rpms
/
ruby
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI ruby-3.1.4-143.module+el9.3.0+21558+96b51efd

This commit is contained in:
eabdullin 2024-04-01 03:13:14 +00:00
parent e9a297153f
commit 7c7e594a50
30 changed files with 1840 additions and 1012 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/ruby-3.1.2.tar.xz
SOURCES/ruby-3.1.4.tar.xz

2
.ruby.metadata
View File

@ -1 +1 @@
4c47f1dfeeb23fc55d65bcae50cf70c23bc28aa3 SOURCES/ruby-3.1.2.tar.xz
2e2fbf43b7db6f24280548a3544912535bed8212 SOURCES/ruby-3.1.4.tar.xz

25
SOURCES/ruby-1.9.3-mkmf-verbose.patch
View File

@ -1,25 +0,0 @@
From 28cc0749d6729aa2444661ee7b411e183fe220b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Mon, 19 Nov 2012 15:14:51 +0100
Subject: [PATCH] Verbose mkmf.
---
lib/mkmf.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/mkmf.rb b/lib/mkmf.rb
index 682eb46..e6b1445 100644
--- a/lib/mkmf.rb
+++ b/lib/mkmf.rb
@@ -1974,7 +1974,7 @@ def configuration(srcdir)
SHELL = /bin/sh
# V=0 quiet, V=1 verbose. other values don't work.
-V = 0
+V = 1
V0 = $(V:0=)
Q1 = $(V:1=)
Q = $(Q1:0=@)
--
1.8.3.1

2
SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch
View File

@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
index d261ea57b5..3c13076b82 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3368,6 +3368,11 @@ AS_IF([test ${multiarch+set}], [
@@ -3381,6 +3381,11 @@ AS_IF([test ${multiarch+set}], [
])
archlibdir='${libdir}/${arch}'

2
SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch
View File

@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac
index c42436c23d..d261ea57b5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4026,7 +4026,8 @@ AS_CASE(["$ruby_version_dir_name"],
@@ -4039,7 +4039,8 @@ AS_CASE(["$ruby_version_dir_name"],
ruby_version_dir=/'${ruby_version_dir_name}'
if test -z "${ruby_version_dir_name}"; then

2
SOURCES/ruby-2.1.0-always-use-i386.patch
View File

@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
index 3c13076b82..93af30321d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4090,6 +4090,8 @@ AC_SUBST(vendorarchdir)dnl
@@ -4103,6 +4103,8 @@ AC_SUBST(vendorarchdir)dnl
AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl

4
SOURCES/ruby-2.1.0-custom-rubygems-location.patch
View File

@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac
index 93af30321d..bc13397e0e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4062,6 +4062,10 @@ AC_ARG_WITH(vendorarchdir,
@@ -4075,6 +4075,10 @@ AC_ARG_WITH(vendorarchdir,
[vendorarchdir=$withval],
[vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
RUBY_EXEC_PREFIX=''
@@ -4086,6 +4090,7 @@ AC_SUBST(sitearchdir)dnl
@@ -4099,6 +4104,7 @@ AC_SUBST(sitearchdir)dnl
AC_SUBST(vendordir)dnl
AC_SUBST(vendorlibdir)dnl
AC_SUBST(vendorarchdir)dnl

42
SOURCES/ruby-2.3.0-ruby_version.patch
View File

@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac
index 80b137e380..63cd3b4f8b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3977,9 +3977,6 @@ AS_CASE(["$target_os"],
@@ -3990,9 +3990,6 @@ AS_CASE(["$target_os"],
rubyw_install_name='$(RUBYW_INSTALL_NAME)'
])
@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644
rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'}
AC_ARG_WITH(rubyarchprefix,
AS_HELP_STRING([--with-rubyarchprefix=DIR],
@@ -4002,56 +3999,62 @@ AC_ARG_WITH(ridir,
@@ -4015,56 +4015,62 @@ AC_ARG_WITH(ridir,
AC_SUBST(ridir)
AC_SUBST(RI_BASE_NAME)
@ -120,7 +120,7 @@ index 80b137e380..63cd3b4f8b 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
@@ -4068,6 +4071,7 @@ AC_SUBST(sitearchincludedir)dnl
@@ -4081,6 +4081,7 @@ AC_SUBST(sitearchincludedir)dnl
AC_SUBST(arch)dnl
AC_SUBST(sitearch)dnl
AC_SUBST(ruby_version)dnl
@ -202,8 +202,8 @@ index d4ff4a262c..3f9a5bf590 100644
# specified in the environment
def self.default_dir
- @default_dir ||= File.join(RbConfig::CONFIG['rubylibprefix'], 'gems', RbConfig::CONFIG['ruby_version'])
+ @default_dir ||= File.join(RbConfig::CONFIG['rubylibprefix'], 'gems', RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version'])
- @default_dir ||= File.join(RbConfig::CONFIG["rubylibprefix"], "gems", RbConfig::CONFIG["ruby_version"])
+ @default_dir ||= File.join(RbConfig::CONFIG["rubylibprefix"], "gems", RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"])
end
##
@ -211,18 +211,18 @@ index d4ff4a262c..3f9a5bf590 100644
gem_dir = File.join(Gem.user_home, ".gem")
gem_dir = File.join(Gem.data_home, "gem") unless File.exist?(gem_dir)
parts = [gem_dir, ruby_engine]
- parts << RbConfig::CONFIG['ruby_version'] unless RbConfig::CONFIG['ruby_version'].empty?
+ ruby_version_dir_name = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
- parts << RbConfig::CONFIG["ruby_version"] unless RbConfig::CONFIG["ruby_version"].empty?
+ ruby_version_dir_name = RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
+ parts << ruby_version_dir_name unless ruby_version_dir_name.empty?
File.join parts
end
@@ -234,7 +235,7 @@ def self.vendor_dir # :nodoc:
return nil unless RbConfig::CONFIG.key? 'vendordir'
return nil unless RbConfig::CONFIG.key? "vendordir"
File.join RbConfig::CONFIG['vendordir'], 'gems',
- RbConfig::CONFIG['ruby_version']
+ RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
File.join RbConfig::CONFIG["vendordir"], "gems",
- RbConfig::CONFIG["ruby_version"]
+ RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
end
##
@ -230,22 +230,22 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb
index b25068405d..e9fef4a311 100644
--- a/test/rubygems/test_gem.rb
+++ b/test/rubygems/test_gem.rb
@@ -1410,7 +1410,8 @@ def test_self_use_paths
@@ -1395,7 +1395,8 @@ def test_self_use_paths
def test_self_user_dir
parts = [@userhome, '.gem', Gem.ruby_engine]
- parts << RbConfig::CONFIG['ruby_version'] unless RbConfig::CONFIG['ruby_version'].empty?
+ ruby_version_dir_name = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
parts = [@userhome, ".gem", Gem.ruby_engine]
- parts << RbConfig::CONFIG["ruby_version"] unless RbConfig::CONFIG["ruby_version"].empty?
+ ruby_version_dir_name = RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
+ parts << ruby_version_dir_name unless ruby_version_dir_name.empty?
FileUtils.mkdir_p File.join(parts)
@@ -1486,7 +1487,7 @@ def test_self_vendor_dir
vendordir(File.join(@tempdir, 'vendor')) do
@@ -1471,7 +1472,7 @@ def test_self_vendor_dir
vendordir(File.join(@tempdir, "vendor")) do
expected =
File.join RbConfig::CONFIG['vendordir'], 'gems',
- RbConfig::CONFIG['ruby_version']
+ RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']
File.join RbConfig::CONFIG["vendordir"], "gems",
- RbConfig::CONFIG["ruby_version"]
+ RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]
assert_equal expected, Gem.vendor_dir
end
@ -267,7 +267,7 @@ diff --git a/configure.ac b/configure.ac
index a00f2b6776..999e2d6d5d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -108,7 +108,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"`
@@ -115,7 +115,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"`
RUBYW_BASE_NAME=`echo rubyw | sed "$program_transform_name"`
AC_SUBST(RUBY_BASE_NAME)
AC_SUBST(RUBYW_BASE_NAME)

4
SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch
View File

@ -45,7 +45,7 @@ index b2e5b2b6d0..f39f81da5c 100644
+++ b/common.mk
@@ -82,7 +82,8 @@ ENC_MK = enc.mk
MAKE_ENC = -f $(ENC_MK) V="$(V)" UNICODE_HDR_DIR="$(UNICODE_HDR_DIR)" \
RUBY="$(MINIRUBY)" MINIRUBY="$(MINIRUBY)" $(mflags)
RUBY="$(BOOTSTRAPRUBY)" MINIRUBY="$(BOOTSTRAPRUBY)" $(mflags)
-COMMONOBJS = array.$(OBJEXT) \
+COMMONOBJS = abrt.$(OBJEXT) \
@ -57,7 +57,7 @@ diff --git a/ruby.c b/ruby.c
index 60c57d6259..1eec16f2c8 100644
--- a/ruby.c
+++ b/ruby.c
@@ -1611,10 +1611,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
@@ -1623,10 +1623,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
void Init_builtin_features(void);

378
SOURCES/ruby-3.1.2-ossl-tests-replace-sha1.patch
View File

@ -1,175 +1,21 @@
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index fedcb93..53ad621 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -169,6 +169,7 @@ have_func("SSL_CTX_set_post_handshake_auth")
# added in 1.1.1
have_func("EVP_PKEY_check")
+have_func("SSL_CTX_set_ciphersuites")
# added in 3.0.0
have_func("SSL_set0_tmp_dh_pkey")
diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h
index 4b51268..2ab8aea 100644
--- a/ext/openssl/ossl.h
+++ b/ext/openssl/ossl.h
@@ -43,13 +43,13 @@
#ifndef LIBRESSL_VERSION_NUMBER
# define OSSL_IS_LIBRESSL 0
# define OSSL_OPENSSL_PREREQ(maj, min, pat) \
- (OPENSSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
+ (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0
#else
# define OSSL_IS_LIBRESSL 1
# define OSSL_OPENSSL_PREREQ(maj, min, pat) 0
# define OSSL_LIBRESSL_PREREQ(maj, min, pat) \
- (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12))
+ (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12)))
#endif
#if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0)
diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c
index a61d3ee..0d3fa9a 100644
--- a/ext/openssl/ossl_asn1.c
+++ b/ext/openssl/ossl_asn1.c
@@ -1522,7 +1522,7 @@ Init_ossl_asn1(void)
*
* An Array that stores the name of a given tag number. These names are
* the same as the name of the tag constant that is additionally defined,
- * e.g. +UNIVERSAL_TAG_NAME[2] = "INTEGER"+ and +OpenSSL::ASN1::INTEGER = 2+.
+ * e.g. <tt>UNIVERSAL_TAG_NAME[2] = "INTEGER"</tt> and <tt>OpenSSL::ASN1::INTEGER = 2</tt>.
*
* == Example usage
*
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index 2a4835a..24d0da4 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -670,7 +670,7 @@ ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der)
}
}
else {
-#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_LIBRESSL_PREREQ(3, 5, 0)
if (!PEM_write_bio_PrivateKey_traditional(bio, pkey, enc, NULL, 0,
ossl_pem_passwd_cb,
(void *)pass)) {
diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
index 9a0682a..af262d9 100644
--- a/ext/openssl/ossl_ssl.c
+++ b/ext/openssl/ossl_ssl.c
@@ -959,27 +959,13 @@ ossl_sslctx_get_ciphers(VALUE self)
return ary;
}
-/*
- * call-seq:
- * ctx.ciphers = "cipher1:cipher2:..."
- * ctx.ciphers = [name, ...]
- * ctx.ciphers = [[name, version, bits, alg_bits], ...]
- *
- * Sets the list of available cipher suites for this context. Note in a server
- * context some ciphers require the appropriate certificates. For example, an
- * RSA cipher suite can only be chosen when an RSA certificate is available.
- */
static VALUE
-ossl_sslctx_set_ciphers(VALUE self, VALUE v)
+build_cipher_string(VALUE v)
{
- SSL_CTX *ctx;
VALUE str, elem;
int i;
- rb_check_frozen(self);
- if (NIL_P(v))
- return v;
- else if (RB_TYPE_P(v, T_ARRAY)) {
+ if (RB_TYPE_P(v, T_ARRAY)) {
str = rb_str_new(0, 0);
for (i = 0; i < RARRAY_LEN(v); i++) {
elem = rb_ary_entry(v, i);
@@ -993,14 +979,67 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v)
StringValue(str);
}
+ return str;
+}
+
+/*
+ * call-seq:
+ * ctx.ciphers = "cipher1:cipher2:..."
+ * ctx.ciphers = [name, ...]
+ * ctx.ciphers = [[name, version, bits, alg_bits], ...]
+ *
+ * Sets the list of available cipher suites for this context. Note in a server
+ * context some ciphers require the appropriate certificates. For example, an
+ * RSA cipher suite can only be chosen when an RSA certificate is available.
+ */
+static VALUE
+ossl_sslctx_set_ciphers(VALUE self, VALUE v)
+{
+ SSL_CTX *ctx;
+ VALUE str;
+
+ rb_check_frozen(self);
+ if (NIL_P(v))
+ return v;
+
+ str = build_cipher_string(v);
+
GetSSLCTX(self, ctx);
- if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) {
+ if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str)))
ossl_raise(eSSLError, "SSL_CTX_set_cipher_list");
- }
return v;
}
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+/*
+ * call-seq:
+ * ctx.ciphersuites = "cipher1:cipher2:..."
+ * ctx.ciphersuites = [name, ...]
+ * ctx.ciphersuites = [[name, version, bits, alg_bits], ...]
+ *
+ * Sets the list of available TLSv1.3 cipher suites for this context.
+ */
+static VALUE
+ossl_sslctx_set_ciphersuites(VALUE self, VALUE v)
+{
+ SSL_CTX *ctx;
+ VALUE str;
+
+ rb_check_frozen(self);
+ if (NIL_P(v))
+ return v;
+
+ str = build_cipher_string(v);
+
+ GetSSLCTX(self, ctx);
+ if (!SSL_CTX_set_ciphersuites(ctx, StringValueCStr(str)))
+ ossl_raise(eSSLError, "SSL_CTX_set_ciphersuites");
+
+ return v;
+}
+#endif
+
#ifndef OPENSSL_NO_DH
/*
* call-seq:
@@ -2703,6 +2742,9 @@ Init_ossl_ssl(void)
ossl_sslctx_set_minmax_proto_version, 2);
rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0);
rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1);
+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES
+ rb_define_method(cSSLContext, "ciphersuites=", ossl_sslctx_set_ciphersuites, 1);
+#endif
#ifndef OPENSSL_NO_DH
rb_define_method(cSSLContext, "tmp_dh=", ossl_sslctx_set_tmp_dh, 1);
#endif
From 32648da2f6f8036581859c12af2c38b0cf7abf08 Mon Sep 17 00:00:00 2001
From: Jarek Prokop <jprokop@redhat.com>
Date: Tue, 18 Oct 2022 09:52:13 +0200
Subject: [PATCH] Use SHA256 instead of SHA1 where needed in tests.
Systems such as RHEL 9 are moving away from SHA1
disabling it completely in default configuration.
---
test/openssl/test_asn1.rb | 6 +++---
test/openssl/test_ns_spki.rb | 2 +-
test/openssl/test_pkey_dsa.rb | 4 ++--
test/openssl/test_pkey_ec.rb | 4 ++--
test/openssl/test_pkey_rsa.rb | 18 +++++++++---------
test/openssl/test_x509cert.rb | 4 +++-
test/openssl/test_x509crl.rb | 20 ++++++++++----------
test/openssl/test_x509req.rb | 25 +++++++++++++------------
8 files changed, 43 insertions(+), 40 deletions(-)
diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
index 0fd7971..c79bc14 100644
--- a/test/openssl/test_asn1.rb
@ -215,10 +61,10 @@ index ed3be86..383931b 100644
assert(spki.verify(key1.public_key))
assert(!spki.verify(key2.public_key))
diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
index 726b7db..08213df 100644
index de6aa63..d105909 100644
--- a/test/openssl/test_pkey_dsa.rb
+++ b/test/openssl/test_pkey_dsa.rb
@@ -36,8 +36,8 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
@@ -55,8 +55,8 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
assert_equal true, dsa512.verify(OpenSSL::Digest.new('DSS1'), signature, data)
end
@ -230,10 +76,10 @@ index 726b7db..08213df 100644
signature0 = (<<~'end;').unpack("m")[0]
MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
index ffe5a94..c06fe6f 100644
index 9a4818d..451bab0 100644
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@@ -98,8 +98,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
@@ -100,8 +100,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
def test_sign_verify
p256 = Fixtures.pkey("p256")
data = "Sign me!"
@ -245,7 +91,7 @@ index ffe5a94..c06fe6f 100644
signature0 = (<<~'end;').unpack("m")[0]
MEQCIEOTY/hD7eI8a0qlzxkIt8LLZ8uwiaSfVbjX2dPAvN11AiAQdCYx56Fq
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index 4bb39ed..9e06e43 100644
index fa84b76..b0ae578 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -80,8 +80,8 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
@ -259,7 +105,7 @@ index 4bb39ed..9e06e43 100644
signature0 = (<<~'end;').unpack("m")[0]
oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+
@@ -113,10 +113,10 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
@@ -118,10 +118,10 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
def test_sign_verify_raw
key = Fixtures.pkey("rsa-1")
data = "Sign me!"
@ -274,7 +120,7 @@ index 4bb39ed..9e06e43 100644
# Too long data
assert_raise(OpenSSL::PKey::PKeyError) {
@@ -129,9 +129,9 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
@@ -134,9 +134,9 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase
"rsa_pss_saltlen" => 20,
"rsa_mgf1_md" => "SHA256"
}
@ -287,132 +133,19 @@ index 4bb39ed..9e06e43 100644
end
def test_sign_verify_raw_legacy
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index a7607da..3ba8b39 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -676,10 +676,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
# buzz.example.net, respectively). ...
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(
create_cert_with_san('DNS:baz*.example.com'), 'baz1.example.com'))
+
+ # LibreSSL 3.5.0+ doesn't support other wildcard certificates
+ # (it isn't required to, as RFC states MAY, not MUST)
+ return if libressl?(3, 5, 0)
+
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(
create_cert_with_san('DNS:*baz.example.com'), 'foobaz.example.com'))
assert_equal(true, OpenSSL::SSL.verify_certificate_identity(
create_cert_with_san('DNS:b*z.example.com'), 'buzz.example.com'))
+
# Section 6.4.3 of RFC6125 states that client should NOT match identifier
# where wildcard is other than left-most label.
#
@@ -1563,6 +1569,99 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
end
end
+ def test_ciphersuites_method_tls_connection
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+ if !tls13_supported? || !ssl_ctx.respond_to?(:ciphersuites=)
+ pend 'TLS 1.3 not supported'
+ end
+
+ csuite = ['TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128, 128]
+ inputs = [csuite[0], [csuite[0]], [csuite]]
+
+ start_server do |port|
+ inputs.each do |input|
+ cli_ctx = OpenSSL::SSL::SSLContext.new
+ cli_ctx.min_version = cli_ctx.max_version = OpenSSL::SSL::TLS1_3_VERSION
+ cli_ctx.ciphersuites = input
+
+ server_connect(port, cli_ctx) do |ssl|
+ assert_equal('TLSv1.3', ssl.ssl_version)
+ if libressl?(3, 4, 0) && !libressl?(3, 5, 0)
+ assert_equal("AEAD-AES128-GCM-SHA256", ssl.cipher[0])
+ else
+ assert_equal(csuite[0], ssl.cipher[0])
+ end
+ ssl.puts('abc'); assert_equal("abc\n", ssl.gets)
+ end
+ end
+ end
+ end
+
+ def test_ciphersuites_method_nil_argument
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+ pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=)
+
+ assert_nothing_raised { ssl_ctx.ciphersuites = nil }
+ end
+
+ def test_ciphersuites_method_frozen_object
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+ pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=)
+
+ ssl_ctx.freeze
+ assert_raise(FrozenError) { ssl_ctx.ciphersuites = 'TLS_AES_256_GCM_SHA384' }
+ end
+
+ def test_ciphersuites_method_bogus_csuite
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+ pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=)
+
+ assert_raise_with_message(
+ OpenSSL::SSL::SSLError,
+ /SSL_CTX_set_ciphersuites: no cipher match/i
+ ) { ssl_ctx.ciphersuites = 'BOGUS' }
+ end
+
+ def test_ciphers_method_tls_connection
+ csuite = ['ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256, 256]
+ inputs = [csuite[0], [csuite[0]], [csuite]]
+
+ start_server do |port|
+ inputs.each do |input|
+ cli_ctx = OpenSSL::SSL::SSLContext.new
+ cli_ctx.min_version = cli_ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION
+ cli_ctx.ciphers = input
+
+ server_connect(port, cli_ctx) do |ssl|
+ assert_equal('TLSv1.2', ssl.ssl_version)
+ assert_equal(csuite[0], ssl.cipher[0])
+ ssl.puts('abc'); assert_equal("abc\n", ssl.gets)
+ end
+ end
+ end
+ end
+
+ def test_ciphers_method_nil_argument
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+ assert_nothing_raised { ssl_ctx.ciphers = nil }
+ end
+
+ def test_ciphers_method_frozen_object
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+
+ ssl_ctx.freeze
+ assert_raise(FrozenError) { ssl_ctx.ciphers = 'ECDHE-RSA-AES128-SHA' }
+ end
+
+ def test_ciphers_method_bogus_csuite
+ ssl_ctx = OpenSSL::SSL::SSLContext.new
+
+ assert_raise_with_message(
+ OpenSSL::SSL::SSLError,
+ /SSL_CTX_set_cipher_list: no cipher match/i
+ ) { ssl_ctx.ciphers = 'BOGUS' }
+ end
+
def test_connect_works_when_setting_dh_callback_to_nil
ctx_proc = -> ctx {
ctx.max_version = :TLS1_2
diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb
index d696b98..4e2bd0c 100644
index d696b98..6480550 100644
--- a/test/openssl/test_x509cert.rb
+++ b/test/openssl/test_x509cert.rb
@@ -180,6 +180,7 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
@@ -173,13 +173,14 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
end
def test_sign_and_verify_rsa_sha1
- cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil, digest: "sha1")
+ cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil, digest: "SHA1")
assert_equal(false, cert.verify(@rsa1024))
assert_equal(true, cert.verify(@rsa2048))
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) })
assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) })
cert.serial = 2
assert_equal(false, cert.verify(@rsa2048))
@ -420,15 +153,11 @@ index d696b98..4e2bd0c 100644
end
def test_sign_and_verify_rsa_md5
@@ -226,9 +227,8 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
assert_equal("dsa_with_SHA256", cert.signature_algorithm)
# TODO: need more tests for dsa + sha2
- # SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requires DSS1)
- cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha1")
- assert_equal("dsaWithSHA1", cert.signature_algorithm)
+ cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha512")
+ assert_equal("dsa_with_SHA512", cert.signature_algorithm)
@@ -229,6 +230,7 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase
# SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requires DSS1)
cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha1")
assert_equal("dsaWithSHA1", cert.signature_algorithm)
+ rescue OpenSSL::X509::CertificateError # RHEL 9 disables SHA1
end
def test_check_private_key
@ -520,7 +249,7 @@ index bcdb0a6..146ee07 100644
assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) })
assert_equal(false, crl.verify(@dsa256))
diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb
index ee9c678..a84b162 100644
index ee9c678..ff17c41 100644
--- a/test/openssl/test_x509req.rb
+++ b/test/openssl/test_x509req.rb
@@ -23,31 +23,31 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
@ -572,16 +301,15 @@ index ee9c678..a84b162 100644
req1.attributes = attrs
assert_equal(req0.to_der, req1.to_der)
@@ -101,7 +101,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
@@ -108,6 +108,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
assert_equal(false, request_error_returns_false { req.verify(@dsa512) })
req.version = 1
assert_equal(false, req.verify(@rsa1024))
+ rescue OpenSSL::X509::RequestError # RHEL 9 disables SHA1
end
def test_sign_and_verify_rsa_sha1
- req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1'))
+ req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA256'))
assert_equal(true, req.verify(@rsa1024))
assert_equal(false, req.verify(@rsa2048))
assert_equal(false, request_error_returns_false { req.verify(@dsa256) })
@@ -122,7 +122,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
def test_sign_and_verify_rsa_md5
@@ -122,7 +123,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
end
def test_sign_and_verify_dsa
@ -590,7 +318,7 @@ index ee9c678..a84b162 100644
assert_equal(false, request_error_returns_false { req.verify(@rsa1024) })
assert_equal(false, request_error_returns_false { req.verify(@rsa2048) })
assert_equal(false, req.verify(@dsa256))
@@ -137,13 +137,13 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
@@ -137,14 +138,14 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase
end
def test_dup
@ -602,8 +330,10 @@ index ee9c678..a84b162 100644
def test_eq
- req1 = issue_csr(0, @dn, @rsa1024, "sha1")
- req2 = issue_csr(0, @dn, @rsa1024, "sha1")
+ req1 = issue_csr(0, @dn, @rsa1024, "sha512")
+ req2 = issue_csr(0, @dn, @rsa1024, "sha512")
req3 = issue_csr(0, @dn, @rsa1024, "sha256")
- req3 = issue_csr(0, @dn, @rsa1024, "sha256")
+ req1 = issue_csr(0, @dn, @rsa1024, "sha256")
+ req2 = issue_csr(0, @dn, @rsa1024, "sha256")
+ req3 = issue_csr(0, @dn, @rsa1024, "sha512")
assert_equal false, req1 == 12345
assert_equal true, req1 == req2

23
SOURCES/ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch Normal file
View File

@ -0,0 +1,23 @@
From bffadcd6d46ccfccade79ce0efb60ced8eac4483 Mon Sep 17 00:00:00 2001
From: Peter Zhu <peter@peterzhu.ca>
Date: Thu, 6 Apr 2023 13:35:25 -0400
Subject: [PATCH] Add guard to compaction test in WeakMap
Some platforms don't support compaction, so we should skip this test.
---
test/ruby/test_weakmap.rb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/ruby/test_weakmap.rb b/test/ruby/test_weakmap.rb
index c72e7310db101..7fc956dfae474 100644
--- a/test/ruby/test_weakmap.rb
+++ b/test/ruby/test_weakmap.rb
@@ -178,6 +178,8 @@ def test_no_memory_leak
end
def test_compaction_bug_19529
+ omit "compaction is not supported on this platform" unless GC.respond_to?(:compact)
+
obj = Object.new
100.times do |i|
GC.compact

135
SOURCES/ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch Normal file
View File

@ -0,0 +1,135 @@
From 7af748ba924ba6119251ff959231c126784621e2 Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Wed, 21 Jun 2023 13:26:37 +0900
Subject: [PATCH 1/2] Bump up v0.12.2
---
lib/uri/rfc2396_parser.rb | 4 ++--
lib/uri/rfc3986_parser.rb | 2 +-
lib/uri/version.rb | 2 +-
test/uri/test_parser.rb | 22 ++++++++++++++++++++++
4 files changed, 26 insertions(+), 4 deletions(-)
diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb
index 76a8f99fd48ccd..00c66cf0422213 100644
--- a/lib/uri/rfc2396_parser.rb
+++ b/lib/uri/rfc2396_parser.rb
@@ -497,8 +497,8 @@ def initialize_regexp(pattern)
ret = {}
# for URI::split
- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
# for URI::extract
ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb
index dd24a409ea174e..9b1663dbb6efe3 100644
--- a/lib/uri/rfc3986_parser.rb
+++ b/lib/uri/rfc3986_parser.rb
@@ -100,7 +100,7 @@ def default_regexp # :nodoc:
QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
OPAQUE: /\A(?:[^\/].*)?\z/,
- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
+ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
}
end
diff --git a/lib/uri/version.rb b/lib/uri/version.rb
index 7497a7d31a5df7..f0aca586acab4f 100644
--- a/lib/uri/version.rb
+++ b/lib/uri/version.rb
@@ -1,6 +1,6 @@
module URI
# :stopdoc:
- VERSION_CODE = '001201'.freeze
+ VERSION_CODE = '001202'.freeze
VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
# :startdoc:
end
diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb
index 72fb5901d963f6..cee0acb4b57c87 100644
--- a/test/uri/test_parser.rb
+++ b/test/uri/test_parser.rb
@@ -79,4 +79,26 @@ def test_split
assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com"))
assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]"))
end
+
+ def test_rfc2822_parse_relative_uri
+ pre = ->(length) {
+ " " * length + "\0"
+ }
+ parser = URI::RFC2396_Parser.new
+ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri|
+ assert_raise(URI::InvalidURIError) do
+ parser.split(uri)
+ end
+ end
+ end
+
+ def test_rfc3986_port_check
+ pre = ->(length) {"\t" * length + "a"}
+ uri = URI.parse("http://my.example.com")
+ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port|
+ assert_raise(URI::InvalidComponentError) do
+ uri.port = port
+ end
+ end
+ end
end
From b2deea8a2e71ab880370080a9ddf243747abc8fd Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Wed, 21 Jun 2023 14:15:26 +0900
Subject: [PATCH 2/2] Merge URI-0.10.3 for Bundler
---
lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb | 4 ++--
lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb | 2 +-
lib/bundler/vendor/uri/lib/uri/version.rb | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb b/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb
index e48e164f4c13e7..09ed40754d5bfe 100644
--- a/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb
+++ b/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb
@@ -491,8 +491,8 @@ def initialize_regexp(pattern)
ret = {}
# for Bundler::URI::split
- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
+ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED)
+ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED)
# for Bundler::URI::extract
ret[:URI_REF] = Regexp.new(pattern[:URI_REF])
diff --git a/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb b/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb
index cd4dd0c7526630..870720e5b3e8d0 100644
--- a/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb
+++ b/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb
@@ -95,7 +95,7 @@ def default_regexp # :nodoc:
QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/,
OPAQUE: /\A(?:[^\/].*)?\z/,
- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/,
+ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/,
}
end
diff --git a/lib/bundler/vendor/uri/lib/uri/version.rb b/lib/bundler/vendor/uri/lib/uri/version.rb
index 3895df0de5c53a..d65b7e5b7574d8 100644
--- a/lib/bundler/vendor/uri/lib/uri/version.rb
+++ b/lib/bundler/vendor/uri/lib/uri/version.rb
@@ -1,6 +1,6 @@
module Bundler::URI
# :stopdoc:
- VERSION_CODE = '001002'.freeze
+ VERSION_CODE = '001003'.freeze
VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze
# :startdoc:
end

338
SOURCES/ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch
View File

@ -1,338 +0,0 @@
From 111f8422427d78becc9183ae149b2105a16bf327 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Tue, 5 Apr 2022 23:24:00 +0900
Subject: [PATCH 1/5] Bundled gems are expanded under `.bundle/gems` now
---
ext/extmk.rb | 13 +++++++------
template/exts.mk.tmpl | 2 +-
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git a/ext/extmk.rb b/ext/extmk.rb
index 4a087f294ac9..1da9e2704521 100755
--- a/ext/extmk.rb
+++ b/ext/extmk.rb
@@ -146,7 +146,7 @@ def extmake(target, basedir = 'ext', maybestatic = true)
top_srcdir = $top_srcdir
topdir = $topdir
hdrdir = $hdrdir
- prefix = "../" * (target.count("/")+1)
+ prefix = "../" * (basedir.count("/")+target.count("/")+1)
$top_srcdir = relative_from(top_srcdir, prefix)
$hdrdir = relative_from(hdrdir, prefix)
$topdir = prefix + $topdir
@@ -460,10 +460,11 @@ def $mflags.defined?(var)
end unless $extstatic
@gemname = nil
-if ARGV[0]
- ext_prefix, exts = ARGV.shift.split('/', 2)
+if exts = ARGV.shift
+ ext_prefix = exts[%r[\A(?>\.bundle/)?[^/]+(?:/(?=(.+)?)|\z)]]
+ exts = $1
$extension = [exts] if exts
- if ext_prefix == 'gems'
+ if ext_prefix.start_with?('.')
@gemname = exts
elsif exts
$static_ext.delete_if {|t, *| !File.fnmatch(t, exts)}
@@ -515,7 +516,7 @@ def $mflags.defined?(var)
exts.delete_if {|d| File.fnmatch?("-*", d)}
end
end
-ext_prefix = File.basename(ext_prefix)
+ext_prefix = ext_prefix[$top_srcdir.size+1..-2]
extend Module.new {
def timestamp_file(name, target_prefix = nil)
@@ -634,7 +635,7 @@ def initialize(src)
end
}
-Dir.chdir ".."
+Dir.chdir dir
unless $destdir.to_s.empty?
$mflags.defined?("DESTDIR") or $mflags << "DESTDIR=#{$destdir}"
end
diff --git a/template/exts.mk.tmpl b/template/exts.mk.tmpl
index 2f37f4480ac5..964939e365a1 100644
--- a/template/exts.mk.tmpl
+++ b/template/exts.mk.tmpl
@@ -25,7 +25,7 @@ macros["old_extensions"] = []
contpat = /(?>(?>[^\\\n]|\\.)*\\\n)*(?>[^\\\n]|\\.)*/
Dir.glob("{ext,.bundle/gems}/*/exts.mk") do |e|
- gem = /\Agems(?=\/)/ =~ e
+ gem = e.start_with?(".bundle/gems/")
s = File.read(e)
s.scan(/^(extensions|SUBMAKEOPTS|EXT[A-Z]+|MFLAGS|NOTE_[A-Z]+)[ \t]*=[ \t]*(#{contpat})$/o) do |n, v|
v.gsub!(/\\\n[ \t]*/, ' ')
From 6ea34cac22131d28a9cc50e7875e854aed9bdb88 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Wed, 6 Apr 2022 20:25:53 +0900
Subject: [PATCH 2/5] Retrieve configured gems info
---
template/configure-ext.mk.tmpl | 2 +-
template/exts.mk.tmpl | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/template/configure-ext.mk.tmpl b/template/configure-ext.mk.tmpl
index 6636a7759c54..8ba6b963e3ec 100644
--- a/template/configure-ext.mk.tmpl
+++ b/template/configure-ext.mk.tmpl
@@ -27,7 +27,7 @@ SCRIPT_ARGS = <%=script_args.gsub("#", "\\#")%>
EXTMK_ARGS = $(SCRIPT_ARGS) --gnumake=$(gnumake) --extflags="$(EXTLDFLAGS)" \
--make-flags="MINIRUBY='$(MINIRUBY)'"
-all: exts # gems
+all: exts gems
exts:
gems:
diff --git a/template/exts.mk.tmpl b/template/exts.mk.tmpl
index 964939e365a1..e544c4c88bd7 100644
--- a/template/exts.mk.tmpl
+++ b/template/exts.mk.tmpl
@@ -19,7 +19,7 @@ opt = OptionParser.new do |o|
o.on('--configure-exts=FILE') {|v| confexts = v}
o.order!(ARGV)
end
-confexts &&= File.read(confexts).scan(/^exts: (.*\.mk)/).flatten rescue nil
+confexts &&= File.read(confexts).scan(/^(?:ext|gem)s: (.*\.mk)/).flatten rescue nil
confexts ||= []
macros["old_extensions"] = []
@@ -30,7 +30,7 @@ Dir.glob("{ext,.bundle/gems}/*/exts.mk") do |e|
s.scan(/^(extensions|SUBMAKEOPTS|EXT[A-Z]+|MFLAGS|NOTE_[A-Z]+)[ \t]*=[ \t]*(#{contpat})$/o) do |n, v|
v.gsub!(/\\\n[ \t]*/, ' ')
next if v.empty?
- next if gem and n != "extensions"
+ next if n != "extensions"
n = "old_extensions" if n == "extensions" and !confexts.include?(e)
v = v.split
m = macros[n] ||= []
From be9d00ee7c72766551ba8c3530f1538034498a6a Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Wed, 6 Apr 2022 20:28:00 +0900
Subject: [PATCH 3/5] Move the target directory of bundled gems like as
rubygems
---
ext/extmk.rb | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/ext/extmk.rb b/ext/extmk.rb
index 1da9e2704521..a440af27fc5d 100755
--- a/ext/extmk.rb
+++ b/ext/extmk.rb
@@ -2,6 +2,9 @@
# -*- mode: ruby; coding: us-ascii -*-
# frozen_string_literal: false
+module Gem; end # only needs Gem::Platform
+require 'rubygems/platform'
+
# :stopdoc:
$extension = nil
$extstatic = nil
@@ -535,11 +538,12 @@ def create_makefile(*args, &block)
super(*args) do |conf|
conf.find do |s|
s.sub!(/^(TARGET_SO_DIR *= *)\$\(RUBYARCHDIR\)/) {
- "TARGET_GEM_DIR = $(extout)/gems/$(arch)/#{@gemname}\n"\
+ "TARGET_GEM_DIR = $(topdir)/.bundle/extensions/$(gem_platform)/$(ruby_version)/#{@gemname}\n"\
"#{$1}$(TARGET_GEM_DIR)$(target_prefix)"
}
end
conf.any? {|s| /^TARGET *= *\S/ =~ s} and conf << %{
+gem_platform = #{Gem::Platform.local}
# default target
all:
From c4daf8e445925695c34bab8bf5135dcd1e8575a3 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Wed, 6 Apr 2022 22:57:01 +0900
Subject: [PATCH 4/5] Obey spec file locations to rubygems
---
common.mk | 3 ++-
defs/gmake.mk | 2 +-
tool/gem-unpack.rb | 5 +++--
3 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/common.mk b/common.mk
index 7c552cba1e04..b4adb2729c0e 100644
--- a/common.mk
+++ b/common.mk
@@ -1359,10 +1359,11 @@ extract-gems$(gnumake:yes=-nongnumake): PHONY
$(Q) $(RUNRUBY) -C "$(srcdir)" \
-Itool -rgem-unpack -answ \
-e 'BEGIN {FileUtils.mkdir_p(d = ".bundle/gems")}' \
+ -e 'BEGIN {FileUtils.mkdir_p(s = ".bundle/specifications")}' \
-e 'gem, ver = *$$F' \
-e 'next if !ver or /^#/=~gem' \
-e 'g = "#{gem}-#{ver}"' \
- -e 'File.directory?("#{d}/#{g}") or Gem.unpack("gems/#{g}.gem", d)' \
+ -e 'File.directory?("#{d}/#{g}") or Gem.unpack("gems/#{g}.gem", d, s)' \
gems/bundled_gems
update-bundled_gems: PHONY
diff --git a/defs/gmake.mk b/defs/gmake.mk
index a625379a6804..27e3e21cc4d6 100644
--- a/defs/gmake.mk
+++ b/defs/gmake.mk
@@ -290,7 +290,7 @@ extract-gems: | $(patsubst %,.bundle/gems/%,$(bundled-gems))
$(ECHO) Extracting bundle gem $*...
$(Q) $(BASERUBY) -C "$(srcdir)" \
-Itool -rgem-unpack \
- -e 'Gem.unpack("gems/$(@F).gem", ".bundle/gems")'
+ -e 'Gem.unpack("gems/$(@F).gem", ".bundle/gems", ".bundle/specifications")'
$(srcdir)/.bundle/gems:
$(MAKEDIRS) $@
diff --git a/tool/gem-unpack.rb b/tool/gem-unpack.rb
index cb05719463f2..fe10b0e420fa 100644
--- a/tool/gem-unpack.rb
+++ b/tool/gem-unpack.rb
@@ -5,13 +5,14 @@
# This library is used by "make extract-gems" to
# unpack bundled gem files.
-def Gem.unpack(file, dir = nil)
+def Gem.unpack(file, dir = nil, spec_dir = nil)
pkg = Gem::Package.new(file)
spec = pkg.spec
target = spec.full_name
target = File.join(dir, target) if dir
pkg.extract_files target
- spec_file = File.join(target, "#{spec.name}-#{spec.version}.gemspec")
+ FileUtils.mkdir_p(spec_dir ||= target)
+ spec_file = File.join(spec_dir, "#{spec.name}-#{spec.version}.gemspec")
open(spec_file, 'wb') do |f|
f.print spec.to_ruby
end
From 3de652d8198be9cd2998c095903889a80e738275 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Thu, 7 Apr 2022 01:44:43 +0900
Subject: [PATCH 5/5] Install built gem extension binaries
---
tool/rbinstall.rb | 56 ++++++++++++++---------------------------------
1 file changed, 16 insertions(+), 40 deletions(-)
diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
index 9d9b672be472..624961b4eee6 100755
--- a/tool/rbinstall.rb
+++ b/tool/rbinstall.rb
@@ -858,6 +858,9 @@ class UnpackedInstaller < GemInstaller
def write_cache_file
end
+ def build_extensions
+ end
+
def shebang(bin_file_name)
path = File.join(gem_dir, spec.bindir, bin_file_name)
first_line = File.open(path, "rb") {|file| file.gets}
@@ -940,13 +943,12 @@ def ensure_writable_dir(dir)
install_default_gem('ext', srcdir, bindir)
end
-def load_gemspec(file, expanded = false)
+def load_gemspec(file, base = nil)
file = File.realpath(file)
code = File.read(file, encoding: "utf-8:-")
code.gsub!(/(?:`git[^\`]*`|%x\[git[^\]]*\])\.split\([^\)]*\)/m) do
files = []
- if expanded
- base = File.dirname(file)
+ if base
Dir.glob("**/*", File::FNM_DOTMATCH, base: base) do |n|
case File.basename(n); when ".", ".."; next; end
next if File.directory?(File.join(base, n))
@@ -959,7 +961,7 @@ def load_gemspec(file, expanded = false)
unless Gem::Specification === spec
raise TypeError, "[#{file}] isn't a Gem::Specification (#{spec.class} instead)."
end
- spec.loaded_from = file
+ spec.loaded_from = base ? File.join(base, File.basename(file)) : file
spec.files.reject! {|n| n.end_with?(".gemspec") or n.start_with?(".git")}
spec
@@ -1014,20 +1016,6 @@ def install_default_gem(dir, srcdir, bindir)
end
install?(:ext, :comm, :gem, :'bundled-gems') do
- if CONFIG['CROSS_COMPILING'] == 'yes'
- # The following hacky steps set "$ruby = BASERUBY" in tool/fake.rb
- $hdrdir = ''
- $extmk = nil
- $ruby = nil # ...
- ruby_path = $ruby + " -I#{Dir.pwd}" # $baseruby + " -I#{Dir.pwd}"
- else
- # ruby_path = File.expand_path(with_destdir(File.join(bindir, ruby_install_name)))
- ENV['RUBYLIB'] = nil
- ENV['RUBYOPT'] = nil
- ruby_path = File.expand_path(with_destdir(File.join(bindir, ruby_install_name))) + " --disable=gems -I#{with_destdir(archlibdir)}"
- end
- Gem.instance_variable_set(:@ruby, ruby_path) if Gem.ruby != ruby_path
-
gem_dir = Gem.default_dir
install_dir = with_destdir(gem_dir)
prepare "bundled gems", gem_dir
@@ -1047,40 +1035,28 @@ def install_default_gem(dir, srcdir, bindir)
:wrappers => true,
:format_executable => true,
}
- gem_ext_dir = "#$extout/gems/#{CONFIG['arch']}"
- extensions_dir = with_destdir(Gem::StubSpecification.gemspec_stub("", gem_dir, gem_dir).extensions_dir)
+
+ extensions_dir = Gem::StubSpecification.gemspec_stub("", gem_dir, gem_dir).extensions_dir
+ specifications_dir = File.join(gem_dir, "specifications")
+ build_dir = Gem::StubSpecification.gemspec_stub("", ".bundle", ".bundle").extensions_dir
File.foreach("#{srcdir}/gems/bundled_gems") do |name|
next if /^\s*(?:#|$)/ =~ name
next unless /^(\S+)\s+(\S+).*/ =~ name
gem_name = "#$1-#$2"
- path = "#{srcdir}/.bundle/gems/#{gem_name}/#{gem_name}.gemspec"
- if File.exist?(path)
- spec = load_gemspec(path)
- else
- path = "#{srcdir}/.bundle/gems/#{gem_name}/#$1.gemspec"
- next unless File.exist?(path)
- spec = load_gemspec(path, true)
- end
+ path = "#{srcdir}/.bundle/specifications/#{gem_name}.gemspec"
+ next unless File.exist?(path)
+ spec = load_gemspec(path, "#{srcdir}/.bundle/gems/#{gem_name}")
next unless spec.platform == Gem::Platform::RUBY
next unless spec.full_name == gem_name
- if !spec.extensions.empty? && CONFIG["EXTSTATIC"] == "static"
- puts "skip installation of #{spec.name} #{spec.version}; bundled gem with an extension library is not supported on --with-static-linked-ext"
- next
- end
spec.extension_dir = "#{extensions_dir}/#{spec.full_name}"
- if File.directory?(ext = "#{gem_ext_dir}/#{spec.full_name}")
- spec.extensions[0] ||= "-"
- end
package = RbInstall::DirPackage.new spec
ins = RbInstall::UnpackedInstaller.new(package, options)
puts "#{INDENT}#{spec.name} #{spec.version}"
ins.install
- unless $dryrun
- File.chmod($data_mode, File.join(install_dir, "specifications", "#{spec.full_name}.gemspec"))
- end
- unless spec.extensions.empty?
- install_recursive(ext, spec.extension_dir)
+ install_recursive("#{build_dir}/#{gem_name}", "#{extensions_dir}/#{gem_name}") do |src, dest|
+ # puts "#{INDENT} #{dest[extensions_dir.size+gem_name.size+2..-1]}"
+ install src, dest, :mode => (File.executable?(src) ? $prog_mode : $data_mode)
end
installed_gems[spec.full_name] = true
end

59
SOURCES/ruby-3.2.0-Detect-compaction-support-during-runtime.patch
View File

@ -64,6 +64,41 @@ $ git add gc.c
$ git commit
```
== Notes for the patch ==
```
+# define GC_COMPACTION_SUPPORTED (GC_CAN_COMPILE_COMPACTION && USE_MMAP_ALIGNED_ALLOC)
```
We use the USE_MMAP_ALIGNED_ALLOC instead of HEAP_PAGE_ALLOC_USE_MMAP on
the line above. Because while the Ruby on the master branch replaced the
USE_MMAP_ALIGNED_ALLOC with HEAP_PAGE_ALLOC_USE_MMAP, Ruby 3.1.2 doesn't.
See <https://github.com/ruby/ruby/commit/fe21b7794af0cdb7ebd502e2c0da38c68fd89839>.
```
+ rb_define_singleton_method(rb_mGC, "verify_compaction_references", gc_verify_compaction_references, -1);
```
We added the line in the case that GC_COMPACTION_SUPPORTED is true.
Because while the Ruby on the master branch defines the
GC.verify_compaction_references in the gc.rb in
the case that GC_COMPACTION_SUPPORTED is true, Ruby 3.1.2
doesn't define it in the gc.rb.
See <https://github.com/ruby/ruby/commit/b96a3a6fd2093e1dbea5491c002da515652dd347>.
```
+ OPT(GC_COMPACTION_SUPPORTED);
```
We added the line to expose the C macro to Ruby level.
In Ruby the macro existance can then be checked like so:
```Ruby
GC::OPTS.include?("GC_COMPACTION_SUPPORTED")
```
It will return `true` if the GC_COMPACTION_SUPPORTED evaluates to `true` on the
C level, `false` otherwise.
See <https://github.com/ruby/ruby/blob/b96a3a6fd2093e1dbea5491c002da515652dd347/gc.c#L14091>
== Original commit messages ==
This is a combination of 3 commits.
@ -104,7 +139,7 @@ diff --git a/gc.c b/gc.c
index 1c35856c44..bff0666a17 100644
--- a/gc.c
+++ b/gc.c
@@ -4980,6 +4980,23 @@ gc_unprotect_pages(rb_objspace_t *objspace, rb_heap_t *heap)
@@ -4985,6 +4985,23 @@ gc_unprotect_pages(rb_objspace_t *objspace, rb_heap_t *heap)
static void gc_update_references(rb_objspace_t * objspace);
static void invalidate_moved_page(rb_objspace_t *objspace, struct heap_page *page);
@ -128,7 +163,7 @@ index 1c35856c44..bff0666a17 100644
static void
read_barrier_handler(uintptr_t address)
{
@@ -5000,6 +5017,7 @@ read_barrier_handler(uintptr_t address)
@@ -5005,6 +5022,7 @@ read_barrier_handler(uintptr_t address)
}
RB_VM_LOCK_LEAVE();
}
@ -136,7 +171,7 @@ index 1c35856c44..bff0666a17 100644
#if defined(_WIN32)
static LPTOP_LEVEL_EXCEPTION_FILTER old_handler;
@@ -9250,13 +9268,7 @@ gc_start_internal(rb_execution_context_t *ec, VALUE self, VALUE full_mark, VALUE
@@ -9268,13 +9286,7 @@ gc_start_internal(rb_execution_context_t *ec, VALUE self, VALUE full_mark, VALUE
/* For now, compact implies full mark / sweep, so ignore other flags */
if (RTEST(compact)) {
@ -151,7 +186,7 @@ index 1c35856c44..bff0666a17 100644
reason |= GPR_FLAG_COMPACT;
}
@@ -9421,7 +9433,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
@@ -9439,7 +9451,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
return (VALUE)src;
}
@ -160,7 +195,7 @@ index 1c35856c44..bff0666a17 100644
static int
compare_free_slots(const void *left, const void *right, void *dummy)
{
@@ -10149,7 +10161,7 @@ gc_update_references(rb_objspace_t *objspace)
@@ -10167,7 +10179,7 @@ gc_update_references(rb_objspace_t *objspace)
gc_update_table_refs(objspace, finalizer_table);
}
@ -169,7 +204,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
@@ -10190,7 +10202,7 @@ gc_compact_stats(VALUE self)
@@ -10208,7 +10220,7 @@ gc_compact_stats(VALUE self)
# define gc_compact_stats rb_f_notimplement
#endif
@ -178,7 +213,7 @@ index 1c35856c44..bff0666a17 100644
static void
root_obj_check_moved_i(const char *category, VALUE obj, void *data)
{
@@ -10269,7 +10281,7 @@ gc_compact(VALUE self)
@@ -10287,7 +10299,7 @@ gc_compact(VALUE self)
# define gc_compact rb_f_notimplement
#endif
@ -187,7 +222,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
@@ -10800,7 +10812,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10818,7 +10830,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
return rb_gc_disable();
}
@ -196,7 +231,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.auto_compact = flag
@@ -10814,8 +10826,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10832,8 +10844,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
static VALUE
gc_set_auto_compact(VALUE _, VALUE v)
{
@ -206,7 +241,7 @@ index 1c35856c44..bff0666a17 100644
ruby_enable_autocompact = RTEST(v);
return v;
@@ -10824,7 +10835,8 @@ gc_set_auto_compact(VALUE _, VALUE v)
@@ -10842,7 +10853,8 @@ gc_set_auto_compact(VALUE _, VALUE v)
# define gc_set_auto_compact rb_f_notimplement
#endif
@ -216,7 +251,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.auto_compact -> true or false
@@ -13696,11 +13708,21 @@ Init_GC(void)
@@ -13753,11 +13776,21 @@ Init_GC(void)
rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0);
rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0);
#endif
@ -243,7 +278,7 @@ index 1c35856c44..bff0666a17 100644
#if GC_DEBUG_STRESS_TO_CLASS
rb_define_singleton_method(rb_mGC, "add_stress_to_class", rb_gcdebug_add_stress_to_class, -1);
@@ -13724,6 +13746,7 @@ Init_GC(void)
@@ -13781,6 +13803,7 @@ Init_GC(void)
OPT(MALLOC_ALLOCATED_SIZE);
OPT(MALLOC_ALLOCATED_SIZE_CHECK);
OPT(GC_PROFILE_DETAIL_MEMORY);

414
SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
View File

@ -1,34 +1,31 @@
commit 6d1ca6737f31b2e24664a093f1827dd74a121a9f
Author: Jarek Prokop <jprokop@redhat.com>
Date: Thu May 26 11:28:13 2022 +0200
From 1b3502156a665e2782f366aa5ac8c3bfd7637ab8 Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Mon, 23 May 2022 15:40:22 -0400
Subject: [PATCH 1/2] Move compaction-related methods into gc.c
Gc ppc64le fix
These methods are removed from gc.rb and added to gc.c:
- GC.compact
- GC.auto_compact
- GC.auto_compact=
- GC.latest_compact_info
- GC.verify_compaction_references
This is a prefactor to allow setting these methods to
`rb_f_notimplement` in a followup commit.
---
gc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
gc.rb | 68 ---------------------------------------
2 files changed, 91 insertions(+), 78 deletions(-)
diff --git a/gc.c b/gc.c
index ef9327df1f..1c35856c44 100644
--- a/gc.c
+++ b/gc.c
@@ -9421,6 +9421,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
return (VALUE)src;
}
+#if GC_COMPACTION_SUPPORTED
static int
compare_free_slots(const void *left, const void *right, void *dummy)
{
@@ -9468,6 +9469,7 @@ gc_sort_heap_by_empty_slots(rb_objspace_t *objspace)
free(page_list);
}
}
+#endif
static void
gc_ref_update_array(rb_objspace_t * objspace, VALUE v)
@@ -10147,8 +10149,21 @@ gc_update_references(rb_objspace_t *objspace)
@@ -10165,8 +10165,20 @@ gc_update_references(rb_objspace_t *objspace)
gc_update_table_refs(objspace, finalizer_table);
}
+#if GC_COMPACTION_SUPPORTED
+/*
+ * call-seq:
+ * GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
@ -47,19 +44,7 @@ index ef9327df1f..1c35856c44 100644
{
size_t i;
rb_objspace_t *objspace = &rb_objspace;
@@ -10171,7 +10186,11 @@ gc_compact_stats(rb_execution_context_t *ec, VALUE self)
return h;
}
+#else
+# define gc_compact_stats rb_f_notimplement
+#endif
+#if GC_COMPACTION_SUPPORTED
static void
root_obj_check_moved_i(const char *category, VALUE obj, void *data)
{
@@ -10221,22 +10240,78 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
@@ -10239,22 +10251,70 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
return 0;
}
@ -75,10 +60,6 @@ index ef9327df1f..1c35856c44 100644
+ *
+ * This method is implementation specific and not expected to be implemented
+ * in any implementation besides MRI.
+ *
+ * To test whether GC compaction is supported, use the idiom:
+ *
+ * GC.respond_to?(:compact)
+ */
static VALUE
-gc_compact(rb_execution_context_t *ec, VALUE self)
@ -91,11 +72,7 @@ index ef9327df1f..1c35856c44 100644
- return gc_compact_stats(ec, self);
+ return gc_compact_stats(self);
}
+#else
+# define gc_compact rb_f_notimplement
+#endif
+#if GC_COMPACTION_SUPPORTED
+/*
+ * call-seq:
+ * GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
@ -143,7 +120,7 @@ index ef9327df1f..1c35856c44 100644
RB_VM_LOCK_ENTER();
{
@@ -10256,13 +10331,16 @@ gc_verify_compaction_references(rb_execution_context_t *ec, VALUE self, VALUE do
@@ -10274,12 +10334,12 @@ gc_verify_compaction_references(rb_execution_context_t *ec, VALUE self, VALUE do
}
RB_VM_LOCK_LEAVE();
@ -156,17 +133,12 @@ index ef9327df1f..1c35856c44 100644
- return gc_compact_stats(ec, self);
+ return gc_compact_stats(self);
}
+#else
+# define gc_verify_compaction_references rb_f_notimplement
+#endif
VALUE
rb_gc_start(void)
@@ -10722,26 +10800,45 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10740,8 +10800,18 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
return rb_gc_disable();
}
+#if GC_COMPACTION_SUPPORTED
+/*
+ * call-seq:
+ * GC.auto_compact = flag
@ -183,6 +155,237 @@ index ef9327df1f..1c35856c44 100644
{
/* If not MinGW, Windows, or does not have mmap, we cannot use mprotect for
* the read barrier, so we must disable automatic compaction. */
@@ -10755,8 +10825,14 @@ gc_set_auto_compact(rb_execution_context_t *ec, VALUE _, VALUE v)
return v;
}
+/*
+ * call-seq:
+ * GC.auto_compact -> true or false
+ *
+ * Returns whether or not automatic compaction has been enabled.
+ */
static VALUE
-gc_get_auto_compact(rb_execution_context_t *ec, VALUE _)
+gc_get_auto_compact(VALUE _)
{
return RBOOL(ruby_enable_autocompact);
}
@@ -13656,6 +13732,11 @@ Init_GC(void)
rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0);
rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0);
#endif
+ rb_define_singleton_method(rb_mGC, "compact", gc_compact, 0);
+ rb_define_singleton_method(rb_mGC, "auto_compact", gc_get_auto_compact, 0);
+ rb_define_singleton_method(rb_mGC, "auto_compact=", gc_set_auto_compact, 1);
+ rb_define_singleton_method(rb_mGC, "latest_compact_info", gc_compact_stats, 0);
+ rb_define_singleton_method(rb_mGC, "verify_compaction_references", gc_verify_compaction_references, -1);
#if GC_DEBUG_STRESS_TO_CLASS
rb_define_singleton_method(rb_mGC, "add_stress_to_class", rb_gcdebug_add_stress_to_class, -1);
diff --git a/gc.rb b/gc.rb
index 72637f3796..9265dd7b57 100644
--- a/gc.rb
+++ b/gc.rb
@@ -38,27 +38,6 @@ def garbage_collect full_mark: true, immediate_mark: true, immediate_sweep: true
Primitive.gc_start_internal full_mark, immediate_mark, immediate_sweep, false
end
- # call-seq:
- # GC.auto_compact -> true or false
- #
- # Returns whether or not automatic compaction has been enabled.
- #
- def self.auto_compact
- Primitive.gc_get_auto_compact
- end
-
- # call-seq:
- # GC.auto_compact = flag
- #
- # Updates automatic compaction mode.
- #
- # When enabled, the compactor will execute on every major collection.
- #
- # Enabling compaction will degrade performance on major collections.
- def self.auto_compact=(flag)
- Primitive.gc_set_auto_compact(flag)
- end
-
# call-seq:
# GC.enable -> true or false
#
@@ -210,53 +189,6 @@ def self.latest_gc_info hash_or_key = nil
Primitive.gc_latest_gc_info hash_or_key
end
- # call-seq:
- # GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
- #
- # Returns information about object moved in the most recent GC compaction.
- #
- # The returned hash has two keys :considered and :moved. The hash for
- # :considered lists the number of objects that were considered for movement
- # by the compactor, and the :moved hash lists the number of objects that
- # were actually moved. Some objects can't be moved (maybe they were pinned)
- # so these numbers can be used to calculate compaction efficiency.
- def self.latest_compact_info
- Primitive.gc_compact_stats
- end
-
- # call-seq:
- # GC.compact
- #
- # This function compacts objects together in Ruby's heap. It eliminates
- # unused space (or fragmentation) in the heap by moving objects in to that
- # unused space. This function returns a hash which contains statistics about
- # which objects were moved. See `GC.latest_gc_info` for details about
- # compaction statistics.
- #
- # This method is implementation specific and not expected to be implemented
- # in any implementation besides MRI.
- def self.compact
- Primitive.gc_compact
- end
-
- # call-seq:
- # GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
- #
- # Verify compaction reference consistency.
- #
- # This method is implementation specific. During compaction, objects that
- # were moved are replaced with T_MOVED objects. No object should have a
- # reference to a T_MOVED object after compaction.
- #
- # This function doubles the heap to ensure room to move all objects,
- # compacts the heap to make sure everything moves, updates all references,
- # then performs a full GC. If any object contains a reference to a T_MOVED
- # object, that object should be pushed on the mark stack, and will
- # make a SEGV.
- def self.verify_compaction_references(toward: nil, double_heap: false)
- Primitive.gc_verify_compaction_references(double_heap, toward == :empty)
- end
-
# call-seq:
# GC.using_rvargc? -> true or false
#
From d3273559356db6852d1fd794f0f076fba100e09e Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Mon, 23 May 2022 17:31:14 -0400
Subject: [PATCH 2/2] Define unsupported GC compaction methods as
rb_f_notimplement
Fixes [Bug #18779]
Define the following methods as `rb_f_notimplement` on unsupported
platforms:
- GC.compact
- GC.auto_compact
- GC.auto_compact=
- GC.latest_compact_info
- GC.verify_compaction_references
This change allows users to call `GC.respond_to?(:compact)` to
properly test for compaction support. Previously, it was necessary to
invoke `GC.compact` or `GC.verify_compaction_references` and check if
those methods raised `NotImplementedError` to determine if compaction
was supported.
This follows the precedent set for other platform-specific
methods. For example, in `process.c` for methods such as
`Process.fork`, `Process.setpgid`, and `Process.getpriority`.
---
gc.c | 31 +++++++++++++++----
test/ruby/test_gc_compact.rb | 58 ++++++++++++++++++++++++++----------
2 files changed, 69 insertions(+), 20 deletions(-)
diff --git a/gc.c b/gc.c
index 92ed76cf96..d71924846a 100644
--- a/gc.c
+++ b/gc.c
@@ -9439,6 +9439,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
return (VALUE)src;
}
+#if GC_COMPACTION_SUPPORTED
static int
compare_free_slots(const void *left, const void *right, void *dummy)
{
@@ -9486,6 +9487,7 @@ gc_sort_heap_by_empty_slots(rb_objspace_t *objspace)
free(page_list);
}
}
+#endif
static void
gc_ref_update_array(rb_objspace_t * objspace, VALUE v)
@@ -10165,6 +10167,7 @@ gc_update_references(rb_objspace_t *objspace)
gc_update_table_refs(objspace, finalizer_table);
}
+#if GC_COMPACTION_SUPPORTED
/*
* call-seq:
* GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
@@ -10201,7 +10204,11 @@ gc_compact_stats(VALUE self)
return h;
}
+#else
+# define gc_compact_stats rb_f_notimplement
+#endif
+#if GC_COMPACTION_SUPPORTED
static void
root_obj_check_moved_i(const char *category, VALUE obj, void *data)
{
@@ -10263,6 +10270,10 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
*
* This method is implementation specific and not expected to be implemented
* in any implementation besides MRI.
+ *
+ * To test whether GC compaction is supported, use the idiom:
+ *
+ * GC.respond_to?(:compact)
*/
static VALUE
gc_compact(VALUE self)
@@ -10272,7 +10283,11 @@ gc_compact(VALUE self)
return gc_compact_stats(self);
}
+#else
+# define gc_compact rb_f_notimplement
+#endif
+#if GC_COMPACTION_SUPPORTED
/*
* call-seq:
* GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
@@ -10341,6 +10356,9 @@ gc_verify_compaction_references(int argc, VALUE *argv, VALUE self)
return gc_compact_stats(self);
}
+#else
+# define gc_verify_compaction_references rb_f_notimplement
+#endif
VALUE
rb_gc_start(void)
@@ -10800,6 +10818,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
return rb_gc_disable();
}
+#if GC_COMPACTION_SUPPORTED
/*
* call-seq:
* GC.auto_compact = flag
@@ -10815,16 +10834,15 @@ gc_set_auto_compact(VALUE _, VALUE v)
{
/* If not MinGW, Windows, or does not have mmap, we cannot use mprotect for
* the read barrier, so we must disable automatic compaction. */
-#if !defined(__MINGW32__) && !defined(_WIN32)
- if (!USE_MMAP_ALIGNED_ALLOC) {
- rb_raise(rb_eNotImpError, "Automatic compaction isn't available on this platform");
@ -197,15 +400,10 @@ index ef9327df1f..1c35856c44 100644
+#endif
+#if GC_COMPACTION_SUPPORTED
+/*
+ * call-seq:
+ * GC.auto_compact -> true or false
+ *
+ * Returns whether or not automatic compaction has been enabled.
+ */
static VALUE
-gc_get_auto_compact(rb_execution_context_t *ec, VALUE _)
+gc_get_auto_compact(VALUE _)
/*
* call-seq:
* GC.auto_compact -> true or false
@@ -10836,6 +10854,9 @@ gc_get_auto_compact(VALUE _)
{
return RBOOL(ruby_enable_autocompact);
}
@ -215,18 +413,6 @@ index ef9327df1f..1c35856c44 100644
static int
get_envparam_size(const char *name, size_t *default_value, size_t lower_bound)
@@ -13599,6 +13696,11 @@ Init_GC(void)
rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0);
rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0);
#endif
+ rb_define_singleton_method(rb_mGC, "compact", gc_compact, 0);
+ rb_define_singleton_method(rb_mGC, "auto_compact", gc_get_auto_compact, 0);
+ rb_define_singleton_method(rb_mGC, "auto_compact=", gc_set_auto_compact, 1);
+ rb_define_singleton_method(rb_mGC, "latest_compact_info", gc_compact_stats, 0);
+ rb_define_singleton_method(rb_mGC, "verify_compaction_references", gc_verify_compaction_references, -1);
#if GC_DEBUG_STRESS_TO_CLASS
rb_define_singleton_method(rb_mGC, "add_stress_to_class", rb_gcdebug_add_stress_to_class, -1);
diff --git a/test/ruby/test_gc_compact.rb b/test/ruby/test_gc_compact.rb
index 42ad028530..411d5eab69 100644
--- a/test/ruby/test_gc_compact.rb
@ -314,89 +500,3 @@ index 42ad028530..411d5eab69 100644
end
def test_gc_compact_stats
diff --git a/gc.rb b/gc.rb
index 72637f3796..9265dd7b57 100644
--- a/gc.rb
+++ b/gc.rb
@@ -38,27 +38,6 @@ def garbage_collect full_mark: true, immediate_mark: true, immediate_sweep: true
Primitive.gc_start_internal full_mark, immediate_mark, immediate_sweep, false
end
- # call-seq:
- # GC.auto_compact -> true or false
- #
- # Returns whether or not automatic compaction has been enabled.
- #
- def self.auto_compact
- Primitive.gc_get_auto_compact
- end
-
- # call-seq:
- # GC.auto_compact = flag
- #
- # Updates automatic compaction mode.
- #
- # When enabled, the compactor will execute on every major collection.
- #
- # Enabling compaction will degrade performance on major collections.
- def self.auto_compact=(flag)
- Primitive.gc_set_auto_compact(flag)
- end
-
# call-seq:
# GC.enable -> true or false
#
@@ -210,53 +189,6 @@ def self.latest_gc_info hash_or_key = nil
Primitive.gc_latest_gc_info hash_or_key
end
- # call-seq:
- # GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
- #
- # Returns information about object moved in the most recent GC compaction.
- #
- # The returned hash has two keys :considered and :moved. The hash for
- # :considered lists the number of objects that were considered for movement
- # by the compactor, and the :moved hash lists the number of objects that
- # were actually moved. Some objects can't be moved (maybe they were pinned)
- # so these numbers can be used to calculate compaction efficiency.
- def self.latest_compact_info
- Primitive.gc_compact_stats
- end
-
- # call-seq:
- # GC.compact
- #
- # This function compacts objects together in Ruby's heap. It eliminates
- # unused space (or fragmentation) in the heap by moving objects in to that
- # unused space. This function returns a hash which contains statistics about
- # which objects were moved. See `GC.latest_gc_info` for details about
- # compaction statistics.
- #
- # This method is implementation specific and not expected to be implemented
- # in any implementation besides MRI.
- def self.compact
- Primitive.gc_compact
- end
-
- # call-seq:
- # GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
- #
- # Verify compaction reference consistency.
- #
- # This method is implementation specific. During compaction, objects that
- # were moved are replaced with T_MOVED objects. No object should have a
- # reference to a T_MOVED object after compaction.
- #
- # This function doubles the heap to ensure room to move all objects,
- # compacts the heap to make sure everything moves, updates all references,
- # then performs a full GC. If any object contains a reference to a T_MOVED
- # object, that object should be pushed on the mark stack, and will
- # make a SEGV.
- def self.verify_compaction_references(toward: nil, double_heap: false)
- Primitive.gc_verify_compaction_references(double_heap, toward == :empty)
- end
-
# call-seq:
# GC.using_rvargc? -> true or false
#

44
SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
View File

@ -1,5 +1,5 @@
--- ruby-3.1.2/gc.rbinc 2022-04-12 13:11:17.000000000 +0200
+++ ruby/gc.rbinc 2022-06-08 12:49:16.288024971 +0200
--- ruby-3.1.3/gc.rbinc 2022-11-24 11:20:33.000000000 +0100
+++ ruby/gc.rbinc 2022-11-25 11:50:19.939820992 +0100
@@ -9,27 +9,27 @@
#include "builtin.h" /* for RB_BUILTIN_FUNCTION */
struct rb_execution_context_struct; /* in vm_core.h */
@ -218,8 +218,8 @@
COMPILER_WARNING_POP
// load
--- ruby-3.1.2/miniprelude.c 2022-04-12 13:11:17.000000000 +0200
+++ ruby/miniprelude.c 2022-06-08 12:49:16.377024871 +0200
--- ruby-3.1.3/miniprelude.c 2022-11-24 11:20:33.000000000 +0100
+++ ruby/miniprelude.c 2022-11-25 11:50:20.012820803 +0100
@@ -545,11 +545,10 @@
static const char prelude_name2[] = "<internal:gc>";
@ -446,57 +446,57 @@
};
static const char prelude_name11[] = "<internal:ractor>";
@@ -3305,7 +3234,7 @@
@@ -3309,7 +3238,7 @@
" }\n"
" end\n"
"end\n"
-#line 3309 "miniprelude.c"
+#line 3238 "miniprelude.c"
-#line 3313 "miniprelude.c"
+#line 3242 "miniprelude.c"
};
static const char prelude_name12[] = "<internal:timev>";
@@ -3628,7 +3557,7 @@
@@ -3632,7 +3561,7 @@
" Primitive.time_init_args(year, mon, mday, hour, min, sec, zone)\n"
" end\n"
"end\n"
-#line 3632 "miniprelude.c"
+#line 3561 "miniprelude.c"
-#line 3636 "miniprelude.c"
+#line 3565 "miniprelude.c"
};
static const char prelude_name13[] = "<internal:nilclass>";
@@ -3661,7 +3590,7 @@
@@ -3665,7 +3594,7 @@
" return 0.0\n"
" end\n"
"end\n"
-#line 3665 "miniprelude.c"
+#line 3594 "miniprelude.c"
-#line 3669 "miniprelude.c"
+#line 3598 "miniprelude.c"
};
static const char prelude_name14[] = "<internal:prelude>";
@@ -3691,7 +3620,7 @@
@@ -3695,7 +3624,7 @@
"\n"
" private :pp\n"
"end\n"
-#line 3695 "miniprelude.c"
+#line 3624 "miniprelude.c"
-#line 3699 "miniprelude.c"
+#line 3628 "miniprelude.c"
};
static const char prelude_name15[] = "<internal:gem_prelude>";
@@ -3718,7 +3647,7 @@
@@ -3722,7 +3651,7 @@
"rescue LoadError\n"
" warn \"`did_you_mean' was not loaded.\"\n"
"end if defined?(DidYouMean)\n"
-#line 3722 "miniprelude.c"
+#line 3651 "miniprelude.c"
-#line 3726 "miniprelude.c"
+#line 3655 "miniprelude.c"
};
static const char prelude_name16[] = "<internal:yjit>";
@@ -4059,7 +3988,7 @@
@@ -4063,7 +3992,7 @@
" end\n"
" end\n"
"end\n"
-#line 4063 "miniprelude.c"
+#line 3992 "miniprelude.c"
-#line 4067 "miniprelude.c"
+#line 3996 "miniprelude.c"
};
COMPILER_WARNING_POP

32
SOURCES/ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch Normal file
View File

@ -0,0 +1,32 @@
From f0b254f1f6610294821bbfc06b414d2af452db5b Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Thu, 13 Apr 2023 17:28:27 +0200
Subject: [PATCH] [ruby/openssl] Drop a common logic disabling the FIPS mode in
the tests.
We want to run the unit tests in the FIPS mode too.
https://github.com/ruby/openssl/commit/ab92baff34
---
test/openssl/utils.rb | 5 -----
1 file changed, 5 deletions(-)
diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
index 4ebcb9837b..8a0be0d154 100644
--- a/test/openssl/utils.rb
+++ b/test/openssl/utils.rb
@@ -1,11 +1,6 @@
# frozen_string_literal: true
begin
require "openssl"
-
- # Disable FIPS mode for tests for installations
- # where FIPS mode would be enabled by default.
- # Has no effect on all other installations.
- OpenSSL.fips_mode=false
rescue LoadError
end
--
2.41.0

73
SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch Normal file
View File

@ -0,0 +1,73 @@
From b6d7cdc2bad0eadbca73f3486917f0ec7a475814 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Tue, 29 Aug 2023 19:46:02 +0900
Subject: [PATCH] [ruby/openssl] ssl: use ffdhe2048 from RFC 7919 as the
default DH group parameters
In TLS 1.2 or before, if DH group parameters for DHE are not supplied
with SSLContext#tmp_dh= or #tmp_dh_callback=, we currently use the
self-generated parameters added in commit https://github.com/ruby/openssl/commit/bb3399a61c03 ("support 2048
bit length DH-key", 2016-01-15) as the fallback.
While there is no known weakness in the current parameters, it would be
a good idea to switch to pre-defined, more well audited parameters.
This also allows the fallback to work in the FIPS mode.
The PEM encoding was derived with:
# RFC 7919 Appendix A.1. ffdhe2048
print OpenSSL::PKey.read(OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer((<<-END).split.join.to_i(16)), OpenSSL::ASN1::Integer(2)]).to_der).to_pem
FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1
D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9
7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561
2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935
984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735
30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB
B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19
0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61
9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73
3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA
886B4238 61285C97 FFFFFFFF FFFFFFFF
END
https://github.com/ruby/openssl/commit/a5527cb4f4
---
ext/openssl/lib/openssl/ssl.rb | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb
index ea8bb2a18e533..94be6ba80b894 100644
--- a/ext/openssl/lib/openssl/ssl.rb
+++ b/ext/openssl/lib/openssl/ssl.rb
@@ -31,21 +31,21 @@ class SSLContext
}
if defined?(OpenSSL::PKey::DH)
- DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
+ DH_ffdhe2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_
-----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY
-JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab
-VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6
-YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3
-1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD
-7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg==
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
-----END DH PARAMETERS-----
_end_of_pem_
- private_constant :DEFAULT_2048
+ private_constant :DH_ffdhe2048
DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc:
warn "using default DH parameters." if $VERBOSE
- DEFAULT_2048
+ DH_ffdhe2048
}
end

188
SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch Normal file
View File

@ -0,0 +1,188 @@
From 114140236e1835c60a9697f7b89b818c1cbb9350 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Wed, 12 Apr 2023 17:15:21 +0200
Subject: [PATCH] Fix OpenSSL::PKey.read in OpenSSL 3 FIPS module.
This is a combination of the following 2 commits. Because the combined patch is
easy to merge.
This is the 1st commit message:
[ruby/openssl] Workaround: Fix OpenSSL::PKey.read that cannot parse PKey in the FIPS mode.
This commit is a workaround to avoid the error below that the
`OpenSSL::PKey.read` fails with the OpenSSL 3.0 FIPS mode.
```
$ openssl genrsa -out key.pem 4096
$ ruby -e "require 'openssl'; OpenSSL::PKey.read(File.read('key.pem'))"
-e:1:in `read': Could not parse PKey (OpenSSL::PKey::PKeyError)
from -e:1:in `<main>'
```
The root cause is on the OpenSSL side. The `OSSL_DECODER_CTX_set_selection`
doesn't apply the selection value properly if there are multiple providers, and
a provider (e.g. "base" provider) handles the decoder implementation, and
another provider (e.g. "fips" provider) handles the keys.
The workaround is to create `OSSL_DECODER_CTX` variable each time without using
the `OSSL_DECODER_CTX_set_selection`.
https://github.com/ruby/openssl/commit/5ff4a31621
This is the commit message #2:
[ruby/openssl] ossl_pkey.c: Workaround: Decode with non-zero selections.
This is a workaround for the decoding issue in ossl_pkey_read_generic().
The issue happens in the case that a key management provider is different from
a decoding provider.
Try all the non-zero selections in order, instead of selection 0 for OpenSSL 3
to avoid the issue.
https://github.com/ruby/openssl/commit/db688fa739
---
ext/openssl/ossl_pkey.c | 103 ++++++++++++++++++++++++----------------
1 file changed, 63 insertions(+), 40 deletions(-)
diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c
index ee143d66ee..51ee0bacba 100644
--- a/ext/openssl/ossl_pkey.c
+++ b/ext/openssl/ossl_pkey.c
@@ -82,31 +82,62 @@ ossl_pkey_new(EVP_PKEY *pkey)
#if OSSL_OPENSSL_PREREQ(3, 0, 0)
# include <openssl/decoder.h>
-EVP_PKEY *
-ossl_pkey_read_generic(BIO *bio, VALUE pass)
+static EVP_PKEY *
+ossl_pkey_read(BIO *bio, const char *input_type, int selection, VALUE pass)
{
void *ppass = (void *)pass;
OSSL_DECODER_CTX *dctx;
EVP_PKEY *pkey = NULL;
int pos = 0, pos2;
- dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, NULL, 0, NULL, NULL);
+ dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, input_type, NULL, NULL,
+ selection, NULL, NULL);
if (!dctx)
goto out;
- if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb, ppass) != 1)
- goto out;
-
- /* First check DER */
- if (OSSL_DECODER_from_bio(dctx, bio) == 1)
+ if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb,
+ ppass) != 1)
goto out;
+ while (1) {
+ if (OSSL_DECODER_from_bio(dctx, bio) == 1)
+ goto out;
+ if (BIO_eof(bio))
+ break;
+ pos2 = BIO_tell(bio);
+ if (pos2 < 0 || pos2 <= pos)
+ break;
+ ossl_clear_error();
+ pos = pos2;
+ }
+ out:
OSSL_BIO_reset(bio);
+ OSSL_DECODER_CTX_free(dctx);
+ return pkey;
+}
- /* Then check PEM; multiple OSSL_DECODER_from_bio() calls may be needed */
- if (OSSL_DECODER_CTX_set_input_type(dctx, "PEM") != 1)
- goto out;
+EVP_PKEY *
+ossl_pkey_read_generic(BIO *bio, VALUE pass)
+{
+ EVP_PKEY *pkey = NULL;
+ /* First check DER, then check PEM. */
+ const char *input_types[] = {"DER", "PEM"};
+ int input_type_num = (int)(sizeof(input_types) / sizeof(char *));
/*
- * First check for private key formats. This is to keep compatibility with
- * ruby/openssl < 3.0 which decoded the following as a private key.
+ * Non-zero selections to try to decode.
+ *
+ * See EVP_PKEY_fromdata(3) - Selections to see all the selections.
+ *
+ * This is a workaround for the decoder failing to decode or returning
+ * bogus keys with selection 0, if a key management provider is different
+ * from a decoder provider. The workaround is to avoid using selection 0.
+ *
+ * Affected OpenSSL versions: >= 3.1.0, <= 3.1.2, or >= 3.0.0, <= 3.0.10
+ * Fixed OpenSSL versions: 3.2, next release of the 3.1.z and 3.0.z
+ *
+ * See https://github.com/openssl/openssl/pull/21519 for details.
+ *
+ * First check for private key formats (EVP_PKEY_KEYPAIR). This is to keep
+ * compatibility with ruby/openssl < 3.0 which decoded the following as a
+ * private key.
*
* $ openssl ecparam -name prime256v1 -genkey -outform PEM
* -----BEGIN EC PARAMETERS-----
@@ -124,36 +155,28 @@ ossl_pkey_read_generic(BIO *bio, VALUE pass)
*
* Note that normally, the input is supposed to contain a single decodable
* PEM block only, so this special handling should not create a new problem.
+ *
+ * Note that we need to create the OSSL_DECODER_CTX variable each time when
+ * we use the different selection as a workaround.
+ * See https://github.com/openssl/openssl/issues/20657 for details.
*/
- OSSL_DECODER_CTX_set_selection(dctx, EVP_PKEY_KEYPAIR);
- while (1) {
- if (OSSL_DECODER_from_bio(dctx, bio) == 1)
- goto out;
- if (BIO_eof(bio))
- break;
- pos2 = BIO_tell(bio);
- if (pos2 < 0 || pos2 <= pos)
- break;
- ossl_clear_error();
- pos = pos2;
- }
-
- OSSL_BIO_reset(bio);
- OSSL_DECODER_CTX_set_selection(dctx, 0);
- while (1) {
- if (OSSL_DECODER_from_bio(dctx, bio) == 1)
- goto out;
- if (BIO_eof(bio))
- break;
- pos2 = BIO_tell(bio);
- if (pos2 < 0 || pos2 <= pos)
- break;
- ossl_clear_error();
- pos = pos2;
+ int selections[] = {
+ EVP_PKEY_KEYPAIR,
+ EVP_PKEY_KEY_PARAMETERS,
+ EVP_PKEY_PUBLIC_KEY
+ };
+ int selection_num = (int)(sizeof(selections) / sizeof(int));
+ int i, j;
+
+ for (i = 0; i < input_type_num; i++) {
+ for (j = 0; j < selection_num; j++) {
+ pkey = ossl_pkey_read(bio, input_types[i], selections[j], pass);
+ if (pkey) {
+ goto out;
+ }
+ }
}
-
out:
- OSSL_DECODER_CTX_free(dctx);
return pkey;
}
#else
--
2.41.0

142
SOURCES/ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch Normal file
View File

@ -0,0 +1,142 @@
From 29920ec109751459a65c6478525f2e59c644891f Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Thu, 16 Mar 2023 21:36:43 +0100
Subject: [PATCH] [ruby/openssl] Implement FIPS functions on OpenSSL 3.
This commit is to implement the `OpenSSL::OPENSSL_FIPS`, `ossl_fips_mode_get`
and `ossl_fips_mode_set` to pass the test `test/openssl/test_fips.rb`.
It seems that the `OPENSSL_FIPS` macro is not used on the FIPS mode case any
more, and some FIPS related APIs also were removed in OpenSSL 3.
See the document <https://github.com/openssl/openssl/blob/master/doc/man7/migration_guide.pod#removed-fips_mode-and-fips_mode_set>
the section OPENSSL 3.0 > Main Changes from OpenSSL 1.1.1 >
Other notable deprecations and changes - Removed FIPS_mode() and FIPS_mode_set() .
The `OpenSSL::OPENSSL_FIPS` returns always true in OpenSSL 3 because the used
functions `EVP_default_properties_enable_fips` and `EVP_default_properties_is_fips_enabled`
works with the OpenSSL installed without FIPS option.
The `TEST_RUBY_OPENSSL_FIPS_ENABLED` is set on the FIPS mode case on the CI.
Because I want to test that the `OpenSSL.fips_mode` returns the `true` or
'false' surely in the CI. You can test the FIPS mode case by setting
`TEST_RUBY_OPENSSL_FIPS_ENABLED` on local too. Right now I don't find a better
way to get the status of the FIPS mode enabled or disabled for this purpose. I
am afraid of the possibility that the FIPS test case is unintentionally skipped.
I also replaced the ambiguous "returns" with "should return" in the tests.
https://github.com/ruby/openssl/commit/c5b2bc1268
---
ext/openssl/ossl.c | 25 +++++++++++++++++++++----
test/openssl/test_fips.rb | 32 ++++++++++++++++++++++++++++----
2 files changed, 49 insertions(+), 8 deletions(-)
diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index 6c532aca94..fcf3744c65 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -418,7 +418,11 @@ static VALUE
ossl_fips_mode_get(VALUE self)
{
-#ifdef OPENSSL_FIPS
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+ VALUE enabled;
+ enabled = EVP_default_properties_is_fips_enabled(NULL) ? Qtrue : Qfalse;
+ return enabled;
+#elif OPENSSL_FIPS
VALUE enabled;
enabled = FIPS_mode() ? Qtrue : Qfalse;
return enabled;
@@ -442,8 +446,18 @@ ossl_fips_mode_get(VALUE self)
static VALUE
ossl_fips_mode_set(VALUE self, VALUE enabled)
{
-
-#ifdef OPENSSL_FIPS
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+ if (RTEST(enabled)) {
+ if (!EVP_default_properties_enable_fips(NULL, 1)) {
+ ossl_raise(eOSSLError, "Turning on FIPS mode failed");
+ }
+ } else {
+ if (!EVP_default_properties_enable_fips(NULL, 0)) {
+ ossl_raise(eOSSLError, "Turning off FIPS mode failed");
+ }
+ }
+ return enabled;
+#elif OPENSSL_FIPS
if (RTEST(enabled)) {
int mode = FIPS_mode();
if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
@@ -1198,7 +1212,10 @@ Init_openssl(void)
* Boolean indicating whether OpenSSL is FIPS-capable or not
*/
rb_define_const(mOSSL, "OPENSSL_FIPS",
-#ifdef OPENSSL_FIPS
+/* OpenSSL 3 is FIPS-capable even when it is installed without fips option */
+#if OSSL_OPENSSL_PREREQ(3, 0, 0)
+ Qtrue
+#elif OPENSSL_FIPS
Qtrue
#else
Qfalse
diff --git a/test/openssl/test_fips.rb b/test/openssl/test_fips.rb
index 8cd474f9a3..56a12a94ce 100644
--- a/test/openssl/test_fips.rb
+++ b/test/openssl/test_fips.rb
@@ -4,22 +4,46 @@
if defined?(OpenSSL)
class OpenSSL::TestFIPS < OpenSSL::TestCase
+ def test_fips_mode_get_is_true_on_fips_mode_enabled
+ unless ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"]
+ omit "Only for FIPS mode environment"
+ end
+
+ assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
+ assert OpenSSL.fips_mode == true, ".fips_mode should return true on FIPS mode enabled"
+ end;
+ end
+
+ def test_fips_mode_get_is_false_on_fips_mode_disabled
+ if ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"]
+ omit "Only for non-FIPS mode environment"
+ end
+
+ assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
+ message = ".fips_mode should return false on FIPS mode disabled. " \
+ "If you run the test on FIPS mode, please set " \
+ "TEST_RUBY_OPENSSL_FIPS_ENABLED=true"
+ assert OpenSSL.fips_mode == false, message
+ end;
+ end
+
def test_fips_mode_is_reentrant
OpenSSL.fips_mode = false
OpenSSL.fips_mode = false
end
- def test_fips_mode_get
- return unless OpenSSL::OPENSSL_FIPS
+ def test_fips_mode_get_with_fips_mode_set
+ omit('OpenSSL is not FIPS-capable') unless OpenSSL::OPENSSL_FIPS
+
assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;")
require #{__FILE__.dump}
begin
OpenSSL.fips_mode = true
- assert OpenSSL.fips_mode == true, ".fips_mode returns true when .fips_mode=true"
+ assert OpenSSL.fips_mode == true, ".fips_mode should return true when .fips_mode=true"
OpenSSL.fips_mode = false
- assert OpenSSL.fips_mode == false, ".fips_mode returns false when .fips_mode=false"
+ assert OpenSSL.fips_mode == false, ".fips_mode should return false when .fips_mode=false"
rescue OpenSSL::OpenSSLError
pend "Could not set FIPS mode (OpenSSL::OpenSSLError: \#$!); skipping"
end
--
2.41.0

256
SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch Normal file
View File

@ -0,0 +1,256 @@
From d3933fc753187a055a4904af82f5f3794c88c416 Mon Sep 17 00:00:00 2001
From: Sorah Fukumori <her@sorah.jp>
Date: Mon, 1 Jan 2024 20:45:54 +0900
Subject: [PATCH] [ruby/net-http] Renew test certificates
The private key is replaced with a public known test key published at
[RFC 9500].
Also lifetime has been extended to 10 years from 4 years.
[RFC 9500]: https://www.rfc-editor.org/rfc/rfc9500.html
https://github.com/ruby/net-http/commit/4ab6c4a500
---
test/net/fixtures/Makefile | 6 +--
test/net/fixtures/cacert.pem | 44 ++++++++--------
test/net/fixtures/server.crt | 99 +++++++-----------------------------
test/net/fixtures/server.key | 55 ++++++++++----------
4 files changed, 71 insertions(+), 133 deletions(-)
diff --git a/test/net/fixtures/Makefile b/test/net/fixtures/Makefile
index b2bc9c7368ee2..88c232e3b6c16 100644
--- a/test/net/fixtures/Makefile
+++ b/test/net/fixtures/Makefile
@@ -5,11 +5,11 @@ regen_certs:
make server.crt
cacert.pem: server.key
- openssl req -new -x509 -days 1825 -key server.key -out cacert.pem -text -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org"
+ openssl req -new -x509 -days 3650 -key server.key -out cacert.pem -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org"
server.csr:
- openssl req -new -key server.key -out server.csr -text -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost"
+ openssl req -new -key server.key -out server.csr -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost"
server.crt: server.csr cacert.pem
- openssl x509 -days 1825 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -text -out server.crt
+ openssl x509 -days 3650 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -out server.crt
rm server.csr
diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem
index f623bd62ed375..24c83f1c65225 100644
--- a/test/net/fixtures/cacert.pem
+++ b/test/net/fixtures/cacert.pem
@@ -1,24 +1,24 @@
-----BEGIN CERTIFICATE-----
-MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
-VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx
-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy
-MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM
-B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv
-cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
-ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV
-SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI
-3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d
-BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L
-2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R
-WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9
-I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw
-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA
-of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q
-aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS
-2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee
-uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s
-K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+
-mA==
+MIID+zCCAuOgAwIBAgIUGMvHl3EhtKPKcgc3NQSAYfFuC+8wDQYJKoZIhvcNAQEL
+BQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRQwEgYDVQQHDAtN
+YXR6LWUgY2l0eTEXMBUGA1UECgwOUnVieSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1
+YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAcnVieS1sYW5nLm9y
+ZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEyMjkxMTQ3MjNaMIGMMQswCQYDVQQGEwJK
+UDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkxFzAVBgNV
+BAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0ExJTAjBgkq
+hkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI
++1GSqyi1bFBgsRjM0THllIdMbKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0f
+qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0
+yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe
+NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1
+JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjUzBRMB0GA1Ud
+DgQWBBSJGVleDvFp9cu9R+E0/OKYzGkwkTAfBgNVHSMEGDAWgBSJGVleDvFp9cu9
+R+E0/OKYzGkwkTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl
+8GLB8skAWlkSw/FwbUmEV3zyqu+p7PNP5YIYoZs0D74e7yVulGQ6PKMZH5hrZmHo
+orFSQU+VUUirG8nDGj7Rzce8WeWBxsaDGC8CE2dq6nC6LuUwtbdMnBrH0LRWAz48
+jGFF3jHtVz8VsGfoZTZCjukWqNXvU6hETT9GsfU+PZqbqcTVRPH52+XgYayKdIbD
+r97RM4X3+aXBHcUW0b76eyyi65RR/Xtvn8ioZt2AdX7T2tZzJyXJN3Hupp77s6Ui
+AZR35SToHCZeTZD12YBvLBdaTPLZN7O/Q/aAO9ZiJaZ7SbFOjz813B2hxXab4Fob
+2uJX6eMWTVxYK5D4M9lm
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt
index 5ca78a6d146a0..5d2923795dabc 100644
--- a/test/net/fixtures/server.crt
+++ b/test/net/fixtures/server.crt
@@ -1,82 +1,21 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 2 (0x2)
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- Validity
- Not Before: Jan 2 03:27:13 2019 GMT
- Not After : Jan 1 03:27:13 2024 GMT
- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07:
- 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48:
- e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57:
- 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67:
- cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1:
- 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7:
- bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc:
- 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1:
- 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9:
- 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19:
- 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04:
- 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3:
- 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4:
- de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d:
- 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc:
- e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d:
- 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10:
- 4f:41
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:FALSE
- Netscape Comment:
- OpenSSL Generated Certificate
- X509v3 Subject Key Identifier:
- ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36
- X509v3 Authority Key Identifier:
- keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53
-
- Signature Algorithm: sha256WithRSAEncryption
- 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c:
- ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35:
- 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51:
- fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a:
- 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a:
- 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15:
- 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64:
- 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62:
- d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab:
- 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d:
- 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2:
- 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff:
- 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf:
- da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69:
- fd:be:bd:6e
-----BEGIN CERTIFICATE-----
-MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
-EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK
-DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI
-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX
-DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ
-BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ
-zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj
-VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ
-wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r
-sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d
-dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
-AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o
-wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N
-+J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ
-y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW
-EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL
-Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1
-oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j
-28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u
+MIIDYTCCAkkCAQAwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD
+VQQIDAdTaGltYW5lMRQwEgYDVQQHDAtNYXR6LWUgY2l0eTEXMBUGA1UECgwOUnVi
+eSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ
+ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEy
+MjkxMTQ3MjNaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRcwFQYD
+VQQKDA5SdWJ5IENvcmUgVGVhbTESMBAGA1UECwwJUnVieSBUZXN0MRIwEAYDVQQD
+DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ
+Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ
+tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA
+aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a
+a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj
+702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G
+9zKyqGtGAWXAj1MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACtGNdj5TEtnJBYp
+M+LhBeU3oNteldfycEm993gJp6ghWZFg23oX8fVmyEeJr/3Ca9bAgDqg0t9a0npN
+oWKEY6wVKqcHgu3gSvThF5c9KhGbeDDmlTSVVNQmXWX0K2d4lS2cwZHH8mCm2mrY
+PDqlEkSc7k4qSiqigdS8i80Yk+lDXWsm8CjsiC93qaRM7DnS0WPQR0c16S95oM6G
+VklFKUSDAuFjw9aVWA/nahOucjn0w5fVW6lyIlkBslC1ChlaDgJmvhz+Ol3iMsE0
+kAmFNu2KKPVrpMWaBID49QwQTDyhetNLaVVFM88iUdA9JDoVMEuP1mm39JqyzHTu
+uBrdP4Q=
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key
index 7f2380e71e637..6a83d5bcf4a52 100644
--- a/test/net/fixtures/server.key
+++ b/test/net/fixtures/server.key
@@ -1,28 +1,27 @@
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN
-XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU
-Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC
-6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE
-cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ
-n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u
-/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ
-DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho
-LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX
-QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej
-hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ
-1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt
-liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd
-U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc
-pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC
-A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1
-ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs
-oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD
-gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ
-xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn
-kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ
-uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ
-y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ
-g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8
-wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7
-2whRF0FEjKA8ehrNhAq+VFfFNw==
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso
+tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE
+89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU
+l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s
+B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59
+3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+
+dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI
+FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J
+aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2
+BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx
+IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/
+fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u
+pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT
+Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl
+u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD
+fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X
+Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE
+k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo
+qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS
+CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ
+XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw
+AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r
+UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0
+2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5
+7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3
+-----END RSA PRIVATE KEY-----

31
SOURCES/ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch
View File

@ -1,31 +0,0 @@
From bfa2f72cfa3bfde34049d26dcb24976316074ad7 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Mon, 21 Mar 2022 15:36:51 +0100
Subject: [PATCH] Fix a test for `bin/bundle update --bundler` to pass on
ruby/ruby.
Consider the case that the latest Bundler version on RubyGems is higher than
the `system_bundler_version` (= `Bundler::VERSION`) in `make test-bundler` on
ruby/ruby.
See <https://bugs.ruby-lang.org/issues/18643>.
---
spec/bundler/commands/binstubs_spec.rb | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/spec/bundler/commands/binstubs_spec.rb b/spec/bundler/commands/binstubs_spec.rb
index 198226207bc..2634f43417c 100644
--- a/spec/bundler/commands/binstubs_spec.rb
+++ b/spec/bundler/commands/binstubs_spec.rb
@@ -226,7 +226,10 @@
it "calls through to the latest bundler version" do
sys_exec "bin/bundle update --bundler", :env => { "DEBUG" => "1" }
- expect(out).to include %(Using bundler #{system_bundler_version}\n)
+ using_bundler_line = /Using bundler ([\w\.]+)\n/.match(out)
+ expect(using_bundler_line).to_not be_nil
+ latest_version = using_bundler_line[1]
+ expect(Gem::Version.new(latest_version)).to be >= Gem::Version.new(system_bundler_version)
end
it "calls through to the explicit bundler version" do

24
SOURCES/ruby-irb-1.4.1-drop-rdoc-hard-dep.patch Normal file
View File

@ -0,0 +1,24 @@
From 54c8df06ff9e161012f89d19a4e3aa2e0e37e1b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Tue, 23 Aug 2022 10:41:28 +0200
Subject: [PATCH] Drop hard dependency on RDoc.
This has been introduced in 026700499dfd640b2072d7bf0370247a98d5ac40,
but it seems that this is just be mistake, otherwise the later handling
of `LoadError` would not be needed.
---
lib/irb/input-method.rb | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/irb/input-method.rb b/lib/irb/input-method.rb
index fd68239e..a8227caa 100644
--- a/lib/irb/input-method.rb
+++ b/lib/irb/input-method.rb
@@ -14,7 +14,6 @@
require_relative 'completion'
require 'io/console'
require 'reline'
-require 'rdoc'
module IRB
STDIN_FILE_NAME = "(line)" # :nodoc:

35
SOURCES/ruby-irb-1.4.1-set-rdoc-soft-dep.patch Normal file
View File

@ -0,0 +1,35 @@
From b24852058fc87c940252c8a711c60ae2eb298082 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Thu, 25 Aug 2022 20:11:34 +0200
Subject: [PATCH] Require RDoc in `input-method.rb` again in a limited scope.
RDoc is implemented as soft dependency in IRB. See how the rdoc is required in
the files. I reverted the commit below.
```
$ grep -ril rdoc lib/
lib/irb/cmd/help.rb
lib/irb/completion.rb
lib/irb/easter-egg.rb
lib/irb/input-method.rb
```
---
lib/irb/input-method.rb | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/irb/input-method.rb b/lib/irb/input-method.rb
index a8227ca..b77fd32 100644
--- a/lib/irb/input-method.rb
+++ b/lib/irb/input-method.rb
@@ -320,6 +320,11 @@ def auto_indent(&block)
[195, 164], # The "ä" that appears when Alt+d is pressed on xterm.
[226, 136, 130] # The "∂" that appears when Alt+d in pressed on iTerm2.
]
+ begin
+ require 'rdoc'
+ rescue LoadError
+ return nil
+ end
if just_cursor_moving and completion_journey_data.nil?
return nil

72
SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch Normal file
View File

@ -0,0 +1,72 @@
diff --git a/bundler/spec/install/gemfile/specific_platform_spec.rb b/bundler/spec/install/gemfile/specific_platform_spec.rb
index a29446305..e35d8bc16 100644
--- a/bundler/spec/install/gemfile/specific_platform_spec.rb
+++ b/bundler/spec/install/gemfile/specific_platform_spec.rb
@@ -104,40 +104,53 @@
L
end
- it "still installs the generic RUBY variant if necessary even when running on a legacy lockfile locked only to RUBY" do
- build_repo4 do
- build_gem "nokogiri", "1.3.10"
- build_gem "nokogiri", "1.3.10" do |s|
- s.platform = "arm64-darwin"
- s.required_ruby_version = "< #{Gem.ruby_version}"
+ context "when running on a legacy lockfile locked only to RUBY" do
+ around do |example|
+ build_repo4 do
+ build_gem "nokogiri", "1.3.10"
+ build_gem "nokogiri", "1.3.10" do |s|
+ s.platform = "arm64-darwin"
+ s.required_ruby_version = "< #{Gem.ruby_version}"
+ end
+
+ build_gem "bundler", "2.1.4"
end
- build_gem "bundler", "2.1.4"
- end
-
- gemfile <<~G
+ gemfile <<~G
source "#{file_uri_for(gem_repo4)}"
+
gem "nokogiri"
- G
+ G
- lockfile <<-L
+ lockfile <<-L
GEM
remote: #{file_uri_for(gem_repo4)}/
specs:
nokogiri (1.3.10)
+
PLATFORMS
ruby
+
DEPENDENCIES
nokogiri
+
RUBY VERSION
2.5.3p105
+
BUNDLED WITH
2.1.4
- L
+ L
- simulate_platform "arm64-darwin-22" do
+ simulate_platform "arm64-darwin-22", &example
+ end
+
+ it "still installs the generic RUBY variant if necessary" do
bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
end
+
+ it "still installs the generic RUBY variant if necessary, even in frozen mode" do
+ bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s, "BUNDLE_FROZEN" => "true" }
+ end
end
it "doesn't discard previously installed platform specific gem and fall back to ruby on subsequent bundles" do

54
SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch Normal file
View File

@ -0,0 +1,54 @@
From 891246c3865ed0af7e277ca50c079f466d035f7c Mon Sep 17 00:00:00 2001
From: Jarek Prokop <jprokop@redhat.com>
Date: Thu, 1 Jun 2023 13:22:24 +0200
Subject: [PATCH] Backport "Fix another issue of Bundler not falling back to an
installable candidate"
In this case, when materializing a legacy lockfile using only "ruby"
platform, and in frozen mode.
=====
Commit adapted from: https://github.com/rubygems/rubygems/pull/6261
---
bundler/lib/bundler/lazy_specification.rb | 11 +++--
.../install/gemfile/specific_platform_spec.rb | 41 ++++++++++++-------
2 files changed, 35 insertions(+), 17 deletions(-)
diff --git a/bundler/lib/bundler/lazy_specification.rb b/bundler/lib/bundler/lazy_specification.rb
index e8bee25ab..a65020e6c 100644
--- a/bundler/lib/bundler/lazy_specification.rb
+++ b/bundler/lib/bundler/lazy_specification.rb
@@ -85,7 +85,7 @@ def materialize_for_installation
installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform)
- specification = __materialize__(installable_candidates)
+ specification = __materialize__(installable_candidates, :fallback_to_non_installable => false)
return specification unless specification.nil?
if target_platform != platform
@@ -98,13 +98,18 @@ def materialize_for_installation
__materialize__(candidates)
end
- def __materialize__(candidates)
+ # If in frozen mode, we fallback to a non-installable candidate because by
+ # doing this we avoid re-resolving and potentially end up changing the
+ # lock file, which is not allowed. In that case, we will give a proper error
+ # about the mismatch higher up the stack, right before trying to install the
+ # bad gem.
+ def __materialize__(candidates, fallback_to_non_installable: Bundler.frozen_bundle?)
search = candidates.reverse.find do |spec|
spec.is_a?(StubSpecification) ||
(spec.matches_current_ruby? &&
spec.matches_current_rubygems?)
end
- if search.nil? && Bundler.frozen_bundle?
+ if search.nil? && fallback_to_non_installable
search = candidates.last
else
search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
--
2.41.0.rc1

144
SOURCES/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch Normal file
View File

@ -0,0 +1,144 @@
From 0985592ad2d815ac461100807f5b2621e5f49b21 Mon Sep 17 00:00:00 2001
From: Jarek Prokop <jprokop@redhat.com>
Date: Fri, 31 Mar 2023 11:54:07 +0200
Subject: [PATCH 1/2] Provide fix for bundler Gemfile resolving regression.
Instead of resolving to correct Ruby platform, it preferred the
archful package, that is actually incompatible.
See https://github.com/sclorg/s2i-ruby-container/issues/469
for an example of the bug.
Commit taken from:
<https://github.com/rubygems/rubygems/pull/6225>
and adapted:
<https://github.com/rubygems/rubygems/commit/7b64c64262a7a980c0eb23b96ea56cf72ea06e89>
for the PR#6225.
---
bundler/lib/bundler/index.rb | 5 ++
bundler/lib/bundler/lazy_specification.rb | 64 ++++++++++-------------
2 files changed, 34 insertions(+), 35 deletions(-)
diff --git a/bundler/lib/bundler/index.rb b/bundler/lib/bundler/index.rb
index ed16c90a3..903e220d5 100644
--- a/bundler/lib/bundler/index.rb
+++ b/bundler/lib/bundler/index.rb
@@ -71,6 +71,7 @@ def local_search(query)
when Gem::Specification, RemoteSpecification, LazySpecification, EndpointSpecification then search_by_spec(query)
when String then specs_by_name(query)
when Gem::Dependency then search_by_dependency(query)
+ when Array then search_by_name_and_version(*query)
else
raise "You can't search for a #{query.inspect}."
end
@@ -173,6 +174,10 @@ def search_by_dependency(dependency)
end
end
+ def search_by_name_and_version(name, version)
+ specs_by_name(name).select { |spec| spec.version == version }
+ end
+
EMPTY_SEARCH = [].freeze
def search_by_spec(spec)
diff --git a/bundler/lib/bundler/lazy_specification.rb b/bundler/lib/bundler/lazy_specification.rb
index 949e8264b..e8bee25ab 100644
--- a/bundler/lib/bundler/lazy_specification.rb
+++ b/bundler/lib/bundler/lazy_specification.rb
@@ -13,7 +13,6 @@ def initialize(name, version, platform, source = nil)
@dependencies = []
@platform = platform || Gem::Platform::RUBY
@source = source
- @specification = nil
end
def full_name
@@ -76,37 +75,41 @@ def to_lock
def materialize_for_installation
source.local!
- candidates = if source.is_a?(Source::Path) || !ruby_platform_materializes_to_ruby_platform?
- target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform
+ matching_specs = source.specs.search(use_exact_resolved_specifications? ? self : [name, version])
+ return self if matching_specs.empty?
- GemHelpers.select_best_platform_match(source.specs.search(Dependency.new(name, version)), target_platform)
- else
- source.specs.search(self)
- end
+ candidates = if use_exact_resolved_specifications?
+ matching_specs
+ else
+ target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform
+
+ installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform)
+
+ specification = __materialize__(installable_candidates)
+ return specification unless specification.nil?
- return self if candidates.empty?
+ if target_platform != platform
+ installable_candidates = GemHelpers.select_best_platform_match(matching_specs, platform)
+ end
+
+ installable_candidates
+ end
__materialize__(candidates)
end
def __materialize__(candidates)
- @specification = begin
- search = candidates.reverse.find do |spec|
- spec.is_a?(StubSpecification) ||
- (spec.matches_current_ruby? &&
- spec.matches_current_rubygems?)
- end
- if search.nil? && Bundler.frozen_bundle?
- search = candidates.last
- else
- search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
- end
- search
+ search = candidates.reverse.find do |spec|
+ spec.is_a?(StubSpecification) ||
+ (spec.matches_current_ruby? &&
+ spec.matches_current_rubygems?)
end
- end
-
- def respond_to?(*args)
- super || @specification ? @specification.respond_to?(*args) : nil
+ if search.nil? && Bundler.frozen_bundle?
+ search = candidates.last
+ else
+ search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification))
+ end
+ search
end
def to_s
@@ -127,17 +130,8 @@ def git_version
end
private
-
- def to_ary
- nil
- end
-
- def method_missing(method, *args, &blk)
- raise "LazySpecification has not been materialized yet (calling :#{method} #{args.inspect})" unless @specification
-
- return super unless respond_to?(method)
-
- @specification.send(method, *args, &blk)
+ def use_exact_resolved_specifications?
+ @use_exact_resolved_specifications ||= !source.is_a?(Source::Path) && ruby_platform_materializes_to_ruby_platform?
end
#
--
2.40.0

60
SOURCES/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch Normal file
View File

@ -0,0 +1,60 @@
From cb3d287a91e9b6762e47635137d6024fe39e117d Mon Sep 17 00:00:00 2001
From: Jarek Prokop <jprokop@redhat.com>
Date: Fri, 31 Mar 2023 12:06:21 +0200
Subject: [PATCH] Tests from bundler's PR#6225.
See <https://github.com/rubygems/rubygems/pull/6225>.
---
.../install/gemfile/specific_platform_spec.rb | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/bundler/spec/install/gemfile/specific_platform_spec.rb b/bundler/spec/install/gemfile/specific_platform_spec.rb
index 98efec396..a29446305 100644
--- a/bundler/spec/install/gemfile/specific_platform_spec.rb
+++ b/bundler/spec/install/gemfile/specific_platform_spec.rb
@@ -104,6 +104,42 @@
L
end
+ it "still installs the generic RUBY variant if necessary even when running on a legacy lockfile locked only to RUBY" do
+ build_repo4 do
+ build_gem "nokogiri", "1.3.10"
+ build_gem "nokogiri", "1.3.10" do |s|
+ s.platform = "arm64-darwin"
+ s.required_ruby_version = "< #{Gem.ruby_version}"
+ end
+
+ build_gem "bundler", "2.1.4"
+ end
+
+ gemfile <<~G
+ source "#{file_uri_for(gem_repo4)}"
+ gem "nokogiri"
+ G
+
+ lockfile <<-L
+ GEM
+ remote: #{file_uri_for(gem_repo4)}/
+ specs:
+ nokogiri (1.3.10)
+ PLATFORMS
+ ruby
+ DEPENDENCIES
+ nokogiri
+ RUBY VERSION
+ 2.5.3p105
+ BUNDLED WITH
+ 2.1.4
+ L
+
+ simulate_platform "arm64-darwin-22" do
+ bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s }
+ end
+ end
+
it "doesn't discard previously installed platform specific gem and fall back to ruby on subsequent bundles" do
build_repo2 do
build_gem("libv8", "8.4.255.0")
--
2.40.0

34
SOURCES/test_openssl_fips.rb Normal file
View File

@ -0,0 +1,34 @@
require 'openssl'
# Run openssl tests in OpenSSL FIPS. See the link below for how to test.
# https://github.com/ruby/openssl/blob/master/.github/workflows/test.yml
# - step name: test on fips module
# Listing the testing files by an array explicitly rather than the `Dir.glob`
# to prevent the test files from not loading unintentionally.
TEST_FILES = %w[
test/openssl/test_fips.rb
test/openssl/test_pkey.rb
].freeze
if ARGV.empty?
puts 'ERROR: Argument base_dir required.'
puts "Usage: #{__FILE__} base_dir [options]"
exit false
end
BASE_DIR = ARGV[0]
abs_test_files = TEST_FILES.map { |file| File.join(BASE_DIR, file) }
# Set Fedora/RHEL downstream OpenSSL downstream environment variable to enable
# FIPS module in non-FIPS OS environment. It is available in Fedora 38 or later
# versions.
# https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0009-Add-Kernel-FIPS-mode-flag-support.patch
ENV['OPENSSL_FORCE_FIPS_MODE'] = '1'
# A flag to tell the tests the current environment is FIPS enabled.
# https://github.com/ruby/openssl/blob/master/test/openssl/test_fips.rb
ENV['TEST_RUBY_OPENSSL_FIPS_ENABLED'] = 'true'
abs_test_files.each do |file|
puts "INFO: Loading #{file}."
require file
end

231
SPECS/ruby.spec
View File

@ -1,6 +1,6 @@
%global major_version 3
%global minor_version 1
%global teeny_version 2
%global teeny_version 4
%global major_minor_version %{major_version}.%{minor_version}
%global ruby_version %{major_minor_version}.%{teeny_version}
@ -22,7 +22,7 @@
%endif
%global release 141
%global release 143
%{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
# The RubyGems library has to stay out of Ruby directory tree, since the
@ -30,20 +30,22 @@
%global rubygems_dir %{_datadir}/rubygems
# Bundled libraries versions
%global rubygems_version 3.3.7
%global rubygems_version 3.3.26
%global rubygems_molinillo_version 0.7.0
%global rubygems_optparse_version 0.2.0
%global rubygems_tsort_version 0.1.0
# Default gems.
%global bundler_version 2.3.7
%global bundler_version 2.3.26
%global bundler_connection_pool_version 2.3.0
%global bundler_fileutils_version 1.4.1
%global bundler_molinillo_version 0.7.0
%global bundler_molinillo_version 0.8.0
%global bundler_net_http_persistent_version 4.0.0
%global bundler_thor_version 1.2.1
%global bundler_tmpdir_version 0.1.0
# TODO: Check the version if/when available in library.
%global bundler_tsort_version 0.1.1
%global bundler_uri_version 0.10.1
%global bundler_uri_version 0.10.3
%global bigdecimal_version 3.1.1
%global did_you_mean_version 1.6.1
@ -51,8 +53,8 @@
%global io_console_version 0.5.11
%global irb_version 1.4.1
%global json_version 2.6.1
%global openssl_version 3.0.0
%global psych_version 4.0.3
%global openssl_version 3.0.1
%global psych_version 4.0.4
%global racc_version 1.6.0
%global rdoc_version 6.4.0
%global stringio_version 3.0.1
@ -70,9 +72,9 @@
%global net_smtp_version 0.3.1
%global matrix_version 0.4.2
%global prime_version 0.1.2
%global rbs_version 2.1.0
%global typeprof_version 0.21.2
%global debug_version 1.4.0
%global rbs_version 2.7.0
%global typeprof_version 0.21.3
%global debug_version 1.6.3
%global tapset_libdir %(echo %{_libdir} | sed 's/64//')*
@ -118,6 +120,8 @@ Source11: rubygems.con
Source13: test_abrt.rb
# SystemTap tests.
Source14: test_systemtap.rb
# Ruby OpenSSL FIPS tests.
Source15: test_openssl_fips.rb
# The load directive is supported since RPM 4.12, i.e. F21+. The build process
# fails on older Fedoras.
@ -139,8 +143,6 @@ Patch3: ruby-2.1.0-always-use-i386.patch
# Allows to install RubyGems into custom directory, outside of Ruby's tree.
# http://bugs.ruby-lang.org/issues/5617
Patch4: ruby-2.1.0-custom-rubygems-location.patch
# Make mkmf verbose by default
Patch5: ruby-1.9.3-mkmf-verbose.patch
# The ABRT hook used to be initialized by preludes via following patches:
# https://bugs.ruby-lang.org/issues/8566
# https://bugs.ruby-lang.org/issues/15306
@ -159,14 +161,6 @@ Patch7: ruby-3.1.0-Don-t-query-RubyVM-FrozenCore-for-class-path.patch
# Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
# https://bugs.ruby-lang.org/issues/16492
Patch19: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
# Fix a test for `bin/bundle update --bundler` in `make test-bundler`.
# https://bugs.ruby-lang.org/issues/18643
# https://github.com/rubygems/rubygems/commit/bfa2f72cfa3bfde34049d26dcb24976316074ad7
Patch20: ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch
# Workaround gem binary extensions build and installation issues.
# https://bugs.ruby-lang.org/issues/18373
# https://github.com/ruby/ruby/pull/5774
Patch21: ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch
# If digest argument to method `sign` is nil,
# NULL will be provided to OpenSSL function
# to let it choose digest itself.
@ -181,21 +175,75 @@ Patch23: ruby-3.1.2-ossl-tests-replace-sha1.patch
# https://github.com/ruby/ruby/pull/5934
Patch24: ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
# To regenerate the patch you need to have ruby, autoconf, xz, tar and make installed:
# tar -Jxvf ./ruby-3.1.2.tar.xz
# tar -Jxvf ./ruby-3.1.4.tar.xz
# git clone https://github.com/ruby/ruby.git
# cd ruby && git checkout v3_1_2
# cd ruby && git checkout v3_1_4
# patch -p1 < ../ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
# ./autogen.sh && ./configure
# make gc.rbinc miniprelude.c
# cd ..
# diff -u {ruby-3.1.2,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# diff -u {ruby-3.1.2,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# diff -u {ruby-3.1.4,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# diff -u {ruby-3.1.4,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
Patch25: ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# Define the GC compaction support macro at run time.
# https://bugs.ruby-lang.org/issues/18829
# https://github.com/ruby/ruby/pull/6019
# https://github.com/ruby/ruby/commit/2c190863239bee3f54cfb74b16bb6ea4cae6ed20
Patch26: ruby-3.2.0-Detect-compaction-support-during-runtime.patch
# Fix OpenSSL.fips_mode in OpenSSL 3 FIPS.
# https://github.com/ruby/openssl/pull/608
# https://github.com/ruby/ruby/commit/678d41bc51fe31834eec0b653ba0e47de5420aa0
Patch30: ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch
# Fix OpenSSL::PKey.read in OpenSSL 3 FIPS.
# The patch is a combination of the following 2 commits to simplify the patch.
# https://github.com/ruby/openssl/pull/615
# https://github.com/ruby/ruby/commit/2a4834057b30a26c38ece3961b370c0b2ee59380
# https://github.com/ruby/openssl/pull/669
# https://github.com/ruby/ruby/commit/b0ec1db8a72c530460abd9462ac75845362886bd
Patch31: ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch
# Enable tests in OpenSSL FIPS.
# https://github.com/ruby/openssl/pull/615
# https://github.com/ruby/ruby/commit/920bc71284f417f9044b0dc1822b1d29a8fc61e5
Patch32: ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch
# ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
# https://github.com/ruby/openssl/pull/674
# https://github.com/ruby/ruby/commit/b6d7cdc2bad0eadbca73f3486917f0ec7a475814
Patch33: ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch
# Drop hard dependency on RDoc in IRB.
# https://github.com/ruby/irb/pull/393
Patch34: ruby-irb-1.4.1-drop-rdoc-hard-dep.patch
# Set soft dependency on RDoc in input-method.rb in IRB.
# https://github.com/ruby/irb/pull/395
Patch35: ruby-irb-1.4.1-set-rdoc-soft-dep.patch
# A Weakmap test uses compaction without safeguarding if the method is defined.
# This test should be skipped if compaction is not supported on the platform.
# https://github.com/ruby/ruby/commit/bffadcd6d46ccfccade79ce0efb60ced8eac4483
# https://bugs.ruby-lang.org/issues/19529#note-7
Patch36: ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch
# Bundler does not correctly resolve archful gems in 2.3.26.
# Example of such an issue
# https://github.com/sclorg/s2i-ruby-container/issues/469
# The patch is an amalgamation of the following:
# https://github.com/rubygems/rubygems/pull/6225
# https://github.com/rubygems/rubygems/commit/7b64c64262a7a980c0eb23b96ea56cf72ea06e89
# Backport requested in
# https://bugs.ruby-lang.org/issues/19576
Patch37: rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch
Patch38: rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch
# Continuation of the bundler fix for s2i-ruby-container #469 issue.
# Additionally to already described problem, when bundler is run with
# --deployment it again resolves to the incorrect gem from Rubygems repository.
# Fix and test from:
# https://github.com/rubygems/rubygems/pull/6261
# https://bugs.ruby-lang.org/issues/19576#note-4
Patch39: rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch
Patch40: rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch
# Renew expired test certificates.
# https://github.com/ruby/net-http/pull/169
Patch41: ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch
# Update URI to 0.12.2 and Bundler::URI to 0.10.3 to mitigate CVE-2023-36617.
# https://github.com/ruby/ruby/pull/7996
Patch42: ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Suggests: rubypick
@ -338,6 +386,7 @@ Requires: ruby(rubygems) >= %{rubygems_version}
# ruby-default-gems is required to run irb.
# https://bugs.ruby-lang.org/issues/16951
Requires: ruby-default-gems >= %{ruby_version}
Recommends: rubygem(rdoc) >= %{rdoc_version}
Provides: irb = %{version}-%{release}
Provides: rubygem(irb) = %{version}-%{release}
# Obsoleted by Ruby 2.6 in F30 timeframe.
@ -477,6 +526,8 @@ many machines, systematically and repeatably.
%package bundled-gems
Summary: Bundled gems which are part of Ruby StdLib
Requires: ruby(rubygems) >= %{rubygems_version}
# Runtime dependency of rubygem(debug).
Recommends: rubygem(irb) >= %{irb_version}
Provides: rubygem(net-ftp) = %{net_ftp_version}
Provides: rubygem(net-imap) = %{net_imap_version}
Provides: rubygem(net-pop) = %{net_pop_version}
@ -646,23 +697,30 @@ rm -rf ext/fiddle/libffi*
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch19 -p1
%patch20 -p1
# Once the upstream tarball contains the files on the right place, this code
# won't be necessary. This should happen at the same moment when the patch21
# is not needed anymore.
mkdir .bundle/specifications
find .bundle/gems -name '*-[0-9]*.gemspec' -exec cp -t .bundle/specifications/ {} +
%patch21 -p1
%patch22
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p2
%patch39 -p2
%patch41 -p1
%patch42 -p1
pushd spec/bundler
%patch38 -p3
%patch40 -p3
popd
# Provide an example of usage of the tapset:
cp -a %{SOURCE3} .
@ -686,13 +744,16 @@ autoconf
--with-ruby-pc='%{name}.pc' \
--with-compress-debug-sections=no \
--disable-rpath \
--enable-mkmf-verbose \
--enable-shared \
--with-ruby-version='' \
--enable-multiarch \
# V=1 in %%make_build outputs the compiler options more verbosely.
# Set the V=1 VERBOSE=1. RPM 4.14 or earlier versions do not have the options.
# https://github.com/rpm-software-management/rpm/commit/8655493bdfd6b76271893b148033f2ff580d2d39
# https://bugs.ruby-lang.org/issues/18756
%make_build COPY="cp -p"
%make_build COPY="cp -p" V=1 VERBOSE=1
%install
rm -rf %{buildroot}
@ -873,6 +934,21 @@ checksec --file=libruby.so.%{ruby_version} | \
puts Gem::Resolver::Molinillo::VERSION\\\"\" | tail -1`" \
== '%{rubygems_molinillo_version}' ]
# OptParse.
make runruby TESTRUN_SCRIPT="-e \" \
module Gem; end; \
require 'rubygems/optparse/lib/optparse'; \
puts '%%{rubygems_optparse_version}: %{rubygems_optparse_version}'; \
puts %Q[Gem::OptionParser::Version: #{Gem::OptionParser::Version}]; \
exit 1 if Gem::OptionParser::Version != '%{rubygems_optparse_version}'; \
\""
# tsort
# TODO: Provide some real version test if version is available.
make runruby TESTRUN_SCRIPT="-e \" \
module Gem; end;\
require 'rubygems/tsort/lib/tsort'\""
# Check Bundler bundled dependencies versions.
# connection_pool.
@ -944,44 +1020,31 @@ MSPECOPTS=""
# Avoid `hostname' dependency.
%{!?with_hostname:MSPECOPTS="-P 'Socket.gethostname returns the host name'"}
# https://bugs.ruby-lang.org/issues/18380
DISABLE_TESTS="$DISABLE_TESTS -n !/TestAddressResolve#test_socket_getnameinfo_domain_blocking/"
# These tests use certificates that were generated using SHA1, which seems to be the problem with them
# as setting the crypto policy to LEGACY makes them pass.
# https://github.com/rubygems/rubygems/issues/5454
DISABLE_TESTS="$DISABLE_TESTS \
-n !/TestGemSecurityPolicy#test_check_cert_issuer/ \
-n !/TestGemSecurityPolicy#test_check_chain/ \
-n !/TestGemSecurityPolicy#test_check_chain_invalid/ \
-n !/TestGemSecurityPolicy#test_verify_signatures_missing/ \
-n !/TestGemSecurityPolicy#test_verify_signatures_trust/ \
-n !/TestGemSecurityPolicy#test_check_root/ \
-n !/TestGemSecurityPolicy#test_verify_signatures_chain/ \
-n !/TestGemSecurityPolicy#test_verify_chain_signatures/ \
-n !/TestGemSecurityPolicy#test_verify_signatures/ \
-n !/TestGemSecurityPolicy#test_verify_signatures_root/ \
-n !/TestGemSecuritySigner#test_sign/ \
-n !/TestGemPackage#test_verify_security_policy_checksum_missing/ \
-n !/TestGemPackage#test_build_auto_signed/ \
-n !/TestGemPackage#test_build_signed_encrypted_key/ \
-n !/TestGemPackage#test_verify_security_policy_low_security/ \
-n !/TestGemPackage#test_build_auto_signed_encrypted_key/ \
-n !/TestGemPackage#test_build_signed/ \
-n !/TestGemPackageTarWriter#test_add_file_signer/ \
-n !/TestGemRequest#test_configure_connection_for_https/ \
-n !/TestGemRequest#test_configure_connection_for_https_ssl_ca_cert/"
# Several test broken by libffi-3.4.2. There should be fix in libffi, once
# other components are fixed.
# https://bugzilla.redhat.com/show_bug.cgi?id=2040380
mv test/fiddle/test_import.rb{,.disable}
mv test/fiddle/test_closure.rb{,.disable}
DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunc#test_qsort1/"
DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/"
# Some infra allows DNS resolution but then does not allow
# connection to proceed, let's ignore it altogether for now.
# Our expectation is that there is no network connectivity outside
# available loopback interface. That is not the reality currently.
# https://issues.redhat.com/browse/CS-1959
DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/"
# Give an option to increase the timeout in tests.
# https://bugs.ruby-lang.org/issues/16921
%{?test_timeout_scale:RUBY_TEST_TIMEOUT_SCALE="%{test_timeout_scale}"} \
make check TESTS="-v $DISABLE_TESTS" MSPECOPT="-fs $MSPECOPTS"
# Run Ruby OpenSSL tests in OpenSSL FIPS.
make runruby TESTRUN_SCRIPT=" \
-I%{_builddir}/%{buildsubdir}/tool/lib --enable-gems \
%{SOURCE15} %{_builddir}/%{buildsubdir} --verbose"
%{?with_bundler_tests:make test-bundler-parallel}
%files
@ -1233,8 +1296,8 @@ mv test/fiddle/test_import.rb{,.disable}
%{gem_dir}/specifications/default/abbrev-0.1.0.gemspec
%{gem_dir}/specifications/default/base64-0.1.1.gemspec
%{gem_dir}/specifications/default/benchmark-0.2.0.gemspec
%{gem_dir}/specifications/default/cgi-0.3.1.gemspec
%{gem_dir}/specifications/default/csv-3.2.2.gemspec
%{gem_dir}/specifications/default/cgi-0.3.6.gemspec
%{gem_dir}/specifications/default/csv-3.2.5.gemspec
%{gem_dir}/specifications/default/date-3.2.2.gemspec
%{gem_dir}/specifications/default/delegate-0.2.0.gemspec
%{gem_dir}/specifications/default/did_you_mean-%{did_you_mean_version}.gemspec
@ -1255,7 +1318,7 @@ mv test/fiddle/test_import.rb{,.disable}
%{gem_dir}/specifications/default/ipaddr-1.2.4.gemspec
%{gem_dir}/specifications/default/logger-1.5.0.gemspec
%{gem_dir}/specifications/default/mutex_m-0.1.1.gemspec
%{gem_dir}/specifications/default/net-http-0.2.0.gemspec
%{gem_dir}/specifications/default/net-http-0.3.0.gemspec
%{gem_dir}/specifications/default/net-protocol-0.1.2.gemspec
%{gem_dir}/specifications/default/nkf-0.1.1.gemspec
%{gem_dir}/specifications/default/observer-0.1.1.gemspec
@ -1271,12 +1334,12 @@ mv test/fiddle/test_import.rb{,.disable}
%{gem_dir}/specifications/default/racc-%{racc_version}.gemspec
%{gem_dir}/specifications/default/readline-0.0.3.gemspec
%{gem_dir}/specifications/default/readline-ext-0.1.4.gemspec
%{gem_dir}/specifications/default/reline-0.3.0.gemspec
%{gem_dir}/specifications/default/reline-0.3.1.gemspec
%{gem_dir}/specifications/default/resolv-0.2.1.gemspec
%{gem_dir}/specifications/default/resolv-replace-0.1.0.gemspec
%{gem_dir}/specifications/default/rinda-0.1.1.gemspec
%{gem_dir}/specifications/default/ruby2_keywords-0.0.5.gemspec
%{gem_dir}/specifications/default/securerandom-0.1.1.gemspec
%{gem_dir}/specifications/default/securerandom-0.2.0.gemspec
%{gem_dir}/specifications/default/set-1.0.2.gemspec
%{gem_dir}/specifications/default/shellwords-0.1.0.gemspec
%{gem_dir}/specifications/default/singleton-0.1.1.gemspec
@ -1284,12 +1347,12 @@ mv test/fiddle/test_import.rb{,.disable}
%{gem_dir}/specifications/default/strscan-3.0.1.gemspec
%{gem_dir}/specifications/default/syslog-0.1.0.gemspec
%{gem_dir}/specifications/default/tempfile-0.1.2.gemspec
%{gem_dir}/specifications/default/time-0.2.0.gemspec
%{gem_dir}/specifications/default/time-0.2.2.gemspec
%{gem_dir}/specifications/default/timeout-0.2.0.gemspec
%{gem_dir}/specifications/default/tmpdir-0.1.2.gemspec
%{gem_dir}/specifications/default/tsort-0.1.0.gemspec
%{gem_dir}/specifications/default/un-0.2.0.gemspec
%{gem_dir}/specifications/default/uri-0.11.0.gemspec
%{gem_dir}/specifications/default/uri-0.12.2.gemspec
%{gem_dir}/specifications/default/weakref-0.1.1.gemspec
#%%{gem_dir}/specifications/default/win32ole-1.8.8.gemspec
%{gem_dir}/specifications/default/yaml-0.2.0.gemspec
@ -1375,7 +1438,6 @@ mv test/fiddle/test_import.rb{,.disable}
%doc %{gem_dir}/gems/debug-%{debug_version}/README.md
%{gem_dir}/gems/debug-%{debug_version}/Rakefile
%doc %{gem_dir}/gems/debug-%{debug_version}/TODO.md
%{gem_dir}/gems/debug-%{debug_version}/bin
%{gem_dir}/gems/debug-%{debug_version}/exe
%{gem_dir}/gems/debug-%{debug_version}/lib
%{gem_dir}/gems/debug-%{debug_version}/misc
@ -1466,7 +1528,7 @@ mv test/fiddle/test_import.rb{,.disable}
%license %{gem_dir}/gems/rbs-%{rbs_version}/BSDL
%doc %{gem_dir}/gems/rbs-%{rbs_version}/CHANGELOG.md
%license %{gem_dir}/gems/rbs-%{rbs_version}/COPYING
%{gem_dir}/gems/rbs-%{rbs_version}/Gemfile
%{gem_dir}/gems/rbs-%{rbs_version}/Gemfile*
%doc %{gem_dir}/gems/rbs-%{rbs_version}/README.md
%{gem_dir}/gems/rbs-%{rbs_version}/Rakefile
%{gem_dir}/gems/rbs-%{rbs_version}/Steepfile
@ -1523,7 +1585,6 @@ mv test/fiddle/test_import.rb{,.disable}
%{gem_dir}/gems/typeprof-%{typeprof_version}/lib
%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/tools
%exclude %{gem_dir}/gems/typeprof-%{typeprof_version}/typeprof-lsp
%exclude %{gem_dir}/gems/typeprof-%{typeprof_version}/vscode
%{gem_dir}/specifications/typeprof-%{typeprof_version}.gemspec
%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/Gemfile*
%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/README.md
@ -1531,6 +1592,30 @@ mv test/fiddle/test_import.rb{,.disable}
%changelog
* Thu Mar 14 2024 Jarek Prokop <jprokop@redhat.com> - 3.1.4-143
- Upgrade to Ruby 3.1.4.
Resolves: RHEL-29052
- Fix HTTP response splitting in CGI.
Resolves: RHEL-29054
- Fix ReDos vulnerability in URI.
Resolves: RHEL-29051
Resolves: RHEL-29050
- Fix ReDos vulnerability in Time.
Resolves: RHEL-29053
- Make RDoc soft dependency in IRB.
Resolves: RHEL-29048
* Sun Dec 03 2023 Jun Aruga <jaruga@redhat.com> - 3.1.2-142
- Bypass git submodule test failure on Git >= 2.38.1.
- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.
- Fix for tzdata-2022g.
- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS.
Resolves: RHEL-12437
- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters
Related: RHEL-12437
- Disable fiddle tests that use FFI closures.
Related: RHEL-12437
* Fri Jun 03 2022 Jarek Prokop <jprokop@redhat.com> - 3.1.2-141
- Upgrade to Ruby 3.1.2 by merging Fedora Rawhide branch (commit: b7b5473).
Resolves: rhbz#2063773