 25 +++++
  ...-Makefile.in-filter-out-f-prefix-map.patch | 42 ++++++++
  ...eproducible-change-fixing-784225-too.patch | 26 ++---
  .../0006-Make-gemspecs-reproducible.patch     | 18 ++--
  .../ruby/ruby/CVE-2023-36617_1.patch          | 55 +++++++++++
  .../ruby/ruby/CVE-2023-36617_2.patch          | 51 ++++++++++
  .../ruby/ruby/CVE-2024-27281.patch            | 96 +++++++++++++++++++
  .../ruby/ruby/CVE-2024-27282.patch            | 27 ++++++
  .../ruby/ruby/remove_has_include_macros.patch | 35 +++++++
  .../ruby/{ruby_3.3.5.bb => ruby_3.2.2.bb}     | 13 ++-
  12 files changed, 446 insertions(+), 25 deletions(-)
  create mode 100644 
meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
  create mode 100644 
meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
  create mode 100644 
meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
  create mode 100644 
meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch
  create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
  create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
  create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
  create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
  create mode 100644 
meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch
  rename meta/recipes-devtools/ruby/{ruby_3.3.5.bb => ruby_3.2.2.bb} (88%)

>< snip >< snip ><


--
# Randy MacLeod
# Wind River Linux

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#208361): 
https://lists.openembedded.org/g/openembedded-core/message/208361
Mute This Topic: https://lists.openembedded.org/mt/109897713/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to