diff --git a/.gitignore b/.gitignore index aa86bd3..b621ba8 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-3.3.5.tar.xz +SOURCES/ruby-3.3.8.tar.xz diff --git a/.ruby.metadata b/.ruby.metadata index b1924b7..2158405 100644 --- a/.ruby.metadata +++ b/.ruby.metadata @@ -1 +1 @@ -692bc3188bdb9ec30b8672543961b011d699590a SOURCES/ruby-3.3.5.tar.xz +9ee07098fd930744d8df5d4945b5f99d2fecb9ef SOURCES/ruby-3.3.8.tar.xz diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch index 50b4466..68782cd 100644 --- a/SOURCES/ruby-2.3.0-ruby_version.patch +++ b/SOURCES/ruby-2.3.0-ruby_version.patch @@ -227,7 +227,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index b25068405d..e9fef4a311 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1353,7 +1353,8 @@ def test_self_use_paths +@@ -1365,7 +1365,8 @@ def test_self_use_paths def test_self_user_dir parts = [@userhome, ".gem", Gem.ruby_engine] @@ -237,7 +237,7 @@ index b25068405d..e9fef4a311 100644 FileUtils.mkdir_p File.join(parts) -@@ -1429,7 +1430,7 @@ def test_self_vendor_dir +@@ -1441,7 +1442,7 @@ def test_self_vendor_dir vendordir(File.join(@tempdir, "vendor")) do expected = File.join RbConfig::CONFIG["vendordir"], "gems", diff --git a/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch b/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch index 309507f..0f32243 100644 --- a/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch +++ b/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch @@ -58,7 +58,7 @@ diff --git a/ruby.c b/ruby.c index 60c57d6259..1eec16f2c8 100644 --- a/ruby.c +++ b/ruby.c -@@ -1722,10 +1722,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) +@@ -1724,10 +1724,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) void Init_builtin_features(void); diff --git a/SOURCES/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch b/SOURCES/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch deleted file mode 100644 index c700539..0000000 --- a/SOURCES/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 2daad257bee7a500e18ebe553e79487b267fb140 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Mon, 12 Aug 2024 20:18:34 +0900 -Subject: [PATCH] Avoid another race condition of open mode - -Instead, just open in CREATE and APPEND mode. -Also, move the workaround for old Solaris as fallback to retry. ---- - lib/rubygems.rb | 14 +++++--------- - 1 file changed, 5 insertions(+), 9 deletions(-) - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index 2b52cde0a749..c51ba69203cb 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -778,24 +778,20 @@ def self.open_file(path, flags, &block) - File.open(path, flags, &block) - end - -+ MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT # :nodoc: -+ - ## - # Open a file with given flags, and protect access with flock - - def self.open_file_with_flock(path, &block) -- flags = File.exist?(path) ? "r+" : "a+" -- -- File.open(path, flags) do |io| -+ File.open(path, MODE_TO_FLOCK) do |io| - begin - io.flock(File::LOCK_EX) - rescue Errno::ENOSYS, Errno::ENOTSUP -+ rescue Errno::ENOLCK # NFS -+ raise unless Thread.main == Thread.current - end - yield io -- rescue Errno::ENOLCK # NFS -- if Thread.main != Thread.current -- raise -- else -- open_file(path, flags, &block) -- end - end - end - diff --git a/SOURCES/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch b/SOURCES/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch deleted file mode 100644 index 0af11cf..0000000 --- a/SOURCES/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch +++ /dev/null @@ -1,183 +0,0 @@ -From ace303c2d7bc0d98407e5e8b1ca77de07aa0eb75 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Tue, 13 Aug 2024 17:19:41 +0900 -Subject: [PATCH 1/3] Remove the lock file for binstubs - -https://github.com/rubygems/rubygems/pull/7806#issuecomment-2241662488 ---- - lib/rubygems.rb | 2 +- - lib/rubygems/installer.rb | 3 ++- - test/rubygems/test_gem_installer.rb | 10 ++++++++++ - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index bd9f240e2091..7626ccfdf0d6 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -778,7 +778,7 @@ def self.open_file(path, flags, &block) - File.open(path, flags, &block) - end - -- MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT # :nodoc: -+ MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT | IO::SHARE_DELETE | IO::BINARY # :nodoc: - - ## - # Open a file with given flags, and protect access with flock -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index d558c0be2bfa..8f95bab733f8 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -538,7 +538,7 @@ def generate_plugins # :nodoc: - def generate_bin_script(filename, bindir) - bin_script_path = File.join bindir, formatted_program_filename(filename) - -- Gem.open_file_with_flock("#{bin_script_path}.lock") do -+ Gem.open_file_with_flock("#{bin_script_path}.lock") do |lock| - require "fileutils" - FileUtils.rm_f bin_script_path # prior install may have been --no-wrappers - -@@ -546,6 +546,7 @@ def generate_bin_script(filename, bindir) - file.write app_script_text(filename) - file.chmod(options[:prog_mode] || 0o755) - end -+ File.unlink(lock.path) - end - - verbose bin_script_path -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index a61d1b6fff28..2f4ff7349db4 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -1083,6 +1083,8 @@ def test_install_creates_working_binstub - end - - assert_match(/ran executable/, e.message) -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_conflicting_binstubs -@@ -1131,6 +1133,8 @@ def test_conflicting_binstubs - # We expect the bin stub to activate the version that actually contains - # the binstub. - assert_match("I have an executable", e.message) -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_creates_binstub_that_understand_version -@@ -1160,6 +1164,8 @@ def test_install_creates_binstub_that_understand_version - end - - assert_includes(e.message, "can't find gem a (= 3.0)") -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_creates_binstub_that_prefers_user_installed_gem_to_default -@@ -1192,6 +1198,8 @@ def test_install_creates_binstub_that_prefers_user_installed_gem_to_default - end - - assert_equal(e.message, "ran executable") -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_creates_binstub_that_dont_trust_encoding -@@ -1222,6 +1230,8 @@ def test_install_creates_binstub_that_dont_trust_encoding - end - - assert_match(/ran executable/, e.message) -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_with_no_prior_files - -From fa0700e0f52827ae05da59a331a2917a12c09b8a Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Thu, 15 Aug 2024 16:20:46 +0900 -Subject: [PATCH 2/3] Workaround for TruffleRuby - ---- - lib/rubygems.rb | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index 7626ccfdf0d6..9d40fcc2f77a 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -778,7 +778,9 @@ def self.open_file(path, flags, &block) - File.open(path, flags, &block) - end - -- MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT | IO::SHARE_DELETE | IO::BINARY # :nodoc: -+ mode = IO::RDONLY | IO::APPEND | IO::CREAT | IO::BINARY -+ mode |= IO::SHARE_DELETE if IO.const_defined?(:SHARE_DELETE) -+ MODE_TO_FLOCK = mode # :nodoc: - - ## - # Open a file with given flags, and protect access with flock - -From 6548e7aa17186687d0a8b99571885f148363016d Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Fri, 16 Aug 2024 20:19:22 +0900 -Subject: [PATCH 3/3] Ensure that the lock file will be removed - ---- - lib/rubygems/installer.rb | 3 ++- - test/rubygems/test_gem_installer.rb | 27 +++++++++++++++++++++++++++ - 2 files changed, 29 insertions(+), 1 deletion(-) - -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index 8f95bab733f8..1085f73fca53 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -546,7 +546,8 @@ def generate_bin_script(filename, bindir) - file.write app_script_text(filename) - file.chmod(options[:prog_mode] || 0o755) - end -- File.unlink(lock.path) -+ ensure -+ FileUtils.rm_f lock.path - end - - verbose bin_script_path -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index 2f4ff7349db4..ad5b1a244e80 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -1234,6 +1234,33 @@ def test_install_creates_binstub_that_dont_trust_encoding - assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - -+ def test_install_does_not_leave_lockfile_for_binstub -+ installer = util_setup_installer -+ -+ installer.wrappers = true -+ -+ File.class_eval do -+ alias_method :original_chmod, :chmod -+ define_method(:chmod) do |mode| -+ original_chmod(mode) -+ raise Gem::Ext::BuildError if path.end_with?("/executable") -+ end -+ end -+ -+ assert_raise(Gem::Ext::BuildError) do -+ installer.install -+ end -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) -+ # assert_path_not_exist(File.join(installer.bin_dir, "executable")) -+ ensure -+ File.class_eval do -+ remove_method :chmod -+ alias_method :chmod, :original_chmod -+ remove_method :original_chmod -+ end -+ end -+ - def test_install_with_no_prior_files - installer = util_setup_installer - diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 98e3ef8..2c435e7 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 5 +%global teeny_version 8 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -27,30 +27,32 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.16 +%global rubygems_version 3.5.22 %global rubygems_molinillo_version 0.8.0 -%global rubygems_net_http_version 0.4.0 +%global rubygems_net_http_version 0.4.1 %global rubygems_net_protocol_version 0.2.2 %global rubygems_optparse_version 0.4.0 -%global rubygems_resolv_version 0.3.0 +%global rubygems_resolv_version 0.4.0 +%global rubygems_securerandom_version 0.3.1 %global rubygems_timeout_version 0.4.1 %global rubygems_tsort_version 0.2.0 -%global rubygems_uri_version 0.13.0 +%global rubygems_uri_version 0.13.1 # Default gems. -%global bundler_version 2.5.16 +%global bundler_version 2.5.22 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 -%global bundler_net_http_persistent_version 4.0.2 +%global bundler_net_http_persistent_version 4.0.4 %global bundler_pub_grub_version 0.5.0 +%global bundler_securerandom_version 0.3.1 %global bundler_thor_version 1.3.0 %global bundler_tsort_version 0.2.0 -%global bundler_uri_version 0.13.0 +%global bundler_uri_version 0.13.1 %global abbrev_version 0.1.2 %global base64_version 0.2.0 %global benchmark_version 0.3.0 -%global cgi_version 0.4.1 +%global cgi_version 0.4.2 %global csv_version 3.2.8 %global date_version 3.3.4 %global delegate_version 0.3.1 @@ -86,7 +88,7 @@ %global prettyprint_version 0.2.0 %global pstore_version 0.1.3 %global readline_version 0.0.4 -%global reline_version 0.5.7 +%global reline_version 0.5.10 %global resolv_version 0.3.0 %global resolv_replace_version 0.1.1 %global rinda_version 0.2.0 @@ -97,7 +99,7 @@ %global singleton_version 0.2.0 %global stringio_version 3.1.1 %global strscan_version 3.0.9 -%global syntax_suggest_version 2.0.0 +%global syntax_suggest_version 2.0.1 %global syslog_version 0.1.2 %global tempfile_version 0.2.1 %global time_version 0.3.0 @@ -105,7 +107,7 @@ %global tmpdir_version 0.2.0 %global tsort_version 0.2.0 %global un_version 0.3.0 -%global uri_version 0.13.1 +%global uri_version 0.13.2 %global weakref_version 0.1.3 %global win32ole_version 1.8.10 %global yaml_version 0.3.0 @@ -116,16 +118,16 @@ %global bigdecimal_version 3.1.5 %global io_console_version 0.7.1 %global irb_version 1.13.1 -%global json_version 2.7.1 +%global json_version 2.7.2 %global psych_version 5.1.2 %global rdoc_version 6.6.3.1 # Bundled gems. -%global debug_version 1.9.1 +%global debug_version 1.9.2 %global net_ftp_version 0.3.4 -%global net_imap_version 0.4.9.1 +%global net_imap_version 0.4.19 %global net_pop_version 0.1.2 -%global net_smtp_version 0.4.0.1 +%global net_smtp_version 0.5.1 %global matrix_version 0.4.2 %global minitest_version 5.20.0 %global power_assert_version 2.0.3 @@ -133,7 +135,7 @@ %global racc_version 1.7.3 %global rake_version 13.1.0 %global rbs_version 3.4.0 -%global rexml_version 3.3.6 +%global rexml_version 3.3.9 %global rss_version 0.3.1 %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 @@ -167,7 +169,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 3%{?dist} +Release: 4%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -184,7 +186,7 @@ Release: 3%{?dist} # https://github.com/flori/json/pull/567 # # Licenses under review: -# .bundle/gems/net-imap-0.4.9/LICENSE.txt +# .bundle/gems/net-imap-0.4.19/LICENSE.txt # https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 # # BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c, addr2line.c:2652 @@ -275,15 +277,6 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Make sure hardeding flags are correctly applied. # https://bugs.ruby-lang.org/issues/20520 Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch -# Fix build error: -# RPM build errors: -# error: Installed (but unpackaged) file(s) found: -# /usr/bin/bundle.lock -# This would break not only Ruby itself, but allso all rubygem-packages. -# https://github.com/rubygems/rubygems/pull/7931 -Patch13: rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch -# https://github.com/rubygems/rubygems/pull/7939 -Patch14: rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -405,6 +398,7 @@ Provides: bundled(rubygem-net-http) = %{rubygems_net_http_version} Provides: bundled(rubygem-net-protocol) = %{rubygems_net_protocol_version} Provides: bundled(rubygem-optparse) = %{rubygems_optparse_version} Provides: bundled(rubygem-resolv) = %{rubygems_resolv_version} +Provides: bundled(rubygem-securerandom) = %{rubygems_securerandom_version} Provides: bundled(rubygem-timeout) = %{rubygems_timeout_version} Provides: bundled(rubygem-tsort) = %{rubygems_tsort_version} @@ -577,6 +571,7 @@ Provides: bundled(rubygem-connection_pool) = %{bundler_connection_pool_version Provides: bundled(rubygem-fileutils) = %{bundler_fileutils_version} Provides: bundled(rubygem-net-http-persistent) = %{bundler_net_http_persistent_version} Provides: bundled(rubygem-pub_grub) = %{bundler_pub_grub_version} +Provides: bundled(rubygem-securerandom) = %{bundler_securerandom_version} Provides: bundled(rubygem-thor) = %{bundler_thor_version} Provides: bundled(rubygem-uri) = %{bundler_uri_version} BuildArch: noarch @@ -757,8 +752,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch -P 6 -p1 %patch -P 9 -p1 %patch -P 12 -p1 -%patch -P 13 -p1 -%patch -P 14 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -1016,6 +1009,15 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Gem::Resolv::VERSION != '%{rubygems_resolv_version}'; \ \"" +# SecureRandom. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + module Gem; module Random; end; end; \ + require 'rubygems/vendor/securerandom/lib/securerandom'; \ + puts '%%{rubygems_securerandom_version}: %{rubygems_securerandom_version}'; \ + puts %Q[Gem::SecureRandom::VERSION: #{Gem::SecureRandom::VERSION}]; \ + exit 1 if Gem::SecureRandom::VERSION != '%{rubygems_securerandom_version}'; \ +\"" + # Timeout. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ @@ -1082,6 +1084,15 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Gem::Net::HTTP::Persistent::VERSION != '%{bundler_net_http_persistent_version}'; \ \"" +# SecureRandom. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + module Bundler; module Random; end; end; \ + require 'bundler/vendor/securerandom/lib/securerandom'; \ + puts '%%{bundler_securerandom_version}: %{bundler_securerandom_version}'; \ + puts %Q[Bundler::SecureRandom::VERSION: #{Bundler::SecureRandom::VERSION}]; \ + exit 1 if Bundler::SecureRandom::VERSION != '%{bundler_securerandom_version}'; \ +\"" + # Thor. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Bundler; end; \ @@ -1581,12 +1592,15 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ # net-imap %dir %{gem_instdir net-imap} %{gem_instdir net-imap}/Gemfile +%license %{gem_instdir net-imap}/BSDL +%license %{gem_instdir net-imap}/COPYING %license %{gem_instdir net-imap}/LICENSE.txt %doc %{gem_instdir net-imap}/README.md %{gem_instdir net-imap}/Rakefile %{gem_instdir net-imap}/docs %{gem_libdir net-imap} %{gem_instdir net-imap}/rakelib +%{gem_instdir net-imap}/sample %{gem_spec net-imap} # net-pop @@ -1736,22 +1750,30 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Fri Apr 11 2025 Jarek Prokop - 3.3.8-4 +- Upgrade to Ruby 3.3.8. + Resolves: RHEL-86933 +- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186) +- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219) + Resolves: RHEL-87182 +- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221) + * Wed Sep 04 2024 Jarek Prokop - 3.3.5-3 - Upgrade to Ruby 3.3.5 - Resolves: RHEL-55411 + Resolves: RHEL-57577 - Fix DoS vulnerability in rexml. (CVE-2024-39908) (CVE-2024-41946) (CVE-2024-43398) - Resolves: RHEL-57575 - Resolves: RHEL-57572 - Resolves: RHEL-57068 + Resolves: RHEL-57574 + Resolves: RHEL-57571 + Resolves: RHEL-57579 - Fix REXML DoS when parsing an XML having many specific characters such as whitespace character, >] and ]>. (CVE-2024-41123) - Resolves: RHEL-57569 + Resolves: RHEL-57568 - Fix incorrect symlink for rubygem-irb's library. - Resolves: RHEL-42646 + Resolves: RHEL-57598 * Mon May 20 2024 Jarek Prokop - 3.3.1-2 - Upgrade to Ruby 3.3.1.