Your message dated Thu, 24 Apr 2014 23:20:49 +0000
with message-id <e1wdswj-00027t...@franck.debian.org>
and subject line Bug#745699: fixed in ruby2.1 2.1.1-4
has caused the Debian Bug report #745699,
regarding ruby2.1: Requires internet to build (fetches config.sub/config.guess)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
745699: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745699
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ruby2.1
Version: 2.1.1-3
Severity: serious
Tags: security patch
Justification: Policy 4.9
ruby2.1 is shipped without config.sub and config.guess and then these are
insecurely downloaded during configure. It would be much better just to use
the ones shipped with autotools-dev. Patch attached.
diff -Nru ruby2.1-2.1.1/debian/rules ruby2.1-2.1.1/debian/rules
--- ruby2.1-2.1.1/debian/rules 2014-04-22 12:08:50.000000000 -0400
+++ ruby2.1-2.1.1/debian/rules 2014-04-23 21:38:23.000000000 -0400
@@ -46,6 +46,8 @@
dh $@ --parallel --with autotools-dev --with autoreconf
override_dh_auto_configure:
+ cp /usr/share/misc/config.guess tool
+ cp /usr/share/misc/config.sub tool
mkdir -p debian/lib
ln -sf /usr/lib/$(DEB_HOST_MULTIARCH)/libtcl$(vtcltk).so debian/lib/libtcl.so
ln -sf /usr/lib/$(DEB_HOST_MULTIARCH)/libtk$(vtcltk).so debian/lib/libtk.so
@@ -53,6 +55,8 @@
override_dh_auto_clean:
dh_auto_clean
+ rm -f tool/config.guess
+ rm -f tool/config.sub
rm -rf debian/lib
$(RM) -r .ext
$(RM) -r doc/capi
--- End Message ---
--- Begin Message ---
Source: ruby2.1
Source-Version: 2.1.1-4
We believe that the bug you reported is fixed in the latest version of
ruby2.1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 745...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Hofstaedtler <z...@debian.org> (supplier of updated ruby2.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 25 Apr 2014 00:57:13 +0200
Source: ruby2.1
Binary: ruby2.1 libruby2.1 ruby2.1-dev ruby2.1-doc ruby2.1-tcltk
Architecture: source amd64 all
Version: 2.1.1-4
Distribution: unstable
Urgency: medium
Maintainer: Antonio Terceiro <terce...@debian.org>
Changed-By: Christian Hofstaedtler <z...@debian.org>
Description:
libruby2.1 - Libraries necessary to run Ruby 2.1
ruby2.1 - Interpreter of object-oriented scripting language Ruby
ruby2.1-dev - Header files for compiling extension modules for the Ruby 2.1
ruby2.1-doc - Documentation for Ruby 2.1
ruby2.1-tcltk - Ruby/Tk for Ruby 2.1
Closes: 745699
Changes:
ruby2.1 (2.1.1-4) unstable; urgency=medium
.
* Use Debian copy of config.{guess,sub}
Instead of downloading it from the Internet, which could be down or
insecure. Thanks to Scott Kitterman for the report AND patch.
(Closes: 745699)
* Move jquery source file to d/missing-sources
Checksums-Sha1:
e6d8c97d16231fdf7bc46662e4033c8bbdc02a58 2382 ruby2.1_2.1.1-4.dsc
684638161391d0a9fb27e3d63d96e86d8595a22d 79392 ruby2.1_2.1.1-4.debian.tar.xz
7fe63201da25772d0ebbf0ec814da357457691a7 256158 ruby2.1_2.1.1-4_amd64.deb
58e25773501cf2a63b4a0df02eeccc31fca442ab 3249106 libruby2.1_2.1.1-4_amd64.deb
18869a50bafe919ce7dd0c9dfd2344986a347b24 1142080 ruby2.1-dev_2.1.1-4_amd64.deb
15550ab475f5195a3e32c2a1b53618973f60a2a6 3342910 ruby2.1-doc_2.1.1-4_all.deb
b33c633f6ce004f7e554dfa0d2b6b2f144667f53 461114 ruby2.1-tcltk_2.1.1-4_amd64.deb
Checksums-Sha256:
e08df3653ec89e6e7fa9c9d3ce7a8db4e2ce4e04687b00a53d097120b0446a9e 2382
ruby2.1_2.1.1-4.dsc
756aeb3364cca38d924302770736bbf3118094ddf3699e80a3bc6f1df03026a5 79392
ruby2.1_2.1.1-4.debian.tar.xz
c09a713c75eaab0a99d159067b861800a7ac1d0fe6efa302970358c636a3e644 256158
ruby2.1_2.1.1-4_amd64.deb
df4f55d4f1e0528ad9bbbe82cf18ed63691e91c389b756c0af05cb232a277fdc 3249106
libruby2.1_2.1.1-4_amd64.deb
64ecc2e2370b42d8f0cbb8a48ff37210159351a3a6219c9779794c9c8858b17a 1142080
ruby2.1-dev_2.1.1-4_amd64.deb
1e87938773c9b498206599e15bdfc9fec3aeaab4205da7461a8d0bc03539dd4e 3342910
ruby2.1-doc_2.1.1-4_all.deb
d0e294c5c2ef86bbc7deaecdded5f78a20931b87194df7ddf8e1224490c0d70a 461114
ruby2.1-tcltk_2.1.1-4_amd64.deb
Files:
c1df601555a834af113fafd1a7a0fbe5 256158 ruby extra ruby2.1_2.1.1-4_amd64.deb
859d01e2f4381e2e8ed204f27b2215cc 3249106 libs extra
libruby2.1_2.1.1-4_amd64.deb
d81a229f0e1819227d85bd409a7c5982 1142080 ruby extra
ruby2.1-dev_2.1.1-4_amd64.deb
fcc71e8d45f18c66e0f11544d968a876 3342910 doc extra ruby2.1-doc_2.1.1-4_all.deb
83184cb2c47bea5899c9a9ea31d78345 461114 ruby extra
ruby2.1-tcltk_2.1.1-4_amd64.deb
b2e0601bc095cf161dfdf6c3d010727b 2382 ruby extra ruby2.1_2.1.1-4.dsc
680784363dcfce20f724d87c01a74b4f 79392 ruby extra ruby2.1_2.1.1-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJTWZgAAAoJEFwT1tuTBS4DYYoP/1TfEf2W5TJbKZpyw77tkpf/
fO0IMfa3v7Var1wkHhI2IeAwmDNMlIuNyePXTaeEcZlQooWRpoVcXgMSrtyK5yQk
un6INIOZDlKj86C9D7JJXkoft1aFou6z8w7H/A1QBjbaGIAlR5RqyMjqEr3wstxv
voW+I00AV1IDqdZ3sfZfJXOTf0pH//rW/wRXKMnbFneEp86aGsvwawtKU8dKk1s8
qX1KxWUgY0kpNL7GMOg2zkSmo1LeMU8e7c7n4Tc9BqgKXCZD6xQLR9puLQxOs2x5
gphHWGvYW1ZjEe2P+3bFQScwjBx01x7m6i2hVzLAD8XrfjRx2DSc0Wp9nYyAFM28
5gwX1VI4kP8yQpwaM8MqCFvqPwPucVRRvBnXu3tJQLR4CD9WzawF6IlJogqZvFvS
SCrf3FBmAGb9pWK4/ynVIJqnTARK7zVgMEsHhTrV1lfc2JGHteTRY183TCOrv7qG
CP0RVMq+SQ+/7akMsicdRNXC/opNwb+6o/LGGix29p9MyWqsY67ojEg23wWdh6yg
sdfxO7kdziHy7t6MmFNy5rgDpyNCqk9SLSiUn7jA6g9Mlmoq/F9dKSW5nTL2D34A
BvEehQxzU51ypyZdGnYtxAUgQMZ/j/0JnE/wWSXmoTUm5F76xLt5/09k9zWkpSKG
kNayo2e806mTslomHXvB
=HyJW
-----END PGP SIGNATURE-----
--- End Message ---
