From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Woodcroft Subject: Re: Ruby security updates Date: Sat, 9 Jan 2016 15:15:04 +1000 Message-ID: <56909758.1040502@uq.edu.au> References: <87si271vks.fsf@netris.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------080101050809070403090301" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36874) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aHls0-00035S-4a for guix-devel@gnu.org; Sat, 09 Jan 2016 00:15:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aHlrw-00028m-U4 for guix-devel@gnu.org; Sat, 09 Jan 2016 00:15:20 -0500 Received: from mailhub2.soe.uq.edu.au ([130.102.132.209]:37927 helo=newmailhub.uq.edu.au) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aHlrw-00021s-CP for guix-devel@gnu.org; Sat, 09 Jan 2016 00:15:16 -0500 In-Reply-To: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: "Thompson, David" , Mark H Weaver Cc: guix-devel This is a multi-part message in MIME format. --------------080101050809070403090301 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit On 09/01/16 10:15, Thompson, David wrote: > On Fri, Jan 8, 2016 at 6:48 PM, Mark H Weaver wrote: >> Some of our ruby versions may need security updates. >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1248935 >> >> Can someone who cares about ruby please investigate? > This particular issue is definitely fixed in Ruby 2.2.4 or later, > which we upgraded very recently in response to this. Indeed, but seems it also affects 2.1 < 2.1.8, where we have 2.1.6. I've attached a trivial patch that updates it - ok to push? > Now, I suspect Pjotr will find issue with this, but I think we really > should drop the Ruby 1.8.7 package because it is end-of-life and will > *not* receive bug fixes or security updates. In general though it is a shame to remove old packages, Guix seems well suited to keeping old software usable. Is there a more useful place for removed packages to go other than the trash? A collection of exported profiles perhaps? ben --------------080101050809070403090301 Content-Type: text/x-patch; name="0001-gnu-ruby-2.1-Update-to-2.1.8.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="0001-gnu-ruby-2.1-Update-to-2.1.8.patch" >From 4c40fa0229dc2cb479227c16f23abad703101b70 Mon Sep 17 00:00:00 2001 From: Ben Woodcroft Date: Sat, 9 Jan 2016 14:53:58 +1000 Subject: [PATCH] gnu: ruby-2.1: Update to 2.1.8. * gnu/packages/ruby.scm (ruby-2.1): Update to 2.1.8. --- gnu/packages/ruby.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm index 4ac3385..577be18 100644 --- a/gnu/packages/ruby.scm +++ b/gnu/packages/ruby.scm @@ -97,7 +97,7 @@ a focus on simplicity and productivity.") (define-public ruby-2.1 (package (inherit ruby) - (version "2.1.6") + (version "2.1.8") (source (origin (method url-fetch) @@ -106,7 +106,7 @@ a focus on simplicity and productivity.") "/ruby-" version ".tar.bz2")) (sha256 (base32 - "1sbcmbhadcxk0509svwxbm2vvgmpf3xjxr1397bgp9x46nz36lkv")))) + "11rkbfc90cg9p9mzg32475alf3ddcn9q8a3ar3fwm5xskic0n395")))) (arguments `(#:test-target "test" #:parallel-tests? #f -- 2.6.3 --------------080101050809070403090301--