rpms/ruby - ruby - AlmaLinux OS Foundation Git Server

rpms/ruby

Author SHA1 Message Date

Author	SHA1	Message	Date
Jun Aruga	3cd2ea3699	Upgrade to Ruby 3.0.7. * Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 The released Ruby 3.0.5 includes the following fix. * Fix HTTP response splitting in CGI. Resolves: RHEL-35741 The released Ruby 3.0.6 includes the following fixes. * Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 * Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 The released Ruby 3.0.7 includes the following fixes. * Fix buffer overread vulnerability in StringIO. Resolves: RHEL-35744 * Fix RCE vulnerability with .rdoc_options in RDoc. Resolves: RHEL-35746 * Fix arbitrary memory address read vulnerability with Regex search. Resolves: RHEL-35747 Replaced the patch ruby-3.0.3-ext-openssl-extconf.rb-require-OpenSSL-version-1.0.1.patch with the tiny patch ruby-ext-openssl-extconf.rb-ignore-OpenSSL-version-check.patch not using the reverse logic. Because it was hard to maintain the patch file, when the included file was updated on the upstream. Added the following patches. * Fix net-http test errors due to expired certificate. The patch ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch was copied from the part on the Fedora rawhide <`05a6c9c8f3`>. * Fix `TestNetHTTPS#test_session_reuse_but_expire` test failure cause. The patch ruby-3.3.1-Fix-test-session-reuse-but-expire.patch was copied from the part on Fedora rawhide <`a34f33bc50`>. As a reference, the part comes from Fedora ruby-3.3 branch <`99d21ecc4c`>.	2024-05-13 14:23:34 +02:00
Jun Aruga	17d1b767cb	Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. This commit was cherry-picked from Fedora rawhide <`ad7f78b5c8`>. This fixes the test failures related to the Amsterdam time zone like below. ``` 1) Time.local timezone changes correctly adjusts the timezone change to 'CEST' on 'Europe/Amsterdam' FAILED Expected [0, 0, 0, 16, 5, 1940, 4, 137, true, "WEST"] == [0, 40, 1, 16, 5, 1940, 4, 137, true, "CEST"] to be truthy but was false /builddir/build/BUILD/ruby-3.0.4/spec/ruby/core/time/shared/local.rb:13:in `block (5 levels) in <top (required)>' /builddir/build/BUILD/ruby-3.0.4/spec/ruby/core/time/shared/local.rb:12:in `block (4 levels) in <top (required)>' /builddir/build/BUILD/ruby-3.0.4/spec/ruby/core/time/local_spec.rb:5:in `<top (required)>' ``` Related: rhbz#2173531	2023-06-28 15:00:26 +02:00

Jun Aruga

3cd2ea3699

Upgrade to Ruby 3.0.7.

* Upgrade to Ruby 3.0.7.
  Resolves: RHEL-35740

The released Ruby 3.0.5 includes the following fix.

* Fix HTTP response splitting in CGI.
  Resolves: RHEL-35741

The released Ruby 3.0.6 includes the following fixes.

* Fix ReDoS vulnerability in URI.
  Resolves: RHEL-35742
* Fix ReDoS vulnerability in Time.
  Resolves: RHEL-35743

The released Ruby 3.0.7 includes the following fixes.

* Fix buffer overread vulnerability in StringIO.
  Resolves: RHEL-35744
* Fix RCE vulnerability with .rdoc_options in RDoc.
  Resolves: RHEL-35746
* Fix arbitrary memory address read vulnerability with Regex search.
  Resolves: RHEL-35747

Replaced the patch ruby-3.0.3-ext-openssl-extconf.rb-require-OpenSSL-version-1.0.1.patch
with the tiny patch ruby-ext-openssl-extconf.rb-ignore-OpenSSL-version-check.patch
not using the reverse logic. Because it was hard to maintain the patch file,
when the included file was updated on the upstream.

Added the following patches.
* Fix net-http test errors due to expired certificate.
  The patch ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch was copied
  from the part on the Fedora rawhide
  <05a6c9c8f3>.
* Fix `TestNetHTTPS#test_session_reuse_but_expire` test failure cause.
  The patch ruby-3.3.1-Fix-test-session-reuse-but-expire.patch was copied from
  the part on Fedora rawhide
  <a34f33bc50>.
  As a reference, the part comes from Fedora ruby-3.3 branch
  <99d21ecc4c>.

2024-05-13 14:23:34 +02:00

Jun Aruga

17d1b767cb

Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b.

This commit was cherry-picked from Fedora rawhide
<ad7f78b5c8>.
This fixes the test failures related to the Amsterdam time zone like below.

```
1)
Time.local timezone changes correctly adjusts the timezone change to 'CEST' on 'Europe/Amsterdam' FAILED
Expected [0, 0, 0, 16, 5, 1940, 4, 137, true, "WEST"] == [0, 40, 1, 16, 5, 1940, 4, 137, true, "CEST"]
to be truthy but was false
/builddir/build/BUILD/ruby-3.0.4/spec/ruby/core/time/shared/local.rb:13:in `block (5 levels) in <top (required)>'
/builddir/build/BUILD/ruby-3.0.4/spec/ruby/core/time/shared/local.rb:12:in `block (4 levels) in <top (required)>'
/builddir/build/BUILD/ruby-3.0.4/spec/ruby/core/time/local_spec.rb:5:in `<top (required)>'
```

Related: rhbz#2173531

2023-06-28 15:00:26 +02:00

2 Commits