diff --git a/ruby-fiddle-1.1.1-closure-free-resources.patch b/ruby-fiddle-1.1.1-closure-free-resources.patch deleted file mode 100644 index 09af710..0000000 --- a/ruby-fiddle-1.1.1-closure-free-resources.patch +++ /dev/null @@ -1,128 +0,0 @@ -From beb0358d90ad77e59cf5d13cc2469de94fe06331 Mon Sep 17 00:00:00 2001 -From: Sutou Kouhei -Date: Thu, 15 Sep 2022 07:08:20 +0900 -Subject: [PATCH] merge revision(s) a4ad6bd9aac564e93219284c912b26a72f9e82fc: - - [ruby/fiddle] closure: free resources when an exception is raised in - Closure.new - - GitHub: GH-102 - - https://github.com/ruby/fiddle/commit/81a8a56239 - --- - ext/fiddle/closure.c | 56 ++++++++++++++++++++++++++++++++++++++++------------ - 1 file changed, 43 insertions(+), 13 deletions(-) ---- - ext/fiddle/closure.c | 56 ++++++++++++++++++++++++++++++++++---------- - 1 file changed, 43 insertions(+), 13 deletions(-) - -diff --git a/ext/fiddle/closure.c b/ext/fiddle/closure.c -index 27f448a24f..c08ec5940d 100644 ---- a/ext/fiddle/closure.c -+++ b/ext/fiddle/closure.c -@@ -224,9 +224,16 @@ allocate(VALUE klass) - return i; - } - -+typedef struct { -+ VALUE self; -+ int argc; -+ VALUE *argv; -+} initialize_data; -+ - static VALUE --initialize(int rbargc, VALUE argv[], VALUE self) -+initialize_body(VALUE user_data) - { -+ initialize_data *data = (initialize_data *)user_data; - VALUE ret; - VALUE args; - VALUE normalized_args; -@@ -237,14 +244,14 @@ initialize(int rbargc, VALUE argv[], VALUE self) - ffi_status result; - int i, argc; - -- if (2 == rb_scan_args(rbargc, argv, "21", &ret, &args, &abi)) -- abi = INT2NUM(FFI_DEFAULT_ABI); -+ if (2 == rb_scan_args(data->argc, data->argv, "21", &ret, &args, &abi)) -+ abi = INT2NUM(FFI_DEFAULT_ABI); - - Check_Type(args, T_ARRAY); - - argc = RARRAY_LENINT(args); - -- TypedData_Get_Struct(self, fiddle_closure, &closure_data_type, cl); -+ TypedData_Get_Struct(data->self, fiddle_closure, &closure_data_type, cl); - - cl->argv = (ffi_type **)xcalloc(argc + 1, sizeof(ffi_type *)); - -@@ -257,8 +264,8 @@ initialize(int rbargc, VALUE argv[], VALUE self) - cl->argv[argc] = NULL; - - ret = rb_fiddle_type_ensure(ret); -- rb_iv_set(self, "@ctype", ret); -- rb_iv_set(self, "@args", normalized_args); -+ rb_iv_set(data->self, "@ctype", ret); -+ rb_iv_set(data->self, "@args", normalized_args); - - cif = &cl->cif; - pcl = cl->pcl; -@@ -269,25 +276,48 @@ initialize(int rbargc, VALUE argv[], VALUE self) - rb_fiddle_int_to_ffi_type(NUM2INT(ret)), - cl->argv); - -- if (FFI_OK != result) -- rb_raise(rb_eRuntimeError, "error prepping CIF %d", result); -+ if (FFI_OK != result) { -+ rb_raise(rb_eRuntimeError, "error prepping CIF %d", result); -+ } - - #if USE_FFI_CLOSURE_ALLOC - result = ffi_prep_closure_loc(pcl, cif, callback, -- (void *)self, cl->code); -+ (void *)(data->self), cl->code); - #else - result = ffi_prep_closure(pcl, cif, callback, (void *)(data->self)); - cl->code = (void *)pcl; - i = mprotect(pcl, sizeof(*pcl), PROT_READ | PROT_EXEC); - if (i) { -- rb_sys_fail("mprotect"); -+ rb_sys_fail("mprotect"); - } - #endif - -- if (FFI_OK != result) -- rb_raise(rb_eRuntimeError, "error prepping closure %d", result); -+ if (FFI_OK != result) { -+ rb_raise(rb_eRuntimeError, "error prepping closure %d", result); -+ } -+ -+ return data->self; -+} - -- return self; -+static VALUE -+initialize_rescue(VALUE user_data, VALUE exception) -+{ -+ initialize_data *data = (initialize_data *)user_data; -+ dealloc(RTYPEDDATA_DATA(data->self)); -+ RTYPEDDATA_DATA(data->self) = NULL; -+ rb_exc_raise(exception); -+ return data->self; -+} -+ -+static VALUE -+initialize(int argc, VALUE *argv, VALUE self) -+{ -+ initialize_data data; -+ data.self = self; -+ data.argc = argc; -+ data.argv = argv; -+ return rb_rescue(initialize_body, (VALUE)&data, -+ initialize_rescue, (VALUE)&data); - } - - static VALUE --- -2.44.0 - diff --git a/ruby.spec b/ruby.spec index 7c06da7..ecfafe2 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 1 -%global teeny_version 5 +%global teeny_version 7 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -22,7 +22,7 @@ %endif -%global release 144 +%global release 145 %{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} # The RubyGems library has to stay out of Ruby directory tree, since the @@ -64,8 +64,8 @@ %global power_assert_version 2.0.1 %global rake_version 13.0.6 %global test_unit_version 3.5.3 -%global rexml_version 3.2.5 -%global rss_version 0.2.9 +%global rexml_version 3.3.9 +%global rss_version 0.3.1 %global net_ftp_version 0.1.4 %global net_imap_version 0.2.4 %global net_pop_version 0.1.1 @@ -191,13 +191,6 @@ Patch28: ruby-irb-1.4.1-set-rdoc-soft-dep.patch # https://github.com/ruby/ruby/commit/bffadcd6d46ccfccade79ce0efb60ced8eac4483 # https://bugs.ruby-lang.org/issues/19529#note-7 Patch29: ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch -# Fix fiddle build with libffi versions 3.1 or older. -# https://github.com/ruby/ruby/pull/10696 -# https://bugs.ruby-lang.org/issues/20451 -Patch30: ruby-fiddle-1.1.1-closure-free-resources.patch -# Tests not included, this Ruby release does not include REXML tests. -# https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f -Patch31: rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} Suggests: rubypick @@ -660,14 +653,6 @@ rm -rf ext/fiddle/libffi* %patch27 -p1 %patch28 -p1 %patch29 -p1 -%patch30 -p1 - -# Instead of adjusting patch's directory, use the following form where -# we first enter the correct directory, this allows more general application -# accross ruby versions, since we can make use of the %rexml_version macro. -pushd ".bundle/gems/rexml-%{rexml_version}/" -%patch31 -p1 -popd # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -836,6 +821,17 @@ find %{buildroot}%{gem_dir}/extensions/*-%{_target_os}/%{major_minor_version}.*/ find %{buildroot}%{gem_dir}/gems/*/ext -maxdepth 0 -exec rm -rf '{}' + find %{buildroot}%{gem_dir}/gems/*/lib -name \*.so -delete +# Bundled gems with extensions leave behind an exts.mk that gets installed +# into their final directory. The file is not needed nor expected after build. +# Follow the state of other gems that also create exts.mk but do not install +# them. Therefore delete the files. +# Otherwise rpmbuild will complain with the following: +# Fixes: +# error: Installed (but unpackaged) file(s) found: +# /usr/share/gems/gems/debug-1.6.3/exts.mk +# /usr/share/gems/gems/rbs-2.7.0/exts.mk +find %{buildroot}%{gem_dir}/gems -name 'exts.mk' -exec rm '{}' \; + # Move man pages into proper location mkdir -p %{buildroot}%{_mandir}/man{1,5} mv %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/doc/rake.1 %{buildroot}%{_mandir}/man1 @@ -1256,7 +1252,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/" %{gem_dir}/specifications/default/abbrev-0.1.0.gemspec %{gem_dir}/specifications/default/base64-0.1.1.gemspec %{gem_dir}/specifications/default/benchmark-0.2.0.gemspec -%{gem_dir}/specifications/default/cgi-0.3.6.gemspec +%{gem_dir}/specifications/default/cgi-0.3.7.gemspec %{gem_dir}/specifications/default/csv-3.2.5.gemspec %{gem_dir}/specifications/default/date-3.2.2.gemspec %{gem_dir}/specifications/default/delegate-0.2.0.gemspec @@ -1312,7 +1308,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/" %{gem_dir}/specifications/default/tmpdir-0.1.2.gemspec %{gem_dir}/specifications/default/tsort-0.1.0.gemspec %{gem_dir}/specifications/default/un-0.2.0.gemspec -%{gem_dir}/specifications/default/uri-0.12.2.gemspec +%{gem_dir}/specifications/default/uri-0.12.4.gemspec %{gem_dir}/specifications/default/weakref-0.1.1.gemspec #%%{gem_dir}/specifications/default/win32ole-1.8.8.gemspec %{gem_dir}/specifications/default/yaml-0.2.0.gemspec @@ -1531,10 +1527,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/" %doc %{gem_dir}/gems/rss-%{rss_version}/NEWS.md %{gem_dir}/gems/rss-%{rss_version}/lib %{gem_dir}/specifications/rss-%{rss_version}.gemspec -%doc %{gem_dir}/gems/rss-%{rss_version}/Gemfile %doc %{gem_dir}/gems/rss-%{rss_version}/README.md -%doc %{gem_dir}/gems/rss-%{rss_version}/Rakefile -%doc %{gem_dir}/gems/rss-%{rss_version}/test %files -n rubygem-typeprof %dir %{gem_dir}/gems/typeprof-%{typeprof_version} @@ -1552,6 +1545,14 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/" %changelog +* Thu Mar 27 2025 Jarek Prokop - 3.1.7-145 +- Upgrade to Ruby 3.1.7. + Resolves: RHEL-55408 +- Fix DoS vulnerability in REXML. (CVE-2024-39908) + Resolves: RHEL-57051 +- Fix DoS vulnerability in REXML. (CVE-2024-43398) + Resolves: RHEL-56002 + * Tue Nov 26 2024 Jarek Prokop - 3.1.5-144 - Fix REXML ReDoS vulnerability. (CVE-2024-49761) Resolves: RHEL-68520 diff --git a/rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch b/rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch deleted file mode 100644 index 8222691..0000000 --- a/rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch +++ /dev/null @@ -1,31 +0,0 @@ -From ce59f2eb1aeb371fe1643414f06618dbe031979f Mon Sep 17 00:00:00 2001 -From: Sutou Kouhei -Date: Thu, 24 Oct 2024 14:45:31 +0900 -Subject: [PATCH] parser: fix a bug that �x...; is accepted as a character - reference - ---- - lib/rexml/parsers/baseparser.rb | 10 +++++++--- - test/parse/test_character_reference.rb | 6 ++++++ - 2 files changed, 13 insertions(+), 3 deletions(-) - -diff --git a/lib/rexml/parsers/baseparser.rb b/lib/rexml/parsers/baseparser.rb -index 7bd8adf..b4547ba 100644 ---- a/lib/rexml/parsers/baseparser.rb -+++ b/lib/rexml/parsers/baseparser.rb -@@ -469,8 +469,12 @@ def unnormalize( string, entities=nil, filter=nil ) - return rv if matches.size == 0 -- rv.gsub!( /�*((?:\d+)|(?:x[a-fA-F0-9]+));/ ) { -+ rv.gsub!( /&#((?:\d+)|(?:x[a-fA-F0-9]+));/ ) { - m=$1 -- m = "0#{m}" if m[0] == ?x -- [Integer(m)].pack('U*') -+ if m.start_with?("x") -+ code_point = Integer(m[1..-1], 16) -+ else -+ code_point = Integer(m, 10) -+ end -+ [code_point].pack('U*') - } - matches.collect!{|x|x[0]}.compact! - if matches.size > 0 diff --git a/sources b/sources index f406e3c..969c77b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.1.5.tar.xz) = a9883f4d074825bb1f54ef3429a9a71341274bd2de1aa8ea32bce19b6b9c1bac5e5dc4c34a92b8e7caa73ba71d7ed7c546a6fec6f1fd3d8986974dce214f6d49 +SHA512 (ruby-3.1.7.tar.xz) = 44e013f6e8d159a49125d24eaf02f58e02997fcd7bd4f4370250248c2d3264fb45183e33797638a7d9a2907fb48fe1b46f5f45514d60a800f96bce2c10baca82