From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ben Woodcroft <b.woodcroft@uq.edu.au>
Subject: Re: [PATCH] gnu: ruby: Replace with 2.3.2 [fixes CVE-2015-3900].
Date: Sun, 20 Nov 2016 17:00:58 +1000
Message-ID: <02b39505-a3e4-266a-b4d9-5f031fd7f02a@uq.edu.au>
References: <20161118233209.28746-1-donttrustben@gmail.com>
	<20161118233209.28746-2-donttrustben@gmail.com>
	<20161119152818.GA8435@jasmine>
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55930)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <b.woodcroft@uq.edu.au>) id 1c8M7z-0005yB-0u
	for guix-devel@gnu.org; Sun, 20 Nov 2016 02:01:28 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <b.woodcroft@uq.edu.au>) id 1c8M7w-0001fw-0E
	for guix-devel@gnu.org; Sun, 20 Nov 2016 02:01:27 -0500
Received: from mailhub1.soe.uq.edu.au ([130.102.132.208]:54466
	helo=newmailhub.uq.edu.au) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <b.woodcroft@uq.edu.au>) id 1c8M7v-0001fC-Du
	for guix-devel@gnu.org; Sun, 20 Nov 2016 02:01:23 -0500
In-Reply-To: <20161119152818.GA8435@jasmine>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>, Ben Woodcroft <donttrustben@gmail.com>
Cc: guix-devel@gnu.org

On 20/11/16 01:28, Leo Famulari wrote:
> On Sat, Nov 19, 2016 at 09:32:09AM +1000, Ben Woodcroft wrote:
>> * gnu/packages/ruby.scm (ruby)[replacement]: New field.
>> (ruby-2.3.2): New variable.
>> ---
>>   gnu/packages/ruby.scm | 20 ++++++++++++++++++++
>>   1 file changed, 20 insertions(+)
>>
>> diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
>> index e4c1ef0..f2b5de9 100644
>> --- a/gnu/packages/ruby.scm
>> +++ b/gnu/packages/ruby.scm
>> @@ -47,6 +47,7 @@
>>   (define-public ruby
>>     (package
>>       (name "ruby")
>> +    (replacement ruby-2.3.2)
> Remember that grafted replacements should have a compatible ABI.
>
> This is the first result I found when searching for "Ruby ABI compatible"
>
> https://www.ruby-lang.org/en/news/2013/12/21/ruby-version-policy-changes-with-2-1-0/
>
> So, if they've kept that policy, this should be fine.
I can't see any evidence to the contrary. I also ran a compatibility 
checker and it seemed to work out (while 2.3.2 vs 2.2.6 did not, as a 
negative control).
https://lvc.github.io/abi-compliance-checker/

I'm not quite finished packaging it yet up to standard just yet, but I 
pushed what I have here, in case it is useful in the meantime.
https://github.com/wwood/guix_mine/blob/master/ben/packages/local.scm

I pushed the graft to master and updated it directly on staging.

ben