aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTBK <tbk@jjtc.eu>2021-01-05 16:23:07 +0100
committerLeo <thinkabit.ukim@gmail.com>2021-01-08 22:55:51 +0000
commitcc0df1112e9e20d96bf12d360c1bb85cb3d64f05 (patch)
treeb4816729db686245bce8cb02d1d51625e1a265eb
parentea3fd89439caa15ef761c8cc947bdf3093cd876f (diff)
downloadaports-cc0df1112e9e20d96bf12d360c1bb85cb3d64f05.tar.gz
aports-cc0df1112e9e20d96bf12d360c1bb85cb3d64f05.tar.bz2
aports-cc0df1112e9e20d96bf12d360c1bb85cb3d64f05.tar.xz
main/ruby: security upgrade to 2.7.2
-rw-r--r--main/ruby/APKBUILD19
-rw-r--r--main/ruby/arm-coroutines.patch29
-rw-r--r--main/ruby/openssl-config-support-include-directive.patch184
3 files changed, 13 insertions, 219 deletions
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
index 55bcdcf584..6d6f7a3c6d 100644
--- a/main/ruby/APKBUILD
+++ b/main/ruby/APKBUILD
@@ -3,6 +3,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
+# 2.7.2-r0:
+# - CVE-2020-25613
# 2.6.6-r0:
# - CVE-2020-10663
# - CVE-2020-10933
@@ -34,9 +36,9 @@
# - CVE-2017-17405
#
pkgname=ruby
-pkgver=2.7.1
+pkgver=2.7.2
_abiver="${pkgver%.*}.0"
-pkgrel=3
+pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
url="https://www.ruby-lang.org/"
arch="all"
@@ -71,7 +73,6 @@ source="https://cache.ruby-lang.org/pub/ruby/${pkgver%.*}/ruby-$pkgver.tar.gz
rubygems-avoid-platform-specific-gems.patch
test_insns-lower-recursion-depth.patch
fix-get_main_stack.patch
- openssl-config-support-include-directive.patch
arm-coroutines.patch
"
replaces="ruby-gems"
@@ -111,6 +112,13 @@ prepare() {
update_config_guess
autoconf
+
+ # v2.7.1 - Of all the bootstraptest only test_fiber fails on s390x:
+ # test_fiber.rb bootstraptest.tmp.rb:8: [BUG] vm_call_cfunc: cfp consistency error (0x000003ffb63fefb0, 0x000003ffb42f5f58)
+ case "$CARCH" in
+ s390x)
+ rm bootstraptest/test_fiber.rb ;;
+ esac
}
build() {
@@ -357,9 +365,8 @@ _mvgem() {
done
}
-sha512sums="d54ec78d46644269a200cc64c84beed1baaea74189e0ffc167f90f4b9540bb6d9e7b19807c0990e1b13738b83d1e2bb4c712396d033db6a7501e6046fff12839 ruby-2.7.1.tar.gz
+sha512sums="e80dc16b60149d0d6fedf0ba7b556ae460ff328ee63e9d9e41f5021f67addcc98159cb27bddccaebd6e4b1cddf29266f1c01c32d9ec8bb665aed63c0a2295f2f ruby-2.7.2.tar.gz
cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch
814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch
8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch
-a67813d7aa3553ed336f04b17461c5129546afb71a2a7cca6d1b1c860f8dd5839ca2f7695c971369f295aced3580687a28881ccd6c305f6dbdfe6b0ecf584d0e openssl-config-support-include-directive.patch
-eaee5cd1b11506df5d28d6ac909b0eae55d88e7fbb471a0cee1be7293934980a36616603a5bcb5cf8bf8518e5f313e2bba566c52bd57afe62505c8e02b0a7b87 arm-coroutines.patch"
+0300bd6f596db73603e9bf1b1ccbc09da27dc2082aa00ef6cecef474809bb91248739375c405e43819e86b0c8cee8dedefdad102478082eba011bdc795e657c7 arm-coroutines.patch"
diff --git a/main/ruby/arm-coroutines.patch b/main/ruby/arm-coroutines.patch
index 8df9d995d7..5f818a3dd5 100644
--- a/main/ruby/arm-coroutines.patch
+++ b/main/ruby/arm-coroutines.patch
@@ -35,35 +35,6 @@ Subject: [PATCH 2/3] Patch assembly so that it aligns properly
coroutine/arm32/Context.S | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
-diff --git a/coroutine/arm32/Context.S b/coroutine/arm32/Context.S
-index 195364fb655f..b66db29622a4 100644
---- a/coroutine/arm32/Context.S
-+++ b/coroutine/arm32/Context.S
-@@ -5,9 +5,13 @@
- ## Copyright, 2018, by Samuel Williams.
- ##
-
-+.file "Context.S"
- .text
--
- .globl coroutine_transfer
-+.align 2
-+.type coroutine_transfer,%function
-+.syntax unified
-+
- coroutine_transfer:
- # Save caller state (8 registers + return address)
- push {r4-r11,lr}
-
-From 360904b97e0f1012855cd150a59cc0074cfa7453 Mon Sep 17 00:00:00 2001
-From: Paul Jordan <paullj1@gmail.com>
-Date: Wed, 1 Apr 2020 02:18:23 +0100
-Subject: [PATCH 3/3] Fix helper to not assume glibc
-
----
- test/fiddle/helper.rb | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb
index 348131e4480f..f5c7bd2ca6c7 100644
--- a/test/fiddle/helper.rb
diff --git a/main/ruby/openssl-config-support-include-directive.patch b/main/ruby/openssl-config-support-include-directive.patch
deleted file mode 100644
index 2abf463760..0000000000
--- a/main/ruby/openssl-config-support-include-directive.patch
+++ /dev/null
@@ -1,184 +0,0 @@
-From f46bac1f3e8634e24c747d06b28e11b874f1e488 Mon Sep 17 00:00:00 2001
-From: Kazuki Yamaguchi <k@rhe.jp>
-Date: Thu, 16 Aug 2018 19:40:48 +0900
-Subject: [PATCH] config: support .include directive
-
-OpenSSL 1.1.1 introduces a new '.include' directive. Update our config
-parser to support that.
-
-As mentioned in the referenced GitHub issue, we should use the OpenSSL
-API instead of implementing the parsing logic ourselves, but it will
-need backwards-incompatible changes which we can't backport to stable
-versions. So continue to use the Ruby implementation for now.
-
-Reference: https://github.com/ruby/openssl/issues/208
-
-Patch-Source: https://src.fedoraproject.org/rpms/ruby/blob/04b63f48ea89ff10fcffafe2ff3815dfa0e16e99/f/ruby-2.6.0-config-support-include-directive.patch
----
- ext/openssl/lib/openssl/config.rb | 54 ++++++++++++++++++++-----------
- test/openssl/test_config.rb | 54 +++++++++++++++++++++++++++++++
- 2 files changed, 90 insertions(+), 18 deletions(-)
-
-diff --git a/ext/openssl/lib/openssl/config.rb b/ext/openssl/lib/openssl/config.rb
-index 88225451..ba3a54c8 100644
---- a/ext/openssl/lib/openssl/config.rb
-+++ b/ext/openssl/lib/openssl/config.rb
-@@ -77,29 +77,44 @@ def get_key_string(data, section, key) # :nodoc:
- def parse_config_lines(io)
- section = 'default'
- data = {section => {}}
-- while definition = get_definition(io)
-+ io_stack = [io]
-+ while definition = get_definition(io_stack)
- definition = clear_comments(definition)
- next if definition.empty?
-- if definition[0] == ?[
-+ case definition
-+ when /\A\[/
- if /\[([^\]]*)\]/ =~ definition
- section = $1.strip
- data[section] ||= {}
- else
- raise ConfigError, "missing close square bracket"
- end
-- else
-- if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
-- if $2
-- section = $1
-- key = $2
-- else
-- key = $1
-+ when /\A\.include (\s*=\s*)?(.+)\z/
-+ path = $2
-+ if File.directory?(path)
-+ files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB)
-+ else
-+ files = [path]
-+ end
-+
-+ files.each do |filename|
-+ begin
-+ io_stack << StringIO.new(File.read(filename))
-+ rescue
-+ raise ConfigError, "could not include file '%s'" % filename
- end
-- value = unescape_value(data, section, $3)
-- (data[section] ||= {})[key] = value.strip
-+ end
-+ when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/
-+ if $2
-+ section = $1
-+ key = $2
- else
-- raise ConfigError, "missing equal sign"
-+ key = $1
- end
-+ value = unescape_value(data, section, $3)
-+ (data[section] ||= {})[key] = value.strip
-+ else
-+ raise ConfigError, "missing equal sign"
- end
- end
- data
-@@ -212,10 +227,10 @@ def clear_comments(line)
- scanned.join
- end
-
-- def get_definition(io)
-- if line = get_line(io)
-+ def get_definition(io_stack)
-+ if line = get_line(io_stack)
- while /[^\\]\\\z/ =~ line
-- if extra = get_line(io)
-+ if extra = get_line(io_stack)
- line += extra
- else
- break
-@@ -225,9 +240,12 @@ def get_definition(io)
- end
- end
-
-- def get_line(io)
-- if line = io.gets
-- line.gsub(/[\r\n]*/, '')
-+ def get_line(io_stack)
-+ while io = io_stack.last
-+ if line = io.gets
-+ return line.gsub(/[\r\n]*/, '')
-+ end
-+ io_stack.pop
- end
- end
- end
-diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb
-index 99dcc497..5653b5d0 100644
---- a/test/openssl/test_config.rb
-+++ b/test/openssl/test_config.rb
-@@ -120,6 +120,49 @@ def test_s_parse_format
- assert_equal("error in line 7: missing close square bracket", excn.message)
- end
-
-+ def test_s_parse_include
-+ in_tmpdir("ossl-config-include-test") do |dir|
-+ Dir.mkdir("child")
-+ File.write("child/a.conf", <<~__EOC__)
-+ [default]
-+ file-a = a.conf
-+ [sec-a]
-+ a = 123
-+ __EOC__
-+ File.write("child/b.cnf", <<~__EOC__)
-+ [default]
-+ file-b = b.cnf
-+ [sec-b]
-+ b = 123
-+ __EOC__
-+ File.write("include-child.conf", <<~__EOC__)
-+ key_outside_section = value_a
-+ .include child
-+ __EOC__
-+
-+ include_file = <<~__EOC__
-+ [default]
-+ file-main = unnamed
-+ [sec-main]
-+ main = 123
-+ .include = include-child.conf
-+ __EOC__
-+
-+ # Include a file by relative path
-+ c1 = OpenSSL::Config.parse(include_file)
-+ assert_equal(["default", "sec-a", "sec-b", "sec-main"], c1.sections.sort)
-+ assert_equal(["file-main", "file-a", "file-b"], c1["default"].keys)
-+ assert_equal({"a" => "123"}, c1["sec-a"])
-+ assert_equal({"b" => "123"}, c1["sec-b"])
-+ assert_equal({"main" => "123", "key_outside_section" => "value_a"}, c1["sec-main"])
-+
-+ # Relative paths are from the working directory
-+ assert_raise(OpenSSL::ConfigError) do
-+ Dir.chdir("child") { OpenSSL::Config.parse(include_file) }
-+ end
-+ end
-+ end
-+
- def test_s_load
- # alias of new
- c = OpenSSL::Config.load
-@@ -299,6 +342,17 @@ def test_clone
- @it['newsection'] = {'a' => 'b'}
- assert_not_equal(@it.sections.sort, c.sections.sort)
- end
-+
-+ private
-+
-+ def in_tmpdir(*args)
-+ Dir.mktmpdir(*args) do |dir|
-+ dir = File.realpath(dir)
-+ Dir.chdir(dir) do
-+ yield dir
-+ end
-+ end
-+ end
- end
-
- end