HomeSolus
Diffusion ruby 32633254758f

update ruby to 2.3.4

Authored by Matt Critchlow <matt.critchlow@gmail.com> on Oct 3 2017, 4:55 PM.

Description

update ruby to 2.3.4

Summary:
Updated to the Ruby 2.3 series since the 2.2 series will be EOL soon

Removed --enable-pthread option as it's obselete (per Makefile)

I know rebuilds are going to be needed for several packages. Happy to help if that's needed.

Reviewers: Triage Team, DataDrake

Reviewed By: Triage Team, DataDrake

Subscribers: DataDrake, poltertec

Tags: Patch Submission

Differential Revision: https://dev.solus-project.com/D103

Details

Committed
DataDrakeOct 3 2017, 4:55 PM
Pushed
DataDrakeOct 3 2017, 4:55 PM
Reviewer
Triage Team
Differential Revision
D103: update ruby to 2.3.4
Parents
R2832:b499d1523edd: Update to 2.2.6
Branches
Unknown
Tags
Unknown

Event Timeline

samuelcecilio added a subscriber: samuelcecilio.EditedOct 3 2017, 5:03 PM

New version available: 2.3.5 > https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.5.tar.gz : 5462f7bbb28beff5da7441968471ed922f964db1abdce82b8860608acc23ddcc

  • CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
  • CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
  • CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
  • CVE-2017-14064: Heap exposure vulnerability in generating JSON
  • Multiple vulnerabilities in RubyGems
  • Updated bundled libyaml to version 0.1.7

Yeah, this 2.3.4 patch needed a bunch of rebuilds to land, so it became a bit out of date. Many thanks to @DataDrake for knocking those out!

I'm working on getting a patch ready for 2.3.5 now.

New version available: 2.3.5 > https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.5.tar.gz : 5462f7bbb28beff5da7441968471ed922f964db1abdce82b8860608acc23ddcc

  • CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
  • CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
  • CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
  • CVE-2017-14064: Heap exposure vulnerability in generating JSON
  • Multiple vulnerabilities in RubyGems
  • Updated bundled libyaml to version 0.1.7

New version available: 2.3.5 > https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.5.tar.gz : 5462f7bbb28beff5da7441968471ed922f964db1abdce82b8860608acc23ddcc

  • CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
  • CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
  • CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
  • CVE-2017-14064: Heap exposure vulnerability in generating JSON
  • Multiple vulnerabilities in RubyGems
  • Updated bundled libyaml to version 0.1.7