summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'patchsets/patches-2.3.5')
-rw-r--r--patchsets/patches-2.3.5/001_jemalloc-libgmp.patch40
-rw-r--r--patchsets/patches-2.3.5/004_gfbsd7.patch37
-rw-r--r--patchsets/patches-2.3.5/005_no-undefined-ext.patch11
-rw-r--r--patchsets/patches-2.3.5/007-openssl-weakdh.patch37
-rw-r--r--patchsets/patches-2.3.5/009_no-gems.patch95
5 files changed, 220 insertions, 0 deletions
diff --git a/patchsets/patches-2.3.5/001_jemalloc-libgmp.patch b/patchsets/patches-2.3.5/001_jemalloc-libgmp.patch
new file mode 100644
index 0000000..e6bfa12
--- /dev/null
+++ b/patchsets/patches-2.3.5/001_jemalloc-libgmp.patch
@@ -0,0 +1,40 @@
+diff -pU3 a/configure b/configure
+--- a/configure 2017-09-14 21:09:29.000000000 +0900
++++ b/configure 2017-09-15 05:56:46.000000000 +0900
+@@ -10366,6 +10366,7 @@ fi
+ ac_res=$ac_cv_search___gmpz_init
+ if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
++ $as_echo "#define HAVE_LIBGMP 1" >>confdefs.h
+
+ fi
+
+@@ -10435,6 +10436,7 @@ fi
+ ac_res=$ac_cv_search_malloc_conf
+ if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
++ $as_echo "#define HAVE_LIBJEMALLOC 1" >>confdefs.h
+
+ else
+ with_jemalloc=no
+diff -pU3 a/configure.in b/configure.in
+--- a/configure.in 2017-08-09 19:28:56.000000000 +0900
++++ b/configure.in 2017-09-15 07:18:25.000000000 +0900
+@@ -1337,13 +1337,15 @@ AC_ARG_WITH([gmp],
+ AS_IF([test "x$with_gmp" != xno],
+ [AC_CHECK_HEADERS(gmp.h)
+ AS_IF([test "x$ac_cv_header_gmp_h" != xno],
+- AC_SEARCH_LIBS([__gmpz_init], [gmp]))])
++ AC_SEARCH_LIBS([__gmpz_init], [gmp],
++ [AC_DEFINE(HAVE_LIBGMP, 1)]))])
+
+ AC_ARG_WITH([jemalloc],
+ [AS_HELP_STRING([--with-jemalloc],[use jemalloc allocator])],
+ [with_jemalloc=$withval], [with_jemalloc=no])
+ AS_IF([test "x$with_jemalloc" = xyes],[
+- AC_SEARCH_LIBS([malloc_conf], [jemalloc], [], [with_jemalloc=no])
++ AC_SEARCH_LIBS([malloc_conf], [jemalloc],
++ [AC_DEFINE(HAVE_LIBJEMALLOC, 1)], [with_jemalloc=no])
+ AC_CHECK_HEADER(jemalloc/jemalloc.h, [
+ AC_DEFINE(RUBY_ALTERNATIVE_MALLOC_HEADER, [<jemalloc/jemalloc.h>])
+ ])
diff --git a/patchsets/patches-2.3.5/004_gfbsd7.patch b/patchsets/patches-2.3.5/004_gfbsd7.patch
new file mode 100644
index 0000000..fa561b6
--- /dev/null
+++ b/patchsets/patches-2.3.5/004_gfbsd7.patch
@@ -0,0 +1,37 @@
+--- configure.in.orig 2013-05-05 19:36:02.800254192 +0200
++++ configure.in 2013-05-05 19:37:56.573346196 +0200
+@@ -2156,7 +2156,7 @@
+ fi
+
+ AS_CASE(["$target_os"],
+-[linux* | gnu* | k*bsd*-gnu | bsdi* | kopensolaris*-gnu | nacl], [
++[linux* | gnu* | k*bsd*-gnu | bsdi* | kopensolaris*-gnu | nacl | freebsd* | dragonfly*], [
+ if test "$rb_cv_binary_elf" = no; then
+ with_dln_a_out=yes
+ else
+@@ -2249,7 +2249,7 @@
+ [bsdi3*], [ AS_CASE(["$CC"],
+ [*shlicc*], [ : ${LDSHARED='$(CC) -r'}
+ rb_cv_dlopen=yes])],
+- [linux* | gnu* | k*bsd*-gnu | netbsd* | bsdi* | kopensolaris*-gnu | haiku*], [
++ [linux* | gnu* | k*bsd*-gnu | netbsd* | bsdi* | kopensolaris*-gnu | haiku* | freebsd7*], [
+ : ${LDSHARED='$(CC) -shared'}
+ if test "$rb_cv_binary_elf" = yes; then
+ LDFLAGS="$LDFLAGS -Wl,-export-dynamic"
+@@ -2262,7 +2262,6 @@
+ [freebsd*|dragonfly*], [
+ : ${LDSHARED='$(CC) -shared'}
+ if test "$rb_cv_binary_elf" = yes; then
+- LDFLAGS="$LDFLAGS -rdynamic"
+ DLDFLAGS="$DLDFLAGS "'-Wl,-soname,$@'
+ else
+ test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED='$(LD) -Bshareable'
+@@ -2638,7 +2637,7 @@
+ [sunos4*], [
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so'
+ ],
+- [linux* | gnu* | k*bsd*-gnu | atheos* | kopensolaris*-gnu | haiku*], [
++ [linux* | gnu* | k*bsd*-gnu | atheos* | kopensolaris*-gnu | haiku* | freebsd7*], [
+ LIBRUBY_DLDFLAGS='-Wl,-soname,lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR)'" $LDFLAGS_OPTDIR"
+ LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so'
+ if test "$load_relative" = yes; then
diff --git a/patchsets/patches-2.3.5/005_no-undefined-ext.patch b/patchsets/patches-2.3.5/005_no-undefined-ext.patch
new file mode 100644
index 0000000..f279932
--- /dev/null
+++ b/patchsets/patches-2.3.5/005_no-undefined-ext.patch
@@ -0,0 +1,11 @@
+--- ruby-1.9.3-preview1.orig/configure.in
++++ ruby-1.9.3-preview1/configure.in
+@@ -2038,7 +2038,7 @@ if test "$with_dln_a_out" != yes; then
+ [linux* | gnu* | k*bsd*-gnu | netbsd* | bsdi* | kopensolaris*-gnu], [
+ : ${LDSHARED='$(CC) -shared'}
+ if test "$rb_cv_binary_elf" = yes; then
+- LDFLAGS="$LDFLAGS -Wl,-export-dynamic"
++ LDFLAGS="$LDFLAGS -Wl,-export-dynamic -Wl,--no-undefined"
+ fi
+ rb_cv_dlopen=yes],
+ [interix*], [ : ${LDSHARED='$(CC) -shared'}
diff --git a/patchsets/patches-2.3.5/007-openssl-weakdh.patch b/patchsets/patches-2.3.5/007-openssl-weakdh.patch
new file mode 100644
index 0000000..ca41065
--- /dev/null
+++ b/patchsets/patches-2.3.5/007-openssl-weakdh.patch
@@ -0,0 +1,37 @@
+From 6dee08d14f7a8a51691b799592774e805d6f8707 Mon Sep 17 00:00:00 2001
+From: Tony Arcieri <bascule@gmail.com>
+Date: Thu, 7 Jan 2016 11:02:31 -0800
+Subject: [PATCH] Remove 512-bit DH group
+
+512-bit DH keys are severely weak and have been implicated in recent attacks:
+
+https://weakdh.org/
+---
+ lib/openssl/pkey.rb | 8 --------
+
+diff --git a/lib/openssl/pkey.rb b/lib/openssl/pkey.rb
+index 3f65adad..89563b65 100644
+--- a/ext/openssl/lib/openssl/pkey.rb
++++ b/ext/openssl/lib/openssl/pkey.rb
+@@ -4,13 +4,6 @@ module PKey
+ if defined?(OpenSSL::PKey::DH)
+
+ class DH
+- DEFAULT_512 = new <<-_end_of_pem_
+------BEGIN DH PARAMETERS-----
+-MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2
+-zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC
+------END DH PARAMETERS-----
+- _end_of_pem_
+-
+ DEFAULT_1024 = new <<-_end_of_pem_
+ -----BEGIN DH PARAMETERS-----
+ MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ
+@@ -23,7 +16,6 @@ class DH
+ DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen|
+ warn "using default DH parameters." if $VERBOSE
+ case keylen
+- when 512 then OpenSSL::PKey::DH::DEFAULT_512
+ when 1024 then OpenSSL::PKey::DH::DEFAULT_1024
+ else
+ nil
diff --git a/patchsets/patches-2.3.5/009_no-gems.patch b/patchsets/patches-2.3.5/009_no-gems.patch
new file mode 100644
index 0000000..2da6b7d
--- /dev/null
+++ b/patchsets/patches-2.3.5/009_no-gems.patch
@@ -0,0 +1,95 @@
+--- tool/rbinstall.rb.~1~ 2017-03-27 17:18:38.000000000 +0200
++++ tool/rbinstall.rb 2017-03-30 07:38:53.437332083 +0200
+@@ -696,90 +696,11 @@
+ # :startdoc:
+
+ install?(:ext, :comm, :gem) do
+- gem_dir = Gem.default_dir
+- directories = Gem.ensure_gem_subdirectories(gem_dir, :mode => $dir_mode)
+- prepare "default gems", gem_dir, directories
+-
+- spec_dir = File.join(gem_dir, directories.grep(/^spec/)[0])
+- default_spec_dir = "#{spec_dir}/default"
+- makedirs(default_spec_dir)
+-
+- gems = {}
+-
+- Dir.glob(srcdir+"/{lib,ext}/**/*.gemspec").each do |src|
+- specgen = RbInstall::Specs::Reader.new(src)
+- gems[specgen.gemspec.name] ||= specgen
+- end
+-
+- gems.sort.each do |name, specgen|
+- gemspec = specgen.gemspec
+- full_name = "#{gemspec.name}-#{gemspec.version}"
+-
+- puts "#{" "*30}#{gemspec.name} #{gemspec.version}"
+- gemspec_path = File.join(default_spec_dir, "#{full_name}.gemspec")
+- open_for_install(gemspec_path, $data_mode) do
+- specgen.spec_source
+- end
+-
+- unless gemspec.executables.empty? then
+- bin_dir = File.join(gem_dir, 'gems', full_name, 'bin')
+- makedirs(bin_dir)
+-
+- execs = gemspec.executables.map {|exec| File.join(srcdir, 'bin', exec)}
+- install(execs, bin_dir, :mode => $script_mode)
+- end
+- end
++ # gems are unbundled in Gentoo
+ end
+
+ install?(:ext, :comm, :gem) do
+- gem_dir = Gem.default_dir
+- directories = Gem.ensure_gem_subdirectories(gem_dir, :mode => $dir_mode)
+- prepare "bundle gems", gem_dir, directories
+- install_dir = with_destdir(gem_dir)
+- installed_gems = {}
+- options = {
+- :install_dir => install_dir,
+- :bin_dir => with_destdir(bindir),
+- :domain => :local,
+- :ignore_dependencies => true,
+- :dir_mode => $dir_mode,
+- :data_mode => $data_mode,
+- :prog_mode => $prog_mode,
+- :wrappers => true,
+- :format_executable => true,
+- }
+- Gem::Specification.each_spec([srcdir+'/gems/*']) do |spec|
+- ins = RbInstall::UnpackedInstaller.new(spec, options)
+- puts "#{" "*30}#{spec.name} #{spec.version}"
+- ins.install
+- File.chmod($data_mode, File.join(install_dir, "specifications", "#{spec.full_name}.gemspec"))
+- installed_gems[spec.full_name] = true
+- end
+- installed_gems, gems = Dir.glob(srcdir+'/gems/*.gem').partition {|gem| installed_gems.key?(File.basename(gem, '.gem'))}
+- unless installed_gems.empty?
+- install installed_gems, gem_dir+"/cache"
+- end
+- next if gems.empty?
+- if defined?(Zlib)
+- Gem.instance_variable_set(:@ruby, with_destdir(File.join(bindir, ruby_install_name)))
+- gems.each do |gem|
+- begin
+- File.umask(022)
+- Gem.install(gem, Gem::Requirement.default, options)
+- ensure
+- File.umask(0222)
+- end
+- gemname = File.basename(gem)
+- puts "#{" "*30}#{gemname}"
+- end
+- # fix directory permissions
+- # TODO: Gem.install should accept :dir_mode option or something
+- File.chmod($dir_mode, *Dir.glob(install_dir+"/**/"))
+- # fix .gemspec permissions
+- File.chmod($data_mode, *Dir.glob(install_dir+"/specifications/*.gemspec"))
+- else
+- puts "skip installing bundle gems because of lacking zlib"
+- end
++ # gems are unbundled in Gentoo
+ end
+
+ parse_args()