diff --git a/.rubygem-pg.metadata b/.rubygem-pg.metadata new file mode 100644 index 0000000..b4ff84f --- /dev/null +++ b/.rubygem-pg.metadata @@ -0,0 +1,2 @@ +b4ff1dfd1a5b2c269d402d1c21380074c25afa6a pg-1.5.4.gem +9802fe4e66ed86f5881692181a48d48ec137eb93 pg-1.5.4-spec.tar.gz diff --git a/rubygem-pg-1.3.0-remove-rpath.patch b/rubygem-pg-1.3.0-remove-rpath.patch index b3087ed..4a21c71 100644 --- a/rubygem-pg-1.3.0-remove-rpath.patch +++ b/rubygem-pg-1.3.0-remove-rpath.patch @@ -1,17 +1,17 @@ diff --git a/ext/extconf.rb b/ext/extconf.rb --- a/ext/extconf.rb +++ b/ext/extconf.rb -@@ -54,13 +54,6 @@ - else - incdir, libdir = dir_config 'pg' +@@ -54,13 +54,6 @@ else dlldir = libdir -- end -- + end + - # Try to use runtime path linker option, even if RbConfig doesn't know about it. - # The rpath option is usually set implicit by dir_config(), but so far not - # on MacOS-X. - if dlldir && RbConfig::CONFIG["RPATHFLAG"].to_s.empty? - append_ldflags "-Wl,-rpath,#{dlldir.quote}" +- end +- + if /mswin/ =~ RUBY_PLATFORM + $libs = append_library($libs, 'ws2_32') end - end - diff --git a/rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch b/rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch new file mode 100644 index 0000000..4f1f4d3 --- /dev/null +++ b/rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch @@ -0,0 +1,33 @@ +From 110665fa55292027e835f9d6bdfb3ed608b0a6ca Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Fri, 20 Oct 2023 17:52:11 +0200 +Subject: [PATCH] Explicitly retype timespec fields to int64_t to fix + compatibility with 32bit arches. + +Timespec fields' time_t type is not guaranteed to be any particular integer. +Tests with binary timestamp conversion are failing on 32bit arches (e.g. intel x86) +until they are retyped into int64_t, which fixes the issue with encoding the Time instances. + +Decoder doesn't need adjusting. It returns the correct time from the encoded binary representation. + +Resolves: https://github.com/ged/ruby-pg/issues/545 +--- + ext/pg_binary_encoder.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/pg_binary_encoder.c b/ext/pg_binary_encoder.c +index e074a85..df45676 100644 +--- a/ext/pg_binary_encoder.c ++++ b/ext/pg_binary_encoder.c +@@ -185,7 +185,7 @@ pg_bin_enc_timestamp(t_pg_coder *this, VALUE value, char *out, VALUE *intermedia + ts = rb_time_timespec(*intermediate); + /* PostgreSQL's timestamp is based on year 2000 and Ruby's time is based on 1970. + * Adjust the 30 years difference. */ +- timestamp = (ts.tv_sec - 10957L * 24L * 3600L) * 1000000 + (ts.tv_nsec / 1000); ++ timestamp = ((int64_t)ts.tv_sec - 10957L * 24L * 3600L) * 1000000 + ((int64_t)ts.tv_nsec / 1000); + + if( this->flags & PG_CODER_TIMESTAMP_DB_LOCAL ) { + /* send as local time */ +-- +2.42.0 + diff --git a/rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch b/rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch new file mode 100644 index 0000000..8ceb03e --- /dev/null +++ b/rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch @@ -0,0 +1,75 @@ +From fb3fba9eac65291b20f22eb956f02490d62de3ec Mon Sep 17 00:00:00 2001 +From: Lars Kanis +Date: Thu, 19 Oct 2023 18:32:31 +0200 +Subject: [PATCH] Fix possible buffer overflows on 32 bit systems + +Comparing pointers after adding lengths is dangerous, since the length can overflow the pointer, so that the comparison leads to wrong results. +Comparing lengths only fixes this issue. + +This lead to segfault in the following spec on x86: + + it "should raise an error at grabage COPY format" do + expect{ decoder.decode("123\t \0\\\t\\") } + .to raise_error(ArgumentError, /premature.*at position: 7$/) + end +--- + ext/pg_copy_coder.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/ext/pg_copy_coder.c b/ext/pg_copy_coder.c +index 16d5c15..f2fe029 100644 +--- a/ext/pg_copy_coder.c ++++ b/ext/pg_copy_coder.c +@@ -795,26 +795,26 @@ pg_bin_dec_copy_row(t_pg_coder *conv, const char *input_line, int len, int _tupl + cur_ptr = input_line; + line_end_ptr = input_line + len; + +- if (cur_ptr + 11 <= line_end_ptr && memcmp(cur_ptr, BinarySignature, 11) == 0){ ++ if (line_end_ptr - cur_ptr >= 11 && memcmp(cur_ptr, BinarySignature, 11) == 0){ + /* binary COPY header signature detected -> just drop it */ + int ext_bytes; + cur_ptr += 11; + + /* read flags */ +- if (cur_ptr + 4 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 4 ) goto length_error; + cur_ptr += 4; + + /* read header extensions */ +- if (cur_ptr + 4 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 4 ) goto length_error; + ext_bytes = read_nbo32(cur_ptr); + if (ext_bytes < 0) goto length_error; + cur_ptr += 4; +- if (cur_ptr + ext_bytes > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < ext_bytes ) goto length_error; + cur_ptr += ext_bytes; + } + + /* read row header */ +- if (cur_ptr + 2 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 2 ) goto length_error; + nfields = read_nbo16(cur_ptr); + cur_ptr += 2; + +@@ -830,7 +830,7 @@ pg_bin_dec_copy_row(t_pg_coder *conv, const char *input_line, int len, int _tupl + VALUE field_value; + + /* read field size */ +- if (cur_ptr + 4 > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < 4 ) goto length_error; + input_len = read_nbo32(cur_ptr); + cur_ptr += 4; + +@@ -839,7 +839,7 @@ pg_bin_dec_copy_row(t_pg_coder *conv, const char *input_line, int len, int _tupl + /* NULL indicator */ + rb_ary_push(array, Qnil); + } else { +- if (cur_ptr + input_len > line_end_ptr) goto length_error; ++ if (line_end_ptr - cur_ptr < input_len ) goto length_error; + + /* copy input data to field_str */ + PG_RB_STR_ENSURE_CAPA( field_str, input_len, output_ptr, end_capa_ptr ); +-- +2.42.0 + diff --git a/rubygem-pg.spec b/rubygem-pg.spec index 5c44859..0e4e1c9 100644 --- a/rubygem-pg.spec +++ b/rubygem-pg.spec @@ -2,23 +2,31 @@ %global gem_name pg Name: rubygem-%{gem_name} -Version: 1.3.5 +Version: 1.5.4 Release: 1%{?dist} Summary: A Ruby interface to the PostgreSQL RDBMS -# Upstream license clarification (https://bitbucket.org/ged/ruby-pg/issue/72/) -# -# The portions of the code that are BSD-licensed are licensed under -# the BSD 3-Clause license; the contents of the BSD file are incorrect. -# -License: (BSD or Ruby) and PostgreSQL +License: (BSD-2-Clause OR Ruby) AND PostgreSQL URL: https://github.com/ged/ruby-pg Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem # git clone --no-checkout https://github.com/ged/ruby-pg.git -# git -C ruby-pg archive -v -o pg-1.3.5-spec.tar.gz v1.3.5 spec/ +# git -C ruby-pg archive -v -o pg-1.5.4-spec.tar.gz v1.5.4 spec/ Source1: %{gem_name}-%{version}-spec.tar.gz # Disable RPATH. # https://github.com/ged/ruby-pg/issues/183 Patch0: rubygem-pg-1.3.0-remove-rpath.patch +# Fix integer arithmetic on timespec struct fields on 32bit systems. +# The time_t type that is the type of timespec struct fields is not guaranteed +# to be any particular size or type. Therefore we need to explicitly retype +# to avoid buffer {over,under}flow. +# See `man 3 timespec` and `man 3 time_t` for further reference. +# https://github.com/ged/ruby-pg/issues/545 +# https://github.com/ged/ruby-pg/pull/547 +Patch1: rubygem-pg-1.5.4-Explicitly-retype-timespec-fields-to-int64_t.patch +# Fix possible buffer overflows. +# Found when upstream was investigating the following issue: +# https://github.com/ged/ruby-pg/issues/545 +# https://github.com/ged/ruby-pg/pull/548 +Patch2: rubygem-pg-1.5.4-Fix-possible-buffer-overflows-on-32-bit-systems.patch # ext/pg_text_decoder.c Requires: rubygem(bigdecimal) # lib/pg/text_{de,en}coder.rb @@ -50,7 +58,9 @@ Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version} -b 1 -%patch0 -p1 +%patch -P 0 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 %build # Create the gem as gem install only works on a gem file @@ -76,14 +86,6 @@ rm -rf %{buildroot}%{gem_instdir}/ext/ pushd .%{gem_instdir} ln -s %{_builddir}/spec . -# Test failures with disabled netwrok. -# https://github.com/ged/ruby-pg/issues/421 -sed -i -r 's|\\d\+\\\.\\d\+\\\.\\d\+\\\.\\d\+|(\0)?|' spec/pg/connection_spec.rb - -# Disable flaky test. This is problematic on most architectures. -# https://github.com/ged/ruby-pg/issues/424 -sed -i -e '/it "needs to flush data after send_query" do/a\ skip' spec/pg/connection_spec.rb - # Set --verbose to show detail log by $VERBOSE. # See https://github.com/ged/ruby-pg/blob/master/spec/helpers.rb $VERBOSE # Assign a random port to consider a case of multi builds in parallel in a host. @@ -102,8 +104,8 @@ popd %{gem_extdir_mri} %exclude %{gem_instdir}/.* %license %{gem_instdir}/BSDL -%license %{gem_instdir}/POSTGRES %license %{gem_instdir}/LICENSE +%license %{gem_instdir}/POSTGRES %{gem_libdir} %exclude %{gem_cache} %{gem_spec} @@ -112,20 +114,29 @@ popd %doc %{gem_docdir} %doc %{gem_instdir}/Contributors.rdoc %{gem_instdir}/Gemfile -%doc %{gem_instdir}/History.rdoc +%doc %{gem_instdir}/History.md %doc %{gem_instdir}/Manifest.txt %doc %{gem_instdir}/README-OS_X.rdoc %doc %{gem_instdir}/README-Windows.rdoc -%lang(ja) %doc %{gem_instdir}/README.ja.rdoc -%doc %{gem_instdir}/README.rdoc +%lang(ja) %doc %{gem_instdir}/README.ja.md +%doc %{gem_instdir}/README.md %{gem_instdir}/Rakefile* %{gem_instdir}/rakelib/* %{gem_instdir}/certs %{gem_instdir}/misc %{gem_instdir}/pg.gemspec %{gem_instdir}/sample +# The translations are only related to README and the readme is already in +# japanese (AFAICT) when we build an RPM from the gem, so we shouldn't need +# this directory at all. +# https://github.com/ged/ruby-pg/pull/549 +%exclude %{gem_instdir}/translation %changelog +* Fri Jan 19 2024 Jarek Prokop - 1.5.4-1 +- Upgrade to pg 1.5.4. + Related: RHEL-17089 + * Thu May 26 2022 Jarek Prokop - 1.3.5-1 - Update to pg 1.3.5 Related: rhbz#2063773 diff --git a/sources b/sources index 5652500..553b1d1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (pg-1.3.5.gem) = e603e0b8dceb710d1ad01352589a7aa1af3aa002379a0fa05d6183f99572ae5e4b3be5704d7910abdd450ee225ba84e699487571499c4640afdae2d4f809631a -SHA512 (pg-1.3.5-spec.tar.gz) = 97f5203ff8ba5391c50913f4c08ca31b4b9571eb982d405e7e7408d512e4555c3a5a241282ea3ae26911a77bfa6c096ac7e9e7141529674225c85804c2dd7480 +SHA512 (pg-1.5.4.gem) = 77d68e06dd26eeec932741875543cb9e02d8e4925f5483914bc1acdda0c792896ca2bb205366245745c24aae512d90a482f4a45a3e174c5ed0dbfd983762cd61 +SHA512 (pg-1.5.4-spec.tar.gz) = 4db24cd730b0363f05a4ef9d293fba370f8f937b06774f242e163d1139266bbee5ff2eab55c75ea735457dc9142d95f16353d6c4b7a7863408f8ff929f50bc41