From 134cc6effec66b412504f921a93ae2c9611c9696 Mon Sep 17 00:00:00 2001 From: Jarek Prokop Date: Mon, 23 Oct 2023 20:02:51 +0200 Subject: [PATCH] Upgrade to pg 1.5.4. Resolves: rhbz#2173399 --- rubygem-pg-1.3.0-remove-rpath.patch | 14 ++-- ...ly-retype-timespec-fields-to-int64_t.patch | 33 ++++++++ ...e-buffer-overflows-on-32-bit-systems.patch | 75 +++++++++++++++++++ rubygem-pg.spec | 38 ++++++++-- sources | 4 +- 5 files changed, 148 insertions(+), 16 deletions(-) create mode 100644 rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch create mode 100644 rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch diff --git a/rubygem-pg-1.3.0-remove-rpath.patch b/rubygem-pg-1.3.0-remove-rpath.patch index d725b9b..4a21c71 100644 --- a/rubygem-pg-1.3.0-remove-rpath.patch +++ b/rubygem-pg-1.3.0-remove-rpath.patch @@ -1,17 +1,17 @@ diff --git a/ext/extconf.rb b/ext/extconf.rb --- a/ext/extconf.rb +++ b/ext/extconf.rb -@@ -52,13 +52,6 @@ - else - incdir, libdir = dir_config 'pg' +@@ -54,13 +54,6 @@ else dlldir = libdir -- end -- + end + - # Try to use runtime path linker option, even if RbConfig doesn't know about it. - # The rpath option is usually set implicit by dir_config(), but so far not - # on MacOS-X. - if dlldir && RbConfig::CONFIG["RPATHFLAG"].to_s.empty? - append_ldflags "-Wl,-rpath,#{dlldir.quote}" +- end +- + if /mswin/ =~ RUBY_PLATFORM + $libs = append_library($libs, 'ws2_32') end - end - diff --git a/rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch b/rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch new file mode 100644 index 0000000..4f1f4d3 --- /dev/null +++ b/rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch @@ -0,0 +1,33 @@ +From 110665fa55292027e835f9d6bdfb3ed608b0a6ca Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Fri, 20 Oct 2023 17:52:11 +0200 +Subject: [PATCH] Explicitly retype timespec fields to int64_t to fix + compatibility with 32bit arches. + +Timespec fields' time_t type is not guaranteed to be any particular integer. +Tests with binary timestamp conversion are failing on 32bit arches (e.g. intel x86) +until they are retyped into int64_t, which fixes the issue with encoding the Time instances. + +Decoder doesn't need adjusting. It returns the correct time from the encoded binary representation. + +Resolves: https://github.com/ged/ruby-pg/issues/545 +--- + ext/pg_binary_encoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/pg_binary_encoder.c b/ext/pg_binary_encoder.c +index e074a85..df45676 100644 +--- a/ext/pg_binary_encoder.c ++++ b/ext/pg_binary_encoder.c +@@ -185,7 +185,7 @@ pg_bin_enc_timestamp(t_pg_coder *this, VALUE value, char *out, VALUE *intermedia + ts = rb_time_timespec(*intermediate); + /* PostgreSQL's timestamp is based on year 2000 and Ruby's time is based on 1970. + * Adjust the 30 years difference. */ +- timestamp = (ts.tv_sec - 10957L * 24L * 3600L) * 1000000 + (ts.tv_nsec / 1000); ++ timestamp = ((int64_t)ts.tv_sec - 10957L * 24L * 3600L) * 1000000 + ((int64_t)ts.tv_nsec / 1000); + + if( this->flags & PG_CODER_TIMESTAMP_DB_LOCAL ) { + /* send as local time */ +-- +2.42.0 + diff --git a/rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch b/rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch new file mode 100644 index 0000000..8ceb03e --- /dev/null +++ b/rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch @@ -0,0 +1,75 @@ +From fb3fba9eac65291b20f22eb956f02490d62de3ec Mon Sep 17 00:00:00 2001 +From: Lars Kanis +Date: Thu, 19 Oct 2023 18:32:31 +0200 +Subject: [PATCH] Fix possible buffer overflows on 32 bit systems + +Comparing pointers after adding lengths is dangerous, since the length can overflow the pointer, so that the comparison leads to wrong results. +Comparing lengths only fixes this issue. + +This lead to segfault in the following spec on x86: + + it "should raise an error at grabage COPY format" do + expect{ decoder.decode("123\t \0\\\t\\") } + .to raise_error(ArgumentError, /premature.*at position: 7$/) + end +--- + ext/pg_copy_coder.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/ext/pg_copy_coder.c b/ext/pg_copy_coder.c +index 16d5c15..f2fe029 100644 +--- a/ext/pg_copy_coder.c ++++ b/ext/pg_copy_coder.c +@@ -795,26 +795,26 @@ pg_bin_dec_copy_row(t_pg_coder *conv, const char *input_line, int len, int _tupl + cur_ptr = input_line; + line_end_ptr = input_line + len; + +- if (cur_ptr + 11 <= line_end_ptr && memcmp(cur_ptr, BinarySignature, 11) == 0){ ++ if (line_end_ptr - cur_ptr >= 11 && memcmp(cur_ptr, BinarySignature, 11) == 0){ + /* binary COPY header signature detected -> just drop it */ + int ext_bytes; + cur_ptr += 11; + + /* read flags */ +- if (cur_ptr + 4 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 4 ) goto length_error; + cur_ptr += 4; + + /* read header extensions */ +- if (cur_ptr + 4 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 4 ) goto length_error; + ext_bytes = read_nbo32(cur_ptr); + if (ext_bytes < 0) goto length_error; + cur_ptr += 4; +- if (cur_ptr + ext_bytes > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < ext_bytes ) goto length_error; + cur_ptr += ext_bytes; + } + + /* read row header */ +- if (cur_ptr + 2 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 2 ) goto length_error; + nfields = read_nbo16(cur_ptr); + cur_ptr += 2; + +@@ -830,7 +830,7 @@ pg_bin_dec_copy_row(t_pg_coder *conv, const char *input_line, int len, int _tupl + VALUE field_value; + + /* read field size */ +- if (cur_ptr + 4 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 4 ) goto length_error; + input_len = read_nbo32(cur_ptr); + cur_ptr += 4; + +@@ -839,7 +839,7 @@ pg_bin_dec_copy_row(t_pg_coder *conv, const char *input_line, int len, int _tupl + /* NULL indicator */ + rb_ary_push(array, Qnil); + } else { +- if (cur_ptr + input_len > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < input_len ) goto length_error; + + /* copy input data to field_str */ + PG_RB_STR_ENSURE_CAPA( field_str, input_len, output_ptr, end_capa_ptr ); +-- +2.42.0 + diff --git a/rubygem-pg.spec b/rubygem-pg.spec index cc93d52..5538d6c 100644 --- a/rubygem-pg.spec +++ b/rubygem-pg.spec @@ -2,18 +2,31 @@ %global gem_name pg Name: rubygem-%{gem_name} -Version: 1.4.5 -Release: 4%{?dist} +Version: 1.5.4 +Release: 1%{?dist} Summary: A Ruby interface to the PostgreSQL RDBMS License: (BSD-2-Clause OR Ruby) AND PostgreSQL URL: https://github.com/ged/ruby-pg Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem # git clone --no-checkout https://github.com/ged/ruby-pg.git -# git -C ruby-pg archive -v -o pg-1.4.5-spec.tar.gz v1.4.5 spec/ +# git -C ruby-pg archive -v -o pg-1.5.4-spec.tar.gz v1.5.4 spec/ Source1: %{gem_name}-%{version}-spec.tar.gz # Disable RPATH. # https://github.com/ged/ruby-pg/issues/183 Patch0: rubygem-pg-1.3.0-remove-rpath.patch +# Fix integer arithmetic on timespec struct fields on 32bit systems. +# The time_t type that is the type of timespec struct fields is not guaranteed +# to be any particular size or type. Therefore we need to explicitly retype +# to avoid buffer {over,under}flow. +# See `man 3 timespec` and `man 3 time_t` for further reference. +# https://github.com/ged/ruby-pg/issues/545 +# https://github.com/ged/ruby-pg/pull/547 +Patch1: rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch +# Fix possible buffer overflows. +# Found when upstream was investigating the following issue: +# https://github.com/ged/ruby-pg/issues/545 +# https://github.com/ged/ruby-pg/pull/548 +Patch2: rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch # ext/pg_text_decoder.c Requires: rubygem(bigdecimal) # lib/pg/text_{de,en}coder.rb @@ -45,7 +58,9 @@ Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version} -b 1 -%patch0 -p1 +%patch 0 -p1 +%patch 1 -p1 +%patch 2 -p1 %build # Create the gem as gem install only works on a gem file @@ -99,20 +114,29 @@ popd %doc %{gem_docdir} %doc %{gem_instdir}/Contributors.rdoc %{gem_instdir}/Gemfile -%doc %{gem_instdir}/History.rdoc +%doc %{gem_instdir}/History.md %doc %{gem_instdir}/Manifest.txt %doc %{gem_instdir}/README-OS_X.rdoc %doc %{gem_instdir}/README-Windows.rdoc -%lang(ja) %doc %{gem_instdir}/README.ja.rdoc -%doc %{gem_instdir}/README.rdoc +%lang(ja) %doc %{gem_instdir}/README.ja.md +%doc %{gem_instdir}/README.md %{gem_instdir}/Rakefile* %{gem_instdir}/rakelib/* %{gem_instdir}/certs %{gem_instdir}/misc %{gem_instdir}/pg.gemspec %{gem_instdir}/sample +# The translations are only related to README and the readme is already in +# japanese (AFAICT) when we build an RPM from the gem, so we shouldn't need +# this directory at all. +# https://github.com/ged/ruby-pg/pull/549 +%exclude %{gem_instdir}/translation %changelog +* Mon Oct 23 2023 Jarek Prokop - 1.5.4-1 +- Upgrade to pg 1.5.4. + Resolves: rhbz#2173399 + * Fri Jul 21 2023 Fedora Release Engineering - 1.4.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild diff --git a/sources b/sources index 4e2fe38..553b1d1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (pg-1.4.5-spec.tar.gz) = ec4916c8f5ec5d9820c7464bb2d04ade64545f1fa9c27fd88835f0163903e6a746a83e92c455d712226d8e834772ac11b275a49736f60942d21ea47145135771 -SHA512 (pg-1.4.5.gem) = 693f8cc22c697f9260184e3011c9f4f247f391344febb481c348737ec49ad3a0d79e7816f6e49761384d7a1c56c4069e3a6276b2254306c143b26046bef9ae68 +SHA512 (pg-1.5.4.gem) = 77d68e06dd26eeec932741875543cb9e02d8e4925f5483914bc1acdda0c792896ca2bb205366245745c24aae512d90a482f4a45a3e174c5ed0dbfd983762cd61 +SHA512 (pg-1.5.4-spec.tar.gz) = 4db24cd730b0363f05a4ef9d293fba370f8f937b06774f242e163d1139266bbee5ff2eab55c75ea735457dc9142d95f16353d6c4b7a7863408f8ff929f50bc41