diff options
Diffstat (limited to 'patchsets/patches-2.3.5')
-rw-r--r-- | patchsets/patches-2.3.5/001_jemalloc-libgmp.patch | 40 | ||||
-rw-r--r-- | patchsets/patches-2.3.5/004_gfbsd7.patch | 37 | ||||
-rw-r--r-- | patchsets/patches-2.3.5/005_no-undefined-ext.patch | 11 | ||||
-rw-r--r-- | patchsets/patches-2.3.5/007-openssl-weakdh.patch | 37 | ||||
-rw-r--r-- | patchsets/patches-2.3.5/009_no-gems.patch | 95 |
5 files changed, 220 insertions, 0 deletions
diff --git a/patchsets/patches-2.3.5/001_jemalloc-libgmp.patch b/patchsets/patches-2.3.5/001_jemalloc-libgmp.patch new file mode 100644 index 0000000..e6bfa12 --- /dev/null +++ b/patchsets/patches-2.3.5/001_jemalloc-libgmp.patch @@ -0,0 +1,40 @@ +diff -pU3 a/configure b/configure +--- a/configure 2017-09-14 21:09:29.000000000 +0900 ++++ b/configure 2017-09-15 05:56:46.000000000 +0900 +@@ -10366,6 +10366,7 @@ fi + ac_res=$ac_cv_search___gmpz_init + if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" ++ $as_echo "#define HAVE_LIBGMP 1" >>confdefs.h + + fi + +@@ -10435,6 +10436,7 @@ fi + ac_res=$ac_cv_search_malloc_conf + if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" ++ $as_echo "#define HAVE_LIBJEMALLOC 1" >>confdefs.h + + else + with_jemalloc=no +diff -pU3 a/configure.in b/configure.in +--- a/configure.in 2017-08-09 19:28:56.000000000 +0900 ++++ b/configure.in 2017-09-15 07:18:25.000000000 +0900 +@@ -1337,13 +1337,15 @@ AC_ARG_WITH([gmp], + AS_IF([test "x$with_gmp" != xno], + [AC_CHECK_HEADERS(gmp.h) + AS_IF([test "x$ac_cv_header_gmp_h" != xno], +- AC_SEARCH_LIBS([__gmpz_init], [gmp]))]) ++ AC_SEARCH_LIBS([__gmpz_init], [gmp], ++ [AC_DEFINE(HAVE_LIBGMP, 1)]))]) + + AC_ARG_WITH([jemalloc], + [AS_HELP_STRING([--with-jemalloc],[use jemalloc allocator])], + [with_jemalloc=$withval], [with_jemalloc=no]) + AS_IF([test "x$with_jemalloc" = xyes],[ +- AC_SEARCH_LIBS([malloc_conf], [jemalloc], [], [with_jemalloc=no]) ++ AC_SEARCH_LIBS([malloc_conf], [jemalloc], ++ [AC_DEFINE(HAVE_LIBJEMALLOC, 1)], [with_jemalloc=no]) + AC_CHECK_HEADER(jemalloc/jemalloc.h, [ + AC_DEFINE(RUBY_ALTERNATIVE_MALLOC_HEADER, [<jemalloc/jemalloc.h>]) + ]) diff --git a/patchsets/patches-2.3.5/004_gfbsd7.patch b/patchsets/patches-2.3.5/004_gfbsd7.patch new file mode 100644 index 0000000..fa561b6 --- /dev/null +++ b/patchsets/patches-2.3.5/004_gfbsd7.patch @@ -0,0 +1,37 @@ +--- configure.in.orig 2013-05-05 19:36:02.800254192 +0200 ++++ configure.in 2013-05-05 19:37:56.573346196 +0200 +@@ -2156,7 +2156,7 @@ + fi + + AS_CASE(["$target_os"], +-[linux* | gnu* | k*bsd*-gnu | bsdi* | kopensolaris*-gnu | nacl], [ ++[linux* | gnu* | k*bsd*-gnu | bsdi* | kopensolaris*-gnu | nacl | freebsd* | dragonfly*], [ + if test "$rb_cv_binary_elf" = no; then + with_dln_a_out=yes + else +@@ -2249,7 +2249,7 @@ + [bsdi3*], [ AS_CASE(["$CC"], + [*shlicc*], [ : ${LDSHARED='$(CC) -r'} + rb_cv_dlopen=yes])], +- [linux* | gnu* | k*bsd*-gnu | netbsd* | bsdi* | kopensolaris*-gnu | haiku*], [ ++ [linux* | gnu* | k*bsd*-gnu | netbsd* | bsdi* | kopensolaris*-gnu | haiku* | freebsd7*], [ + : ${LDSHARED='$(CC) -shared'} + if test "$rb_cv_binary_elf" = yes; then + LDFLAGS="$LDFLAGS -Wl,-export-dynamic" +@@ -2262,7 +2262,6 @@ + [freebsd*|dragonfly*], [ + : ${LDSHARED='$(CC) -shared'} + if test "$rb_cv_binary_elf" = yes; then +- LDFLAGS="$LDFLAGS -rdynamic" + DLDFLAGS="$DLDFLAGS "'-Wl,-soname,$@' + else + test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED='$(LD) -Bshareable' +@@ -2638,7 +2637,7 @@ + [sunos4*], [ + LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so' + ], +- [linux* | gnu* | k*bsd*-gnu | atheos* | kopensolaris*-gnu | haiku*], [ ++ [linux* | gnu* | k*bsd*-gnu | atheos* | kopensolaris*-gnu | haiku* | freebsd7*], [ + LIBRUBY_DLDFLAGS='-Wl,-soname,lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR)'" $LDFLAGS_OPTDIR" + LIBRUBY_ALIASES='lib$(RUBY_SO_NAME).so.$(MAJOR).$(MINOR) lib$(RUBY_SO_NAME).so' + if test "$load_relative" = yes; then diff --git a/patchsets/patches-2.3.5/005_no-undefined-ext.patch b/patchsets/patches-2.3.5/005_no-undefined-ext.patch new file mode 100644 index 0000000..f279932 --- /dev/null +++ b/patchsets/patches-2.3.5/005_no-undefined-ext.patch @@ -0,0 +1,11 @@ +--- ruby-1.9.3-preview1.orig/configure.in ++++ ruby-1.9.3-preview1/configure.in +@@ -2038,7 +2038,7 @@ if test "$with_dln_a_out" != yes; then + [linux* | gnu* | k*bsd*-gnu | netbsd* | bsdi* | kopensolaris*-gnu], [ + : ${LDSHARED='$(CC) -shared'} + if test "$rb_cv_binary_elf" = yes; then +- LDFLAGS="$LDFLAGS -Wl,-export-dynamic" ++ LDFLAGS="$LDFLAGS -Wl,-export-dynamic -Wl,--no-undefined" + fi + rb_cv_dlopen=yes], + [interix*], [ : ${LDSHARED='$(CC) -shared'} diff --git a/patchsets/patches-2.3.5/007-openssl-weakdh.patch b/patchsets/patches-2.3.5/007-openssl-weakdh.patch new file mode 100644 index 0000000..ca41065 --- /dev/null +++ b/patchsets/patches-2.3.5/007-openssl-weakdh.patch @@ -0,0 +1,37 @@ +From 6dee08d14f7a8a51691b799592774e805d6f8707 Mon Sep 17 00:00:00 2001 +From: Tony Arcieri <bascule@gmail.com> +Date: Thu, 7 Jan 2016 11:02:31 -0800 +Subject: [PATCH] Remove 512-bit DH group + +512-bit DH keys are severely weak and have been implicated in recent attacks: + +https://weakdh.org/ +--- + lib/openssl/pkey.rb | 8 -------- + +diff --git a/lib/openssl/pkey.rb b/lib/openssl/pkey.rb +index 3f65adad..89563b65 100644 +--- a/ext/openssl/lib/openssl/pkey.rb ++++ b/ext/openssl/lib/openssl/pkey.rb +@@ -4,13 +4,6 @@ module PKey + if defined?(OpenSSL::PKey::DH) + + class DH +- DEFAULT_512 = new <<-_end_of_pem_ +------BEGIN DH PARAMETERS----- +-MEYCQQD0zXHljRg/mJ9PYLACLv58Cd8VxBxxY7oEuCeURMiTqEhMym16rhhKgZG2 +-zk2O9uUIBIxSj+NKMURHGaFKyIvLAgEC +------END DH PARAMETERS----- +- _end_of_pem_ +- + DEFAULT_1024 = new <<-_end_of_pem_ + -----BEGIN DH PARAMETERS----- + MIGHAoGBAJ0lOVy0VIr/JebWn0zDwY2h+rqITFOpdNr6ugsgvkDXuucdcChhYExJ +@@ -23,7 +16,6 @@ class DH + DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| + warn "using default DH parameters." if $VERBOSE + case keylen +- when 512 then OpenSSL::PKey::DH::DEFAULT_512 + when 1024 then OpenSSL::PKey::DH::DEFAULT_1024 + else + nil diff --git a/patchsets/patches-2.3.5/009_no-gems.patch b/patchsets/patches-2.3.5/009_no-gems.patch new file mode 100644 index 0000000..2da6b7d --- /dev/null +++ b/patchsets/patches-2.3.5/009_no-gems.patch @@ -0,0 +1,95 @@ +--- tool/rbinstall.rb.~1~ 2017-03-27 17:18:38.000000000 +0200 ++++ tool/rbinstall.rb 2017-03-30 07:38:53.437332083 +0200 +@@ -696,90 +696,11 @@ + # :startdoc: + + install?(:ext, :comm, :gem) do +- gem_dir = Gem.default_dir +- directories = Gem.ensure_gem_subdirectories(gem_dir, :mode => $dir_mode) +- prepare "default gems", gem_dir, directories +- +- spec_dir = File.join(gem_dir, directories.grep(/^spec/)[0]) +- default_spec_dir = "#{spec_dir}/default" +- makedirs(default_spec_dir) +- +- gems = {} +- +- Dir.glob(srcdir+"/{lib,ext}/**/*.gemspec").each do |src| +- specgen = RbInstall::Specs::Reader.new(src) +- gems[specgen.gemspec.name] ||= specgen +- end +- +- gems.sort.each do |name, specgen| +- gemspec = specgen.gemspec +- full_name = "#{gemspec.name}-#{gemspec.version}" +- +- puts "#{" "*30}#{gemspec.name} #{gemspec.version}" +- gemspec_path = File.join(default_spec_dir, "#{full_name}.gemspec") +- open_for_install(gemspec_path, $data_mode) do +- specgen.spec_source +- end +- +- unless gemspec.executables.empty? then +- bin_dir = File.join(gem_dir, 'gems', full_name, 'bin') +- makedirs(bin_dir) +- +- execs = gemspec.executables.map {|exec| File.join(srcdir, 'bin', exec)} +- install(execs, bin_dir, :mode => $script_mode) +- end +- end ++ # gems are unbundled in Gentoo + end + + install?(:ext, :comm, :gem) do +- gem_dir = Gem.default_dir +- directories = Gem.ensure_gem_subdirectories(gem_dir, :mode => $dir_mode) +- prepare "bundle gems", gem_dir, directories +- install_dir = with_destdir(gem_dir) +- installed_gems = {} +- options = { +- :install_dir => install_dir, +- :bin_dir => with_destdir(bindir), +- :domain => :local, +- :ignore_dependencies => true, +- :dir_mode => $dir_mode, +- :data_mode => $data_mode, +- :prog_mode => $prog_mode, +- :wrappers => true, +- :format_executable => true, +- } +- Gem::Specification.each_spec([srcdir+'/gems/*']) do |spec| +- ins = RbInstall::UnpackedInstaller.new(spec, options) +- puts "#{" "*30}#{spec.name} #{spec.version}" +- ins.install +- File.chmod($data_mode, File.join(install_dir, "specifications", "#{spec.full_name}.gemspec")) +- installed_gems[spec.full_name] = true +- end +- installed_gems, gems = Dir.glob(srcdir+'/gems/*.gem').partition {|gem| installed_gems.key?(File.basename(gem, '.gem'))} +- unless installed_gems.empty? +- install installed_gems, gem_dir+"/cache" +- end +- next if gems.empty? +- if defined?(Zlib) +- Gem.instance_variable_set(:@ruby, with_destdir(File.join(bindir, ruby_install_name))) +- gems.each do |gem| +- begin +- File.umask(022) +- Gem.install(gem, Gem::Requirement.default, options) +- ensure +- File.umask(0222) +- end +- gemname = File.basename(gem) +- puts "#{" "*30}#{gemname}" +- end +- # fix directory permissions +- # TODO: Gem.install should accept :dir_mode option or something +- File.chmod($dir_mode, *Dir.glob(install_dir+"/**/")) +- # fix .gemspec permissions +- File.chmod($data_mode, *Dir.glob(install_dir+"/specifications/*.gemspec")) +- else +- puts "skip installing bundle gems because of lacking zlib" +- end ++ # gems are unbundled in Gentoo + end + + parse_args() |