Ruby 2.1.5 has been released.
This release includes a security fix for a DoS vulnerability of REXML.
It is similar to the fixed vulnerability in the previous release, but
new and different from it.
CVE-2014-8090: Another Denial of Service XML Expansion
And, some bug fixes are also included. See tickets and ChangeLog for details.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
Ref: https://www.ruby-lang.org/en/news/2014/10/27/ruby-2-1-4-released/
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ruby-core is problematic as it is too big.
It is impossible to fix pkgs dependencies as
ruby-core would generate multiple cycled dependencies
between packages.
Also, "core" in ruby context means "classes that does not need a 'require'".
This is not the case of ruby-core classes. They are, actually, a subset of
Ruby Standard Library.
In every detected case where a portion of ruby-core could be isolated and
save another pkgs from requiring all ruby-core where spin-off into a new
subset. Also, big portions of ruby-core, not require by current ruby-* pkgs
where spin-off in new pkgs. The remaining of ruby-core was put into a new ruby-misc.
ruby-stdlib was created as a meta package that requires all ruby packages that are
part of Ruby Standard Library. For a full Ruby Standard Library, just install
ruby-stdlib and its deps.
Created pkgs from ruby-stdlib:
- ruby-misc
- ruby-csv
- ruby-datetime
- ruby-dbm
- ruby-debuglib
- ruby-drb
- ruby-fiddle
- ruby-filelib
- ruby-logger
- ruby-math
- ruby-multithread
- ruby-mkmf
- ruby-net
- ruby-optparse
- ruby-patterns
- ruby-prettyprint
- ruby-pstore
- ruby-racc
- ruby-rbconfig
- ruby-rinda
- ruby-ripper
- ruby-sdbm
- ruby-shell
- ruby-socket
- ruby-uri
Some files from ruby-openssl where moved to new subpkgs (as ruby-net and ruby-drb).
All dependencies where redefined based on auxiliar script ruby_find_pkgsdeps
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Some files that belong to other subpkgs where still in
ruby-core. Just moved them to the correct place.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Ruby encoding library was too big and bring unecessary encodings for a simple ruby usage.
All not directly required encodings from stdlib where moved to ruby-enc-extra.
Created pkg from ruby-enc
- ruby-enc-extra (from ruby-enc)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Digest can use OpenSSL or ruby internal implementation of hash functions. The first
uses less disk space but requires openssl, that is relatively big. As internal hash
implementations are not too much bigger than openssl version, it is compiled by
default. A new config option can change it to use OpenSSL instead.
As digest is independent from openssl, ruby-digest was created as a new pkgs.
Adds pkgs:
- ruby-digest (from ruby-openssl)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Some ruby gems where still in ruby-core pkg. These files where
moved outside ruby-core into ruby-gems or their own subpkg.
ruby-unit renamed to ruby-testunit as its gem is named test-unit.
ruby-rdoc left a file in ruby-core.
Psych is a gem and deserves its own subpkg. It replaces syck
(used by yaml) on recent ruby version (ref:
https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/36786)
Also, some psych files where packed incorrecly into ruby-json. The asterisk
in */json was intend to match <arch>/json/ and not psych/json.
Files where derived
from ruby-core and a lost file in ruby-json.
New subpkgs:
- ruby-bigdecimal
- ruby-io-console
- ruby-minitest
- ruby-psych
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ext/digest/rmd160 was referencing a function that never existed in openssl.
The name was simply mistyped. Now it can use openssl.
openssl was always linked to ext/digest when library is avaiable,
even when it was disable by configure option and not used by code.
upstream refs: https://bugs.ruby-lang.org/issues/10252
upstream refs: https://bugs.ruby-lang.org/issues/10324
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
minitest can live without gems. Just a minor fix to
solve a require that fails when gem is missing
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
rdoc seems to be written to run without gem. However,
some internal code still does not check for gems presence.
With a small patch, rdoc can run without gems.
Ref: https://bugs.ruby-lang.org/issues/10196
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ruby, by default, try to load gems on start. If not
present, it fails. As gems brings many deps, this make ruby
unsuitable for routers limited resources.
ruby can avoid to load gems with the option "--disable-gems".
So, a wrap script in the place of /usr/bin/ruby adds this option
if gems are not found.
Also add vendor/site directories
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Docs are not currently packaged. So, there is no need to install
them. Also, doxygen have some problem with the usaged of git in
build_dir as it takes ages running git commands on every file.
Disabling the docs reduces the compilation time.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
ruby-ncurses where removed from ruby upstream (ruby commit
9c5b2fd8aa) and become solely
a gem now. OpenWRT subpackage removed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
libgmp.so is needed for miniruby, that is compiled in host.
Using PKG_BUILD_DEPENDS=gmp/host eventually compiled gmp/host
before ruby/host. However, when this did not happened, build
failed. Using HOST_BUILD_DEPENDS=gmp/host seems to be the
correct way to require it.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This commit imports the old Makefile from old openwrt feeds.
Also, the package was updated to the latest version.
The new version was tested in a VM with no aparent problem.
No patches are needed.
I added myself as maintainer. If possible, I would like to gain
commit access.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>