[DRE-maint] Bug#1034147: ruby-regexp-parser: please make the build reproducible
Source: ruby-regexp-parser
Version: 2.6.1-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
ruby-regexp-parser could not be built reproducibly.
This is because it uses the ragel compiler that, by default, will add
line annotations that include the absolute build path:
/usr/share/rubygems-integration/all/gems/regexp_parser-2.6.1/lib/regexp_parser/scanner.rb
@@ -1,12 +1,12 @@
# -*- warn-indent:false; -*-
-# line 1
"/build/1st/ruby-regexp-parser-2.6.1/tasks/../lib/regexp_parser/scanner/scanner.rl"
+# line 1
"/build/2/ruby-regexp-parser-2.6.1/2nd/tasks/../lib/regexp_parser/scanner/scanner.rl"
(etc.)
A patch is attached that adjusts the call to ragel to include the -L
argument that suppresses these additions.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- a/debian/patches/reproducible-build.patch 1970-01-01 01:00:00.0
+0100
--- b/debian/patches/reproducible-build.patch 2023-04-10 12:33:48.022769023
+0100
@@ -0,0 +1,15 @@
+Description: Make the build reproducible
+Author: Chris Lamb
+Last-Update: 2023-04-10
+
+--- ruby-regexp-parser-2.6.1.orig/tasks/ragel.rake
ruby-regexp-parser-2.6.1/tasks/ragel.rake
+@@ -8,7 +8,7 @@ namespace :ragel do
+ RAGEL_SOURCE_FILES.each do |source_file|
+ output_file = "#{RAGEL_OUTPUT_DIR}/#{source_file}.rb"
+ # using faster flat table driven FSM, about 25% larger code, but about
30% faster
+- sh "ragel -F1 -R #{RAGEL_SOURCE_DIR}/#{source_file}.rl -o
#{output_file}"
++ sh "ragel -L -F1 -R #{RAGEL_SOURCE_DIR}/#{source_file}.rl -o
#{output_file}"
+
+ contents = File.read(output_file)
+
--- a/debian/patches/series 1970-01-01 01:00:00.0 +0100
--- b/debian/patches/series 2023-04-10 12:33:46.366759334 +0100
@@ -0,0 +1 @@
+reproducible-build.patch
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload
Utkarsh,
> I had missed your comment in the bug but super, many thanks for
> testing this out! I'll wait a bit more before I roll this out.
I see your 2.5.5-3+deb10u6 update on the debian/buster branch which
fixes the broken +deb10u5 upload, but I don't see it in the archive
yet.
Although you mentioned you were going to wait a bit more, I'm just
100%-checking you aren't waiting on anything from me to upload that?
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#1037178: puppet does not sync files anymore after recent ruby2.5 security upload
No, please go ahead and do both: my availability is spotty for the next 18 hours. :) (on mobile) Utkarsh Gupta wrote: > Hi Chris, > > On Wed, Jun 7, 2023 at 9:01 PM Chris Lamb wrote: >> I see your 2.5.5-3+deb10u6 update on the debian/buster branch which >> fixes the broken +deb10u5 upload, but I don't see it in the archive >> yet. >> >> Although you mentioned you were going to wait a bit more, I'm just >> 100%-checking you aren't waiting on anything from me to upload that? > > Oh yeah, I wanted to sneak in some fixes and enable the tests and fix > the failing ones with the last upload. So I'll take care of the upload > and the announcement unless you prefer doing that since you did the > original upload? > > > -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#1041840: ruby-babosa: please make the build reproducible
Source: ruby-babosa
Version: 2.0.0-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0], we noticed that
ruby-babosa could not be built reproducibly.
This is because the rendered .gemspec file expands the unreproducible
__dir__ variable to be included in a "cert_chain" attribute. However,
this is not needed in the package, and is probably only needed if you
are making releases of the package (like the 'signing_key') attribute.
A patch is attached that moves the assignment of cert_chain to match
the conditional of signing_key, thereby excluding it from the
binary package and thus making the package reproducible.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- a/debian/patches/reproducible-build.patch 1970-01-01 01:00:00.0
+0100
--- b/debian/patches/reproducible-build.patch 2023-07-24 09:03:51.786257737
+0100
@@ -0,0 +1,16 @@
+Description: Make the build reproducible
+Author: Chris Lamb
+Last-Update: 2023-07-24
+
+--- ruby-babosa-2.0.0.orig/babosa.gemspec
ruby-babosa-2.0.0/babosa.gemspec
+@@ -26,8 +26,8 @@ Gem::Specification.new do |s|
+ s.add_development_dependency "rubocop", ">= 0.93.0"
+ s.add_development_dependency "simplecov"
+
+- s.cert_chain = [File.expand_path("certs/parndt.pem", __dir__)]
+ if $PROGRAM_NAME.end_with?("gem") && ARGV.include?("build") &&
ARGV.include?(__FILE__)
++s.cert_chain = [File.expand_path("certs/parndt.pem", __dir__)]
+ s.signing_key = File.expand_path("~/.ssh/gem-private_key.pem")
+ end
+ end
--- a/debian/patches/series 2023-07-24 08:59:47.532270584 +0100
--- b/debian/patches/series 2023-07-24 09:03:50.114246613 +0100
@@ -1 +1,2 @@
remove-bundler.patch
+reproducible-build.patch
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#1041840: ruby-babosa: please make the build reproducible
forwarded 1041840 https://github.com/norman/babosa/pull/74
thanks
I've forwarded this upstream here:
https://github.com/norman/babosa/pull/74
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Upload of src:ruby-websocket-extensions to stable-proposed-updates.
Hi ruby-websocket-extensions maintainers & uploaders,
The version of ruby-websocket-extensions in the stretch-security LTS
distribution is currently higher than the version in buster. This is
due to the upload of 0.1.2-1+deb9u1 to address CVE-2020-7663:
https://security-tracker.debian.org/tracker/CVE-2020-7663
As this breaks clean upgrades, I'm willing to prepare a release of
ruby-websocket-extensions for the next point release. Would this be
okay with you?
If so, is there anything in particular I should know (eg. you wish
this to be done in Git, etc.). Or, perhaps you would like to handle
this yourself? Either way, please let me know.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
Re: [DRE-maint] Upload of src:ruby-websocket-extensions to stable-proposed-updates.
Hi Pirate et al., > >As this breaks clean upgrades, I'm willing to prepare a release of > >ruby-websocket-extensions for the next point release. Would this be > >okay with you? > > This should be fine. Please go ahead. Thanks for your quick reply. I've filed this as #988454 and my fork is available at: https://salsa.debian.org/lamby/ruby-websocket-extensions Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#874146: FTBFS with Java 9: all tests fail
tags 874146 + patch
thanks
Patch attached. :)
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
commit 5a0e6250739773efbc176dbc93397c4fc2ebdae5
Author: Chris Lamb
Date: Sun Apr 15 20:17:41 2018 +0100
Look for libjvm.so in /usr/lib/jvm/default-java/lib/server, not
/usr/lib/jvm/default-java/jre/lib/{i386,amd86}/client.
diff --git a/debian/patches/0005-Always-JVM_TYPE-to-server.patch
b/debian/patches/0005-Always-JVM_TYPE-to-server.patch
deleted file mode 100644
index 9cd9613..000
--- a/debian/patches/0005-Always-JVM_TYPE-to-server.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: =?utf-8?q?J=C3=A9r=C3=A9my_Bobbio?=
-Date: Wed, 24 Feb 2016 13:28:26 +0100
-Subject: Always JVM_TYPE to 'server'
-
-On Debian, libjvm.so is provided by the headless JRE which puts file
-in the 'server' directory and not 'client'. It used to work for amd64
-because there a curious special case.
-
-Closes: #814411
- ext/load.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ext/load.c b/ext/load.c
-index 44b13aa..eb48f48 100644
a/ext/load.c
-+++ b/ext/load.c
-@@ -32,7 +32,7 @@
- #include "jp_co_infoseek_hp_arton_rjb_RBridge.h"
- #include "rjb.h"
-
--#define JVM_TYPE "client"
-+#define JVM_TYPE "server"
- #define ALT_JVM_TYPE "classic"
-
- #if defined(_WIN32) || defined(__CYGWIN__)
diff --git
a/debian/patches/0006-Look-for-libjvm.so-in-usr-lib-jvm-default-java-lib-s.patch
b/debian/patches/0006-Look-for-libjvm.so-in-usr-lib-jvm-default-java-lib-s.patch
new file mode 100644
index 000..a934916
--- /dev/null
+++
b/debian/patches/0006-Look-for-libjvm.so-in-usr-lib-jvm-default-java-lib-s.patch
@@ -0,0 +1,40 @@
+From: Chris Lamb
+Date: Sun, 15 Apr 2018 20:17:05 +0100
+Subject: Look for libjvm.so in /usr/lib/jvm/default-java/lib/server,
+ not /usr/lib/jvm/default-java/jre/lib/{i386,amd86}/client
+
+---
+ ext/load.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/ext/load.c b/ext/load.c
+index 44b13aad69c2..ebd2c84c75e6 100644
+--- a/ext/load.c
b/ext/load.c
+@@ -32,7 +32,7 @@
+ #include "jp_co_infoseek_hp_arton_rjb_RBridge.h"
+ #include "rjb.h"
+
+-#define JVM_TYPE "client"
++#define JVM_TYPE "server"
+ #define ALT_JVM_TYPE "classic"
+
+ #if defined(_WIN32) || defined(__CYGWIN__)
+@@ -83,7 +83,7 @@
+ #ifndef ARCH
+ #include
+ #endif
+- #define JVMDLL "%s/jre/lib/%s/%s/libjvm.so"
++ #define JVMDLL "%s/lib/%s/libjvm.so"
+ #define DIRSEPARATOR '/'
+ #define CLASSPATH_SEP ':'
+ #endif
+@@ -249,7 +249,7 @@ static int load_jvm(const char* jvmtype)
+ #else /* not Windows / MAC OS-X */
+ libpath = ALLOCA_N(char, sizeof(JVMDLL) + strlen(java_home)
+ + strlen(ARCH) + strlen(jvmtype) + 1);
+-sprintf(libpath, JVMDLL, java_home, ARCH, jvmtype);
++sprintf(libpath, JVMDLL, java_home, jvmtype);
+ #endif
+ return open_jvm(libpath);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index bb0bf98..9616aea 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,5 +1,5 @@
0001-Allow-bridge-file-to-be-specified-using-the-RJB_BRID.patch
0002-Fix-paths-to-jars-in-test-suite.patch
0005-Fill-JAVA_HOME-with-a-sensible-value-if-not-set-when.patch
-0005-Always-JVM_TYPE-to-server.patch
0005-Remove-support-for-obsolete-rake-gempackagetask.patch
+0006-Look-for-libjvm.so-in-usr-lib-jvm-default-java-lib-s.patch
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#874146: FTBFS with Java 9: all tests fail
Chris Lamb wrote: > Patch attached. I intend to NMU this package. May I be granted access to ruby-team on salsa.debian.org so I can push my changes and, if you wish, "Team upload" instead? I have requested access on salsa.debian.org itself. I will update/refresh the packaging at the same time. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#897664: ruby-rjb: FTBFS: make[2]: javah: Command not found
Source: ruby-rjb
Version: 1.5.5-2
Severity: serious
Justification: fails to build from source
User: reproducible-bui...@lists.alioth.debian.org
Usertags: ftbfs
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Dear Maintainer,
ruby-rjb fails to build from source in unstable/amd64:
[…]
dpkg-buildpackage -rfakeroot -us -uc -ui -b
dpkg-buildpackage: info: source package ruby-rjb
dpkg-buildpackage: info: source version 1.5.5-2
dpkg-buildpackage: info: source distribution unstable
dpkg-buildpackage: info: source changed by Chris Lamb
dpkg-source --before-build ruby-rjb-1.5.5
dpkg-buildpackage: info: host architecture amd64
fakeroot debian/rules clean
dh clean --buildsystem=ruby --with ruby
dh_auto_clean -O--buildsystem=ruby
dh_ruby --clean
dh_ruby --clean
debian/rules override_dh_clean
make[1]: Entering directory '«BUILDDIR»'
dh_clean -O--buildsystem=ruby
rm -rf test/jp test/jartest test/jartest2
rm -f rjb-global.rake rjb.gemspec
make[1]: Leaving directory '«BUILDDIR»'
debian/rules build
dh build --buildsystem=ruby --with ruby
dh_update_autotools_config -O--buildsystem=ruby
dh_autoreconf -O--buildsystem=ruby
dh_auto_configure -O--buildsystem=ruby
dh_ruby --configure
debian/rules override_dh_auto_build
make[1]: Entering directory '«BUILDDIR»'
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/Test.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/Test.java
Note: test/Test.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/IBase.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/IBase.java
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/Base.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/Base.java
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/ExtBase.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/ExtBase.java
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/Two.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/Two.java
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/TwoCaller.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/TwoCaller.java
mkdir -p $(dirname test/jp/co/infoseek/hp/arton/rjb/CallbackTest.class)
LC_ALL=C.UTF-8 javac -classpath test -d test test/CallbackTest.java
mkdir -p test/jartest
LC_ALL=C.UTF-8 javac -d test/jartest test/JarTest.java
jar -cvf test/jartest.jar -C test/jartest
jp/co/infoseek/hp/arton/rjb/JarTest.class
added manifest
adding: jp/co/infoseek/hp/arton/rjb/JarTest.class(in = 734) (out=
414)(deflated 43%)
mkdir -p test/jartest2
LC_ALL=C.UTF-8 javac -classpath test/jartest -d test/jartest2
test/JarTest2.java
jar -cvf test/jartest2.jar -C test/jartest2
jp/co/infoseek/hp/arton/rjb/JarTest2.class
added manifest
adding: jp/co/infoseek/hp/arton/rjb/JarTest2.class(in = 818) (out=
439)(deflated 46%)
dh_auto_build -O--buildsystem=ruby
dh_ruby --build
dh_ruby --build
make[1]: Leaving directory '«BUILDDIR»'
dh_auto_test -O--buildsystem=ruby
dh_ruby --test
create-stamp debian/debhelper-build-stamp
fakeroot debian/rules binary
dh binary --buildsystem=ruby --with ruby
dh_testroot -O--buildsystem=ruby
dh_prep -O--buildsystem=ruby
debian/rules override_dh_auto_install
make[1]: Entering directory '«BUILDDIR»'
sed -e '$i $spec = spec' rjb.rake > rjb-global.rake
ruby -e 'load "rjb-global.rake"; File.open("rjb.gemspec", "w") { |f| f.write
$spec.to_ruby };'
LC_ALL=C.UTF-8 dh_auto_install -O--buildsystem=ruby
dh_ruby --install «BUILDDIR»/debian/ruby-rjb
dh_ruby --install
┌──┐
│ Install files
│
└──┘
install -d «BUILDDIR»/debian/ruby-rjb/usr/lib/ruby/vendor_ruby
install -D -m644 «BUILDDIR»/lib/rjbextension.rb
/home/lamby/temp/cdt.20180503160321.dQzXzHsOjv.db.ruby-rjb/ruby-rjb-1.5.5/debian/ruby-rjb/usr/lib/ruby/vendor_ruby/rjbextension.rb
install -D -m644 «BUILDDIR»/lib/rjb.rb
/home/lamby/temp/cdt.20180503160321.dQzXzHsOjv.db.ruby-rjb/ruby-rjb-1.5.5/debian/ruby-rjb/usr/lib/ruby/vendor_ruby/rjb.rb
install -D -m644 «BUILDDIR»/lib/rjb/extension.rb
/home/lamby/temp/cdt.20180503160321.dQzXzHsOjv.db.ruby-rjb/ruby-rjb-1.5.5/debian/ruby-rjb/usr/lib/ruby/vendor_ruby/rjb/extension.rb
install -D -m644 «BUILDDIR»/lib/rjb/version.rb
/home/lamby/temp/cdt.20180503160321.dQzXzHsOjv.db.ruby-rjb/ruby-rjb-1.5.5/debian/ruby-rjb/usr/lib/ruby/vendor_ruby/rjb/version.rb
install -D -m644 «BUILDDIR»/lib/rjb/list.rb
/home/lamby/temp/cdt.20
[DRE-maint] Bug#897664: ruby-rjb: FTBFS: make[2]: javah: Command not found
forwarded 897664 https://github.com/arton/rjb/pull/63
thanks
I've forwarded this upstream here:
https://github.com/arton/rjb/pull/63
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Comments regarding ruby-em-websocket_0.5.1-1_amd64.changes
Just wondering if the conditional for: 3 ifeq ($(filter nocheck,$(DEB_BUILD_PROFILES)),) 4 export GEM2DEB_TEST_RUNNER = --check-dependencies 5 endif .. is necessary given that you do the real nocheck check later. /lamby ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
Re: [DRE-maint] gitlab_10.7.7+dfsg-1_amd64.changes is NEW
Pirate, > > Your package has been put into the NEW queue, which requires manual action > > from the ftpteam to process. The upload was otherwise valid (it had a good > > OpenPGP signature and file hashes are valid), so please be patient. > > Please review this to fix many security bugs against gitlab. Done. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] ruby-graphiql-rails_1.4.10-1_amd64.changes REJECTED
app/assets/javascripts/graphiql/rails/graphiql-0.11.11.js contains more copyright holders than you list; indeed, it looks like a concatentation of different libraries. -- Chris Lamb Wed, 07 Nov 2018 08:50:33 + === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] ruby-graphiql-rails_1.4.10-2_amd64.changes REJECTED
app/assets/javascripts/graphiql/rails/graphiql-0.11.11.js has more copyright holders than you list. Indeed, it looks like a concatentation of a bunch of libraries. -- Chris Lamb Wed, 07 Nov 2018 08:49:55 + === Please feel free to respond to this email if you don't understand why your files were rejected, or if you upload new files which address our concerns. ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#913093: ruby-i18n: CVE-2014-10077
Hi Salvatore et al., > Source: ruby-i18n […] > CVE-2014-10077[0]: > | Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 > | for Ruby allows remote attackers to cause a denial of service > | (application crash) via a call in a situation where :some_key is > | present in keep_keys but not present in the hash. Security team, I would be more than happy to prepare and upload a stable security upload of this package when addressing it in jessie LTS. Please let me know and I will come back with a debdiff. Ruby team, I could easily upload to sid at the same time. Let me know too. (I believe I have the requisite powers in Salsa already.) Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#913005: ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack
Hi Salvatore et al.,
> Source: ruby-rack
[…]
> CVE-2018-16471[0]:
> Possible XSS vulnerability in Rack
Security team, like ruby-i18n, I would be more than happy to prepare
and upload a stable security upload of this package when addressing
it in jessie LTS.
Please let me know and I will come back with a debdiff.
Ruby team, again, I could easily upload to sid at the same time. Let
me know here too.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#913093: ruby-i18n: CVE-2014-10077
Chris Lamb wrote: > Security team, I would be more than happy to prepare and upload a > stable security upload of this package when addressing it in jessie > LTS. Please let me know and I will come back with a debdiff. > > Ruby team, I could easily upload to sid at the same time. Let me > know too. (I believe I have the requisite powers in Salsa already.) Gentle ping on the above two queries? :) Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#913005: ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack
Chris Lamb wrote:
> Security team, like ruby-i18n, I would be more than happy to prepare
> and upload a stable security upload of this package when addressing
> it in jessie LTS.
[…]
> Ruby team, again, I could easily upload to sid at the same time. Let
> me know here too.
Gentle ping on the above two queries? :)
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#913005: ruby-rack: CVE-2018-16471: Possible XSS vulnerability in Rack
block 913005 by 914184 thanks Hi Salvatore, > I think those will be no-dsa and can be adressed via a point release Thanks, filed as: #914184. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#913093: ruby-i18n: CVE-2014-10077
block 913093 by 914187
thanks
Hi Moritz,
> This doesn't warrant a DSA, feel free to fix it via a point
> update, though!
Thanks, filed as #914187.
Best wishes,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Comments regarding ruby-blade-sauce-labs-plugin_0.7.3+dfsg-1_amd64.changes
Please try and make your short description more ... descriptive: 28 Description: Blade Runner plugin for Sauce Labs (saucelabs.com) ^ This makes no sense for the "average" developer, even with a passing usage of Ruby, alas. :) -- Chris Lamb Wed, 06 Feb 2019 10:14:06 + ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#848660: ruby: might need to strip -fdebug-prefix-map
Hi Christian,
> dpkg-buildflags has started injecting -fdebug-prefix-map with a
> variable path into C(..)FLAGS. We need to figure out if we need to
> strip that.
Strip it? As in, the output of CFLAGS ends up in the build...?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#848660: ruby: might need to strip -fdebug-prefix-map
Hi Chris, > > Strip it? As in, the output of CFLAGS ends up in the build...? > > Indeed: > > $ irb > irb(main):001:0> RbConfig::CONFIG['CFLAGS'] > => "-g -O2 -fdebug-prefix-map=/build/ruby2.3-TqM27i/ruby2.3-2.3.3=. - > fstack-protector-strong -Wformat -Werror=format-security -fPIC" > > AFAIK the popular extension building mechanisms (mkmf et al) use this > to discover the required build flags when compiling native extensions. Getcha. They won't need that *particular* -fdebug-prefix-map value though so you can probably strip it immediately prior to it landing in the binary artifact(s) via: $ sed -e 's@ [^ ]*-f\(file\|debug\)-prefix-map=[^ ]*@@g' Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#890075: ruby-http ftbfs (test failures with 2.5)
notfound 890075 3.3.0-2 thanks Emanuele Rocca wrote: > Note that the bug is not reproducible with ruby-http 3.3.0-2 as tests > have been disabled Therefore marking in the BTS to match. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#882473: ruby-httpclient FTBFS and Debci failure: test_verification_without_httpclient fails
Hi, > ruby-httpclient FTBFS and Debci failure: test_verification_without_httpclient > fails This is likely another OpenSSL 1.1 incompatibility wrt. SHA1 signatures. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#923986: ruby-pygments.rb: FTBFS randomly (failing tests)
Santiago Vila wrote: > I tried to build this package in buster but it failed: Hm, I've just built this package 20 times in sid and the tests pass every time. > My recommendation is that the failing tests are simply disabled for buster. If it's a specific test, then I recommend just disabling that one or (better) explicitly marking it as XFAIL. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#923986: ruby-pygments.rb: FTBFS randomly (failing tests)
Santiago Vila wrote: > Well, but I can't build packages in your machine, I have to do it in > my machine, and it fails 50% of the time for me. Try building on a > START1-XS instance from Scaleway (still available on Amsterdam), or > ask me for an account in such a machine. Thank you again for your kind offer of access to such a machine but I think it may be better long-term to work out why this is not failing for me locally. Learning the underlying reason why and how our environments differ will tell us the way of solving this issue properly. By contrast, simply reproducing on yours is, I fear, simply confirming what we already know - ie. that it does not build for you. Unfortuantely, this is "just a random package" from my point of view so I am unlikely to find the bandwidth to set myself up with a new machine/ environment very soon, hence why I posted my brief status update earlier. Best wishes, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org 🍥 chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#964772: gem2deb: should not install mkmf.log files
Source: gem2deb
Version: 1.1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: toolchain buildpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
gem2deb was generating Debian packages that were not reproducible.
For example, ruby-enumerable-statistics was installing a mkmf.log file
that contained various absolute build paths, which will make the package
not reproducible.
I note that there is code already in gem2deb that attempts to not
install these (?), but it does not appear to be working. Patch
attached, although this is just a proof of concept and/or to
demonstrate the problem a little more.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-diff --git a/lib/gem2deb/gem_installer.rb b/lib/gem2deb/gem_installer.rb
index 3ceed90..a89a680 100644
--- a/lib/gem2deb/gem_installer.rb
+++ b/lib/gem2deb/gem_installer.rb
@@ -143,6 +143,7 @@ module Gem2Deb
end
if metadata.has_native_extensions?
+run 'find', 'extensions', '-name', 'mkmf.log', '-delete'
run 'find', 'extensions', '-name', 'gem_make.out', '-delete'
else
FileUtils::Verbose.rm_rf('extensions')
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#964772: gem2deb: should not install mkmf.log files
Hi Antonio,
> > I note that there is code already in gem2deb that attempts to not
> > install these (?), but it does not appear to be working.
>
> That's a different code path that this package and others that use
> --gem-install don't hit.
Okay. Anyway, thanks for applying my patch.
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org 🍥 chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#882580: ruby-mmap2: please make the build reproducible
Dear Maintainer,
> Source: ruby-mmap2
> Version: 2.2.7-1
> Tags: patch
There hasn't seem to be any update on this bug in 1014 days, in which
time the Reproducible Builds effort has come on a long way.
Would you consider applying this patch and uploading?
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#972561: ruby-appraiser: please make the build reproducible
Source: ruby-appraiser
Version: 0.2.0-3
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buidlpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
ruby-appraiser could not be built reproducibly.
This is because it ships a strange appraiser_plugin.rb file that simply
"requires" a single file (which cannot work as this particular path is
to the build path, not the installed path).
Assuming that this file is not useful in a Debian package context, a
patch is attached that removes the file from the binary artefact.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- a/debian/rules 2020-10-20 10:55:41.195010332 +0100
--- b/debian/rules 2020-10-20 11:01:07.165952612 +0100
@@ -15,3 +15,7 @@
%:
dh $@ --buildsystem=ruby --with ruby
+
+override_dh_auto_install:
+ dh_auto_install
+ find debian/ -name appraiser_plugin.rb -delete
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#972668: yard: please make the build reproducible
Source: yard
Version: 0.9.24-1
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: buiidlpath
X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org
Hi,
Whilst working on the Reproducible Builds effort [0] we noticed that
yard could not be built reproducibly.
This is because it ships yard_plugin.rb file that simply "requires" a
single file (which cannot work as this particular path is to the build
path, not the installed path).
This may be related to #972561 or #812809.
Patch attached.
[0] https://reproducible-builds.org/
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
--- a/debian/rules 2020-10-22 10:00:45.132192197 +0100
--- b/debian/rules 2020-10-22 10:03:28.029886499 +0100
@@ -18,6 +18,7 @@
override_dh_auto_install:
dh_auto_install
+ find debian/ -name yard_plugin.rb -delete
dh_link -p yard /usr/share/javascript/jquery/jquery.js \
/usr/share/rubygems-integration/all/gems/yard-$(DEB_VERSION_UPSTREAM)/templates/default/fulldoc/html/js/jquery.js
rm -rf doc/
___
Pkg-ruby-extras-maintainers mailing list
Pkg-ruby-extras-maintainers@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#882580: ruby-mmap2: please make the build reproducible
Chris Lamb wrote: > [..] Friendly ping on this? Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
[DRE-maint] Bug#956405: ruby-enumerable-statistics: FTBFS on amd64/unstable: find: [..] No such file or directory
Source: ruby-enumerable-statistics Version: 2.0.1+dfsg-2 Severity: serious Justification: fails to build from source User: reproducible-bui...@lists.alioth.debian.org Usertags: ftbfs X-Debbugs-Cc: reproducible-b...@lists.alioth.debian.org Tags: fbtfs Dear Maintainer, ruby-enumerable-statistics fails to build from source in unstable/amd64: […] dh_compress -X.rb -O--buildsystem=ruby debian/rules override_dh_fixperms make[1]: Entering directory '/home/lamby/temp/cdt.20200410190019.WRLDvzI39v.ags.ruby-enumerable-statistics/ruby-enumerable-statistics-2.0.1+dfsg' dh_fixperms find debian/ruby-enumerable-statistics/usr/lib/*/rubygems-integration/*/gems/enumerable-statistics-*/yard/templates/ -type f |xargs chmod -x find: 'debian/ruby-enumerable-statistics/usr/lib/*/rubygems-integration/*/gems/enumerable-statistics-*/yard/templates/': No such file or directory chmod: missing operand Try 'chmod --help' for more information. make[1]: *** [debian/rules:16: override_dh_fixperms] Error 123 make[1]: Leaving directory '/home/lamby/temp/cdt.20200410190019.WRLDvzI39v.ags.ruby-enumerable-statistics/ruby-enumerable-statistics-2.0.1+dfsg' make: *** [debian/rules:7: binary] Error 2 dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2 […] The full build log is attached. Regards, -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- ruby-enumerable-statistics.2.0.1+dfsg-2.unstable.amd64.log.txt.gz Description: Binary data ___ Pkg-ruby-extras-maintainers mailing list Pkg-ruby-extras-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
