From 2b14a60d8c90c48bcf6bd289087dcd9cea600952 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 13 2019 08:38:28 +0000 Subject: import rh-ruby25-ruby-2.5.5-7.el7 --- diff --git a/.gitignore b/.gitignore index 46f636e..162477a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-2.5.3.tar.xz +SOURCES/ruby-2.5.5.tar.xz diff --git a/.rh-ruby25-ruby.metadata b/.rh-ruby25-ruby.metadata index b055517..eb0720e 100644 --- a/.rh-ruby25-ruby.metadata +++ b/.rh-ruby25-ruby.metadata @@ -1 +1 @@ -5acbdea1ced1e36684268e1cb6f8a4e7669bce77 SOURCES/ruby-2.5.3.tar.xz +85cee62e47f0707808ff3d7cb68b6cd075a65509 SOURCES/ruby-2.5.5.tar.xz diff --git a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch index 47bf9bc..68e4abc 100644 --- a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch +++ b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch @@ -39,7 +39,7 @@ diff --git a/configure.ac b/configure.ac index 028ef7ca3e..cdeff87871 100644 --- a/configure.ac +++ b/configure.ac -@@ -4396,6 +4396,13 @@ AC_SUBST(rubyarchhdrdir)dnl +@@ -4397,6 +4397,13 @@ AC_SUBST(rubyarchhdrdir)dnl AC_SUBST(sitearchhdrdir)dnl AC_SUBST(vendorarchhdrdir)dnl diff --git a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 36ec460..555b6b5 100644 --- a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 11fc237552..b77e88fc37 100644 --- a/configure.ac +++ b/configure.ac -@@ -3641,6 +3641,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3642,6 +3642,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index d0cffab..20539fd 100644 --- a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index 999e2d6d5d..11fc237552 100644 --- a/configure.ac +++ b/configure.ac -@@ -4251,7 +4251,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4252,7 +4252,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/SOURCES/ruby-2.1.0-always-use-i386.patch b/SOURCES/ruby-2.1.0-always-use-i386.patch index 555ad45..5d45fac 100644 --- a/SOURCES/ruby-2.1.0-always-use-i386.patch +++ b/SOURCES/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index b77e88fc37..6bba453e3c 100644 --- a/configure.ac +++ b/configure.ac -@@ -4315,6 +4315,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4316,6 +4316,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch index cc45741..4b54560 100644 --- a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch +++ b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 6bba453e3c..028ef7ca3e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4287,6 +4287,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4288,6 +4288,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 6bba453e3c..028ef7ca3e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4311,6 +4315,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4312,6 +4316,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch index 8f57319..30370e1 100644 --- a/SOURCES/ruby-2.3.0-ruby_version.patch +++ b/SOURCES/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 8ea969412f..a00f2b6776 100644 --- a/configure.ac +++ b/configure.ac -@@ -4202,9 +4202,6 @@ AS_CASE(["$target_os"], +@@ -4203,9 +4203,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 8ea969412f..a00f2b6776 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4227,56 +4224,62 @@ AC_ARG_WITH(ridir, +@@ -4228,56 +4225,62 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -120,7 +120,7 @@ index 8ea969412f..a00f2b6776 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4293,6 +4296,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4294,6 +4297,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl @@ -245,7 +245,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index 0428bea..b6e090e 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1156,7 +1156,8 @@ def test_self_use_paths +@@ -1191,7 +1191,8 @@ def test_self_use_paths def test_self_user_dir parts = [@userhome, '.gem', Gem.ruby_engine] @@ -255,7 +255,7 @@ index 0428bea..b6e090e 100644 assert_equal File.join(parts), Gem.user_dir end -@@ -1283,7 +1284,7 @@ def test_self_user_home_user_drive_and_path +@@ -1318,7 +1319,7 @@ def test_self_user_home_user_drive_and_path def test_self_vendor_dir expected = File.join RbConfig::CONFIG['vendordir'], 'gems', diff --git a/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch b/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch index 6838701..7ac0e41 100644 --- a/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch +++ b/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch @@ -64,7 +64,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index 3225a05c6b..62b80c4945 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1802,6 +1802,13 @@ def test_use_gemdeps_specific +@@ -1837,6 +1837,13 @@ def test_use_gemdeps_specific ENV['RUBYGEMS_GEMDEPS'] = rubygems_gemdeps end diff --git a/SOURCES/ruby-2.6.0-Fix-Tokyo-TZ-tests.patch b/SOURCES/ruby-2.6.0-Fix-Tokyo-TZ-tests.patch deleted file mode 100644 index edc58b6..0000000 --- a/SOURCES/ruby-2.6.0-Fix-Tokyo-TZ-tests.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e71ca6cdcf108e6a2fa47ec9fadefe7554717908 Mon Sep 17 00:00:00 2001 -From: nobu -Date: Fri, 26 Oct 2018 01:47:09 +0000 -Subject: [PATCH] Update for tzdata-2018f - -git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65365 b2dd03c8-39d4-4d8f-98ff-823fe69b080e ---- - test/ruby/test_time_tz.rb | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb -index 2da4fd8d9ce4..328fde48fc34 100644 ---- a/test/ruby/test_time_tz.rb -+++ b/test/ruby/test_time_tz.rb -@@ -86,7 +86,9 @@ def group_by(e, &block) - has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon") - CORRECT_TOKYO_DST_1951 = with_tz("Asia/Tokyo") { - if Time.local(1951, 5, 6, 12, 0, 0).dst? # noon, DST -- Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata -+ if Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata -+ Time.local(1951, 9, 8, 23, 0, 0).dst? ? "2018f" : "2018e" -+ end - end - } - CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") { -@@ -347,12 +349,16 @@ def self.gen_zdump_test(data) - Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000 - Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800 - End -- gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' : <<'End' -+ gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End' - Asia/Tokyo Sat May 5 14:59:59 1951 UTC = Sat May 5 23:59:59 1951 JST isdst=0 gmtoff=32400 - Asia/Tokyo Sat May 5 15:00:00 1951 UTC = Sun May 6 01:00:00 1951 JDT isdst=1 gmtoff=36000 -+End - Asia/Tokyo Sat Sep 8 13:59:59 1951 UTC = Sat Sep 8 23:59:59 1951 JDT isdst=1 gmtoff=36000 - Asia/Tokyo Sat Sep 8 14:00:00 1951 UTC = Sat Sep 8 23:00:00 1951 JST isdst=0 gmtoff=32400 --End -+2018e -+Asia/Tokyo Sat Sep 8 14:59:59 1951 UTC = Sun Sep 9 00:59:59 1951 JDT isdst=1 gmtoff=36000 -+Asia/Tokyo Sat Sep 8 15:00:00 1951 UTC = Sun Sep 9 00:00:00 1951 JST isdst=0 gmtoff=32400 -+2018f - Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 - Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 - Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 979efd2..854405f 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -3,7 +3,7 @@ %global major_version 2 %global minor_version 5 -%global teeny_version 3 +%global teeny_version 5 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -24,7 +24,7 @@ %endif -%global release 6 +%global release 7 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} # The RubyGems library has to stay out of Ruby directory tree, since the @@ -32,7 +32,7 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 2.7.6 +%global rubygems_version 2.7.6.2 %global molinillo_version 0.5.7 # TODO: The IRB has strange versioning. Keep the Ruby's versioning ATM. @@ -145,9 +145,6 @@ Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch # Add Gem.operating_system_defaults to allow packagers to override defaults. # https://github.com/rubygems/rubygems/pull/2116 Patch10: ruby-2.5.0-Add-Gem.operating_system_defaults.patch -# Fix Tokyo TZ tests -# https://github.com/ruby/ruby/commit/e71ca6cdcf108e6a2fa47ec9fadefe7554717908 -Patch11: ruby-2.6.0-Fix-Tokyo-TZ-tests.patch # Properly harden package using -fstack-protector-strong. # https://bugs.ruby-lang.org/issues/15053 Patch12: ruby-2.6.0-configure-fstack-protector-strong.patch @@ -553,7 +550,6 @@ rm -rf ext/fiddle/libffi* %patch7 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 %patch12 -p1 %patch13 -p1 @@ -1107,6 +1103,21 @@ make check TESTS="-v $DISABLE_TESTS" %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec %changelog +* Mon Apr 15 2019 Jun Aruga - 2.5.5-7 +- Upgrade to Ruby 2.5.5. +- Delete directory using symlink when decompressing tar + Resolves: CVE-2019-8320 +- Fix escape sequence injection vulnerability in verbose. + Resolves: CVE-2019-8321 +- Fix escape sequence injection vulnerability in gem owner. + Resolves: CVE-2019-8322 +- Fix escape sequence injection vulnerability in API response handling. + Resolves: CVE-2019-8323 +- Prohibit arbitrary code execution when installing a malicious gem. + Resolves: CVE-2019-8324 +- Fix escape sequence injection vulnerability in errors. + Resolves: CVE-2019-8325 + * Mon Oct 29 2018 Pavel Valena - 2.5.3-6 - Update to Ruby 2.5.3. Resolves: CVE-2018-16395