Skip to content

Commit 7e702e2

Browse files
nmburgannmburgan
committed
Update components and remove PDK runtime
This removes the PDK runtime project and components that were only used for it, since we intend to replace the PDK. Many of these component updates aren't strictly required, but doing so to stay as up to date as possible. Ones with CVE fixes are noted. Also, removed some versioning logic where the old version is no longer used, or in some cases added logic to ensure the most up-to-date components are used for OpenVox 8 when those version don't support Ruby 2.7 in OpenVox 7. For OpenVox (and some for Bolt): * curl 8.15.0 * libffi 3.5.1 * libxml2 2.14.5 * openssl 3.0.17 * rubygem-concurrent-ruby 1.3.5 * rubygem-fast_gettext 4.1.0 for OpenVox 8, 2.4.0 for OpenVox 7 * rubygem-gettext 3.5.1 * rubygem-hiera-eyaml 4.3.0 * rubygem-highline 3.1.2 * rubygem-mini_portile2 2.8.9 * rubygem-multi_json 1.17.0 for OpenVox 8 * rubygem-net-ssh 7.3.0 * rubygem-nokogiri 1.18.9 - Default libxml2 embedded in the gem contained CVE-2025-32414, CVE-2025-32415, CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, CVE-2025-49796 - However, we compile nokogiri against our own version of libxml2 which did not have these issues. Still, updating to avoid popping scanners. * rubygem-openfact 5.1.0 * rubygem-prime 0.1.4 * rubygem-sys-filesystem 1.5.3 (except for Solaris, which we are not building right now, but has to stay at 1.4.5) * rubygem-thor 1.4.0 * virt-what 1.27 For Bolt: * rubygem-aws-eventstream 1.4.0 * rubygem-aws-partitions 1.1134.0 * rubygem-aws-sdk-core 3.227.0 * rubygem-aws-sdk-ec2 1.541.0 * rubygem-aws-sigv4 1.12.1 * rubygem-bindata 2.5.1 * rubygem-colored2 4.0.3 * rubygem-ed25519 1.4.0 * rubygem-faraday-em_http 2.0.1 * rubygem-faraday-em_synchrony 1.0.1 * rubygem-faraday-excon 2.3.0 * rubygem-faraday-httpclient 2.0.2 * rubygem-faraday-multipart 1.1.1 * rubygem-faraday-net_http_persistent 2.3.1 * rubygem-faraday-net_http 3.4.1 * rubygem-faraday-patron 2.0.2 * rubygem-faraday-rack 2.1.3 * rubygem-faraday-retry 2.3.2 * rubygem-faraday 2.13.3 * rubygem-gettext-setup 1.1.0 * rubygem-httpclient 2.9.0 * rubygem-net-http-persistent 4.0.6 * rubygem-net-scp 4.1.0 * rubygem-public_suffix 6.0.2 * rubygem-puppet-resource_api 2.0.0 * rubygem-puppet-strings 5.0.0 * rubygem-puppet 8.10.0 (to be replaced with the OpenVox gem soon) * rubygem-r10k 5.0.2 * rubygem-rgen 0.10.2 * rubygem-rubyzip 2.4.1 * rubygem-terminal-table 4.0.0 * rubygem-unicode-display_width 3.1.4 * rubygem-webrick 1.9.1 * rubygem-yard 0.9.37
1 parent a85539c commit 7e702e2

File tree

97 files changed

+182
-1021
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

97 files changed

+182
-1021
lines changed

configs/components/ansicon.rb

Lines changed: 0 additions & 22 deletions
This file was deleted.

configs/components/augeas.rb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22
# Component release information: https://github.com/hercules-team/augeas/releases
33
#####
44
component 'augeas' do |pkg, settings, platform|
5-
# Projects may define an :augeas_version setting, or we use 1.8.1 by default:
65
version = settings[:augeas_version] || '1.14.1'
76
pkg.version version
87

configs/components/curl.rb

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,19 +1,16 @@
11
#####
22
# Component release information: https://github.com/curl/curl/releases
3-
# Notes:
4-
# 2025-07-23: The latest is 8.15.0, but it contains no security fixes or
5-
# relevant improvements for us, so waiting to update until we need to.
63
#####
74
component 'curl' do |pkg, settings, platform|
85
# Projects may define a :curl_version setting
9-
version = settings[:curl_version] || '8.14.1'
6+
version = settings[:curl_version] || '8.15.0'
107
pkg.version version
118

129
case version
1310
when '7.88.1'
1411
pkg.sha256sum 'cdb38b72e36bc5d33d5b8810f8018ece1baa29a8f215b4495e495ded82bbf3c7'
15-
when '8.14.1'
16-
pkg.sha256sum '6766ada7101d292b42b8b15681120acd68effa4a9660935853cf6d61f0d984d4'
12+
when '8.15.0'
13+
pkg.sha256sum 'd85cfc79dc505ff800cb1d321a320183035011fa08cb301356425d86be8fc53c'
1714
else
1815
raise "curl version #{version} has not been configured; Cannot continue."
1916
end

configs/components/git.rb

Lines changed: 0 additions & 137 deletions
This file was deleted.

configs/components/libffi.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,8 +2,8 @@
22
# Component release information: https://github.com/libffi/libffi/releases
33
#####
44
component 'libffi' do |pkg, settings, platform|
5-
pkg.version '3.4.8'
6-
pkg.sha256sum 'bc9842a18898bfacb0ed1252c4febcc7e78fa139fd27fdc7a3e30d9d9356119b'
5+
pkg.version '3.5.1'
6+
pkg.sha256sum 'f99eb68a67c7d54866b7706af245e87ba060d419a062474b456d3bc8d4abdbd1'
77
pkg.url "https://github.com/libffi/libffi/releases/download/v#{pkg.get_version}/#{pkg.get_name}-#{pkg.get_version}.tar.gz"
88
pkg.mirror "#{settings[:buildsources_url]}/#{pkg.get_name}-#{pkg.get_version}.tar.gz"
99

configs/components/libxml2.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@
44
# https://github.com/GNOME/libxml2/tags
55
#####
66
component "libxml2" do |pkg, settings, platform|
7-
pkg.version '2.13.8'
8-
pkg.sha256sum '277294cb33119ab71b2bc81f2f445e9bc9435b893ad15bb2cd2b0e859a0ee84a'
7+
pkg.version '2.14.5'
8+
pkg.sha256sum '03d006f3537616833c16c53addcdc32a0eb20e55443cba4038307e3fa7d8d44b'
99

1010
libxml2_version_y = pkg.get_version.gsub(/(\d+)\.(\d+)\.(\d+)/, '\1.\2')
1111
pkg.url "https://download.gnome.org/sources/libxml2/#{libxml2_version_y}/libxml2-#{pkg.get_version}.tar.xz"

configs/components/openssl-3.0.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@
66
# need to move to the 3.5.x LTS stream in the next year.
77
#####
88
component 'openssl' do |pkg, settings, platform|
9-
pkg.version '3.0.16'
10-
pkg.sha256sum '57e03c50feab5d31b152af2b764f10379aecd8ee92f16c985983ce4a99f7ef86'
9+
pkg.version '3.0.17'
10+
pkg.sha256sum 'dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce'
1111
pkg.url "https://github.com/openssl/openssl/releases/download/openssl-#{pkg.get_version}/openssl-#{pkg.get_version}.tar.gz"
1212
pkg.mirror "#{settings[:buildsources_url]}/openssl-#{pkg.get_version}.tar.gz"
1313

configs/components/post-additional-rubies.rb

Lines changed: 0 additions & 6 deletions
This file was deleted.

configs/components/pre-additional-rubies.rb

Lines changed: 0 additions & 5 deletions
This file was deleted.

configs/components/ruby-3.2.8.rb

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,10 @@
1-
# The file name of the ruby component must match the ruby_version
1+
#####
2+
# Component release information:
3+
# https://github.com/ruby/ruby/releases
4+
# https://www.ruby-lang.org/en/downloads/releases/
5+
# Notes:
6+
# The file name of the ruby component must match the ruby_version
7+
#####
28
component 'ruby-3.2.8' do |pkg, settings, platform|
39
pkg.version '3.2.8'
410
# https://www.ruby-lang.org/en/downloads/releases/

0 commit comments

Comments
 (0)