GNU bug report logs - #56302
[PATCH] gnu: ruby: Update to 2.7.6 [security fixes].

Previous Next

Package: guix-patches;

Reported by: Remco van 't Veer <remco <at> remworks.net>

Date: Wed, 29 Jun 2022 15:56:02 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <marius <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #20 received at 56302 <at> debbugs.gnu.org (full text, mbox):

From: Remco van 't Veer <remco <at> remworks.net>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: 56302 <at> debbugs.gnu.org
Subject: Re: [bug#56302] Acknowledgement ([PATCH] gnu: ruby: Update to 2.7.6
 [security fixes].)
Date: Wed, 29 Jun 2022 18:13:38 +0200

2022/06/29 18:04, Maxime Devos:

> core-updates probably won't be merged for a long time, so a graft might
> be needed in the meantime.

So, keep this bug and make a new patch / bug for the graft?

> Basically, what you need to do is:
>
>   * keep the old ruby <at> 2.7.4 package definition
>   * add a ruby <at> 2.7.6 package (as (define-public ruby-2.7-fixed [...]))
>   * in ruby <at> 2.7.4, add a field
>     (replacement ruby-2.7-fixed) ; security fixes
>
> and verify that some Ruby-using dependents still seem to work.
>
> That way, we can use a fixed ruby <at> 2.7.6 on master.
>
> (This assumes that ruby is graftable -- this assumes that ruby is
> ABI-compatible, otherwise the grafted dependents won't work.)

Thanks for the explanation! I'll give it a try.

Cheers,
Remco

This bug report was last modified 2 years and 268 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #56302 [PATCH] gnu: ruby: Update to 2.7.6 [security fixes].

GNU bug report logs - #56302
[PATCH] gnu: ruby: Update to 2.7.6 [security fixes].