On 2024-12-05 4:16 a.m., Alexander Kanavin wrote:
The use of ruby is marginal to non-existent in embedded space.
Agreed, I was going to comment, that thankfully, the error is "only ruby"!
In core it's only used in its native variant to build webkitgtk (they
have some ruby scripts that run during build), and in meta-oe, there's
openwsman that needs target ruby, and a couple other recipes that need
native ruby. I think no one's going to notice if this is reverted. No
one's going to notice the major version update being kept in
scarthgap, either.
Probably not but for anyone interested:
depends:ruby = 9
https://layers.openembedded.org/layerindex/branch/scarthgap/recipes/?q=depends:ruby
depnds:ruby-native = 49, mostly meta-openstack
https://layers.openembedded.org/layerindex/branch/scarthgap/recipes/?q=depends%3Aruby-native
Was this update prompted by some CVE needing to be fixed, and nothing else?
Correct, just CVE fixes.
../Randy
Alex
On Wed, 4 Dec 2024 at 22:23, Randy MacLeod via lists.openembedded.org
<[email protected]> wrote:
On 2024-12-04 3:49 p.m., Steve Sakoman wrote:
Sigh, I'm sorry I didn't catch this :-(
I think my eyes saw ruby "upgrade 3.3.2 -> 3.3.5", I checked the link
in the commit message to verify that the changes were all bug/security
fixes and I merged it.
We've already done a release with this update in it. Perhaps we can
discuss it in the bug meeting tomorrow?
Steve
Yogita,
Please note, that only PATCH level updates are allowed (almost all the time) on
stable releases.
See:https://semver.org/
All,
Yikes!
Yes, we should discuss what to do in the bug meeting tomorrow and reply here to
fill people in on the plans. If anyone has a strong opinion please let us know.
I didn't even notice that the change was from 3.2.x to 3.3.y when reviewing it.
It seems that I assumed that no one would do that!
We're all so used to the rule of not changing MAJOR.MINOR that several people
overlooked
that MINOR was bumped by one.
For the 3.2.2..3.2.5 update, we have:
❯ git log v3_2_2..v3_2_5 --oneline | wc -l
242
We could even take 3.2.6:
❯ git log v3_2_5..v3_2_6 --oneline | rg -v "merge revision" | wc -l
20
https://github.com/ruby/ruby/commits/ruby_3_2/
It might be worth having a version comparison check tool to run before release.
Thanks,
../Randy
On Wed, Dec 4, 2024 at 11:51 AM Randy MacLeod via
lists.openembedded.org
<[email protected]> wrote:
Add Robert and Hongxu who working with Yogita on this, iirc.
On 2024-12-03 5:14 a.m., Urade, Yogita via lists.openembedded.org wrote:
From: Yogita Urade<[email protected]>
This reverts commit 0402f54b66438ec6e9f06f02652e148dce6480b3.
This isn't a minor version upgrade.
$git log v3_2_2..v3_3_5 --oneline | wc -l
6924
Do we have any ruby experts to comment on the stability of the 4.2 branch
and the update to 3.2.5?
They claim to be following a semantic versioning scheme:
https://www.ruby-lang.org/en/news/2013/12/21/ruby-version-policy-changes-with-2-1-0/
Ruby is a fairly large code base:
--------------------------------------------------------------------------------
Language Files Lines Blank Comment Code
--------------------------------------------------------------------------------
Ruby 7914 1480730 202190 82299 1196241
...
--------------------------------------------------------------------------------
Total 9409 2188531 271762 197233 1719536
--------------------------------------------------------------------------------
The git repo does have a branch for each release which would indicate
that they are at least familiar with the idea of stable releases.
Other than the number of commits being large, do we have
any data to support the idea that this is not a stable release update?
Yogita,
What are the before, after and diff ptest results?
../Randy
Signed-off-by: Yogita Urade<[email protected]>
---
...Alignof-to-define-ALIGN_OF-when-poss.patch | 51 ++++++++++
...e.in-do-not-write-host-cross-cc-item.patch | 32 +++++++
...Obey-LDFLAGS-for-the-link-of-libruby.patch | 25 +++++
...-Makefile.in-filter-out-f-prefix-map.patch | 42 ++++++++
...eproducible-change-fixing-784225-too.patch | 26 ++---
.../0006-Make-gemspecs-reproducible.patch | 18 ++--
.../ruby/ruby/CVE-2023-36617_1.patch | 55 +++++++++++
.../ruby/ruby/CVE-2023-36617_2.patch | 51 ++++++++++
.../ruby/ruby/CVE-2024-27281.patch | 96 +++++++++++++++++++
.../ruby/ruby/CVE-2024-27282.patch | 27 ++++++
.../ruby/ruby/remove_has_include_macros.patch | 35 +++++++
.../ruby/{ruby_3.3.5.bb => ruby_3.2.2.bb} | 13 ++-
12 files changed, 446 insertions(+), 25 deletions(-)
create mode 100644
meta/recipes-devtools/ruby/ruby/0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
create mode 100644
meta/recipes-devtools/ruby/ruby/0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
create mode 100644
meta/recipes-devtools/ruby/ruby/0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
create mode 100644
meta/recipes-devtools/ruby/ruby/0002-template-Makefile.in-filter-out-f-prefix-map.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_1.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-36617_2.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
create mode 100644
meta/recipes-devtools/ruby/ruby/remove_has_include_macros.patch
rename meta/recipes-devtools/ruby/{ruby_3.3.5.bb => ruby_3.2.2.bb} (88%)
< snip >< snip ><
--
# Randy MacLeod
# Wind River Linux
--
# Randy MacLeod
# Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#208380):
https://lists.openembedded.org/g/openembedded-core/message/208380
Mute This Topic: https://lists.openembedded.org/mt/109897713/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
