From f4a3464a78ac421efe3c62a1b90cec290aa6b78d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Fri, 12 Apr 2024 17:18:48 +0200 Subject: [PATCH 01/18] Ruby bundled NKF, add appropriate `bundled` provide and test --- ruby.spec | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/ruby.spec b/ruby.spec index 403b325..a60d3d6 100644 --- a/ruby.spec +++ b/ruby.spec @@ -137,6 +137,9 @@ %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 +# Bundled nkf version +%global bundled_nkf_version 2.1.5 + %global tapset_libdir %(echo %{_libdir} | sed 's/64//')* %if 0%{?fedora} >= 19 @@ -167,7 +170,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 4%{?dist} +Release: 6%{?dist} # BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c # ISC: missing/strl{cat,cpy}.c # Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ... @@ -332,6 +335,11 @@ Provides: bundled(ccan-check_type) Provides: bundled(ccan-container_of) Provides: bundled(ccan-list) +# https://github.com/nurse/nkf +# Please note that nkf going to be promoted to bundled gem in Ruby 3.4: +# https://github.com/ruby/ruby/commit/2e3a7f70ae71650be6ea38a483f66ce17ca5eb1d +Provides: bundled(nkf) = %{bundled_nkf_version} + # StdLib default gems. Provides: bundled(rubygem-did_you_mean) = %{did_you_mean_version} Provides: bundled(rubygem-openssl) = %{openssl_version} @@ -1068,6 +1076,16 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Bundler::URI::VERSION != '%{bundler_uri_version}'; \ \"" +# Check bundled libraries versions. + +# Nkf. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + require 'nkf'; \ + puts '%%{bundled_nkf_version}: %{bundled_nkf_version}'; \ + puts %Q[NKF::NKF_VERSION: #{NKF::NKF_VERSION}]; \ + exit 1 if NKF::NKF_VERSION != '%{bundled_nkf_version}'; \ +\"" + # test_debug(TestRubyOptions) fails due to LoadError reported in debug mode, # when abrt.rb cannot be required (seems to be easier way then customizing @@ -1663,6 +1681,9 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Fri Apr 12 2024 Vít Ondruch - 3.3.0-6 +- Add `bundled` provide for NKF. + * Fri Jan 26 2024 Jarek Prokop - 3.3.0-4 - Do not set AI_ADDRCONFIG by default when calling getaddrinfo(3). From 09b06cc15d8c7f0f1e5eb6403ca464fe739a1abb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Fri, 12 Apr 2024 17:19:37 +0200 Subject: [PATCH 02/18] License review and clarification --- ruby.spec | 52 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 45 insertions(+), 7 deletions(-) diff --git a/ruby.spec b/ruby.spec index a60d3d6..d66a066 100644 --- a/ruby.spec +++ b/ruby.spec @@ -171,13 +171,48 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} Release: 6%{?dist} -# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c +# Licenses, which are likely not included in binary RPMs: +# Apache-2.0: +# benchmark/gc/redblack.rb +# But this file might be BSD-2-Clause licensed after all: +# https://bugs.ruby-lang.org/issues/20420 +# GPL-1.0-or-later: ext/win32/lib/win32/sspi.rb +# GPL-1.0-or-later OR Artistic-1.0-Perl: win32/win32.c, include/ruby/win32.h, +# ext/win32ole/win32ole.c +# +# !!! Problematic licenses: +# LicenseRef-scancode-unicode-mappings: ext/json/generator/generator.c +# https://bugs.ruby-lang.org/issues/11844#note-19 +# https://github.com/flori/json/issues/277 +# https://github.com/flori/json/pull/567 +# +# Licenses under review: +# .bundle/gems/net-imap-0.4.9/LICENSE.txt +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 +# +# Approved license without SPDX identifier: +# ext/pty/pty.c +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/503 +# +# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c, addr2line.c:2652 +# CC0: ccan/{build_assert/build_assert.h,check_type/check_type.h, +# container_of/container_of.h,str/str.h} +# Allowed based on 'grandfather clause': +# https://gitlab.com/fedora/legal/fedora-license-data/-/blob/7d9720b2cfd8ccb98d1975312942d99588a0da7c/data/CC0-1.0.toml#L11-14 +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/499 +# dtoa: missing/dtoa.c +# GPL-3.0-or-later WITH Bison-exception-2.2: parse.{c,h}, ext/ripper/ripper.c +# HPND-Markus-Kuhn: missing/langinfo.c # ISC: missing/strl{cat,cpy}.c -# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ... -# MIT and CCO: ccan/* -# zlib: ext/digest/md5/md5.*, ext/nkf/nkf-utf8/nkf.c +# LicenseRef-Fedora-Public-Domain: include/ruby/st.h, strftime.c, missing/*, ... +# https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/145 +# MIT: ccan/list/list.h +# Ruby OR BSD-2-Clause OR GPL-1.0-or-later: lib/net/protocol.rb # Unicode-DFS-2015: some of enc/trans/**/*.src -License: (Ruby OR BSD-2-Clause) AND BSD-3-Clause AND ISC AND Public Domain AND MIT and CC0 AND zlib AND Unicode-DFS-2015 +# There is also license review ticket here: +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/500 +# zlib: ext/digest/md5/md5.*, ext/nkf/nkf-utf8/nkf.c +License: (Ruby OR BSD-2-Clause) AND (Ruby OR BSD-2-Clause OR GPL-1.0-or-later) AND BSD-3-Clause AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND CC0 AND zlib AND Unicode-DFS-2015 AND HPND-Markus-Kuhn URL: https://www.ruby-lang.org/ Source0: https://cache.ruby-lang.org/pub/%{name}/%{major_minor_version}/%{ruby_archive}.tar.xz Source1: operating_system.rb @@ -370,7 +405,8 @@ Version: %{rubygems_version} # lib/rubygems/timeout/ # lib/rubygems/tsort/ # MIT: lib/rubygems/resolver/molinillo -License: (Ruby OR MIT) AND BSD-2-Clause AND (BSD-2-Clause OR Ruby) AND MIT +# Ruby OR BSD-2-Clause OR GPL-1.0-or-later: lib/net/protocol.rb +License: (Ruby OR MIT) AND BSD-2-Clause AND (BSD-2-Clause OR Ruby) AND (Ruby OR BSD-2-Clause OR GPL-1.0-or-later) AND MIT Requires: ruby(release) Recommends: rubygem(bundler) >= %{bundler_version} Recommends: rubygem(rdoc) >= %{rdoc_version} @@ -481,7 +517,8 @@ This package contains documentation for %{name}. %package -n rubygem-bigdecimal Summary: BigDecimal provides arbitrary-precision floating point decimal arithmetic Version: %{bigdecimal_version} -License: Ruby OR BSD-2-Clause +# dtoa: missing/dtoa.c +License: (Ruby OR BSD-2-Clause) AND dtoa Provides: bundled(rubygem-bigdecimal) = %{bigdecimal_version} %description -n rubygem-bigdecimal @@ -1683,6 +1720,7 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog * Fri Apr 12 2024 Vít Ondruch - 3.3.0-6 - Add `bundled` provide for NKF. +- License review and fixes of SPDX syntax. * Fri Jan 26 2024 Jarek Prokop - 3.3.0-4 - Do not set AI_ADDRCONFIG by default when calling getaddrinfo(3). From 85d18e8bd30ea8c11f40dc29ad48111b9ee976db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Tue, 23 Apr 2024 17:48:45 +0200 Subject: [PATCH 03/18] Upgrade to Ruby 3.3.1. Resolves: rhbz#2276680 --- ...0-Enable-configuration-of-archlibdir.patch | 2 +- ...ed-paths-when-empty-version-string-i.patch | 2 +- ruby-2.1.0-always-use-i386.patch | 2 +- ruby-2.1.0-custom-rubygems-location.patch | 4 +- ruby-2.3.0-ruby_version.patch | 6 +- ...ocations-in-Hash-compare_by_identity.patch | 6 +- ruby-3.4.0-Fix-pointer-incompatiblity.patch | 24 ++ ...I_ADDRCONFIG-when-making-getaddrinfo.patch | 241 ----------------- ...ranch-protection-compilation-for-arm.patch | 39 +-- ...uby-net-http-Renew-test-certificates.patch | 256 ------------------ ruby.spec | 70 ++--- sources | 2 +- 12 files changed, 73 insertions(+), 581 deletions(-) create mode 100644 ruby-3.4.0-Fix-pointer-incompatiblity.patch delete mode 100644 ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch delete mode 100644 ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch diff --git a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 826d5f5..acd58b9 100644 --- a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3470,6 +3470,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3473,6 +3473,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index fb9b618..996486a 100644 --- a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4309,7 +4309,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4312,7 +4312,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/ruby-2.1.0-always-use-i386.patch b/ruby-2.1.0-always-use-i386.patch index a64b812..38eba5e 100644 --- a/ruby-2.1.0-always-use-i386.patch +++ b/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4373,6 +4373,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4376,6 +4376,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/ruby-2.1.0-custom-rubygems-location.patch b/ruby-2.1.0-custom-rubygems-location.patch index 91e53a1..98dd7ac 100644 --- a/ruby-2.1.0-custom-rubygems-location.patch +++ b/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4345,6 +4345,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4348,6 +4348,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4369,6 +4373,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4372,6 +4376,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/ruby-2.3.0-ruby_version.patch b/ruby-2.3.0-ruby_version.patch index c921c36..6ba802e 100644 --- a/ruby-2.3.0-ruby_version.patch +++ b/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -4259,9 +4259,6 @@ AS_CASE(["$target_os"], +@@ -4262,9 +4262,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4284,57 +4281,63 @@ AC_ARG_WITH(ridir, +@@ -4287,57 +4284,63 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -122,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4351,6 +4354,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4354,6 +4357,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl diff --git a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch index 9baaf27..23a6db8 100644 --- a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch +++ b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch @@ -13,7 +13,7 @@ diff --git a/hash.c b/hash.c index 78e9d9a2d6..f6525ba4a5 100644 --- a/hash.c +++ b/hash.c -@@ -4377,16 +4377,13 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4385,16 +4385,13 @@ rb_hash_compare_by_id(VALUE hash) if (hash_iterating_p(hash)) { rb_raise(rb_eRuntimeError, "compare_by_identity during iteration"); } @@ -33,7 +33,7 @@ index 78e9d9a2d6..f6525ba4a5 100644 // Slow path: Need to rehash the members of `self` into a new // `tmp` table using the new `identhash` compare/hash functions. tmp = hash_alloc(0); -@@ -4394,10 +4391,8 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4402,10 +4399,8 @@ rb_hash_compare_by_id(VALUE hash) identtable = RHASH_ST_TABLE(tmp); rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); @@ -60,7 +60,7 @@ diff --git a/hash.c b/hash.c index f6525ba4a5..cf83675c70 100644 --- a/hash.c +++ b/hash.c -@@ -4380,22 +4380,15 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4388,22 +4388,15 @@ rb_hash_compare_by_id(VALUE hash) ar_force_convert_table(hash, __FILE__, __LINE__); HASH_ASSERT(RHASH_ST_TABLE_P(hash)); diff --git a/ruby-3.4.0-Fix-pointer-incompatiblity.patch b/ruby-3.4.0-Fix-pointer-incompatiblity.patch new file mode 100644 index 0000000..b2ad843 --- /dev/null +++ b/ruby-3.4.0-Fix-pointer-incompatiblity.patch @@ -0,0 +1,24 @@ +From 055613fd868a8c94e43893f8c58a00cdd2a81f6d Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Fri, 22 Mar 2024 18:18:35 +0900 +Subject: [PATCH] Fix pointer incompatiblity + +Since the subsecond part is discarded, WIDEVAL to VALUE conversion is +needed. +--- + time.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/time.c b/time.c +index 6179b081c02fc9..3304b2f4f4856a 100644 +--- a/time.c ++++ b/time.c +@@ -2346,7 +2346,7 @@ zone_timelocal(VALUE zone, VALUE time) + struct time_object *tobj = RTYPEDDATA_GET_DATA(time); + wideval_t t, s; + +- split_second(tobj->timew, &t, &s); ++ wdivmod(tobj->timew, WINT2FIXWV(TIME_SCALE), &t, &s); + tm = tm_from_time(rb_cTimeTM, time); + utc = rb_check_funcall(zone, id_local_to_utc, 1, &tm); + if (UNDEF_P(utc)) return 0; diff --git a/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch b/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch deleted file mode 100644 index b509cb4..0000000 --- a/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch +++ /dev/null @@ -1,241 +0,0 @@ -From c3655b89e7c06555a2e0bf13affb8a63a49f4296 Mon Sep 17 00:00:00 2001 -From: Jarek Prokop -Date: Fri, 26 Jan 2024 11:19:48 +0100 -Subject: [PATCH] Revert "Set AI_ADDRCONFIG when making getaddrinfo(3) calls - for outgoing conns (#7295)" - -This reverts commit d2ba8ea54a4089959afdeecdd963e3c4ff391748. - -The purpose of the commit is to workaround a GLIBC bug [0] still present -in older Ubuntu [1]. C8S/RHEL 8 has the fix for some time [2] and the -Ruby workaround is causing problems for us [3]. Therefore we can -revert it for EL8, EL9, and Fedora distros. - -[0] https://sourceware.org/bugzilla/show_bug.cgi?id=26600 -[1] https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961697 -[2] https://bugzilla.redhat.com/show_bug.cgi?id=1868106 -[3] https://bugs.ruby-lang.org/issues/20208 ---- - ext/socket/extconf.rb | 2 - - ext/socket/ipsocket.c | 11 +-- - test/socket/test_tcp.rb | 164 ---------------------------------------- - 3 files changed, 2 insertions(+), 175 deletions(-) - -diff --git a/ext/socket/extconf.rb b/ext/socket/extconf.rb -index 544bed5298..1ca52da366 100644 ---- a/ext/socket/extconf.rb -+++ b/ext/socket/extconf.rb -@@ -607,8 +607,6 @@ def %(s) s || self end - EOS - end - -- have_const('AI_ADDRCONFIG', headers) -- - case with_config("lookup-order-hack", "UNSPEC") - when "INET" - $defs << "-DLOOKUP_ORDER_HACK_INET" -diff --git a/ext/socket/ipsocket.c b/ext/socket/ipsocket.c -index 0a693655b4..0c13620258 100644 ---- a/ext/socket/ipsocket.c -+++ b/ext/socket/ipsocket.c -@@ -54,22 +54,15 @@ init_inetsock_internal(VALUE v) - VALUE connect_timeout = arg->connect_timeout; - struct timeval tv_storage; - struct timeval *tv = NULL; -- int remote_addrinfo_hints = 0; - - if (!NIL_P(connect_timeout)) { - tv_storage = rb_time_interval(connect_timeout); - tv = &tv_storage; - } - -- if (type == INET_SERVER) { -- remote_addrinfo_hints |= AI_PASSIVE; -- } --#ifdef HAVE_CONST_AI_ADDRCONFIG -- remote_addrinfo_hints |= AI_ADDRCONFIG; --#endif -- - arg->remote.res = rsock_addrinfo(arg->remote.host, arg->remote.serv, -- family, SOCK_STREAM, remote_addrinfo_hints); -+ family, SOCK_STREAM, -+ (type == INET_SERVER) ? AI_PASSIVE : 0); - - - /* -diff --git a/test/socket/test_tcp.rb b/test/socket/test_tcp.rb -index 35d361f060..7f9dc53cae 100644 ---- a/test/socket/test_tcp.rb -+++ b/test/socket/test_tcp.rb -@@ -140,168 +140,4 @@ def test_accept_multithread - server_threads.each(&:join) - end - end -- -- def test_ai_addrconfig -- # This test verifies that we pass AI_ADDRCONFIG to the DNS resolver when making -- # an outgoing connection. -- # The verification of this is unfortunately incredibly convoluted. We perform the -- # test by setting up a fake DNS server to receive queries. Then, we construct -- # an environment which has only IPv4 addresses and uses that fake DNS server. We -- # then attempt to make an outgoing TCP connection. Finally, we verify that we -- # only received A and not AAAA queries on our fake resolver. -- # This test can only possibly work on Linux, and only when run as root. If either -- # of these conditions aren't met, the test will be skipped. -- -- # The construction of our IPv6-free environment must happen in a child process, -- # which we can put in its own network & mount namespaces. -- -- omit "This test is disabled. It is retained to show the original intent of [ruby-core:110870]" -- -- IO.popen("-") do |test_io| -- if test_io.nil? -- begin -- # Child program -- require 'fiddle' -- require 'resolv' -- require 'open3' -- -- libc = Fiddle.dlopen(nil) -- begin -- unshare = Fiddle::Function.new(libc['unshare'], [Fiddle::TYPE_INT], Fiddle::TYPE_INT) -- rescue Fiddle::DLError -- # Test can't run because we don't have unshare(2) in libc -- # This will be the case on not-linux, and also on very old glibc versions (or -- # possibly other libc's that don't expose this syscall wrapper) -- $stdout.write(Marshal.dump({result: :skip, reason: "unshare(2) or mount(2) not in libc"})) -- exit -- end -- -- # Move our test process into a new network & mount namespace. -- # This environment will be configured to be IPv6 free and point DNS resolution -- # at a fake DNS server. -- # (n.b. these flags are CLONE_NEWNS | CLONE_NEWNET) -- ret = unshare.call(0x00020000 | 0x40000000) -- errno = Fiddle.last_error -- if ret == -1 && errno == Errno::EPERM::Errno -- # Test can't run because we're not root. -- $stdout.write(Marshal.dump({result: :skip, reason: "insufficient permissions to unshare namespaces"})) -- exit -- elsif ret == -1 && (errno == Errno::ENOSYS::Errno || errno == Errno::EINVAL::Errno) -- # No unshare(2) in the kernel (or kernel too old to know about this namespace type) -- $stdout.write(Marshal.dump({result: :skip, reason: "errno #{errno} calling unshare(2)"})) -- exit -- elsif ret == -1 -- # Unexpected failure -- raise "errno #{errno} calling unshare(2)" -- end -- -- # Set up our fake DNS environment. Clean out /etc/hosts... -- fake_hosts_file = Tempfile.new('ruby_test_hosts') -- fake_hosts_file.write <<~HOSTS -- 127.0.0.1 localhost -- ::1 localhost -- HOSTS -- fake_hosts_file.flush -- -- # Have /etc/resolv.conf point to 127.0.0.1... -- fake_resolv_conf = Tempfile.new('ruby_test_resolv') -- fake_resolv_conf.write <<~RESOLV -- nameserver 127.0.0.1 -- RESOLV -- fake_resolv_conf.flush -- -- # Also stub out /etc/nsswitch.conf; glibc can have other resolver modules -- # (like systemd-resolved) configured in there other than just using dns, -- # so rewrite it to remove any `hosts:` lines and add one which just uses -- # dns. -- real_nsswitch_conf = File.read('/etc/nsswitch.conf') rescue "" -- fake_nsswitch_conf = Tempfile.new('ruby_test_nsswitch') -- real_nsswitch_conf.lines.reject { _1 =~ /^\s*hosts:/ }.each do |ln| -- fake_nsswitch_conf.puts ln -- end -- fake_nsswitch_conf.puts "hosts: files myhostname dns" -- fake_nsswitch_conf.flush -- -- # This is needed to make sure our bind-mounds aren't visible outside this process. -- system 'mount', '--make-rprivate', '/', exception: true -- # Bind-mount the fake files over the top of the real files. -- system 'mount', '--bind', '--make-private', fake_hosts_file.path, '/etc/hosts', exception: true -- system 'mount', '--bind', '--make-private', fake_resolv_conf.path, '/etc/resolv.conf', exception: true -- system 'mount', '--bind', '--make-private', fake_nsswitch_conf.path, '/etc/nsswitch.conf', exception: true -- -- # Create a dummy interface with only an IPv4 address -- system 'ip', 'link', 'add', 'dummy0', 'type', 'dummy', exception: true -- system 'ip', 'addr', 'add', '192.168.1.2/24', 'dev', 'dummy0', exception: true -- system 'ip', 'link', 'set', 'dummy0', 'up', exception: true -- system 'ip', 'link', 'set', 'lo', 'up', exception: true -- -- # Disable IPv6 on this interface (this is needed to disable the link-local -- # IPv6 address) -- File.open('/proc/sys/net/ipv6/conf/dummy0/disable_ipv6', 'w') do |f| -- f.puts "1" -- end -- -- # Create a fake DNS server which will receive the DNS queries triggered by TCPSocket.new -- fake_dns_server_socket = UDPSocket.new -- fake_dns_server_socket.bind('127.0.0.1', 53) -- received_dns_queries = [] -- fake_dns_server_thread = Thread.new do -- Socket.udp_server_loop_on([fake_dns_server_socket]) do |msg, msg_src| -- request = Resolv::DNS::Message.decode(msg) -- received_dns_queries << request -- response = request.dup.tap do |r| -- r.qr = 0 -- r.rcode = 3 # NXDOMAIN -- end -- msg_src.reply response.encode -- end -- end -- -- # Make a request which will hit our fake DNS swerver - this needs to be in _another_ -- # process because glibc will cache resolver info across the fork otherwise. -- load_path_args = $LOAD_PATH.flat_map { ['-I', _1] } -- Open3.capture3('/proc/self/exe', *load_path_args, '-rsocket', '-e', <<~RUBY) -- TCPSocket.open('www.example.com', 4444) -- RUBY -- -- fake_dns_server_thread.kill -- fake_dns_server_thread.join -- -- have_aaaa_qs = received_dns_queries.any? do |query| -- query.question.any? do |question| -- question[1] == Resolv::DNS::Resource::IN::AAAA -- end -- end -- -- have_a_q = received_dns_queries.any? do |query| -- query.question.any? do |question| -- question[0].to_s == "www.example.com" -- end -- end -- -- if have_aaaa_qs -- $stdout.write(Marshal.dump({result: :fail, reason: "got AAAA queries, expected none"})) -- elsif !have_a_q -- $stdout.write(Marshal.dump({result: :fail, reason: "got no A query for example.com"})) -- else -- $stdout.write(Marshal.dump({result: :success})) -- end -- rescue => ex -- $stdout.write(Marshal.dump({result: :fail, reason: ex.full_message})) -- ensure -- # Make sure the child process does not transfer control back into the test runner. -- exit! -- end -- else -- test_result = Marshal.load(test_io.read) -- -- case test_result[:result] -- when :skip -- omit test_result[:reason] -- when :fail -- fail test_result[:reason] -- end -- end -- end -- end - end if defined?(TCPSocket) --- -2.43.0 - diff --git a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch index 9ab7078..de93143 100644 --- a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch +++ b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch @@ -1,39 +1,7 @@ -From 8af8f327457738620d2c85bd65db8cc5594585db Mon Sep 17 00:00:00 2001 -From: Yuta Saito -Date: Wed, 27 Dec 2023 06:22:45 +0000 -Subject: [PATCH 1/2] [Bug #20085] Use consistent default options for - `-mbranch-protection` - -We need to use the same options for both C compiler and assembler -when `-mbranch-protection` is guessed by configure. Otherwise, -`coroutine/arm64/Context.{h,S}` will use incompatible PAC strategies. ---- - configure.ac | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 9286946fc1..18b4247991 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -830,7 +830,10 @@ AS_IF([test "$GCC" = yes], [ - AS_FOR(option, opt, [-mbranch-protection=pac-ret -msign-return-address=all], [ - RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) - AS_IF([test "x$branch_protection" = xyes], [ -+ # C compiler and assembler must be consistent for -mbranch-protection -+ # since they both check `__ARM_FEATURE_PAC_DEFAULT` definition. - RUBY_APPEND_OPTION(XCFLAGS, option) -+ RUBY_APPEND_OPTION(ASFLAGS, option) - break - ]) - ]) --- -2.43.0 - - -From 80281e14e411e8e5fe4955effbb2c650a2f52667 Mon Sep 17 00:00:00 2001 +From db4ba95bf12f9303e38a9a78979cd363cb9a19fb Mon Sep 17 00:00:00 2001 From: Jarek Prokop Date: Fri, 12 Jan 2024 18:33:34 +0100 -Subject: [PATCH 2/2] aarch64: Prepend -mbranch-protection=standard option when +Subject: [PATCH] aarch64: Prepend -mbranch-protection=standard option when checking branch protection. Related Upstream issue: https://bugs.ruby-lang.org/issues/20154 @@ -54,6 +22,3 @@ index 18b4247991..5ea8ada8f7 100644 RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) AS_IF([test "x$branch_protection" = xyes], [ # C compiler and assembler must be consistent for -mbranch-protection --- -2.43.0 - diff --git a/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch b/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch deleted file mode 100644 index 34a18e0..0000000 --- a/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch +++ /dev/null @@ -1,256 +0,0 @@ -From d3933fc753187a055a4904af82f5f3794c88c416 Mon Sep 17 00:00:00 2001 -From: Sorah Fukumori -Date: Mon, 1 Jan 2024 20:45:54 +0900 -Subject: [PATCH] [ruby/net-http] Renew test certificates - -The private key is replaced with a public known test key published at -[RFC 9500]. - -Also lifetime has been extended to 10 years from 4 years. - -[RFC 9500]: https://www.rfc-editor.org/rfc/rfc9500.html - -https://github.com/ruby/net-http/commit/4ab6c4a500 ---- - test/net/fixtures/Makefile | 6 +-- - test/net/fixtures/cacert.pem | 44 ++++++++-------- - test/net/fixtures/server.crt | 99 +++++++----------------------------- - test/net/fixtures/server.key | 55 ++++++++++---------- - 4 files changed, 71 insertions(+), 133 deletions(-) - -diff --git a/test/net/fixtures/Makefile b/test/net/fixtures/Makefile -index b2bc9c7368ee2..88c232e3b6c16 100644 ---- a/test/net/fixtures/Makefile -+++ b/test/net/fixtures/Makefile -@@ -5,11 +5,11 @@ regen_certs: - make server.crt - - cacert.pem: server.key -- openssl req -new -x509 -days 1825 -key server.key -out cacert.pem -text -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" -+ openssl req -new -x509 -days 3650 -key server.key -out cacert.pem -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" - - server.csr: -- openssl req -new -key server.key -out server.csr -text -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" -+ openssl req -new -key server.key -out server.csr -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" - - server.crt: server.csr cacert.pem -- openssl x509 -days 1825 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -text -out server.crt -+ openssl x509 -days 3650 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -out server.crt - rm server.csr -diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem -index f623bd62ed375..24c83f1c65225 100644 ---- a/test/net/fixtures/cacert.pem -+++ b/test/net/fixtures/cacert.pem -@@ -1,24 +1,24 @@ - -----BEGIN CERTIFICATE----- --MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD --VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx --FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex --JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy --MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM --B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv --cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz --ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB --CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV --SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI --3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d --BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L --2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R --WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9 --I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw --DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA --of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q --aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS --2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee --uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s --K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+ --mA== -+MIID+zCCAuOgAwIBAgIUGMvHl3EhtKPKcgc3NQSAYfFuC+8wDQYJKoZIhvcNAQEL -+BQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRQwEgYDVQQHDAtN -+YXR6LWUgY2l0eTEXMBUGA1UECgwOUnVieSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1 -+YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAcnVieS1sYW5nLm9y -+ZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEyMjkxMTQ3MjNaMIGMMQswCQYDVQQGEwJK -+UDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkxFzAVBgNV -+BAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0ExJTAjBgkq -+hkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqGSIb3DQEB -+AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI -++1GSqyi1bFBgsRjM0THllIdMbKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0f -+qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0 -+yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe -+NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1 -+JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjUzBRMB0GA1Ud -+DgQWBBSJGVleDvFp9cu9R+E0/OKYzGkwkTAfBgNVHSMEGDAWgBSJGVleDvFp9cu9 -+R+E0/OKYzGkwkTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl -+8GLB8skAWlkSw/FwbUmEV3zyqu+p7PNP5YIYoZs0D74e7yVulGQ6PKMZH5hrZmHo -+orFSQU+VUUirG8nDGj7Rzce8WeWBxsaDGC8CE2dq6nC6LuUwtbdMnBrH0LRWAz48 -+jGFF3jHtVz8VsGfoZTZCjukWqNXvU6hETT9GsfU+PZqbqcTVRPH52+XgYayKdIbD -+r97RM4X3+aXBHcUW0b76eyyi65RR/Xtvn8ioZt2AdX7T2tZzJyXJN3Hupp77s6Ui -+AZR35SToHCZeTZD12YBvLBdaTPLZN7O/Q/aAO9ZiJaZ7SbFOjz813B2hxXab4Fob -+2uJX6eMWTVxYK5D4M9lm - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt -index 5ca78a6d146a0..5d2923795dabc 100644 ---- a/test/net/fixtures/server.crt -+++ b/test/net/fixtures/server.crt -@@ -1,82 +1,21 @@ --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 2 (0x2) -- Signature Algorithm: sha256WithRSAEncryption -- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org -- Validity -- Not Before: Jan 2 03:27:13 2019 GMT -- Not After : Jan 1 03:27:13 2024 GMT -- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Public-Key: (2048 bit) -- Modulus: -- 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07: -- 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48: -- e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57: -- 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67: -- cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1: -- 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7: -- bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc: -- 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1: -- 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9: -- 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19: -- 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04: -- 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3: -- 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4: -- de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d: -- 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc: -- e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d: -- 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10: -- 4f:41 -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- X509v3 Basic Constraints: -- CA:FALSE -- Netscape Comment: -- OpenSSL Generated Certificate -- X509v3 Subject Key Identifier: -- ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36 -- X509v3 Authority Key Identifier: -- keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 -- -- Signature Algorithm: sha256WithRSAEncryption -- 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c: -- ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35: -- 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51: -- fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a: -- 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a: -- 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15: -- 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64: -- 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62: -- d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab: -- 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d: -- 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2: -- 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff: -- 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf: -- da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69: -- fd:be:bd:6e - -----BEGIN CERTIFICATE----- --MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx --EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK --DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI --hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX --DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx --FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ --BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB --AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ --zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj --VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ --wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r --sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d --dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC --AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o --wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N --+J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ --y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW --EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL --Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1 --oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j --28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u -+MIIDYTCCAkkCAQAwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD -+VQQIDAdTaGltYW5lMRQwEgYDVQQHDAtNYXR6LWUgY2l0eTEXMBUGA1UECgwOUnVi -+eSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ -+ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEy -+MjkxMTQ3MjNaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRcwFQYD -+VQQKDA5SdWJ5IENvcmUgVGVhbTESMBAGA1UECwwJUnVieSBUZXN0MRIwEAYDVQQD -+DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ -+Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ -+tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA -+aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a -+a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj -+702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G -+9zKyqGtGAWXAj1MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACtGNdj5TEtnJBYp -+M+LhBeU3oNteldfycEm993gJp6ghWZFg23oX8fVmyEeJr/3Ca9bAgDqg0t9a0npN -+oWKEY6wVKqcHgu3gSvThF5c9KhGbeDDmlTSVVNQmXWX0K2d4lS2cwZHH8mCm2mrY -+PDqlEkSc7k4qSiqigdS8i80Yk+lDXWsm8CjsiC93qaRM7DnS0WPQR0c16S95oM6G -+VklFKUSDAuFjw9aVWA/nahOucjn0w5fVW6lyIlkBslC1ChlaDgJmvhz+Ol3iMsE0 -+kAmFNu2KKPVrpMWaBID49QwQTDyhetNLaVVFM88iUdA9JDoVMEuP1mm39JqyzHTu -+uBrdP4Q= - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key -index 7f2380e71e637..6a83d5bcf4a52 100644 ---- a/test/net/fixtures/server.key -+++ b/test/net/fixtures/server.key -@@ -1,28 +1,27 @@ -------BEGIN PRIVATE KEY----- --MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN --XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU --Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC --6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE --cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ --n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u --/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ --DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho --LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX --QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej --hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ --1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt --liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd --U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc --pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC --A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1 --ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs --oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD --gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ --xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn --kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ --uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ --y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ --g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8 --wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7 --2whRF0FEjKA8ehrNhAq+VFfFNw== -------END PRIVATE KEY----- -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso -+tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE -+89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU -+l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s -+B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59 -+3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+ -+dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI -+FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J -+aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2 -+BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx -+IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/ -+fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u -+pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT -+Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl -+u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD -+fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X -+Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE -+k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo -+qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS -+CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ -+XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw -+AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r -+UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0 -+2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5 -+7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3 -+-----END RSA PRIVATE KEY----- diff --git a/ruby.spec b/ruby.spec index d66a066..e26a8e8 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 0 +%global teeny_version 1 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -27,7 +27,7 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.3 +%global rubygems_version 3.5.9 %global rubygems_molinillo_version 0.8.0 %global rubygems_net_http_version 0.4.0 %global rubygems_net_protocol_version 0.2.2 @@ -35,9 +35,10 @@ %global rubygems_resolv_version 0.3.0 %global rubygems_timeout_version 0.4.1 %global rubygems_tsort_version 0.2.0 +%global rubygems_uri_version 0.13.0 # Default gems. -%global bundler_version 2.5.3 +%global bundler_version 2.5.9 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 %global bundler_net_http_persistent_version 4.0.2 @@ -71,7 +72,7 @@ %global ipaddr_version 1.2.6 %global logger_version 1.6.0 %global mutex_m_version 0.2.0 -%global net_http_version 0.4.0 +%global net_http_version 0.4.1 %global net_protocol_version 0.2.2 %global nkf_version 0.1.3 %global observer_version 0.1.2 @@ -117,14 +118,14 @@ %global irb_version 1.11.0 %global json_version 2.7.1 %global psych_version 5.1.2 -%global rdoc_version 6.6.2 +%global rdoc_version 6.6.3.1 # Bundled gems. %global debug_version 1.9.1 -%global net_ftp_version 0.3.3 -%global net_imap_version 0.4.9 +%global net_ftp_version 0.3.4 +%global net_imap_version 0.4.9.1 %global net_pop_version 0.1.2 -%global net_smtp_version 0.4.0 +%global net_smtp_version 0.4.0.1 %global matrix_version 0.4.2 %global minitest_version 5.20.0 %global power_assert_version 2.0.3 @@ -170,7 +171,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 6%{?dist} +Release: 7%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -273,26 +274,13 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Revert patches causing segfaults in alexandria package. # https://bugs.ruby-lang.org/issues/20079 Patch10: ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch -# Fix net-http test errors due to expired certificate -# https://github.com/ruby/ruby/commit/d3933fc753187a055a4904af82f5f3794c88c416 -# https://bugs.ruby-lang.org/issues/20106 -Patch11: ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch # Armv8.3+ capable CPUs might segfault with incorrect compilation options. # See related upstream report: https://bugs.ruby-lang.org/issues/20085 # https://bugs.ruby-lang.org/issues/20154 Patch12: ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch -# Revert adding AI_ADDRCONFIG flag to getaddrinfo(3) calls. -# It is causing problems when network is in certain, valid, configuration. -# When loopback interface is IPv6 capable, but no regular network interface -# is IPv6 capable, in some situations (such as in TestNetHTTPLocalBind) -# this might result in creating IPv4 socket and then binding it -# to IPv6 family connection. -# That is incorrect behavior and such operation will result in -# Errno::EAFNOSUPPORT exception. -# The point of the upstream change is to workaround a glibc bug -# that is not present for us. Therefore we can safely revert the change. -# https://bugs.ruby-lang.org/issues/20208 -Patch13: ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch +# Fix build issue on i686 due to "incompatible pointer type" error. +# https://bugs.ruby-lang.org/issues/20447 +Patch13: ruby-3.4.0-Fix-pointer-incompatiblity.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -770,7 +758,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch 6 -p1 %patch 9 -p1 %patch 10 -p1 -%patch 11 -p1 %patch 12 -p1 %patch 13 -p1 @@ -987,16 +974,16 @@ checksec --file=%{_vpath_builddir}/libruby.so.%{ruby_version} | \ # Molinillo. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Resolver; end; end; \ - require 'rubygems/resolver/molinillo/lib/molinillo/gem_metadata'; \ + require 'rubygems/vendor/molinillo/lib/molinillo/gem_metadata'; \ puts '%%{rubygems_molinillo_version}: %{rubygems_molinillo_version}'; \ - puts %Q[Gem::Resolver::Molinillo::VERSION: #{Gem::Resolver::Molinillo::VERSION}]; \ - exit 1 if Gem::Resolver::Molinillo::VERSION != '%{rubygems_molinillo_version}'; \ + puts %Q[Gem::Molinillo::VERSION: #{Gem::Molinillo::VERSION}]; \ + exit 1 if Gem::Molinillo::VERSION != '%{rubygems_molinillo_version}'; \ \"" # Net::HTTP. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Net; end; end; \ - require 'rubygems/net-http/lib/net/http'; \ + require 'rubygems/vendor/net-http/lib/net/http'; \ puts '%%{rubygems_net_http_version}: %{rubygems_net_http_version}'; \ puts %Q[Gem::Net::HTTP::VERSION: #{Gem::Net::HTTP::VERSION}]; \ exit 1 if Gem::Net::HTTP::VERSION != '%{rubygems_net_http_version}'; \ @@ -1005,7 +992,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Net::Protocol. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Net; end; end; \ - require 'rubygems/net-protocol/lib/net/protocol'; \ + require 'rubygems/vendor/net-protocol/lib/net/protocol'; \ puts '%%{rubygems_net_protocol_version}: %{rubygems_net_protocol_version}'; \ puts %Q[Gem::Net::Protocol::VERSION: #{Gem::Net::Protocol::VERSION}]; \ exit 1 if Gem::Net::Protocol::VERSION != '%{rubygems_net_protocol_version}'; \ @@ -1014,7 +1001,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # OptParse. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/optparse/lib/optparse'; \ + require 'rubygems/vendor/optparse/lib/optparse'; \ puts '%%{rubygems_optparse_version}: %{rubygems_optparse_version}'; \ puts %Q[Gem::OptionParser::Version: #{Gem::OptionParser::Version}]; \ exit 1 if Gem::OptionParser::Version != '%{rubygems_optparse_version}'; \ @@ -1023,7 +1010,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Resolv. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/resolv/lib/resolv'; \ + require 'rubygems/vendor/resolv/lib/resolv'; \ puts '%%{rubygems_resolv_version}: %{rubygems_resolv_version}'; \ puts %Q[Gem::Resolv::VERSION: #{Gem::Resolv::VERSION}]; \ exit 1 if Gem::Resolv::VERSION != '%{rubygems_resolv_version}'; \ @@ -1032,7 +1019,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Timeout. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/timeout/lib/timeout'; \ + require 'rubygems/vendor/timeout/lib/timeout'; \ puts '%%{rubygems_timeout_version}: %{rubygems_timeout_version}'; \ puts %Q[Gem::Timeout::VERSION: #{Gem::Timeout::VERSION}]; \ exit 1 if Gem::Timeout::VERSION != '%{rubygems_timeout_version}'; \ @@ -1041,12 +1028,21 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # TSort make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/tsort/lib/tsort'; \ + require 'rubygems/vendor/tsort/lib/tsort'; \ puts '%%{rubygems_tsort_version}: %{rubygems_tsort_version}'; \ puts %Q[Gem::TSort::VERSION: #{Gem::TSort::VERSION}]; \ exit 1 if Gem::TSort::VERSION != '%{rubygems_tsort_version}'; \ \"" +# URI. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + module Gem; end; \ + require 'rubygems/vendor/uri/lib/uri/version'; \ + puts '%%{rubygems_uri_version}: %{rubygems_uri_version}'; \ + puts %Q[Gem::URI::VERSION: #{Gem::URI::VERSION}]; \ + exit 1 if Gem::URI::VERSION != '%{rubygems_uri_version}'; \ +\"" + # Check Bundler bundled dependencies versions. # connection_pool. @@ -1718,6 +1714,10 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Tue Apr 23 2024 Vít Ondruch - 3.3.1-7 +- Upgrade to Ruby 3.3.1. + Resolves: rhbz#2276680 + * Fri Apr 12 2024 Vít Ondruch - 3.3.0-6 - Add `bundled` provide for NKF. - License review and fixes of SPDX syntax. diff --git a/sources b/sources index 10a3d0b..f475c60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.0.tar.xz) = 7959c5753bfa0bfc4d6d74060869aabbe9815c1c97930659da11b917ee0803ddbbd80e869e00c48b8694b4ba48709c3b6493fd045568e36e902616c35ababf01 +SHA512 (ruby-3.3.1.tar.xz) = c58e9be9b5ab48191fbf7d67e13f0ec42ee71ed338170e0f7b246708e9cfc617ce65098f5ce7ab32d4305e785642d3e44253462104d5b9c4abcb1a4113f48347 From 1b238cfdec2aeee6e261441c46885eba1b0668ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Wed, 24 Apr 2024 17:35:38 +0200 Subject: [PATCH 04/18] Fix patch to apply cleanly. --- ruby-3.4.0-Fix-pointer-incompatiblity.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby-3.4.0-Fix-pointer-incompatiblity.patch b/ruby-3.4.0-Fix-pointer-incompatiblity.patch index b2ad843..2bd7a53 100644 --- a/ruby-3.4.0-Fix-pointer-incompatiblity.patch +++ b/ruby-3.4.0-Fix-pointer-incompatiblity.patch @@ -13,7 +13,7 @@ diff --git a/time.c b/time.c index 6179b081c02fc9..3304b2f4f4856a 100644 --- a/time.c +++ b/time.c -@@ -2346,7 +2346,7 @@ zone_timelocal(VALUE zone, VALUE time) +@@ -2342,7 +2342,7 @@ zone_timelocal(VALUE zone, VALUE time) struct time_object *tobj = RTYPEDDATA_GET_DATA(time); wideval_t t, s; From 82b7b5fc34a381ab0b6f312efb12faed450ac70f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Wed, 5 Jun 2024 16:11:54 +0200 Subject: [PATCH 05/18] Make sure fortification flags are applied This is example of current build options: ~~~ gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fPIC -m64 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fstack-protector-strong -fno-strict-overflow -fvisibility=hidden -fexcess-precision=standard -DRUBY_EXPORT -I. -I.ext/include/x86_64-linux -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/include -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1 -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/prism -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/enc/unicode/15.0.0 -o dmyext.o -c /builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/dmyext.c ~~~ Please note that there are included Fedora options: ~~~ -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 ~~~ as well as upstream options: ~~~ -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 ~~~ The problem is that the configure script cannot properly detect `_FORTIFY_SOURCE=3` and instead of replacing that option, it includes new definition \[[1]\]. This happens since Fedora started to use `_FORTIFY_SOURCE=3` option. To mitigate this issue, upstream fortification was disabled (this might or might not stay disabled "forever"). These are the build options with this change applied for comparison: ~~~ gcc -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -march=x86-64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -mtls-dialect=gnu2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fPIC -m64 -fstack-protector-strong -fno-strict-overflow -fvisibility=hidden -fexcess-precision=standard -DRUBY_EXPORT -I. -I.ext/include/x86_64-linux -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/include -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1 -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/prism -I/builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/enc/unicode/15.0.0 -o dmyext.o -c /builddir/build/BUILD/ruby-3.3.1-build/ruby-3.3.1/dmyext.c ~~~ [1]: https://bugs.ruby-lang.org/issues/20520 --- ruby.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ruby.spec b/ruby.spec index e26a8e8..539cff0 100644 --- a/ruby.spec +++ b/ruby.spec @@ -171,7 +171,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 7%{?dist} +Release: 8%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -792,6 +792,7 @@ pushd %{_vpath_builddir} --enable-shared \ --with-ruby-version='' \ --enable-multiarch \ + --disable-fortify-source `# Should not really be needed: https://bugs.ruby-lang.org/issues/20520` \ %{?with_yjit: --enable-yjit} \ popd @@ -1714,6 +1715,9 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Tue May 28 2024 Vít Ondruch - 3.3.1-8 +- Make sure fortification flags are applied. + * Tue Apr 23 2024 Vít Ondruch - 3.3.1-7 - Upgrade to Ruby 3.3.1. Resolves: rhbz#2276680 From d3d6d1a56c071f62565544b2780d4ace8a4d0361 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Thu, 6 Jun 2024 16:06:24 +0200 Subject: [PATCH 06/18] Upgrade to Ruby 3.3.2. Resolves: rhbz#2284020 --- ...0-Enable-configuration-of-archlibdir.patch | 2 +- ...ed-paths-when-empty-version-string-i.patch | 2 +- ruby-2.1.0-always-use-i386.patch | 2 +- ruby-2.1.0-custom-rubygems-location.patch | 4 +-- ruby-2.3.0-ruby_version.patch | 8 +++--- ...ocations-in-Hash-compare_by_identity.patch | 6 ++--- ...ADER-didn-t-define-HAVE-header-file-.patch | 27 +++++++++++++++++++ ...ranch-protection-compilation-for-arm.patch | 2 +- ruby.spec | 20 +++++++++----- sources | 2 +- 10 files changed, 55 insertions(+), 20 deletions(-) create mode 100644 ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch diff --git a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index acd58b9..692a40b 100644 --- a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3473,6 +3473,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3478,6 +3478,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index 996486a..e96ce39 100644 --- a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4312,7 +4312,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4317,7 +4317,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/ruby-2.1.0-always-use-i386.patch b/ruby-2.1.0-always-use-i386.patch index 38eba5e..c990ede 100644 --- a/ruby-2.1.0-always-use-i386.patch +++ b/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4376,6 +4376,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4381,6 +4381,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/ruby-2.1.0-custom-rubygems-location.patch b/ruby-2.1.0-custom-rubygems-location.patch index 98dd7ac..dd81419 100644 --- a/ruby-2.1.0-custom-rubygems-location.patch +++ b/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4348,6 +4348,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4353,6 +4353,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4372,6 +4376,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4377,6 +4381,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/ruby-2.3.0-ruby_version.patch b/ruby-2.3.0-ruby_version.patch index 6ba802e..8e9fd2b 100644 --- a/ruby-2.3.0-ruby_version.patch +++ b/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -4262,9 +4262,6 @@ AS_CASE(["$target_os"], +@@ -4267,9 +4267,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4287,57 +4284,63 @@ AC_ARG_WITH(ridir, +@@ -4292,57 +4289,63 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -122,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4354,6 +4357,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4359,6 +4362,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl @@ -262,7 +262,7 @@ diff --git a/configure.ac b/configure.ac index a00f2b6776..999e2d6d5d 100644 --- a/configure.ac +++ b/configure.ac -@@ -135,7 +135,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"` +@@ -136,7 +136,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"` RUBYW_BASE_NAME=`echo rubyw | sed "$program_transform_name"` AC_SUBST(RUBY_BASE_NAME) AC_SUBST(RUBYW_BASE_NAME) diff --git a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch index 23a6db8..f84a301 100644 --- a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch +++ b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch @@ -13,7 +13,7 @@ diff --git a/hash.c b/hash.c index 78e9d9a2d6..f6525ba4a5 100644 --- a/hash.c +++ b/hash.c -@@ -4385,16 +4385,13 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4382,16 +4382,13 @@ rb_hash_compare_by_id(VALUE hash) if (hash_iterating_p(hash)) { rb_raise(rb_eRuntimeError, "compare_by_identity during iteration"); } @@ -33,7 +33,7 @@ index 78e9d9a2d6..f6525ba4a5 100644 // Slow path: Need to rehash the members of `self` into a new // `tmp` table using the new `identhash` compare/hash functions. tmp = hash_alloc(0); -@@ -4402,10 +4399,8 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4399,10 +4396,8 @@ rb_hash_compare_by_id(VALUE hash) identtable = RHASH_ST_TABLE(tmp); rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); @@ -60,7 +60,7 @@ diff --git a/hash.c b/hash.c index f6525ba4a5..cf83675c70 100644 --- a/hash.c +++ b/hash.c -@@ -4388,22 +4388,15 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4385,22 +4385,15 @@ rb_hash_compare_by_id(VALUE hash) ar_force_convert_table(hash, __FILE__, __LINE__); HASH_ASSERT(RHASH_ST_TABLE_P(hash)); diff --git a/ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch b/ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch new file mode 100644 index 0000000..7f6a83d --- /dev/null +++ b/ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch @@ -0,0 +1,27 @@ +From d6d22e457475e3d2f8e4878bb97e2780ca2f83d6 Mon Sep 17 00:00:00 2001 +From: Sorah Fukumori +Date: Fri, 31 May 2024 02:16:10 +0900 +Subject: [PATCH] RUBY_CHECK_HEADER didn't define HAVE_{header-file} + +--with-gmp is not working at all because HAVE_GMP_H +was missing since 18eaf0be90. [Bug #20515] + +bug: https://bugs.ruby-lang.org/issues/20515 +follow-up: https://bugs.ruby-lang.org/issues/20494 +follow-up: 18eaf0be905e3e251423b42d6f4e56b7cae1bc3b +--- + tool/m4/ruby_check_header.m4 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tool/m4/ruby_check_header.m4 b/tool/m4/ruby_check_header.m4 +index 171455549e3362..6fec9d16c5bcf1 100644 +--- a/tool/m4/ruby_check_header.m4 ++++ b/tool/m4/ruby_check_header.m4 +@@ -3,6 +3,6 @@ AC_DEFUN([RUBY_CHECK_HEADER], + [# RUBY_CHECK_HEADER($@) + save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS m4_if([$5], [], [$INCFLAGS], [$5])" +- AC_CHECK_HEADER([$1], [$2], [$3], [$4]) ++ AC_CHECK_HEADERS([$1], [$2], [$3], [$4]) + CPPFLAGS="$save_CPPFLAGS" + unset save_CPPFLAGS]) diff --git a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch index de93143..45ed5a9 100644 --- a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch +++ b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch @@ -13,7 +13,7 @@ diff --git a/configure.ac b/configure.ac index 18b4247991..5ea8ada8f7 100644 --- a/configure.ac +++ b/configure.ac -@@ -827,7 +827,7 @@ AS_IF([test "$GCC" = yes], [ +@@ -828,7 +828,7 @@ AS_IF([test "$GCC" = yes], [ # aarch64 branch protection AS_CASE(["$target_cpu"], [aarch64], [ diff --git a/ruby.spec b/ruby.spec index 539cff0..7048520 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 1 +%global teeny_version 2 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -10,7 +10,7 @@ #%%global milestone rc1 # Keep the revision enabled for pre-releases from GIT. -#%%global revision 5124f9ac75 +#%%global revision e5a195edf6 %global ruby_archive %{name}-%{ruby_version} @@ -86,7 +86,7 @@ %global prettyprint_version 0.2.0 %global pstore_version 0.1.3 %global readline_version 0.0.4 -%global reline_version 0.4.1 +%global reline_version 0.5.7 %global resolv_version 0.3.0 %global resolv_replace_version 0.1.1 %global rinda_version 0.2.0 @@ -110,12 +110,12 @@ %global win32ole_version 1.8.10 %global yaml_version 0.3.0 %global prism_version 0.19.0 -%global zlib_version 3.1.0 +%global zlib_version 3.1.1 # Gemified default gems. %global bigdecimal_version 3.1.5 %global io_console_version 0.7.1 -%global irb_version 1.11.0 +%global irb_version 1.13.1 %global json_version 2.7.1 %global psych_version 5.1.2 %global rdoc_version 6.6.3.1 @@ -171,7 +171,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 8%{?dist} +Release: 9%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -281,6 +281,9 @@ Patch12: ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch # Fix build issue on i686 due to "incompatible pointer type" error. # https://bugs.ruby-lang.org/issues/20447 Patch13: ruby-3.4.0-Fix-pointer-incompatiblity.patch +# Fix GMP support +# https://bugs.ruby-lang.org/issues/20515 +Patch14: ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -760,6 +763,7 @@ analysis result in RBS format, a standard type description format for Ruby %patch 10 -p1 %patch 12 -p1 %patch 13 -p1 +%patch 14 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -1715,6 +1719,10 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Thu Jun 06 2024 Vít Ondruch - 3.3.2-9 +- Upgrade to Ruby 3.3.2. + Resolves: rhbz#2284020 + * Tue May 28 2024 Vít Ondruch - 3.3.1-8 - Make sure fortification flags are applied. diff --git a/sources b/sources index f475c60..b8e4495 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.1.tar.xz) = c58e9be9b5ab48191fbf7d67e13f0ec42ee71ed338170e0f7b246708e9cfc617ce65098f5ce7ab32d4305e785642d3e44253462104d5b9c4abcb1a4113f48347 +SHA512 (ruby-3.3.2.tar.xz) = f2c4fb0d7c80aa46cdd80ad54ffee614e95d2fbad0554b6ce81f42fa5b891aaea63ddfd5b962e28508a4c835f9abf091a05a2e1234ef08c3e71af522a029c4e1 From f6269447a3fcb916fdb6b8c644c61573d0b35c35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Thu, 6 Jun 2024 19:08:22 +0200 Subject: [PATCH 07/18] Drop patch which was needed for alexandria It seems it build just fine now. --- ...ocations-in-Hash-compare_by_identity.patch | 92 ------------------- ruby.spec | 4 - 2 files changed, 96 deletions(-) delete mode 100644 ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch diff --git a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch deleted file mode 100644 index f84a301..0000000 --- a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 8944a064d0fd7947b8c2b6c761be3e3a0c9073af Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Fri, 22 Dec 2023 14:16:48 +0100 -Subject: [PATCH 1/2] Revert "compare_by_identity: remove alloc for non-empty - Hash" - -This reverts commit 11fa76b1b521072c200c78ea023960221ff426d6. ---- - hash.c | 13 ++++--------- - 1 file changed, 4 insertions(+), 9 deletions(-) - -diff --git a/hash.c b/hash.c -index 78e9d9a2d6..f6525ba4a5 100644 ---- a/hash.c -+++ b/hash.c -@@ -4382,16 +4382,13 @@ rb_hash_compare_by_id(VALUE hash) - if (hash_iterating_p(hash)) { - rb_raise(rb_eRuntimeError, "compare_by_identity during iteration"); - } -+ ar_force_convert_table(hash, __FILE__, __LINE__); -+ HASH_ASSERT(RHASH_ST_TABLE_P(hash)); - - if (RHASH_TABLE_EMPTY_P(hash)) { - // Fast path: There's nothing to rehash, so we don't need a `tmp` table. -- // We're most likely an AR table, so this will need an allocation. -- ar_force_convert_table(hash, __FILE__, __LINE__); -- HASH_ASSERT(RHASH_ST_TABLE_P(hash)); -- - RHASH_ST_TABLE(hash)->type = &identhash; -- } -- else { -+ } else { - // Slow path: Need to rehash the members of `self` into a new - // `tmp` table using the new `identhash` compare/hash functions. - tmp = hash_alloc(0); -@@ -4399,10 +4396,8 @@ rb_hash_compare_by_id(VALUE hash) - identtable = RHASH_ST_TABLE(tmp); - - rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); -- rb_hash_free(hash); - -- // We know for sure `identtable` is an st table, -- // so we can skip `ar_force_convert_table` here. -+ rb_hash_free(hash); - RHASH_ST_TABLE_SET(hash, identtable); - RHASH_ST_CLEAR(tmp); - } - -From f5c415300ffe63e41e46c6b88b8634a3bad0c7c2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Fri, 22 Dec 2023 14:17:14 +0100 -Subject: [PATCH 2/2] Revert "compare_by_identity: remove alloc for empty Hash" - -This reverts commit b5c6c0122f5b010cb5f43e7a236c4ba2b1d56a2a. ---- - hash.c | 21 +++++++-------------- - 1 file changed, 7 insertions(+), 14 deletions(-) - -diff --git a/hash.c b/hash.c -index f6525ba4a5..cf83675c70 100644 ---- a/hash.c -+++ b/hash.c -@@ -4385,22 +4385,15 @@ rb_hash_compare_by_id(VALUE hash) - ar_force_convert_table(hash, __FILE__, __LINE__); - HASH_ASSERT(RHASH_ST_TABLE_P(hash)); - -- if (RHASH_TABLE_EMPTY_P(hash)) { -- // Fast path: There's nothing to rehash, so we don't need a `tmp` table. -- RHASH_ST_TABLE(hash)->type = &identhash; -- } else { -- // Slow path: Need to rehash the members of `self` into a new -- // `tmp` table using the new `identhash` compare/hash functions. -- tmp = hash_alloc(0); -- hash_st_table_init(tmp, &identhash, RHASH_SIZE(hash)); -- identtable = RHASH_ST_TABLE(tmp); -+ tmp = hash_alloc(0); -+ hash_st_table_init(tmp, &identhash, RHASH_SIZE(hash)); -+ identtable = RHASH_ST_TABLE(tmp); - -- rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); -+ rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); - -- rb_hash_free(hash); -- RHASH_ST_TABLE_SET(hash, identtable); -- RHASH_ST_CLEAR(tmp); -- } -+ rb_hash_free(hash); -+ RHASH_ST_TABLE_SET(hash, identtable); -+ RHASH_ST_CLEAR(tmp); - - return hash; - } diff --git a/ruby.spec b/ruby.spec index 7048520..0f49d35 100644 --- a/ruby.spec +++ b/ruby.spec @@ -271,9 +271,6 @@ Patch6: ruby-2.7.0-Initialize-ABRT-hook.patch # Disable syntax_suggest test suite, which tries to download its dependencies. # https://bugs.ruby-lang.org/issues/19297 Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch -# Revert patches causing segfaults in alexandria package. -# https://bugs.ruby-lang.org/issues/20079 -Patch10: ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch # Armv8.3+ capable CPUs might segfault with incorrect compilation options. # See related upstream report: https://bugs.ruby-lang.org/issues/20085 # https://bugs.ruby-lang.org/issues/20154 @@ -760,7 +757,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch 4 -p1 %patch 6 -p1 %patch 9 -p1 -%patch 10 -p1 %patch 12 -p1 %patch 13 -p1 %patch 14 -p1 From b2beb586f287f713208172bb0b0f633c198dfb0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Fri, 7 Jun 2024 12:25:48 +0200 Subject: [PATCH 08/18] Fix generators for RPM 4.20 compatibility RPM 4.20 introduce per-build directory. However, this also brings some issues where `%{_builddir}` might have different value in different context, leading to issues such as: ~~~ Processing files: ruby-default-gems-3.3.1-8.fc41.noarch make: *** /builddir/build/BUILD/ruby-3.3.1/redhat-linux-build: No such file or directory. Stop. ~~~ Therefore the generators are not executed properly. Use `%define` instead of `%global`, because those are laze evaluated and actually suggested by RPM upstream: https://github.com/rpm-software-management/rpm/issues/3151 --- ruby.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby.spec b/ruby.spec index 0f49d35..346a8dd 100644 --- a/ruby.spec +++ b/ruby.spec @@ -239,10 +239,10 @@ Source15: test_openssl_fips.rb %{load:%{SOURCE4}} %{load:%{SOURCE5}} -%global __local_generator_requires make -C %{_builddir}/%{buildsubdir}/%{_vpath_builddir} -s runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE9}" -%global __local_generator_provides make -C %{_builddir}/%{buildsubdir}/%{_vpath_builddir} -s runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE10}" -%global __local_generator_conflicts make -C %{_builddir}/%{buildsubdir}/%{_vpath_builddir} -s runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE11}" -%global __local_generator_path ^%{gem_dir}/specifications/.*\.gemspec$ +%define __local_generator_requires make -C %{_builddir}/%{buildsubdir}/%{_vpath_builddir} -s runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE9}" +%define __local_generator_provides make -C %{_builddir}/%{buildsubdir}/%{_vpath_builddir} -s runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE10}" +%define __local_generator_conflicts make -C %{_builddir}/%{buildsubdir}/%{_vpath_builddir} -s runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE11}" +%define __local_generator_path ^%{gem_dir}/specifications/.*\.gemspec$ # Fix ruby_version abuse. # https://bugs.ruby-lang.org/issues/11002 From d6afcec77c844a652beb70ad9cf9801a0e6d7b35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Tue, 18 Jun 2024 12:28:13 +0200 Subject: [PATCH 09/18] Make sure hardening configuration flags are correctly applied. Previously, upstream flags were overriding our configuration flags, therefore we had two workarounds in place. This commit replaces these workarounds by upstream solution. While it should not result in any functional changes, it is be better to have this patch in place to make easier to spot when it is not needed anymore. --- ...GS-to-a-special-hardenflags-variable.patch | 302 ++++++++++++++++++ ...ranch-protection-compilation-for-arm.patch | 24 -- ruby.spec | 10 +- 3 files changed, 309 insertions(+), 27 deletions(-) create mode 100644 ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch delete mode 100644 ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch diff --git a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch new file mode 100644 index 0000000..b03b618 --- /dev/null +++ b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch @@ -0,0 +1,302 @@ +From 3d405634f43d39079ee93cdc59ed7fc0a5e8917a Mon Sep 17 00:00:00 2001 +From: KJ Tsanaktsidis +Date: Sun, 9 Jun 2024 21:15:39 +1000 +Subject: [PATCH] Extract hardening CFLAGS to a special $hardenflags variable + +This changes the automatic detection of -fstack-protector, +-D_FORTIFY_SOURCE, and -mbranch-protection to write to $hardenflags +instead of $XCFLAGS. The definition of $cflags is changed to +"$hardenflags $orig_cflags $optflags $debugflags $warnflags" to match. + +Furthermore, these flags are _prepended_ to $hardenflags, rather than +appended. + +The implications of doing this are as follows: + +* If a CRuby builder specifies cflags="-mbranch-protection=foobar" at + the ./configure script, and the configure script detects that + -mbranch-protection=pac-ret is accepted, then GCC will be invoked as + "gcc -mbranch-protection=pac-ret -mbranch-protection=foobar". Since + the last flags take precedence, that means that user-supplied values + of these flags in $cflags will take priority. +* Likewise, if a CRuby builder explicitly specifies + "hardenflags=-mbranch-protection=foobar", because we _prepend_ to + $hardenflags in our autoconf script, we will still invoke GCC as + "gcc -mbranch-protection=pac-ret -mbranch-protection=foobar". +* If a CRuby builder specifies CFLAGS="..." at the configure line, + automatic detection of hardening flags is ignored as before. +* C extensions will _also_ be built with hardening flags now as well + (this was not the case by default before because the detected flags + went into $XCFLAGS). + +Additionally, as part of this work, I changed how the detection of +PAC/BTI in Context.S works. Rather than appending the autodetected +option to ASFLAGS, we simply compile a set of test programs with the +actual CFLAGS in use to determine what PAC/BTI settings were actually +chosen by the builder. Context.S is made aware of these choices through +some custom macros. + +The result of this work is that: + +* Ruby will continue to choose some sensible defaults for hardening + options for the C compiler +* Distributors are able to specify CFLAGS that are consistent with their + distribution and override these defaults +* Context.S will react to whatever -mbranch-protection is actually in + use, not what was autodetected +* Extensions get built with hardening flags too. + +[Bug #20154] +[Bug #20520] +--- + configure.ac | 81 ++++++++++++++++++++++++++++++----- + coroutine/arm64/Context.S | 14 +++--- + template/Makefile.in | 1 + + tool/m4/ruby_append_option.m4 | 4 ++ + tool/m4/ruby_try_cflags.m4 | 17 ++++++++ + 5 files changed, 100 insertions(+), 17 deletions(-) + +diff --git a/configure.ac b/configure.ac +index f35fad6a362611..0da15772d36671 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -352,7 +352,7 @@ test -z "$warnflags" || + AS_IF([test -z "${CFLAGS+set}"], [ + cflags=`echo " $cflags " | sed "$cflagspat;s/^ *//;s/ *$//"` + orig_cflags="$cflags" +- cflags="$cflags "'${optflags} ${debugflags} ${warnflags}' ++ cflags='${hardenflags} '"$cflags "'${optflags} ${debugflags} ${warnflags}' + ]) + dnl AS_IF([test -z "${CXXFLAGS+set}"], [ + dnl cxxflags=`echo " $cxxflags " | sed "$cflagspat;s/^ *//;s/ *$//"` +@@ -800,7 +800,7 @@ AS_IF([test "$GCC" = yes], [ + [fortify_source=$enableval]) + AS_IF([test "x$fortify_source" != xno], [ + RUBY_TRY_CFLAGS([$optflags -D_FORTIFY_SOURCE=2], +- [RUBY_APPEND_OPTION(XCFLAGS, -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2)], [], ++ [RUBY_PREPEND_OPTION(hardenflags, -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2)], [], + [@%:@include ]) + ]) + +@@ -821,20 +821,24 @@ AS_IF([test "$GCC" = yes], [ + AC_MSG_CHECKING([for -fstack-protector]) + AC_MSG_RESULT(["$stack_protector"]) + AS_CASE(["$stack_protector"], [-*], [ +- RUBY_APPEND_OPTION(XCFLAGS, $stack_protector) +- RUBY_APPEND_OPTION(XLDFLAGS, $stack_protector) +- RUBY_APPEND_OPTION(LDFLAGS, $stack_protector) ++ RUBY_PREPEND_OPTION(hardenflags, $stack_protector) ++ RUBY_APPEND_OPTION(XLDFLAGS, $stack_protector) ++ RUBY_APPEND_OPTION(LDFLAGS, $stack_protector) + ]) + + # aarch64 branch protection + AS_CASE(["$target_cpu"], [aarch64], [ + AS_FOR(option, opt, [-mbranch-protection=pac-ret -msign-return-address=all], [ +- RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) ++ # Try these flags in the _prepended_ position - i.e. we want to try building a program ++ # with CFLAGS="-mbranch-protection=pac-ret $CFLAGS". If the builder has provided different ++ # branch protection flags in CFLAGS, we don't want to overwrite those. We just want to ++ # find some branch protection flags which work if none were provided. ++ RUBY_TRY_CFLAGS_PREPEND(option, [branch_protection=yes], [branch_protection=no]) + AS_IF([test "x$branch_protection" = xyes], [ +- # C compiler and assembler must be consistent for -mbranch-protection +- # since they both check `__ARM_FEATURE_PAC_DEFAULT` definition. +- RUBY_APPEND_OPTION(XCFLAGS, option) +- RUBY_APPEND_OPTION(ASFLAGS, option) ++ # _prepend_ the options to CFLAGS, so that user-provided flags will overwrite them. ++ # These CFLAGS are used during the configure script to compile further test programs; ++ # however, $harden_flags is prepended separately to CFLAGS at the end of the script. ++ RUBY_PREPEND_OPTION(hardenflags, $opt) + break + ]) + ]) +@@ -983,6 +987,59 @@ AC_SUBST(incflags, "$INCFLAGS") + test -z "${ac_env_CXXFLAGS_set}" -a -n "${cxxflags+set}" && eval CXXFLAGS="\"$cxxflags $ARCH_FLAG\"" + } + ++# The lines above expand out the $cflags/$optflags/$debugflags/$hardenflags variables into the ++# CFLAGS variable. So, at this point, we have a $CFLAGS var with the actual compiler flags we're ++# going to use. ++# That means this is the right time to check what branch protection flags are going to be in use ++# and define appropriate macros for use in Context.S based on this ++AS_CASE(["$target_cpu"], [aarch64], [ ++ AC_CACHE_CHECK([whether __ARM_FEATURE_BTI_DEFAULT is defined], ++ rb_cv_aarch64_bti_enabled, ++ AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM([[ ++ @%:@ifndef __ARM_FEATURE_BTI_DEFAULT ++ @%:@error "__ARM_FEATURE_BTI_DEFAULT not defined" ++ @%:@endif ++ ]])], ++ [rb_cv_aarch64_bti_enabled=yes], ++ [rb_cv_aarch64_bti_enabled=no]) ++ ) ++ AS_IF([test "$rb_cv_aarch64_bti_enabled" = yes], ++ AC_DEFINE(RUBY_AARCH64_BTI_ENABLED, 1)) ++ AC_CACHE_CHECK([whether __ARM_FEATURE_PAC_DEFAULT is defined], ++ rb_cv_aarch64_pac_enabled, ++ AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM([[ ++ @%:@ifndef __ARM_FEATURE_PAC_DEFAULT ++ @%:@error "__ARM_FEATURE_PAC_DEFAULT not defined" ++ @%:@endif ++ ]])], ++ [rb_cv_aarch64_pac_enabled=yes], ++ [rb_cv_aarch64_pac_enabled=no]) ++ ) ++ AS_IF([test "$rb_cv_aarch64_pac_enabled" = yes], ++ AC_DEFINE(RUBY_AARCH64_PAC_ENABLED, 1)) ++ # Context.S will only ever sign its return address with the A-key; it doesn't support ++ # the B-key at the moment. ++ AS_IF([test "$rb_cv_aarch64_pac_enabled" = yes], [ ++ AC_CACHE_CHECK([whether __ARM_FEATURE_PAC_DEFAULT specifies the b-key bit 0x02], ++ rb_cv_aarch64_pac_b_key, ++ AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM([[ ++ @%:@ifdef __ARM_FEATURE_PAC_DEFAULT ++ @%:@if __ARM_FEATURE_PAC_DEFAULT & 0x02 ++ @%:@error "__ARM_FEATURE_PAC_DEFAULT specifies B key" ++ @%:@endif ++ @%:@endif ++ ]])], ++ [rb_cv_aarch64_pac_b_key=no], ++ [rb_cv_aarch64_pac_b_key=yes]) ++ ) ++ AS_IF([test "$rb_cv_aarch64_pac_b_key" = yes], ++ AC_MSG_ERROR(-mbranch-protection flag specified b-key but Ruby's Context.S does not support this yet.)) ++ ]) ++]) ++ + AC_CACHE_CHECK([whether compiler has statement and declarations in expressions], + rb_cv_have_stmt_and_decl_in_expr, + [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[ __extension__ ({ int a = 0; a; }); ]])], +@@ -4211,12 +4268,13 @@ AS_IF([test "${ARCH_FLAG}"], [ + rb_cv_warnflags=`echo "$rb_cv_warnflags" | sed 's/^ *//;s/ *$//'` + warnflags="$rb_cv_warnflags" + AC_SUBST(cppflags)dnl +-AC_SUBST(cflags, ["${orig_cflags:+$orig_cflags }"'${optflags} ${debugflags} ${warnflags}'])dnl ++AC_SUBST(cflags, ['${hardenflags} '"${orig_cflags:+$orig_cflags }"' ${optflags} ${debugflags} ${warnflags}'])dnl + AC_SUBST(cxxflags)dnl + AC_SUBST(optflags)dnl + AC_SUBST(debugflags)dnl + AC_SUBST(warnflags)dnl + AC_SUBST(strict_warnflags)dnl ++AC_SUBST(hardenflags)dnl + AC_SUBST(XCFLAGS)dnl + AC_SUBST(XLDFLAGS)dnl + AC_SUBST(EXTLDFLAGS)dnl +@@ -4684,6 +4742,7 @@ config_summary "DLDFLAGS" "$DLDFLAGS" + config_summary "optflags" "$optflags" + config_summary "debugflags" "$debugflags" + config_summary "warnflags" "$warnflags" ++config_summary "hardenflags" "$hardenflags" + config_summary "strip command" "$STRIP" + config_summary "install doc" "$DOCTARGETS" + config_summary "YJIT support" "$YJIT_SUPPORT" +diff --git a/coroutine/arm64/Context.S b/coroutine/arm64/Context.S +index 5251ab214df1f0..54611a247e2f66 100644 +--- a/coroutine/arm64/Context.S ++++ b/coroutine/arm64/Context.S +@@ -5,6 +5,8 @@ + ## Copyright, 2018, by Samuel Williams. + ## + ++#include "ruby/config.h" ++ + #define TOKEN_PASTE(x,y) x##y + #define PREFIXED_SYMBOL(prefix,name) TOKEN_PASTE(prefix,name) + +@@ -27,10 +29,10 @@ + .global PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer) + PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): + +-#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT != 0) ++#if defined(RUBY_AARCH64_PAC_ENABLED) + # paciasp (it also acts as BTI landing pad, so no need to insert BTI also) + hint #25 +-#elif defined(__ARM_FEATURE_BTI_DEFAULT) && (__ARM_FEATURE_BTI_DEFAULT != 0) ++#elif defined(RUBY_AARCH64_BTI_ENABLED) + # For the the case PAC is not enabled but BTI is. + # bti c + hint #34 +@@ -73,7 +75,7 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): + # Pop stack frame + add sp, sp, 0xa0 + +-#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT != 0) ++#if defined(RUBY_AARCH64_PAC_ENABLED) + # autiasp: Authenticate x30 (LR) with SP and key A + hint #29 + #endif +@@ -85,18 +87,18 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): + .section .note.GNU-stack,"",%progbits + #endif + +-#if __ARM_FEATURE_BTI_DEFAULT != 0 || __ARM_FEATURE_PAC_DEFAULT != 0 ++#if defined(RUBY_AARCH64_BTI_ENABLED) || defined(RUBY_AARCH64_PAC_ENABLED) + /* See "ELF for the Arm 64-bit Architecture (AArch64)" + https://github.com/ARM-software/abi-aa/blob/2023Q3/aaelf64/aaelf64.rst#program-property */ + # define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1<<0) + # define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1<<1) + +-# if __ARM_FEATURE_BTI_DEFAULT != 0 ++# if defined(RUBY_AARCH64_BTI_ENABLED) + # define BTI_FLAG GNU_PROPERTY_AARCH64_FEATURE_1_BTI + # else + # define BTI_FLAG 0 + # endif +-# if __ARM_FEATURE_PAC_DEFAULT != 0 ++# if defined(RUBY_AARCH64_PAC_ENABLED) + # define PAC_FLAG GNU_PROPERTY_AARCH64_FEATURE_1_PAC + # else + # define PAC_FLAG 0 +diff --git a/template/Makefile.in b/template/Makefile.in +index 033ac56cb38886..abb4469777ce8a 100644 +--- a/template/Makefile.in ++++ b/template/Makefile.in +@@ -89,6 +89,7 @@ cflags = @cflags@ + optflags = @optflags@ + debugflags = @debugflags@ + warnflags = @warnflags@ @strict_warnflags@ ++hardenflags = @hardenflags@ + cppflags = @cppflags@ + incflags = @incflags@ + RUBY_DEVEL = @RUBY_DEVEL@ # "yes" or empty +diff --git a/tool/m4/ruby_append_option.m4 b/tool/m4/ruby_append_option.m4 +index ff828d2162c22f..98359fa1f95f52 100644 +--- a/tool/m4/ruby_append_option.m4 ++++ b/tool/m4/ruby_append_option.m4 +@@ -3,3 +3,7 @@ AC_DEFUN([RUBY_APPEND_OPTION], + [# RUBY_APPEND_OPTION($1) + AS_CASE([" [$]{$1-} "], + [*" $2 "*], [], [' '], [ $1="$2"], [ $1="[$]$1 $2"])])dnl ++AC_DEFUN([RUBY_PREPEND_OPTION], ++ [# RUBY_APPEND_OPTION($1) ++ AS_CASE([" [$]{$1-} "], ++ [*" $2 "*], [], [' '], [ $1="$2"], [ $1="$2 [$]$1"])])dnl +diff --git a/tool/m4/ruby_try_cflags.m4 b/tool/m4/ruby_try_cflags.m4 +index b74718fe5e1cef..b397642aad9ca2 100644 +--- a/tool/m4/ruby_try_cflags.m4 ++++ b/tool/m4/ruby_try_cflags.m4 +@@ -17,3 +17,20 @@ AC_DEFUN([RUBY_TRY_CFLAGS], [ + AC_MSG_RESULT(no)]) + ]) + ])dnl ++ ++AC_DEFUN([_RUBY_TRY_CFLAGS_PREPEND], [ ++ RUBY_WERROR_FLAG([ ++ CFLAGS="$1 [$]CFLAGS" ++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[$4]], [[$5]])], ++ [$2], [$3]) ++ ])dnl ++])dnl ++AC_DEFUN([RUBY_TRY_CFLAGS_PREPEND], [ ++ AC_MSG_CHECKING([whether ]$1[ is accepted as CFLAGS])dnl ++ _RUBY_TRY_CFLAGS_PREPEND([$1], ++ [$2 ++ AC_MSG_RESULT(yes)], ++ [$3 ++ AC_MSG_RESULT(no)], ++ [$4], [$5]) ++])dnl diff --git a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch deleted file mode 100644 index 45ed5a9..0000000 --- a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch +++ /dev/null @@ -1,24 +0,0 @@ -From db4ba95bf12f9303e38a9a78979cd363cb9a19fb Mon Sep 17 00:00:00 2001 -From: Jarek Prokop -Date: Fri, 12 Jan 2024 18:33:34 +0100 -Subject: [PATCH] aarch64: Prepend -mbranch-protection=standard option when - checking branch protection. - -Related Upstream issue: https://bugs.ruby-lang.org/issues/20154 ---- - configure.ac | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/configure.ac b/configure.ac -index 18b4247991..5ea8ada8f7 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -828,7 +828,7 @@ AS_IF([test "$GCC" = yes], [ - - # aarch64 branch protection - AS_CASE(["$target_cpu"], [aarch64], [ -- AS_FOR(option, opt, [-mbranch-protection=pac-ret -msign-return-address=all], [ -+ AS_FOR(option, opt, [-mbranch-protection=standard -mbranch-protection=pac-ret -msign-return-address=all], [ - RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) - AS_IF([test "x$branch_protection" = xyes], [ - # C compiler and assembler must be consistent for -mbranch-protection diff --git a/ruby.spec b/ruby.spec index 346a8dd..883a192 100644 --- a/ruby.spec +++ b/ruby.spec @@ -171,7 +171,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 9%{?dist} +Release: 10%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -274,7 +274,9 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Armv8.3+ capable CPUs might segfault with incorrect compilation options. # See related upstream report: https://bugs.ruby-lang.org/issues/20085 # https://bugs.ruby-lang.org/issues/20154 -Patch12: ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch +# Make sure hardeding flags are correctly applied. +# https://bugs.ruby-lang.org/issues/20520 +Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch # Fix build issue on i686 due to "incompatible pointer type" error. # https://bugs.ruby-lang.org/issues/20447 Patch13: ruby-3.4.0-Fix-pointer-incompatiblity.patch @@ -792,7 +794,6 @@ pushd %{_vpath_builddir} --enable-shared \ --with-ruby-version='' \ --enable-multiarch \ - --disable-fortify-source `# Should not really be needed: https://bugs.ruby-lang.org/issues/20520` \ %{?with_yjit: --enable-yjit} \ popd @@ -1715,6 +1716,9 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Tue Jun 18 2024 Vít Ondruch - 3.3.2-10 +- Make sure hardening configuration flags are correctly applied. + * Thu Jun 06 2024 Vít Ondruch - 3.3.2-9 - Upgrade to Ruby 3.3.2. Resolves: rhbz#2284020 From fc65e1e69ba7889935983dd7237f8312aa5d677c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Wed, 10 Jul 2024 11:04:00 +0200 Subject: [PATCH 10/18] Upgrade to Ruby 3.3.4. Resolves: rhbz#2292052 --- ...0-Enable-configuration-of-archlibdir.patch | 2 +- ...ed-paths-when-empty-version-string-i.patch | 2 +- ruby-2.1.0-always-use-i386.patch | 2 +- ruby-2.1.0-custom-rubygems-location.patch | 4 +-- ruby-2.3.0-ruby_version.patch | 10 +++---- ruby-2.7.0-Initialize-ABRT-hook.patch | 2 +- ...ADER-didn-t-define-HAVE-header-file-.patch | 27 ------------------ ...GS-to-a-special-hardenflags-variable.patch | 12 ++++---- ruby-3.4.0-Fix-pointer-incompatiblity.patch | 24 ---------------- ruby.spec | 28 ++++++++----------- sources | 2 +- 11 files changed, 30 insertions(+), 85 deletions(-) delete mode 100644 ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch delete mode 100644 ruby-3.4.0-Fix-pointer-incompatiblity.patch diff --git a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 692a40b..4cd8dd1 100644 --- a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3478,6 +3478,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3482,6 +3482,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index e96ce39..e6315c0 100644 --- a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4317,7 +4317,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4321,7 +4321,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/ruby-2.1.0-always-use-i386.patch b/ruby-2.1.0-always-use-i386.patch index c990ede..8e1b4fe 100644 --- a/ruby-2.1.0-always-use-i386.patch +++ b/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4381,6 +4381,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4385,6 +4385,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/ruby-2.1.0-custom-rubygems-location.patch b/ruby-2.1.0-custom-rubygems-location.patch index dd81419..7dc8eca 100644 --- a/ruby-2.1.0-custom-rubygems-location.patch +++ b/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4353,6 +4353,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4357,6 +4357,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4377,6 +4381,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4381,6 +4385,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/ruby-2.3.0-ruby_version.patch b/ruby-2.3.0-ruby_version.patch index 8e9fd2b..50b4466 100644 --- a/ruby-2.3.0-ruby_version.patch +++ b/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -4267,9 +4267,6 @@ AS_CASE(["$target_os"], +@@ -4271,9 +4271,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4292,57 +4289,63 @@ AC_ARG_WITH(ridir, +@@ -4296,57 +4293,63 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -122,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4359,6 +4362,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4363,6 +4366,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl @@ -227,7 +227,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index b25068405d..e9fef4a311 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1351,7 +1351,8 @@ def test_self_use_paths +@@ -1353,7 +1353,8 @@ def test_self_use_paths def test_self_user_dir parts = [@userhome, ".gem", Gem.ruby_engine] @@ -237,7 +237,7 @@ index b25068405d..e9fef4a311 100644 FileUtils.mkdir_p File.join(parts) -@@ -1427,7 +1428,7 @@ def test_self_vendor_dir +@@ -1429,7 +1430,7 @@ def test_self_vendor_dir vendordir(File.join(@tempdir, "vendor")) do expected = File.join RbConfig::CONFIG["vendordir"], "gems", diff --git a/ruby-2.7.0-Initialize-ABRT-hook.patch b/ruby-2.7.0-Initialize-ABRT-hook.patch index 0f32243..309507f 100644 --- a/ruby-2.7.0-Initialize-ABRT-hook.patch +++ b/ruby-2.7.0-Initialize-ABRT-hook.patch @@ -58,7 +58,7 @@ diff --git a/ruby.c b/ruby.c index 60c57d6259..1eec16f2c8 100644 --- a/ruby.c +++ b/ruby.c -@@ -1724,10 +1724,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) +@@ -1722,10 +1722,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) void Init_builtin_features(void); diff --git a/ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch b/ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch deleted file mode 100644 index 7f6a83d..0000000 --- a/ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d6d22e457475e3d2f8e4878bb97e2780ca2f83d6 Mon Sep 17 00:00:00 2001 -From: Sorah Fukumori -Date: Fri, 31 May 2024 02:16:10 +0900 -Subject: [PATCH] RUBY_CHECK_HEADER didn't define HAVE_{header-file} - ---with-gmp is not working at all because HAVE_GMP_H -was missing since 18eaf0be90. [Bug #20515] - -bug: https://bugs.ruby-lang.org/issues/20515 -follow-up: https://bugs.ruby-lang.org/issues/20494 -follow-up: 18eaf0be905e3e251423b42d6f4e56b7cae1bc3b ---- - tool/m4/ruby_check_header.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/tool/m4/ruby_check_header.m4 b/tool/m4/ruby_check_header.m4 -index 171455549e3362..6fec9d16c5bcf1 100644 ---- a/tool/m4/ruby_check_header.m4 -+++ b/tool/m4/ruby_check_header.m4 -@@ -3,6 +3,6 @@ AC_DEFUN([RUBY_CHECK_HEADER], - [# RUBY_CHECK_HEADER($@) - save_CPPFLAGS="$CPPFLAGS" - CPPFLAGS="$CPPFLAGS m4_if([$5], [], [$INCFLAGS], [$5])" -- AC_CHECK_HEADER([$1], [$2], [$3], [$4]) -+ AC_CHECK_HEADERS([$1], [$2], [$3], [$4]) - CPPFLAGS="$save_CPPFLAGS" - unset save_CPPFLAGS]) diff --git a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch index b03b618..b811afd 100644 --- a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch +++ b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch @@ -60,7 +60,7 @@ diff --git a/configure.ac b/configure.ac index f35fad6a362611..0da15772d36671 100644 --- a/configure.ac +++ b/configure.ac -@@ -352,7 +352,7 @@ test -z "$warnflags" || +@@ -354,7 +354,7 @@ test -z "$warnflags" || AS_IF([test -z "${CFLAGS+set}"], [ cflags=`echo " $cflags " | sed "$cflagspat;s/^ *//;s/ *$//"` orig_cflags="$cflags" @@ -69,7 +69,7 @@ index f35fad6a362611..0da15772d36671 100644 ]) dnl AS_IF([test -z "${CXXFLAGS+set}"], [ dnl cxxflags=`echo " $cxxflags " | sed "$cflagspat;s/^ *//;s/ *$//"` -@@ -800,7 +800,7 @@ AS_IF([test "$GCC" = yes], [ +@@ -802,7 +802,7 @@ AS_IF([test "$GCC" = yes], [ [fortify_source=$enableval]) AS_IF([test "x$fortify_source" != xno], [ RUBY_TRY_CFLAGS([$optflags -D_FORTIFY_SOURCE=2], @@ -78,7 +78,7 @@ index f35fad6a362611..0da15772d36671 100644 [@%:@include ]) ]) -@@ -821,20 +821,24 @@ AS_IF([test "$GCC" = yes], [ +@@ -823,20 +823,24 @@ AS_IF([test "$GCC" = yes], [ AC_MSG_CHECKING([for -fstack-protector]) AC_MSG_RESULT(["$stack_protector"]) AS_CASE(["$stack_protector"], [-*], [ @@ -111,7 +111,7 @@ index f35fad6a362611..0da15772d36671 100644 break ]) ]) -@@ -983,6 +987,59 @@ AC_SUBST(incflags, "$INCFLAGS") +@@ -985,6 +989,59 @@ test -z "${ac_env_CFLAGS_set}" -a -n "${cflags+set}" && eval CFLAGS="\"$cflags $ test -z "${ac_env_CXXFLAGS_set}" -a -n "${cxxflags+set}" && eval CXXFLAGS="\"$cxxflags $ARCH_FLAG\"" } @@ -171,7 +171,7 @@ index f35fad6a362611..0da15772d36671 100644 AC_CACHE_CHECK([whether compiler has statement and declarations in expressions], rb_cv_have_stmt_and_decl_in_expr, [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],[[ __extension__ ({ int a = 0; a; }); ]])], -@@ -4211,12 +4268,13 @@ AS_IF([test "${ARCH_FLAG}"], [ +@@ -4215,12 +4272,13 @@ AS_IF([test "${ARCH_FLAG}"], [ rb_cv_warnflags=`echo "$rb_cv_warnflags" | sed 's/^ *//;s/ *$//'` warnflags="$rb_cv_warnflags" AC_SUBST(cppflags)dnl @@ -186,7 +186,7 @@ index f35fad6a362611..0da15772d36671 100644 AC_SUBST(XCFLAGS)dnl AC_SUBST(XLDFLAGS)dnl AC_SUBST(EXTLDFLAGS)dnl -@@ -4684,6 +4742,7 @@ config_summary "DLDFLAGS" "$DLDFLAGS" +@@ -4688,6 +4746,7 @@ config_summary "DLDFLAGS" "$DLDFLAGS" config_summary "optflags" "$optflags" config_summary "debugflags" "$debugflags" config_summary "warnflags" "$warnflags" diff --git a/ruby-3.4.0-Fix-pointer-incompatiblity.patch b/ruby-3.4.0-Fix-pointer-incompatiblity.patch deleted file mode 100644 index 2bd7a53..0000000 --- a/ruby-3.4.0-Fix-pointer-incompatiblity.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 055613fd868a8c94e43893f8c58a00cdd2a81f6d Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Fri, 22 Mar 2024 18:18:35 +0900 -Subject: [PATCH] Fix pointer incompatiblity - -Since the subsecond part is discarded, WIDEVAL to VALUE conversion is -needed. ---- - time.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/time.c b/time.c -index 6179b081c02fc9..3304b2f4f4856a 100644 ---- a/time.c -+++ b/time.c -@@ -2342,7 +2342,7 @@ zone_timelocal(VALUE zone, VALUE time) - struct time_object *tobj = RTYPEDDATA_GET_DATA(time); - wideval_t t, s; - -- split_second(tobj->timew, &t, &s); -+ wdivmod(tobj->timew, WINT2FIXWV(TIME_SCALE), &t, &s); - tm = tm_from_time(rb_cTimeTM, time); - utc = rb_check_funcall(zone, id_local_to_utc, 1, &tm); - if (UNDEF_P(utc)) return 0; diff --git a/ruby.spec b/ruby.spec index 883a192..5ea5f51 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 2 +%global teeny_version 4 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -10,7 +10,7 @@ #%%global milestone rc1 # Keep the revision enabled for pre-releases from GIT. -#%%global revision e5a195edf6 +#%%global revision be1089c8ec %global ruby_archive %{name}-%{ruby_version} @@ -27,7 +27,7 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.9 +%global rubygems_version 3.5.11 %global rubygems_molinillo_version 0.8.0 %global rubygems_net_http_version 0.4.0 %global rubygems_net_protocol_version 0.2.2 @@ -38,7 +38,7 @@ %global rubygems_uri_version 0.13.0 # Default gems. -%global bundler_version 2.5.9 +%global bundler_version 2.5.11 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 %global bundler_net_http_persistent_version 4.0.2 @@ -95,8 +95,8 @@ %global set_version 1.1.0 %global shellwords_version 0.2.0 %global singleton_version 0.2.0 -%global stringio_version 3.1.0 -%global strscan_version 3.0.7 +%global stringio_version 3.1.1 +%global strscan_version 3.0.9 %global syntax_suggest_version 2.0.0 %global syslog_version 0.1.2 %global tempfile_version 0.2.1 @@ -133,7 +133,7 @@ %global racc_version 1.7.3 %global rake_version 13.1.0 %global rbs_version 3.4.0 -%global rexml_version 3.2.6 +%global rexml_version 3.2.8 %global rss_version 0.3.0 %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 @@ -171,7 +171,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 10%{?dist} +Release: 11%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -277,12 +277,6 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Make sure hardeding flags are correctly applied. # https://bugs.ruby-lang.org/issues/20520 Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch -# Fix build issue on i686 due to "incompatible pointer type" error. -# https://bugs.ruby-lang.org/issues/20447 -Patch13: ruby-3.4.0-Fix-pointer-incompatiblity.patch -# Fix GMP support -# https://bugs.ruby-lang.org/issues/20515 -Patch14: ruby-3.3.3-RUBY-CHECK-HEADER-didn-t-define-HAVE-header-file-.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -760,8 +754,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch 6 -p1 %patch 9 -p1 %patch 12 -p1 -%patch 13 -p1 -%patch 14 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -1716,6 +1708,10 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Wed Jul 10 2024 Vít Ondruch - 3.3.4-11 +- Upgrade to Ruby 3.3.4. + Resolves: rhbz#2292052 + * Tue Jun 18 2024 Vít Ondruch - 3.3.2-10 - Make sure hardening configuration flags are correctly applied. diff --git a/sources b/sources index b8e4495..88156f2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.2.tar.xz) = f2c4fb0d7c80aa46cdd80ad54ffee614e95d2fbad0554b6ce81f42fa5b891aaea63ddfd5b962e28508a4c835f9abf091a05a2e1234ef08c3e71af522a029c4e1 +SHA512 (ruby-3.3.4.tar.xz) = b26461a13ff82a08a282f10108028bb2a2e4a28da6182a291062fc54089c6655d79c22cc69d59156f9b11cb10a17fe8c69d489343fbae123a45f03361b95c9eb From 5a0c946c0d03fc3296a7ffec6f4c36d64a0a907a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Thu, 22 Aug 2024 13:17:16 +0200 Subject: [PATCH 11/18] Fix typo Credits goes to @ekohl for noticing this: https://src.fedoraproject.org/rpms/ruby/pull-request/186#comment-214161 --- rubygems.con | 4 ++-- rubygems.req | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rubygems.con b/rubygems.con index 1a99ed0..bcdeddc 100644 --- a/rubygems.con +++ b/rubygems.con @@ -19,7 +19,7 @@ module RubyGemsReq end # Report conflicting gem dependencies including their version. - def self.gem_depenencies(specification) + def self.gem_dependencies(specification) specification.runtime_dependencies.each do |dependency| conflict_strings = Helpers::requirement_versions_to_rpm(dependency.requirement).map do |requirement| requirement_string = "rubygem(#{dependency.name}) #{requirement}" @@ -39,7 +39,7 @@ module RubyGemsReq begin specification = Gem::Specification.load filename - gem_depenencies(specification) + gem_dependencies(specification) rescue => e # Ignore all errors. end diff --git a/rubygems.req b/rubygems.req index 38e4a9c..70aebd4 100644 --- a/rubygems.req +++ b/rubygems.req @@ -58,7 +58,7 @@ module RubyGemsReq end # Report all gem dependencies including their version. - def self.gem_depenencies(specification) + def self.gem_dependencies(specification) specification.runtime_dependencies.each do |dependency| dependency_name = "rubygem(#{dependency.name})" requirements = Helpers::requirement_versions_to_rpm(dependency.requirement) @@ -75,7 +75,7 @@ module RubyGemsReq specification = Gem::Specification.load filename rubygems_dependency(specification) - gem_depenencies(specification) + gem_dependencies(specification) rescue => e # Ignore all errors. end From 1d538ec25782eef575b58134cf7fe46de576ebc2 Mon Sep 17 00:00:00 2001 From: Jarek Prokop Date: Wed, 20 Dec 2023 10:06:40 +0100 Subject: [PATCH 12/18] Test RPM dependency generators for rubygems. Add tests for RPM dependency generators that execute during build. The tests make use of methods available in tools present in the upstream ruby tar archive to find and set up the ruby executable. This is then used to execute the dependency generator script with a given test input passed into the subprocess and collect the output given out by the generator for testing. Skip "test_generator_on_gem_with_multiple_conflict_constraints" for now. rubygems.req is currently only capable of filtering out a single conflict requirement that is specified on a given dependency. Execute it in the %check section before the long-running Ruby test suite starts. If testing the generators fails it means there is the possibility of generating bogus requires, which is a valuable information to get sooner rather than later. --- rpm_test_helper.rb | 166 ++++++++++++++++++++++++++++++++++ ruby.spec | 20 +++++ test_rubygems_con.rb | 124 +++++++++++++++++++++++++ test_rubygems_prov.rb | 52 +++++++++++ test_rubygems_req.rb | 205 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 567 insertions(+) create mode 100644 rpm_test_helper.rb create mode 100644 test_rubygems_con.rb create mode 100644 test_rubygems_prov.rb create mode 100644 test_rubygems_req.rb diff --git a/rpm_test_helper.rb b/rpm_test_helper.rb new file mode 100644 index 0000000..671ca55 --- /dev/null +++ b/rpm_test_helper.rb @@ -0,0 +1,166 @@ +require 'tmpdir' +require 'tempfile' +require 'fileutils' +# Available in Ruby upstream sources under tool/lib/envutil.rb +# Required for finding and setting up the built ruby binary. +require 'envutil' + +module RPMTestHelper + def setup + @tmpdir = Dir.mktmpdir + @tempfiles = [] + end + + def teardown + @tempfiles.each do |file| + file.close + file.unlink + end + + FileUtils.rmtree(@tmpdir) + end + + GENERATOR_SCRIPT = ENV['GENERATOR_SCRIPT'].clone.freeze + if GENERATOR_SCRIPT.nil? || GENERATOR_SCRIPT == '' + raise "GENERATOR_SCRIPT is not specified." \ + "Specify the ENV variable with absolute path to the generator." + end + + Dependency = Struct.new('Dependency', :name, :requirements) do + def to_rpm_str + "rubygem(#{self.name})" + end + end + + def make_gemspec(gem_info) + file = Tempfile.new('req_gemspec', @tmpdir) + # Fake gemspec with enough to pass most checks + # Rubygems uses to validate the format. + gemspec_contents = <<~EOF + # -*- encoding: utf-8 -*- + # stub: #{gem_info.name} #{gem_info.version} ruby lib + + Gem::Specification.new do |s| + s.name = "#{gem_info.name}".freeze + s.version = "#{gem_info.version}" + + s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version= + s.require_paths = ["lib".freeze] + s.authors = ["John Doe".freeze] + s.bindir = "bin".freeze + s.date = "2023-12-15" + s.description = "Fake gemspec helper for testing Rubygem Generators".freeze + s.email = ["example@example.com".freeze] + s.files = ["LICENSE.txt".freeze, "lib/#{gem_info.name}.rb".freeze, "#{gem_info.name}.gemspec".freeze] + s.homepage = "https://pkgs.fedoraproject.org/rpms/ruby".freeze + s.licenses = ["MIT".freeze] + s.required_ruby_version = Gem::Requirement.new(">= 2.5.0".freeze) + s.rubygems_version = "3.3.5".freeze + s.summary = "Fake gemspec for testing Rubygem Generators".freeze + + if s.respond_to? :specification_version then + s.specification_version = 4 + end + + if s.respond_to? :add_runtime_dependency then + #{gem_info.gemspec_runtime_dep_str} + else + #{gem_info.gemspec_dep_str} + end + end + EOF + + file.write gemspec_contents + file.rewind + @tempfiles << file + file + end + + # Caller is expected to close subprocess stdin via #close_write + # in order to let subprocess proceed if the process is reading + # from STDIN in a loop. + def rb_subprocess(*args) + args = [GENERATOR_SCRIPT] if args.empty? + ruby = EnvUtil.rubybin + f = IO.popen([ruby] + args, 'r+') #, external_encoding: external_encoding) + yield(f) + ensure + f.close unless !f || f.closed? + end + + def run_generator_single_file(gem_info) + lines = [] + gemspec_f = make_gemspec(gem_info) + + rb_subprocess do |io| + io.write gemspec_f.path + io.close_write + lines = io.readlines + end + + lines + end + + def helper_rubygems_dependency + "ruby(rubygems)" + end + + class GemInfo + attr_accessor :name, :version, :dependencies + + def initialize(name: 'foo', version: '1.2.3', dependencies: []) + @name = name + @version = version + @dependencies = dependencies + end + + def dependencies=(other) + raise ArgumentError, "#{self.class.name}##{__method__.to_s}: Expected array of `Dependency' elements" \ + unless other.is_a?(Array) && other.all? { |elem| elem.respond_to?(:name) && elem.respond_to?(:requirements) } + + @dependencies = other + end + + def to_rpm_str + "rubygem(#{self.name})" + end + + def gemspec_dep_str + return '' if self.dependencies.nil? || self.dependencies.empty? + @dependencies.inject("") do |memo, dep| + memo += if dep.requirements && !dep.requirements.empty? + %Q|s.add_dependency(%q<#{dep.name}>.freeze, #{handle_dep_requirements(dep.requirements)})| + else + %Q|s.add_dependency(%q<#{dep.name}>.freeze)| + end + + memo += "\n" + end + end + + def gemspec_runtime_dep_str + return '' if self.dependencies.nil? || self.dependencies.empty? + + @dependencies.inject("") do |memo, dep| + memo += if dep.requirements && !dep.requirements.empty? + %Q|s.add_runtime_dependency(%q<#{dep.name}>.freeze, #{handle_dep_requirements(dep.requirements)})| + else + %Q|s.add_runtime_dependency(%q<#{dep.name}>.freeze)| + end + + memo += "\n" + end + end + + private + + def handle_dep_requirements(reqs) + raise ArgumentError, "#{self.class.name}##{__method__.to_s}: Reqs must be an array." \ + unless reqs.is_a? Array + raise ArgumentError, "#{self.class.name}##{__method__.to_s}: Reqs must not be empty for this method." \ + if reqs.empty? + + '[ "' + reqs.join('", "') + '" ]' + end + end +end diff --git a/ruby.spec b/ruby.spec index 5ea5f51..5d340aa 100644 --- a/ruby.spec +++ b/ruby.spec @@ -233,6 +233,11 @@ Source13: test_abrt.rb Source14: test_systemtap.rb # Ruby OpenSSL FIPS tests. Source15: test_openssl_fips.rb +# RPM gem Requires dependency generator tests. +Source16: rpm_test_helper.rb +Source17: test_rubygems_req.rb +Source18: test_rubygems_prov.rb +Source19: test_rubygems_con.rb # The load directive is supported since RPM 4.12, i.e. F21+. The build process # fails on older Fedoras. @@ -1129,6 +1134,21 @@ ln -sfr probes.d %{_vpath_builddir}/ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=%{SOURCE14} %endif +# Test dependency generators for RPM +GENERATOR_SCRIPT="%{SOURCE9}" \ +make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ + -I%{_builddir}/%{buildsubdir}/tool/lib -I%{_sourcedir} --enable-gems \ + %{SOURCE17} --verbose" +GENERATOR_SCRIPT="%{SOURCE10}" \ +make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ + -I%{_builddir}/%{buildsubdir}/tool/lib -I%{_sourcedir} --enable-gems \ + %{SOURCE18} --verbose" +GENERATOR_SCRIPT="%{SOURCE11}" \ +make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ + -I%{_builddir}/%{buildsubdir}/tool/lib -I%{_sourcedir} --enable-gems \ + %{SOURCE19} --verbose" + + DISABLE_TESTS="" MSPECOPTS="" diff --git a/test_rubygems_con.rb b/test_rubygems_con.rb new file mode 100644 index 0000000..e124a49 --- /dev/null +++ b/test_rubygems_con.rb @@ -0,0 +1,124 @@ +# frozen_string_literal: true + +require 'test/unit' +require 'rpm_test_helper' + +class TestRubyGemsCon < Test::Unit::TestCase + include RPMTestHelper + + def test_filter_out_regular_requirements + gem_i = GemInfo.new + + lines = run_generator_single_file(gem_i) + + assert_equal(0, lines.size) + + deps = [ Dependency.new('bar') ] + gem_i.dependencies = deps + + lines = run_generator_single_file(gem_i) + + assert_equal(0, lines.size) + + deps = [ + Dependency.new('bar'), + Dependency.new('baq'), + Dependency.new('quz') + ] + + gem_i.dependencies = deps + lines = run_generator_single_file(gem_i) + + assert_equal(0, lines.size) + + deps = [ + Dependency.new('bar', ['>= 4.1']), + Dependency.new('baz', ['~> 3.2']), + Dependency.new('quz', ['>= 5.6']) + ] + + gem_i.dependencies = deps + + lines = run_generator_single_file(gem_i) + + assert_equal(0, lines.size) + end + + def test_single_gem_single_version_conflict + con = Dependency.new('bar', ['!= 0.4.4']) + + gem_i = GemInfo.new(dependencies: [ con ]) + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{con.to_rpm_str} = 0.4.4\n", lines.first) + end + + def test_multiple_gems_with_single_conflict + cons = [ + Dependency.new('bar', ['!= 1.1']), + Dependency.new('baq', ['!= 1.2.2']), + Dependency.new('quz', ['!= 1.3']) + ] + + gem_i = GemInfo.new(dependencies: cons) + + lines = run_generator_single_file(gem_i) + + assert_equal(3, lines.size) + + assert_equal("#{cons[0].to_rpm_str} = 1.1\n" , lines[0]) + assert_equal("#{cons[1].to_rpm_str} = 1.2.2\n", lines[1]) + assert_equal("#{cons[2].to_rpm_str} = 1.3\n" , lines[2]) + end + + def test_multiple_conflicts_on_single_gem + con = Dependency.new('bar', ['!= 2.3', '!= 2.4']) + + gem_i = GemInfo.new(dependencies: [con]) + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + rpm_name = con.to_rpm_str + left_rpm_constraint = "(#{rpm_name} = 2.3 with " + right_rpm_constraint = "#{rpm_name} = 2.4)\n" + assert_equal((left_rpm_constraint + right_rpm_constraint), lines[0]) + + con = Dependency.new('bar', ['!= 2.3', '!= 2.4', '!= 4.5']) + + gem_i = GemInfo.new(dependencies: [ con ]) + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + + rpm_name = con.to_rpm_str + left_rpm_constraint = "(#{rpm_name} = 2.3 with " + middle_rpm_constraint = "#{rpm_name} = 2.4 with " + right_rpm_constraint = "#{rpm_name} = 4.5)\n" + + assert_equal((left_rpm_constraint + middle_rpm_constraint + right_rpm_constraint), lines[0]) + end + + def test_generates_conflicts_while_ignoring_regular_requirements + deps = [ + Dependency.new('bar', ['>= 2.3', '!= 2.4.2']), + Dependency.new('quz', ['~> 3.0', '!= 3.2']) + ] + + gem_i = GemInfo.new(dependencies: deps) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + + rpm_name = deps[0].to_rpm_str + rpm_constraint = "#{rpm_name} = 2.4.2\n" + assert_equal(rpm_constraint, lines[0]) + + rpm_name = deps[1].to_rpm_str + rpm_constraint = "#{rpm_name} = 3.2\n" + assert_equal(rpm_constraint, lines[1]) + end +end diff --git a/test_rubygems_prov.rb b/test_rubygems_prov.rb new file mode 100644 index 0000000..b660ff6 --- /dev/null +++ b/test_rubygems_prov.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: true + +require 'test/unit' +require 'rpm_test_helper' + +class TestRubyGemsProv < Test::Unit::TestCase + include RPMTestHelper + + def test_provides_the_gem_version + gem_i = GemInfo.new(version: '1.2') + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{gem_i.to_rpm_str} = #{gem_i.version}\n", lines.first) + + gem_i = GemInfo.new(name: 'somegem_foo', version: '4.5.6') + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{gem_i.to_rpm_str} = #{gem_i.version}\n", lines.first) + + deps = [ + Dependency.new('bar'), + Dependency.new('baq', [">= 1.2"]), + Dependency.new('quz', ["!= 3.2"]) + ] + gem_i = GemInfo.new(dependencies: deps) + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{gem_i.to_rpm_str} = #{gem_i.version}\n", lines.first) + end + + def test_translates_prelease_version_provides_from_rubygems_to_rpm + gem_i = GemInfo.new(version: '1.2.3.dev') + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{gem_i.to_rpm_str} = 1.2.3~dev\n", lines.first) + + gem_i = GemInfo.new(name: 'foo2', version: '1.2.3.dev.2') + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{gem_i.to_rpm_str} = 1.2.3~dev.2\n", lines.first) + end +end diff --git a/test_rubygems_req.rb b/test_rubygems_req.rb new file mode 100644 index 0000000..490923e --- /dev/null +++ b/test_rubygems_req.rb @@ -0,0 +1,205 @@ +# frozen_string_literal: true + +require 'test/unit' +require 'rpm_test_helper' + +class TestRubyGemsReq < Test::Unit::TestCase + include RPMTestHelper + + def test_depends_on_rubygems + gem_i = GemInfo.new + + lines = run_generator_single_file(gem_i) + + assert_equal(1, lines.size) + assert_equal("#{helper_rubygems_dependency}\n", lines.first) + end + + def test_requires_rubygems_and_dependency + dep = Dependency.new('bar') + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + assert_equal("#{helper_rubygems_dependency}\n", lines.first) + assert_equal("#{dep.to_rpm_str}\n", lines[1]) + end + + def test_requires_multiple_dependencies_with_constraint + constraints = [ + '>= 3.0', + '>= 3.0.0', + '>= 3', + '= 1.0.2', + '= 3.0', + '< 3.2', + '<= 3.4' + ] + + dependencies = [] + constraints.each_with_index do |constraint, idx| + dependencies << Dependency.new("bar#{idx}", [constraint]) + end + + gem_i = GemInfo.new(dependencies: dependencies) + + lines = run_generator_single_file(gem_i) + # + 1 for the rubygems dependency + assert_equal(constraints.size + 1, lines.size) + dependencies.each_with_index do |dep, idx| + rpm_dep_name = dep.to_rpm_str + # Start indexing lines at 1, to jump over rubygems dependency + assert_equal("#{rpm_dep_name} #{constraints[idx]}\n", lines[idx + 1]) + end + end + + def test_expands_pessimistic_constraint_for_rpm + dep = Dependency.new('bar', ['~> 1.2']) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + + rpm_dep_name = dep.to_rpm_str + left_constraint = "#{rpm_dep_name} >= 1.2" + right_constraint = "#{rpm_dep_name} < 2" + expected_constraint = "(#{left_constraint} with #{right_constraint})\n" + assert_equal(expected_constraint, lines[1]) + end + + def test_multiple_pessimistically_constrained_dependencies + dependencies = [] + dep_map = [ + { + constraint: '~> 1.2.3', + expanded_left: '>= 1.2.3', + expanded_rigth: '< 1.3', + gem_name: 'bar1' + }, + { + constraint: '~> 1.2', + expanded_left: '>= 1.2', + expanded_rigth: '< 2', + gem_name: 'bar2' + }, + { + constraint: '~> 3', + expanded_left: '>= 3', + expanded_rigth: '< 4', + gem_name: 'bar3' + } + ].each do |deps| + dependencies << Dependency.new(deps[:gem_name], [deps[:constraint]]) + end + + gem_i = GemInfo.new(dependencies: dependencies) + + lines = run_generator_single_file(gem_i) + + assert_equal(dep_map.size + 1, lines.size) + + dep_map.each_with_index do |hash, idx| + rpm_dep_name = dependencies[idx].to_rpm_str + left_constraint = rpm_dep_name + ' ' + hash[:expanded_left] + right_constraint = rpm_dep_name + ' ' + hash[:expanded_rigth] + expected_constraint = "(#{left_constraint} with #{right_constraint})\n" + assert_equal(expected_constraint, lines[idx + 1]) + end + end + + def test_multiple_constraints_on_one_dependency_composes_constraints_for_RPM + # The quoting here depends on how the constraint is expanded in the helpers. + # right now the form is `["#{constraint}"]`, therefore we have to not specify + # left and right quotes. + constraints = ['>= 0.2.3', '<= 0.2.5'] + dep = Dependency.new('baz', constraints) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + rpm_dep_name = dep.to_rpm_str + assert_equal("(#{rpm_dep_name} >= 0.2.3 with #{rpm_dep_name} <= 0.2.5)\n", lines[1]) + + # Not sure who would compose a dependency like this, but it's possible + # to do with the current generator + constraints = ['> 0.4.5', '< 0.6.4', '>= 2.3', '<= 2.5.3'] + dep = Dependency.new('qux', constraints) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + rpm_dep = dep.to_rpm_str + expected_str = "(#{rpm_dep} > 0.4.5 with #{rpm_dep} < 0.6.4 with " \ + "#{rpm_dep} >= 2.3 with #{rpm_dep} <= 2.5.3)\n" + + assert_equal(2, lines.size) + assert_equal(expected_str, lines[1]) + end + + # https://bugzilla.redhat.com/show_bug.cgi?id=1561487 + def test_depends_on_gem_with_version_conflict + dep = Dependency.new('baz', ['!= 0.4']) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + assert_equal("#{dep.to_rpm_str}\n", lines[1]) + end + + def test_filters_conflict_from_regular_version_constraints + constraint = ['> 1.2.4', '!= 1.2.7'] + dep = Dependency.new('baq', constraint) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + assert_equal("#{dep.to_rpm_str} > 1.2.4\n", lines[1]) + end + + def test_filtering_conflicts_is_not_depending_on_contraint_ordering + constraints = ['!= 1.2.7', '> 1.2.4'] + dep = Dependency.new('baq', constraints) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + assert_equal("#{dep.to_rpm_str} > 1.2.4\n", lines[1]) + end + + def test_filters_multiple_conflicts_from_dependency + omit "Case not yet supported." + constraints = ['!= 1.2.4', '!= 1.2.5', '!= 2.3', '!= 4.8'] + dep = Dependency.new('baf', constraints) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + assert_equal("#{dep.to_rpm_str}\n", lines[1]) + end + + def test_filters_multiple_conflicts_from_dependency_but_keeps_regular_constraint + constraints = ['!= 1.2.4', '!= 1.2.5', '!= 2.3', '<= 4.8'] + dep = Dependency.new('bam', constraints) + + gem_i = GemInfo.new(dependencies: [dep]) + + lines = run_generator_single_file(gem_i) + + assert_equal(2, lines.size) + assert_equal("#{dep.to_rpm_str} <= 4.8\n", lines[1]) + end +end From e14bc40fb0fd4f36078c67ca255e724f232db5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Tue, 3 Sep 2024 10:57:52 +0200 Subject: [PATCH 13/18] Upgrade to Ruby 3.3.5. Resolves: rhbz#2309364 --- ...GS-to-a-special-hardenflags-variable.patch | 6 +- ruby.spec | 31 ++- ...-another-race-condition-of-open-mode.patch | 45 +++++ ...17-Remove-the-lock-file-for-binstubs.patch | 183 ++++++++++++++++++ sources | 2 +- 5 files changed, 255 insertions(+), 12 deletions(-) create mode 100644 rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch create mode 100644 rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch diff --git a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch index b811afd..d0c10a0 100644 --- a/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch +++ b/ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch @@ -279,9 +279,9 @@ diff --git a/tool/m4/ruby_try_cflags.m4 b/tool/m4/ruby_try_cflags.m4 index b74718fe5e1cef..b397642aad9ca2 100644 --- a/tool/m4/ruby_try_cflags.m4 +++ b/tool/m4/ruby_try_cflags.m4 -@@ -17,3 +17,20 @@ AC_DEFUN([RUBY_TRY_CFLAGS], [ - AC_MSG_RESULT(no)]) - ]) +@@ -22,3 +22,20 @@ AC_DEFUN([RUBY_TRY_CFLAGS], [ + AC_MSG_RESULT(no)], + [$4], [$5]) ])dnl + +AC_DEFUN([_RUBY_TRY_CFLAGS_PREPEND], [ diff --git a/ruby.spec b/ruby.spec index 5d340aa..fe67c86 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 4 +%global teeny_version 5 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -10,7 +10,7 @@ #%%global milestone rc1 # Keep the revision enabled for pre-releases from GIT. -#%%global revision be1089c8ec +#%%global revision ef084cc8f4 %global ruby_archive %{name}-%{ruby_version} @@ -27,7 +27,7 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.11 +%global rubygems_version 3.5.16 %global rubygems_molinillo_version 0.8.0 %global rubygems_net_http_version 0.4.0 %global rubygems_net_protocol_version 0.2.2 @@ -38,7 +38,7 @@ %global rubygems_uri_version 0.13.0 # Default gems. -%global bundler_version 2.5.11 +%global bundler_version 2.5.16 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 %global bundler_net_http_persistent_version 4.0.2 @@ -105,7 +105,7 @@ %global tmpdir_version 0.2.0 %global tsort_version 0.2.0 %global un_version 0.3.0 -%global uri_version 0.13.0 +%global uri_version 0.13.1 %global weakref_version 0.1.3 %global win32ole_version 1.8.10 %global yaml_version 0.3.0 @@ -133,8 +133,8 @@ %global racc_version 1.7.3 %global rake_version 13.1.0 %global rbs_version 3.4.0 -%global rexml_version 3.2.8 -%global rss_version 0.3.0 +%global rexml_version 3.3.6 +%global rss_version 0.3.1 %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 @@ -171,7 +171,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 11%{?dist} +Release: 14%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -282,6 +282,15 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Make sure hardeding flags are correctly applied. # https://bugs.ruby-lang.org/issues/20520 Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch +# Fix build error: +# RPM build errors: +# error: Installed (but unpackaged) file(s) found: +# /usr/bin/bundle.lock +# This would break not only Ruby itself, but allso all rubygem-packages. +# https://github.com/rubygems/rubygems/pull/7931 +Patch13: rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch +# https://github.com/rubygems/rubygems/pull/7939 +Patch14: rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -759,6 +768,8 @@ analysis result in RBS format, a standard type description format for Ruby %patch 6 -p1 %patch 9 -p1 %patch 12 -p1 +%patch 13 -p1 +%patch 14 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -1728,6 +1739,10 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Tue Sep 03 2024 Vít Ondruch - 3.3.5-14 +- Upgrade to Ruby 3.3.5. + Resolves: rhbz#2309364 + * Wed Jul 10 2024 Vít Ondruch - 3.3.4-11 - Upgrade to Ruby 3.3.4. Resolves: rhbz#2292052 diff --git a/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch b/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch new file mode 100644 index 0000000..c700539 --- /dev/null +++ b/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch @@ -0,0 +1,45 @@ +From 2daad257bee7a500e18ebe553e79487b267fb140 Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Mon, 12 Aug 2024 20:18:34 +0900 +Subject: [PATCH] Avoid another race condition of open mode + +Instead, just open in CREATE and APPEND mode. +Also, move the workaround for old Solaris as fallback to retry. +--- + lib/rubygems.rb | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +diff --git a/lib/rubygems.rb b/lib/rubygems.rb +index 2b52cde0a749..c51ba69203cb 100644 +--- a/lib/rubygems.rb ++++ b/lib/rubygems.rb +@@ -778,24 +778,20 @@ def self.open_file(path, flags, &block) + File.open(path, flags, &block) + end + ++ MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT # :nodoc: ++ + ## + # Open a file with given flags, and protect access with flock + + def self.open_file_with_flock(path, &block) +- flags = File.exist?(path) ? "r+" : "a+" +- +- File.open(path, flags) do |io| ++ File.open(path, MODE_TO_FLOCK) do |io| + begin + io.flock(File::LOCK_EX) + rescue Errno::ENOSYS, Errno::ENOTSUP ++ rescue Errno::ENOLCK # NFS ++ raise unless Thread.main == Thread.current + end + yield io +- rescue Errno::ENOLCK # NFS +- if Thread.main != Thread.current +- raise +- else +- open_file(path, flags, &block) +- end + end + end + diff --git a/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch b/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch new file mode 100644 index 0000000..0af11cf --- /dev/null +++ b/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch @@ -0,0 +1,183 @@ +From ace303c2d7bc0d98407e5e8b1ca77de07aa0eb75 Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Tue, 13 Aug 2024 17:19:41 +0900 +Subject: [PATCH 1/3] Remove the lock file for binstubs + +https://github.com/rubygems/rubygems/pull/7806#issuecomment-2241662488 +--- + lib/rubygems.rb | 2 +- + lib/rubygems/installer.rb | 3 ++- + test/rubygems/test_gem_installer.rb | 10 ++++++++++ + 3 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/lib/rubygems.rb b/lib/rubygems.rb +index bd9f240e2091..7626ccfdf0d6 100644 +--- a/lib/rubygems.rb ++++ b/lib/rubygems.rb +@@ -778,7 +778,7 @@ def self.open_file(path, flags, &block) + File.open(path, flags, &block) + end + +- MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT # :nodoc: ++ MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT | IO::SHARE_DELETE | IO::BINARY # :nodoc: + + ## + # Open a file with given flags, and protect access with flock +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index d558c0be2bfa..8f95bab733f8 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -538,7 +538,7 @@ def generate_plugins # :nodoc: + def generate_bin_script(filename, bindir) + bin_script_path = File.join bindir, formatted_program_filename(filename) + +- Gem.open_file_with_flock("#{bin_script_path}.lock") do ++ Gem.open_file_with_flock("#{bin_script_path}.lock") do |lock| + require "fileutils" + FileUtils.rm_f bin_script_path # prior install may have been --no-wrappers + +@@ -546,6 +546,7 @@ def generate_bin_script(filename, bindir) + file.write app_script_text(filename) + file.chmod(options[:prog_mode] || 0o755) + end ++ File.unlink(lock.path) + end + + verbose bin_script_path +diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb +index a61d1b6fff28..2f4ff7349db4 100644 +--- a/test/rubygems/test_gem_installer.rb ++++ b/test/rubygems/test_gem_installer.rb +@@ -1083,6 +1083,8 @@ def test_install_creates_working_binstub + end + + assert_match(/ran executable/, e.message) ++ ++ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) + end + + def test_conflicting_binstubs +@@ -1131,6 +1133,8 @@ def test_conflicting_binstubs + # We expect the bin stub to activate the version that actually contains + # the binstub. + assert_match("I have an executable", e.message) ++ ++ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) + end + + def test_install_creates_binstub_that_understand_version +@@ -1160,6 +1164,8 @@ def test_install_creates_binstub_that_understand_version + end + + assert_includes(e.message, "can't find gem a (= 3.0)") ++ ++ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) + end + + def test_install_creates_binstub_that_prefers_user_installed_gem_to_default +@@ -1192,6 +1198,8 @@ def test_install_creates_binstub_that_prefers_user_installed_gem_to_default + end + + assert_equal(e.message, "ran executable") ++ ++ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) + end + + def test_install_creates_binstub_that_dont_trust_encoding +@@ -1222,6 +1230,8 @@ def test_install_creates_binstub_that_dont_trust_encoding + end + + assert_match(/ran executable/, e.message) ++ ++ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) + end + + def test_install_with_no_prior_files + +From fa0700e0f52827ae05da59a331a2917a12c09b8a Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Thu, 15 Aug 2024 16:20:46 +0900 +Subject: [PATCH 2/3] Workaround for TruffleRuby + +--- + lib/rubygems.rb | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/rubygems.rb b/lib/rubygems.rb +index 7626ccfdf0d6..9d40fcc2f77a 100644 +--- a/lib/rubygems.rb ++++ b/lib/rubygems.rb +@@ -778,7 +778,9 @@ def self.open_file(path, flags, &block) + File.open(path, flags, &block) + end + +- MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT | IO::SHARE_DELETE | IO::BINARY # :nodoc: ++ mode = IO::RDONLY | IO::APPEND | IO::CREAT | IO::BINARY ++ mode |= IO::SHARE_DELETE if IO.const_defined?(:SHARE_DELETE) ++ MODE_TO_FLOCK = mode # :nodoc: + + ## + # Open a file with given flags, and protect access with flock + +From 6548e7aa17186687d0a8b99571885f148363016d Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Fri, 16 Aug 2024 20:19:22 +0900 +Subject: [PATCH 3/3] Ensure that the lock file will be removed + +--- + lib/rubygems/installer.rb | 3 ++- + test/rubygems/test_gem_installer.rb | 27 +++++++++++++++++++++++++++ + 2 files changed, 29 insertions(+), 1 deletion(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 8f95bab733f8..1085f73fca53 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -546,7 +546,8 @@ def generate_bin_script(filename, bindir) + file.write app_script_text(filename) + file.chmod(options[:prog_mode] || 0o755) + end +- File.unlink(lock.path) ++ ensure ++ FileUtils.rm_f lock.path + end + + verbose bin_script_path +diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb +index 2f4ff7349db4..ad5b1a244e80 100644 +--- a/test/rubygems/test_gem_installer.rb ++++ b/test/rubygems/test_gem_installer.rb +@@ -1234,6 +1234,33 @@ def test_install_creates_binstub_that_dont_trust_encoding + assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) + end + ++ def test_install_does_not_leave_lockfile_for_binstub ++ installer = util_setup_installer ++ ++ installer.wrappers = true ++ ++ File.class_eval do ++ alias_method :original_chmod, :chmod ++ define_method(:chmod) do |mode| ++ original_chmod(mode) ++ raise Gem::Ext::BuildError if path.end_with?("/executable") ++ end ++ end ++ ++ assert_raise(Gem::Ext::BuildError) do ++ installer.install ++ end ++ ++ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) ++ # assert_path_not_exist(File.join(installer.bin_dir, "executable")) ++ ensure ++ File.class_eval do ++ remove_method :chmod ++ alias_method :chmod, :original_chmod ++ remove_method :original_chmod ++ end ++ end ++ + def test_install_with_no_prior_files + installer = util_setup_installer + diff --git a/sources b/sources index 88156f2..001c1d3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.4.tar.xz) = b26461a13ff82a08a282f10108028bb2a2e4a28da6182a291062fc54089c6655d79c22cc69d59156f9b11cb10a17fe8c69d489343fbae123a45f03361b95c9eb +SHA512 (ruby-3.3.5.tar.xz) = dd5c6a7f74854e143e0ca46b9d7c0d1983fc4886f5f733cd108345dbf4b21f61ad978ad6806e05a57b7af28fd9216dd38d7145808188bbb3695a7f3a4eda3883 From f095d18b8d49e1fa0d75a6601c8c47410fa70411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Fri, 13 Sep 2024 16:26:26 +0200 Subject: [PATCH 14/18] Upgrade to Ruby 3.3.6. --- ruby-2.3.0-ruby_version.patch | 4 +- ruby-2.7.0-Initialize-ABRT-hook.patch | 2 +- ruby.spec | 64 +++--- ...-another-race-condition-of-open-mode.patch | 45 ----- ...17-Remove-the-lock-file-for-binstubs.patch | 183 ------------------ sources | 2 +- 6 files changed, 43 insertions(+), 257 deletions(-) delete mode 100644 rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch delete mode 100644 rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch diff --git a/ruby-2.3.0-ruby_version.patch b/ruby-2.3.0-ruby_version.patch index 50b4466..68782cd 100644 --- a/ruby-2.3.0-ruby_version.patch +++ b/ruby-2.3.0-ruby_version.patch @@ -227,7 +227,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index b25068405d..e9fef4a311 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1353,7 +1353,8 @@ def test_self_use_paths +@@ -1365,7 +1365,8 @@ def test_self_use_paths def test_self_user_dir parts = [@userhome, ".gem", Gem.ruby_engine] @@ -237,7 +237,7 @@ index b25068405d..e9fef4a311 100644 FileUtils.mkdir_p File.join(parts) -@@ -1429,7 +1430,7 @@ def test_self_vendor_dir +@@ -1441,7 +1442,7 @@ def test_self_vendor_dir vendordir(File.join(@tempdir, "vendor")) do expected = File.join RbConfig::CONFIG["vendordir"], "gems", diff --git a/ruby-2.7.0-Initialize-ABRT-hook.patch b/ruby-2.7.0-Initialize-ABRT-hook.patch index 309507f..0f32243 100644 --- a/ruby-2.7.0-Initialize-ABRT-hook.patch +++ b/ruby-2.7.0-Initialize-ABRT-hook.patch @@ -58,7 +58,7 @@ diff --git a/ruby.c b/ruby.c index 60c57d6259..1eec16f2c8 100644 --- a/ruby.c +++ b/ruby.c -@@ -1722,10 +1722,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) +@@ -1724,10 +1724,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) void Init_builtin_features(void); diff --git a/ruby.spec b/ruby.spec index fe67c86..2304cf0 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 5 +%global teeny_version 6 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -27,25 +27,27 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.16 +%global rubygems_version 3.5.22 %global rubygems_molinillo_version 0.8.0 -%global rubygems_net_http_version 0.4.0 +%global rubygems_net_http_version 0.4.1 %global rubygems_net_protocol_version 0.2.2 %global rubygems_optparse_version 0.4.0 -%global rubygems_resolv_version 0.3.0 +%global rubygems_resolv_version 0.4.0 +%global rubygems_securerandom_version 0.3.1 %global rubygems_timeout_version 0.4.1 %global rubygems_tsort_version 0.2.0 -%global rubygems_uri_version 0.13.0 +%global rubygems_uri_version 0.13.1 # Default gems. -%global bundler_version 2.5.16 +%global bundler_version 2.5.22 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 -%global bundler_net_http_persistent_version 4.0.2 +%global bundler_net_http_persistent_version 4.0.4 %global bundler_pub_grub_version 0.5.0 +%global bundler_securerandom_version 0.3.1 %global bundler_thor_version 1.3.0 %global bundler_tsort_version 0.2.0 -%global bundler_uri_version 0.13.0 +%global bundler_uri_version 0.13.1 %global abbrev_version 0.1.2 %global base64_version 0.2.0 @@ -86,7 +88,7 @@ %global prettyprint_version 0.2.0 %global pstore_version 0.1.3 %global readline_version 0.0.4 -%global reline_version 0.5.7 +%global reline_version 0.5.10 %global resolv_version 0.3.0 %global resolv_replace_version 0.1.1 %global rinda_version 0.2.0 @@ -97,7 +99,7 @@ %global singleton_version 0.2.0 %global stringio_version 3.1.1 %global strscan_version 3.0.9 -%global syntax_suggest_version 2.0.0 +%global syntax_suggest_version 2.0.1 %global syslog_version 0.1.2 %global tempfile_version 0.2.1 %global time_version 0.3.0 @@ -116,12 +118,12 @@ %global bigdecimal_version 3.1.5 %global io_console_version 0.7.1 %global irb_version 1.13.1 -%global json_version 2.7.1 +%global json_version 2.7.2 %global psych_version 5.1.2 %global rdoc_version 6.6.3.1 # Bundled gems. -%global debug_version 1.9.1 +%global debug_version 1.9.2 %global net_ftp_version 0.3.4 %global net_imap_version 0.4.9.1 %global net_pop_version 0.1.2 @@ -133,7 +135,7 @@ %global racc_version 1.7.3 %global rake_version 13.1.0 %global rbs_version 3.4.0 -%global rexml_version 3.3.6 +%global rexml_version 3.3.9 %global rss_version 0.3.1 %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 @@ -171,7 +173,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 14%{?dist} +Release: 16%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -282,15 +284,6 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Make sure hardeding flags are correctly applied. # https://bugs.ruby-lang.org/issues/20520 Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch -# Fix build error: -# RPM build errors: -# error: Installed (but unpackaged) file(s) found: -# /usr/bin/bundle.lock -# This would break not only Ruby itself, but allso all rubygem-packages. -# https://github.com/rubygems/rubygems/pull/7931 -Patch13: rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch -# https://github.com/rubygems/rubygems/pull/7939 -Patch14: rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -419,6 +412,7 @@ Provides: bundled(rubygem-net-http) = %{rubygems_net_http_version} Provides: bundled(rubygem-net-protocol) = %{rubygems_net_protocol_version} Provides: bundled(rubygem-optparse) = %{rubygems_optparse_version} Provides: bundled(rubygem-resolv) = %{rubygems_resolv_version} +Provides: bundled(rubygem-securerandom) = %{rubygems_securerandom_version} Provides: bundled(rubygem-timeout) = %{rubygems_timeout_version} Provides: bundled(rubygem-tsort) = %{rubygems_tsort_version} @@ -591,6 +585,7 @@ Provides: bundled(rubygem-connection_pool) = %{bundler_connection_pool_version Provides: bundled(rubygem-fileutils) = %{bundler_fileutils_version} Provides: bundled(rubygem-net-http-persistent) = %{bundler_net_http_persistent_version} Provides: bundled(rubygem-pub_grub) = %{bundler_pub_grub_version} +Provides: bundled(rubygem-securerandom) = %{bundler_securerandom_version} Provides: bundled(rubygem-thor) = %{bundler_thor_version} Provides: bundled(rubygem-uri) = %{bundler_uri_version} BuildArch: noarch @@ -768,8 +763,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch 6 -p1 %patch 9 -p1 %patch 12 -p1 -%patch 13 -p1 -%patch 14 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -1026,6 +1019,15 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Gem::Resolv::VERSION != '%{rubygems_resolv_version}'; \ \"" +# SecureRandom. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + module Gem; module Random; end; end; \ + require 'rubygems/vendor/securerandom/lib/securerandom'; \ + puts '%%{rubygems_securerandom_version}: %{rubygems_securerandom_version}'; \ + puts %Q[Gem::SecureRandom::VERSION: #{Gem::SecureRandom::VERSION}]; \ + exit 1 if Gem::SecureRandom::VERSION != '%{rubygems_securerandom_version}'; \ +\"" + # Timeout. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ @@ -1092,6 +1094,15 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Gem::Net::HTTP::Persistent::VERSION != '%{bundler_net_http_persistent_version}'; \ \"" +# SecureRandom. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + module Bundler; module Random; end; end; \ + require 'bundler/vendor/securerandom/lib/securerandom'; \ + puts '%%{bundler_securerandom_version}: %{bundler_securerandom_version}'; \ + puts %Q[Bundler::SecureRandom::VERSION: #{Bundler::SecureRandom::VERSION}]; \ + exit 1 if Bundler::SecureRandom::VERSION != '%{bundler_securerandom_version}'; \ +\"" + # Thor. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Bundler; end; \ @@ -1739,6 +1750,9 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Mon Nov 11 2024 Vít Ondruch - 3.3.5-16 +- Upgrade to Ruby 3.3.6. + * Tue Sep 03 2024 Vít Ondruch - 3.3.5-14 - Upgrade to Ruby 3.3.5. Resolves: rhbz#2309364 diff --git a/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch b/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch deleted file mode 100644 index c700539..0000000 --- a/rubygems-3.5.17-Avoid-another-race-condition-of-open-mode.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 2daad257bee7a500e18ebe553e79487b267fb140 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Mon, 12 Aug 2024 20:18:34 +0900 -Subject: [PATCH] Avoid another race condition of open mode - -Instead, just open in CREATE and APPEND mode. -Also, move the workaround for old Solaris as fallback to retry. ---- - lib/rubygems.rb | 14 +++++--------- - 1 file changed, 5 insertions(+), 9 deletions(-) - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index 2b52cde0a749..c51ba69203cb 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -778,24 +778,20 @@ def self.open_file(path, flags, &block) - File.open(path, flags, &block) - end - -+ MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT # :nodoc: -+ - ## - # Open a file with given flags, and protect access with flock - - def self.open_file_with_flock(path, &block) -- flags = File.exist?(path) ? "r+" : "a+" -- -- File.open(path, flags) do |io| -+ File.open(path, MODE_TO_FLOCK) do |io| - begin - io.flock(File::LOCK_EX) - rescue Errno::ENOSYS, Errno::ENOTSUP -+ rescue Errno::ENOLCK # NFS -+ raise unless Thread.main == Thread.current - end - yield io -- rescue Errno::ENOLCK # NFS -- if Thread.main != Thread.current -- raise -- else -- open_file(path, flags, &block) -- end - end - end - diff --git a/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch b/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch deleted file mode 100644 index 0af11cf..0000000 --- a/rubygems-3.5.17-Remove-the-lock-file-for-binstubs.patch +++ /dev/null @@ -1,183 +0,0 @@ -From ace303c2d7bc0d98407e5e8b1ca77de07aa0eb75 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Tue, 13 Aug 2024 17:19:41 +0900 -Subject: [PATCH 1/3] Remove the lock file for binstubs - -https://github.com/rubygems/rubygems/pull/7806#issuecomment-2241662488 ---- - lib/rubygems.rb | 2 +- - lib/rubygems/installer.rb | 3 ++- - test/rubygems/test_gem_installer.rb | 10 ++++++++++ - 3 files changed, 13 insertions(+), 2 deletions(-) - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index bd9f240e2091..7626ccfdf0d6 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -778,7 +778,7 @@ def self.open_file(path, flags, &block) - File.open(path, flags, &block) - end - -- MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT # :nodoc: -+ MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT | IO::SHARE_DELETE | IO::BINARY # :nodoc: - - ## - # Open a file with given flags, and protect access with flock -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index d558c0be2bfa..8f95bab733f8 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -538,7 +538,7 @@ def generate_plugins # :nodoc: - def generate_bin_script(filename, bindir) - bin_script_path = File.join bindir, formatted_program_filename(filename) - -- Gem.open_file_with_flock("#{bin_script_path}.lock") do -+ Gem.open_file_with_flock("#{bin_script_path}.lock") do |lock| - require "fileutils" - FileUtils.rm_f bin_script_path # prior install may have been --no-wrappers - -@@ -546,6 +546,7 @@ def generate_bin_script(filename, bindir) - file.write app_script_text(filename) - file.chmod(options[:prog_mode] || 0o755) - end -+ File.unlink(lock.path) - end - - verbose bin_script_path -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index a61d1b6fff28..2f4ff7349db4 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -1083,6 +1083,8 @@ def test_install_creates_working_binstub - end - - assert_match(/ran executable/, e.message) -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_conflicting_binstubs -@@ -1131,6 +1133,8 @@ def test_conflicting_binstubs - # We expect the bin stub to activate the version that actually contains - # the binstub. - assert_match("I have an executable", e.message) -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_creates_binstub_that_understand_version -@@ -1160,6 +1164,8 @@ def test_install_creates_binstub_that_understand_version - end - - assert_includes(e.message, "can't find gem a (= 3.0)") -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_creates_binstub_that_prefers_user_installed_gem_to_default -@@ -1192,6 +1198,8 @@ def test_install_creates_binstub_that_prefers_user_installed_gem_to_default - end - - assert_equal(e.message, "ran executable") -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_creates_binstub_that_dont_trust_encoding -@@ -1222,6 +1230,8 @@ def test_install_creates_binstub_that_dont_trust_encoding - end - - assert_match(/ran executable/, e.message) -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - - def test_install_with_no_prior_files - -From fa0700e0f52827ae05da59a331a2917a12c09b8a Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Thu, 15 Aug 2024 16:20:46 +0900 -Subject: [PATCH 2/3] Workaround for TruffleRuby - ---- - lib/rubygems.rb | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/lib/rubygems.rb b/lib/rubygems.rb -index 7626ccfdf0d6..9d40fcc2f77a 100644 ---- a/lib/rubygems.rb -+++ b/lib/rubygems.rb -@@ -778,7 +778,9 @@ def self.open_file(path, flags, &block) - File.open(path, flags, &block) - end - -- MODE_TO_FLOCK = IO::RDONLY | IO::APPEND | IO::CREAT | IO::SHARE_DELETE | IO::BINARY # :nodoc: -+ mode = IO::RDONLY | IO::APPEND | IO::CREAT | IO::BINARY -+ mode |= IO::SHARE_DELETE if IO.const_defined?(:SHARE_DELETE) -+ MODE_TO_FLOCK = mode # :nodoc: - - ## - # Open a file with given flags, and protect access with flock - -From 6548e7aa17186687d0a8b99571885f148363016d Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Fri, 16 Aug 2024 20:19:22 +0900 -Subject: [PATCH 3/3] Ensure that the lock file will be removed - ---- - lib/rubygems/installer.rb | 3 ++- - test/rubygems/test_gem_installer.rb | 27 +++++++++++++++++++++++++++ - 2 files changed, 29 insertions(+), 1 deletion(-) - -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index 8f95bab733f8..1085f73fca53 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -546,7 +546,8 @@ def generate_bin_script(filename, bindir) - file.write app_script_text(filename) - file.chmod(options[:prog_mode] || 0o755) - end -- File.unlink(lock.path) -+ ensure -+ FileUtils.rm_f lock.path - end - - verbose bin_script_path -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index 2f4ff7349db4..ad5b1a244e80 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -1234,6 +1234,33 @@ def test_install_creates_binstub_that_dont_trust_encoding - assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) - end - -+ def test_install_does_not_leave_lockfile_for_binstub -+ installer = util_setup_installer -+ -+ installer.wrappers = true -+ -+ File.class_eval do -+ alias_method :original_chmod, :chmod -+ define_method(:chmod) do |mode| -+ original_chmod(mode) -+ raise Gem::Ext::BuildError if path.end_with?("/executable") -+ end -+ end -+ -+ assert_raise(Gem::Ext::BuildError) do -+ installer.install -+ end -+ -+ assert_path_not_exist(File.join(installer.bin_dir, "executable.lock")) -+ # assert_path_not_exist(File.join(installer.bin_dir, "executable")) -+ ensure -+ File.class_eval do -+ remove_method :chmod -+ alias_method :chmod, :original_chmod -+ remove_method :original_chmod -+ end -+ end -+ - def test_install_with_no_prior_files - installer = util_setup_installer - diff --git a/sources b/sources index 001c1d3..491b163 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.5.tar.xz) = dd5c6a7f74854e143e0ca46b9d7c0d1983fc4886f5f733cd108345dbf4b21f61ad978ad6806e05a57b7af28fd9216dd38d7145808188bbb3695a7f3a4eda3883 +SHA512 (ruby-3.3.6.tar.xz) = c4b86188bf539fa737932e1ba5b746bc295e7c43b2f8cca2668eb7c88aa7228e2ce9032bbcd244a7d558a11bc842445b5fbeac3503ca7d223b63c53e08dba4ab From e46c678dcd9adbd926ef0096a3152ad23e7dc3df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Tue, 19 Nov 2024 17:46:34 +0100 Subject: [PATCH 15/18] Fix version in changelog (cherry picked from commit 19423ee8d937f22a8c1bd59965ad61e9b2f246a3) --- ruby.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby.spec b/ruby.spec index 2304cf0..7741ef9 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1750,7 +1750,7 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog -* Mon Nov 11 2024 Vít Ondruch - 3.3.5-16 +* Mon Nov 11 2024 Vít Ondruch - 3.3.6-16 - Upgrade to Ruby 3.3.6. * Tue Sep 03 2024 Vít Ondruch - 3.3.5-14 From 685a16b6452fdf0eae9d49f3484106b37cd0f901 Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Tue, 28 Jan 2025 15:20:00 +0100 Subject: [PATCH 16/18] Upgrade to Ruby 3.3.7. --- ruby.spec | 7 +++++-- sources | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ruby.spec b/ruby.spec index 7741ef9..4ac953e 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 6 +%global teeny_version 7 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -173,7 +173,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 16%{?dist} +Release: 17%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -1750,6 +1750,9 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Tue Jan 28 2025 Jun Aruga - 3.3.7-17 +- Upgrade to Ruby 3.3.7. + * Mon Nov 11 2024 Vít Ondruch - 3.3.6-16 - Upgrade to Ruby 3.3.6. diff --git a/sources b/sources index 491b163..0b5c71a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.6.tar.xz) = c4b86188bf539fa737932e1ba5b746bc295e7c43b2f8cca2668eb7c88aa7228e2ce9032bbcd244a7d558a11bc842445b5fbeac3503ca7d223b63c53e08dba4ab +SHA512 (ruby-3.3.7.tar.xz) = 4082a7684c1b0d53a0ce493f79568e851d37a864f59c58b2e0c273b2659e0ca75318ddff939fdf5e9d0a3eeba1b6d8f03bf88afb49a5ffd77714f1c8a7dfdd55 From 9a447e56432900dea55efeac640ca29b7db2670e Mon Sep 17 00:00:00 2001 From: Jun Aruga Date: Mon, 16 Dec 2024 17:16:12 +0100 Subject: [PATCH 17/18] Fix Ruby OpenSSL to respect crypto-policies TLS minimal version. This issue was identified at the ticket RHEL-21019. https://issues.redhat.com/browse/RHEL-21019 --- ...nssl-respect-crypto-policies-tls-min.patch | 47 +++++++++++++++++++ ruby.spec | 6 +++ 2 files changed, 53 insertions(+) create mode 100644 ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch diff --git a/ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch b/ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch new file mode 100644 index 0000000..6c7a4dd --- /dev/null +++ b/ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch @@ -0,0 +1,47 @@ +From ae215a47ae1a6527bb7b8566e5bcc9430652462f Mon Sep 17 00:00:00 2001 +From: Ewoud Kohl van Wijngaarden +Date: Fri, 5 Jan 2024 15:58:59 +0100 +Subject: [PATCH] Only set min_version on OpenSSL < 1.1.0 + +Both Red Hat and Debian-like systems configure the minimum TLS version +to be 1.2 by default, but allow users to change this via configs. + +On Red Hat and derivatives this happens via crypto-policies[1], which in +writes settings in /etc/crypto-policies/back-ends/opensslcnf.config. +Most notably, it sets TLS.MinProtocol there. For Debian there's +MinProtocol in /etc/ssl/openssl.cnf. Both default to TLSv1.2, which is +considered a secure default. + +In constrast, the SSLContext has a hard coded OpenSSL::SSL::TLS1_VERSION +for min_version. TLS 1.0 and 1.1 are considered insecure. By always +setting this in the default parameters, the system wide default can't be +respected, even if a developer wants to. + +This takes the approach that's also done for ciphers: it's only set for +OpenSSL < 1.1.0. + +[1]: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening +--- + lib/openssl/ssl.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb +index e557b8b48..83ecacafb 100644 +--- a/ext/openssl/lib/openssl/ssl.rb ++++ b/ext/openssl/lib/openssl/ssl.rb +@@ -22,7 +22,6 @@ module OpenSSL + module SSL + class SSLContext + DEFAULT_PARAMS = { # :nodoc: +- :min_version => OpenSSL::SSL::TLS1_VERSION, + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :verify_hostname => true, + :options => -> { +@@ -55,6 +54,7 @@ class SSLContext + if !(OpenSSL::OPENSSL_VERSION.start_with?("OpenSSL") && + OpenSSL::OPENSSL_VERSION_NUMBER >= 0x10100000) + DEFAULT_PARAMS.merge!( ++ min_version: OpenSSL::SSL::TLS1_VERSION, + ciphers: %w{ + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 diff --git a/ruby.spec b/ruby.spec index 4ac953e..9b3061c 100644 --- a/ruby.spec +++ b/ruby.spec @@ -284,6 +284,10 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Make sure hardeding flags are correctly applied. # https://bugs.ruby-lang.org/issues/20520 Patch12: ruby-3.4.0-Extract-hardening-CFLAGS-to-a-special-hardenflags-variable.patch +# Fix Ruby OpenSSL to respect crypto-policies TLS minimal version. +# https://github.com/ruby/openssl/pull/710 +# https://github.com/ruby/ruby/commit/6213ab1a51387fd9cdcb5e87908722f3bbdf78cb +Patch13: ruby-3.4.0-openssl-respect-crypto-policies-tls-min.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -763,6 +767,7 @@ analysis result in RBS format, a standard type description format for Ruby %patch 6 -p1 %patch 9 -p1 %patch 12 -p1 +%patch 13 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -1752,6 +1757,7 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog * Tue Jan 28 2025 Jun Aruga - 3.3.7-17 - Upgrade to Ruby 3.3.7. +- Fix Ruby OpenSSL to respect crypto-policies TLS minimal version. * Mon Nov 11 2024 Vít Ondruch - 3.3.6-16 - Upgrade to Ruby 3.3.6. From 00e8c13291e901b1a3d4b31b6824f0bdc7d137e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Thu, 10 Apr 2025 15:42:14 +0200 Subject: [PATCH 18/18] Upgrade to Ruby 3.3.8. - CVE-2025-25186: Fix Net::IMAP vulnerable to possible DoS by memory exhaustion Resolves: rhbz#2345556 - CVE-2025-27219: Denial of Service in CGI::Cookie.parse Resolves: rhbz#2357516 - CVE-2025-27221: userinfo leakage in URI#join, URI#merge and URI#+ --- ruby.spec | 25 ++++++++++++++++++------- sources | 2 +- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ruby.spec b/ruby.spec index 9b3061c..43e7fb0 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 7 +%global teeny_version 8 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -52,7 +52,7 @@ %global abbrev_version 0.1.2 %global base64_version 0.2.0 %global benchmark_version 0.3.0 -%global cgi_version 0.4.1 +%global cgi_version 0.4.2 %global csv_version 3.2.8 %global date_version 3.3.4 %global delegate_version 0.3.1 @@ -107,7 +107,7 @@ %global tmpdir_version 0.2.0 %global tsort_version 0.2.0 %global un_version 0.3.0 -%global uri_version 0.13.1 +%global uri_version 0.13.2 %global weakref_version 0.1.3 %global win32ole_version 1.8.10 %global yaml_version 0.3.0 @@ -125,9 +125,9 @@ # Bundled gems. %global debug_version 1.9.2 %global net_ftp_version 0.3.4 -%global net_imap_version 0.4.9.1 +%global net_imap_version 0.4.19 %global net_pop_version 0.1.2 -%global net_smtp_version 0.4.0.1 +%global net_smtp_version 0.5.1 %global matrix_version 0.4.2 %global minitest_version 5.20.0 %global power_assert_version 2.0.3 @@ -173,7 +173,7 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 17%{?dist} +Release: 19%{?dist} # Licenses, which are likely not included in binary RPMs: # Apache-2.0: # benchmark/gc/redblack.rb @@ -190,7 +190,7 @@ Release: 17%{?dist} # https://github.com/flori/json/pull/567 # # Licenses under review: -# .bundle/gems/net-imap-0.4.9/LICENSE.txt +# .bundle/gems/net-imap-0.4.19/LICENSE.txt # https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 # # Approved license without SPDX identifier: @@ -1600,12 +1600,15 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ # net-imap %dir %{gem_instdir net-imap} %{gem_instdir net-imap}/Gemfile +%license %{gem_instdir net-imap}/BSDL +%license %{gem_instdir net-imap}/COPYING %license %{gem_instdir net-imap}/LICENSE.txt %doc %{gem_instdir net-imap}/README.md %{gem_instdir net-imap}/Rakefile %{gem_instdir net-imap}/docs %{gem_libdir net-imap} %{gem_instdir net-imap}/rakelib +%{gem_instdir net-imap}/sample %{gem_spec net-imap} # net-pop @@ -1755,6 +1758,14 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Thu Apr 10 2025 Vít Ondruch - 3.3.8-19 +- Upgrade to Ruby 3.3.8. +- CVE-2025-25186: Fix Net::IMAP vulnerable to possible DoS by memory exhaustion + Resolves: rhbz#2345556 +- CVE-2025-27219: Denial of Service in CGI::Cookie.parse + Resolves: rhbz#2357516 +- CVE-2025-27221: userinfo leakage in URI#join, URI#merge and URI#+ + * Tue Jan 28 2025 Jun Aruga - 3.3.7-17 - Upgrade to Ruby 3.3.7. - Fix Ruby OpenSSL to respect crypto-policies TLS minimal version. diff --git a/sources b/sources index 0b5c71a..a0dfe11 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.7.tar.xz) = 4082a7684c1b0d53a0ce493f79568e851d37a864f59c58b2e0c273b2659e0ca75318ddff939fdf5e9d0a3eeba1b6d8f03bf88afb49a5ffd77714f1c8a7dfdd55 +SHA512 (ruby-3.3.8.tar.xz) = 71c2f3ac9955e088fa885fd2ff695e67362a770a5d33e5160081eda3dd298ca2c692e299b03d757caecfbc94043fedc4ad093de84c505585d480cb36bbf978b9