import UBI ruby4.0-4.0.3-34.el10_2

.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,6 +1,3 @@
-/*/
+mysql2-0.5.7.gem
-/ruby-*.tar.xz
+pg-1.6.3.gem
-/*.rpm
+ruby-4.0.3.tar.xz
-/mysql2-*.gem
-/pg-*.gem
-!/plans/

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-10
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans/public.fmf

@@ -1,26 +0,0 @@
-summary: Public (CentOS) beakerlib tests
-
-adjust+:
-  - when: distro == centos-stream
-    because: Update all packages and reboot
-    discover+<:
-      - name: update-and-reboot
-        how: shell
-        tests:
-          - name: update
-            test: dnf update --refresh -y
-          - name: reboot
-            test: "[[ $TMT_REBOOT_COUNT == 0 ]] && tmt-reboot || echo Already rebooted"
-
-environment+:
-  RUBY: "ruby4.0"
-  GEM: "gem4.0"
-  BUNDLE: "bundle4.0"
-
-discover:
-  - name: centos
-    how: fmf
-    url: https://gitlab.com/redhat/centos-stream/tests/ruby
-    filter: 'component:ruby4.0'
-execute:
-    how: tmt

rpminspect.yaml

@@ -1,21 +0,0 @@
-badfuncs:
-  # Ruby implements the functionality for compatibility.
-  # Modern counterparts are also available and preferred.
-  allowed:
-    '/usr/lib*/ruby*/socket.so':
-      - gethostbyaddr
-      - gethostbyname
-
-patches:
-  # These patches are applied manually with the `patch` binary.
-  # The contents are unpacked with Ruby itself in %build.
-  # %build does not have %patch macros available for use.
-  ignore_list:
-    - rubygem-pg-1.3.0-remove-rpath.patch
-    - rubygem-mysql2-0.5.7-Disable-RPATH-completely-in-extconf.rb.patch
-
-rpmdeps:
-  ignore:
-    # The package will be pulled in transitively. Ruby takes care for the
-    # ABI compatibility in specific major.minor solib version.
-    requires: ^libruby.*\.so.*\(\)\(64bit\)$

ruby.rpmlintrc

@@ -1,61 +0,0 @@
-# Keep matching patterns enough not to hide unintended errors and warnings.
-
-# There is no way to implement this with `%{SOURCE0}` without `%{_sourcedir}`.
-# The order in the .spec file could be possibly different.
-addFilter(r'ruby\.(spec|src):20: E: use-of-RPM_SOURCE_DIR$')
-
-# The used version is not obvious.
-addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-build_assert\)$')
-addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-check_type\)$')
-addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-container_of\)$')
-addFilter(r'ruby\.(spec|src):\d+: W: unversioned-explicit-provides bundled\(ccan-list\)$')
-
-# The template files do not have to have executable bits.
-addFilter(r'^rubygem-bundler\.noarch: E: non-executable-script /usr/share/gems/gems/bundler-[\d\.]+/lib/bundler/templates/[\w/\.]+ 644 /usr/bin/env ')
-
-# The bundled gem files permissions are overridden as 644 by `make install`.
-# https://bugs.ruby-lang.org/issues/17840
-# https://github.com/rubygems/rubygems/issues/5255
-# https://github.com/ruby/debug/pull/481
-# https://github.com/ruby/net-ftp/pull/12
-# https://github.com/ruby/net-imap/pull/53
-# https://github.com/ruby/net-pop/pull/7
-# https://github.com/ruby/prime/pull/16
-addFilter(r'^.*: E: non-executable-script /usr/share/gems/gems/(debug|net-(ftp|imap|pop)|prime)-[\d\.]+/bin/\w+ 644 ')
-
-# Ruby provides API to set the cipher list.
-addFilter(r'^ruby-libs\.\w+: W: crypto-policy-non-compliance-openssl /usr/lib(64)?/ruby/openssl.so SSL_CTX_set_cipher_list$')
-
-# `gethostbyname` is part of deprecated Ruby API. There is also request to drop the API altogether:
-# https://bugs.ruby-lang.org/issues/13097
-# https://bugs.ruby-lang.org/issues/17944
-addFilter(r'^ruby-libs\.\w+: W: binary-or-shlib-calls-gethostbyname /usr/lib(64)?/ruby/socket.so$')
-
-# Rake ships some examples.
-addFilter(r'^rubygem-rake.noarch: W: devel-file-in-non-devel-package /usr/share/gems/gems/rake-[\d\.]+/doc/example/\w+.c$')
-
-# Some executables don't have their manual pages. Is it worth of use help2man?
-addFilter(r'^.+: W: no-manual-page-for-binary (bundler|gem|racc|rbs|rdbg|rdoc|ruby-mri|syntax_suggest|typeprof)$')
-
-# Default gems does not come with any documentation.
-addFilter(r'^rubygem-(bigdecimal|io-console|json|psych)\.\w+: W: no-documentation$')
-
-# rubygems-devel ships only RPM macros and generators. Their placement is given
-# by RPM and can't be modified.
-addFilter(r'rubygems-devel.noarch: W: only-non-binary-in-usr-lib$')
-
-# Ignore some spelling false positives.
-# Ignore spelling of technical terms
-addFilter(r'^ruby-default-gems.noarch: E: spelling-error \(\'gemspec\'')
-addFilter(r'^ruby-libs.x86_64: E: spelling-error \(\'libruby\'')
-addFilter(r'^rubygem-test-unit.noarch: E: spelling-error \(\'xUnit\'')
-addFilter(r'^rubygem-psych.x86_64: E: spelling-error \(\'libyaml\'')
-addFilter(r'^rubygem-io-console.x86_64: E: spelling-error \(\'readline\'')
-# `pyaml` is part of URL
-addFilter(r'^rubygem-psych.x86_64: E: spelling-error \(\'pyyaml\'')
-# `de-` is actually prefix
-addFilter(r'^rubygem-psych.x86_64: E: spelling-error \(\'de\'')
-
-# It does not seemt to be worth of changing rubygems to archful package due to
-# single directory, unless it causes some real troubles.
-addFilter(r'^rubygems.noarch: E: noarch-with-lib64$')

ruby4.0.spec

@@ -1648,13 +1648,13 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \
 %changelog
 * Wed Apr 29 2026 Tomas Juhasz <tjuhasz@redhat.com> - 4.0.3-34
 - Upgrade to Ruby 4.0.3.
-  Resolves: RHEL-170933
+  Resolves: RHEL-171239
-- Fix ERB: Arbitrary code execution via deserialization bypass
+- Fix ERB: Arbitrary code execution via bypass
  (CVE-2026-41316)
-  Resolves: RHEL-170911
+  Resolves: RHEL-170910
 - Fix JSON: Denial of Service or Information Disclosure via format string injection
  (CVE-2026-33210)
- Resolves: RHEL-169964
+ Resolves: RHEL-173457
 
 * Thu Feb 05 2026 Jarek Prokop <jprokop@redhat.com> - 4.0.1-33
 - Initial package.