rpms/ruby
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Upgrade to Ruby 3.1.4.

Browse source 
Fix ReDoS vulnerability in URI (CVE-2023-28755)
Fix ReDoS vulnerability in Time (CVE-2023-28756)

Skip a test that uses compaction when the
compaction is unimplemented.
<https://bugs.ruby-lang.org/issues/19529#note-7>
This commit is contained in:
Jarek Prokop 2023-03-31 17:33:54 +02:00
commit 2837b345ca
13 changed files with 80 additions and 212 deletions
Download patch file Download diff file Expand all files Collapse all files

2
ruby-2.1.0-Enable-configuration-of-archlibdir.patch
View file

@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
index d261ea57b5..3c13076b82 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3374,6 +3374,11 @@ AS_IF([test ${multiarch+set}], [
@@ -3381,6 +3381,11 @@ AS_IF([test ${multiarch+set}], [
])
archlibdir='${libdir}/${arch}'

2
ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch
View file

@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac
index c42436c23d..d261ea57b5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4032,7 +4032,8 @@ AS_CASE(["$ruby_version_dir_name"],
@@ -4039,7 +4039,8 @@ AS_CASE(["$ruby_version_dir_name"],
ruby_version_dir=/'${ruby_version_dir_name}'
if test -z "${ruby_version_dir_name}"; then

2
ruby-2.1.0-always-use-i386.patch
View file

@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
index 3c13076b82..93af30321d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4096,6 +4096,8 @@ AC_SUBST(vendorarchdir)dnl
@@ -4103,6 +4103,8 @@ AC_SUBST(vendorarchdir)dnl
AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl

4
ruby-2.1.0-custom-rubygems-location.patch
View file

@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac
index 93af30321d..bc13397e0e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4068,6 +4068,10 @@ AC_ARG_WITH(vendorarchdir,
@@ -4075,6 +4075,10 @@ AC_ARG_WITH(vendorarchdir,
[vendorarchdir=$withval],
[vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
RUBY_EXEC_PREFIX=''
@@ -4092,6 +4096,7 @@ AC_SUBST(sitearchdir)dnl
@@ -4099,6 +4104,7 @@ AC_SUBST(sitearchdir)dnl
AC_SUBST(vendordir)dnl
AC_SUBST(vendorlibdir)dnl
AC_SUBST(vendorarchdir)dnl

6
ruby-2.3.0-ruby_version.patch
View file

@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac
index 80b137e380..63cd3b4f8b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3983,9 +3983,6 @@ AS_CASE(["$target_os"],
@@ -3990,9 +3990,6 @@ AS_CASE(["$target_os"],
rubyw_install_name='$(RUBYW_INSTALL_NAME)'
])
@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644
rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'}
AC_ARG_WITH(rubyarchprefix,
AS_HELP_STRING([--with-rubyarchprefix=DIR],
@@ -4008,56 +4005,62 @@ AC_ARG_WITH(ridir,
@@ -4015,56 +4015,62 @@ AC_ARG_WITH(ridir,
AC_SUBST(ridir)
AC_SUBST(RI_BASE_NAME)
@ -120,7 +120,7 @@ index 80b137e380..63cd3b4f8b 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
@@ -4074,6 +4077,7 @@ AC_SUBST(sitearchincludedir)dnl
@@ -4081,6 +4081,7 @@ AC_SUBST(sitearchincludedir)dnl
AC_SUBST(arch)dnl
AC_SUBST(sitearch)dnl
AC_SUBST(ruby_version)dnl

70
ruby-3.1.3-Fix-for-tzdata-2022g.patch
View file

@ -1,70 +0,0 @@
From a1124dc162810f86cb0bff58cde24064cfc561bc Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@ruby-lang.org>
Date: Fri, 9 Dec 2022 21:11:47 +0900
Subject: [PATCH] merge revision(s) 58cc3c9f387dcf8f820b43e043b540fa06248da3:
[Backport #19187]
[Bug #19187] Fix for tzdata-2022g
---
test/ruby/test_time_tz.rb | 21 +++++++++++++++------
1 file changed, 15 insertions(+), 6 deletions(-)
---
test/ruby/test_time_tz.rb | 21 +++++++++++++++------
1 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
index b6785f336028d..939f218ed4d10 100644
--- a/test/ruby/test_time_tz.rb
+++ b/test/ruby/test_time_tz.rb
@@ -7,9 +7,9 @@ class TestTimeTZ < Test::Unit::TestCase
has_lisbon_tz = true
force_tz_test = ENV["RUBY_FORCE_TIME_TZ_TEST"] == "yes"
case RUBY_PLATFORM
- when /linux/
+ when /darwin|linux/
force_tz_test = true
- when /darwin|freebsd|openbsd/
+ when /freebsd|openbsd/
has_lisbon_tz = false
force_tz_test = true
end
@@ -95,6 +95,9 @@ def group_by(e, &block)
CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") {
Time.local(1994, 12, 31, 0, 0, 0).year == 1995
}
+ CORRECT_SINGAPORE_1982 = with_tz("Asia/Singapore") {
+ "2022g" if Time.local(1981, 12, 31, 23, 59, 59).utc_offset == 8*3600
+ }
def time_to_s(t)
t.to_s
@@ -140,9 +143,12 @@ def test_america_managua
def test_asia_singapore
with_tz(tz="Asia/Singapore") {
- assert_time_constructor(tz, "1981-12-31 23:59:59 +0730", :local, [1981,12,31,23,59,59])
- assert_time_constructor(tz, "1982-01-01 00:30:00 +0800", :local, [1982,1,1,0,0,0])
- assert_time_constructor(tz, "1982-01-01 00:59:59 +0800", :local, [1982,1,1,0,29,59])
+ assert_time_constructor(tz, "1981-12-31 23:29:59 +0730", :local, [1981,12,31,23,29,59])
+ if CORRECT_SINGAPORE_1982
+ assert_time_constructor(tz, "1982-01-01 00:00:00 +0800", :local, [1981,12,31,23,30,00])
+ assert_time_constructor(tz, "1982-01-01 00:00:00 +0800", :local, [1982,1,1,0,0,0])
+ assert_time_constructor(tz, "1982-01-01 00:29:59 +0800", :local, [1982,1,1,0,29,59])
+ end
assert_time_constructor(tz, "1982-01-01 00:30:00 +0800", :local, [1982,1,1,0,30,0])
}
end
@@ -450,8 +456,11 @@ def self.gen_zdump_test(data)
America/Managua Wed Jan 1 04:59:59 1997 UTC = Tue Dec 31 23:59:59 1996 EST isdst=0 gmtoff=-18000
America/Managua Wed Jan 1 05:00:00 1997 UTC = Tue Dec 31 23:00:00 1996 CST isdst=0 gmtoff=-21600
Asia/Singapore Sun Aug 8 16:30:00 1965 UTC = Mon Aug 9 00:00:00 1965 SGT isdst=0 gmtoff=27000
-Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000
+Asia/Singapore Thu Dec 31 15:59:59 1981 UTC = Thu Dec 31 23:29:59 1981 SGT isdst=0 gmtoff=27000
Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800
+End
+ gen_zdump_test <<'End' if CORRECT_SINGAPORE_1982
+Asia/Singapore Thu Dec 31 16:00:00 1981 UTC = Fri Jan 1 00:00:00 1982 SGT isdst=0 gmtoff=28800
End
gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End'
Asia/Tokyo Sat May 5 14:59:59 1951 UTC = Sat May 5 23:59:59 1951 JST isdst=0 gmtoff=32400

23
ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch Normal file
View file

@ -0,0 +1,23 @@
From bffadcd6d46ccfccade79ce0efb60ced8eac4483 Mon Sep 17 00:00:00 2001
From: Peter Zhu <peter@peterzhu.ca>
Date: Thu, 6 Apr 2023 13:35:25 -0400
Subject: [PATCH] Add guard to compaction test in WeakMap
Some platforms don't support compaction, so we should skip this test.
---
test/ruby/test_weakmap.rb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/ruby/test_weakmap.rb b/test/ruby/test_weakmap.rb
index c72e7310db101..7fc956dfae474 100644
--- a/test/ruby/test_weakmap.rb
+++ b/test/ruby/test_weakmap.rb
@@ -178,6 +178,8 @@ def test_no_memory_leak
end
def test_compaction_bug_19529
+ omit "compaction is not supported on this platform" unless GC.respond_to?(:compact)
+
obj = Object.new
100.times do |i|
GC.compact

24
ruby-3.2.0-Detect-compaction-support-during-runtime.patch
View file

@ -139,7 +139,7 @@ diff --git a/gc.c b/gc.c
index 1c35856c44..bff0666a17 100644
--- a/gc.c
+++ b/gc.c
@@ -4984,6 +4984,23 @@ gc_unprotect_pages(rb_objspace_t *objspace, rb_heap_t *heap)
@@ -4985,6 +4985,23 @@ gc_unprotect_pages(rb_objspace_t *objspace, rb_heap_t *heap)
static void gc_update_references(rb_objspace_t * objspace);
static void invalidate_moved_page(rb_objspace_t *objspace, struct heap_page *page);
@ -163,7 +163,7 @@ index 1c35856c44..bff0666a17 100644
static void
read_barrier_handler(uintptr_t address)
{
@@ -5004,6 +5021,7 @@ read_barrier_handler(uintptr_t address)
@@ -5005,6 +5022,7 @@ read_barrier_handler(uintptr_t address)
}
RB_VM_LOCK_LEAVE();
}
@ -171,7 +171,7 @@ index 1c35856c44..bff0666a17 100644
#if defined(_WIN32)
static LPTOP_LEVEL_EXCEPTION_FILTER old_handler;
@@ -9267,13 +9285,7 @@ gc_start_internal(rb_execution_context_t *ec, VALUE self, VALUE full_mark, VALUE
@@ -9268,13 +9286,7 @@ gc_start_internal(rb_execution_context_t *ec, VALUE self, VALUE full_mark, VALUE
/* For now, compact implies full mark / sweep, so ignore other flags */
if (RTEST(compact)) {
@ -186,7 +186,7 @@ index 1c35856c44..bff0666a17 100644
reason |= GPR_FLAG_COMPACT;
}
@@ -9438,7 +9450,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
@@ -9439,7 +9451,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
return (VALUE)src;
}
@ -195,7 +195,7 @@ index 1c35856c44..bff0666a17 100644
static int
compare_free_slots(const void *left, const void *right, void *dummy)
{
@@ -10166,7 +10178,7 @@ gc_update_references(rb_objspace_t *objspace)
@@ -10167,7 +10179,7 @@ gc_update_references(rb_objspace_t *objspace)
gc_update_table_refs(objspace, finalizer_table);
}
@ -204,7 +204,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
@@ -10207,7 +10219,7 @@ gc_compact_stats(VALUE self)
@@ -10208,7 +10220,7 @@ gc_compact_stats(VALUE self)
# define gc_compact_stats rb_f_notimplement
#endif
@ -213,7 +213,7 @@ index 1c35856c44..bff0666a17 100644
static void
root_obj_check_moved_i(const char *category, VALUE obj, void *data)
{
@@ -10286,7 +10298,7 @@ gc_compact(VALUE self)
@@ -10287,7 +10299,7 @@ gc_compact(VALUE self)
# define gc_compact rb_f_notimplement
#endif
@ -222,7 +222,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
@@ -10817,7 +10829,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10818,7 +10830,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
return rb_gc_disable();
}
@ -231,7 +231,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.auto_compact = flag
@@ -10831,8 +10843,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10832,8 +10844,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
static VALUE
gc_set_auto_compact(VALUE _, VALUE v)
{
@ -241,7 +241,7 @@ index 1c35856c44..bff0666a17 100644
ruby_enable_autocompact = RTEST(v);
return v;
@@ -10841,7 +10852,8 @@ gc_set_auto_compact(VALUE _, VALUE v)
@@ -10842,7 +10853,8 @@ gc_set_auto_compact(VALUE _, VALUE v)
# define gc_set_auto_compact rb_f_notimplement
#endif
@ -251,7 +251,7 @@ index 1c35856c44..bff0666a17 100644
/*
* call-seq:
* GC.auto_compact -> true or false
@@ -13714,11 +13726,21 @@ Init_GC(void)
@@ -13753,11 +13776,21 @@ Init_GC(void)
rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0);
rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0);
#endif
@ -278,7 +278,7 @@ index 1c35856c44..bff0666a17 100644
#if GC_DEBUG_STRESS_TO_CLASS
rb_define_singleton_method(rb_mGC, "add_stress_to_class", rb_gcdebug_add_stress_to_class, -1);
@@ -13742,6 +13764,7 @@ Init_GC(void)
@@ -13781,6 +13803,7 @@ Init_GC(void)
OPT(MALLOC_ALLOCATED_SIZE);
OPT(MALLOC_ALLOCATED_SIZE_CHECK);
OPT(GC_PROFILE_DETAIL_MEMORY);

32
ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
View file

@ -22,7 +22,7 @@ diff --git a/gc.c b/gc.c
index ef9327df1f..1c35856c44 100644
--- a/gc.c
+++ b/gc.c
@@ -10164,8 +10164,20 @@ gc_update_references(rb_objspace_t *objspace)
@@ -10165,8 +10165,20 @@ gc_update_references(rb_objspace_t *objspace)
gc_update_table_refs(objspace, finalizer_table);
}
@ -44,7 +44,7 @@ index ef9327df1f..1c35856c44 100644
{
size_t i;
rb_objspace_t *objspace = &rb_objspace;
@@ -10238,22 +10250,70 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
@@ -10239,22 +10251,70 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
return 0;
}
@ -120,7 +120,7 @@ index ef9327df1f..1c35856c44 100644
RB_VM_LOCK_ENTER();
{
@@ -10273,12 +10333,12 @@ gc_verify_compaction_references(rb_execution_context_t *ec, VALUE self, VALUE do
@@ -10274,12 +10334,12 @@ gc_verify_compaction_references(rb_execution_context_t *ec, VALUE self, VALUE do
}
RB_VM_LOCK_LEAVE();
@ -135,7 +135,7 @@ index ef9327df1f..1c35856c44 100644
}
VALUE
@@ -10739,8 +10799,18 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10740,8 +10800,18 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
return rb_gc_disable();
}
@ -155,7 +155,7 @@ index ef9327df1f..1c35856c44 100644
{
/* If not MinGW, Windows, or does not have mmap, we cannot use mprotect for
* the read barrier, so we must disable automatic compaction. */
@@ -10754,8 +10824,14 @@ gc_set_auto_compact(rb_execution_context_t *ec, VALUE _, VALUE v)
@@ -10755,8 +10825,14 @@ gc_set_auto_compact(rb_execution_context_t *ec, VALUE _, VALUE v)
return v;
}
@ -171,7 +171,7 @@ index ef9327df1f..1c35856c44 100644
{
return RBOOL(ruby_enable_autocompact);
}
@@ -13617,6 +13693,11 @@ Init_GC(void)
@@ -13656,6 +13732,11 @@ Init_GC(void)
rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0);
rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0);
#endif
@ -305,7 +305,7 @@ diff --git a/gc.c b/gc.c
index 92ed76cf96..d71924846a 100644
--- a/gc.c
+++ b/gc.c
@@ -9438,6 +9438,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
@@ -9439,6 +9439,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size)
return (VALUE)src;
}
@ -313,7 +313,7 @@ index 92ed76cf96..d71924846a 100644
static int
compare_free_slots(const void *left, const void *right, void *dummy)
{
@@ -9485,6 +9486,7 @@ gc_sort_heap_by_empty_slots(rb_objspace_t *objspace)
@@ -9486,6 +9487,7 @@ gc_sort_heap_by_empty_slots(rb_objspace_t *objspace)
free(page_list);
}
}
@ -321,7 +321,7 @@ index 92ed76cf96..d71924846a 100644
static void
gc_ref_update_array(rb_objspace_t * objspace, VALUE v)
@@ -10164,6 +10166,7 @@ gc_update_references(rb_objspace_t *objspace)
@@ -10165,6 +10167,7 @@ gc_update_references(rb_objspace_t *objspace)
gc_update_table_refs(objspace, finalizer_table);
}
@ -329,7 +329,7 @@ index 92ed76cf96..d71924846a 100644
/*
* call-seq:
* GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}}
@@ -10200,7 +10203,11 @@ gc_compact_stats(VALUE self)
@@ -10201,7 +10204,11 @@ gc_compact_stats(VALUE self)
return h;
}
@ -341,7 +341,7 @@ index 92ed76cf96..d71924846a 100644
static void
root_obj_check_moved_i(const char *category, VALUE obj, void *data)
{
@@ -10262,6 +10269,10 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
@@ -10263,6 +10270,10 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data)
*
* This method is implementation specific and not expected to be implemented
* in any implementation besides MRI.
@ -352,7 +352,7 @@ index 92ed76cf96..d71924846a 100644
*/
static VALUE
gc_compact(VALUE self)
@@ -10271,7 +10282,11 @@ gc_compact(VALUE self)
@@ -10272,7 +10283,11 @@ gc_compact(VALUE self)
return gc_compact_stats(self);
}
@ -364,7 +364,7 @@ index 92ed76cf96..d71924846a 100644
/*
* call-seq:
* GC.verify_compaction_references(toward: nil, double_heap: false) -> hash
@@ -10340,6 +10355,9 @@ gc_verify_compaction_references(int argc, VALUE *argv, VALUE self)
@@ -10341,6 +10356,9 @@ gc_verify_compaction_references(int argc, VALUE *argv, VALUE self)
return gc_compact_stats(self);
}
@ -374,7 +374,7 @@ index 92ed76cf96..d71924846a 100644
VALUE
rb_gc_start(void)
@@ -10799,6 +10817,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
@@ -10800,6 +10818,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _)
return rb_gc_disable();
}
@ -382,7 +382,7 @@ index 92ed76cf96..d71924846a 100644
/*
* call-seq:
* GC.auto_compact = flag
@@ -10814,16 +10833,15 @@ gc_set_auto_compact(VALUE _, VALUE v)
@@ -10815,16 +10834,15 @@ gc_set_auto_compact(VALUE _, VALUE v)
{
/* If not MinGW, Windows, or does not have mmap, we cannot use mprotect for
* the read barrier, so we must disable automatic compaction. */
@ -403,7 +403,7 @@ index 92ed76cf96..d71924846a 100644
/*
* call-seq:
* GC.auto_compact -> true or false
@@ -10835,6 +10853,9 @@ gc_get_auto_compact(VALUE _)
@@ -10836,6 +10854,9 @@ gc_get_auto_compact(VALUE _)
{
return RBOOL(ruby_enable_autocompact);
}

38
ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch
View file

@ -1,38 +0,0 @@
From 656f25987cf2885104d5b13c8d3f5b7d32f1b333 Mon Sep 17 00:00:00 2001
From: Jean Boussier <jean.boussier@gmail.com>
Date: Wed, 23 Nov 2022 12:10:36 +0100
Subject: [PATCH] [ruby/cgi] Fix test_cgi_cookie_new_with_domain to pass on
older rubies
https://github.com/ruby/cgi/commit/05f0c58048
---
test/cgi/test_cgi_cookie.rb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index e3ec4bea5286..6d31932d321a 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -62,18 +62,18 @@ def test_cgi_cookie_new_complex
def test_cgi_cookie_new_with_domain
h = {'name'=>'name1', 'value'=>'value1'}
- cookie = CGI::Cookie.new('domain'=>'a.example.com', **h)
+ cookie = CGI::Cookie.new(h.merge('domain'=>'a.example.com'))
assert_equal('a.example.com', cookie.domain)
- cookie = CGI::Cookie.new('domain'=>'1.example.com', **h)
+ cookie = CGI::Cookie.new(h.merge('domain'=>'1.example.com'))
assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')
assert_raise(ArgumentError) {
- CGI::Cookie.new('domain'=>'-a.example.com', **h)
+ CGI::Cookie.new(h.merge('domain'=>'-a.example.com'))
}
assert_raise(ArgumentError) {
- CGI::Cookie.new('domain'=>'a-.example.com', **h)
+ CGI::Cookie.new(h.merge('domain'=>'a-.example.com'))
}
end

44
ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch
View file

@ -1,44 +0,0 @@
From 745dcf5326ea2c8e2047a3bddeb0fbb7e7d07649 Mon Sep 17 00:00:00 2001
From: Xenor Chang <tubaxenor@gmail.com>
Date: Mon, 28 Nov 2022 12:34:06 +0800
Subject: [PATCH] [ruby/cgi] Loosen the domain regex to accept '.'
(https://github.com/ruby/cgi/pull/29)
* Loosen the domain regex to accept '.'
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
https://github.com/ruby/cgi/commit/5e09d632f3
Co-authored-by: Hiroshi SHIBATA <hsbt@ruby-lang.org>
---
lib/cgi/cookie.rb | 2 +-
test/cgi/test_cgi_cookie.rb | 3 +++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb
index 1a9c1a82c123..9498e2f9faf9 100644
--- a/lib/cgi/cookie.rb
+++ b/lib/cgi/cookie.rb
@@ -42,7 +42,7 @@ class Cookie < Array
TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z"
PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z"
- DOMAIN_VALUE_RE = %r"\A(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
+ DOMAIN_VALUE_RE = %r"\A\.?(?<label>(?!-)[-A-Za-z0-9]+(?<!-))(?:\.\g<label>)*\z"
# Create a new CGI::Cookie object.
#
diff --git a/test/cgi/test_cgi_cookie.rb b/test/cgi/test_cgi_cookie.rb
index 6d31932d321a..eadae4531365 100644
--- a/test/cgi/test_cgi_cookie.rb
+++ b/test/cgi/test_cgi_cookie.rb
@@ -65,6 +65,9 @@ def test_cgi_cookie_new_with_domain
cookie = CGI::Cookie.new(h.merge('domain'=>'a.example.com'))
assert_equal('a.example.com', cookie.domain)
+ cookie = CGI::Cookie.new(h.merge('domain'=>'.example.com'))
+ assert_equal('.example.com', cookie.domain)
+
cookie = CGI::Cookie.new(h.merge('domain'=>'1.example.com'))
assert_equal('1.example.com', cookie.domain, 'enhanced by RFC 1123')

43
ruby.spec
View file

@ -1,6 +1,6 @@
%global major_version 3
%global minor_version 1
%global teeny_version 3
%global teeny_version 4
%global major_minor_version %{major_version}.%{minor_version}
%global ruby_version %{major_minor_version}.%{teeny_version}
@ -22,7 +22,7 @@
%endif
%global release 174
%global release 175
%{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
# The RubyGems library has to stay out of Ruby directory tree, since the
@ -45,7 +45,7 @@
%global bundler_tmpdir_version 0.1.0
# TODO: Check the version if/when available in library.
%global bundler_tsort_version 0.1.1
%global bundler_uri_version 0.10.1
%global bundler_uri_version 0.10.2
%global bigdecimal_version 3.1.1
%global did_you_mean_version 1.6.1
@ -169,15 +169,15 @@ Patch19: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch
# https://github.com/ruby/ruby/pull/5934
Patch22: ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
# To regenerate the patch you need to have ruby, autoconf, xz, tar and make installed:
# tar -Jxvf ./ruby-3.1.3.tar.xz
# tar -Jxvf ./ruby-3.1.4.tar.xz
# git clone https://github.com/ruby/ruby.git
# cd ruby && git checkout v3_1_3
# cd ruby && git checkout v3_1_4
# patch -p1 < ../ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch
# ./autogen.sh && ./configure
# make gc.rbinc miniprelude.c
# cd ..
# diff -u {ruby-3.1.3,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# diff -u {ruby-3.1.3,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# diff -u {ruby-3.1.4,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# diff -u {ruby-3.1.4,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
Patch23: ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch
# Define the GC compaction support macro at run time.
# https://bugs.ruby-lang.org/issues/18829
@ -190,17 +190,11 @@ Patch27: ruby-irb-1.4.1-drop-rdoc-hard-dep.patch
# Set soft dependency on RDoc in input-method.rb in IRB.
# https://github.com/ruby/irb/pull/395
Patch28: ruby-irb-1.4.1-set-rdoc-soft-dep.patch
# CGI is now too restrictive about leading '.' in domain, leading to failures
# in Rack, rack-test or ActionPack.
# https://github.com/ruby/ruby/commit/656f25987cf2885104d5b13c8d3f5b7d32f1b333
Patch29: ruby-3.2.0-ruby-cgi-Fix-test_cgi_cookie_new_with_domain-to-pass.patch
# https://github.com/ruby/cgi/pull/29
# https://github.com/ruby/ruby/commit/745dcf5326ea2c8e2047a3bddeb0fbb7e7d07649
Patch30: ruby-3.2.0-ruby-cgi-Loosen-the-domain-regex-to-accept.patch
# Fix Time Zone Database 2022g.
# https://bugs.ruby-lang.org/issues/19187
# https://github.com/ruby/ruby/commit/a1124dc162810f86cb0bff58cde24064cfc561bc
Patch31: ruby-3.1.3-Fix-for-tzdata-2022g.patch
# A Weakmap test uses compaction without safeguarding if the method is defined.
# This test should be skipped if compaction is not supported on the platform.
# https://github.com/ruby/ruby/commit/bffadcd6d46ccfccade79ce0efb60ced8eac4483
# https://bugs.ruby-lang.org/issues/19529#note-7
Patch29: ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Suggests: rubypick
@ -673,8 +667,6 @@ rm -rf ext/fiddle/libffi*
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
# Provide an example of usage of the tapset:
cp -a %{SOURCE3} .
@ -1249,7 +1241,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/"
%{gem_dir}/specifications/default/abbrev-0.1.0.gemspec
%{gem_dir}/specifications/default/base64-0.1.1.gemspec
%{gem_dir}/specifications/default/benchmark-0.2.0.gemspec
%{gem_dir}/specifications/default/cgi-0.3.5.gemspec
%{gem_dir}/specifications/default/cgi-0.3.6.gemspec
%{gem_dir}/specifications/default/csv-3.2.5.gemspec
%{gem_dir}/specifications/default/date-3.2.2.gemspec
%{gem_dir}/specifications/default/delegate-0.2.0.gemspec
@ -1300,12 +1292,12 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/"
%{gem_dir}/specifications/default/strscan-3.0.1.gemspec
%{gem_dir}/specifications/default/syslog-0.1.0.gemspec
%{gem_dir}/specifications/default/tempfile-0.1.2.gemspec
%{gem_dir}/specifications/default/time-0.2.0.gemspec
%{gem_dir}/specifications/default/time-0.2.2.gemspec
%{gem_dir}/specifications/default/timeout-0.2.0.gemspec
%{gem_dir}/specifications/default/tmpdir-0.1.2.gemspec
%{gem_dir}/specifications/default/tsort-0.1.0.gemspec
%{gem_dir}/specifications/default/un-0.2.0.gemspec
%{gem_dir}/specifications/default/uri-0.11.0.gemspec
%{gem_dir}/specifications/default/uri-0.12.1.gemspec
%{gem_dir}/specifications/default/weakref-0.1.1.gemspec
#%%{gem_dir}/specifications/default/win32ole-1.8.8.gemspec
%{gem_dir}/specifications/default/yaml-0.2.0.gemspec
@ -1545,6 +1537,11 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/"
%changelog
* Fri Mar 31 2023 Jarek Prokop jprokop@redhat.com - 3.1.4-175
- Upgrade to Ruby 3.1.4.
- Fix ReDoS vulnerability in URI (CVE-2023-28755)
- Fix ReDoS vulnerability in Time (CVE-2023-28756)
* Fri Jan 20 2023 Jun Aruga <jaruga@redhat.com> - 3.1.3-174
- Fix for tzdata-2022g.

2
sources
View file

@ -1 +1 @@
SHA512 (ruby-3.1.3.tar.xz) = 4b0fd334ae56132ba98b8a69adad54bdcf7f7aeabd5eba5b0f0399a3868e2054f9026ca1b1cb2dbb197a9e9b0610b263481949c0623a62071546bc5adff8ca69
SHA512 (ruby-3.1.4.tar.xz) = a627bb629a10750b8b2081ad451a41faea0fc85d95aa1e267e3d2a0f56a35bb58195d4a8d13bbdbd82f4197a96dae22b1cee1dfc83861ec33a67ece07aef5633