RPM 4.18.0-beta1 or later versions remove the build directory
automatically, the build fails on removing temporary directories with
the missing 'w' bit.
RubyGems contain this patch since version 3.3.8.
This was merged to ruby_3_1 branch in upstream ruby, but it is not
included in the v3_1_2 tag, so new Ruby 3.1 release should contain this
change.
Relevant RPM upstream PR: https://github.com/rpm-software-management/rpm/pull/2080
Relevant bug: https://bugzilla.redhat.com/show_bug.cgi?id=2105393
Previous commit changed GC compaction methods to not be implemented
when not supported. However, that commit only does compile time checks,
but there are additional compaction support checks during run time.
This commit changes it so that GC compaction methods aren't defined
also during run time if the platform does not support GC compaction.
The patch is manually backported from following change set:
https://github.com/ruby/ruby/pull/60192c19086323
To apply the patch included with this commit,
first apply `ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch`
and then apply the `ruby-3.2.0-detect_compaction_support_during_runtime.patch`.
Related upstream issue: https://bugs.ruby-lang.org/issues/18829
The patch implements the methods as rb_f_notimplement.
To test for compaction users can now use `GC.respond_to?(:compact)`.
The upstream patch relies on the macro `GC_COMPACTION_SUPPORTED`
that is defined when the `__wasi__` is false. The define is defined by
an arch conditional in the specfile, which is not optimal but works in our case.
663833b08fhttps://bugs.ruby-lang.org/issues/18829
This also requires regenerating the gc.rbinc and miniprelude.c
since the patch touches gc.rb. This patch is available in
ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch.
To regenerate the gc.rbinc and miniprelude.c files patch:
~~~
tar -Jxvf ./ruby-3.1.2.tar.xz
git clone https://github.com/ruby/ruby.git
cd ruby && git checkout v3_1_2
patch -p1 < ../ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
./autogen.sh && ./configure
make gc.rbinc miniprelude.c
cd ..
diff -u {ruby-3.1.2,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
diff -u {ruby-3.1.2,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
~~~
Uptream bug: https://bugs.ruby-lang.org/issues/18779
Upstream PR: https://github.com/ruby/ruby/pull/5934
According to the <https://bugs.ruby-lang.org/issues/18756>, the `Q=` is not
recommended. The `V=1` is recommended to output for the verbose mode.
The `make V=1` suppresses some logs that `make` without `V=1` outputs rather
than just adding verbose logs.
While the `V=1 ECHO0=echo` is more equivalent with `Q=`, the
`make V=1 ECHO0=echo` doesn't really output meaningful logs additionally.
So, the `make V=1` is the best option for us to check the compiler flags.
Because the `%make_build` macro includes the `V=1`. Note there is no actual
difference of build.log between before and after this commit.
```
$ rpm --eval %make_build
/usr/bin/make -O -j8 V=1 VERBOSE=1
```
Because the gem extensions were built in `%{buildroot}` they referred
`BUILDROOT` directory, which would be under normal circumstances
reported by RPM, but there was a bug in RPM due to changes in grep:
https://github.com/rpm-software-management/rpm/issues/1968
* Add `make test-bundler-parallel` executed on the upstream CI.
See <41a48535d1/.github/workflows/ubuntu.yml (L22)>.
* The tests are disabled as a default, as it requires the internet.
Run the Bundler tests as follows.
```
$ mock --with bundler_tests ruby-3.1.0-161.fc37.src.rpm
```
* Fix a test for `bin/bundle update --bundler` in `make test-bundler`.
This replaces the parts of the original PR with official patches which
landed in [ruby/openssl](https://github.com/ruby/openssl) repository and
should reflect the state of OpenSSL 3 support in Ruby 3.1.
In Ruby 3.0.3, a new logic with the hard-coded "libc.so.6" to detect glibc
works on PPC, both Power 8 and 9.
See <https://bugs.ruby-lang.org/issues/12666#note-13>.
Note the logic also fixes the following error on a Power 9 environment where
the path is `/lib64/glibc-hwcaps/power9/libc-2.28.so`.
```
/builddir/build/BUILD/ruby-2.6.9/.ext/common/fiddle/import.rb:299:in `import_function': cannot find the function: strcpy() (Fiddle::DLError)
from /builddir/build/BUILD/ruby-2.6.9/.ext/common/fiddle/import.rb:172:in `extern'
from /builddir/build/BUILD/ruby-2.6.9/test/fiddle/test_import.rb:17:in `<module:LIBC>'
from /builddir/build/BUILD/ruby-2.6.9/test/fiddle/test_import.rb:10:in `<module:Fiddle>'
from /builddir/build/BUILD/ruby-2.6.9/test/fiddle/test_import.rb:9:in `<top (required)>'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:958:in `require'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:958:in `block in non_options'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:952:in `each'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:952:in `non_options'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:64:in `process_args'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:130:in `process_args'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:1136:in `process_args'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:1141:in `run'
from /builddir/build/BUILD/ruby-2.6.9/test/lib/test/unit.rb:1148:in `run'
from ./test/runner.rb:33:in `<main>'
```
- Fix command injection vulnerability in RDoc.
Resolves: CVE-2021-31799
- Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host.
Resolves: CVE-2021-31810
- Fix StartTLS stripping vulnerability in Net::IMAP.
Resolves: CVE-2021-32066
- Fix dependencies of gems with explicit source installed from a different
source.
Resolves: CVE-2020-36327
The FTBFS has started to happen with rpm-4.16.90-0.git15395.2.fc35.
root.log
```
DEBUG util.py:444: error: line 116: Unknown tag: /chroot_tmpdir/srpm_unpacked/SOURCES/macros.ruby
```
As the `%{?load:...}` is undocumented, it is gone.
https://github.com/rpm-software-management/rpm/issues/1669
Symlinks to StdLib provided to preserve `--disable-gems` functionality
together with `require_relative` cause double loading issues [1], e.g.:
~~~
$ ruby --disable-gems -e 'require "openssl"; require "openssl/digest"'
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::MD4
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of MD4 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::MD5
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of MD5 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::RIPEMD160
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of RIPEMD160 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::SHA1
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of SHA1 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::SHA224
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of SHA224 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::SHA256
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of SHA256 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::SHA384
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of SHA384 was here
/usr/share/ruby/openssl/digest.rb:45: warning: already initialized constant OpenSSL::Digest::SHA512
/usr/share/gems/gems/openssl-2.2.0/lib/openssl/digest.rb:45: warning: previous definition of SHA512 was here
/usr/share/ruby/openssl/digest.rb:52:in `<class:Digest>': superclass mismatch for class Digest (TypeError)
from /usr/share/ruby/openssl/digest.rb:16:in `<module:OpenSSL>'
from /usr/share/ruby/openssl/digest.rb:15:in `<top (required)>'
from -e:1:in `require'
from -e:1:in `<main>'
~~~
We could maintain a downstream patch reverting the `require_relative`,
but given that how much troubles the extracted gems cause, it'll be
better to keep them bundled. This will provide similar experience to
upstream and prevent similar issues.
[1]: https://bugs.ruby-lang.org/issues/16978#note-11
When the `gem.build_complete` file is not present, Bundler treats the
package as uninstalled, therefore leaves it out from the dependency
resolution with error such as:
~~~
Could not find gem 'openssl', which is required by gem 'net-ssh', in any of the sources.
~~~
[1] 1969e8adfc/bundler/lib/bundler/source/rubygems.rb (L353-L384)