diff --git a/.gitignore b/.gitignore index 7cc7fff..62f9440 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -ruby-3.3.8.tar.xz +ruby-3.3.10.tar.xz diff --git a/rpm_test_helper.rb b/rpm_test_helper.rb index 671ca55..3b09fa4 100644 --- a/rpm_test_helper.rb +++ b/rpm_test_helper.rb @@ -52,7 +52,7 @@ module RPMTestHelper s.description = "Fake gemspec helper for testing Rubygem Generators".freeze s.email = ["example@example.com".freeze] s.files = ["LICENSE.txt".freeze, "lib/#{gem_info.name}.rb".freeze, "#{gem_info.name}.gemspec".freeze] - s.homepage = "https://pkgs.fedoraproject.org/rpms/ruby".freeze + s.homepage = "https://gitlab.com/redhat".freeze s.licenses = ["MIT".freeze] s.required_ruby_version = Gem::Requirement.new(">= 2.5.0".freeze) s.rubygems_version = "3.3.5".freeze diff --git a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 4cd8dd1..5461f1d 100644 --- a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3482,6 +3482,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3480,6 +3480,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index e6315c0..eeea8a0 100644 --- a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4321,7 +4321,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4319,7 +4319,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/ruby-2.1.0-always-use-i386.patch b/ruby-2.1.0-always-use-i386.patch index 8e1b4fe..9d5fff4 100644 --- a/ruby-2.1.0-always-use-i386.patch +++ b/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4385,6 +4385,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4383,6 +4383,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/ruby-2.1.0-custom-rubygems-location.patch b/ruby-2.1.0-custom-rubygems-location.patch index 7dc8eca..30292e9 100644 --- a/ruby-2.1.0-custom-rubygems-location.patch +++ b/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4357,6 +4357,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4355,6 +4355,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4381,6 +4385,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4379,6 +4383,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/ruby-2.3.0-ruby_version.patch b/ruby-2.3.0-ruby_version.patch index 68782cd..af424a8 100644 --- a/ruby-2.3.0-ruby_version.patch +++ b/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -4271,9 +4271,6 @@ AS_CASE(["$target_os"], +@@ -4269,9 +4269,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4296,57 +4293,63 @@ AC_ARG_WITH(ridir, +@@ -4294,57 +4291,63 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -122,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4363,6 +4366,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4361,6 +4364,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl diff --git a/ruby-3.3.0-Disable-syntax-suggest-test-case.patch b/ruby-3.3.0-Disable-syntax-suggest-test-case.patch index 1119a59..cbfe623 100644 --- a/ruby-3.3.0-Disable-syntax-suggest-test-case.patch +++ b/ruby-3.3.0-Disable-syntax-suggest-test-case.patch @@ -12,7 +12,7 @@ diff --git a/common.mk b/common.mk index d55d1788aa..73755f6ccd 100644 --- a/common.mk +++ b/common.mk -@@ -1601,8 +1601,6 @@ yes-test-syntax-suggest: $(PREPARE_SYNTAX_SUGGEST) +@@ -1607,8 +1607,6 @@ yes-test-syntax-suggest: $(PREPARE_SYNTAX_SUGGEST) $(ACTIONS_ENDGROUP) no-test-syntax-suggest: diff --git a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch index d0c10a0..f2bce8b 100644 --- a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch +++ b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch @@ -171,7 +171,7 @@ index f35fad6a362611..0da15772d36671 100644 AC_CACHE_CHECK([whether compiler has statement and declarations in expressions], rb_cv_have_stmt_and_decl_in_expr, [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[ __extension__ ({ int a = 0; a; }); ]])], -@@ -4215,12 +4272,13 @@ AS_IF([test "${ARCH_FLAG}"], [ +@@ -4213,12 +4270,13 @@ AS_IF([test "${ARCH_FLAG}"], [ rb_cv_warnflags=`echo "$rb_cv_warnflags" | sed 's/^ *//;s/ *$//'` warnflags="$rb_cv_warnflags" AC_SUBST(cppflags)dnl @@ -186,7 +186,7 @@ index f35fad6a362611..0da15772d36671 100644 AC_SUBST(XCFLAGS)dnl AC_SUBST(XLDFLAGS)dnl AC_SUBST(EXTLDFLAGS)dnl -@@ -4688,6 +4746,7 @@ config_summary "DLDFLAGS" "$DLDFLAGS" +@@ -4686,6 +4744,7 @@ config_summary "DLDFLAGS" "$DLDFLAGS" config_summary "optflags" "$optflags" config_summary "debugflags" "$debugflags" config_summary "warnflags" "$warnflags" @@ -255,7 +255,7 @@ diff --git a/template/Makefile.in b/template/Makefile.in index 033ac56cb38886..abb4469777ce8a 100644 --- a/template/Makefile.in +++ b/template/Makefile.in -@@ -89,6 +89,7 @@ cflags = @cflags@ +@@ -90,6 +90,7 @@ cflags = @cflags@ optflags = @optflags@ debugflags = @debugflags@ warnflags = @warnflags@ @strict_warnflags@ diff --git a/ruby-3.4.0-openssl-fix-test-provider-in-fips.patch b/ruby-3.4.0-openssl-fix-test-provider-in-fips.patch index 21abef1..fcd1db4 100644 --- a/ruby-3.4.0-openssl-fix-test-provider-in-fips.patch +++ b/ruby-3.4.0-openssl-fix-test-provider-in-fips.patch @@ -20,10 +20,10 @@ index 4e050b4bc2..e27968602a 100644 class OpenSSL::TestProvider < OpenSSL::TestCase def test_openssl_provider_name_inspect -@@ -13,14 +13,22 @@ def test_openssl_provider_name_inspect +@@ -12,14 +12,22 @@ def test_openssl_provider_name_inspect + end def test_openssl_provider_names - omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/ + # We expect the following providers are loaded in the cases: + # * Non-FIPS: default + # * FIPS: fips, base @@ -49,10 +49,10 @@ index 4e050b4bc2..e27968602a 100644 end; end -@@ -35,6 +43,9 @@ def test_unloaded_openssl_provider +@@ -33,6 +41,9 @@ def test_unloaded_openssl_provider + end def test_openssl_legacy_provider - omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/ + # The legacy provider is not supported on FIPS. + omit_on_fips + diff --git a/ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch b/ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch deleted file mode 100644 index 0dc2c7d..0000000 --- a/ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 02c40367d918d3bc42098e1fcfe0c822319f4d37 Mon Sep 17 00:00:00 2001 -From: Jun Aruga -Date: Thu, 8 Feb 2024 18:53:32 +0100 -Subject: [PATCH] [ruby/openssl] test_provider.rb: Make a legacy provider test - optional. - -In some cases such as OpenSSL package in FreeBSD[1], the legacy provider is not -installed intentionally. So, we omit a test depending the legacy provider if the -legacy provider is not loadable. - -For the test_openssl_provider_names test, we use base provider[2] instead of -legacy provider, because we would expect the base provider is always loadable -in OpenSSL 3 for now. - -* [1] https://www.freshports.org/security/openssl/ -* [2] https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers - -https://github.com/ruby/openssl/commit/7223da7730 ---- - test/openssl/test_provider.rb | 15 ++++++++++----- - 1 file changed, 10 insertions(+), 5 deletions(-) - -diff --git a/test/openssl/test_provider.rb b/test/openssl/test_provider.rb -index 7361a0e250..4e050b4bc2 100644 ---- a/test/openssl/test_provider.rb -+++ b/test/openssl/test_provider.rb -@@ -14,13 +14,13 @@ def test_openssl_provider_name_inspect - def test_openssl_provider_names - omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/ - with_openssl <<-'end;' -- legacy_provider = OpenSSL::Provider.load("legacy") -+ base_provider = OpenSSL::Provider.load("base") - assert_equal(2, OpenSSL::Provider.provider_names.size) -- assert_includes(OpenSSL::Provider.provider_names, "legacy") -+ assert_includes(OpenSSL::Provider.provider_names, "base") - -- assert_equal(true, legacy_provider.unload) -+ assert_equal(true, base_provider.unload) - assert_equal(1, OpenSSL::Provider.provider_names.size) -- assert_not_includes(OpenSSL::Provider.provider_names, "legacy") -+ assert_not_includes(OpenSSL::Provider.provider_names, "base") - end; - end - -@@ -36,7 +36,12 @@ def test_unloaded_openssl_provider - def test_openssl_legacy_provider - omit 'not working on freebsd RubyCI' if ENV['RUBYCI_NICKNAME'] =~ /freebsd/ - with_openssl(<<-'end;') -- OpenSSL::Provider.load("legacy") -+ begin -+ OpenSSL::Provider.load("legacy") -+ rescue OpenSSL::Provider::ProviderError -+ omit "Only for OpenSSL with legacy provider" -+ end -+ - algo = "RC4" - data = "a" * 1000 - key = OpenSSL::Random.random_bytes(16) diff --git a/ruby.spec b/ruby.spec index 3905a8d..f1c22ad 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 8 +%global teeny_version 10 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -79,7 +79,7 @@ %global nkf_version 0.1.3 %global observer_version 0.1.2 %global open3_version 0.2.1 -%global openssl_version 3.2.0 +%global openssl_version 3.2.2 %global open_uri_version 0.4.1 %global optparse_version 0.4.0 %global ostruct_version 0.6.0 @@ -89,7 +89,7 @@ %global pstore_version 0.1.3 %global readline_version 0.0.4 %global reline_version 0.5.10 -%global resolv_version 0.3.0 +%global resolv_version 0.3.1 %global resolv_replace_version 0.1.1 %global rinda_version 0.2.0 %global ruby2_keywords_version 0.0.5 @@ -107,7 +107,7 @@ %global tmpdir_version 0.2.0 %global tsort_version 0.2.0 %global un_version 0.3.0 -%global uri_version 0.13.2 +%global uri_version 0.13.3 %global weakref_version 0.1.3 %global win32ole_version 1.8.10 %global yaml_version 0.3.0 @@ -125,7 +125,7 @@ # Bundled gems. %global debug_version 1.9.2 %global net_ftp_version 0.3.4 -%global net_imap_version 0.4.19 +%global net_imap_version 0.4.21 %global net_pop_version 0.1.2 %global net_smtp_version 0.5.1 %global matrix_version 0.4.2 @@ -135,7 +135,7 @@ %global racc_version 1.7.3 %global rake_version 13.1.0 %global rbs_version 3.4.0 -%global rexml_version 3.3.9 +%global rexml_version 3.4.4 %global rss_version 0.3.1 %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 @@ -173,7 +173,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 10%{?dist} +Release: 11%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -189,9 +189,10 @@ Release: 10%{?dist} # https://github.com/flori/json/issues/277 # https://github.com/flori/json/pull/567 # -# Licenses under review: -# .bundle/gems/net-imap-0.4.19/LICENSE.txt -# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 +# IETF (this is not official SPDX identifier) +# .bundle/gems/net-imap-0.4.9/LICENSE.txt +# Licenses in this file covers fair use and don't need to be listed: +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 # # BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c, addr2line.c:2652 # CC0: ccan/{build_assert/build_assert.h,check_type/check_type.h, @@ -285,10 +286,6 @@ Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.p # https://github.com/ruby/openssl/pull/710 # https://github.com/ruby/ruby/commit/6213ab1a51387fd9cdcb5e87908722f3bbdf78cb Patch13: ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch -# test_provider.rb: Make a legacy provider test optional. -# https://github.com/ruby/openssl/pull/721 -# https://github.com/ruby/ruby/commit/eb4082284aace391a16a389a70eeaf1e7db5c542 -Patch14: ruby-3.4.0-openssl-make-a-legacy-provider-test-optional.patch # Fix test_provider.rb in FIPS. # https://github.com/ruby/openssl/pull/794 # https://github.com/ruby/ruby/commit/ad742de79bcce53290005429868f63c51cbeb0f2 @@ -314,11 +311,6 @@ BuildRequires: zlib-devel %{?with_gmp:BuildRequires: gmp-devel} %{?with_systemtap:BuildRequires: %{_bindir}/dtrace} %{?with_systemtap:BuildRequires: systemtap-sdt-devel} -# Despite pulling what we'd expect to need, there is a missing dependency -# in systemtap, where pulling in %%{_bindir}/dtrace does not pull in also -# the python3-pyparsing package that is required for full functionality. -# Workaround: RHEL-86248 -%{?with_systemtap:BuildRequires: python3-pyparsing} %{?with_yjit:BuildRequires: %{_bindir}/rustc} # Install section @@ -782,7 +774,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch 9 -p1 %patch 12 -p1 %patch 13 -p1 -%patch 14 -p1 %patch 15 -p1 %patch 16 -p1 @@ -1790,6 +1781,14 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Thu Nov 13 2025 Jun Aruga - 3.3.10-11 +- Upgrade to Ruby 3.3.10. + Resolves: RHEL-130160 +- Fix possible denial of service in resolv gem (CVE-2025-24294) +- Fix URI Credential Leakage Bypass previous fixes. (CVE-2025-61594) +- Fix REXML denial of service. (CVE-2025-58767) + Resolves: RHEL-122028 + * Mon Apr 14 2025 Jarek Prokop - 3.3.8-10 - Upgrade to Ruby 3.3.8. Resolves: RHEL-87342 diff --git a/sources b/sources index a0dfe11..816497d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.8.tar.xz) = 71c2f3ac9955e088fa885fd2ff695e67362a770a5d33e5160081eda3dd298ca2c692e299b03d757caecfbc94043fedc4ad093de84c505585d480cb36bbf978b9 +SHA512 (ruby-3.3.10.tar.xz) = 8b81cab7b98acb6ff7bdf864da5e97596ee1efa441e2a65991e12a7e3f3ad3d83b1b5c65ae108484252ec8f6d85db60eb381a174c759023beb202b5a0d20818a