Upgrade to Ruby 3.3.8.

Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186) Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219) Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221) Resolves: RHEL-87342 Resolves: RHEL-86116
2025-04-11 13:25:53 +02:00 · 2025-04-11 13:25:53 +02:00 · cba38803ee
commit cba38803ee
parent 483cc068c2
2 changed files with 19 additions and 8 deletions
--- a/ruby.spec
+++ b/ruby.spec
@ -1,6 +1,6 @@
 %global major_version 3
 %global minor_version 3
-%global teeny_version 7
+%global teeny_version 8
 %global major_minor_version %{major_version}.%{minor_version}

 %global ruby_version %{major_minor_version}.%{teeny_version}
@ -52,7 +52,7 @@
 %global abbrev_version 0.1.2
 %global base64_version 0.2.0
 %global benchmark_version 0.3.0
-%global cgi_version 0.4.1
+%global cgi_version 0.4.2
 %global csv_version 3.2.8
 %global date_version 3.3.4
 %global delegate_version 0.3.1
@ -107,7 +107,7 @@
 %global tmpdir_version 0.2.0
 %global tsort_version 0.2.0
 %global un_version 0.3.0
-%global uri_version 0.13.1
+%global uri_version 0.13.2
 %global weakref_version 0.1.3
 %global win32ole_version 1.8.10
 %global yaml_version 0.3.0
@ -125,9 +125,9 @@
 # Bundled gems.
 %global debug_version 1.9.2
 %global net_ftp_version 0.3.4
-%global net_imap_version 0.4.9.1
+%global net_imap_version 0.4.19
 %global net_pop_version 0.1.2
-%global net_smtp_version 0.4.0.1
+%global net_smtp_version 0.5.1
 %global matrix_version 0.4.2
 %global minitest_version 5.20.0
 %global power_assert_version 2.0.3
@ -173,7 +173,7 @@
 Summary: An interpreter of object-oriented scripting language
 Name: ruby
 Version: %{ruby_version}%{?development_release}
-Release: 9%{?dist}
+Release: 10%{?dist}
 # Licenses, which are likely not included in binary RPMs:
 # Apache-2.0:
 #   benchmark/gc/redblack.rb
@ -190,7 +190,7 @@ Release: 9%{?dist}
 #   https://github.com/flori/json/pull/567
 #
 # Licenses under review:
-#   .bundle/gems/net-imap-0.4.9/LICENSE.txt
+#   .bundle/gems/net-imap-0.4.19/LICENSE.txt
 #   https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506
 #
 # BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c, addr2line.c:2652
@ -1613,12 +1613,15 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \
 # net-imap
 %dir %{gem_instdir net-imap}
 %{gem_instdir net-imap}/Gemfile
+%license %{gem_instdir net-imap}/BSDL
+%license %{gem_instdir net-imap}/COPYING
 %license %{gem_instdir net-imap}/LICENSE.txt
 %doc %{gem_instdir net-imap}/README.md
 %{gem_instdir net-imap}/Rakefile
 %{gem_instdir net-imap}/docs
 %{gem_libdir net-imap}
 %{gem_instdir net-imap}/rakelib
+%{gem_instdir net-imap}/sample
 %{gem_spec net-imap}

 # net-pop
@ -1768,6 +1771,14 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \


 %changelog
+* Mon Apr 14 2025 Jarek Prokop <jprokop@redhat.com> - 3.3.8-10
+- Upgrade to Ruby 3.3.8.
+  Resolves: RHEL-87342
+- Fix Net::IMAP vulnerable to possible DoS by memory exhaustion. (CVE-2025-25186)
+- Fix Denial of Service in CGI::Cookie.parse. (CVE-2025-27219)
+  Resolves: RHEL-86116
+- Fix userinfo leakage in URI#join, URI#merge and URI#+. (CVE-2025-27221)
+
 * Thu Jan 30 2025 Jun Aruga <jaruga@redhat.com> - 3.3.7-9
 - Upgrade to Ruby 3.3.7
  Resolves: RHEL-77994
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (ruby-3.3.7.tar.xz) = 4082a7684c1b0d53a0ce493f79568e851d37a864f59c58b2e0c273b2659e0ca75318ddff939fdf5e9d0a3eeba1b6d8f03bf88afb49a5ffd77714f1c8a7dfdd55
+SHA512 (ruby-3.3.8.tar.xz) = 71c2f3ac9955e088fa885fd2ff695e67362a770a5d33e5160081eda3dd298ca2c692e299b03d757caecfbc94043fedc4ad093de84c505585d480cb36bbf978b9