diff --git a/.gitignore b/.gitignore index 978802b..6e53f5b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-2.6.7.tar.xz +SOURCES/ruby-2.6.9.tar.xz diff --git a/.rh-ruby26-ruby.metadata b/.rh-ruby26-ruby.metadata index 25bfc62..097b7c7 100644 --- a/.rh-ruby26-ruby.metadata +++ b/.rh-ruby26-ruby.metadata @@ -1 +1 @@ -1fd1448125a00cd7b9994637b5e561506de6a6d3 SOURCES/ruby-2.6.7.tar.xz +fc67ca162010aac4af49d73a8c48be5cb2fb5907 SOURCES/ruby-2.6.9.tar.xz diff --git a/SOURCES/ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch b/SOURCES/ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch deleted file mode 100644 index 1e6f83f..0000000 --- a/SOURCES/ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 346e147ba6480839b87046e9a9efab0bf6ed3660 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com> -Date: Wed, 10 Aug 2016 17:35:48 +0200 -Subject: [PATCH] Rely on ldd to detect glibc. - -This is just workaround, since we know we are quite sure this will be successful -on Red Hat platforms. - -This workaround rhbz#1361037 ---- - test/fiddle/helper.rb | 89 ------------------------------------------- - 1 file changed, 89 deletions(-) - -diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb -index 1da3d93..65148a1 100644 ---- a/test/fiddle/helper.rb -+++ b/test/fiddle/helper.rb -@@ -6,95 +6,6 @@ - - libc_so = libm_so = nil - --case RUBY_PLATFORM --when /cygwin/ -- libc_so = "cygwin1.dll" -- libm_so = "cygwin1.dll" --when /linux/ -- libdir = '/lib' -- case [0].pack('L!').size -- when 4 -- # 32-bit ruby -- libdir = '/lib32' if File.directory? '/lib32' -- when 8 -- # 64-bit ruby -- libdir = '/lib64' if File.directory? '/lib64' -- end -- libc_so = File.join(libdir, "libc.so.6") -- libm_so = File.join(libdir, "libm.so.6") --when /mingw/, /mswin/ -- require "rbconfig" -- crtname = RbConfig::CONFIG["RUBY_SO_NAME"][/msvc\w+/] || 'ucrtbase' -- libc_so = libm_so = "#{crtname}.dll" --when /darwin/ -- libc_so = "/usr/lib/libc.dylib" -- libm_so = "/usr/lib/libm.dylib" --when /kfreebsd/ -- libc_so = "/lib/libc.so.0.1" -- libm_so = "/lib/libm.so.1" --when /gnu/ #GNU/Hurd -- libc_so = "/lib/libc.so.0.3" -- libm_so = "/lib/libm.so.6" --when /mirbsd/ -- libc_so = "/usr/lib/libc.so.41.10" -- libm_so = "/usr/lib/libm.so.7.0" --when /freebsd/ -- libc_so = "/lib/libc.so.7" -- libm_so = "/lib/libm.so.5" --when /bsd|dragonfly/ -- libc_so = "/usr/lib/libc.so" -- libm_so = "/usr/lib/libm.so" --when /solaris/ -- libdir = '/lib' -- case [0].pack('L!').size -- when 4 -- # 32-bit ruby -- libdir = '/lib' if File.directory? '/lib' -- when 8 -- # 64-bit ruby -- libdir = '/lib/64' if File.directory? '/lib/64' -- end -- libc_so = File.join(libdir, "libc.so") -- libm_so = File.join(libdir, "libm.so") --when /aix/ -- pwd=Dir.pwd -- libc_so = libm_so = "#{pwd}/libaixdltest.so" -- unless File.exist? libc_so -- cobjs=%w!strcpy.o! -- mobjs=%w!floats.o sin.o! -- funcs=%w!sin sinf strcpy strncpy! -- expfile='dltest.exp' -- require 'tmpdir' -- Dir.mktmpdir do |dir| -- begin -- Dir.chdir dir -- %x!/usr/bin/ar x /usr/lib/libc.a #{cobjs.join(' ')}! -- %x!/usr/bin/ar x /usr/lib/libm.a #{mobjs.join(' ')}! -- %x!echo "#{funcs.join("\n")}\n" > #{expfile}! -- require 'rbconfig' -- if RbConfig::CONFIG["GCC"] = 'yes' -- lflag='-Wl,' -- else -- lflag='' -- end -- flags="#{lflag}-bE:#{expfile} #{lflag}-bnoentry -lm" -- %x!#{RbConfig::CONFIG["LDSHARED"]} -o #{libc_so} #{(cobjs+mobjs).join(' ')} #{flags}! -- ensure -- Dir.chdir pwd -- end -- end -- end --else -- libc_so = ARGV[0] if ARGV[0] && ARGV[0][0] == ?/ -- libm_so = ARGV[1] if ARGV[1] && ARGV[1][0] == ?/ -- if( !(libc_so && libm_so) ) -- $stderr.puts("libc and libm not found: #{$0} <libc> <libm>") -- end --end -- --libc_so = nil if !libc_so || (libc_so[0] == ?/ && !File.file?(libc_so)) --libm_so = nil if !libm_so || (libm_so[0] == ?/ && !File.file?(libm_so)) -- - if !libc_so || !libm_so - ruby = EnvUtil.rubybin - ldd = `ldd #{ruby}` --- -2.9.2 - diff --git a/SOURCES/ruby-2.7.0-bundler-use-bundle-gem-instead-of-gem-command.patch b/SOURCES/ruby-2.7.0-bundler-use-bundle-gem-instead-of-gem-command.patch new file mode 100644 index 0000000..e5a8f77 --- /dev/null +++ b/SOURCES/ruby-2.7.0-bundler-use-bundle-gem-instead-of-gem-command.patch @@ -0,0 +1,107 @@ +From 745899dec8f28d50a37dc03a96bbea972caaef58 Mon Sep 17 00:00:00 2001 +From: SHIBATA Hiroshi <hsbt@ruby-lang.org> +Date: Tue, 19 Feb 2019 22:41:56 +0900 +Subject: [PATCH] Use ENV["BUNDLE_GEM"] instead of gem command provided by + system ruby. + + It break the examples of bundler. Because some examples detect the + different version of system ruby than test target version like trunk. +--- + lib/bundler/gem_helper.rb | 8 ++++++-- + spec/bundler/commands/clean_spec.rb | 14 +++++++++----- + spec/bundler/support/rubygems_ext.rb | 7 ++----- + 3 files changed, 17 insertions(+), 12 deletions(-) + +diff --git a/lib/bundler/gem_helper.rb b/lib/bundler/gem_helper.rb +index e7673cba88..c54259b5b6 100644 +--- a/lib/bundler/gem_helper.rb ++++ b/lib/bundler/gem_helper.rb +@@ -74,7 +74,8 @@ def install + + def build_gem + file_name = nil +- sh("gem build -V '#{spec_path}'") do ++ gem = ENV["BUNDLE_GEM"] ? ENV["BUNDLE_GEM"] : "gem" ++ sh("#{gem} build -V #{spec_path}") do + file_name = File.basename(built_gem_path) + SharedHelpers.filesystem_access(File.join(base, "pkg")) {|p| FileUtils.mkdir_p(p) } + FileUtils.mv(built_gem_path, "pkg") +@@ -85,7 +86,10 @@ def build_gem + + def install_gem(built_gem_path = nil, local = false) + built_gem_path ||= build_gem +- out, _ = sh_with_code("gem install '#{built_gem_path}'#{" --local" if local}") ++ gem = ENV["BUNDLE_GEM"] ? ENV["BUNDLE_GEM"] : "gem" ++ cmd = "#{gem} install #{built_gem_path}" ++ cmd = "#{cmd} --local" if local ++ out, _ = sh_with_code(cmd) + raise "Couldn't install gem, run `gem install #{built_gem_path}' for more detailed output" unless out[/Successfully installed/] + Bundler.ui.confirm "#{name} (#{version}) installed." + end +diff --git a/spec/bundler/commands/clean_spec.rb b/spec/bundler/commands/clean_spec.rb +index 37cbeeb4e7..74a5b86ec1 100644 +--- a/spec/bundler/commands/clean_spec.rb ++++ b/spec/bundler/commands/clean_spec.rb +@@ -339,7 +339,8 @@ def should_not_have_gems(*gems) + gem "rack" + G + +- sys_exec! "gem list" ++ gem = ruby_core? ? ENV["BUNDLE_GEM"] : "gem" ++ sys_exec! "#{gem} list" + expect(out).to include("rack (1.0.0)").and include("thin (1.0)") + end + +@@ -461,8 +462,9 @@ def should_not_have_gems(*gems) + end + bundle! :update, :all => bundle_update_requires_all? + +- sys_exec! "gem list" +- expect(out).to include("foo (1.0.1, 1.0)") ++ gem = ruby_core? ? ENV["BUNDLE_GEM"] : "gem" ++ sys_exec! "#{gem} list" ++ expect(out).to include("foo (1.0.1, 1.0)") + end + + it "cleans system gems when --force is used" do +@@ -485,7 +487,8 @@ def should_not_have_gems(*gems) + bundle "clean --force" + + expect(out).to include("Removing foo (1.0)") +- sys_exec "gem list" ++ gem = ruby_core? ? ENV["BUNDLE_GEM"] : "gem" ++ sys_exec "#{gem} list" + expect(out).not_to include("foo (1.0)") + expect(out).to include("rack (1.0.0)") + end +@@ -519,7 +522,8 @@ def should_not_have_gems(*gems) + expect(out).to include(system_gem_path.to_s) + expect(out).to include("grant write permissions") + +- sys_exec "gem list" ++ gem = ruby_core? ? ENV["BUNDLE_GEM"] : "gem" ++ sys_exec "#{gem} list" + expect(out).to include("foo (1.0)") + expect(out).to include("rack (1.0.0)") + end +diff --git a/spec/bundler/support/rubygems_ext.rb b/spec/bundler/support/rubygems_ext.rb +index c18f7650fc..408d715ecf 100644 +--- a/spec/bundler/support/rubygems_ext.rb ++++ b/spec/bundler/support/rubygems_ext.rb +@@ -59,11 +59,8 @@ def self.install_gems(gems) + no_reqs.map!(&:first) + reqs.map! {|name, req| "'#{name}:#{req}'" } + deps = reqs.concat(no_reqs).join(" ") +- cmd = if Gem::VERSION < "2.0.0" +- "gem install #{deps} --no-rdoc --no-ri --conservative" +- else +- "gem install #{deps} --no-document --conservative" +- end ++ gem = Spec::Path.ruby_core? ? ENV["BUNDLE_GEM"] : "#{Gem.ruby} -S gem" ++ cmd = "#{gem} install #{deps} --no-document --conservative" + puts cmd + system(cmd) || raise("Installing gems #{deps} for the tests to use failed!") + end +-- +2.31.1 + diff --git a/SOURCES/ruby-2.7.0-update-location-of-bundler-gemspec.patch b/SOURCES/ruby-2.7.0-update-location-of-bundler-gemspec.patch new file mode 100644 index 0000000..0e4d9f8 --- /dev/null +++ b/SOURCES/ruby-2.7.0-update-location-of-bundler-gemspec.patch @@ -0,0 +1,37 @@ +From 8cca079d3be8d07c261baea72529628469938245 Mon Sep 17 00:00:00 2001 +From: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> +Date: Sat, 2 Feb 2019 10:41:22 +0000 +Subject: [PATCH] Fixup r66984. Update the location of bundler gemspec. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66993 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + spec/bundler/support/path.rb | 2 +- + tool/sync_default_gems.rb | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/spec/bundler/support/path.rb b/spec/bundler/support/path.rb +index 38f7145dc72a..69efcba05175 100644 +--- a/spec/bundler/support/path.rb ++++ b/spec/bundler/support/path.rb +@@ -9,7 +9,7 @@ def root + end + + def gemspec +- @gemspec ||= root.join(ruby_core? ? "lib/bundler.gemspec" : "bundler.gemspec") ++ @gemspec ||= root.join(ruby_core? ? "lib/bundler/bundler.gemspec" : "bundler.gemspec") + end + + def bindir +diff --git a/tool/sync_default_gems.rb b/tool/sync_default_gems.rb +index bb4fcdd2cc12..26458147e5a3 100644 +--- a/tool/sync_default_gems.rb ++++ b/tool/sync_default_gems.rb +@@ -89,7 +89,7 @@ def sync_default_gems(gem) + `rm -rf lib/bundler* libexec/bundler libexec/bundle libexec/bundle_ruby spec/bundler man/bundle* man/gemfile*` + `cp -r ../../bundler/bundler/lib/bundler* ./lib` + `cp -r ../../bundler/bundler/exe/bundle* ./libexec` +- `cp ../../bundler/bundler/bundler.gemspec ./lib` ++ `cp ../../bundler/bundler/bundler.gemspec ./lib/bundler` + `cp -r ../../bundler/bundler/spec spec/bundler` + `cp -r ../../bundler/bundler/man/*.{1,5,1\.txt,5\.txt,ronn} ./man` + `rm -rf spec/bundler/support/artifice/vcr_cassettes` diff --git a/SOURCES/ruby-3.0.3-fiddle-1.0.8-Rely-on-hard-coded-lib-name-to-detect-glibc.patch b/SOURCES/ruby-3.0.3-fiddle-1.0.8-Rely-on-hard-coded-lib-name-to-detect-glibc.patch new file mode 100644 index 0000000..3fa0747 --- /dev/null +++ b/SOURCES/ruby-3.0.3-fiddle-1.0.8-Rely-on-hard-coded-lib-name-to-detect-glibc.patch @@ -0,0 +1,25 @@ +From a267a40be7844224c5f000530bd3e8e906f1acea Mon Sep 17 00:00:00 2001 +From: Jeremy Evans <code@jeremyevans.net> +Date: Wed, 10 Mar 2021 13:48:00 -0800 +Subject: [PATCH] Do not use a libdir for glibc, it breaks Linux PPC64 (#70) + +Fixes [Bug #12666] +--- + test/fiddle/helper.rb | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb +index f38f903..a6e2019 100644 +--- a/test/fiddle/helper.rb ++++ b/test/fiddle/helper.rb +@@ -20,8 +20,8 @@ + # 64-bit ruby + libdir = '/lib64' if File.directory? '/lib64' + end +- libc_so = File.join(libdir, "libc.so.6") +- libm_so = File.join(libdir, "libm.so.6") ++ libc_so = "libc.so.6" ++ libm_so = "libm.so.6" + when /mingw/, /mswin/ + require "rbconfig" + crtname = RbConfig::CONFIG["RUBY_SO_NAME"][/msvc\w+/] || 'ucrtbase' diff --git a/SOURCES/ruby-bundler-raise-error-in-dependency-confusion.patch b/SOURCES/ruby-bundler-raise-error-in-dependency-confusion.patch new file mode 100644 index 0000000..5800852 --- /dev/null +++ b/SOURCES/ruby-bundler-raise-error-in-dependency-confusion.patch @@ -0,0 +1,422 @@ +diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb +index 8e56d4a9bc..c37946b46c 100644 +--- a/lib/bundler/definition.rb ++++ b/lib/bundler/definition.rb +@@ -910,6 +910,8 @@ def source_requirements + # Load all specs from remote sources + index + ++ validate_dependency_confusion! unless disable_dependency_confusion_check? ++ + # Record the specs available in each gem's source, so that those + # specs will be available later when the resolver knows where to + # look for that gemspec (or its dependencies) +@@ -989,5 +991,112 @@ def equivalent_rubygems_remotes?(source) + + Bundler.settings[:allow_deployment_source_credential_changes] && source.equivalent_remotes?(sources.rubygems_remotes) + end ++ ++ def validate_dependency_confusion! ++ # Continue if there is a scoped repository in the remote case. ++ return unless @remote && sources.non_global_rubygems_sources.size > 0 ++ ++ # Raise an error unless all the scope repositories implement the dependency API. ++ # When there is a non-dependency API scoped repository, we cannot get ++ # indirect dependencies used in a `Gemfile`. ++ unless sources.non_global_rubygems_sources.all?(&:dependency_api_available?) ++ non_api_sources = sources.non_global_rubygems_sources.reject(&:dependency_api_available?) ++ non_api_source_names_str = non_api_sources.map {|d| " * #{d}" }.join("\n") ++ ++ msg = String.new ++ msg << "Your Gemfile contains scoped sources that don't implement a dependency API, namely:\n\n" ++ msg << non_api_source_names_str ++ msg << "\n\nUsing the above gem servers may result in installing unexpected gems. " \ ++ "To resolve this warning, make sure you use gem servers that implement dependency APIs, " \ ++ "such as gemstash or geminabox gem servers." ++ raise_error_or_warn_dependency_confusion(msg) ++ return ++ end ++ ++ indirect_dep_names = indirect_dependency_names_in_non_global_rubygems_soruces ++ # Get all the gem names from the index made from the default source. ++ # default_source_dep_names = @index.sources.select(&:default_source_used?).map(&:spec_names).flatten ++ # Get all the gem names from each source. ++ all_spec_names_list = @index.sources.map(&:spec_names) ++ ++ # Only include the indirect dependency gems on the scoped sources that ++ # also exist on another source. The gems are included in more than 2 ++ # sources (the own source + another source). If the gems don't exist on ++ # the another source, the dependency confusion doesn't happen. ++ indirect_dep_names.select! do |name| ++ source_num = all_spec_names_list.select {|all_names| all_names.include?(name) } ++ source_num.size >= 2 ++ end ++ ++ # Raise an error if there is an indirect dependency. ++ if indirect_dep_names.size > 0 ++ dep_names_str = indirect_dep_names.join(", ") ++ source_names_str = sources.non_global_rubygems_sources.map {|d| " * #{d}" }.join("\n") ++ ++ msg = String.new ++ msg << "Your Gemfile contains implicit dependency gems #{dep_names_str} on the scoped sources, namely:\n\n" ++ msg << source_names_str ++ msg << "\n\nUsing implicit dependency gems on the above sources may result in installing unexpected gems. " ++ msg << "To suppress this message, make sure you set the gems explicitly in the Gemfile." ++ raise_error_or_warn_dependency_confusion(msg) ++ return ++ end ++ end ++ ++ def raise_error_or_warn_dependency_confusion(msg) ++ if warn_on_dependnecy_confusion? ++ Bundler.ui.warn msg ++ else ++ msg = "#{msg} Or set the environment variable BUNDLE_WARN_ON_DEPENDENCY_CONFUSION." ++ raise SecurityError, msg ++ end ++ end ++ ++ def indirect_dependency_names_in_non_global_rubygems_soruces ++ # Indirect dependency gem names ++ indirect_dep_names = [] ++ # Direct dependency gem names ++ direct_dep_names = @dependencies.map(&:name) ++ ++ sources.non_global_rubygems_sources.each do |s| ++ # If the non dependency API source is used, the `dependency_names` ++ # returns gems not only used in the `Gemfile`, but also returns ones ++ # existing in the scoped source too. This method shouldn't be used with ++ # the non dependency API sources. ++ s.specs.dependency_names.each do |dep_name| ++ # Exclude direct dependency gems. ++ next if direct_dep_names.include?(dep_name) ++ ++ s.specs.local_search(dep_name).each do |spec| ++ # Debug gems with unexpected `spec.class`. ++ Bundler.ui.debug "Found dependency gem #{dep_name} (#{spec.class}) in scoped sources." ++ # StubSpecification extending RemoteSpecification: the gems by ++ # `gem list`. Exclude the gems. ++ # EndpointSpecification: gems returned by dependency API such as ++ # geminabox ++ # RemoteSpecification: gems returned by non dependency API such as ++ # gem server. This method cannot be executed with the non ++ # dependency API sources. ++ indirect_dep_names << dep_name if spec.class == EndpointSpecification ++ end ++ end ++ end ++ ++ indirect_dep_names.sort.uniq ++ end ++ ++ # Print a warning instead of raising an error when this option is enabled. ++ # Don't use Bundler.settings to minimize the difference to backport easily ++ # and avoid additional tests. ++ def warn_on_dependnecy_confusion? ++ @warn_on_dependnecy_confusion ||= ENV["BUNDLE_WARN_ON_DEPENDENCY_CONFUSION"] ++ end ++ ++ # Disable the dependency confusion check when this option is enabled. ++ # The option can be used as a workaround if the check logic is problematic ++ # in a case such as a performance issue. ++ def disable_dependency_confusion_check? ++ @disable_dependnecy_confusion_check ||= ENV["BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK"] ++ end + end + end +diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb +index 485b388a32..48a2ab736b 100644 +--- a/lib/bundler/source/rubygems.rb ++++ b/lib/bundler/source/rubygems.rb +@@ -289,6 +289,10 @@ def dependency_names_to_double_check + names + end + ++ def dependency_api_available? ++ api_fetchers.any? ++ end ++ + protected + + def credless_remotes +diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb +index ac2adacb3d..37869878ce 100644 +--- a/lib/bundler/source_list.rb ++++ b/lib/bundler/source_list.rb +@@ -64,6 +64,10 @@ def rubygems_sources + @rubygems_sources + [default_source] + end + ++ def non_global_rubygems_sources ++ @rubygems_sources ++ end ++ + def rubygems_remotes + rubygems_sources.map(&:remotes).flatten.uniq + end +diff --git a/spec/bundler/bundler/definition_dep_confusion_spec.rb b/spec/bundler/bundler/definition_dep_confusion_spec.rb +new file mode 100644 +index 0000000000..9fee464960 +--- /dev/null ++++ b/spec/bundler/bundler/definition_dep_confusion_spec.rb +@@ -0,0 +1,257 @@ ++# frozen_string_literal: true ++ ++require "bundler/definition" ++ ++RSpec.describe Bundler::Definition do ++ before do ++ allow(Bundler::SharedHelpers).to receive(:find_gemfile) { Pathname.new("Gemfile") } ++ end ++ ++ let(:sources) { Bundler::SourceList.new } ++ subject { Bundler::Definition.new(nil, [], sources, []) } ++ ++ describe "#validate_dependency_confusion!" do ++ before do ++ subject.instance_variable_set(:@remote, remote) ++ end ++ ++ context "when it's not remote" do ++ let(:remote) { false } ++ ++ it "should neither raise an error nor warn" do ++ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion) ++ subject.send(:validate_dependency_confusion!) ++ end ++ end ++ ++ context "when it's remote" do ++ before do ++ allow(sources).to receive(:non_global_rubygems_sources).and_return(non_global_rubygems_sources) ++ end ++ ++ let(:remote) { true } ++ ++ context "when the number of non-global source is zero" do ++ let(:non_global_rubygems_sources) { [] } ++ ++ it "should neither raise an error nor warn" do ++ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion) ++ subject.send(:validate_dependency_confusion!) ++ end ++ end ++ ++ context "when there are any non dependency API non global sources" do ++ let(:non_global_rubygems_sources) do ++ [ ++ double("non-global-source-0", :dependency_api_available? => true, :to_s => "a"), ++ double("non-global-source-1", :dependency_api_available? => false, :to_s => "b"), ++ double("non-global-source-2", :dependency_api_available? => false, :to_s => "c"), ++ ] ++ end ++ ++ it "should raise an error or warn" do ++ expect(subject).to receive(:raise_error_or_warn_dependency_confusion).with(<<-M.strip) ++Your Gemfile contains scoped sources that don't implement a dependency API, namely: ++ ++ * b ++ * c ++ ++Using the above gem servers may result in installing unexpected gems. To resolve this warning, make sure you use gem servers that implement dependency APIs, such as gemstash or geminabox gem servers. ++ M ++ subject.send(:validate_dependency_confusion!) ++ end ++ end ++ ++ context "when all the non global sources implement dependency API" do ++ before do ++ allow(subject).to receive(:indirect_dependency_names_in_non_global_rubygems_soruces).and_return(indirect_dependency_names) ++ subject.instance_variable_set(:@index, index) ++ end ++ ++ let(:non_global_rubygems_sources) do ++ [ ++ double("non-global-source-0", :dependency_api_available? => true, :to_s => "a"), ++ double("non-global-source-1", :dependency_api_available? => true, :to_s => "b"), ++ ] ++ end ++ ++ let(:index) { double("index", :sources => index_sources) } ++ let(:index_sources) do ++ [ ++ double("index-source-1", :spec_names => ["a1", "a2"]), ++ double("index-source-2", :spec_names => ["a2", "b1", "b2"]), ++ double("index-source-3", :spec_names => ["b2"]) ++ ] ++ end ++ ++ context "when there is not an indirect dependency in the non global sources" do ++ let(:indirect_dependency_names) {[]} ++ ++ it "should neither raise an error nor warn" do ++ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion) ++ subject.send(:validate_dependency_confusion!) ++ end ++ end ++ ++ context "when there is an indirect dependency in the non global sources" do ++ ++ context "when the indirect dependency doesn't exist in another source" do ++ let(:indirect_dependency_names) {["a1", "b1"]} ++ ++ it "should neither raise an error nor warn" do ++ expect(subject).not_to receive(:raise_error_or_warn_dependency_confusion) ++ subject.send(:validate_dependency_confusion!) ++ end ++ end ++ ++ context "when the indirect dependency also exists in anotehr source" do ++ let(:indirect_dependency_names) {["a1", "a2", "b2"]} ++ ++ it "should raise an error or warn" do ++ expect(subject).to receive(:raise_error_or_warn_dependency_confusion).with(<<-M.strip) ++Your Gemfile contains implicit dependency gems a2, b2 on the scoped sources, namely: ++ ++ * a ++ * b ++ ++Using implicit dependency gems on the above sources may result in installing unexpected gems. To suppress this message, make sure you set the gems explicitly in the Gemfile. ++ M ++ subject.send(:validate_dependency_confusion!) ++ end ++ end ++ end ++ end ++ end ++ end ++ ++ describe "#indirect_dependency_names_in_non_global_rubygems_soruces" do ++ before do ++ subject.instance_variable_set(:@dependencies, dependencies) ++ allow(sources).to receive(:non_global_rubygems_sources).and_return(non_global_rubygems_sources) ++ end ++ ++ # Direct dependencies ++ let(:dependencies) do ++ [ ++ double("dependency-0", :name => "g0"), ++ double("dependency-1", :name => "g3") ++ ] ++ end ++ let(:non_global_rubygems_sources) do ++ [ ++ double("non-global-source-0", :specs => index_0, :to_s => "s0"), ++ double("non-global-source-1", :specs => index_1, :to_s => "s1"), ++ ] ++ end ++ let(:index_0) do ++ # All the dependencies in the source-0. ++ index = double("index-0", :dependency_names => ["g0", "g1", "g2", "g5"]) ++ allow(index).to receive(:local_search) do |query| ++ return_map = { ++ "g1" => [double("spec", :class => Bundler::StubSpecification, :to_s => "g1")], ++ "g2" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g2")], ++ "g5" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g5")] ++ } ++ return_map[query] ++ end ++ index ++ end ++ let(:index_1) do ++ # All the dependencies in the source-1. ++ index = double("index-1", :dependency_names => ["g3", "g4", "g5"]) ++ allow(index).to receive(:local_search) do |query| ++ return_map = { ++ "g4" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g4")], ++ "g5" => [double("spec", :class => Bundler::EndpointSpecification, :to_s => "g5")] ++ } ++ return_map[query] ++ end ++ index ++ end ++ ++ it "should return only indirect dependencies of endpoint specification" do ++ expect(subject.send(:indirect_dependency_names_in_non_global_rubygems_soruces)).to eq(["g2", "g4", "g5"]) ++ end ++ end ++ ++ describe "#raise_error_or_warn_dependency_confusion" do ++ before do ++ allow(subject).to receive(:warn_on_dependnecy_confusion?).and_return(warn_on_dependnecy_confusion) ++ end ++ ++ context "when #warn_on_dependnecy_confusion? returns false" do ++ let(:warn_on_dependnecy_confusion) { false } ++ ++ it "should raise an error" do ++ expect(Bundler.ui).not_to receive(:warn) ++ expect do ++ subject.send(:raise_error_or_warn_dependency_confusion, "This is a message.") ++ end.to raise_error(Bundler::SecurityError, "This is a message. " \ ++ "Or set the environment variable BUNDLE_WARN_ON_DEPENDENCY_CONFUSION.") ++ end ++ end ++ ++ context "when #warn_on_dependnecy_confusion? returns true" do ++ let(:warn_on_dependnecy_confusion) { true } ++ ++ it "should warn" do ++ expect(Bundler.ui).to receive(:warn).with(<<-W.strip) ++This is a message. ++W ++ subject.send(:raise_error_or_warn_dependency_confusion, "This is a message.") ++ end ++ end ++ end ++ ++ describe "#warn_on_dependnecy_confusion?" do ++ context "when BUNDLE_WARN_ON_DEPENDENCY_CONFUSION is set" do ++ it "should return true" do ++ with_env({"BUNDLE_WARN_ON_DEPENDENCY_CONFUSION" => "1"}) do ++ expect(subject.send(:warn_on_dependnecy_confusion?)).to be_truthy ++ end ++ end ++ end ++ ++ context "when BUNDLE_WARN_ON_DEPENDENCY_CONFUSION is not set" do ++ it "should return false" do ++ with_env({"BUNDLE_WARN_ON_DEPENDENCY_CONFUSION" => nil}) do ++ expect(subject.send(:warn_on_dependnecy_confusion?)).to be_falsy ++ end ++ end ++ end ++ end ++ ++ describe "#disable_dependency_confusion_check?" do ++ context "when BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK is set" do ++ it "should return true" do ++ with_env({"BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK" => "1"}) do ++ expect(subject.send(:disable_dependency_confusion_check?)).to be_truthy ++ end ++ end ++ end ++ ++ context "when BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK is not set" do ++ it "should return false" do ++ with_env({"BUNDLE_DISABLE_DEPENDENCY_CONFUSION_CHECK" => nil}) do ++ expect(subject.send(:disable_dependency_confusion_check?)).to be_falsy ++ end ++ end ++ end ++ end ++ ++ def with_env(env={}) ++ begin ++ tmp_env = {} ++ env.each do |key, value| ++ tmp_env[key] = ENV.delete key ++ ENV[key] = value ++ end ++ ++ yield ++ ensure ++ tmp_env.each do |key, value| ++ ENV[key] = value ++ end ++ end ++ end ++end +-- +2.31.1 + diff --git a/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch b/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch index ca5f702..794a65d 100644 --- a/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch +++ b/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch @@ -87,7 +87,7 @@ index 74cf7ae05d3..247838600bf 100644 end end -@@ -255,16 +251,13 @@ +@@ -255,16 +252,13 @@ allow(File).to receive(:directory?).with(path).and_return true allow(File).to receive(:writable?).with(path).and_return false allow(File).to receive(:directory?).with(dotbundle).and_return false diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 1995fe0..66ac882 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -3,7 +3,7 @@ %global major_version 2 %global minor_version 6 -%global teeny_version 7 +%global teeny_version 9 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -24,7 +24,7 @@ %endif -%global release 119 +%global release 120 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} # The RubyGems library has to stay out of Ruby directory tree, since the @@ -52,7 +52,7 @@ %global power_assert_version 1.1.3 %global psych_version 3.1.0 %global rake_version 12.3.3 -%global rdoc_version 6.1.2 +%global rdoc_version 6.1.2.1 %global test_unit_version 3.2.9 %global xmlrpc_version 0.3.0 @@ -73,6 +73,8 @@ %bcond_without gmp %bcond_without hostname %bcond_without systemtap +# Enable the tests requiring internet when building on local. +%bcond_with bundler_tests %if 0%{?fedora} %bcond_without hardening_test @@ -111,8 +113,8 @@ Source14: test_dependent_scls.rb Source100: load.inc %if "%{load:/dev/null}" == "" -%{?load:%{SOURCE4}} -%{?load:%{SOURCE5}} +%{load:%{SOURCE4}} +%{load:%{SOURCE5}} %else %include %{SOURCE100} %{load %{SOURCE4}} @@ -143,10 +145,9 @@ Patch6: ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch # Use miniruby to regenerate prelude.c. # https://bugs.ruby-lang.org/issues/15306 Patch7: ruby-2.2.3-Generate-preludes-using-miniruby.patch -# Workaround "an invalid stdio handle" error on PPC, due to recently introduced -# hardening features of glibc (rhbz#1361037). -# https://bugs.ruby-lang.org/issues/12666 -Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch +# Fix a fiddle import test on an optimized glibc on Power 9. +# https://bugs.ruby-lang.org/issues/12666#note-13 +Patch9: ruby-3.0.3-fiddle-1.0.8-Rely-on-hard-coded-lib-name-to-detect-glibc.patch # `gem build ../foo.gemspec` changes directory, which does not play well with # gems unpacked by setup macro. # https://github.com/rubygems/rubygems/issues/2587 @@ -165,6 +166,16 @@ Patch15: ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1651826 # https://github.com/rubygems/bundler/pull/7416 Patch16: rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch +# Update the location of bundler gemspec to fix `make test-bundler`. +# https://github.com/ruby/ruby/commit/8cca079d3be8d07c261baea72529628469938245 +Patch28: ruby-2.7.0-update-location-of-bundler-gemspec.patch +# Use ENV["BUNDLE_GEM"] instead of gem command to fix `make test-bundler`. +# https://github.com/rubygems/rubygems/commit/a30484bc3103d0f7eb048d2536436a0424c1d695 +# https://github.com/ruby/ruby/commit/68ddd4d300e9a88737c4f37af74e1a0312949b2f +Patch29: ruby-2.7.0-bundler-use-bundle-gem-instead-of-gem-command.patch +# Raise an error or print a warning in dependency confusion cases. +# https://github.com/rubygems/rubygems/pull/5029 +Patch30: ruby-bundler-raise-error-in-dependency-confusion.patch Requires: %{?scl_prefix}%{pkg_name}-libs%{?_isa} = %{version}-%{release} Requires: %{?scl_prefix}ruby(rubygems) >= %{rubygems_version} @@ -596,6 +607,7 @@ rm -rf ext/fiddle/libffi* %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch30 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -898,6 +910,13 @@ MSPECOPTS="$MSPECOPTS -P 'File.utime allows Time instances in the far future to make check TESTS="-v $DISABLE_TESTS" MSPECOPT="-fs $MSPECOPTS" +%if %{with bundler_tests} +cat "%{PATCH28}" | patch -p1 +cat "%{PATCH29}" | patch -p1 +# Only run specific tests, as there are some failures in other tests. +make test-bundler V=1 RSPECOPTS="--format d" BUNDLER_SPECS=bundler/definition_dep_confusion_spec.rb +%endif + %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig @@ -1103,7 +1122,7 @@ make check TESTS="-v $DISABLE_TESTS" MSPECOPT="-fs $MSPECOPTS" # TODO: Gemify these libraries %{gem_dir}/specifications/default/cmath-1.0.0.gemspec %{gem_dir}/specifications/default/csv-3.0.9.gemspec -%{gem_dir}/specifications/default/date-2.0.0.gemspec +%{gem_dir}/specifications/default/date-2.0.2.gemspec %{gem_dir}/specifications/default/dbm-1.0.0.gemspec %{gem_dir}/specifications/default/e2mmap-0.1.0.gemspec %{gem_dir}/specifications/default/etc-1.0.1.gemspec @@ -1243,6 +1262,15 @@ make check TESTS="-v $DISABLE_TESTS" MSPECOPT="-fs $MSPECOPTS" %{_mandir}/man5/gemfile.5* %changelog +* Tue Feb 15 2022 Jun Aruga <jaruga@redhat.com> - 2.6.9-120 +- Fix FTBFS due to an incompatible load directive. +- Upgrade to Ruby 2.6.9. + Resolves: rhbz#2056947 +- Fix the issues required to start the "make test-bundler" itself. +- Fix Bundler dependency confusion. +- Fix a fiddle import test on an optimized glibc on Power 9. + Resolves: CVE-2020-36327 + * Wed Apr 14 2021 Jarek Prokop <jprokop@redhat.com> - 2.6.7-107 - Upgrade to Ruby 2.6.7. Resolves: rhbz#1701182