Re: [TheCodeShop] New Ruby 1.9.3-p429 with security fixes
74 views
Skip to first unread message
Jon
May 17, 2013, 9:09:43 AM5/17/13
to theco...@googlegroups.com
On Fri, 17 May 2013 02:13:22 -0700 (PDT)
Vdoble <beltr...@gmail.com> wrote:
> A new Ruby 1.9 version was released recently to address a security issue
> http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
>
> Do you plan to build a new version of Ruby? Thanks.
Hi Vdoble,
No new experimental versions of TCS Ruby are planned because many of the improvements have already been included upstream
in the official Ruby 1.9 and 2.x branches. As such, I consider TCS' MRI project http://thecodeshop.github.io/projects.html
to be finished and need to update the docs.
That said, even though this ML has been dormant for awhile, if you've got intruiging improvement ideas (Ruby or non-Ruby) and
want to see if anyone here may also be interested, please feel free to post.
http://thecodeshop.github.io/about.html
For example, posts like this
https://groups.google.com/forum/?fromgroups#!topic/thecodeshop/m5Mn1nyvHvs
are more than welcome. Either people will be interested and have time to investigate, or they won't. Either is OK.
FYI, if you're looking for installers or binary archives for Windows for 1.9.3-p429 or 2.0.0-p195, Luis has pushed
releases over at http://rubyinstaller.org/downloads/
Jon
---
Fail fast. Fail often. Fail publicly. Learn. Adapt. Repeat.
http://jonforums.github.io/ | http://thecodeshop.github.io/
twitter: @jonforums
Vdoble <beltr...@gmail.com> wrote:
> A new Ruby 1.9 version was released recently to address a security issue
> http://www.ruby-lang.org/en/news/2013/05/14/taint-bypass-dl-fiddle-cve-2013-2065/
>
> Do you plan to build a new version of Ruby? Thanks.
Hi Vdoble,
No new experimental versions of TCS Ruby are planned because many of the improvements have already been included upstream
in the official Ruby 1.9 and 2.x branches. As such, I consider TCS' MRI project http://thecodeshop.github.io/projects.html
to be finished and need to update the docs.
That said, even though this ML has been dormant for awhile, if you've got intruiging improvement ideas (Ruby or non-Ruby) and
want to see if anyone here may also be interested, please feel free to post.
http://thecodeshop.github.io/about.html
For example, posts like this
https://groups.google.com/forum/?fromgroups#!topic/thecodeshop/m5Mn1nyvHvs
are more than welcome. Either people will be interested and have time to investigate, or they won't. Either is OK.
FYI, if you're looking for installers or binary archives for Windows for 1.9.3-p429 or 2.0.0-p195, Luis has pushed
releases over at http://rubyinstaller.org/downloads/
Jon
---
Fail fast. Fail often. Fail publicly. Learn. Adapt. Repeat.
http://jonforums.github.io/ | http://thecodeshop.github.io/
twitter: @jonforums
Vdoble
May 19, 2013, 12:58:32 PM5/19/13
to theco...@googlegroups.com
Thanks Jon,
As far as I understand, the Code Shop Ruby version ships some patches for Ruby 1.9 version that improves the time startup significantly, for example Falcon's patch https://gist.github.com/funny-falcon or Greg Price's patch http://bugs.ruby-lang.org/issues/7158 Would be possible to get a new Ruby 1.9 version with these patches or should I get the latest Ruby 2.0 from the official release to have these patches already included?
Thanks a lot.
Jon
May 19, 2013, 2:13:07 PM5/19/13
to theco...@googlegroups.com
What is your primary OS? Regardless of whether you're on Linux, Windows, or OS X, if you're not limited to 1.9.3 for some reason, I'd move to 2.0.0.
If you still need 1.9.3 it looks like Yura's made updates to his Falcon patches so you may be able to patch up a plain vanilla Ruby 1.9.3 and build from source. If Yura's still monitoring this ML, he may have more specific advice on how best to use his 1.9.3 backport patches.
I don't know your setup, but here's a screen-spew-o-info that may or may not be helpful for hacking up a custom patched 1.9.3 build if you choose that path...
If you're building on Linux or OS X, there's many ways to build (RVM, rbenv's ruby-build, macports, etc) including the old fashioned manual way similar to:
cd ~/rubydev/ruby-src
mkdir build
git checkout -b ruby_1_9_3 origin/ruby_1_9_3
# apply patches
autoconf && cd build
../configure --prefix=$HOME/.rubies/ruby-1.9.3 --enable-shared --disable-install-doc
make all test test-all
make install
If Windows is your primary OS you can use the fabulous RubyInstaller build recipes to easily build from source. In the early stages of TCS I wrote TCS-specific instructions at:
https://github.com/thecodeshop/ruby/wiki/Building-MRI-on-Windows
The "Building with the RubyInstaller recipes" section is most applicable. The info is dated but gives you a general idea. In general, you'd do something similar to this to build a patched 1.9.3 from source:
1) clone the ruby repo and checkout the ruby_1_9_3 branch
cd C:\
git clone https://github.com/ruby/ruby.git ruby-src
cd ruby-src
git checkout -b ruby_1_9_3 origin/ruby_1_9_3
# apply patches
2) clone the rubyinstaller repo
cd C:\
git clone https://github.com/oneclick/rubyinstaller.git rubyinstaller
3) download, build, and test 32bit ruby and all dependencies (assumes you already have a base ruby on PATH)
cd C:\rubyinstaller
rake clean
rake ruby19 local=C:\ruby-src dkver=mingw64-32-4.7.2 # use dkver=mingw64-64-4.7.2 for 64bit builds
rake devkit:sh
cd sandbox/ruby19_build
make test
make test-all
exit
4) get the built binaries
# binaries built in C:\rubyinstaller\sandbox\ruby19_mingw; copy dirs to any non-spaced dir
rake ruby19:package:archive # builds .7z archives in C:\rubyinstaller\pkg
5) clean up and prepare for another build
rake clean # keeps all build artifacts so they don't need to be downloaded again
cd C:\ruby-src
del revision.h configure
rmdir /s autom4te.cache
I've retired from active contribution to the RubyInstaller project, but Luis and the other fantastic contributors maintain a ML at http://groups.google.com/group/rubyinstaller and informative wiki pages at https://github.com/oneclick/rubyinstaller/wiki
Good luck!
Jon
> --
> You received this message because you are subscribed to the Google Groups "TheCodeShop" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to thecodeshop...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
If you still need 1.9.3 it looks like Yura's made updates to his Falcon patches so you may be able to patch up a plain vanilla Ruby 1.9.3 and build from source. If Yura's still monitoring this ML, he may have more specific advice on how best to use his 1.9.3 backport patches.
I don't know your setup, but here's a screen-spew-o-info that may or may not be helpful for hacking up a custom patched 1.9.3 build if you choose that path...
If you're building on Linux or OS X, there's many ways to build (RVM, rbenv's ruby-build, macports, etc) including the old fashioned manual way similar to:
cd ~/rubydev/ruby-src
mkdir build
git checkout -b ruby_1_9_3 origin/ruby_1_9_3
# apply patches
autoconf && cd build
../configure --prefix=$HOME/.rubies/ruby-1.9.3 --enable-shared --disable-install-doc
make all test test-all
make install
If Windows is your primary OS you can use the fabulous RubyInstaller build recipes to easily build from source. In the early stages of TCS I wrote TCS-specific instructions at:
https://github.com/thecodeshop/ruby/wiki/Building-MRI-on-Windows
The "Building with the RubyInstaller recipes" section is most applicable. The info is dated but gives you a general idea. In general, you'd do something similar to this to build a patched 1.9.3 from source:
1) clone the ruby repo and checkout the ruby_1_9_3 branch
cd C:\
git clone https://github.com/ruby/ruby.git ruby-src
cd ruby-src
git checkout -b ruby_1_9_3 origin/ruby_1_9_3
# apply patches
2) clone the rubyinstaller repo
cd C:\
git clone https://github.com/oneclick/rubyinstaller.git rubyinstaller
3) download, build, and test 32bit ruby and all dependencies (assumes you already have a base ruby on PATH)
cd C:\rubyinstaller
rake clean
rake ruby19 local=C:\ruby-src dkver=mingw64-32-4.7.2 # use dkver=mingw64-64-4.7.2 for 64bit builds
rake devkit:sh
cd sandbox/ruby19_build
make test
make test-all
exit
4) get the built binaries
# binaries built in C:\rubyinstaller\sandbox\ruby19_mingw; copy dirs to any non-spaced dir
rake ruby19:package:archive # builds .7z archives in C:\rubyinstaller\pkg
5) clean up and prepare for another build
rake clean # keeps all build artifacts so they don't need to be downloaded again
cd C:\ruby-src
del revision.h configure
rmdir /s autom4te.cache
I've retired from active contribution to the RubyInstaller project, but Luis and the other fantastic contributors maintain a ML at http://groups.google.com/group/rubyinstaller and informative wiki pages at https://github.com/oneclick/rubyinstaller/wiki
Good luck!
Jon
> You received this message because you are subscribed to the Google Groups "TheCodeShop" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to thecodeshop...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
Vdoble
May 21, 2013, 12:44:41 PM5/21/13
to theco...@googlegroups.com
Hi Jon,
Thanks for the detailed email. Yes, it is not a problem to compile the new version with the patches on Linux but I trying to find a compiled version for Windows. We will check if it is possible to move to 2.0.
Thanks again.
Thanks for the detailed email. Yes, it is not a problem to compile the new version with the patches on Linux but I trying to find a compiled version for Windows. We will check if it is possible to move to 2.0.
Thanks again.
Reply all
Reply to author
Forward
0 new messages