From b8524a461d41af5fd694db809b25a347e9782e5b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Feb 28 2018 16:25:22 +0000 Subject: import ruby-2.0.0.648-33.el7_4 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ababb4a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ruby-2.0.0-p648.tar.bz2 diff --git a/.ruby.metadata b/.ruby.metadata new file mode 100644 index 0000000..bb08655 --- /dev/null +++ b/.ruby.metadata @@ -0,0 +1 @@ +504be2eae6cdfe93aa7ed02ec55e35043d067ad5 SOURCES/ruby-2.0.0-p648.tar.bz2 diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/abrt_prelude.rb b/SOURCES/abrt_prelude.rb new file mode 100644 index 0000000..5ffc51d --- /dev/null +++ b/SOURCES/abrt_prelude.rb @@ -0,0 +1,4 @@ +begin + require 'abrt' +rescue LoadError +end diff --git a/SOURCES/config.h b/SOURCES/config.h new file mode 100644 index 0000000..b34e398 --- /dev/null +++ b/SOURCES/config.h @@ -0,0 +1,51 @@ +/* + * This config.h is a wrapper include file for the original ruby/config.h, + * which has been renamed to ruby/config-.h. There are conflicts for the + * original ruby/config.h on multilib systems, which result from arch-specific + * configuration options. Please do not use the arch-specific file directly. + */ + +/* + * This wrapped is addpated from SDL's one: + * http://pkgs.fedoraproject.org/cgit/SDL.git/tree/SDL_config.h + */ + +#ifdef ruby_config_wrapper_h +#error "ruby_config_wrapper_h should not be defined!" +#endif +#define ruby_config_wrapper_h + +#if defined(__i386__) +#include "ruby/config-i386.h" +#elif defined(__ia64__) +#include "ruby/config-ia64.h" +#elif defined(__powerpc64__) +#include +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#include "ruby/config-ppc64.h" +#else +#include "ruby/config-ppc64le.h" +#endif +#elif defined(__powerpc__) +#include "ruby/config-ppc.h" +#elif defined(__s390x__) +#include "ruby/config-s390x.h" +#elif defined(__s390__) +#include "ruby/config-s390.h" +#elif defined(__x86_64__) +#include "ruby/config-x86_64.h" +#elif defined(__arm__) +#include "ruby/config-arm.h" +#elif defined(__alpha__) +#include "ruby/config-alpha.h" +#elif defined(__sparc__) && defined (__arch64__) +#include "ruby/config-sparc64.h" +#elif defined(__sparc__) +#include "ruby/config-sparc.h" +#elif defined(__aarch64__) +#include "ruby/config-aarch64.h" +#else +#error "The ruby-devel package is not usable with the architecture." +#endif + +#undef ruby_config_wrapper_h diff --git a/SOURCES/libruby.stp b/SOURCES/libruby.stp new file mode 100644 index 0000000..098b39d --- /dev/null +++ b/SOURCES/libruby.stp @@ -0,0 +1,303 @@ +/* SystemTap tapset to make it easier to trace Ruby 2.0 + * + * All probes provided by Ruby can be listed using following command + * (the path to the library must be adjuste appropriately): + * + * stap -L 'process("@LIBRARY_PATH@").mark("*")' + */ + +/** + * probe ruby.array.create - Allocation of new array. + * + * @size: Number of elements (an int) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.array.create = + process("@LIBRARY_PATH@").mark("array__create") +{ + size = $arg1 + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.cmethod.entry - Fired just before a method implemented in C is entered. + * + * @classname: Name of the class (string) + * @methodname: The method about bo be executed (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.cmethod.entry = + process("@LIBRARY_PATH@").mark("cmethod__entry") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.cmethod.return - Fired just after a method implemented in C has returned. + * + * @classname: Name of the class (string) + * @methodname: The executed method (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.cmethod.return = + process("@LIBRARY_PATH@").mark("cmethod__return") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.find.require.entry - Fired when require starts to search load + * path for suitable file to require. + * + * @requiredfile: The name of the file to be required (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.find.require.entry = + process("@LIBRARY_PATH@").mark("find__require__entry") +{ + requiredfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.find.require.return - Fired just after require has finished + * search of load path for suitable file to require. + * + * @requiredfile: The name of the file to be required (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.find.require.return = + process("@LIBRARY_PATH@").mark("find__require__return") +{ + requiredfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.gc.mark.begin - Fired when a GC mark phase is about to start. + * + * It takes no arguments. + */ +probe ruby.gc.mark.begin = + process("@LIBRARY_PATH@").mark("gc__mark__begin") +{ +} + +/** + * probe ruby.gc.mark.end - Fired when a GC mark phase has ended. + * + * It takes no arguments. + */ +probe ruby.gc.mark.end = + process("@LIBRARY_PATH@").mark("gc__mark__end") +{ +} + +/** + * probe ruby.gc.sweep.begin - Fired when a GC sweep phase is about to start. + * + * It takes no arguments. + */ +probe ruby.gc.sweep.begin = + process("@LIBRARY_PATH@").mark("gc__sweep__begin") +{ +} + +/** + * probe ruby.gc.sweep.end - Fired when a GC sweep phase has ended. + * + * It takes no arguments. + */ +probe ruby.gc.sweep.end = + process("@LIBRARY_PATH@").mark("gc__sweep__end") +{ +} + +/** + * probe ruby.hash.create - Allocation of new hash. + * + * @size: Number of elements (int) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.hash.create = + process("@LIBRARY_PATH@").mark("hash__create") +{ + size = $arg1 + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.load.entry - Fired when calls to "load" are made. + * + * @loadedfile: The name of the file to be loaded (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.load.entry = + process("@LIBRARY_PATH@").mark("load__entry") +{ + loadedfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.load.return - Fired just after require has finished + * search of load path for suitable file to require. + * + * @loadedfile: The name of the file that was loaded (string) + */ +probe ruby.load.return = + process("@LIBRARY_PATH@").mark("load__return") +{ + loadedfile = user_string($arg1) +} + +/** + * probe ruby.method.entry - Fired just before a method implemented in Ruby is entered. + * + * @classname: Name of the class (string) + * @methodname: The method about bo be executed (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.method.entry = + process("@LIBRARY_PATH@").mark("method__entry") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.method.return - Fired just after a method implemented in Ruby has returned. + * + * @classname: Name of the class (string) + * @methodname: The executed method (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.method.return = + process("@LIBRARY_PATH@").mark("method__return") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.object.create - Allocation of new object. + * + * @classname: Name of the class (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.object.create = + process("@LIBRARY_PATH@").mark("object__create") +{ + classname = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.parse.begin - Fired just before a Ruby source file is parsed. + * + * @parsedfile: The name of the file to be parsed (string) + * @parsedline: The line number of beginning of parsing (int) + */ +probe ruby.parse.begin = + process("@LIBRARY_PATH@").mark("parse__begin") +{ + parsedfile = user_string($arg1) + parsedline = $arg2 +} + +/** + * probe ruby.parse.end - Fired just after a Ruby source file was parsed. + * + * @parsedfile: The name of parsed the file (string) + * @parsedline: The line number of beginning of parsing (int) + */ +probe ruby.parse.end = + process("@LIBRARY_PATH@").mark("parse__end") +{ + parsedfile = user_string($arg1) + parsedline = $arg2 +} + +/** + * probe ruby.raise - Fired when an exception is raised. + * + * @classname: The class name of the raised exception (string) + * @file: The name of the file where the exception was raised (string) + * @line: The line number in the file where the exception was raised (int) + */ +probe ruby.raise = + process("@LIBRARY_PATH@").mark("raise") +{ + classname = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.require.entry - Fired on calls to rb_require_safe (when a file + * is required). + * + * @requiredfile: The name of the file to be required (string) + * @file: The file that called "require" (string) + * @line: The line number where the call to require was made(int) + */ +probe ruby.require.entry = + process("@LIBRARY_PATH@").mark("require__entry") +{ + requiredfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.require.return - Fired just after require has finished + * search of load path for suitable file to require. + * + * @requiredfile: The file that was required (string) + */ +probe ruby.require.return = + process("@LIBRARY_PATH@").mark("require__return") +{ + requiredfile = user_string($arg1) +} + +/** + * probe ruby.string.create - Allocation of new string. + * + * @size: Number of elements (an int) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.string.create = + process("@LIBRARY_PATH@").mark("string__create") +{ + size = $arg1 + file = user_string($arg2) + line = $arg3 +} diff --git a/SOURCES/macros.ruby b/SOURCES/macros.ruby new file mode 100644 index 0000000..36f4077 --- /dev/null +++ b/SOURCES/macros.ruby @@ -0,0 +1,22 @@ +%ruby_libdir %{_datadir}/%{name} +%ruby_libarchdir %{_libdir}/%{name} + +# This is the local lib/arch and should not be used for packaging. +%ruby_sitedir site_ruby +%ruby_sitelibdir %{_prefix}/local/share/%{name}/%{ruby_sitedir} +%ruby_sitearchdir %{_prefix}/local/%{_lib}/%{name}/%{ruby_sitedir} + +# This is the general location for libs/archs compatible with all +# or most of the Ruby versions available in the Fedora repositories. +%ruby_vendordir vendor_ruby +%ruby_vendorlibdir %{ruby_libdir}/%{ruby_vendordir} +%ruby_vendorarchdir %{ruby_libarchdir}/%{ruby_vendordir} + +# For ruby packages we want to filter out any provides caused by private +# libs in %%{ruby_vendorarchdir}/%%{ruby_sitearchdir}. +# +# Note that this must be invoked in the spec file, preferably as +# "%{?ruby_default_filter}", before any %description block. +%ruby_default_filter %{expand: \ +%global __provides_exclude_from %{?__provides_exclude_from:%{__provides_exclude_from}|}^(%{ruby_vendorarchdir}|%{ruby_sitearchdir})/.*\\\\.so$ \ +} diff --git a/SOURCES/macros.rubygems b/SOURCES/macros.rubygems new file mode 100644 index 0000000..ba1c0a2 --- /dev/null +++ b/SOURCES/macros.rubygems @@ -0,0 +1,131 @@ +# The RubyGems root folder. +%gem_dir %{_datadir}/gems +%gem_archdir %{_libdir}/gems + +# Common gem locations and files. +%gem_instdir %{gem_dir}/gems/%{gem_name}-%{version}%{?prerelease} +%gem_extdir_mri %{gem_archdir}/%{name}/%{gem_name}-%{version}%{?prerelease} +%gem_libdir %{gem_instdir}/lib +%gem_cache %{gem_dir}/cache/%{gem_name}-%{version}%{?prerelease}.gem +%gem_spec %{gem_dir}/specifications/%{gem_name}-%{version}%{?prerelease}.gemspec +%gem_docdir %{gem_dir}/doc/%{gem_name}-%{version}%{?prerelease} + + +# %gem_install - Install gem into appropriate directory. +# +# Usage: %gem_install [options] +# +# -n Overrides gem file name for installation. +# -d Set installation directory. +# +%gem_install(d:n:) \ +mkdir -p %{-d*}%{!?-d:.%{gem_dir}} \ +\ +CONFIGURE_ARGS="--with-cflags='%{optflags}' $CONFIGURE_ARGS" \\\ +gem install \\\ + -V \\\ + --local \\\ + --install-dir %{-d*}%{!?-d:.%{gem_dir}} \\\ + --bindir .%{_bindir} \\\ + --force \\\ + --document=ri,rdoc \\\ + %{-n*}%{!?-n:%{gem_name}-%{version}%{?prerelease}.gem} \ +%{nil} + + +# For rubygems packages we want to filter out any provides caused by private +# libs in %%{gem_archdir}. +# +# Note that this must be invoked in the spec file, preferably as +# "%{?rubygems_default_filter}", before any %description block. +%rubygems_default_filter %{expand: \ +%global __provides_exclude_from %{?__provides_exclude_from:%{__provides_exclude_from}|}^%{gem_extdir_mri}/.*\\\\.so$ \ +} + + +# The 'read' command in gemspec_add _depand gemspec_remove_dep macros is not +# essential, but it is usefull to make the sript appear in build log. + + +# %gemspec_add_dep - Add dependency into .gemspec. +# +# Usage: %gemspec_add_dep -g [options] [requirements] +# +# Add dependency named to .gemspec file. The macro adds runtime +# dependency by default. The [requirements] argument can be used to specify +# the dependency constraints more precisely. It is expected to be valid Ruby +# code. +# +# -s Overrides the default .gemspec location. +# -d Add development dependecy. +# +%gemspec_add_dep(g:s:d) \ +read -d '' gemspec_add_dep_script << 'EOR' || : \ + gemspec_file = '%{-s*}%{!?-s:./%{gem_name}.gemspec}' \ + \ + name = '%{-g*}' \ + requirements = %{*}%{!?1:nil} \ + \ + type = :%{!?-d:runtime}%{?-d:development} \ + \ + spec = Gem::Specification.load(gemspec_file) \ + abort("#{gemspec_file} is not accessible.") unless spec \ + \ + dep = spec.dependencies.detect { |d| d.type == type && d.name == name } \ + if dep \ + dep.requirement.concat requirements \ + else \ + spec.public_send "add_#{type}_dependency", name, requirements \ + end \ + File.write gemspec_file, spec.to_ruby \ +EOR\ +echo "$gemspec_add_dep_script" | ruby \ +unset -v gemspec_add_dep_script \ +%{nil} + + +# %gemspec_remove_dep - Remove dependency from .gemspec. +# +# Usage: %gemspec_remove_dep -g [options] [requirements] +# +# Remove dependency named from .gemspec file. The macro removes runtime +# dependency by default. The [requirements] argument can be used to specify +# the dependency constraints more precisely. It is expected to be valid Ruby +# code. The macro fails if these specific requirements can't be removed. +# +# -s Overrides the default .gemspec location. +# -d Remove development dependecy. +# +%gemspec_remove_dep(g:s:d) \ +read -d '' gemspec_remove_dep_script << 'EOR' || : \ + gemspec_file = '%{-s*}%{!?-s:./%{gem_name}.gemspec}' \ + \ + name = '%{-g*}' \ + requirements = %{*}%{!?1:nil} \ + \ + type = :%{!?-d:runtime}%{?-d:development} \ + \ + spec = Gem::Specification.load(gemspec_file) \ + abort("#{gemspec_file} is not accessible.") unless spec \ + \ + dep = spec.dependencies.detect { |d| d.type == type && d.name == name } \ + if dep \ + if requirements \ + requirements = Gem::Requirement.create(requirements).requirements \ + requirements.each do |r| \ + unless dep.requirement.requirements.reject! { |dependency_requirements| dependency_requirements == r } \ + abort("Requirement '#{r.first} #{r.last}' was not possible to remove for dependency '#{dep}'!") \ + end \ + end \ + spec.dependencies.delete dep if dep.requirement.requirements.empty? \ + else \ + spec.dependencies.delete dep \ + end \ + else \ + abort("Dependency '#{name}' was not found!") \ + end \ + File.write gemspec_file, spec.to_ruby \ +EOR\ +echo "$gemspec_remove_dep_script" | ruby \ +unset -v gemspec_remove_dep_script \ +%{nil} diff --git a/SOURCES/operating_system.rb b/SOURCES/operating_system.rb new file mode 100644 index 0000000..c3b19d6 --- /dev/null +++ b/SOURCES/operating_system.rb @@ -0,0 +1,85 @@ +module Gem + class << self + + ## + # Returns full path of previous but one directory of dir in path + # E.g. for '/usr/share/ruby', 'ruby', it returns '/usr' + + def previous_but_one_dir_to(path, dir) + split_path = path.split(File::SEPARATOR) + File.join(split_path.take_while { |one_dir| one_dir !~ /^#{dir}$/ }[0..-2]) + end + private :previous_but_one_dir_to + + ## + # Default gems locations allowed on FHS system (/usr, /usr/share). + # The locations are derived from directories specified during build + # configuration. + + def default_locations + @default_locations ||= { + :system => previous_but_one_dir_to(ConfigMap[:vendordir], ConfigMap[:RUBY_INSTALL_NAME]), + :local => previous_but_one_dir_to(ConfigMap[:sitedir], ConfigMap[:RUBY_INSTALL_NAME]) + } + end + + ## + # For each location provides set of directories for binaries (:bin_dir) + # platform independent (:gem_dir) and dependent (:ext_dir) files. + + def default_dirs + @libdir ||= case RUBY_PLATFORM + when 'java' + ConfigMap[:datadir] + else + ConfigMap[:libdir] + end + + @default_dirs ||= Hash[default_locations.collect do |destination, path| + [destination, { + :bin_dir => File.join(path, ConfigMap[:bindir].split(File::SEPARATOR).last), + :gem_dir => File.join(path, ConfigMap[:datadir].split(File::SEPARATOR).last, 'gems'), + :ext_dir => File.join(path, @libdir.split(File::SEPARATOR).last, 'gems') + }] + end] + end + + ## + # Remove methods we are going to override. This avoids "method redefined;" + # warnings otherwise issued by Ruby. + + remove_method :default_dir if method_defined? :default_dir + remove_method :default_path if method_defined? :default_path + remove_method :default_bindir if method_defined? :default_bindir + remove_method :default_ext_dir_for if method_defined? :default_ext_dir_for + + ## + # RubyGems default overrides. + + def default_dir + if Process.uid == 0 + Gem.default_dirs[:local][:gem_dir] + else + Gem.user_dir + end + end + + def default_path + path = default_dirs.collect {|location, paths| paths[:gem_dir]} + path.unshift Gem.user_dir if File.exist? Gem.user_home + end + + def default_bindir + if Process.uid == 0 + Gem.default_dirs[:local][:bin_dir] + else + File.join [Dir.home, 'bin'] + end + end + + def default_ext_dir_for base_dir + dirs = Gem.default_dirs.detect {|location, paths| paths[:gem_dir] == base_dir} + dirs && File.join(dirs.last[:ext_dir], RbConfig::CONFIG['RUBY_INSTALL_NAME']) + end + end +end diff --git a/SOURCES/ruby-1.9.3-always-use-i386.patch b/SOURCES/ruby-1.9.3-always-use-i386.patch new file mode 100644 index 0000000..761f8f2 --- /dev/null +++ b/SOURCES/ruby-1.9.3-always-use-i386.patch @@ -0,0 +1,25 @@ +From 796aa193a0e01f3035361f045ac66486d71f608a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Mon, 19 Nov 2012 14:37:28 +0100 +Subject: [PATCH] Always use i386. + +--- + configure.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.in b/configure.in +index 418b0cb..d26fe5b 100644 +--- a/configure.in ++++ b/configure.in +@@ -3471,6 +3471,8 @@ AC_SUBST(vendorarchdir)dnl + configure_args=$ac_configure_args + AC_SUBST(configure_args)dnl + ++target_cpu=`echo $target_cpu | sed s/i.86/i386/` ++ + if test "${universal_binary-no}" = yes ; then + arch="universal-${target_os}" + AC_CACHE_CHECK(whether __ARCHITECTURE__ is available, rb_cv_architecture_available, +-- +1.8.1 + diff --git a/SOURCES/ruby-1.9.3-custom-rubygems-location.patch b/SOURCES/ruby-1.9.3-custom-rubygems-location.patch new file mode 100644 index 0000000..7bcc443 --- /dev/null +++ b/SOURCES/ruby-1.9.3-custom-rubygems-location.patch @@ -0,0 +1,84 @@ +From b5e9dc3683cb085aa57e7b12c35a4f21b2cc1482 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 11 Nov 2011 13:14:45 +0100 +Subject: [PATCH] Allow to install RubyGems into custom location, outside of + Ruby tree. + +--- + configure.in | 8 ++++++++ + tool/rbinstall.rb | 9 +++++++++ + version.c | 4 ++++ + 3 files changed, 21 insertions(+) + +diff --git a/configure.in b/configure.in +index 1627d12..e064b2b 100644 +--- a/configure.in ++++ b/configure.in +@@ -3401,6 +3401,13 @@ AC_ARG_WITH(vendorarchdir, + [vendorarchdir=$withval], + [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby/${ruby_version}'}${multiarch-'${vendorlibdir}/${sitearch}'}]) + ++AC_ARG_WITH(rubygemsdir, ++ AS_HELP_STRING([--with-rubygemsdir=DIR], [custom rubygems directory]), ++ [rubygemsdir=$withval]) ++if test "$rubygemsdir" != ""; then ++ AC_DEFINE_UNQUOTED(RUBYGEMS_DIR,"$rubygemsdir" !!) ++fi ++ + unexpand_shvar rubylibprefix exec_prefix libdir RUBY_BASE_NAME + unexpand_shvar rubyarchprefix exec_prefix libdir arch RUBY_BASE_NAME archlibdir rubylibprefix + unexpand_shvar rubysitearchprefix exec_prefix libdir sitearch arch RUBY_BASE_NAME archlibdir sitearchlibdir rubylibprefix +@@ -3467,6 +3474,7 @@ AC_SUBST(sitearchdir)dnl + AC_SUBST(vendordir)dnl + AC_SUBST(vendorlibdir)dnl + AC_SUBST(vendorarchdir)dnl ++AC_SUBST(rubygemsdir)dnl + + configure_args=$ac_configure_args + AC_SUBST(configure_args)dnl +diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb +index 92e54c6..c72dfb6 100755 +--- a/tool/rbinstall.rb ++++ b/tool/rbinstall.rb +@@ -320,6 +320,7 @@ sitelibdir = CONFIG["sitelibdir"] + sitearchlibdir = CONFIG["sitearchdir"] + vendorlibdir = CONFIG["vendorlibdir"] + vendorarchlibdir = CONFIG["vendorarchdir"] ++rubygemsdir = CONFIG["rubygemsdir"] + mandir = CONFIG["mandir", true] + docdir = CONFIG["docdir", true] + configure_args = Shellwords.shellwords(CONFIG["configure_args"]) +@@ -507,7 +508,15 @@ end + install?(:local, :comm, :lib) do + prepare "library scripts", rubylibdir + noinst = %w[README* *.txt *.rdoc *.gemspec] ++ noinst += %w[*ubygems.rb rubygems/ datadir.rb] if rubygemsdir + install_recursive(File.join(srcdir, "lib"), rubylibdir, :no_install => noinst, :mode => $data_mode) ++ if rubygemsdir ++ noinst = %w[obsolete.rb] ++ install_recursive(File.join(srcdir, "lib", "rubygems"), File.join(rubygemsdir, "rubygems"), :mode => $data_mode) ++ install_recursive(File.join(srcdir, "lib", "rbconfig"), File.join(rubygemsdir, "rbconfig"), :no_install => noinst, :mode => $data_mode) ++ install(File.join(srcdir, "lib", "ubygems.rb"), File.join(rubygemsdir, "ubygems.rb"), :mode => $data_mode) ++ install(File.join(srcdir, "lib", "rubygems.rb"), File.join(rubygemsdir, "rubygems.rb"), :mode => $data_mode) ++ end + end + + install?(:local, :arch, :lib) do +diff --git a/version.c b/version.c +index 54c4513..d76100b 100644 +--- a/version.c ++++ b/version.c +@@ -99,6 +99,10 @@ const char ruby_initial_load_paths[] = + #endif + #endif + ++#ifdef RUBYGEMS_DIR ++ RUBYGEMS_DIR "\0" ++#endif ++ + RUBY_LIB "\0" + #ifdef RUBY_THINARCH + RUBY_ARCH_LIB_FOR(RUBY_THINARCH) "\0" +-- +1.8.1.2 + diff --git a/SOURCES/ruby-1.9.3-mkmf-verbose.patch b/SOURCES/ruby-1.9.3-mkmf-verbose.patch new file mode 100644 index 0000000..ca72051 --- /dev/null +++ b/SOURCES/ruby-1.9.3-mkmf-verbose.patch @@ -0,0 +1,25 @@ +From ec16398159a161fc77436b4855d489f193b2515b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Mon, 19 Nov 2012 15:14:51 +0100 +Subject: [PATCH] Verbose mkmf. + +--- + lib/mkmf.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/mkmf.rb b/lib/mkmf.rb +index 4b6c52e..67a15ee 100644 +--- a/lib/mkmf.rb ++++ b/lib/mkmf.rb +@@ -1784,7 +1784,7 @@ SRC + SHELL = /bin/sh + + # V=0 quiet, V=1 verbose. other values don't work. +-V = 0 ++V = 1 + Q1 = $(V:1=) + Q = $(Q1:0=@) + ECHO1 = $(V:1=@#{CONFIG['NULLCMD']}) +-- +1.8.1.2 + diff --git a/SOURCES/ruby-1.9.3.p195-fix-webrick-tests.patch b/SOURCES/ruby-1.9.3.p195-fix-webrick-tests.patch new file mode 100644 index 0000000..b340bff --- /dev/null +++ b/SOURCES/ruby-1.9.3.p195-fix-webrick-tests.patch @@ -0,0 +1,13 @@ +diff --git a/test/runner.rb b/test/runner.rb +index 49844c7..8e59a85 100644 +--- a/test/runner.rb ++++ b/test/runner.rb +@@ -2,6 +2,8 @@ require 'rbconfig' + + require 'test/unit' + ++require_relative 'ruby/envutil' ++ + src_testdir = File.dirname(File.realpath(__FILE__)) + $LOAD_PATH << src_testdir + module Gem diff --git a/SOURCES/ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch new file mode 100644 index 0000000..238a503 --- /dev/null +++ b/SOURCES/ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -0,0 +1,70 @@ +From e943a89efd63dcfb80a0ab8d9a4db37f523f508e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 8 Feb 2013 22:48:41 +0100 +Subject: [PATCH] Prevent duplicated paths when empty version string is + configured. + +--- + configure.in | 3 +++ + version.c | 10 ++++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/configure.in b/configure.in +index 5850bbf..7604bb8 100644 +--- a/configure.in ++++ b/configure.in +@@ -3419,6 +3419,9 @@ unexpand_shvar exec_prefix prefix + if test ${RUBY_LIB_VERSION_STYLE+set}; then + AC_DEFINE_UNQUOTED(RUBY_LIB_VERSION_STYLE, $RUBY_LIB_VERSION_STYLE !!) + else ++ if test "x${ruby_version}" = 'x'; then ++ AC_DEFINE(RUBY_LIB_VERSION_BLANK, 1) ++ fi + AC_DEFINE_UNQUOTED(RUBY_LIB_VERSION, [$RUBY_LIB_VERSION] !!) + fi + AC_DEFINE_UNQUOTED(RUBY_EXEC_PREFIX, ${RUBY_EXEC_PREFIX}) +diff --git a/version.c b/version.c +index 282960d..54c4513 100644 +--- a/version.c ++++ b/version.c +@@ -39,9 +39,15 @@ + #define RUBY_VENDOR_LIB RUBY_LIB_PREFIX"/vendor_ruby" + #endif + ++#ifdef RUBY_LIB_VERSION_BLANK ++#define RUBY_LIB RUBY_LIB_PREFIX ++#define RUBY_SITE_LIB2 RUBY_SITE_LIB ++#define RUBY_VENDOR_LIB2 RUBY_VENDOR_LIB ++#else + #define RUBY_LIB RUBY_LIB_PREFIX "/"RUBY_LIB_VERSION + #define RUBY_SITE_LIB2 RUBY_SITE_LIB "/"RUBY_LIB_VERSION + #define RUBY_VENDOR_LIB2 RUBY_VENDOR_LIB "/"RUBY_LIB_VERSION ++#endif + #ifndef RUBY_ARCH_LIB_FOR + #define RUBY_ARCH_LIB_FOR(arch) RUBY_LIB "/"arch + #endif +@@ -77,8 +83,10 @@ const char ruby_initial_load_paths[] = + RUBY_SITE_ARCH_LIB_FOR(RUBY_THINARCH) "\0" + #endif + RUBY_SITE_ARCH_LIB_FOR(RUBY_SITEARCH) "\0" ++#ifndef RUBY_LIB_VERSION_BLANK + RUBY_SITE_LIB "\0" + #endif ++#endif + + #ifndef NO_RUBY_VENDOR_LIB + RUBY_VENDOR_LIB2 "\0" +@@ -86,8 +94,10 @@ const char ruby_initial_load_paths[] = + RUBY_VENDOR_ARCH_LIB_FOR(RUBY_THINARCH) "\0" + #endif + RUBY_VENDOR_ARCH_LIB_FOR(RUBY_SITEARCH) "\0" ++#ifndef RUBY_LIB_VERSION_BLANK + RUBY_VENDOR_LIB "\0" + #endif ++#endif + + RUBY_LIB "\0" + #ifdef RUBY_THINARCH +-- +1.8.1.2 + diff --git a/SOURCES/ruby-2.0.0-p195-aarch64.patch b/SOURCES/ruby-2.0.0-p195-aarch64.patch new file mode 100644 index 0000000..8009d32 --- /dev/null +++ b/SOURCES/ruby-2.0.0-p195-aarch64.patch @@ -0,0 +1,360 @@ +diff -urN ruby-2.0.0-p0/tool/config.guess ruby-2.0.0-p0-aarch64/tool/config.guess +--- ruby-2.0.0-p0/tool/config.guess 2012-01-29 07:50:18.000000000 -0600 ++++ ruby-2.0.0-p0-aarch64/tool/config.guess 2013-03-08 07:15:49.233030866 -0600 +@@ -2,9 +2,9 @@ + # Attempt to guess a canonical system name. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +-# 2011 Free Software Foundation, Inc. ++# 2011, 2012 Free Software Foundation, Inc. + +-timestamp='2011-11-11' ++timestamp='2012-09-25' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +@@ -17,9 +17,7 @@ + # General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -57,8 +55,8 @@ + + Originally written by Per Bothner. + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -145,7 +143,7 @@ + case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or +- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward +@@ -202,6 +200,10 @@ + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; ++ *:Bitrig:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +@@ -304,7 +306,7 @@ + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; +- arm:riscos:*:*|arm:RISCOS:*:*) ++ arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +@@ -803,6 +805,9 @@ + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; ++ *:MINGW64*:*) ++ echo ${UNAME_MACHINE}-pc-mingw64 ++ exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; +@@ -863,6 +868,13 @@ + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +@@ -897,16 +909,16 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) +- echo cris-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) +- echo crisv32-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) +- echo frv-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) +- echo hexagon-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu +@@ -948,7 +960,7 @@ + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) +- echo or32-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu +@@ -989,7 +1001,7 @@ + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) +- echo x86_64-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +@@ -1196,6 +1208,9 @@ + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; ++ x86_64:Haiku:*:*) ++ echo x86_64-unknown-haiku ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; +@@ -1251,7 +1266,7 @@ + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; +- NSE-?:NONSTOP_KERNEL:*:*) ++ NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) +@@ -1320,11 +1335,11 @@ + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; ++ x86_64:VMkernel:*:*) ++ echo ${UNAME_MACHINE}-unknown-esx ++ exit ;; + esac + +-#echo '(No uname command or uname output not recognized.)' 1>&2 +-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 +- + eval $set_cc_for_build + cat >$dummy.c <. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -76,8 +74,8 @@ + GNU config.sub ($timestamp) + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -125,13 +123,17 @@ + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ +- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ ++ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++ os=-linux-android ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++ ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -154,7 +156,7 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -knuth | -cray | -microblaze) ++ -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; +@@ -223,6 +225,12 @@ + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -247,6 +255,7 @@ + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ +@@ -264,7 +273,7 @@ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | mcore | mep | metag \ ++ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -319,8 +328,7 @@ + c6x) + basic_machine=tic6x-unknown + ;; +- m6811 | m68hc11 | m6812 | m68hc12 | picochip) +- # Motorola 68HC11/12. ++ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; +@@ -333,7 +341,10 @@ + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; +- ++ xgate) ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; + xscaleeb) + basic_machine=armeb-unknown + ;; +@@ -356,6 +367,7 @@ + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ ++ | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ +@@ -377,7 +389,8 @@ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ ++ | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -719,7 +732,6 @@ + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +-# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 +@@ -777,9 +789,13 @@ + basic_machine=ns32k-utek + os=-sysv + ;; +- microblaze) ++ microblaze*) + basic_machine=microblaze-xilinx + ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ os=-mingw64 ++ ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 +@@ -1341,15 +1357,15 @@ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ +- | -openbsd* | -solidbsd* \ ++ | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -linux-android* \ +- | -linux-newlib* | -linux-uclibc* \ ++ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ ++ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +@@ -1532,6 +1548,9 @@ + c4x-* | tic4x-*) + os=-coff + ;; ++ hexagon-*) ++ os=-elf ++ ;; + tic54x-*) + os=-coff + ;; +@@ -1559,9 +1578,6 @@ + ;; + m68000-sun) + os=-sunos3 +- # This also exists in the configure program, but was not the +- # default. +- # os=-sunos4 + ;; + m68*-cisco) + os=-aout diff --git a/SOURCES/ruby-2.1.0-Adding-Psych.safe_load.patch b/SOURCES/ruby-2.1.0-Adding-Psych.safe_load.patch new file mode 100644 index 0000000..bbe73f1 --- /dev/null +++ b/SOURCES/ruby-2.1.0-Adding-Psych.safe_load.patch @@ -0,0 +1,904 @@ +From 7ceafcbdf5bd2155704839f97b869e689f66feeb Mon Sep 17 00:00:00 2001 +From: tenderlove +Date: Tue, 14 May 2013 17:26:41 +0000 +Subject: [PATCH] * ext/psych/lib/psych.rb: Adding Psych.safe_load for loading + a user defined, restricted subset of Ruby object types. * + ext/psych/lib/psych/class_loader.rb: A class loader for encapsulating the + logic for which objects are allowed to be deserialized. * + ext/psych/lib/psych/deprecated.rb: Changes to use the class loader * + ext/psych/lib/psych/exception.rb: ditto * ext/psych/lib/psych/json/stream.rb: + ditto * ext/psych/lib/psych/nodes/node.rb: ditto * + ext/psych/lib/psych/scalar_scanner.rb: ditto * ext/psych/lib/psych/stream.rb: + ditto * ext/psych/lib/psych/streaming.rb: ditto * + ext/psych/lib/psych/visitors/json_tree.rb: ditto * + ext/psych/lib/psych/visitors/to_ruby.rb: ditto * + ext/psych/lib/psych/visitors/yaml_tree.rb: ditto * ext/psych/psych_to_ruby.c: + ditto * test/psych/helper.rb: ditto * test/psych/test_safe_load.rb: tests for + restricted subset. * test/psych/test_scalar_scanner.rb: ditto * + test/psych/visitors/test_to_ruby.rb: ditto * + test/psych/visitors/test_yaml_tree.rb: ditto + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 24 +++++++ + ext/psych/lib/psych.rb | 57 +++++++++++++++-- + ext/psych/lib/psych/class_loader.rb | 101 ++++++++++++++++++++++++++++++ + ext/psych/lib/psych/deprecated.rb | 3 +- + ext/psych/lib/psych/exception.rb | 6 ++ + ext/psych/lib/psych/json/stream.rb | 1 + + ext/psych/lib/psych/nodes/node.rb | 4 +- + ext/psych/lib/psych/scalar_scanner.rb | 19 +++--- + ext/psych/lib/psych/stream.rb | 1 + + ext/psych/lib/psych/streaming.rb | 15 +++-- + ext/psych/lib/psych/visitors/json_tree.rb | 7 ++- + ext/psych/lib/psych/visitors/to_ruby.rb | 79 +++++++++++++---------- + ext/psych/lib/psych/visitors/yaml_tree.rb | 13 +++- + ext/psych/psych_to_ruby.c | 4 +- + test/psych/helper.rb | 2 +- + test/psych/test_safe_load.rb | 97 ++++++++++++++++++++++++++++ + test/psych/test_scalar_scanner.rb | 2 +- + test/psych/visitors/test_to_ruby.rb | 4 +- + test/psych/visitors/test_yaml_tree.rb | 4 +- + 19 files changed, 383 insertions(+), 60 deletions(-) + create mode 100644 ext/psych/lib/psych/class_loader.rb + create mode 100644 test/psych/test_safe_load.rb + +diff --git a/ChangeLog b/ChangeLog +index be56f61d3a19..e8ad02a53921 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -3137,6 +3137,30 @@ + + * include/ruby/intern.h: should include sys/time.h for struct timeval + if it exists. [ruby-list:49363] ++ ++Wed May 15 02:22:16 2013 Aaron Patterson ++ ++ * ext/psych/lib/psych.rb: Adding Psych.safe_load for loading a user ++ defined, restricted subset of Ruby object types. ++ * ext/psych/lib/psych/class_loader.rb: A class loader for ++ encapsulating the logic for which objects are allowed to be ++ deserialized. ++ * ext/psych/lib/psych/deprecated.rb: Changes to use the class loader ++ * ext/psych/lib/psych/exception.rb: ditto ++ * ext/psych/lib/psych/json/stream.rb: ditto ++ * ext/psych/lib/psych/nodes/node.rb: ditto ++ * ext/psych/lib/psych/scalar_scanner.rb: ditto ++ * ext/psych/lib/psych/stream.rb: ditto ++ * ext/psych/lib/psych/streaming.rb: ditto ++ * ext/psych/lib/psych/visitors/json_tree.rb: ditto ++ * ext/psych/lib/psych/visitors/to_ruby.rb: ditto ++ * ext/psych/lib/psych/visitors/yaml_tree.rb: ditto ++ * ext/psych/psych_to_ruby.c: ditto ++ * test/psych/helper.rb: ditto ++ * test/psych/test_safe_load.rb: tests for restricted subset. ++ * test/psych/test_scalar_scanner.rb: ditto ++ * test/psych/visitors/test_to_ruby.rb: ditto ++ * test/psych/visitors/test_yaml_tree.rb: ditto + + Tue May 14 20:21:41 2013 Eric Hodel + +diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb +index 66a0641f39d8..711b3c1377dc 100644 +--- a/ext/psych/lib/psych.rb ++++ b/ext/psych/lib/psych.rb +@@ -124,6 +124,55 @@ def self.load yaml, filename = nil + result ? result.to_ruby : result + end + ++ ### ++ # Safely load the yaml string in +yaml+. By default, only the following ++ # classes are allowed to be deserialized: ++ # ++ # * TrueClass ++ # * FalseClass ++ # * NilClass ++ # * Numeric ++ # * String ++ # * Array ++ # * Hash ++ # ++ # Recursive data structures are not allowed by default. Arbitrary classes ++ # can be allowed by adding those classes to the +whitelist+. They are ++ # additive. For example, to allow Date deserialization: ++ # ++ # Psych.safe_load(yaml, [Date]) ++ # ++ # Now the Date class can be loaded in addition to the classes listed above. ++ # ++ # Aliases can be explicitly allowed by changing the +aliases+ parameter. ++ # For example: ++ # ++ # x = [] ++ # x << x ++ # yaml = Psych.dump x ++ # Psych.safe_load yaml # => raises an exception ++ # Psych.safe_load yaml, [], [], true # => loads the aliases ++ # ++ # A Psych::DisallowedClass exception will be raised if the yaml contains a ++ # class that isn't in the whitelist. ++ # ++ # A Psych::BadAlias exception will be raised if the yaml contains aliases ++ # but the +aliases+ parameter is set to false. ++ def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil ++ result = parse(yaml, filename) ++ return unless result ++ ++ class_loader = ClassLoader::Restricted.new(whitelist_classes.map(&:to_s), ++ whitelist_symbols.map(&:to_s)) ++ scanner = ScalarScanner.new class_loader ++ if aliases ++ visitor = Visitors::ToRuby.new scanner, class_loader ++ else ++ visitor = Visitors::NoAliasRuby.new scanner, class_loader ++ end ++ visitor.accept result ++ end ++ + ### + # Parse a YAML string in +yaml+. Returns the first object of a YAML AST. + # +filename+ is used in the exception message if a Psych::SyntaxError is +@@ -234,7 +283,7 @@ def self.dump o, io = nil, options = {} + io = nil + end + +- visitor = Psych::Visitors::YAMLTree.new options ++ visitor = Psych::Visitors::YAMLTree.create options + visitor << o + visitor.tree.yaml io, options + end +@@ -246,7 +295,7 @@ def self.dump o, io = nil, options = {} + # + # Psych.dump_stream("foo\n ", {}) # => "--- ! \"foo\\n \"\n--- {}\n" + def self.dump_stream *objects +- visitor = Psych::Visitors::YAMLTree.new {} ++ visitor = Psych::Visitors::YAMLTree.create({}) + objects.each do |o| + visitor << o + end +@@ -256,7 +305,7 @@ def self.dump_stream *objects + ### + # Dump Ruby object +o+ to a JSON string. + def self.to_json o +- visitor = Psych::Visitors::JSONTree.new ++ visitor = Psych::Visitors::JSONTree.create + visitor << o + visitor.tree.yaml + end +@@ -314,7 +363,7 @@ def self.remove_type type_tag + @load_tags = {} + @dump_tags = {} + def self.add_tag tag, klass +- @load_tags[tag] = klass ++ @load_tags[tag] = klass.name + @dump_tags[klass] = tag + end + +diff --git a/ext/psych/lib/psych/class_loader.rb b/ext/psych/lib/psych/class_loader.rb +new file mode 100644 +index 000000000000..46c6b9362790 +--- /dev/null ++++ b/ext/psych/lib/psych/class_loader.rb +@@ -0,0 +1,101 @@ ++require 'psych/omap' ++require 'psych/set' ++ ++module Psych ++ class ClassLoader # :nodoc: ++ BIG_DECIMAL = 'BigDecimal' ++ COMPLEX = 'Complex' ++ DATE = 'Date' ++ DATE_TIME = 'DateTime' ++ EXCEPTION = 'Exception' ++ OBJECT = 'Object' ++ PSYCH_OMAP = 'Psych::Omap' ++ PSYCH_SET = 'Psych::Set' ++ RANGE = 'Range' ++ RATIONAL = 'Rational' ++ REGEXP = 'Regexp' ++ STRUCT = 'Struct' ++ SYMBOL = 'Symbol' ++ ++ def initialize ++ @cache = CACHE.dup ++ end ++ ++ def load klassname ++ return nil if !klassname || klassname.empty? ++ ++ find klassname ++ end ++ ++ def symbolize sym ++ symbol ++ sym.to_sym ++ end ++ ++ constants.each do |const| ++ konst = const_get const ++ define_method(const.to_s.downcase) do ++ load konst ++ end ++ end ++ ++ private ++ ++ def find klassname ++ @cache[klassname] ||= resolve(klassname) ++ end ++ ++ def resolve klassname ++ name = klassname ++ retried = false ++ ++ begin ++ path2class(name) ++ rescue ArgumentError, NameError => ex ++ unless retried ++ name = "Struct::#{name}" ++ retried = ex ++ retry ++ end ++ raise retried ++ end ++ end ++ ++ CACHE = Hash[constants.map { |const| ++ val = const_get const ++ begin ++ [val, ::Object.const_get(val)] ++ rescue ++ nil ++ end ++ }.compact] ++ ++ class Restricted < ClassLoader ++ def initialize classes, symbols ++ @classes = classes ++ @symbols = symbols ++ super() ++ end ++ ++ def symbolize sym ++ return super if @symbols.empty? ++ ++ if @symbols.include? sym ++ super ++ else ++ raise DisallowedClass, 'Symbol' ++ end ++ end ++ ++ private ++ ++ def find klassname ++ if @classes.include? klassname ++ super ++ else ++ raise DisallowedClass, klassname ++ end ++ end ++ end ++ end ++end +diff --git a/ext/psych/lib/psych/deprecated.rb b/ext/psych/lib/psych/deprecated.rb +index 1e42859b22fe..8c310b320738 100644 +--- a/ext/psych/lib/psych/deprecated.rb ++++ b/ext/psych/lib/psych/deprecated.rb +@@ -35,7 +35,8 @@ def self.detect_implicit thing + warn "#{caller[0]}: detect_implicit is deprecated" if $VERBOSE + return '' unless String === thing + return 'null' if '' == thing +- ScalarScanner.new.tokenize(thing).class.name.downcase ++ ss = ScalarScanner.new(ClassLoader.new) ++ ss.tokenize(thing).class.name.downcase + end + + def self.add_ruby_type type_tag, &block +diff --git a/ext/psych/lib/psych/exception.rb b/ext/psych/lib/psych/exception.rb +index d96c527cfba7..ce9d2caf3fb2 100644 +--- a/ext/psych/lib/psych/exception.rb ++++ b/ext/psych/lib/psych/exception.rb +@@ -4,4 +4,10 @@ class Exception < RuntimeError + + class BadAlias < Exception + end ++ ++ class DisallowedClass < Exception ++ def initialize klass_name ++ super "Tried to load unspecified class: #{klass_name}" ++ end ++ end + end +diff --git a/ext/psych/lib/psych/json/stream.rb b/ext/psych/lib/psych/json/stream.rb +index be1a0a8a8240..fe2a6e911650 100644 +--- a/ext/psych/lib/psych/json/stream.rb ++++ b/ext/psych/lib/psych/json/stream.rb +@@ -6,6 +6,7 @@ module JSON + class Stream < Psych::Visitors::JSONTree + include Psych::JSON::RubyEvents + include Psych::Streaming ++ extend Psych::Streaming::ClassMethods + + class Emitter < Psych::Stream::Emitter # :nodoc: + include Psych::JSON::YAMLEvents +diff --git a/ext/psych/lib/psych/nodes/node.rb b/ext/psych/lib/psych/nodes/node.rb +index 0cefe44e446d..83233a61fdd3 100644 +--- a/ext/psych/lib/psych/nodes/node.rb ++++ b/ext/psych/lib/psych/nodes/node.rb +@@ -1,4 +1,6 @@ + require 'stringio' ++require 'psych/class_loader' ++require 'psych/scalar_scanner' + + module Psych + module Nodes +@@ -32,7 +34,7 @@ def each &block + # + # See also Psych::Visitors::ToRuby + def to_ruby +- Visitors::ToRuby.new.accept self ++ Visitors::ToRuby.create.accept(self) + end + alias :transform :to_ruby + +diff --git a/ext/psych/lib/psych/scalar_scanner.rb b/ext/psych/lib/psych/scalar_scanner.rb +index 8aa594e3337c..5935e26b288a 100644 +--- a/ext/psych/lib/psych/scalar_scanner.rb ++++ b/ext/psych/lib/psych/scalar_scanner.rb +@@ -19,10 +19,13 @@ class ScalarScanner + |[-+]?(?:0|[1-9][0-9_]*) (?# base 10) + |[-+]?0x[0-9a-fA-F_]+ (?# base 16))$/x + ++ attr_reader :class_loader ++ + # Create a new scanner +- def initialize ++ def initialize class_loader + @string_cache = {} + @symbol_cache = {} ++ @class_loader = class_loader + end + + # Tokenize +string+ returning the ruby object +@@ -63,7 +66,7 @@ def tokenize string + when /^\d{4}-(?:1[012]|0\d|\d)-(?:[12]\d|3[01]|0\d|\d)$/ + require 'date' + begin +- Date.strptime(string, '%Y-%m-%d') ++ class_loader.date.strptime(string, '%Y-%m-%d') + rescue ArgumentError + string + end +@@ -75,9 +78,9 @@ def tokenize string + Float::NAN + when /^:./ + if string =~ /^:(["'])(.*)\1/ +- @symbol_cache[string] = $2.sub(/^:/, '').to_sym ++ @symbol_cache[string] = class_loader.symbolize($2.sub(/^:/, '')) + else +- @symbol_cache[string] = string.sub(/^:/, '').to_sym ++ @symbol_cache[string] = class_loader.symbolize(string.sub(/^:/, '')) + end + when /^[-+]?[0-9][0-9_]*(:[0-5]?[0-9])+$/ + i = 0 +@@ -117,6 +120,8 @@ def parse_int string + ### + # Parse and return a Time from +string+ + def parse_time string ++ klass = class_loader.load 'Time' ++ + date, time = *(string.split(/[ tT]/, 2)) + (yy, m, dd) = date.split('-').map { |x| x.to_i } + md = time.match(/(\d+:\d+:\d+)(?:\.(\d*))?\s*(Z|[-+]\d+(:\d\d)?)?/) +@@ -124,10 +129,10 @@ def parse_time string + (hh, mm, ss) = md[1].split(':').map { |x| x.to_i } + us = (md[2] ? Rational("0.#{md[2]}") : 0) * 1000000 + +- time = Time.utc(yy, m, dd, hh, mm, ss, us) ++ time = klass.utc(yy, m, dd, hh, mm, ss, us) + + return time if 'Z' == md[3] +- return Time.at(time.to_i, us) unless md[3] ++ return klass.at(time.to_i, us) unless md[3] + + tz = md[3].match(/^([+\-]?\d{1,2})\:?(\d{1,2})?$/)[1..-1].compact.map { |digit| Integer(digit, 10) } + offset = tz.first * 3600 +@@ -138,7 +143,7 @@ def parse_time string + offset += ((tz[1] || 0) * 60) + end + +- Time.at((time - offset).to_i, us) ++ klass.at((time - offset).to_i, us) + end + end + end +diff --git a/ext/psych/lib/psych/stream.rb b/ext/psych/lib/psych/stream.rb +index 567c1bb790f9..88c4c4cb4e18 100644 +--- a/ext/psych/lib/psych/stream.rb ++++ b/ext/psych/lib/psych/stream.rb +@@ -32,5 +32,6 @@ def streaming? + end + + include Psych::Streaming ++ extend Psych::Streaming::ClassMethods + end + end +diff --git a/ext/psych/lib/psych/streaming.rb b/ext/psych/lib/psych/streaming.rb +index c6fa109d5a61..9d94eb549f26 100644 +--- a/ext/psych/lib/psych/streaming.rb ++++ b/ext/psych/lib/psych/streaming.rb +@@ -1,10 +1,15 @@ + module Psych + module Streaming +- ### +- # Create a new streaming emitter. Emitter will print to +io+. See +- # Psych::Stream for an example. +- def initialize io +- super({}, self.class.const_get(:Emitter).new(io)) ++ module ClassMethods ++ ### ++ # Create a new streaming emitter. Emitter will print to +io+. See ++ # Psych::Stream for an example. ++ def new io ++ emitter = const_get(:Emitter).new(io) ++ class_loader = ClassLoader.new ++ ss = ScalarScanner.new class_loader ++ super(emitter, ss, {}) ++ end + end + + ### +diff --git a/ext/psych/lib/psych/visitors/json_tree.rb b/ext/psych/lib/psych/visitors/json_tree.rb +index 0350dd1faae0..0127ac8aa8c1 100644 +--- a/ext/psych/lib/psych/visitors/json_tree.rb ++++ b/ext/psych/lib/psych/visitors/json_tree.rb +@@ -5,8 +5,11 @@ module Visitors + class JSONTree < YAMLTree + include Psych::JSON::RubyEvents + +- def initialize options = {}, emitter = Psych::JSON::TreeBuilder.new +- super ++ def self.create options = {} ++ emitter = Psych::JSON::TreeBuilder.new ++ class_loader = ClassLoader.new ++ ss = ScalarScanner.new class_loader ++ new(emitter, ss, options) + end + + def accept target +diff --git a/ext/psych/lib/psych/visitors/to_ruby.rb b/ext/psych/lib/psych/visitors/to_ruby.rb +index 75c7bc0c550a..f770bb80aa3a 100644 +--- a/ext/psych/lib/psych/visitors/to_ruby.rb ++++ b/ext/psych/lib/psych/visitors/to_ruby.rb +@@ -1,4 +1,5 @@ + require 'psych/scalar_scanner' ++require 'psych/class_loader' + require 'psych/exception' + + unless defined?(Regexp::NOENCODING) +@@ -10,11 +11,20 @@ module Visitors + ### + # This class walks a YAML AST, converting each node to ruby + class ToRuby < Psych::Visitors::Visitor +- def initialize ss = ScalarScanner.new ++ def self.create ++ class_loader = ClassLoader.new ++ scanner = ScalarScanner.new class_loader ++ new(scanner, class_loader) ++ end ++ ++ attr_reader :class_loader ++ ++ def initialize ss, class_loader + super() + @st = {} + @ss = ss + @domain_types = Psych.domain_types ++ @class_loader = class_loader + end + + def accept target +@@ -33,7 +43,7 @@ def accept target + end + + def deserialize o +- if klass = Psych.load_tags[o.tag] ++ if klass = resolve_class(Psych.load_tags[o.tag]) + instance = klass.allocate + + if instance.respond_to?(:init_with) +@@ -60,19 +70,23 @@ def deserialize o + end + when '!ruby/object:BigDecimal' + require 'bigdecimal' +- BigDecimal._load o.value ++ class_loader.big_decimal._load o.value + when "!ruby/object:DateTime" ++ class_loader.date_time + require 'date' + @ss.parse_time(o.value).to_datetime + when "!ruby/object:Complex" ++ class_loader.complex + Complex(o.value) + when "!ruby/object:Rational" ++ class_loader.rational + Rational(o.value) + when "!ruby/class", "!ruby/module" + resolve_class o.value + when "tag:yaml.org,2002:float", "!float" + Float(@ss.tokenize(o.value)) + when "!ruby/regexp" ++ klass = class_loader.regexp + o.value =~ /^\/(.*)\/([mixn]*)$/ + source = $1 + options = 0 +@@ -86,15 +100,16 @@ def deserialize o + else lang = option + end + end +- Regexp.new(*[source, options, lang].compact) ++ klass.new(*[source, options, lang].compact) + when "!ruby/range" ++ klass = class_loader.range + args = o.value.split(/([.]{2,3})/, 2).map { |s| + accept Nodes::Scalar.new(s) + } + args.push(args.delete_at(1) == '...') +- Range.new(*args) ++ klass.new(*args) + when /^!ruby\/sym(bol)?:?(.*)?$/ +- o.value.to_sym ++ class_loader.symbolize o.value + else + @ss.tokenize o.value + end +@@ -106,7 +121,7 @@ def visit_Psych_Nodes_Scalar o + end + + def visit_Psych_Nodes_Sequence o +- if klass = Psych.load_tags[o.tag] ++ if klass = resolve_class(Psych.load_tags[o.tag]) + instance = klass.allocate + + if instance.respond_to?(:init_with) +@@ -138,22 +153,24 @@ def visit_Psych_Nodes_Sequence o + end + + def visit_Psych_Nodes_Mapping o +- return revive(Psych.load_tags[o.tag], o) if Psych.load_tags[o.tag] ++ if Psych.load_tags[o.tag] ++ return revive(resolve_class(Psych.load_tags[o.tag]), o) ++ end + return revive_hash({}, o) unless o.tag + + case o.tag + when /^!ruby\/struct:?(.*)?$/ +- klass = resolve_class($1) ++ klass = resolve_class($1) if $1 + + if klass + s = register(o, klass.allocate) + + members = {} +- struct_members = s.members.map { |x| x.to_sym } ++ struct_members = s.members.map { |x| class_loader.symbolize x } + o.children.each_slice(2) do |k,v| + member = accept(k) + value = accept(v) +- if struct_members.include?(member.to_sym) ++ if struct_members.include?(class_loader.symbolize(member)) + s.send("#{member}=", value) + else + members[member.to_s.sub(/^@/, '')] = value +@@ -161,22 +178,27 @@ def visit_Psych_Nodes_Mapping o + end + init_with(s, members, o) + else ++ klass = class_loader.struct + members = o.children.map { |c| accept c } + h = Hash[*members] +- Struct.new(*h.map { |k,v| k.to_sym }).new(*h.map { |k,v| v }) ++ klass.new(*h.map { |k,v| ++ class_loader.symbolize k ++ }).new(*h.map { |k,v| v }) + end + + when /^!ruby\/object:?(.*)?$/ + name = $1 || 'Object' + + if name == 'Complex' ++ class_loader.complex + h = Hash[*o.children.map { |c| accept c }] + register o, Complex(h['real'], h['image']) + elsif name == 'Rational' ++ class_loader.rational + h = Hash[*o.children.map { |c| accept c }] + register o, Rational(h['numerator'], h['denominator']) + else +- obj = revive((resolve_class(name) || Object), o) ++ obj = revive((resolve_class(name) || class_loader.object), o) + obj + end + +@@ -204,18 +226,19 @@ def visit_Psych_Nodes_Mapping o + list + + when '!ruby/range' ++ klass = class_loader.range + h = Hash[*o.children.map { |c| accept c }] +- register o, Range.new(h['begin'], h['end'], h['excl']) ++ register o, klass.new(h['begin'], h['end'], h['excl']) + + when /^!ruby\/exception:?(.*)?$/ + h = Hash[*o.children.map { |c| accept c }] + +- e = build_exception((resolve_class($1) || Exception), ++ e = build_exception((resolve_class($1) || class_loader.exception), + h.delete('message')) + init_with(e, h, o) + + when '!set', 'tag:yaml.org,2002:set' +- set = Psych::Set.new ++ set = class_loader.psych_set.new + @st[o.anchor] = set if o.anchor + o.children.each_slice(2) do |k,v| + set[accept(k)] = accept(v) +@@ -226,7 +249,7 @@ def visit_Psych_Nodes_Mapping o + revive_hash resolve_class($1).new, o + + when '!omap', 'tag:yaml.org,2002:omap' +- map = register(o, Psych::Omap.new) ++ map = register(o, class_loader.psych_omap.new) + o.children.each_slice(2) do |l,r| + map[accept(l)] = accept r + end +@@ -326,21 +349,13 @@ def init_with o, h, node + + # Convert +klassname+ to a Class + def resolve_class klassname +- return nil unless klassname and not klassname.empty? +- +- name = klassname +- retried = false +- +- begin +- path2class(name) +- rescue ArgumentError, NameError => ex +- unless retried +- name = "Struct::#{name}" +- retried = ex +- retry +- end +- raise retried +- end ++ class_loader.load klassname ++ end ++ end ++ ++ class NoAliasRuby < ToRuby ++ def visit_Psych_Nodes_Alias o ++ raise BadAlias, "Unknown alias: #{o.anchor}" + end + end + end +diff --git a/ext/psych/lib/psych/visitors/yaml_tree.rb b/ext/psych/lib/psych/visitors/yaml_tree.rb +index 96640e026719..ddd745b34a9c 100644 +--- a/ext/psych/lib/psych/visitors/yaml_tree.rb ++++ b/ext/psych/lib/psych/visitors/yaml_tree.rb +@@ -1,3 +1,7 @@ ++require 'psych/tree_builder' ++require 'psych/scalar_scanner' ++require 'psych/class_loader' ++ + module Psych + module Visitors + ### +@@ -36,7 +40,14 @@ def node_for target + alias :finished? :finished + alias :started? :started + +- def initialize options = {}, emitter = TreeBuilder.new, ss = ScalarScanner.new ++ def self.create options = {}, emitter = nil ++ emitter ||= TreeBuilder.new ++ class_loader = ClassLoader.new ++ ss = ScalarScanner.new class_loader ++ new(emitter, ss, options) ++ end ++ ++ def initialize emitter, ss, options + super() + @started = false + @finished = false +diff --git a/ext/psych/psych_to_ruby.c b/ext/psych/psych_to_ruby.c +index ed5245e12e7a..3cc87a965ec1 100644 +--- a/ext/psych/psych_to_ruby.c ++++ b/ext/psych/psych_to_ruby.c +@@ -31,11 +31,13 @@ static VALUE path2class(VALUE self, VALUE path) + void Init_psych_to_ruby(void) + { + VALUE psych = rb_define_module("Psych"); ++ VALUE class_loader = rb_define_class_under(psych, "ClassLoader", rb_cObject); ++ + VALUE visitors = rb_define_module_under(psych, "Visitors"); + VALUE visitor = rb_define_class_under(visitors, "Visitor", rb_cObject); + cPsychVisitorsToRuby = rb_define_class_under(visitors, "ToRuby", visitor); + + rb_define_private_method(cPsychVisitorsToRuby, "build_exception", build_exception, 2); +- rb_define_private_method(cPsychVisitorsToRuby, "path2class", path2class, 1); ++ rb_define_private_method(class_loader, "path2class", path2class, 1); + } + /* vim: set noet sws=4 sw=4: */ +diff --git a/test/psych/helper.rb b/test/psych/helper.rb +index 77ab0bb9d71c..f9b73cf5b588 100644 +--- a/test/psych/helper.rb ++++ b/test/psych/helper.rb +@@ -31,7 +31,7 @@ def assert_parse_only( obj, yaml ) + end + + def assert_cycle( obj ) +- v = Visitors::YAMLTree.new ++ v = Visitors::YAMLTree.create + v << obj + assert_equal(obj, Psych.load(v.tree.yaml)) + assert_equal( obj, Psych::load(Psych.dump(obj))) +diff --git a/test/psych/test_safe_load.rb b/test/psych/test_safe_load.rb +new file mode 100644 +index 000000000000..dd299c0ebf40 +--- /dev/null ++++ b/test/psych/test_safe_load.rb +@@ -0,0 +1,97 @@ ++require 'psych/helper' ++ ++module Psych ++ class TestSafeLoad < TestCase ++ class Foo; end ++ ++ [1, 2.2, {}, [], "foo"].each do |obj| ++ define_method(:"test_basic_#{obj.class}") do ++ assert_safe_cycle obj ++ end ++ end ++ ++ def test_no_recursion ++ x = [] ++ x << x ++ assert_raises(Psych::BadAlias) do ++ Psych.safe_load Psych.dump(x) ++ end ++ end ++ ++ def test_explicit_recursion ++ x = [] ++ x << x ++ assert_equal(x, Psych.safe_load(Psych.dump(x), [], [], true)) ++ end ++ ++ def test_symbol_whitelist ++ yml = Psych.dump :foo ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load yml ++ end ++ assert_equal(:foo, Psych.safe_load(yml, [Symbol], [:foo])) ++ end ++ ++ def test_symbol ++ assert_raises(Psych::DisallowedClass) do ++ assert_safe_cycle :foo ++ end ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load '--- !ruby/symbol foo', [] ++ end ++ assert_safe_cycle :foo, [Symbol] ++ assert_safe_cycle :foo, %w{ Symbol } ++ assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', [Symbol]) ++ end ++ ++ def test_foo ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load '--- !ruby/object:Foo {}', [Foo] ++ end ++ assert_raises(Psych::DisallowedClass) do ++ assert_safe_cycle Foo.new ++ end ++ assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), [Foo])) ++ end ++ ++ X = Struct.new(:x) ++ def test_struct_depends_on_sym ++ assert_safe_cycle(X.new, [X, Symbol]) ++ assert_raises(Psych::DisallowedClass) do ++ cycle X.new, [X] ++ end ++ end ++ ++ def test_anon_struct ++ assert Psych.safe_load(<<-eoyml, [Struct, Symbol]) ++--- !ruby/struct ++ foo: bar ++ eoyml ++ ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load(<<-eoyml, [Struct]) ++--- !ruby/struct ++ foo: bar ++ eoyml ++ end ++ ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load(<<-eoyml, [Symbol]) ++--- !ruby/struct ++ foo: bar ++ eoyml ++ end ++ end ++ ++ private ++ ++ def cycle object, whitelist = [] ++ Psych.safe_load(Psych.dump(object), whitelist) ++ end ++ ++ def assert_safe_cycle object, whitelist = [] ++ other = cycle object, whitelist ++ assert_equal object, other ++ end ++ end ++end +diff --git a/test/psych/test_scalar_scanner.rb b/test/psych/test_scalar_scanner.rb +index a7bf17c912b6..e8e423cb053d 100644 +--- a/test/psych/test_scalar_scanner.rb ++++ b/test/psych/test_scalar_scanner.rb +@@ -7,7 +7,7 @@ class TestScalarScanner < TestCase + + def setup + super +- @ss = Psych::ScalarScanner.new ++ @ss = Psych::ScalarScanner.new ClassLoader.new + end + + def test_scan_time +diff --git a/test/psych/visitors/test_to_ruby.rb b/test/psych/visitors/test_to_ruby.rb +index 022cc2d2d4ea..c13d980468d4 100644 +--- a/test/psych/visitors/test_to_ruby.rb ++++ b/test/psych/visitors/test_to_ruby.rb +@@ -6,7 +6,7 @@ module Visitors + class TestToRuby < TestCase + def setup + super +- @visitor = ToRuby.new ++ @visitor = ToRuby.create + end + + def test_object +@@ -88,7 +88,7 @@ def test_anon_struct + end + + def test_exception +- exc = Exception.new 'hello' ++ exc = ::Exception.new 'hello' + + mapping = Nodes::Mapping.new nil, '!ruby/exception' + mapping.children << Nodes::Scalar.new('message') +diff --git a/test/psych/visitors/test_yaml_tree.rb b/test/psych/visitors/test_yaml_tree.rb +index 496cdd05cc34..40702bce796f 100644 +--- a/test/psych/visitors/test_yaml_tree.rb ++++ b/test/psych/visitors/test_yaml_tree.rb +@@ -5,7 +5,7 @@ module Visitors + class TestYAMLTree < TestCase + def setup + super +- @v = Visitors::YAMLTree.new ++ @v = Visitors::YAMLTree.create + end + + def test_tree_can_be_called_twice +@@ -18,7 +18,7 @@ def test_tree_can_be_called_twice + def test_yaml_tree_can_take_an_emitter + io = StringIO.new + e = Psych::Emitter.new io +- v = Visitors::YAMLTree.new({}, e) ++ v = Visitors::YAMLTree.create({}, e) + v.start + v << "hello world" + v.finish diff --git a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch new file mode 100644 index 0000000..69ed4e4 --- /dev/null +++ b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch @@ -0,0 +1,43 @@ +diff --git a/Makefile.in b/Makefile.in +index a93a1e6..fb30c19 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -111,6 +111,7 @@ XRUBY_RUBYLIBDIR = @XRUBY_RUBYLIBDIR@ + XRUBY_RUBYHDRDIR = @XRUBY_RUBYHDRDIR@ + + DEFAULT_PRELUDES = $(@USE_RUBYGEMS@_GEM_PRELUDE) ++OPTIONAL_PRELUDES = @OPTIONAL_PRELUDES@ + + #### End of system configuration section. #### + +diff --git a/common.mk b/common.mk +index e5069e5..ca5e3f9 100644 +--- a/common.mk ++++ b/common.mk +@@ -107,7 +107,7 @@ ALLOBJS = $(NORMALMAINOBJ) $(MINIOBJS) $(COMMONOBJS) $(DMYEXT) + + GOLFOBJS = goruby.$(OBJEXT) golf_prelude.$(OBJEXT) + +-PRELUDE_SCRIPTS = $(srcdir)/prelude.rb $(srcdir)/enc/prelude.rb $(DEFAULT_PRELUDES) ++PRELUDE_SCRIPTS = $(srcdir)/prelude.rb $(srcdir)/enc/prelude.rb $(DEFAULT_PRELUDES) $(OPTIONAL_PRELUDES) + GEM_PRELUDE = $(srcdir)/gem_prelude.rb + YES_GEM_PRELUDE = $(GEM_PRELUDE) + NO_GEM_PRELUDE = +diff --git a/configure.in b/configure.in +index 7977aaf..1ef42cd 100644 +--- a/configure.in ++++ b/configure.in +@@ -3559,6 +3559,13 @@ AC_SUBST(rubyarchhdrdir)dnl + AC_SUBST(sitearchhdrdir)dnl + AC_SUBST(vendorarchhdrdir)dnl + ++AC_ARG_WITH(prelude, ++ AS_HELP_STRING([--with-prelude=FILE-LIST], [specify additional preludes separated by space]), ++ [prelude=$withval]) ++if test "$prelude" != ""; then ++ AC_SUBST(OPTIONAL_PRELUDES, $prelude) ++fi ++ + AC_ARG_WITH(mantype, + AS_HELP_STRING([--with-mantype=TYPE], [specify man page type; TYPE is one of man and doc]), + [ diff --git a/SOURCES/ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch b/SOURCES/ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch new file mode 100644 index 0000000..f103780 --- /dev/null +++ b/SOURCES/ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch @@ -0,0 +1,84 @@ +Index: ChangeLog +=================================================================== +--- ChangeLog (revision 46805) ++++ ChangeLog (revision 46806) +@@ -837,6 +837,11 @@ + * array.c (rb_ary_permutation): `p` is the array of size `r`, as + commented at permute0(). since `n >= r` here, buffer overflow + never happened, just reduce unnecessary allocation though. ++ ++Sun Jul 13 22:52:43 2014 Nobuyoshi Nakada ++ ++ * pack.c (encodes): fix buffer overrun by tail_lf. Thanks to ++ Mamoru Tasaka and Tomas Hoger. [ruby-core:63604] [Bug #10019] + + Mon Jul 7 13:05:04 2014 SHIBATA Hiroshi + +Index: pack.c +=================================================================== +--- pack.c (revision 46805) ++++ pack.c (revision 46806) +@@ -1088,7 +1088,8 @@ + static void + encodes(VALUE str, const char *s, long len, int type, int tail_lf) + { +- char buff[4096]; ++ enum {buff_size = 4096, encoded_unit = 4}; ++ char buff[buff_size + 1]; /* +1 for tail_lf */ + long i = 0; + const char *trans = type == 'u' ? uu_table : b64_table; + char padding; +@@ -1101,7 +1102,7 @@ + padding = '='; + } + while (len >= 3) { +- while (len >= 3 && sizeof(buff)-i >= 4) { ++ while (len >= 3 && buff_size-i >= encoded_unit) { + buff[i++] = trans[077 & (*s >> 2)]; + buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; + buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; +@@ -1109,7 +1110,7 @@ + s += 3; + len -= 3; + } +- if (sizeof(buff)-i < 4) { ++ if (buff_size-i < encoded_unit) { + rb_str_buf_cat(str, buff, i); + i = 0; + } +@@ -1129,6 +1130,7 @@ + } + if (tail_lf) buff[i++] = '\n'; + rb_str_buf_cat(str, buff, i); ++ if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun"); + } + + static const char hex_table[] = "0123456789ABCDEF"; +Index: test/ruby/test_pack.rb +=================================================================== +--- test/ruby/test_pack.rb (revision 46805) ++++ test/ruby/test_pack.rb (revision 46806) +@@ -537,6 +537,14 @@ + assert_equal(["\377"], "/w==\n".unpack("m")) + assert_equal(["\377\377"], "//8=\n".unpack("m")) + assert_equal(["\377\377\377"], "////\n".unpack("m")) ++ ++ bug10019 = '[ruby-core:63604] [Bug #10019]' ++ size = ((4096-4)/4*3+1) ++ assert_separately(%W[- #{size} #{bug10019}], <<-'end;') ++ size = ARGV.shift.to_i ++ bug = ARGV.shift ++ assert_equal(size, ["a"*size].pack("m#{size+2}").unpack("m")[0].size, bug) ++ end; + end + + def test_pack_unpack_m0 +Index: . +=================================================================== +--- . (revision 46805) ++++ . (revision 46806) + +Property changes on: . +___________________________________________________________________ +Modified: svn:mergeinfo + Merged /trunk:r46778 diff --git a/SOURCES/ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch b/SOURCES/ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch new file mode 100644 index 0000000..43a954b --- /dev/null +++ b/SOURCES/ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch @@ -0,0 +1,64 @@ +From 59ed302965c5e38526ad33b13d8361859c5e7726 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Sat, 30 Nov 2013 04:28:15 +0000 +Subject: [PATCH] siphash.c: fix missing condition + +* siphash.c (sip_hash24): fix for aligned word access little endian + platforms. [ruby-core:58658] [Bug #9172] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43928 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 5 +++++ + siphash.c | 4 ++-- + test/ruby/test_string.rb | 2 ++ + 3 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index f732f5c..1e803ff 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++Sat Nov 30 13:28:13 2013 Nobuyoshi Nakada ++ ++ * siphash.c (sip_hash24): fix for aligned word access little endian ++ platforms. [ruby-core:58658] [Bug #9172] ++ + Fri Apr 22 21:00:44 2016 Tanaka Akira + + * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow removed + +diff --git a/siphash.c b/siphash.c +index 2018ade..cd8ba62 100644 +--- a/siphash.c ++++ b/siphash.c +@@ -417,7 +417,7 @@ sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len) + SIP_2_ROUND(m, v0, v1, v2, v3); + } + } +-#elif BYTE_ORDER == BIG_ENDIAN ++#else + for (; data != end; data += sizeof(uint64_t)) { + m = U8TO64_LE(data); + SIP_2_ROUND(m, v0, v1, v2, v3); +@@ -453,7 +453,7 @@ sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len) + last.lo |= ((uint32_t *) end)[0]; + #endif + break; +-#elif BYTE_ORDER == BIG_ENDIAN ++#else + OR_BYTE(3); + #endif + case 3: +diff --git a/test/ruby/test_string.rb b/test/ruby/test_string.rb +index 2ff8458..7ce1c06 100644 +--- a/test/ruby/test_string.rb ++++ b/test/ruby/test_string.rb +@@ -895,6 +895,8 @@ class TestString < Test::Unit::TestCase + assert(S("hello").hash != S("helLO").hash) + bug4104 = '[ruby-core:33500]' + assert_not_equal(S("a").hash, S("a\0").hash, bug4104) ++ bug9172 = '[ruby-core:58658] [Bug #9172]' ++ assert_not_equal(S("sub-setter").hash, S("discover").hash, bug9172) + end + + def test_hash_random diff --git a/SOURCES/ruby-2.1.0-fix-hostname-size-limit.patch b/SOURCES/ruby-2.1.0-fix-hostname-size-limit.patch new file mode 100644 index 0000000..6a08bcf --- /dev/null +++ b/SOURCES/ruby-2.1.0-fix-hostname-size-limit.patch @@ -0,0 +1,68 @@ +From e41ee7cf3347ced6e689c198dbf3c5900009d70f Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 25 Feb 2016 10:58:02 +0000 +Subject: [PATCH] merge revision(s) 53677: [Backport #11877] + + * ext/socket/socket.c (sock_gethostname): support unlimited size + hostname. + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@53936 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 5 +++++ + ext/socket/socket.c | 26 ++++++++++++++++++++------ + version.h | 2 +- + 3 files changed, 26 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index f407b73..2216dd4 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++Thu Feb 25 19:49:31 2016 Nobuyoshi Nakada ++ ++ * ext/socket/socket.c (sock_gethostname): support unlimited size ++ hostname. ++ + Sat Feb 13 17:11:58 2016 Fabian Wiesel + + * lib/uri/generic.rb (find_proxy): exclude white-spaces and allow +diff --git a/ext/socket/socket.c b/ext/socket/socket.c +index 0592432..13006ab 100644 +--- a/ext/socket/socket.c ++++ b/ext/socket/socket.c +@@ -898,14 +898,28 @@ sock_gethostname(VALUE obj) + #ifndef HOST_NAME_MAX + # define HOST_NAME_MAX 1024 + #endif +- char buf[HOST_NAME_MAX+1]; ++ long len = HOST_NAME_MAX; ++ VALUE name; + + rb_secure(3); +- if (gethostname(buf, (int)sizeof buf - 1) < 0) +- rb_sys_fail("gethostname"); +- +- buf[sizeof buf - 1] = '\0'; +- return rb_str_new2(buf); ++ name = rb_str_new(0, len); ++ while (gethostname(RSTRING_PTR(name), len) < 0) { ++ int e = errno; ++ switch (e) { ++ case ENAMETOOLONG: ++#ifdef __linux__ ++ case EINVAL: ++ /* glibc before version 2.1 uses EINVAL instead of ENAMETOOLONG */ ++#endif ++ break; ++ default: ++ rb_syserr_fail(e, "gethostname(3)"); ++ } ++ rb_str_modify_expand(name, len); ++ len += len; ++ } ++ rb_str_resize(name, strlen(RSTRING_PTR(name))); ++ return name; + } + #else + #ifdef HAVE_UNAME diff --git a/SOURCES/ruby-2.1.0-there-should-be-only-one-exception.patch b/SOURCES/ruby-2.1.0-there-should-be-only-one-exception.patch new file mode 100644 index 0000000..e9b6995 --- /dev/null +++ b/SOURCES/ruby-2.1.0-there-should-be-only-one-exception.patch @@ -0,0 +1,93 @@ +From 476a62fbbec0c8b7dafb74827447cfb4ebd7dd06 Mon Sep 17 00:00:00 2001 +From: tenderlove +Date: Fri, 5 Apr 2013 17:55:53 +0000 +Subject: [PATCH] * ext/psych/lib/psych/exception.rb: there should be only one + exception base class. Fixes tenderlove/psych #125 * ext/psych/lib/psych.rb: + require the correct exception class * ext/psych/lib/psych/syntax_error.rb: + ditto * ext/psych/lib/psych/visitors/to_ruby.rb: ditto + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 8 ++++++++ + ext/psych/lib/psych.rb | 6 ------ + ext/psych/lib/psych/exception.rb | 7 +++++++ + ext/psych/lib/psych/syntax_error.rb | 7 +++---- + ext/psych/lib/psych/visitors/to_ruby.rb | 1 + + 5 files changed, 19 insertions(+), 10 deletions(-) + create mode 100644 ext/psych/lib/psych/exception.rb + +diff --git a/ChangeLog b/ChangeLog +index f0dba22e9c27..304ecaba2854 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -3666,6 +3666,14 @@ + * gc.c: Improve accuracy of objspace_live_num() and + allocated/freed counters. patched by tmm1(Aman Gupta). + [Bug #8092] [ruby-core:53392] ++ ++Sat Apr 6 02:54:08 2013 Aaron Patterson ++ ++ * ext/psych/lib/psych/exception.rb: there should be only one exception ++ base class. Fixes tenderlove/psych #125 ++ * ext/psych/lib/psych.rb: require the correct exception class ++ * ext/psych/lib/psych/syntax_error.rb: ditto ++ * ext/psych/lib/psych/visitors/to_ruby.rb: ditto + + Fri Apr 5 00:54:08 2013 NARUSE, Yui + +diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb +index 3ca611748473..7d7d2bfb00f4 100644 +--- a/ext/psych/lib/psych.rb ++++ b/ext/psych/lib/psych.rb +@@ -100,12 +100,6 @@ module Psych + # The version of libyaml Psych is using + LIBYAML_VERSION = Psych.libyaml_version.join '.' + +- class Exception < RuntimeError +- end +- +- class BadAlias < Exception +- end +- + ### + # Load +yaml+ in to a Ruby data structure. If multiple documents are + # provided, the object contained in the first document will be returned. +diff --git a/ext/psych/lib/psych/exception.rb b/ext/psych/lib/psych/exception.rb +new file mode 100644 +index 000000000000..d96c527cfba7 +--- /dev/null ++++ b/ext/psych/lib/psych/exception.rb +@@ -0,0 +1,7 @@ ++module Psych ++ class Exception < RuntimeError ++ end ++ ++ class BadAlias < Exception ++ end ++end +diff --git a/ext/psych/lib/psych/syntax_error.rb b/ext/psych/lib/psych/syntax_error.rb +index f972256f9e37..e200ef006067 100644 +--- a/ext/psych/lib/psych/syntax_error.rb ++++ b/ext/psych/lib/psych/syntax_error.rb +@@ -1,8 +1,7 @@ +-module Psych +- class Error < RuntimeError +- end ++require 'psych/exception' + +- class SyntaxError < Error ++module Psych ++ class SyntaxError < Psych::Exception + attr_reader :file, :line, :column, :offset, :problem, :context + + def initialize file, line, col, offset, problem, context +diff --git a/ext/psych/lib/psych/visitors/to_ruby.rb b/ext/psych/lib/psych/visitors/to_ruby.rb +index b59bc3883070..75c7bc0c550a 100644 +--- a/ext/psych/lib/psych/visitors/to_ruby.rb ++++ b/ext/psych/lib/psych/visitors/to_ruby.rb +@@ -1,4 +1,5 @@ + require 'psych/scalar_scanner' ++require 'psych/exception' + + unless defined?(Regexp::NOENCODING) + Regexp::NOENCODING = 32 diff --git a/SOURCES/ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch b/SOURCES/ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch new file mode 100644 index 0000000..c41d254 --- /dev/null +++ b/SOURCES/ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch @@ -0,0 +1,33 @@ +From 428791543be9e13af9426970f5796f3157dd30a0 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Tue, 9 Dec 2014 01:16:27 +0000 +Subject: [PATCH] thread.c: get rid of invalid ID symbol + +* eval.c (rb_frame_last_func): return the most recent frame method + name. +* thread.c (recursive_list_access): use the last method name, + instead of the current method name which can be unset in some + cases, not to use a symbol by the invalid ID. + [ruby-core:66742] [Bug #10579] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48744 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 10 ++++++++++ + eval.c | 13 +++++++++++++ + test/ruby/test_objectspace.rb | 7 +++++++ + thread.c | 5 ++++- + 4 files changed, 34 insertions(+), 1 deletion(-) + +diff --git a/thread.c b/thread.c +index 25cc214..360c6cb 100644 +--- a/thread.c ++++ b/thread.c +@@ -4671,6 +4671,8 @@ threadptr_recursive_hash_set(rb_thread_t *th, VALUE hash) + /* variables for recursive traversals */ + static ID recursive_key; + ++ID rb_frame_last_func(void); ++ + /* + * Returns the current "recursive list" used to detect recursion. + * This list is a hash table, unique for the current thread and for diff --git a/SOURCES/ruby-2.2.4-check-length-of-selected-NPN-protocol.patch b/SOURCES/ruby-2.2.4-check-length-of-selected-NPN-protocol.patch new file mode 100644 index 0000000..98463c2 --- /dev/null +++ b/SOURCES/ruby-2.2.4-check-length-of-selected-NPN-protocol.patch @@ -0,0 +1,102 @@ +From 950fd771fb8908968cce67a38fdde69ef0cd2b80 Mon Sep 17 00:00:00 2001 +From: nagachika +Date: Fri, 27 Nov 2015 21:24:30 +0000 +Subject: [PATCH] merge revision(s) 52227,52228: [Backport #11369] + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error + in ext/openssl instead of OpenSSL itself because LibreSSL + silently truncate the selected protocol name by casting the length + from int to unsigned char. [Bug #11369] + Patch by Jeremy Evans + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@52772 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 8 ++++++++ + ext/openssl/ossl_ssl.c | 43 +++++++++++++++++++++++++++++++------------ + 2 files changed, 39 insertions(+), 12 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 161a4b9..160143c 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -36,6 +36,14 @@ + + * ext/dl/handle.c (rb_dlhandle_sym): ditto + ++Sat Nov 28 06:12:32 2015 NARUSE, Yui ++ ++ * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error ++ in ext/openssl instead of OpenSSL itself because LibreSSL ++ silently truncate the selected protocol name by casting the length ++ from int to unsigned char. [Bug #11369] ++ Patch by Jeremy Evans ++ + Tue Aug 18 22:00:12 2015 SHIBATA Hiroshi + + * lib/rubygems.rb: bump version to 2.0.14.1. this version fixed +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index 75e26a4..6e777c9 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -601,29 +601,48 @@ ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, + } + + static int +-ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) ++ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen) + { +- int i = 0; +- VALUE sslctx_obj, cb, protocols, selected; +- +- sslctx_obj = (VALUE) arg; +- cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); +- protocols = rb_ary_new(); ++ VALUE selected; ++ long len; ++ unsigned char l; ++ VALUE protocols = rb_ary_new(); + + /* The format is len_1|proto_1|...|len_n|proto_n\0 */ +- while (in[i]) { +- VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); ++ while (l = *in++) { ++ VALUE protocol; ++ if (l > inlen) { ++ ossl_raise(eSSLError, "Invalid protocol name list"); ++ } ++ protocol = rb_str_new((const char *)in, l); + rb_ary_push(protocols, protocol); +- i += in[i] + 1; ++ in += l; ++ inlen -= l; + } + + selected = rb_funcall(cb, rb_intern("call"), 1, protocols); + StringValue(selected); +- *out = (unsigned char *) StringValuePtr(selected); +- *outlen = RSTRING_LENINT(selected); ++ len = RSTRING_LEN(selected); ++ if (len < 1 || len >= 256) { ++ ossl_raise(eSSLError, "Selected protocol name must have length 1..255"); ++ } ++ *out = (unsigned char *)RSTRING_PTR(selected); ++ *outlen = (unsigned char)len; + + return SSL_TLSEXT_ERR_OK; + } ++ ++static int ++ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) ++{ ++ VALUE sslctx_obj, cb; ++ ++ sslctx_obj = (VALUE) arg; ++ cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); ++ ++ return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen); ++} ++ + #endif + + /* This function may serve as the entry point to support further diff --git a/SOURCES/ruby-2.2.6-fix-parsing-protocol-list.patch b/SOURCES/ruby-2.2.6-fix-parsing-protocol-list.patch new file mode 100644 index 0000000..99f20ce --- /dev/null +++ b/SOURCES/ruby-2.2.6-fix-parsing-protocol-list.patch @@ -0,0 +1,63 @@ +From 30238f96081e47178237e58f5229850514858fd3 Mon Sep 17 00:00:00 2001 +From: usa +Date: Tue, 15 Nov 2016 06:33:36 +0000 +Subject: [PATCH] merge revision(s) 53064: [Backport #11810] + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 7 +++++++ + ext/openssl/ossl_ssl.c | 17 +++++++---------- + 2 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index cae6e73..f8f303e 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++Tue Nov 15 15:29:36 2016 NARUSE, Yui ++ ++ * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing ++ protocol list. ++ The protocol list from OpenSSL is not null-terminated. ++ patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ + Thu Feb 25 19:49:31 2016 Nobuyoshi Nakada + + * ext/socket/socket.c (sock_gethostname): support unlimited size +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index 0da1eb1..5b00cb7 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -605,19 +605,16 @@ ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *out + { + VALUE selected; + long len; +- unsigned char l; + VALUE protocols = rb_ary_new(); ++ unsigned char l; ++ const unsigned char *in_end = in + inlen; + +- /* The format is len_1|proto_1|...|len_n|proto_n\0 */ +- while (l = *in++) { +- VALUE protocol; +- if (l > inlen) { +- ossl_raise(eSSLError, "Invalid protocol name list"); +- } +- protocol = rb_str_new((const char *)in, l); +- rb_ary_push(protocols, protocol); ++ /* assume OpenSSL verifies this format */ ++ /* The format is len_1|proto_1|...|len_n|proto_n */ ++ while (in < in_end) { ++ l = *in++; ++ rb_ary_push(protocols, rb_str_new((const char *)in, l)); + in += l; +- inlen -= l; + } + + selected = rb_funcall(cb, rb_intern("call"), 1, protocols); diff --git a/SOURCES/ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch b/SOURCES/ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch new file mode 100644 index 0000000..f095685 --- /dev/null +++ b/SOURCES/ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch @@ -0,0 +1,184 @@ +From 4fdfb28e7d2e3eefc0df1e1d034fbfc932c0d2a1 Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:35:52 +0000 +Subject: [PATCH] merge revision(s) 58453,58454: [Backport #13499] + + Fix space flag when Inf/NaN and width==3 + + * sprintf.c (rb_str_format): while `"% 2f"` and `"% 4f"` result in + `" Inf"` and `" Inf"` respectively, `"% 3f"` results in + `"Inf"` (no space). + Refactor "%f" % Inf/NaN + + * sprintf.c (rb_str_format): as for non-finite float, calculate + the exact needed size with the space flag. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59901 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 12 ++++++++++ + sprintf.c | 37 +++++++++++++++----------------- + test/ruby/test_sprintf.rb | 52 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 81 insertions(+), 20 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index ef36ffbd1552..a4594f678f8c 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,18 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Thu Sep 14 20:33:52 2017 Nobuyoshi Nakada ++ ++ Fix space flag when Inf/NaN and width==3 ++ ++ * sprintf.c (rb_str_format): while "% 2f" and "% 4f" result in " Inf" ++ and " Inf" respectively, "% 3f" results in "Inf" (no space). ++ ++ Refactor "%f" % Inf/NaN ++ ++ * sprintf.c (rb_str_format): as for non-finite float, calculate the ++ exact needed size with the space flag. + + Sun Sep 10 10:10:05 2017 SHIBATA Hiroshi + +diff --git a/sprintf.c b/sprintf.c +index 70c7cceb14d6..db7499979dc3 100644 +--- a/sprintf.c ++++ b/sprintf.c +@@ -1025,6 +1025,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) + fval = RFLOAT_VALUE(rb_Float(val)); + if (isnan(fval) || isinf(fval)) { + const char *expr; ++ int elen; ++ char sign = '\0'; + + if (isnan(fval)) { + expr = "NaN"; +@@ -1033,33 +1035,28 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) + expr = "Inf"; + } + need = (int)strlen(expr); +- if ((!isnan(fval) && fval < 0.0) || (flags & FPLUS)) +- need++; ++ elen = need; ++ i = 0; ++ if (!isnan(fval) && fval < 0.0) ++ sign = '-'; ++ else if (flags & (FPLUS|FSPACE)) ++ sign = (flags & FPLUS) ? '+' : ' '; ++ if (sign) ++ ++need; + if ((flags & FWIDTH) && need < width) + need = width; + +- CHECK(need + 1); +- snprintf(&buf[blen], need + 1, "%*s", need, ""); ++ FILL(' ', need); + if (flags & FMINUS) { +- if (!isnan(fval) && fval < 0.0) +- buf[blen++] = '-'; +- else if (flags & FPLUS) +- buf[blen++] = '+'; +- else if (flags & FSPACE) +- blen++; +- memcpy(&buf[blen], expr, strlen(expr)); ++ if (sign) ++ buf[blen - need--] = sign; ++ memcpy(&buf[blen - need], expr, elen); + } + else { +- if (!isnan(fval) && fval < 0.0) +- buf[blen + need - strlen(expr) - 1] = '-'; +- else if (flags & FPLUS) +- buf[blen + need - strlen(expr) - 1] = '+'; +- else if ((flags & FSPACE) && need > width) +- blen++; +- memcpy(&buf[blen + need - strlen(expr)], expr, +- strlen(expr)); ++ if (sign) ++ buf[blen - elen - 1] = sign; ++ memcpy(&buf[blen - elen], expr, elen); + } +- blen += strlen(&buf[blen]); + break; + } + +diff --git a/test/ruby/test_sprintf.rb b/test/ruby/test_sprintf.rb +index 3fd4736a54b0..ab3037a8f267 100644 +--- a/test/ruby/test_sprintf.rb ++++ b/test/ruby/test_sprintf.rb +@@ -84,6 +84,18 @@ def test_nan + assert_equal("NaN", sprintf("%-f", nan)) + assert_equal("+NaN", sprintf("%+f", nan)) + ++ assert_equal("NaN", sprintf("%3f", nan)) ++ assert_equal("NaN", sprintf("%-3f", nan)) ++ assert_equal("+NaN", sprintf("%+3f", nan)) ++ ++ assert_equal(" NaN", sprintf("% 3f", nan)) ++ assert_equal(" NaN", sprintf("%- 3f", nan)) ++ assert_equal("+NaN", sprintf("%+ 3f", nan)) ++ ++ assert_equal(" NaN", sprintf("% 03f", nan)) ++ assert_equal(" NaN", sprintf("%- 03f", nan)) ++ assert_equal("+NaN", sprintf("%+ 03f", nan)) ++ + assert_equal(" NaN", sprintf("%8f", nan)) + assert_equal("NaN ", sprintf("%-8f", nan)) + assert_equal(" +NaN", sprintf("%+8f", nan)) +@@ -107,6 +119,26 @@ def test_inf + assert_equal("Inf", sprintf("%-f", inf)) + assert_equal("+Inf", sprintf("%+f", inf)) + ++ assert_equal(" Inf", sprintf("% f", inf)) ++ assert_equal(" Inf", sprintf("%- f", inf)) ++ assert_equal("+Inf", sprintf("%+ f", inf)) ++ ++ assert_equal(" Inf", sprintf("% 0f", inf)) ++ assert_equal(" Inf", sprintf("%- 0f", inf)) ++ assert_equal("+Inf", sprintf("%+ 0f", inf)) ++ ++ assert_equal("Inf", sprintf("%3f", inf)) ++ assert_equal("Inf", sprintf("%-3f", inf)) ++ assert_equal("+Inf", sprintf("%+3f", inf)) ++ ++ assert_equal(" Inf", sprintf("% 3f", inf)) ++ assert_equal(" Inf", sprintf("%- 3f", inf)) ++ assert_equal("+Inf", sprintf("%+ 3f", inf)) ++ ++ assert_equal(" Inf", sprintf("% 03f", inf)) ++ assert_equal(" Inf", sprintf("%- 03f", inf)) ++ assert_equal("+Inf", sprintf("%+ 03f", inf)) ++ + assert_equal(" Inf", sprintf("%8f", inf)) + assert_equal("Inf ", sprintf("%-8f", inf)) + assert_equal(" +Inf", sprintf("%+8f", inf)) +@@ -127,6 +159,26 @@ def test_inf + assert_equal("-Inf", sprintf("%-f", -inf)) + assert_equal("-Inf", sprintf("%+f", -inf)) + ++ assert_equal("-Inf", sprintf("% f", -inf)) ++ assert_equal("-Inf", sprintf("%- f", -inf)) ++ assert_equal("-Inf", sprintf("%+ f", -inf)) ++ ++ assert_equal("-Inf", sprintf("% 0f", -inf)) ++ assert_equal("-Inf", sprintf("%- 0f", -inf)) ++ assert_equal("-Inf", sprintf("%+ 0f", -inf)) ++ ++ assert_equal("-Inf", sprintf("%4f", -inf)) ++ assert_equal("-Inf", sprintf("%-4f", -inf)) ++ assert_equal("-Inf", sprintf("%+4f", -inf)) ++ ++ assert_equal("-Inf", sprintf("% 4f", -inf)) ++ assert_equal("-Inf", sprintf("%- 4f", -inf)) ++ assert_equal("-Inf", sprintf("%+ 4f", -inf)) ++ ++ assert_equal("-Inf", sprintf("% 04f", -inf)) ++ assert_equal("-Inf", sprintf("%- 04f", -inf)) ++ assert_equal("-Inf", sprintf("%+ 04f", -inf)) ++ + assert_equal(" -Inf", sprintf("%8f", -inf)) + assert_equal("-Inf ", sprintf("%-8f", -inf)) + assert_equal(" -Inf", sprintf("%+8f", -inf)) diff --git a/SOURCES/ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch b/SOURCES/ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch new file mode 100644 index 0000000..564c538 --- /dev/null +++ b/SOURCES/ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch @@ -0,0 +1,97 @@ +From d629ce0baa47ce800a26b451215dbeb20b3fb05c Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:44:37 +0000 +Subject: [PATCH] * ext/json: bump to version 1.8.1.1. [Backport #13853] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59904 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 4 ++++ + ext/json/generator/generator.c | 12 ++++++------ + ext/json/generator/generator.h | 1 - + 3 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 6288f67500fd..65f2d6bc08ac 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,10 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Thu Sep 14 20:44:26 2017 SHIBATA Hiroshi ++ ++ * ext/json: bump to version 1.8.1.1. [Backport #13853] + + Thu Sep 14 20:36:54 2017 Yusuke Endoh + +diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c +index f56ac09cd286..ae0e73fcbce3 100644 +--- a/ext/json/generator/generator.c ++++ b/ext/json/generator/generator.c +@@ -290,7 +290,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { + char *result; + if (len <= 0) return NULL; + result = ALLOC_N(char, len); +- memccpy(result, ptr, 0, len); ++ memcpy(result, ptr, len); + return result; + } + +@@ -1025,7 +1025,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) + } + } else { + if (state->indent) ruby_xfree(state->indent); +- state->indent = strdup(RSTRING_PTR(indent)); ++ state->indent = fstrndup(RSTRING_PTR(indent), len); + state->indent_len = len; + } + return Qnil; +@@ -1063,7 +1063,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) + } + } else { + if (state->space) ruby_xfree(state->space); +- state->space = strdup(RSTRING_PTR(space)); ++ state->space = fstrndup(RSTRING_PTR(space), len); + state->space_len = len; + } + return Qnil; +@@ -1099,7 +1099,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) + } + } else { + if (state->space_before) ruby_xfree(state->space_before); +- state->space_before = strdup(RSTRING_PTR(space_before)); ++ state->space_before = fstrndup(RSTRING_PTR(space_before), len); + state->space_before_len = len; + } + return Qnil; +@@ -1136,7 +1136,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) + } + } else { + if (state->object_nl) ruby_xfree(state->object_nl); +- state->object_nl = strdup(RSTRING_PTR(object_nl)); ++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); + state->object_nl_len = len; + } + return Qnil; +@@ -1171,7 +1171,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) + } + } else { + if (state->array_nl) ruby_xfree(state->array_nl); +- state->array_nl = strdup(RSTRING_PTR(array_nl)); ++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); + state->array_nl_len = len; + } + return Qnil; +diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h +index ddd1aa8a309b..395d71e9d34d 100644 +--- a/ext/json/generator/generator.h ++++ b/ext/json/generator/generator.h +@@ -1,7 +1,6 @@ + #ifndef _GENERATOR_H_ + #define _GENERATOR_H_ + +-#include + #include + #include + diff --git a/SOURCES/ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch b/SOURCES/ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch new file mode 100644 index 0000000..bb29b28 --- /dev/null +++ b/SOURCES/ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch @@ -0,0 +1,118 @@ +From 5450329ad1778d72f117b68e5edb97ae1bf4d438 Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:41:59 +0000 +Subject: [PATCH] asn1: fix out-of-bounds read in decoding constructed objects + +* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of + out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the + correct available length to ossl_asn1_decode() when decoding the + inner components of a constructed object. This can cause + out-of-bounds read if a crafted input given. + +Reference: https://hackerone.com/reports/170316 +https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 13 +++++++++++++ + ext/openssl/ossl_asn1.c | 13 ++++++------- + test/openssl/test_asn1.rb | 23 +++++++++++++++++++++++ + 3 files changed, 42 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 7561c35eb705..6288f67500fd 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -17,6 +17,19 @@ + Thu Sep 14 20:44:26 2017 SHIBATA Hiroshi + + * ext/json: bump to version 1.8.1.1. [Backport #13853] ++ ++Thu Sep 14 20:39:39 2017 Kazuki Yamaguchi ++ ++ asn1: fix out-of-bounds read in decoding constructed objects ++ ++ * OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of ++ out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the ++ correct available length to ossl_asn1_decode() when decoding the ++ inner components of a constructed object. This can cause ++ out-of-bounds read if a crafted input given. ++ ++ Reference: https://hackerone.com/reports/170316 ++ https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b + + Thu Sep 14 20:36:54 2017 Yusuke Endoh + +diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c +index 6d564a312f35..719063c551e5 100644 +--- a/ext/openssl/ossl_asn1.c ++++ b/ext/openssl/ossl_asn1.c +@@ -871,19 +871,18 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length, + { + VALUE value, asn1data, ary; + int infinite; +- long off = *offset; ++ long available_len, off = *offset; + + infinite = (j == 0x21); + ary = rb_ary_new(); + +- while (length > 0 || infinite) { ++ available_len = infinite ? max_len : length; ++ while (available_len > 0) { + long inner_read = 0; +- value = ossl_asn1_decode0(pp, max_len, &off, depth + 1, yield, &inner_read); ++ value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read); + *num_read += inner_read; +- max_len -= inner_read; ++ available_len -= inner_read; + rb_ary_push(ary, value); +- if (length > 0) +- length -= inner_read; + + if (infinite && + NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC && +@@ -974,7 +973,7 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth, + if(j & V_ASN1_CONSTRUCTED) { + *pp += hlen; + off += hlen; +- asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read); ++ asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read); + inner_read += hlen; + } + else { +diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb +index 9fb5a551c66d..a6d7c2c14e00 100644 +--- a/test/openssl/test_asn1.rb ++++ b/test/openssl/test_asn1.rb +@@ -595,6 +595,29 @@ def test_recursive_octet_string_parse + assert_equal(false, asn1.value[3].infinite_length) + end + ++ def test_decode_constructed_overread ++ test = %w{ 31 06 31 02 30 02 05 00 } ++ # ^ <- invalid ++ raw = [test.join].pack("H*") ++ ret = [] ++ assert_raise(OpenSSL::ASN1::ASN1Error) { ++ OpenSSL::ASN1.traverse(raw) { |x| ret << x } ++ } ++ assert_equal 2, ret.size ++ assert_equal 17, ret[0][6] ++ assert_equal 17, ret[1][6] ++ ++ test = %w{ 31 80 30 03 00 00 } ++ # ^ <- invalid ++ raw = [test.join].pack("H*") ++ ret = [] ++ assert_raise(OpenSSL::ASN1::ASN1Error) { ++ OpenSSL::ASN1.traverse(raw) { |x| ret << x } ++ } ++ assert_equal 1, ret.size ++ assert_equal 17, ret[0][6] ++ end ++ + private + + def assert_universal(tag, asn1) diff --git a/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch b/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch new file mode 100644 index 0000000..86eb6ce --- /dev/null +++ b/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch @@ -0,0 +1,393 @@ +From 97c6e3934c68e90592f6913f68861d0dbc49c6a4 Mon Sep 17 00:00:00 2001 +From: usa +Date: Sun, 10 Sep 2017 01:10:24 +0000 +Subject: [PATCH] * lib/rubygems: fix several vulnerabilities in RubyGems; bump + to version 2.4.5.3. [Backport #13842] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 4 + + lib/rubygems/commands/query_command.rb | 5 - + lib/rubygems/installer.rb | 7 ++ + lib/rubygems/remote_fetcher.rb | 2 +- + lib/rubygems/specification.rb | 12 ++- + lib/rubygems/text.rb | 15 ++++ + test/rubygems/test_gem_commands_query_command.rb | 80 +++++++++++++++++++++++ + test/rubygems/test_gem_installer.rb | 32 +++++++++ + test/rubygems/test_gem_remote_fetcher.rb | 15 ++++ + test/rubygems/test_gem_specification.rb | 32 ++++++++- + test/rubygems/test_gem_text.rb | 11 +++ + 11 files changed, 208 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 08bc53d050..ef36ffbd15 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,10 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Sun Sep 10 10:10:05 2017 SHIBATA Hiroshi ++ ++ * lib/rubygems: fix several vulnerabilities in RubyGems [Backport #13842] + + Thu Feb 25 19:49:31 2016 Nobuyoshi Nakada + +diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb +index 432250e033..44364cfab2 100644 +--- a/lib/rubygems/commands/query_command.rb ++++ b/lib/rubygems/commands/query_command.rb +@@ -193,7 +193,7 @@ def output_versions output, versions + end + end + +- output << make_entry(matching_tuples, platforms) ++ output << clean_text(make_entry(matching_tuples, platforms)) + end + end + +@@ -311,7 +311,8 @@ def spec_platforms entry, platforms + end + + def spec_summary entry, spec +- entry << "\n\n" << format_text(spec.summary, 68, 4) ++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") ++ entry << "\n\n" << format_text(summary, 68, 4) + end + + end +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 10fc1a34a5..a27569fe2e 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -596,6 +596,11 @@ def verify_gem_home(unpack = false) # :nodoc: + unpack or File.writable?(gem_home) + end + ++ def verify_spec_name ++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN ++ raise Gem::InstallError, "#{spec} has an invalid name" ++ end ++ + ## + # Return the text for an application file. + +@@ -767,6 +772,8 @@ def pre_install_checks + + ensure_loadable_spec + ++ verify_spec_name ++ + Gem.ensure_gem_subdirectories gem_home + + return true if @force +diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb +index b1f6dd17fc..2b9d61c0a1 100644 +--- a/lib/rubygems/remote_fetcher.rb ++++ b/lib/rubygems/remote_fetcher.rb +@@ -105,7 +105,7 @@ def api_endpoint(uri) + else + target = res.target.to_s.strip + +- if /\.#{Regexp.quote(host)}\z/ =~ target ++ if URI("http://" + target).host.end_with?(".#{host}") + return URI.parse "#{uri.scheme}://#{target}#{uri.path}" + end + +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index ab1cd92270..faca837128 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -107,6 +107,8 @@ class Gem::Specification < Gem::BasicSpecification + today = Time.now.utc + TODAY = Time.utc(today.year, today.month, today.day) + ++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: ++ + # :startdoc: + + ## +@@ -2377,9 +2379,15 @@ def validate packaging = true + end + end + +- unless String === name then ++ if !name.is_a?(String) then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: \"#{name.inspect}\" must be a string" ++ elsif name !~ /[a-zA-Z]/ then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} must include at least one letter" ++ elsif name !~ VALID_NAME_PATTERN then + raise Gem::InvalidSpecificationException, +- "invalid value for attribute name: \"#{name.inspect}\"" ++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" + end + + if require_paths.empty? then +diff --git a/lib/rubygems/text.rb b/lib/rubygems/text.rb +index 5c9287ad2e..86a722ffc0 100644 +--- a/lib/rubygems/text.rb ++++ b/lib/rubygems/text.rb +@@ -5,13 +5,26 @@ + + module Gem::Text + ++ ## ++ # Remove any non-printable characters and make the text suitable for ++ # printing. ++ def clean_text(text) ++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) ++ end ++ ++ def truncate_text(text, description, max_length = 100_000) ++ raise ArgumentError, "max_length must be positive" unless max_length > 0 ++ return text if text.size <= max_length ++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] ++ end ++ + ## + # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ + # characters + + def format_text(text, wrap, indent=0) + result = [] +- work = text.dup ++ work = clean_text(text) + + while work.length > wrap do + if work =~ /^(.{0,#{wrap}})[ \n]/ then +diff --git a/test/rubygems/test_gem_commands_query_command.rb b/test/rubygems/test_gem_commands_query_command.rb +index 43fa82571d..ccd2621874 100644 +--- a/test/rubygems/test_gem_commands_query_command.rb ++++ b/test/rubygems/test_gem_commands_query_command.rb +@@ -127,6 +127,86 @@ def test_execute_details + This is a lot of text. This is a lot of text. This is a lot of text. + This is a lot of text. + ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_cleans_text ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 4 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ This is a lot of text. This is a lot of text. This is a lot of text. ++ This is a lot of text. ++ ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_truncates_summary ++ spec_fetcher do |fetcher| ++ fetcher.spec 'a', 2 do |s| ++ s.summary = 'This is a lot of text. ' * 10_000 ++ s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ s.homepage = "http://a.example.com/\x03" ++ end ++ ++ fetcher.legacy_platform ++ end ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ Truncating the summary for a-2 to 100,000 characters: ++#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te ++ + pl (1) + Platform: i386-linux + Author: A User +diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb +index 6f8012feb8..0a439cdf3d 100644 +--- a/test/rubygems/test_gem_installer.rb ++++ b/test/rubygems/test_gem_installer.rb +@@ -1190,6 +1190,38 @@ def test_pre_install_checks_wrong_rubygems_version + end + end + ++ def test_pre_install_checks_malicious_name ++ spec = Gem::Specification.new do |s| ++ s.platform = Gem::Platform::RUBY ++ s.name = '../malicious' ++ s.version = '1' ++ s.author = 'A User' ++ s.email = 'example@example.com' ++ s.homepage = 'http://example.com' ++ s.summary = "this is a summary" ++ s.description = "This is a test description" ++ end ++ ++ Gem::Specification.reset ++ ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate; end ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal '# has an invalid name', e.message ++ end ++ end ++ + def test_shebang + util_make_exec @spec, "#!/usr/bin/ruby" + +diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb +index 63dd8feb38..ca4627810b 100644 +--- a/test/rubygems/test_gem_remote_fetcher.rb ++++ b/test/rubygems/test_gem_remote_fetcher.rb +@@ -191,6 +191,21 @@ def test_api_endpoint + dns.verify + end + ++ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path ++ uri = URI.parse "http://example.com/foo" ++ target = MiniTest::Mock.new ++ target.expect :target, "evil.com/a.example.com" ++ ++ dns = MiniTest::Mock.new ++ dns.expect :getresource, target, [String, Object] ++ ++ fetch = Gem::RemoteFetcher.new nil, dns ++ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) ++ ++ target.verify ++ dns.verify ++ end ++ + def test_api_endpoint_ignores_trans_domain_values + uri = URI.parse "http://gems.example.com/foo" + target = MiniTest::Mock.new +diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb +index 3cadc55d5d..4f7076a03a 100644 +--- a/test/rubygems/test_gem_specification.rb ++++ b/test/rubygems/test_gem_specification.rb +@@ -1598,7 +1598,37 @@ def test_validate_name + @a1.validate + end + +- assert_equal 'invalid value for attribute name: ":json"', e.message ++ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message ++ ++ @a1.name = [] ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message ++ ++ @a1.name = "" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message ++ ++ @a1.name = "12345" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message ++ ++ @a1.name = "../malicious" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message ++ ++ @a1.name = "\ba\t" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message + end + + def test_validate_non_nil +diff --git a/test/rubygems/test_gem_text.rb b/test/rubygems/test_gem_text.rb +index e5cfc41e61..9b270b481b 100644 +--- a/test/rubygems/test_gem_text.rb ++++ b/test/rubygems/test_gem_text.rb +@@ -35,6 +35,10 @@ def test_format_text_trailing # for two spaces after . + assert_equal expected, format_text(text, 78) + end + ++ def test_format_removes_nonprintable_characters ++ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) ++ end ++ + def test_levenshtein_distance_add + assert_equal 2, levenshtein_distance("zentest", "zntst") + assert_equal 2, levenshtein_distance("zntst", "zentest") +@@ -55,4 +59,11 @@ def test_levenshtein_distance_replace + assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") + assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") + end ++ ++ def test_truncate_text ++ assert_equal "abc", truncate_text("abc", "desc") ++ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) ++ s = "ab" * 500_001 ++ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) ++ end + end +-- +2.15.1 + diff --git a/SOURCES/ruby-2.2.8-sanitize-any-type-of-logs.patch b/SOURCES/ruby-2.2.8-sanitize-any-type-of-logs.patch new file mode 100644 index 0000000..bcaa558 --- /dev/null +++ b/SOURCES/ruby-2.2.8-sanitize-any-type-of-logs.patch @@ -0,0 +1,164 @@ +From 8a81d04d2588d9c7a898473b431a0dabcab39fbd Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:37:47 +0000 +Subject: [PATCH] merge revision(s) 59897: + + lib/webrick/log.rb: sanitize any type of logs + + It had failed to sanitize some type of exception messages. Reported and + patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363 + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 7 +++++++ + lib/webrick/httpstatus.rb | 4 ---- + lib/webrick/log.rb | 4 ++-- + test/webrick/test_httpauth.rb | 36 ++++++++++++++++++++++++++++++++++++ + 4 files changed, 45 insertions(+), 6 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index a4594f678f8c..7561c35eb705 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,13 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Thu Sep 14 20:36:54 2017 Yusuke Endoh ++ ++ lib/webrick/log.rb: sanitize any type of logs ++ ++ It had failed to sanitize some type of exception messages. Reported and ++ patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363 + + Thu Sep 14 20:33:52 2017 Nobuyoshi Nakada + +diff --git a/lib/webrick/httpstatus.rb b/lib/webrick/httpstatus.rb +index 7ffda64cf0f9..5dc136f88f70 100644 +--- a/lib/webrick/httpstatus.rb ++++ b/lib/webrick/httpstatus.rb +@@ -20,10 +20,6 @@ module HTTPStatus + ## + # Root of the HTTP status class hierarchy + class Status < StandardError +- def initialize(*args) # :nodoc: +- args[0] = AccessLog.escape(args[0]) unless args.empty? +- super(*args) +- end + class << self + attr_reader :code, :reason_phrase # :nodoc: + end +diff --git a/lib/webrick/log.rb b/lib/webrick/log.rb +index 41cde4a74084..4f069ac0c549 100644 +--- a/lib/webrick/log.rb ++++ b/lib/webrick/log.rb +@@ -117,10 +117,10 @@ def debug?; @level >= DEBUG; end + # * Otherwise it will return +arg+.inspect. + def format(arg) + if arg.is_a?(Exception) +- "#{arg.class}: #{arg.message}\n\t" << ++ "#{arg.class}: #{AccessLog.escape(arg.message)}\n\t" << + arg.backtrace.join("\n\t") << "\n" + elsif arg.respond_to?(:to_str) +- arg.to_str ++ AccessLog.escape(arg.to_str) + else + arg.inspect + end +diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb +index 27c37f36770b..0aebb7a231c7 100644 +--- a/test/webrick/test_httpauth.rb ++++ b/test/webrick/test_httpauth.rb +@@ -79,6 +79,43 @@ def test_basic_auth3 + WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + } + tmpfile.close(true) ++ end ++ ++ def test_bad_username_with_control_characters ++ log_tester = lambda {|log, access_log| ++ assert_equal(2, log.length) ++ assert_match(/ERROR Basic WEBrick's realm: foo\\ebar: the user is not allowed./, log[0]) ++ assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, log[1]) ++ } ++ TestWEBrick.start_httpserver_with_log({}, log_tester) {|server, addr, port, log| ++ realm = "WEBrick's realm" ++ path = "/basic_auth" ++ ++ Tempfile.open("test_webrick_auth") {|tmpfile| ++ tmpfile.close ++ tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) ++ tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") ++ tmp_pass.set_passwd(realm, "foo", "supersecretpassword") ++ tmp_pass.flush ++ ++ htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) ++ users = [] ++ htpasswd.each{|user, pass| users << user } ++ server.mount_proc(path){|req, res| ++ auth = WEBrick::HTTPAuth::BasicAuth.new( ++ :Realm => realm, :UserDB => htpasswd, ++ :Logger => server.logger ++ ) ++ auth.authenticate(req, res) ++ res.body = "hoge" ++ } ++ http = Net::HTTP.new(addr, port) ++ g = Net::HTTP::Get.new(path) ++ g.basic_auth("foo\ebar", "passwd") ++ http.request(g){|res| assert_not_equal("hoge", res.body, log.call) } ++ File.unlink tmpfile.path rescue nil ++ } ++ } + end + + DIGESTRES_ = / +diff --git a/test/webrick/utils.rb b/test/webrick/utils.rb +index e1c2344fb1aa..0e94ad34da71 100644 +--- a/test/webrick/utils.rb ++++ b/test/webrick/utils.rb +@@ -54,4 +54,43 @@ + def start_httpproxy(config={}, &block) + start_server(WEBrick::HTTPProxyServer, config, &block) + end ++ ++ DefaultLogTester = lambda {|log, access_log| assert_equal([], log) } ++ ++ def start_server_with_log(klass, config={}, log_tester=DefaultLogTester, &block) ++ log_ary = [] ++ access_log_ary = [] ++ log = proc { "webrick log start:\n" + (log_ary+access_log_ary).join.gsub(/^/, " ").chomp + "\nwebrick log end" } ++ server = klass.new({ ++ :BindAddress => "127.0.0.1", :Port => 0, ++ :ServerType => Thread, ++ :Logger => WEBrick::Log.new(log_ary, WEBrick::BasicLog::WARN), ++ :AccessLog => [[access_log_ary, ""]] ++ }.update(config)) ++ server_thread = server.start ++ server_thread2 = Thread.new { ++ server_thread.join ++ if log_tester ++ log_tester.call(log_ary, access_log_ary) ++ end ++ } ++ addr = server.listeners[0].addr ++ client_thread = Thread.new { ++ begin ++ block.yield([server, addr[3], addr[1], log]) ++ ensure ++ server.shutdown ++ end ++ } ++ client_thread.join ++ server_thread2.join ++ end ++ ++ def start_httpserver_with_log(config={}, log_tester=DefaultLogTester, &block) ++ start_server_with_log(WEBrick::HTTPServer, config, log_tester, &block) ++ end ++ ++ def start_httpproxy_with_log(config={}, log_tester=DefaultLogTester, &block) ++ start_server_with_log(WEBrick::HTTPProxyServer, config, log_tester, &block) ++ end + end diff --git a/SOURCES/ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch b/SOURCES/ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch new file mode 100644 index 0000000..77b0edf --- /dev/null +++ b/SOURCES/ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch @@ -0,0 +1,386 @@ +From 0207c68ea39b74fc99e445231c1ac08ad5406720 Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Dec 2017 13:53:48 +0000 +Subject: [PATCH 1/2] merge revision(s) 61242: [Backport #14185] + + Fix a command injection vulnerability in Net::FTP. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@61246 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 4 + + lib/net/ftp.rb | 10 +- + test/net/ftp/test_ftp.rb | 234 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 243 insertions(+), 5 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 177ff95c8b..ecff5aff99 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,7 @@ ++Thu Dec 14 22:52:11 2017 Shugo Maeda ++ ++ Fix a command injection vulnerability in Net::FTP. ++ + Tue Nov 15 15:29:36 2016 NARUSE, Yui + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing +diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb +index c9b80c6804..79edb80864 100644 +--- a/lib/net/ftp.rb ++++ b/lib/net/ftp.rb +@@ -607,10 +607,10 @@ module Net + if localfile + if @resume + rest_offset = File.size?(localfile) +- f = open(localfile, "a") ++ f = File.open(localfile, "a") + else + rest_offset = nil +- f = open(localfile, "w") ++ f = File.open(localfile, "w") + end + elsif !block_given? + result = "" +@@ -638,7 +638,7 @@ module Net + def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line + result = nil + if localfile +- f = open(localfile, "w") ++ f = File.open(localfile, "w") + elsif !block_given? + result = "" + end +@@ -684,7 +684,7 @@ module Net + else + rest_offset = nil + end +- f = open(localfile) ++ f = File.open(localfile) + begin + f.binmode + if rest_offset +@@ -703,7 +703,7 @@ module Net + # passing in the transmitted data one line at a time. + # + def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line +- f = open(localfile) ++ f = File.open(localfile) + begin + storlines("STOR " + remotefile, f, &block) + ensure +diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb +index cb311695d0..91a6002c5c 100644 +--- a/test/net/ftp/test_ftp.rb ++++ b/test/net/ftp/test_ftp.rb +@@ -2,6 +2,7 @@ require "net/ftp" + require "test/unit" + require "ostruct" + require "stringio" ++require "tmpdir" + + class FTPTest < Test::Unit::TestCase + SERVER_ADDR = "127.0.0.1" +@@ -783,6 +784,227 @@ class FTPTest < Test::Unit::TestCase + end + end + ++ def test_getbinaryfile_command_injection ++ skip "| is not allowed in filename on Windows" if windows? ++ [false, true].each do |resume| ++ commands = [] ++ binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3 ++ server = create_ftp_server { |sock| ++ sock.print("220 (test_ftp).\r\n") ++ commands.push(sock.gets) ++ sock.print("331 Please specify the password.\r\n") ++ commands.push(sock.gets) ++ sock.print("230 Login successful.\r\n") ++ commands.push(sock.gets) ++ sock.print("200 Switching to Binary mode.\r\n") ++ line = sock.gets ++ commands.push(line) ++ host, port = process_port_or_eprt(sock, line) ++ commands.push(sock.gets) ++ sock.print("150 Opening BINARY mode data connection for |echo hello (#{binary_data.size} bytes)\r\n") ++ conn = TCPSocket.new(host, port) ++ binary_data.scan(/.{1,1024}/nm) do |s| ++ conn.print(s) ++ end ++ conn.shutdown(Socket::SHUT_WR) ++ conn.read ++ conn.close ++ sock.print("226 Transfer complete.\r\n") ++ } ++ begin ++ chdir_to_tmpdir do ++ begin ++ ftp = Net::FTP.new ++ ftp.resume = resume ++ ftp.read_timeout = 0.2 ++ ftp.connect(SERVER_ADDR, server.port) ++ ftp.login ++ assert_match(/\AUSER /, commands.shift) ++ assert_match(/\APASS /, commands.shift) ++ assert_equal("TYPE I\r\n", commands.shift) ++ ftp.getbinaryfile("|echo hello") ++ assert_equal(binary_data, File.binread("./|echo hello")) ++ assert_match(/\A(PORT|EPRT) /, commands.shift) ++ assert_equal("RETR |echo hello\r\n", commands.shift) ++ assert_equal(nil, commands.shift) ++ ensure ++ ftp.close if ftp ++ end ++ end ++ ensure ++ server.close ++ end ++ end ++ end ++ ++ def test_gettextfile_command_injection ++ skip "| is not allowed in filename on Windows" if windows? ++ commands = [] ++ text_data = < +Date: Thu, 14 Dec 2017 15:08:49 +0000 +Subject: [PATCH 2/2] * test/net/ftp/test_ftp.rb (process_port_or_eprt): merge + a part of r56973 to pass the test introduced at previous commit. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@61255 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 5 +++++ + test/net/ftp/test_ftp.rb | 18 ++++++++++++++++++ + 2 files changed, 23 insertions(+), 0 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index ecff5aff99..d9d9629ffa 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++Fri Dec 15 00:08:26 2017 NAKAMURA Usaku ++ ++ * test/net/ftp/test_ftp.rb (process_port_or_eprt): merge a part of ++ r56973 to pass the test introduced at previous commit. ++ + Thu Dec 14 22:52:11 2017 Shugo Maeda + + Fix a command injection vulnerability in Net::FTP. +diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb +index 91a6002c5c..52e5873d61 100644 +--- a/test/net/ftp/test_ftp.rb ++++ b/test/net/ftp/test_ftp.rb +@@ -1044,4 +1044,22 @@ EOF + end + end + end ++ ++ def process_port_or_eprt(sock, line) ++ case line ++ when /\APORT (.*)/ ++ port_args = $1.split(/,/) ++ host = port_args[0, 4].join(".") ++ port = port_args[4, 2].map(&:to_i).inject {|x, y| (x << 8) + y} ++ sock.print("200 PORT command successful.\r\n") ++ return host, port ++ when /\AEPRT \|2\|(.*?)\|(.*?)\|/ ++ host = $1 ++ port = $2.to_i ++ sock.print("200 EPRT command successful.\r\n") ++ return host, port ++ else ++ flunk "PORT or EPRT expected" ++ end ++ end + end +-- +2.15.1 + diff --git a/SOURCES/ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch b/SOURCES/ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch new file mode 100644 index 0000000..e067cbd --- /dev/null +++ b/SOURCES/ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch @@ -0,0 +1,30 @@ +From 6398515adfc86813686605019a3e22d49cd95517 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Fri, 19 Jun 2015 06:04:00 +0000 +Subject: [PATCH] test_gem_remote_fetcher.rb: get rid of errors + +* test/rubygems/test_gem_remote_fetcher.rb (start_ssl_server): + temporary measure for "dh key too small" error of OpenSSL + 1.0.2c+. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50972 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/rubygems/test_gem_remote_fetcher.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb +index 6b29e18..63dd8fe 100644 +--- a/test/rubygems/test_gem_remote_fetcher.rb ++++ b/test/rubygems/test_gem_remote_fetcher.rb +@@ -979,7 +979,7 @@ + end + + DIR = File.expand_path(File.dirname(__FILE__)) +- DH_PARAM = OpenSSL::PKey::DH.new(128) ++ DH_PARAM = OpenSSL::PKey::DH.new(2048) + + def start_ssl_server(config = {}) + null_logger = NilLog.new +-- +2.4.3 + diff --git a/SOURCES/ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch b/SOURCES/ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch new file mode 100644 index 0000000..dde5de6 --- /dev/null +++ b/SOURCES/ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch @@ -0,0 +1,60 @@ +From c5c60ded6dbb6256640b0308a45c42da8c7fe071 Mon Sep 17 00:00:00 2001 +From: akr +Date: Fri, 22 Apr 2016 12:20:06 +0000 +Subject: [PATCH] * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow + removed to avoid test failures due to the tzdata change. + https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 + Found by naruse. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54706 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 7 +++++++ + test/ruby/test_time_tz.rb | 13 ------------- + 2 files changed, 7 insertions(+), 13 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 3b96a9b..965f296 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++Fri Apr 22 21:00:44 2016 Tanaka Akira ++ ++ * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow removed ++ to avoid test failures due to the tzdata change. ++ https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 ++ Found by naruse. ++ + Wed Dec 16 21:16:55 2015 CHIKANAGA Tomoyuki + + * ext/fiddle/handle.c: check tainted string arguments. +diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb +index f5d4690..b40b1ac 100644 +--- a/test/ruby/test_time_tz.rb ++++ b/test/ruby/test_time_tz.rb +@@ -161,13 +161,6 @@ def test_europe_lisbon + } + end if has_lisbon_tz + +- def test_europe_moscow +- with_tz(tz="Europe/Moscow") { +- assert_time_constructor(tz, "1992-03-29 00:00:00 +0400", :local, [1992,3,28,23,0,0]) +- assert_time_constructor(tz, "1992-03-29 00:59:59 +0400", :local, [1992,3,28,23,59,59]) +- } +- end +- + def test_pacific_kiritimati + with_tz(tz="Pacific/Kiritimati") { + assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59]) +@@ -346,12 +339,6 @@ def self.gen_zdump_test(data) + Europe/London Sun Aug 10 01:00:00 1947 UTC = Sun Aug 10 02:00:00 1947 BST isdst=1 gmtoff=3600 + Europe/London Sun Nov 2 01:59:59 1947 UTC = Sun Nov 2 02:59:59 1947 BST isdst=1 gmtoff=3600 + Europe/London Sun Nov 2 02:00:00 1947 UTC = Sun Nov 2 02:00:00 1947 GMT isdst=0 gmtoff=0 +-Europe/Moscow Sat Jan 18 23:59:59 1992 UTC = Sun Jan 19 01:59:59 1992 MSK isdst=0 gmtoff=7200 +-Europe/Moscow Sun Jan 19 00:00:00 1992 UTC = Sun Jan 19 03:00:00 1992 MSK isdst=0 gmtoff=10800 +-Europe/Moscow Sat Mar 28 19:59:59 1992 UTC = Sat Mar 28 22:59:59 1992 MSK isdst=0 gmtoff=10800 +-Europe/Moscow Sat Mar 28 20:00:00 1992 UTC = Sun Mar 29 00:00:00 1992 MSD isdst=1 gmtoff=14400 +-Europe/Moscow Sat Sep 26 18:59:59 1992 UTC = Sat Sep 26 22:59:59 1992 MSD isdst=1 gmtoff=14400 +-Europe/Moscow Sat Sep 26 19:00:00 1992 UTC = Sat Sep 26 22:00:00 1992 MSK isdst=0 gmtoff=10800 + Pacific/Kiritimati Sun Jan 1 09:59:59 1995 UTC = Sat Dec 31 23:59:59 1994 LINT isdst=0 gmtoff=-36000 + Pacific/Kiritimati Sun Jan 1 10:00:00 1995 UTC = Mon Jan 2 00:00:00 1995 LINT isdst=0 gmtoff=50400 + End diff --git a/SOURCES/ruby-2.4.0-no_proxy-with-whitespaces-and-leading-dots.patch b/SOURCES/ruby-2.4.0-no_proxy-with-whitespaces-and-leading-dots.patch new file mode 100644 index 0000000..c76edb9 --- /dev/null +++ b/SOURCES/ruby-2.4.0-no_proxy-with-whitespaces-and-leading-dots.patch @@ -0,0 +1,71 @@ +From 423d042371d0402071c309dc403ea2701600a98b Mon Sep 17 00:00:00 2001 +From: nobu +Date: Sat, 13 Feb 2016 08:12:21 +0000 +Subject: [PATCH] no_proxy with whitespaces and leading dots + +* lib/uri/generic.rb (find_proxy): exclude white-spaces and allow + for a leading dot in the domain name in no_proxy. + [ruby-core:54542] [Feature #8317] + +The previous implementation wouldn't allow for white-spaces nor a leading dot +in the domain name. The latter is described in the wget documentation as a valid case. + +By being more strict on the characters, which are counted to a domainname, +we allow for white-spaces. +Also, a possible leading dot will be handled gracefully. + +[Fix GH-285] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 6 ++++++ + lib/uri/generic.rb | 2 +- + test/uri/test_generic.rb | 4 ++++ + 3 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 2945679..44116e0 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,9 @@ ++Sat Feb 13 17:11:58 2016 Fabian Wiesel ++ ++ * lib/uri/generic.rb (find_proxy): exclude white-spaces and allow ++ for a leading dot in the domain name in no_proxy. ++ [ruby-core:54542] [Feature #8317] ++ + Sat Nov 30 13:28:13 2013 Nobuyoshi Nakada + + * siphash.c (sip_hash24): fix for aligned word access little endian +diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb +index aba54c1..f2a2d56 100644 +--- a/lib/uri/generic.rb ++++ b/lib/uri/generic.rb +@@ -1662,7 +1662,7 @@ def find_proxy + + name = 'no_proxy' + if no_proxy = ENV[name] || ENV[name.upcase] +- no_proxy.scan(/([^:,]*)(?::(\d+))?/) {|host, port| ++ no_proxy.scan(/(?!\.)([^:,\s]+)(?::(\d+))?/) {|host, port| + if /(\A|\.)#{Regexp.quote host}\z/i =~ self.host && + (!port || self.port == port.to_i) + return nil +diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb +index fcfe1f9..ad189fc 100644 +--- a/test/uri/test_generic.rb ++++ b/test/uri/test_generic.rb +@@ -773,6 +773,14 @@ def test_find_proxy + assert_equal(URI('http://127.0.0.1:8080'), URI("http://192.0.2.1/").find_proxy) + assert_nil(URI("http://192.0.2.2/").find_proxy) + } ++ with_env('http_proxy'=>'http://127.0.0.1:8080', 'no_proxy'=>'example.org') { ++ assert_nil(URI("http://example.org/").find_proxy) ++ assert_nil(URI("http://www.example.org/").find_proxy) ++ } ++ with_env('http_proxy'=>'http://127.0.0.1:8080', 'no_proxy'=>'.example.org') { ++ assert_nil(URI("http://example.org/").find_proxy) ++ assert_nil(URI("http://www.example.org/").find_proxy) ++ } + with_env('http_proxy'=>'') { + assert_nil(URI("http://192.0.2.1/").find_proxy) + assert_nil(URI("ftp://192.0.2.1/").find_proxy) diff --git a/SOURCES/ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch b/SOURCES/ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch new file mode 100644 index 0000000..d448d91 --- /dev/null +++ b/SOURCES/ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch @@ -0,0 +1,147 @@ +From 1281e56682692859e726e24fff30e44aac6f948b Mon Sep 17 00:00:00 2001 +From: nagachika +Date: Wed, 11 Oct 2017 13:48:14 +0000 +Subject: [PATCH] merge revision(s) 60149: [Backport #14003] + + Merge rubygems-2.6.14 changes. + + It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@60168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/rubygems.rb | 5 +++-- + lib/rubygems/config_file.rb | 2 +- + lib/rubygems/package.rb | 2 +- + lib/rubygems/package/old.rb | 2 +- + lib/rubygems/safe_yaml.rb | 48 +++++++++++++++++++++++++++++++++++++++++++ + lib/rubygems/specification.rb | 2 +- + 6 files changed, 55 insertions(+), 6 deletions(-) + create mode 100644 lib/rubygems/safe_yaml.rb + +diff --git a/lib/rubygems.rb b/lib/rubygems.rb +index 55aa85b8b2bd..0685bcb3c629 100644 +--- a/lib/rubygems.rb ++++ b/lib/rubygems.rb +@@ -574,7 +574,7 @@ def self.load_yaml + + unless test_syck + begin +- gem 'psych', '~> 1.2', '>= 1.2.1' ++ gem 'psych', '>= 2.0.0' + rescue Gem::LoadError + # It's OK if the user does not have the psych gem installed. We will + # attempt to require the stdlib version +@@ -598,6 +598,7 @@ def self.load_yaml + end + + require 'yaml' ++ require 'rubygems/safe_yaml' + + # If we're supposed to be using syck, then we may have to force + # activate it via the YAML::ENGINE API. +diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb +index c95d7dd1f14e..63583b361615 100644 +--- a/lib/rubygems/config_file.rb ++++ b/lib/rubygems/config_file.rb +@@ -316,7 +316,7 @@ def load_file(filename) + return {} unless filename and File.exist? filename + + begin +- content = YAML.load(File.read(filename)) ++ content = Gem::SafeYAML.load(File.read(filename)) + unless content.kind_of? Hash + warn "Failed to load #{filename} because it doesn't contain valid YAML hash" + return {} +diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb +index c36e71d800a2..77811ed5ecaa 100644 +--- a/lib/rubygems/package.rb ++++ b/lib/rubygems/package.rb +@@ -418,7 +418,7 @@ def read_checksums gem + + @checksums = gem.seek 'checksums.yaml.gz' do |entry| + Zlib::GzipReader.wrap entry do |gz_io| +- YAML.load gz_io.read ++ Gem::SafeYAML.safe_load gz_io.read + end + end + end +diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb +index 5e722baa3540..071f7141ab78 100644 +--- a/lib/rubygems/package/old.rb ++++ b/lib/rubygems/package/old.rb +@@ -100,7 +100,7 @@ def file_list io # :nodoc: + header << line + end + +- YAML.load header ++ Gem::SafeYAML.safe_load header + end + + ## +diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb +new file mode 100644 +index 000000000000..b98cfaa5e60d +--- /dev/null ++++ b/lib/rubygems/safe_yaml.rb +@@ -0,0 +1,48 @@ ++module Gem ++ ++ ### ++ # This module is used for safely loading YAML specs from a gem. The ++ # `safe_load` method defined on this module is specifically designed for ++ # loading Gem specifications. For loading other YAML safely, please see ++ # Psych.safe_load ++ ++ module SafeYAML ++ WHITELISTED_CLASSES = %w( ++ Symbol ++ Time ++ Date ++ Gem::Dependency ++ Gem::Platform ++ Gem::Requirement ++ Gem::Specification ++ Gem::Version ++ Gem::Version::Requirement ++ YAML::Syck::DefaultKey ++ Syck::DefaultKey ++ ) ++ ++ WHITELISTED_SYMBOLS = %w( ++ development ++ runtime ++ ) ++ ++ if ::YAML.respond_to? :safe_load ++ def self.safe_load input ++ ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true) ++ end ++ ++ def self.load input ++ ::YAML.safe_load(input, [::Symbol]) ++ end ++ else ++ warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)." ++ def self.safe_load input, *args ++ ::YAML.load input ++ end ++ ++ def self.load input ++ ::YAML.load input ++ end ++ end ++ end ++end +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index 88e320c05ac9..40e3a70d476c 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -910,7 +910,7 @@ def self.from_yaml(input) + Gem.load_yaml + + input = normalize_yaml_input input +- spec = YAML.load input ++ spec = Gem::SafeYAML.safe_load input + + if spec && spec.class == FalseClass then + raise Gem::EndOfYAMLException diff --git a/SOURCES/ruby-2.5.0-Disable-Tokyo-TZ-tests.patch b/SOURCES/ruby-2.5.0-Disable-Tokyo-TZ-tests.patch new file mode 100644 index 0000000..a36b897 --- /dev/null +++ b/SOURCES/ruby-2.5.0-Disable-Tokyo-TZ-tests.patch @@ -0,0 +1,30 @@ +diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb +index 20a57fe7dd..5b9e5a8bde 100644 +--- a/test/ruby/test_time_tz.rb ++++ b/test/ruby/test_time_tz.rb +@@ -125,8 +125,8 @@ def test_asia_singapore + + def test_asia_tokyo + with_tz(tz="Asia/Tokyo") { +- assert_time_constructor(tz, "1951-05-06 03:00:00 +1000", :local, [1951,5,6,2,0,0]) +- assert_time_constructor(tz, "1951-05-06 03:59:59 +1000", :local, [1951,5,6,2,59,59]) ++# assert_time_constructor(tz, "1951-05-06 03:00:00 +1000", :local, [1951,5,6,2,0,0]) ++# assert_time_constructor(tz, "1951-05-06 03:59:59 +1000", :local, [1951,5,6,2,59,59]) + assert_time_constructor(tz, "2010-06-10 06:13:28 +0900", :local, [2010,6,10,6,13,28]) + } + end +@@ -319,10 +319,10 @@ def self.gen_zdump_test(data) + Asia/Singapore Sun Aug 8 16:30:00 1965 UTC = Mon Aug 9 00:00:00 1965 SGT isdst=0 gmtoff=27000 + Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000 + Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800 +-Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 +-Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 +-Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 +-Asia/Tokyo Fri Sep 7 16:00:00 1951 UTC = Sat Sep 8 01:00:00 1951 JST isdst=0 gmtoff=32400 ++#Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 ++#Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 ++#Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 ++#Asia/Tokyo Fri Sep 7 16:00:00 1951 UTC = Sat Sep 8 01:00:00 1951 JST isdst=0 gmtoff=32400 + America/St_Johns Sun Mar 11 03:30:59 2007 UTC = Sun Mar 11 00:00:59 2007 NST isdst=0 gmtoff=-12600 + America/St_Johns Sun Mar 11 03:31:00 2007 UTC = Sun Mar 11 01:01:00 2007 NDT isdst=1 gmtoff=-9000 + America/St_Johns Sun Nov 4 02:30:59 2007 UTC = Sun Nov 4 00:00:59 2007 NDT isdst=1 gmtoff=-9000 diff --git a/SOURCES/ruby-2.5.0-Fixed-command-Injection.patch b/SOURCES/ruby-2.5.0-Fixed-command-Injection.patch new file mode 100644 index 0000000..70b8a02 --- /dev/null +++ b/SOURCES/ruby-2.5.0-Fixed-command-Injection.patch @@ -0,0 +1,156 @@ +From ba0d5f7a6df6ba5545c3ce0b09e107e10d082d49 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Wed, 20 Dec 2017 04:18:31 +0000 +Subject: [PATCH 1/3] Fixed command Injection + +* resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential + command Injection in Hosts::new() by use of Kernel#open. + [Fix GH-1777] [ruby-core:84347] [Bug #14205] + +From: Drigg3r + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/resolv.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/resolv.rb b/lib/resolv.rb +index 1044b95e68..56183b837d 100644 +--- a/lib/resolv.rb ++++ b/lib/resolv.rb +@@ -186,7 +186,7 @@ def lazy_initialize # :nodoc: + unless @initialized + @name2addr = {} + @addr2name = {} +- open(@filename, 'rb') {|f| ++ File.open(@filename, 'rb') {|f| + f.each {|line| + line.sub!(/#.*/, '') + addr, hostname, *aliases = line.split(/\s+/) +-- +2.15.1 + + +From 0b6213635018ef73567388c1095ad1c556e1f4ee Mon Sep 17 00:00:00 2001 +From: nobu +Date: Wed, 20 Dec 2017 04:25:01 +0000 +Subject: [PATCH 2/3] Fixed command Injection + +* lib/resolv.rb (Resolv::Config.parse_resolv_conf): fixed + potential command injection by use of Kernel#open. + [ruby-core:84347] [Bug #14205] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/resolv.rb | 2 +- + test/resolv/test_addr.rb | 11 +++++++++++ + test/resolv/test_dns.rb | 10 ++++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/lib/resolv.rb b/lib/resolv.rb +index 56183b837d..48ee400efe 100644 +--- a/lib/resolv.rb ++++ b/lib/resolv.rb +@@ -904,7 +904,7 @@ def Config.parse_resolv_conf(filename) + nameserver = [] + search = nil + ndots = 1 +- open(filename, 'rb') {|f| ++ File.open(filename, 'rb') {|f| + f.each {|line| + line.sub!(/[#;].*/, '') + keyword, *args = line.split(/\s+/) +diff --git a/test/resolv/test_addr.rb b/test/resolv/test_addr.rb +index 4a2df5bfca..78a28c9633 100644 +--- a/test/resolv/test_addr.rb ++++ b/test/resolv/test_addr.rb +@@ -26,4 +26,15 @@ def test_invalid_byte_comment + end + end + end ++ ++ def test_hosts_by_command ++ Dir.mktmpdir do |dir| ++ Dir.chdir(dir) do ++ hosts = Resolv::Hosts.new("|echo error") ++ assert_raise(Errno::ENOENT) do ++ hosts.each_name("") {} ++ end ++ end ++ end ++ end + end +diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb +index f21a094b20..8236078374 100644 +--- a/test/resolv/test_dns.rb ++++ b/test/resolv/test_dns.rb +@@ -176,6 +176,16 @@ def test_invalid_byte_comment + end + end + ++ def test_resolv_conf_by_command ++ Dir.mktmpdir do |dir| ++ Dir.chdir(dir) do ++ assert_raise(Errno::ENOENT) do ++ Resolv::DNS::Config.parse_resolv_conf("|echo foo") ++ end ++ end ++ end ++ end ++ + def test_dots_diffences + name1 = Resolv::DNS::Name.create("example.org") + name2 = Resolv::DNS::Name.create("ex.ampl.eo.rg") +-- +2.15.1 + + +From dd71a5a9a459dbda9b9a4786f6a0b5bd59a81aae Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 20 Dec 2017 16:04:41 +0000 +Subject: [PATCH 3/3] fix test errors on Windows + + * test/resolv/test_addr.rb (test_hosts_by_command): on Windows, `|` is + invalid charactor for path and raises `Errno::EINVAL` if trying to + open. + + * test/resolv/test_dns.rb (test_resolv_conf_by_command): ditto. + + cf. [Bug #14205] + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61374 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/resolv/test_addr.rb | 2 +- + test/resolv/test_dns.rb | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/resolv/test_addr.rb b/test/resolv/test_addr.rb +index 78a28c9633..14ec2651ab 100644 +--- a/test/resolv/test_addr.rb ++++ b/test/resolv/test_addr.rb +@@ -31,7 +31,7 @@ def test_hosts_by_command + Dir.mktmpdir do |dir| + Dir.chdir(dir) do + hosts = Resolv::Hosts.new("|echo error") +- assert_raise(Errno::ENOENT) do ++ assert_raise(Errno::ENOENT, Errno::EINVAL) do + hosts.each_name("") {} + end + end +diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb +index 8236078374..1b44f32807 100644 +--- a/test/resolv/test_dns.rb ++++ b/test/resolv/test_dns.rb +@@ -179,7 +179,7 @@ def test_invalid_byte_comment + def test_resolv_conf_by_command + Dir.mktmpdir do |dir| + Dir.chdir(dir) do +- assert_raise(Errno::ENOENT) do ++ assert_raise(Errno::ENOENT, Errno::EINVAL) do + Resolv::DNS::Config.parse_resolv_conf("|echo foo") + end + end +-- +2.15.1 + diff --git a/SOURCES/ruby-exercise.stp b/SOURCES/ruby-exercise.stp new file mode 100644 index 0000000..df9df41 --- /dev/null +++ b/SOURCES/ruby-exercise.stp @@ -0,0 +1,39 @@ +/* Example tapset file. + * + * You can execute the tapset using following command (please adjust the path + * prior running the command, if needed): + * + * stap /usr/share/doc/ruby-2.0.0.0/ruby-exercise.stp -c "ruby -e \"puts 'test'\"" + */ + +probe ruby.cmethod.entry { + printf("%d -> %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.cmethod.return { + printf("%d <- %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.method.entry { + printf("%d -> %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.method.return { + printf("%d <- %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.gc.mark.begin { printf("%d gc.mark.begin\n", tid()); } + +probe ruby.gc.mark.end { printf("%d gc.mark.end\n", tid()); } + +probe ruby.gc.sweep.begin { printf("%d gc.sweep.begin\n", tid()); } + +probe ruby.gc.sweep.end { printf("%d gc.sweep.end\n", tid()); } + +probe ruby.object.create{ + printf("%d obj.create %s %s:%d\n", tid(), classname, file, line); +} + +probe ruby.raise { + printf("%d raise %s %s:%d\n", tid(), classname, file, line); +} diff --git a/SOURCES/ruby-trunk-tk-extconf-fix.patch b/SOURCES/ruby-trunk-tk-extconf-fix.patch new file mode 100644 index 0000000..7e6e51b --- /dev/null +++ b/SOURCES/ruby-trunk-tk-extconf-fix.patch @@ -0,0 +1,71 @@ +From 399ef04d6540bf708e5281d8e649165f03e61e1e Mon Sep 17 00:00:00 2001 +From: Josef Stribny +Date: Thu, 9 Jan 2014 14:50:36 +0100 +Subject: [PATCH] Fix tk extconf to pass arrays instead of strings to + libpathflag + +--- + ext/tk/extconf.rb | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ext/tk/extconf.rb b/ext/tk/extconf.rb +index ca99129..5b7c19b 100644 +--- a/ext/tk/extconf.rb ++++ b/ext/tk/extconf.rb +@@ -623,7 +623,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + $INCFLAGS << " -I" << File.join(File.dirname(File.dirname(file)),"include") if is_win32? + else + tcllibs = append_library($libs, libname) +- tcllibs = "#{libpathflag(tcldir)} #{tcllibs}" ++ tcllibs = "#{libpathflag([tcldir])} #{tcllibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -665,7 +665,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + else + tklibs = append_library("", libname) + #tklibs = append_library("", $1) +- tklibs = "#{libpathflag(tkdir)} #{tklibs}" ++ tklibs = "#{libpathflag([tkdir])} #{tklibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -1161,7 +1161,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths) + tcllibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tcllibs = append_library($libs, lib_w_sufx) +- tcllibs = "#{libpathflag(path)} #{tcllibs}" ++ tcllibs = "#{libpathflag([path])} #{tcllibs}" + end + if try_func(func, tcllibs, ["tcl.h"]) + return [true, path, nil, tcllibs, *inc] +@@ -1300,7 +1300,7 @@ def find_tk(tklib, stubs, version, *opt_paths) + tklibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tklibs = append_library($libs, lib_w_sufx) +- tklibs = "#{libpathflag(path)} #{tklibs}" ++ tklibs = "#{libpathflag([path])} #{tklibs}" + end + if try_func(func, tklibs, ["tcl.h", "tk.h"]) + return [true, path, nil, tklibs, *inc] +@@ -2013,7 +2013,7 @@ $defs += collect_tcltk_defs(TclConfig_Info['TCL_DEFS'], TkConfig_Info['TK_DEFS'] + # MacOS X Frameworks? + if TkLib_Config["tcltk-framework"] + puts("Use MacOS X Frameworks.") +- ($LDFLAGS ||= "") << " " << libpathflag(TkLib_Config["tcl-build-dir"]) if TkLib_Config["tcl-build-dir"] ++ ($LDFLAGS ||= "") << " " << libpathflag([TkLib_Config["tcl-build-dir"]]) if TkLib_Config["tcl-build-dir"] + + libs = '' + if tcl_cfg_dir +@@ -2039,7 +2039,7 @@ if TkLib_Config["tcltk-framework"] + end + end + +- libs << " " << libpathflag(TkLib_Config["tk-build-dir"]) if TkLib_Config["tk-build-dir"] ++ libs << " " << libpathflag([TkLib_Config["tk-build-dir"]]) if TkLib_Config["tk-build-dir"] + + if tk_cfg_dir + TkConfig_Info['TK_LIBS'] ||= "" +-- +1.8.3.1 + diff --git a/SOURCES/ruby-trunk-tk-rpath-fix.patch b/SOURCES/ruby-trunk-tk-rpath-fix.patch new file mode 100644 index 0000000..935e01f --- /dev/null +++ b/SOURCES/ruby-trunk-tk-rpath-fix.patch @@ -0,0 +1,61 @@ +diff --git a/ext/tk/extconf.rb b/ext/tk/extconf.rb +index 709e4d2..fa1bc80 100644 +--- a/ext/tk/extconf.rb ++++ b/ext/tk/extconf.rb +@@ -623,7 +623,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + $INCFLAGS << " -I" << File.join(File.dirname(File.dirname(file)),"include") if is_win32? + else + tcllibs = append_library($libs, libname) +- tcllibs = "-L#{tcldir.quote} -Wl,-R#{tcldir.quote} " + tcllibs ++ tcllibs = "#{libpathflag(tcldir)} #{tcllibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -665,7 +665,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + else + tklibs = append_library("", libname) + #tklibs = append_library("", $1) +- tklibs = "-L#{tkdir.quote} -Wl,-R#{tkdir.quote} " + tklibs ++ tklibs = "#{libpathflag(tkdir)} #{tklibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -1161,7 +1161,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths) + tcllibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tcllibs = append_library($libs, lib_w_sufx) +- tcllibs = "-L#{path.quote} -Wl,-R#{path.quote} " + tcllibs ++ tcllibs = "#{libpathflag(path)} #{tcllibs}" + end + if try_func(func, tcllibs, ["tcl.h"]) + return [true, path, nil, tcllibs, *inc] +@@ -1300,7 +1300,7 @@ def find_tk(tklib, stubs, version, *opt_paths) + tklibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tklibs = append_library($libs, lib_w_sufx) +- tklibs = "-L#{path.quote} -Wl,-R#{path.quote} " + tklibs ++ tklibs = "#{libpathflag(path)} #{tklibs}" + end + if try_func(func, tklibs, ["tcl.h", "tk.h"]) + return [true, path, nil, tklibs, *inc] +@@ -2013,7 +2013,7 @@ $defs += collect_tcltk_defs(TclConfig_Info['TCL_DEFS'], TkConfig_Info['TK_DEFS'] + # MacOS X Frameworks? + if TkLib_Config["tcltk-framework"] + puts("Use MacOS X Frameworks.") +- ($LDFLAGS ||= "") << " -L#{TkLib_Config["tcl-build-dir"].quote} -Wl,-R#{TkLib_Config["tcl-build-dir"].quote}" if TkLib_Config["tcl-build-dir"] ++ ($LDFLAGS ||= "") << " " << libpathflag(TkLib_Config["tcl-build-dir"]) if TkLib_Config["tcl-build-dir"] + + libs = '' + if tcl_cfg_dir +@@ -2039,7 +2039,7 @@ if TkLib_Config["tcltk-framework"] + end + end + +- libs << " -L#{TkLib_Config["tk-build-dir"].quote} -Wl,-R#{TkLib_Config["tk-build-dir"].quote}" if TkLib_Config["tk-build-dir"] ++ libs << " " << libpathflag(TkLib_Config["tk-build-dir"]) if TkLib_Config["tk-build-dir"] + + if tk_cfg_dir + TkConfig_Info['TK_LIBS'] ||= "" +-- +1.8.5.2 + diff --git a/SOURCES/rubygem-rdoc-4.0.1-unterminated-heredoc.patch b/SOURCES/rubygem-rdoc-4.0.1-unterminated-heredoc.patch new file mode 100644 index 0000000..08fdb92 --- /dev/null +++ b/SOURCES/rubygem-rdoc-4.0.1-unterminated-heredoc.patch @@ -0,0 +1,38 @@ +t a/lib/rdoc/ruby_lex.rb b/lib/rdoc/ruby_lex.rb +index e6e0b41..da17cd5 100644 +--- a/lib/rdoc/ruby_lex.rb ++++ b/lib/rdoc/ruby_lex.rb +@@ -1028,6 +1028,8 @@ def identify_here_document + end + + if output_heredoc then ++ raise Error, "Missing terminating #{quoted} for string" unless l ++ + doc << l.chomp + else + doc << '"' +diff --git a/test/rdoc/test_rdoc_ruby_lex.rb b/test/rdoc/test_rdoc_ruby_lex.rb +index 0dcb425..56ddf60 100644 +--- a/test/rdoc/test_rdoc_ruby_lex.rb ++++ b/test/rdoc/test_rdoc_ruby_lex.rb +@@ -162,6 +162,18 @@ def test_class_tokenize_heredoc_indent + assert_equal expected, tokens + end + ++ def test_class_tokenize_heredoc_missing_end ++ e = assert_raises RDoc::RubyLex::Error do ++ RDoc::RubyLex.tokenize <<-'RUBY', nil ++>> string1 = <<-TXT ++>" That's swell ++>" TXT ++ RUBY ++ end ++ ++ assert_equal 'Missing terminating TXT for string', e.message ++ end ++ + def test_class_tokenize_heredoc_percent_N + tokens = RDoc::RubyLex.tokenize <<-'RUBY', nil + a b <<-U +-- +1.8.4 diff --git a/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch b/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch new file mode 100644 index 0000000..1e58ff7 --- /dev/null +++ b/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch @@ -0,0 +1,151 @@ +From b95b9942361104dc5b7fd08eb4970f893d8c1a54 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 13 Feb 2013 13:12:30 +0100 +Subject: [PATCH 1/3] Remove duplicated check. + +The loaded specifications are rejected already in #gather_dependencies, +so this condition cannot trigger. +--- + lib/rubygems/dependency_installer.rb | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index d811f62..dffa8df 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -337,9 +337,6 @@ class Gem::DependencyInstaller + + last = @gems_to_install.size - 1 + @gems_to_install.each_with_index do |spec, index| +- # REFACTOR more current spec set hardcoding, should be abstracted? +- next if Gem::Specification.include?(spec) and index != last +- + # TODO: make this sorta_verbose so other users can benefit from it + say "Installing gem #{spec.full_name}" if Gem.configuration.really_verbose + +-- +1.8.1.2 + + +From 2fa9087b1986db6c7945c0f997fed2bfff5ce06a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 13 Feb 2013 15:47:47 +0100 +Subject: [PATCH 2/3] Do not modify global Specification.dirs during + installation. + +While gems are installed into --install-dir just fine even without +modifications of Specification.dirs, change in it makes inaccessible +gems already present on the system. +--- + lib/rubygems/dependency_installer.rb | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index dffa8df..841f26a 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -57,16 +57,14 @@ class Gem::DependencyInstaller + # :build_args:: See Gem::Installer::new + + def initialize(options = {}) +- @install_dir = options[:install_dir] || Gem.dir + + if options[:install_dir] then +- # HACK shouldn't change the global settings, needed for -i behavior +- # maybe move to the install command? See also github #442 +- Gem::Specification.dirs = @install_dir ++ Gem.ensure_gem_subdirectories options[:install_dir] + end + + options = DEFAULT_OPTIONS.merge options + ++ @install_dir = options[:install_dir] + @bin_dir = options[:bin_dir] + @dev_shallow = options[:dev_shallow] + @development = options[:development] +@@ -91,7 +88,7 @@ class Gem::DependencyInstaller + @installed_gems = [] + @toplevel_specs = nil + +- @cache_dir = options[:cache_dir] || @install_dir ++ @cache_dir = options[:cache_dir] || @install_dir || Gem.dir + + # Set with any errors that SpecFetcher finds while search through + # gemspecs for a dep +@@ -201,7 +199,7 @@ class Gem::DependencyInstaller + # that this isn't dependent only on the currently installed gems + dependency_list.specs.reject! { |spec| + not keep_names.include?(spec.full_name) and +- Gem::Specification.include?(spec) ++ (!@install_dir && Gem::Specification.include?(spec)) + } + + unless dependency_list.ok? or @ignore_dependencies or @force then +@@ -253,7 +251,7 @@ class Gem::DependencyInstaller + to_do.push t.spec + end + +- results.remove_installed! dep ++ results.remove_installed! dep unless @install_dir + + @available << results + results.inject_into_list dependency_list +@@ -367,7 +365,7 @@ class Gem::DependencyInstaller + :force => @force, + :format_executable => @format_executable, + :ignore_dependencies => @ignore_dependencies, +- :install_dir => @install_dir, ++ :install_dir => (@install_dir || Gem.dir), + :security_policy => @security_policy, + :user_install => @user_install, + :wrappers => @wrappers, +-- +1.8.1.2 + + +From d473204ce920702dd87257db49355929f31530d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 15 Feb 2013 17:02:44 +0100 +Subject: [PATCH 3/3] Default to Gem.dir as late as possible. + +--- + lib/rubygems/dependency_installer.rb | 2 +- + lib/rubygems/installer.rb | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index 841f26a..abcfa0f 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -365,7 +365,7 @@ class Gem::DependencyInstaller + :force => @force, + :format_executable => @format_executable, + :ignore_dependencies => @ignore_dependencies, +- :install_dir => (@install_dir || Gem.dir), ++ :install_dir => @install_dir, + :security_policy => @security_policy, + :user_install => @user_install, + :wrappers => @wrappers, +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 780a88b..6543130 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -547,13 +547,13 @@ class Gem::Installer + :bin_dir => nil, + :env_shebang => false, + :force => false, +- :install_dir => Gem.dir, + :only_install_dir => false + }.merge options + + @env_shebang = options[:env_shebang] + @force = options[:force] +- @gem_home = options[:install_dir] ++ @install_dir = options[:install_dir] ++ @gem_home = options[:install_dir] || Gem.dir + @ignore_dependencies = options[:ignore_dependencies] + @format_executable = options[:format_executable] + @security_policy = options[:security_policy] +-- +1.8.1.2 + diff --git a/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch b/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch new file mode 100644 index 0000000..365dc7b --- /dev/null +++ b/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch @@ -0,0 +1,34 @@ +From c9b2eff36728266052ccfff54d3ac0a0624fd0f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Thu, 14 Feb 2013 11:50:41 +0100 +Subject: [PATCH] Use File.join insteado of manual path creation. + +This prevents issues, when File.join in #new_default_spec removes +superfluous slashes while they are kept in expected paths. E.g. the test +would fail if ruby configuration specifies --with-ruby-version=''. +--- + test/rubygems/test_gem_commands_contents_command.rb | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/test/rubygems/test_gem_commands_contents_command.rb b/test/rubygems/test_gem_commands_contents_command.rb +index 60df53f..35c9631 100644 +--- a/test/rubygems/test_gem_commands_contents_command.rb ++++ b/test/rubygems/test_gem_commands_contents_command.rb +@@ -140,10 +140,10 @@ lib/foo.rb + @cmd.execute + end + +- expected = %W[ +- #{Gem::ConfigMap[:bindir]}/default_command +- #{Gem::ConfigMap[:rubylibdir]}/default/gem.rb +- #{Gem::ConfigMap[:archdir]}/default_gem.so ++ expected = [ ++ File.join(Gem::ConfigMap[:bindir], 'default_command'), ++ File.join(Gem::ConfigMap[:rubylibdir], 'default/gem.rb'), ++ File.join(Gem::ConfigMap[:archdir], 'default_gem.so') + ].sort.join "\n" + + assert_equal expected, @ui.output.chomp +-- +1.8.1.2 + diff --git a/SOURCES/rubygems-2.0.0-binary-extensions.patch b/SOURCES/rubygems-2.0.0-binary-extensions.patch new file mode 100644 index 0000000..aa9fdbd --- /dev/null +++ b/SOURCES/rubygems-2.0.0-binary-extensions.patch @@ -0,0 +1,344 @@ +From ec90622235ae19b28a327cb50a10e0311e8f3d71 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Thu, 3 Nov 2011 16:43:05 +0100 +Subject: [PATCH 1/8] Add dedicate extensions folder into $LOAD_PATH. + +--- + lib/rubygems/specification.rb | 32 ++++++++++++++++++++++++++++++-- + 1 file changed, 30 insertions(+), 2 deletions(-) + +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index cabdf8d..87b14d2 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1269,6 +1269,12 @@ class Gem::Specification + File.join full_gem_path, path + end + ++ unless extensions.empty? ++ paths += require_paths.map do |path| ++ File.join ext_dir, path ++ end ++ end ++ + # gem directories must come after -I and ENV['RUBYLIB'] + insert_index = Gem.load_path_insert_index + +@@ -1389,11 +1395,16 @@ class Gem::Specification + + def contains_requirable_file? file + root = full_gem_path ++ ext = ext_dir + suffixes = Gem.suffixes + + require_paths.any? do |lib| +- base = "#{root}/#{lib}/#{file}" +- suffixes.any? { |suf| File.file? "#{base}#{suf}" } ++ base = ["#{root}/#{lib}/#{file}"] ++ base << "#{ext}/#{lib}/#{file}" unless extensions.empty? ++ ++ base.any? do |path| ++ suffixes.any? { |suf| File.file? "#{path}#{suf}" } ++ end + end + end + +@@ -1691,6 +1699,23 @@ class Gem::Specification + end + + ## ++ # Returns the full path to this spec's ext directory. ++ # eg: /usr/local/lib/ruby/1.8/exts/mygem-1.0 ++ ++ def ext_dir ++ @gem_dir ||= File.expand_path File.join(exts_dir, full_name) ++ end ++ ++ ## ++ # Returns the full path to the exts directory containing this spec's ++ # gem directory. eg: /usr/local/lib/ruby/1.8/exts ++ ++ def exts_dir ++ # TODO: this logic seems terribly broken, but tests fail if just base_dir ++ @exts_dir ||= File.join(loaded_from && base_dir || Gem.dir, "exts") ++ end ++ ++ ## + # Deprecated and ignored, defaults to true. + # + # Formerly used to indicate this gem was RDoc-capable. +-- +1.8.1.2 + + +From e42819f32fc5d935f7e7189ec4be8bdab0a2cf3f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 16 Nov 2011 13:26:48 +0100 +Subject: [PATCH 2/8] Use spec's ext dir for extension installation. + +--- + lib/rubygems/installer.rb | 2 +- + lib/rubygems/specification.rb | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 780a88b..854c177 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = File.join gem_dir, spec.require_paths.first ++ dest_path = spec.ext_dir + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index 87b14d2..492ddbe 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1706,16 +1706,15 @@ class Gem::Specification + # eg: /usr/local/lib/ruby/1.8/exts/mygem-1.0 + + def ext_dir +- @gem_dir ||= File.expand_path File.join(exts_dir, full_name) ++ @ext_dir ||= File.join exts_dir, full_name, require_paths.first + end + + ## + # Returns the full path to the exts directory containing this spec's +- # gem directory. eg: /usr/local/lib/ruby/1.8/exts ++ # gem directory. eg: /usr/local/lib/ruby/1.8/gems + + def exts_dir +- # TODO: this logic seems terribly broken, but tests fail if just base_dir +- @exts_dir ||= File.join(loaded_from && base_dir || Gem.dir, "exts") ++ @exts_dir ||= gems_dir + end + + ## +-- +1.8.1.2 + + +From 0e9dd0655111f7dda805233c79a3771459d9a66a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 16 Nov 2011 14:52:16 +0100 +Subject: [PATCH 3/9] Simplify the extending of $LOAD_PATH for binary gems. + +--- + lib/rubygems/specification.rb | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index 492ddbe..c703827 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1269,11 +1269,7 @@ class Gem::Specification + File.join full_gem_path, path + end + +- unless extensions.empty? +- paths += require_paths.map do |path| +- File.join ext_dir, path +- end +- end ++ paths << ext_dir unless extensions.empty? || paths.include?(ext_dir) + + # gem directories must come after -I and ENV['RUBYLIB'] + insert_index = Gem.load_path_insert_index +@@ -1714,7 +1710,10 @@ class Gem::Specification + # gem directory. eg: /usr/local/lib/ruby/1.8/gems + + def exts_dir +- @exts_dir ||= gems_dir ++ @exts_dir ||= begin ++ dirs = Gem.default_dirs.detect {|location, paths| paths[:gem_dir] == base_dir} ++ dirs ? File.join(dirs.last[:ext_dir], 'exts') : gems_dir ++ end + end + + ## +-- +1.8.1.2 + + +From 9a8556c609e800d0dbd24af416d613f2e82f323c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 9 Dec 2011 16:31:04 +0100 +Subject: [PATCH 4/8] Fix the binary extension search path construction. + +--- + lib/rubygems/installer.rb | 2 +- + lib/rubygems/specification.rb | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 854c177..f1f2ad7 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = spec.ext_dir ++ dest_path = File.join spec.ext_dir, spec.require_paths.first + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index c703827..fa9ea6e 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1269,7 +1269,7 @@ class Gem::Specification + File.join full_gem_path, path + end + +- paths << ext_dir unless extensions.empty? || paths.include?(ext_dir) ++ paths << File.join(ext_dir, require_paths.first) unless extensions.empty? || (ext_dir == full_gem_path) + + # gem directories must come after -I and ENV['RUBYLIB'] + insert_index = Gem.load_path_insert_index +@@ -1702,7 +1702,7 @@ class Gem::Specification + # eg: /usr/local/lib/ruby/1.8/exts/mygem-1.0 + + def ext_dir +- @ext_dir ||= File.join exts_dir, full_name, require_paths.first ++ @ext_dir ||= File.join exts_dir, full_name + end + + ## +-- +1.8.1.2 + + +From 476c2f90cc6f5f490858f253a9b23eb19d53d2fc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Tue, 13 Dec 2011 12:14:54 +0100 +Subject: [PATCH 5/8] Remove binary extensions during uninstall. + +--- + lib/rubygems/uninstaller.rb | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/rubygems/uninstaller.rb b/lib/rubygems/uninstaller.rb +index d672b9d..5c31a0c 100644 +--- a/lib/rubygems/uninstaller.rb ++++ b/lib/rubygems/uninstaller.rb +@@ -246,6 +246,7 @@ class Gem::Uninstaller + File.writable?(spec.base_dir) + + FileUtils.rm_rf spec.full_gem_path ++ FileUtils.rm_rf spec.ext_dir + + # TODO: should this be moved to spec?... I vote eww (also exists in docmgr) + old_platform_name = [spec.name, +-- +1.8.1.2 + + +From 35dc17e86f701fe1be80d98ace79735c535fd570 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Tue, 13 Dec 2011 14:27:14 +0100 +Subject: [PATCH 6/8] Avoid dependency on customized operating_system.rb. + +--- + lib/rubygems/defaults.rb | 11 +++++++++++ + lib/rubygems/specification.rb | 5 +---- + 2 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/lib/rubygems/defaults.rb b/lib/rubygems/defaults.rb +index ea84e5c..b221954 100644 +--- a/lib/rubygems/defaults.rb ++++ b/lib/rubygems/defaults.rb +@@ -103,6 +103,17 @@ module Gem + end + + ## ++ # Returns binary extensions dir for specified RubyGems base dir or nil ++ # if such directory cannot be determined. ++ # ++ # By default, the binary extensions are located side by side with their ++ # Ruby counterparts, therefore nil is returned ++ ++ def self.default_ext_dir_for base_dir ++ nil ++ end ++ ++ ## + # A wrapper around RUBY_ENGINE const that may not be defined + + def self.ruby_engine +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index fa9ea6e..2b10499 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1710,10 +1710,7 @@ class Gem::Specification + # gem directory. eg: /usr/local/lib/ruby/1.8/gems + + def exts_dir +- @exts_dir ||= begin +- dirs = Gem.default_dirs.detect {|location, paths| paths[:gem_dir] == base_dir} +- dirs ? File.join(dirs.last[:ext_dir], 'exts') : gems_dir +- end ++ @exts_dir ||= Gem.default_ext_dir_for(base_dir) || gems_dir + end + + ## +-- +1.8.1.2 + + +From 0937c0b0a3c2ed08ab5b0875f7f95e24157525c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Thu, 7 Feb 2013 13:07:34 +0100 +Subject: [PATCH 7/8] Fix binary extensions installation when --install-dir is + specified. + +--- + lib/rubygems/installer.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index f1f2ad7..e1577fc 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = File.join spec.ext_dir, spec.require_paths.first ++ dest_path = File.join(options[:install_dir] ? gem_dir : spec.ext_dir, spec.require_paths.first) + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +-- +1.8.1.2 + + +From 062a11c59731f5875d5a8821a212c8a41cb84577 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 15 Feb 2013 17:07:07 +0100 +Subject: [PATCH 8/8] Use correct option. + +--- + lib/rubygems/installer.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index e1577fc..1492c68 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = File.join(options[:install_dir] ? gem_dir : spec.ext_dir, spec.require_paths.first) ++ dest_path = File.join(@install_dir ? gem_dir : spec.ext_dir, spec.require_paths.first) + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +-- +1.8.1.2 + diff --git a/SOURCES/rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch b/SOURCES/rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch new file mode 100644 index 0000000..878cf70 --- /dev/null +++ b/SOURCES/rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch @@ -0,0 +1,35 @@ +From 40ce9bfd4917f8d8aa023c92073ec5e9da898f71 Mon Sep 17 00:00:00 2001 +From: Eric Hodel +Date: Tue, 23 Jul 2013 13:47:53 -0700 +Subject: [PATCH] Fix test failure when ruby is not yet installed + +Other uses of ruby in a Makefile use ENV['RUBY'] which contains a +miniruby invocation when ruby is not yet installed (tests run during the +ruby build). +--- + test/rubygems/test_gem_ext_ext_conf_builder.rb | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/test/rubygems/test_gem_ext_ext_conf_builder.rb b/test/rubygems/test_gem_ext_ext_conf_builder.rb +index 33398ac..dfbf3fe 100644 +--- a/test/rubygems/test_gem_ext_ext_conf_builder.rb ++++ b/test/rubygems/test_gem_ext_ext_conf_builder.rb +@@ -120,8 +120,13 @@ def test_class_build_unconventional + extconf.puts <<-'EXTCONF' + include RbConfig + +-ruby_exe = "#{CONFIG['RUBY_INSTALL_NAME']}#{CONFIG['EXEEXT']}" +-ruby = File.join CONFIG['bindir'], ruby_exe ++ruby = ++ if ENV['RUBY'] then ++ ENV['RUBY'] ++ else ++ ruby_exe = "#{CONFIG['RUBY_INSTALL_NAME']}#{CONFIG['EXEEXT']}" ++ File.join CONFIG['bindir'], ruby_exe ++ end + + open 'Makefile', 'w' do |io| + io.write <<-Makefile +-- +1.8.5.5 + diff --git a/SOURCES/test_abrt.rb b/SOURCES/test_abrt.rb new file mode 100644 index 0000000..6d110ba --- /dev/null +++ b/SOURCES/test_abrt.rb @@ -0,0 +1,7 @@ +if !!$LOADED_FEATURES.detect { |f| f =~ /abrt\.rb/ } + exit true +else + puts 'ERROR: ABRT hook was not loaded.' + + exit false +end diff --git a/SOURCES/test_systemtap.rb b/SOURCES/test_systemtap.rb new file mode 100644 index 0000000..eb518df --- /dev/null +++ b/SOURCES/test_systemtap.rb @@ -0,0 +1,64 @@ +require 'set' + +LIBRUBY_SO = 'libruby.so' +PROBES_D = 'probes.d' + +### +# Detect SystemTap section headers presence. + +stap_headers = [ + '\.stapsdt\.base', + '\.note\.stapsdt' +] + +header_regexp = %r{ (#{stap_headers.join('|')}) } + +section_headers = `readelf -S "#{LIBRUBY_SO}"` +detected_stap_headers = section_headers.scan(header_regexp).flatten + +# Assume there are both headers until this is proven wrong ;) +unless detected_stap_headers.size == 2 + puts 'ERROR: SystemTap (DTrace) headers were not detected in resulting library.' + exit false +end + +### +# Find if every declared probe is propagated to resulting library. + +# Colect probes specified in probes.d file. +probes = [] + +File.open(PROBES_D) do |file| + file.each_line do |line| + if probe = line[/probe (\S+)\(.*\);/, 1] + probes << probe + end + end +end + +probes = Set.new probes + +# These probes are excluded by VM_COLLECT_USAGE_DETAILS ifdef. +EXCLUDE_PROBES = Set.new %w(insn insn__operand) +unless EXCLUDE_PROBES.subset? probes + puts 'ERROR: Change in SystemTap (DTrace) probes definition file detected.' + exit false +end + +probes -= EXCLUDE_PROBES + +# Detect probes in resulting library. +probe_regexp = %r{ +^\s*stapsdt\s*0[xX][0-9a-fA-F]+\tNT_STAPSDT \(SystemTap probe descriptors\)$ +^\s*Provider: ruby$ +^\s*Name: (\S+)$ +} + +notes = `readelf -n "#{LIBRUBY_SO}"` +detected_probes = Set.new notes.scan(probe_regexp).flatten + +# Both sets must be equal, otherwise something is wrong. +unless probes == detected_probes + puts 'ERROR: SystemTap (DTrace) probes were not correctly propagated into resulting library.' + exit false +end diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec new file mode 100644 index 0000000..4ce9dc1 --- /dev/null +++ b/SPECS/ruby.spec @@ -0,0 +1,2216 @@ +%global major_version 2 +%global minor_version 0 +%global teeny_version 0 +%global patch_level 648 + +%global major_minor_version %{major_version}.%{minor_version} + +%global ruby_version %{major_minor_version}.%{teeny_version} +%global ruby_version_patch_level %{major_minor_version}.%{teeny_version}.%{patch_level} +%global ruby_release %{ruby_version} + +# Specify the named version. It has precedense to revision. +#%%global milestone preview2 + +# Keep the revision enabled for pre-releases from SVN. +#%%global revision 39387 + +%global ruby_archive %{name}-%{ruby_version} + +# If revision and milestone are removed/commented out, the official release build is expected. +%if 0%{?milestone:1}%{?revision:1} != 0 +%global development_release %{?milestone}%{?!milestone:%{?revision:r%{revision}}} +%global ruby_archive %{ruby_archive}-%{?milestone}%{?!milestone:%{?revision:r%{revision}}} +%else +%global ruby_archive %{ruby_archive}-p%{patch_level} +%endif + + +%global release 33 +%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} + +%global rubygems_version 2.0.14.1 + +# The RubyGems library has to stay out of Ruby directory three, since the +# RubyGems should be share by all Ruby implementations. +%global rubygems_dir %{_datadir}/rubygems + +%global rake_version 0.9.6 +# TODO: The IRB has strange versioning. Keep the Ruby's versioning ATM. +# http://redmine.ruby-lang.org/issues/5313 +%global irb_version %{ruby_version_patch_level} +%global rdoc_version 4.0.0 +%global bigdecimal_version 1.2.0 +%global io_console_version 0.4.2 +%global json_version 1.7.7 +%global minitest_version 4.3.2 +%global psych_version 2.0.0 + +# Might not be needed in the future, if we are lucky enough. +# https://bugzilla.redhat.com/show_bug.cgi?id=888262 +%global tapset_root %{_datadir}/systemtap +%global tapset_dir %{tapset_root}/tapset +%global tapset_libdir %(echo %{_libdir} | sed 's/64//')* + +%global _normalized_cpu %(echo %{_target_cpu} | sed 's/^ppc/powerpc/;s/i.86/i386/;s/sparcv./sparc/') + +%if 0%{?fedora} >= 19 +%global with_rubypick 1 +%endif + +Summary: An interpreter of object-oriented scripting language +Name: ruby +Version: %{ruby_version_patch_level} +Release: %{release_string} +Group: Development/Languages +# Public Domain for example for: include/ruby/st.h, strftime.c, ... +License: (Ruby or BSD) and Public Domain +URL: http://ruby-lang.org/ +Source0: ftp://ftp.ruby-lang.org/pub/%{name}/%{major_minor_version}/%{ruby_archive}.tar.bz2 +Source1: operating_system.rb +# TODO: Try to push SystemTap support upstream. +Source2: libruby.stp +Source3: ruby-exercise.stp +Source4: macros.ruby +Source5: macros.rubygems +Source6: abrt_prelude.rb +# This wrapper fixes https://bugzilla.redhat.com/show_bug.cgi?id=977941 +# Hopefully, it will get removed soon: +# https://fedorahosted.org/fpc/ticket/312 +# https://bugzilla.redhat.com/show_bug.cgi?id=977941 +Source7: config.h +# ABRT hoook test case. +Source8: test_abrt.rb +# SystemTap tests. +Source9: test_systemtap.rb + + +# Include the constants defined in macros files. +# http://rpm.org/ticket/866 +%{lua: + +function source_macros(file) + local macro = nil + + for line in io.lines(file) do + if not macro and line:match("^%%") then + macro = line:match("^%%(.*)$") + line = nil + end + + if macro then + if line and macro:match("^.-%s*\\%s*$") then + macro = macro .. '\n' .. line + end + + if not macro:match("^.-%s*\\%s*$") then + rpm.define(macro) + macro = nil + end + end + end +end + +source_macros(rpm.expand("%{SOURCE4}")) +source_macros(rpm.expand("%{SOURCE5}")) + +} + +# http://bugs.ruby-lang.org/issues/7807 +Patch0: ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +# Force multiarch directories for i.86 to be always named i386. This solves +# some differencies in build between Fedora and RHEL. +Patch3: ruby-1.9.3-always-use-i386.patch +# Fixes random WEBRick test failures. +# https://bugs.ruby-lang.org/issues/6573. +Patch5: ruby-1.9.3.p195-fix-webrick-tests.patch +# Allows to install RubyGems into custom directory, outside of Ruby's tree. +# http://redmine.ruby-lang.org/issues/5617 +Patch8: ruby-1.9.3-custom-rubygems-location.patch +# Add support for installing binary extensions according to FHS. +# https://github.com/rubygems/rubygems/issues/210 +# Note that 8th patch might be resolved by +# https://bugs.ruby-lang.org/issues/7897 +Patch9: rubygems-2.0.0-binary-extensions.patch +# Make mkmf verbose by default +Patch12: ruby-1.9.3-mkmf-verbose.patch +# This slightly changes behavior of "gem install --install-dir" behavior. +# Without this patch, Specifications.dirs is modified and gems installed on +# the system cannot be required anymore. This causes later issues when RDoc +# documentation should be generated, since json gem is sudenly not accessible. +# https://github.com/rubygems/rubygems/pull/452 +Patch13: rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch +# This prevents issues, when ruby configuration specifies --with-ruby-version=''. +# https://github.com/rubygems/rubygems/pull/455 +Patch14: rubygems-2.0.0-Fixes-for-empty-ruby-version.patch +# Adds aarch64 support. +# http://bugs.ruby-lang.org/issues/8331 +# https://bugzilla.redhat.com/show_bug.cgi?id=926463 +# Please note that this is the BZ patch, it might be good idea to update it +# with its upstream version when available. +Patch16: ruby-2.0.0-p195-aarch64.patch +# Adds support for '--with-prelude' configuration option. This allows to built +# in support for ABRT. +# http://bugs.ruby-lang.org/issues/8566 +Patch17: ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch +# CVE-2014-4975: Fix off-by-one stack-based buffer overflow in the encodes() function +# https://bugs.ruby-lang.org/issues/10019 +Patch24: ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch +# Remove tests depending on europe/moscow to avoid failures due to tzdata change +# https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 +Patch26: ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch +# Raise an Error on a unterminated heredoc +# https://github.com/rdoc/rdoc/commit/f4f5b94285aa9b20cacf78bda61450e17be63a22 +Patch27: rubygem-rdoc-4.0.1-unterminated-heredoc.patch +# Fix tk extconf not to include -rpath +# - p24 is upstream revision +# - p25 is my fix for the revision (otherwise tcl/tk won't build) +# https://bugs.ruby-lang.org/issues/9386 +Patch28: ruby-trunk-tk-rpath-fix.patch +Patch29: ruby-trunk-tk-extconf-fix.patch +# Fix test_execute_default_gem(TestGemCommandsContentsCommand) test error. +# https://github.com/rubygems/rubygems/commit/6b8681421b516be1244e17618507811923b1bb3b +Patch30: rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch +# Fix "dh key too small" error of OpenSSL 1.0.2c+. +# https://github.com/rubygems/rubygems/issues/1289 +# https://github.com/ruby/ruby/commit/6398515adfc86813686605019a3e22d49cd95517 +Patch31: ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch +# Fix significant hash table performance slowdown on ppc64le +# https://bugzilla.redhat.com/show_bug.cgi?id=1163032 +# https://github.com/ruby/ruby/commit/59ed302965c5e38526ad33b13d8361859c5e7726 +Patch32: ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch +# Support in no_proxy for domain names with whitespaces and leading dots +# https://bugzilla.redhat.com/show_bug.cgi?id=1300433 +# https://github.com/ruby/ruby/commit/423d042371d0402071c309dc403ea2701600a98b +Patch33: ruby-2.4.0-no_proxy-with-whitespaces-and-leading-dots.patch +# Fix missing declaration of 'rb_frame_last_func' +# https://github.com/ruby/ruby/commit/428791543be9e13af9426970f5796f3157dd30a0 +Patch34: ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch +# Fix hostname size limit +# https://bugs.ruby-lang.org/issues/11877 +# https://bugzilla.redhat.com/show_bug.cgi?id=1343945 +Patch35: ruby-2.1.0-fix-hostname-size-limit.patch +# Fix test_npn_protocol_selection_ary and test_npn_protocol_selection_enum +# failures with newest openssl. +# https://bugzilla.redhat.com/show_bug.cgi?id=1416123 +# https://bugs.ruby-lang.org/issues/11369 +Patch36: ruby-2.2.4-check-length-of-selected-NPN-protocol.patch +# https://bugs.ruby-lang.org/issues/11810 +Patch37: ruby-2.2.6-fix-parsing-protocol-list.patch +# CVE-2017-0903: Fix unsafe object deserialization through YAML formatted gem +# specifications. +# https://bugs.ruby-lang.org/issues/14003 +Patch38: ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch +# CVE-2017-0899 - Fix an ANSI escape sequence vulnerability. +# CVE-2017-0900 - Fix a DOS vulernerability in the query command. +# CVE-2017-0901 - Fix a vulnerability in the gem installer that allowed +# a malicious gem to overwrite arbitrary files. +# CVE-2017-0902 - Fix a DNS request hijacking vulnerability. +# https://bugs.ruby-lang.org/issues/13842 +Patch39: ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch +# CVE-2017-0898 - Buffer underrun vulnerability in Kernel.sprintf +# https://bugs.ruby-lang.org/issues/13499 +Patch40: ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch +# CVE-2017-10784 - Escape sequence injection vulnerability in the Basic +# authentication of WEBrick +# https://github.com/ruby/ruby/commit/8a81d04d2588d9c7a898473b431a0dabcab39fbd +Patch41: ruby-2.2.8-sanitize-any-type-of-logs.patch +# CVE-2017-14064 - Arbitrary heap exposure during a JSON.generate call +# https://bugs.ruby-lang.org/issues/13853 +Patch42: ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch +# CVE-2017-17405 - Command injection vulnerability in Net::FTP +# https://bugs.ruby-lang.org/issues/14185 +Patch43: ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch +# CVE-2017-14033 - Buffer underrun in OpenSSL ASN1 decode. +# https://github.com/ruby/ruby/commit/5450329ad1778d72f117b68e5edb97ae1bf4d438 +Patch44: ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch +# CVE-2017-17790 - Command injection in lib/resolv.rb:lazy_initialize() allows +# arbitrary code execution +# https://bugs.ruby-lang.org/issues/14205 +Patch45: ruby-2.5.0-Fixed-command-Injection.patch +# Patch for CVE-2017-0903 depends on Psych.safe_load method, which should be +# available in Psych 2.0.0, which is being part of Ruby 2.0.0, but that is +# apparently not true :/ +# https://github.com/ruby/ruby/commit/476a62fbbec0c8b7dafb74827447cfb4ebd7dd06 +Patch46: ruby-2.1.0-there-should-be-only-one-exception.patch +# https://github.com/ruby/ruby/commit/7ceafcbdf5bd2155704839f97b869e689f66feeb +Patch47: ruby-2.1.0-Adding-Psych.safe_load.patch +# Recent tzdata change breaks Ruby test suite. +# https://bugs.ruby-lang.org/issues/14438 +Patch48: ruby-2.5.0-Disable-Tokyo-TZ-tests.patch + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: ruby(rubygems) >= %{rubygems_version} +# Make the bigdecimal gem a runtime dependency of Ruby to avoid problems +# with user-installed gems, that don't require it in gemspec/Gemfile +# See https://bugzilla.redhat.com/show_bug.cgi?id=829209 +# and http://bugs.ruby-lang.org/issues/6123 +Requires: rubygem(bigdecimal) >= %{bigdecimal_version} + +BuildRequires: autoconf +BuildRequires: gdbm-devel +BuildRequires: ncurses-devel +BuildRequires: libdb-devel +BuildRequires: libffi-devel +BuildRequires: openssl-devel +BuildRequires: libyaml-devel +BuildRequires: readline-devel +BuildRequires: tk-devel +# Needed to pass test_set_program_name(TestRubyOptions) +BuildRequires: procps +BuildRequires: %{_bindir}/dtrace +# Unbundle cert.pem +BuildRequires: ca-certificates + +# This package provides %%{_bindir}/ruby-mri therefore it is marked by this +# virtual provide. It can be installed as dependency of rubypick. +Provides: ruby(runtime_executable) = %{ruby_release} + +%global __provides_exclude_from ^(%{ruby_libarchdir}|%{gem_archdir})/.*\\.so$ + +%description +Ruby is the interpreted scripting language for quick and easy +object-oriented programming. It has many features to process text +files and to do system management tasks (as in Perl). It is simple, +straight-forward, and extensible. + + +%package devel +Summary: A Ruby development environment +Group: Development/Languages +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Header files and libraries for building an extension library for the +Ruby or an application embedding Ruby. + +%package libs +Summary: Libraries necessary to run Ruby +Group: Development/Libraries +License: Ruby or BSD +Provides: ruby(release) = %{ruby_release} + +%description libs +This package includes the libruby, necessary to run Ruby. + +# TODO: Rename or not rename to ruby-rubygems? +%package -n rubygems +Summary: The Ruby standard for packaging ruby libraries +Version: %{rubygems_version} +Group: Development/Libraries +License: Ruby or MIT +Requires: ruby(release) +Requires: rubygem(rdoc) >= %{rdoc_version} +Requires: rubygem(io-console) >= %{io_console_version} +Requires: rubygem(psych) >= %{psych_version} +Requires: ca-certificates +Provides: gem = %{version}-%{release} +Provides: ruby(rubygems) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygems +RubyGems is the Ruby standard for publishing and managing third party +libraries. + + +%package -n rubygems-devel +Summary: Macros and development tools for packaging RubyGems +Version: %{rubygems_version} +Group: Development/Libraries +License: Ruby or MIT +Requires: ruby(rubygems) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygems-devel +Macros and development tools for packaging RubyGems. + + +%package -n rubygem-rake +Summary: Ruby based make-like utility +Version: %{rake_version} +Group: Development/Libraries +License: Ruby or MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rake = %{version}-%{release} +Provides: rubygem(rake) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygem-rake +Rake is a Make-like program implemented in Ruby. Tasks and dependencies are +specified in standard Ruby syntax. + + +%package irb +Summary: The Interactive Ruby +Version: %{irb_version} +Group: Development/Libraries +Requires: %{name}-libs = %{ruby_version_patch_level} +Provides: irb = %{version}-%{release} +Provides: ruby(irb) = %{version}-%{release} +BuildArch: noarch + +%description irb +The irb is acronym for Interactive Ruby. It evaluates ruby expression +from the terminal. + + +%package -n rubygem-rdoc +Summary: A tool to generate HTML and command-line documentation for Ruby projects +Version: %{rdoc_version} +Group: Development/Libraries +License: GPLv2 and Ruby and MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Requires: ruby(irb) = %{irb_version} +Requires: rubygem(json) >= %{json_version} +Provides: rdoc = %{version}-%{release} +Provides: ri = %{version}-%{release} +Provides: rubygem(rdoc) = %{version}-%{release} +Obsoletes: ruby-rdoc < %{version} +Obsoletes: ruby-ri < %{version} +BuildArch: noarch + +%description -n rubygem-rdoc +RDoc produces HTML and command-line documentation for Ruby projects. RDoc +includes the 'rdoc' and 'ri' tools for generating and displaying online +documentation. + + +%package doc +Summary: Documentation for %{name} +Group: Documentation +Requires: %{_bindir}/ri +BuildArch: noarch + +%description doc +This package contains documentation for %{name}. + + +%package -n rubygem-bigdecimal +Summary: BigDecimal provides arbitrary-precision floating point decimal arithmetic +Version: %{bigdecimal_version} +Group: Development/Libraries +License: GPL+ or Artistic +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(bigdecimal) = %{version}-%{release} + +%description -n rubygem-bigdecimal +Ruby provides built-in support for arbitrary precision integer arithmetic. +For example: + +42**13 -> 1265437718438866624512 + +BigDecimal provides similar support for very large or very accurate floating +point numbers. Decimal arithmetic is also useful for general calculation, +because it provides the correct answers people expect–whereas normal binary +floating point arithmetic often introduces subtle errors because of the +conversion between base 10 and base 2. + + +%package -n rubygem-io-console +Summary: IO/Console is a simple console utilizing library +Version: %{io_console_version} +Group: Development/Libraries +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(io-console) = %{version}-%{release} + +%description -n rubygem-io-console +IO/Console provides very simple and portable access to console. It doesn't +provide higher layer features, such like curses and readline. + + +%package -n rubygem-json +Summary: This is a JSON implementation as a Ruby extension in C +Version: %{json_version} +Group: Development/Libraries +License: Ruby or GPLv2 +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(json) = %{version}-%{release} + +%description -n rubygem-json +This is a implementation of the JSON specification according to RFC 4627. +You can think of it as a low fat alternative to XML, if you want to store +data to disk or transmit it over a network rather than use a verbose +markup language. + + +%package -n rubygem-minitest +Summary: Minitest provides a complete suite of testing facilities +Version: %{minitest_version} +Group: Development/Libraries +License: MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(minitest) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygem-minitest +minitest/unit is a small and incredibly fast unit testing framework. + +minitest/spec is a functionally complete spec engine. + +minitest/benchmark is an awesome way to assert the performance of your +algorithms in a repeatable manner. + +minitest/mock by Steven Baker, is a beautifully tiny mock object +framework. + +minitest/pride shows pride in testing and adds coloring to your test +output. + + +%package -n rubygem-psych +Summary: A libyaml wrapper for Ruby +Version: %{psych_version} +Group: Development/Libraries +License: MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(psych) = %{version}-%{release} + +%description -n rubygem-psych +Psych is a YAML parser and emitter. Psych leverages +libyaml[http://pyyaml.org/wiki/LibYAML] for its YAML parsing and emitting +capabilities. In addition to wrapping libyaml, Psych also knows how to +serialize and de-serialize most Ruby objects to and from the YAML format. + +# TODO: +# %%pacakge -n rubygem-test-unit + + +%package tcltk +Summary: Tcl/Tk interface for scripting language Ruby +Group: Development/Languages +Requires: %{name}-libs%{?_isa} = %{ruby_version_patch_level} +Provides: ruby(tcltk) = %{ruby_version_patch_level}-%{release} + +%description tcltk +Tcl/Tk interface for the object-oriented scripting language Ruby. + +%prep +%setup -q -n %{ruby_archive} + +%patch0 -p1 +%patch3 -p1 +%patch5 -p1 +%patch8 -p1 +%patch9 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch16 -p1 +%patch17 -p1 +%patch24 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 +%patch43 -p1 +%patch44 -p1 +%patch45 -p1 +%patch46 -p1 +%patch47 -p1 +%patch48 -p1 + +# Provide an example of usage of the tapset: +cp -a %{SOURCE3} . + +# Make abrt_prelude.rb available for compilation process. The prelude must be +# available together with Ruby's source due to +# https://github.com/ruby/ruby/blob/trunk/tool/compile_prelude.rb#L26 +cp -a %{SOURCE6} . + +%build +autoconf + +%configure \ + --with-rubylibprefix='%{ruby_libdir}' \ + --with-rubyarchprefix='%{ruby_libarchdir}' \ + --with-sitedir='%{ruby_sitelibdir}' \ + --with-sitearchdir='%{ruby_sitearchdir}' \ + --with-vendordir='%{ruby_vendorlibdir}' \ + --with-vendorarchdir='%{ruby_vendorarchdir}' \ + --with-rubyhdrdir='%{_includedir}' \ + --with-rubyarchhdrdir='%{_includedir}' \ + --with-sitearchhdrdir='$(sitehdrdir)/$(arch)' \ + --with-vendorarchhdrdir='$(vendorhdrdir)/$(arch)' \ + --with-rubygemsdir='%{rubygems_dir}' \ + --with-ruby-pc='%{name}.pc' \ + --disable-rpath \ + --enable-shared \ + --with-ruby-version='' \ + --enable-multiarch \ + --with-prelude=./abrt_prelude.rb \ + + + +# Q= makes the build output more verbose and allows to check Fedora +# compiler options. +make %{?_smp_mflags} COPY="cp -p" Q= + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +# Rename ruby/config.h to ruby/config-.h to avoid file conflicts on +# multilib systems and install config.h wrapper +mv %{buildroot}%{_includedir}/%{name}/config.h %{buildroot}%{_includedir}/%{name}/config-%{_arch}.h +install -m644 %{SOURCE7} %{buildroot}%{_includedir}/%{name}/config.h + +# Rename the ruby executable. It is replaced by RubyPick. +%{?with_rubypick:mv %{buildroot}%{_bindir}/%{name}{,-mri}} + +# Version is empty if --with-ruby-version is specified. +# http://bugs.ruby-lang.org/issues/7807 +sed -i 's/Version: \${ruby_version}/Version: %{ruby_version}/' %{buildroot}%{_libdir}/pkgconfig/%{name}.pc + +# Move macros file insto proper place and replace the %%{name} macro, since it +# would be wrongly evaluated during build of other packages. +mkdir -p %{buildroot}%{_sysconfdir}/rpm +install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/rpm/macros.ruby +sed -i "s/%%{name}/%{name}/" %{buildroot}%{_sysconfdir}/rpm/macros.ruby +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/rpm/macros.rubygems +sed -i "s/%%{name}/%{name}/" %{buildroot}%{_sysconfdir}/rpm/macros.rubygems + +# Kill bundled cert.pem +mkdir -p %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ +ln -sf %{_sysconfdir}/pki/tls/cert.pem \ + %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ca-bundle.pem + +# Install custom operating_system.rb. +mkdir -p %{buildroot}%{rubygems_dir}/rubygems/defaults +cp %{SOURCE1} %{buildroot}%{rubygems_dir}/rubygems/defaults + +# Move gems root into common direcotry, out of Ruby directory structure. +mv %{buildroot}%{ruby_libdir}/gems %{buildroot}%{gem_dir} + +# Create folders for gem binary extensions. +# TODO: These folders should go into rubygem-filesystem but how to achieve it, +# since noarch package cannot provide arch dependent subpackages? +# http://rpm.org/ticket/78 +mkdir -p %{buildroot}%{_exec_prefix}/lib{,64}/gems/%{name} + +# Move bundled rubygems to %%gem_dir and %%gem_extdir_mri +# make symlinks for io-console and bigdecimal, which are considered to be part of stdlib by other Gems +mkdir -p %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/lib +mv %{buildroot}%{ruby_libdir}/rake* %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/rake-%{rake_version}.gemspec %{buildroot}%{gem_dir}/specifications + +mkdir -p %{buildroot}%{gem_dir}/gems/rdoc-%{rdoc_version}/lib +mv %{buildroot}%{ruby_libdir}/rdoc* %{buildroot}%{gem_dir}/gems/rdoc-%{rdoc_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/rdoc-%{rdoc_version}.gemspec %{buildroot}%{gem_dir}/specifications + +mkdir -p %{buildroot}%{gem_dir}/gems/bigdecimal-%{bigdecimal_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version}/lib +mv %{buildroot}%{ruby_libdir}/bigdecimal %{buildroot}%{gem_dir}/gems/bigdecimal-%{bigdecimal_version}/lib +mv %{buildroot}%{ruby_libarchdir}/bigdecimal.so %{buildroot}%{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/bigdecimal-%{bigdecimal_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/bigdecimal-%{bigdecimal_version}/lib/bigdecimal %{buildroot}%{ruby_libdir}/bigdecimal +ln -s %{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version}/lib/bigdecimal.so %{buildroot}%{ruby_libarchdir}/bigdecimal.so + +mkdir -p %{buildroot}%{gem_dir}/gems/io-console-%{io_console_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/io-console-%{io_console_version}/lib/io +mv %{buildroot}%{ruby_libdir}/io %{buildroot}%{gem_dir}/gems/io-console-%{io_console_version}/lib +mv %{buildroot}%{ruby_libarchdir}/io/console.so %{buildroot}%{_libdir}/gems/%{name}/io-console-%{io_console_version}/lib/io +mv %{buildroot}%{gem_dir}/specifications/default/io-console-%{io_console_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/io-console-%{io_console_version}/lib/io %{buildroot}%{ruby_libdir}/io +ln -s %{_libdir}/gems/%{name}/io-console-%{io_console_version}/lib/io/console.so %{buildroot}%{ruby_libarchdir}/io/console.so + +mkdir -p %{buildroot}%{gem_dir}/gems/json-%{json_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/json-%{json_version}/lib +mv %{buildroot}%{ruby_libdir}/json* %{buildroot}%{gem_dir}/gems/json-%{json_version}/lib +mv %{buildroot}%{ruby_libarchdir}/json/ %{buildroot}%{_libdir}/gems/%{name}/json-%{json_version}/lib/ +mv %{buildroot}%{gem_dir}/specifications/default/json-%{json_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/json-%{json_version}/lib/json.rb %{buildroot}%{ruby_libdir}/json.rb +ln -s %{gem_dir}/gems/json-%{json_version}/lib/json %{buildroot}%{ruby_libdir}/json +ln -s %{_libdir}/gems/%{name}/json-%{json_version}/lib/json/ %{buildroot}%{ruby_libarchdir}/json + +mkdir -p %{buildroot}%{gem_dir}/gems/minitest-%{minitest_version}/lib +mv %{buildroot}%{ruby_libdir}/minitest %{buildroot}%{gem_dir}/gems/minitest-%{minitest_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/minitest-%{minitest_version}.gemspec %{buildroot}%{gem_dir}/specifications + +mkdir -p %{buildroot}%{gem_dir}/gems/psych-%{psych_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/psych-%{psych_version}/lib +mv %{buildroot}%{ruby_libdir}/psych* %{buildroot}%{gem_dir}/gems/psych-%{psych_version}/lib +mv %{buildroot}%{ruby_libarchdir}/psych.so %{buildroot}%{_libdir}/gems/%{name}/psych-%{psych_version}/lib/ +mv %{buildroot}%{gem_dir}/specifications/default/psych-%{psych_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/psych-%{psych_version}/lib/psych %{buildroot}%{ruby_libdir}/psych +ln -s %{gem_dir}/gems/psych-%{psych_version}/lib/psych.rb %{buildroot}%{ruby_libdir}/psych.rb +ln -s %{_libdir}/gems/%{name}/psych-%{psych_version}/lib/psych.so %{buildroot}%{ruby_libarchdir}/psych.so + +# Adjust the gemspec files so that the gems will load properly +sed -i '/^end$/ i\ + s.require_paths = ["lib"]' %{buildroot}%{gem_dir}/specifications/rake-%{rake_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]' %{buildroot}%{gem_dir}/specifications/rdoc-%{rdoc_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]\ + s.extensions = ["bigdecimal.so"]' %{buildroot}%{gem_dir}/specifications/bigdecimal-%{bigdecimal_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]\ + s.extensions = ["io/console.so"]' %{buildroot}%{gem_dir}/specifications/io-console-%{io_console_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]\ + s.extensions = ["json/ext/parser.so", "json/ext/generator.so"]' %{buildroot}%{gem_dir}/specifications/json-%{json_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]' %{buildroot}%{gem_dir}/specifications/minitest-%{minitest_version}.gemspec + +# Install a tapset and fix up the path to the library. +mkdir -p %{buildroot}%{tapset_dir} +sed -e "s|@LIBRARY_PATH@|%{tapset_libdir}/libruby.so.%{ruby_version}|" \ + %{SOURCE2} > %{buildroot}%{tapset_dir}/libruby.so.%{ruby_version}.stp +# Escape '*/' in comment. +sed -i -r "s|( \*.*\*)\/(.*)|\1\\\/\2|" %{buildroot}%{tapset_dir}/libruby.so.%{ruby_version}.stp + +%check +# Check RubyGems version correctness. +[ "`make runruby TESTRUN_SCRIPT='bin/gem -v' | tail -1`" == '%{rubygems_version}' ] + +DISABLE_TESTS="" + +%ifarch armv7l armv7hl armv7hnl +# test_call_double(DL::TestDL) fails on ARM HardFP +# http://bugs.ruby-lang.org/issues/6592 +DISABLE_TESTS="-x test_dl2.rb $DISABLE_TESTS" +%endif + +# test_debug(TestRubyOptions) fails due to LoadError reported in debug mode, +# when abrt.rb cannot be required (seems to be easier way then customizing +# the test suite). +touch abrt.rb + +# Check if abrt hook is required (RubyGems are disabled by default when using +# runruby, so re-enable them). +make runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE8}" + +# Check if systemtap is supported. +make runruby TESTRUN_SCRIPT=%{SOURCE9} + +# Tests fail without installed Ruby, possibly due to build with prefix. +# https://bugs.ruby-lang.org/issues/11434 +sed -i "/test_try_/ a\ return;" test/mkmf/test_flags.rb + +# Recent glibc seqfaults when executed with LD_PRELOAD => hardcode +# the check result for now. +# https://bugzilla.redhat.com/show_bug.cgi?id=1428369#c6 +sed -i '/combination(STRINGS, STRINGS) {|str, salt|/i\ strict_crypt = true' \ + test/ruby/test_m17n_comb.rb + +# Allow MD5 in OpenSSL. +# https://bugs.ruby-lang.org/issues/9154 +OPENSSL_ENABLE_MD5_VERIFY=1 make check TESTS="-v $DISABLE_TESTS" + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%files +%doc COPYING +%lang(ja) %doc COPYING.ja +%doc GPL +%doc LEGAL +%{_bindir}/erb +%{_bindir}/%{name}%{?with_rubypick:-mri} +%{_bindir}/testrb +%{_mandir}/man1/erb* +%{_mandir}/man1/ruby* + +# http://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries +%exclude %{_libdir}/libruby-static.a + +%files devel +%doc COPYING* +%doc GPL +%doc LEGAL +%doc README.EXT +%lang(ja) %doc README.EXT.ja + +%{_sysconfdir}/rpm/macros.ruby + +%{_includedir}/* +%{_libdir}/libruby.so +%{_libdir}/pkgconfig/%{name}.pc + +%files libs +%doc COPYING +%lang(ja) %doc COPYING.ja +%doc GPL +%doc LEGAL +%doc README +%lang(ja) %doc README.ja +%doc NEWS +%doc doc/NEWS-* +# Exclude /usr/local directory since it is supposed to be managed by +# local system administrator. +%exclude %{ruby_sitelibdir} +%exclude %{ruby_sitearchdir} +%dir %{ruby_vendorlibdir} +%dir %{ruby_vendorarchdir} + +# List all these files explicitly to prevent surprises +# Platform independent libraries. +%dir %{ruby_libdir} +%{ruby_libdir}/*.rb +%exclude %{ruby_libdir}/*-tk.rb +%exclude %{ruby_libdir}/irb.rb +%exclude %{ruby_libdir}/tcltk.rb +%exclude %{ruby_libdir}/tk*.rb +%exclude %{ruby_libdir}/psych.rb +%{ruby_libdir}/cgi +%{ruby_libdir}/date +%{ruby_libdir}/digest +%{ruby_libdir}/dl +%{ruby_libdir}/drb +%{ruby_libdir}/fiddle +%exclude %{ruby_libdir}/gems +%exclude %{ruby_libdir}/irb +%{ruby_libdir}/matrix +%{ruby_libdir}/net +%{ruby_libdir}/openssl +%{ruby_libdir}/optparse +%{ruby_libdir}/racc +%{ruby_libdir}/rbconfig +%{ruby_libdir}/rexml +%{ruby_libdir}/rinda +%{ruby_libdir}/ripper +%{ruby_libdir}/rss +%{ruby_libdir}/shell +%{ruby_libdir}/syslog +%{ruby_libdir}/test +%exclude %{ruby_libdir}/tk +%exclude %{ruby_libdir}/tkextlib +%{ruby_libdir}/uri +%{ruby_libdir}/webrick +%{ruby_libdir}/xmlrpc +%{ruby_libdir}/yaml + +# Platform specific libraries. +%{_libdir}/libruby.so.* +%dir %{ruby_libarchdir} +%{ruby_libarchdir}/continuation.so +%{ruby_libarchdir}/coverage.so +%{ruby_libarchdir}/curses.so +%{ruby_libarchdir}/date_core.so +%{ruby_libarchdir}/dbm.so +%dir %{ruby_libarchdir}/digest +%{ruby_libarchdir}/digest.so +%{ruby_libarchdir}/digest/bubblebabble.so +%{ruby_libarchdir}/digest/md5.so +%{ruby_libarchdir}/digest/rmd160.so +%{ruby_libarchdir}/digest/sha1.so +%{ruby_libarchdir}/digest/sha2.so +%dir %{ruby_libarchdir}/dl +%{ruby_libarchdir}/dl.so +%{ruby_libarchdir}/dl/callback.so +%dir %{ruby_libarchdir}/enc +%{ruby_libarchdir}/enc/big5.so +%{ruby_libarchdir}/enc/cp949.so +%{ruby_libarchdir}/enc/emacs_mule.so +%{ruby_libarchdir}/enc/encdb.so +%{ruby_libarchdir}/enc/euc_jp.so +%{ruby_libarchdir}/enc/euc_kr.so +%{ruby_libarchdir}/enc/euc_tw.so +%{ruby_libarchdir}/enc/gb18030.so +%{ruby_libarchdir}/enc/gb2312.so +%{ruby_libarchdir}/enc/gbk.so +%{ruby_libarchdir}/enc/iso_8859_1.so +%{ruby_libarchdir}/enc/iso_8859_10.so +%{ruby_libarchdir}/enc/iso_8859_11.so +%{ruby_libarchdir}/enc/iso_8859_13.so +%{ruby_libarchdir}/enc/iso_8859_14.so +%{ruby_libarchdir}/enc/iso_8859_15.so +%{ruby_libarchdir}/enc/iso_8859_16.so +%{ruby_libarchdir}/enc/iso_8859_2.so +%{ruby_libarchdir}/enc/iso_8859_3.so +%{ruby_libarchdir}/enc/iso_8859_4.so +%{ruby_libarchdir}/enc/iso_8859_5.so +%{ruby_libarchdir}/enc/iso_8859_6.so +%{ruby_libarchdir}/enc/iso_8859_7.so +%{ruby_libarchdir}/enc/iso_8859_8.so +%{ruby_libarchdir}/enc/iso_8859_9.so +%{ruby_libarchdir}/enc/koi8_r.so +%{ruby_libarchdir}/enc/koi8_u.so +%{ruby_libarchdir}/enc/shift_jis.so +%dir %{ruby_libarchdir}/enc/trans +%{ruby_libarchdir}/enc/trans/big5.so +%{ruby_libarchdir}/enc/trans/chinese.so +%{ruby_libarchdir}/enc/trans/emoji.so +%{ruby_libarchdir}/enc/trans/emoji_iso2022_kddi.so +%{ruby_libarchdir}/enc/trans/emoji_sjis_docomo.so +%{ruby_libarchdir}/enc/trans/emoji_sjis_kddi.so +%{ruby_libarchdir}/enc/trans/emoji_sjis_softbank.so +%{ruby_libarchdir}/enc/trans/escape.so +%{ruby_libarchdir}/enc/trans/gb18030.so +%{ruby_libarchdir}/enc/trans/gbk.so +%{ruby_libarchdir}/enc/trans/iso2022.so +%{ruby_libarchdir}/enc/trans/japanese.so +%{ruby_libarchdir}/enc/trans/japanese_euc.so +%{ruby_libarchdir}/enc/trans/japanese_sjis.so +%{ruby_libarchdir}/enc/trans/korean.so +%{ruby_libarchdir}/enc/trans/single_byte.so +%{ruby_libarchdir}/enc/trans/transdb.so +%{ruby_libarchdir}/enc/trans/utf8_mac.so +%{ruby_libarchdir}/enc/trans/utf_16_32.so +%{ruby_libarchdir}/enc/utf_16be.so +%{ruby_libarchdir}/enc/utf_16le.so +%{ruby_libarchdir}/enc/utf_32be.so +%{ruby_libarchdir}/enc/utf_32le.so +%{ruby_libarchdir}/enc/windows_1251.so +%{ruby_libarchdir}/enc/windows_31j.so +%{ruby_libarchdir}/etc.so +%{ruby_libarchdir}/fcntl.so +%{ruby_libarchdir}/fiber.so +%{ruby_libarchdir}/fiddle.so +%{ruby_libarchdir}/gdbm.so +%dir %{ruby_libarchdir}/io +%{ruby_libarchdir}/io/nonblock.so +%{ruby_libarchdir}/io/wait.so +%dir %{ruby_libarchdir}/mathn +%{ruby_libarchdir}/mathn/complex.so +%{ruby_libarchdir}/mathn/rational.so +%{ruby_libarchdir}/nkf.so +%{ruby_libarchdir}/objspace.so +%{ruby_libarchdir}/openssl.so +%{ruby_libarchdir}/pathname.so +%{ruby_libarchdir}/pty.so +%dir %{ruby_libarchdir}/racc +%{ruby_libarchdir}/racc/cparse.so +%{ruby_libarchdir}/rbconfig.rb +%{ruby_libarchdir}/readline.so +%{ruby_libarchdir}/ripper.so +%{ruby_libarchdir}/sdbm.so +%{ruby_libarchdir}/socket.so +%{ruby_libarchdir}/stringio.so +%{ruby_libarchdir}/strscan.so +%{ruby_libarchdir}/syslog.so +%exclude %{ruby_libarchdir}/tcltklib.so +%exclude %{ruby_libarchdir}/tkutil.so +%{ruby_libarchdir}/zlib.so + +%{tapset_root} + +# TODO rubygems 2.0.0 does not create test-unit gemspec +# TODO for now put this in ruby-libs rpm +# TODO check if the following can be removed after +# TODO test-unit rebuild +%dir %{gem_dir} +%dir %{gem_dir}/specifications +%dir %{gem_dir}/specifications/default +%{gem_dir}/specifications/default/test-unit-*.gemspec + +%files -n rubygems +%{_bindir}/gem +%{rubygems_dir} +%{gem_dir} +%exclude %{gem_dir}/gems/* +%{_exec_prefix}/lib*/gems +%exclude %{_exec_prefix}/lib*/gems/%{name}/bigdecimal-%{bigdecimal_version} +%exclude %{_exec_prefix}/lib*/gems/%{name}/io-console-%{io_console_version} +%exclude %{_exec_prefix}/lib*/gems/%{name}/json-%{json_version} +%exclude %{_exec_prefix}/lib*/gems/%{name}/psych-%{psych_version} +%exclude %{gem_dir}/gems/rake-%{rake_version} +%exclude %{gem_dir}/gems/rdoc-%{rdoc_version} +%exclude %{gem_dir}/specifications/bigdecimal-%{bigdecimal_version}.gemspec +%exclude %{gem_dir}/specifications/io-console-%{io_console_version}.gemspec +%exclude %{gem_dir}/specifications/json-%{json_version}.gemspec +%exclude %{gem_dir}/specifications/minitest-%{minitest_version}.gemspec +%exclude %{gem_dir}/specifications/rake-%{rake_version}.gemspec +%exclude %{gem_dir}/specifications/rdoc-%{rdoc_version}.gemspec +%exclude %{gem_dir}/specifications/psych-%{psych_version}.gemspec +# TODO rubygems 2.0.0 does not create test-unit gemspec +# TODO where to put test-unit-*.gemspec?? +%exclude %{gem_dir}/specifications/default/test-unit-*.gemspec + +%files -n rubygems-devel +%{_sysconfdir}/rpm/macros.rubygems + +%files -n rubygem-rake +%{_bindir}/rake +%{gem_dir}/gems/rake-%{rake_version} +%{gem_dir}/specifications/rake-%{rake_version}.gemspec +%{_mandir}/man1/rake.1* + +%files irb +%{_bindir}/irb +%{ruby_libdir}/irb.rb +%{ruby_libdir}/irb +%{_mandir}/man1/irb.1* + +%files -n rubygem-rdoc +%{_bindir}/rdoc +%{_bindir}/ri +%{gem_dir}/gems/rdoc-%{rdoc_version} +%{gem_dir}/specifications/rdoc-%{rdoc_version}.gemspec +%{_mandir}/man1/ri* + +%files doc +%doc README +%lang(ja) %doc README.ja +%doc ChangeLog +%doc doc/ChangeLog-* +%doc ruby-exercise.stp +%{_datadir}/ri + +%files -n rubygem-bigdecimal +%{ruby_libdir}/bigdecimal +%{ruby_libarchdir}/bigdecimal.so +%{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version} +%{gem_dir}/gems/bigdecimal-%{bigdecimal_version} +%{gem_dir}/specifications/bigdecimal-%{bigdecimal_version}.gemspec + +%files -n rubygem-io-console +%{ruby_libdir}/io +%{ruby_libarchdir}/io/console.so +%{_libdir}/gems/%{name}/io-console-%{io_console_version} +%{gem_dir}/gems/io-console-%{io_console_version} +%{gem_dir}/specifications/io-console-%{io_console_version}.gemspec + +%files -n rubygem-json +%{ruby_libdir}/json* +%{ruby_libarchdir}/json* +%{_libdir}/gems/%{name}/json-%{json_version} +%{gem_dir}/gems/json-%{json_version} +%{gem_dir}/specifications/json-%{json_version}.gemspec + +%files -n rubygem-minitest +%{gem_dir}/gems/minitest-%{minitest_version} +%{gem_dir}/specifications/minitest-%{minitest_version}.gemspec + +%files -n rubygem-psych +%{ruby_libdir}/psych +%{ruby_libdir}/psych.rb +%{ruby_libarchdir}/psych.so +%{_libdir}/gems/%{name}/psych-%{psych_version} +%{gem_dir}/gems/psych-%{psych_version} +%{gem_dir}/specifications/psych-%{psych_version}.gemspec + +%files tcltk +%{ruby_libdir}/*-tk.rb +%{ruby_libdir}/tcltk.rb +%{ruby_libdir}/tk*.rb +%{ruby_libarchdir}/tcltklib.so +%{ruby_libarchdir}/tkutil.so +%{ruby_libdir}/tk +%{ruby_libdir}/tkextlib + +%changelog +* Mon Feb 19 2018 Vít Ondruch - 2.0.0.648-33 +- Fix always passing WEBrick test. + +* Fri Feb 16 2018 Vít Ondruch - 2.0.0.648-32 +- Add Psych.safe_load + * ruby-2.1.0-there-should-be-only-one-exception.patch + * ruby-2.1.0-Adding-Psych.safe_load.patch + Related: CVE-2017-0903 +- Disable Tokyo TZ tests broken by recen tzdata update. + * ruby-2.5.0-Disable-Tokyo-TZ-tests.patch + Related: CVE-2017-0903 + +* Mon Jan 15 2018 Vít Ondruch - 2.0.0.648-31 +- Fix unsafe object deserialization in RubyGems (CVE-2017-0903). + * ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization + -vulnerability.patch + Resolves: CVE-2017-0903 +- Fix an ANSI escape sequence vulnerability (CVE-2017-0899). + Resolves: CVE-2017-0899 +- Fix a DOS vulernerability in the query command (CVE-2017-0900). + Resolves: CVE-2017-0900 +- Fix a vulnerability in the gem installer that allowed a malicious gem + to overwrite arbitrary files (CVE-2017-0901). + Resolves: CVE-2017-0901 +- Fix a DNS request hijacking vulnerability (CVE-2017-0902). + * ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch + Resolves: CVE-2017-0902 +- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898). + * ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch + Resolves: CVE-2017-0898 +- Escape sequence injection vulnerability in the Basic + authentication of WEBrick (CVE-2017-10784). + * ruby-2.2.8-sanitize-any-type-of-logs.patch + Resolves: CVE-2017-10784 +- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064). + * ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch + Resolves: CVE-2017-14064 +- Command injection vulnerability in Net::FTP (CVE-2017-17405). + * ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch + Resolves: CVE-2017-17405 +- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033). + * ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch + Resolves: CVE-2017-14033 +- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code + execution(CVE-2017-17790). + * ruby-2.5.0-Fixed-command-Injection.patch + Resolves: CVE-2017-17790 + +* Wed Mar 01 2017 Vít Ondruch - 2.0.0.648-30 +- Fix test_npn_protocol_selection_ary and test_npn_protocol_selection_enum + failures with newest openssl. + Resolves: rhbz#1416123 +- Add gemspec_add_dep and gemspec_remove_dep macros. +- Extend 'gem_' macros for pre-release version support. + Resolves: rhbz#1397390 +- Make symlinks for json gem. + Resolves: rhbz#1308992 + +* Wed Jun 08 2016 Pavel Valena - 2.0.0.648-29 +- Fix hostname size limit + Resolves: rhbz#1343945 + +* Mon Jun 06 2016 Pavel Valena - 2.0.0.648-28 +- Fix missing declaration of 'rb_frame_last_func' + Related: rhbz#1197720 + +* Fri Jun 03 2016 Pavel Valena - 2.0.0.648-27 +- Apply previously unapplied patch #14 + Related: rhbz#1197720 + +* Mon May 09 2016 Pavel Valena - 2.0.0.648-26 +- Rebase to Ruby 2.0.0-p648 + Resolves: rhbz#1197720, rhbz#1298282, rhbz#1258863 + * Remove Patch18: ruby-2.0.0-p247-Revert-mkmf.rb-prefix-install_dirs-only- + with-DESTDIR.patch; subsumed + * Remove Patch23: ruby-openssl-wrap-cipher-fix.patch; subsumed + * Remove Patch25: ruby-2.0.0-p607-DNS-Resolv-fall-back-if-canonicalization- + fails.patch; subsumed +- Remove tests depending on europe/moscow to avoid failures due to tzdata change + https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 +- Add checks for systemtap, abrt hook and rubygems version +- Fix significant hash table performance slowdown on ppc64le + Resolves: rhbz#1163032 +- Support in no_proxy for domain names with whitespaces and leading dots + Resolves: rhbz#1300433 + +* Mon Apr 27 2015 Vít Ondruch - 2.0.0.598-25 +- Fix broken DNS Resolv when resolv.conf has option ndots > 1. + Resolves: rhbz#1200419 + +* Fri Nov 14 2014 Vít Ondruch - 2.0.0.598-24 +- Rebased to Ruby 2.0.0-p598. + * Remove Patch19: ruby-2.0.0-p247-Make-stable-Gem-Specification.files-in- + default-.gems.patch; subsumed + * Remove Patch20: ruby-2.1.1-fix-test-failures-due-to-expired-certs.patch; + subsumed + * Remove Patch21: ruby-2.1.0-test_aes_gcm_wrong_tag-Dont-use-String + -succ.patch; subsumed + * Remove Patch22: ruby-2.2.0-fix-error-with-tzdata.patch; subsumed + Resolves: rhbz#1071187 +- Incorporates fixes for CVE-2014-8080 and CVE-2015-8090. + Resolves: rhbz#1164000 +- Fix for Proxy Realm feature. + Resolves: rhbz#1122140 +- Fix off-by-one stack-based buffer overflow in the encodes() function + (CVE-2014-4975). + Related: rhbz#1164000 + +* Wed Sep 24 2014 Josef Stribny - 2.0.0.353-23 +- Add missing patch for new tzdata + Related: rhbz#1144023 +- Add missing patch for RFC 5649 in OpenSSL + Related: rhbz#1145692 + +* Tue Sep 23 2014 Josef Stribny - 2.0.0.353-22 +- Fix FTBFS with new tzdata + Resolves: rhbz#1144023 +- Fix FTBFS due to a support for RFC 5649 in OpenSSL + Resolves: rhbz#1145692 + +* Thu Aug 14 2014 Vít Ondruch - 2.0.0.353-21 +- Add support for ppc64le arch. + Resolves: rhbz#1126146 + +* Fri Jan 24 2014 Daniel Mach - 2.0.0.353-20 +- Mass rebuild 2014-01-24 + +* Tue Jan 07 2014 Vít Ondruch - 2.0.0.353-19 +- Update to Ruby 2.0.0-p353. + - Resolves: rhbz#1033923 +- Allow MD5 in OpenSSL for tests. + +* Fri Jan 03 2014 Vít Ondruch - 2.0.0.247-18 +- Fix FTBFS due to expired certificate for IMAP test case. +- Fix test_aes_gcm_wrong_tag random failures. + - Resolves: rhbz#1048899 + +* Fri Dec 27 2013 Daniel Mach - 2.0.0.247-18 +- Mass rebuild 2013-12-27 + +* Mon Nov 25 2013 Vít Ondruch - 2.0.0.247-17 +- Heap overflow in floating point parsing (CVE-2013-4164). + * ruby-2.0.0-p353-CVE-2013-4164-ignore-too-long-fraction-part.patch + - Resolves: rhbz#1033503 +- Allow MD5 in OpenSSL tests. + +* Wed Sep 25 2013 Vít Ondruch - 2.0.0.247-16 +- Fix version regex algorithmic complexity vulnerability (CVE for incomplete + fix for CVE-2013-4287) (CVE-2013-4363). + - Related: rhbz#1006429 + +* Tue Sep 17 2013 Vít Ondruch - 2.0.0.247-15 +- Fix version regex algorithmic complexity vulnerability (CVE-2013-4287). + - Resolves: rhbz#1006429 + +* Mon Jul 15 2013 Vít Ondruch - 2.0.0.247-14 +- Add forgotten psych.rb link into rubygem-psych to fix "private method `load' + called for Psych:Moduler" error (rhbz#979133). + +* Thu Jul 11 2013 Vít Ondruch - 2.0.0.247-13 +- Fixes multilib conlicts of .gemspec files. +- Make symlinks for psych gem to ruby stdlib dirs (rhbz#979133). +- Use system-wide cert.pem. + +* Thu Jul 04 2013 Vít Ondruch - 2.0.0.247-12 +- Fix RubyGems search paths when building gems with native extension + (rhbz#979133). + +* Tue Jul 02 2013 Vít Ondruch - 2.0.0.247-11 +- Fix RubyGems version. + +* Tue Jul 02 2013 Vít Ondruch - 2.0.0.247-10 +- Better support for build without configuration (rhbz#977941). + +* Mon Jul 01 2013 Vít Ondruch - 2.0.0.247-9 +- Update to Ruby 2.0.0-p247 (rhbz#979605). +- Fix CVE-2013-4073. +- Fix for wrong makefiles created by mkmf (rhbz#921650). +- Add support for ABRT autoloading. + +* Fri May 17 2013 Vít Ondruch - 2.0.0.195-8 +- Update to Ruby 2.0.0-p195 (rhbz#917374). +- Fix object taint bypassing in DL and Fiddle (CVE-2013-2065). +- Fix build against OpenSSL with enabled ECC curves. +- Add aarch64 support (rhbz#926463). + +* Fri Apr 19 2013 Vít Ondruch - 2.0.0.0-7 +- Macro definition moved into macros.ruby and macros.rubygems files. +- Added filtering macros. +- Filter automatically generated provides of private libraries (rhbz#947408). + +* Fri Mar 22 2013 Vít Ondruch - 2.0.0.0-6 +- Fix RbConfig::CONFIG['exec_prefix'] returns empty string (rhbz#924851). + +* Thu Mar 21 2013 Vít Ondruch - 2.0.0.0-5 +- Make Ruby buildable without rubypick. +- Prevent random test failures. + +* Fri Mar 08 2013 Mamoru TASAKA - 2.0.0.0-4 +- Don't mark rpm config file as %%config (fpc#259) + +* Tue Mar 05 2013 Vít Ondruch - 2.0.0.0-3 +- Avoid "method redefined;" warnings due to modified operating_system.rb. +- Fix strange paths created during build of binary gems. + +* Mon Feb 25 2013 Vít Ondruch - 2.0.0.0-2 +- Prevent squash of %%gem_install with following line. + +* Mon Feb 25 2013 Vít Ondruch - 2.0.0.0-1 +- Update to Ruby 2.0.0-p0. +- Change %%{ruby_extdir} to %%{ruby_extdir_mri} in preparation for better + JRuby support. + +* Mon Feb 25 2013 Mamoru TASAKA - 2.0.0.0-0.3.r39387 +- Move test-unit.gemspec to -libs subpackage for now because rubygems + 2.0.0 does not create this + +* Fri Feb 22 2013 Vít Ondruch - 2.0.0.0-0.2.r39387 +- Fix issues with wrong value of Rubygem's shebang introduced in r39267. + +* Fri Feb 22 2013 Vít Ondruch - 2.0.0.0-0.1.r39387 +- Upgrade to Ruby 2.0.0 (r39387). +- Introduce %%gem_install macro. +- Build against libdb instead of libdb4 (rhbz#894022). +- Move native extensions from exts to ruby directory. +- Enable most of the PPC test suite. +- Change ruby(abi) -> ruby(release). +- Rename ruby executable to ruby-mri, to be prepared for RubyPick. +- Add ruby(runtime_executable) virtual provide, which is later used + by RubyPick. +- RDoc now depends on JSON. +- Try to make -doc subpackage noarch again, since the new RDoc should resolve + the arch dependent issues (https://github.com/rdoc/rdoc/issues/71). +- Enable SystemTap support. +- Add TapSet for Ruby. +- Split Psych into rubygem-psych subpackage. + +* Mon Feb 11 2013 Mamoru TASAKA - 1.9.3.385-28 +- Update to 1.9.3 p385 + +* Sat Jan 19 2013 Mamoru TASAKA - 1.9.3.374-27 +- Update to 1.9.3 p374 +- Fix provided variables in pkgconfig (bug 789532: + Vít Ondruch ) + +* Fri Jan 18 2013 Mamoru TASAKA - 1.9.3.362-26 +- Provide non-versioned pkgconfig file (bug 789532) +- Use db5 on F-19 (bug 894022) + +* Wed Jan 16 2013 Mamoru TASAKA - 1.9.3.362-25 +- Backport fix for the upstream PR7629, save the proc made from the given block + (bug 895173) + +* Wed Jan 2 2013 Mamoru TASAKA - 1.9.3.362-24 +- Update to 1.9.3.362 + +* Mon Dec 03 2012 Jaromir Capik - 1.9.3.327-23 +- Skipping test_parse.rb (fails on ARM at line 787) +- http://bugs.ruby-lang.org/issues/6899 + +* Sun Nov 11 2012 Mamoru TASAKA - 1.9.3.327-23 +- Skip test_str_crypt (on rawhide) for now (upstream bug 7312) + +* Sat Nov 10 2012 Mamoru TASAKA - 1.9.3.327-22 +- Ignore some network related tests + +* Sat Nov 10 2012 Mamoru TASAKA - 1.9.3.327-21 +- Update to 1.9.3.327 +- Fix Hash-flooding DoS vulnerability on MurmurHash function + (CVE-2012-5371) + +* Sat Oct 13 2012 Mamoru TASAKA - 1.9.3.286-19 +- Update to 1.9.3 p286 +- Don't create files when NUL-containing path name is passed + (bug 865940, CVE-2012-4522) + +* Thu Oct 04 2012 Mamoru Tasaka - 1.9.3.194-18 +- Patch from trunk for CVE-2012-4464, CVE-2012-4466 + +* Thu Sep 06 2012 Vít Ondruch - 1.9.3.194-17 +- Split documentation into -doc subpackage (rhbz#854418). + +* Tue Aug 14 2012 Vít Ondruch - 1.9.3.194-16 +- Revert the dependency of ruby-libs on rubygems (rhbz#845011, rhbz#847482). + +* Wed Aug 01 2012 Vít Ondruch - 1.9.3.194-15 +- ruby-libs must require rubygems (rhbz#845011). + +* Sat Jul 21 2012 Fedora Release Engineering - 1.9.3.194-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Bohuslav Kabrda - 1.9.3.194-13 +- Make the bigdecimal gem a runtime dependency of Ruby. + +* Mon Jun 11 2012 Bohuslav Kabrda - 1.9.3.194-12 +- Make symlinks for bigdecimal and io-console gems to ruby stdlib dirs (RHBZ 829209). + +* Tue May 29 2012 Bohuslav Kabrda - 1.9.3.194-11 +- Fix license to contain Public Domain. +- macros.ruby now contains unexpanded macros. + +* Sun Apr 22 2012 Mamoru Tasaka - 1.9.3.194-10.1 +- Bump release + +* Fri Apr 20 2012 Vít Ondruch - 1.9.3.194-1 +- Update to Ruby 1.9.3-p194. + +* Mon Apr 09 2012 Karsten Hopp 1.9.3.125-3 +- disable check on ppc(64), RH bugzilla 803698 + +* Wed Feb 29 2012 Peter Robinson - 1.9.3.125-2 +- Temporarily disable make check on ARM until it's fixed upstream. Tracked in RHBZ 789410 + +* Mon Feb 20 2012 Vít Ondruch - 1.9.3.125-1 +- Upgrade to Ruby 1.9.3-p125. + +* Sun Jan 29 2012 Mamoru Tasaka - 1.9.3.0-7 +- Make mkmf.rb verbose by default + +* Thu Jan 26 2012 Vít Ondruch - 1.9.3.0-6 +- Relax dependencies to allow external updates of bundled gems. + +* Wed Jan 18 2012 Vít Ondruch - 1.9.3.0-5 +- Initial release of Ruby 1.9.3. +- Add rubygems dependency on io-console for user interactions. +- Gems license clarification. + +* Tue Jan 17 2012 Vít Ondruch - 1.9.3.0-4 +- Bundled gems moved into dedicated directories and subpackages. +- Create and own RubyGems directories for binary extensions. +- Fix build with GCC 4.7. + +* Mon Jan 16 2012 Vít Ondruch - 1.9.3.0-3 +- Fix RHEL build. +- Fixed directory ownership. +- Verose build output. + +* Sun Jan 15 2012 Vít Ondruch - 1.9.3.0-2 +- Install RubyGems outside of Ruby directory structure. +- RubyGems has not its own -devel subpackage. +- Enhanced macros.ruby and macros.rubygems. +- All tests are green now (bkabrda). + +* Sat Jan 14 2012 Vít Ondruch - 1.9.3.0-1 +- Initial package + +* Sat Jan 14 2012 Fedora Release Engineering - 1.8.7.357-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Dec 29 2011 Mamoru Tasaka - 1.8.7.357-1 +- Update to 1.8.7p357 +- Randomize hash on process startup (CVE-2011-4815, bug 750564) + +* Fri Dec 23 2011 Dennis Gilmore - 1.8.7.352-2 +- dont normalise arm cpus to arm +- there is something weird about how ruby choses where to put bits + +* Thu Nov 17 2011 Mamoru Tasaka - 1.8.7.352-3 +- F-17: kill gdbm support for now due to licensing compatibility issue + +* Sat Oct 1 2011 Mamoru Tasaka - 1.8.7.352-2 +- F-17: rebuild against new gdbm + +* Sat Jul 16 2011 Mamoru Tasaka - 1.8.7.352-1 +- Update to 1.8.7 p352 +- CVE-2011-2686 is fixed in this version (bug 722415) +- Update ext/tk to the latest git +- Remove duplicate path entry (bug 718695) + +* Thu Jul 14 2011 Mamoru Tasaka - 1.8.7.334-4 +- Once fix FTBFS (bug 716021) + +* Mon Jul 11 2011 Dennis Gilmore - 1.8.7.334-3 +- normalise arm cpus to arm + +* Mon May 30 2011 Mamoru Tasaka - 1.8.7.334-2 +- Own %%{_normalized_cpu}-%%{_target_os} directory (bug 708816) + +* Sat Feb 19 2011 Mamoru Tasaka - 1.8.7.334-1 +- Update to 1.8.7 p334 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.8.7.330-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Jan 02 2011 Dennis Gilmore - 1.8.7.330-2 +- nomalise the 32 bit sparc archs to sparc + +* Sun Dec 26 2010 Mamoru Tasaka - 1.8.7.330-1 +- Update to 1.8.7 p330 +- ext/tk updated to the newest header + +* Thu Nov 4 2010 Mamoru Tasaka - 1.8.7.302-2 +- Avoid multilib conflict on -libs subpackage (bug 649174) + +* Mon Aug 23 2010 Mamoru Tasaka - 1.8.7.302-1 +- Update to 1.8.7.302 +- CVE-2010-0541 (bug 587731) is fixed in this version +- Update ext/tk to the latest head + +* Mon Aug 2 2010 Mamoru Tasaka - 1.8.7.299-5 +- More cleanup of spec file, expecially for rpmlint issue +- build ri files in %%build + +* Mon Jul 26 2010 Mamoru Tasaka - 1.8.7.299-4 +- Cleanup spec file +- Make -irb, -rdoc subpackage noarch +- Make dependencies between arch-dependent subpackages isa specific +- Improve sample documentation gathering + +* Mon Jul 12 2010 Mohammed Morsi - 1.8.7.299-3 +- updated packaged based on feedback (from mtasaka) +- added comments to all patches / sources +- obsoleted ruby-mode, as it's now provided by the emacs package itself +- readded missing documentation +- various small compatability/regression fixes + +* Tue Jul 06 2010 Mohammed Morsi - 1.8.7.299-2 +- readded bits to pull tk package from upstream source branch +- removed unecessary .tk.old dir +- renamed macros which may cause confusion, removed unused ones + +* Thu Jun 24 2010 Mohammed Morsi - 1.8.7.299-1 +- integrate more of jmeyering's and mtaska's feedback +- removed emacs bits that are now shipped with the emacs package +- various patch and spec cleanup +- rebased to ruby 1.8.7 patch 299, removed patches no longer needed: + ruby-1.8.7-openssl-1.0.patch, ruby-1.8.7-rb_gc_guard_ptr-optimization.patch + +* Wed Jun 23 2010 Mohammed Morsi - 1.8.7.249-5 +- Various fixes + +* Wed Jun 23 2010 Mohammed Morsi - 1.8.7.249-4 +- Fixed incorrect paths in 1.8.7 rpm + +* Tue Jun 22 2010 Mohammed Morsi - 1.8.7.249-3 +- Integrated Jim Meyering's feedback and changes in to: +- remove trailing blanks +- placate rpmlint +- ruby_* definitions: do not use trailing slashes in directory names +- _normalized_cpu: simplify definition + +* Mon Jun 21 2010 Mohammed Morsi - 1.8.7.249-2 +- Integrate mtasaka's feedback and changes +- patch101 ruby_1_8_7-rb_gc_guard_ptr-optimization.patch + +* Tue Jun 15 2010 Mohammed Morsi - 1.8.7.249-1 +- Initial Ruby 1.8.7 specfile + +* Wed May 19 2010 Mamoru Tasaka - 1.8.6.399-5 +- Retry for bug 559158, Simplify the OpenSSL::Digest class + pull more change commits from ruby_1_8 branch + +* Mon May 17 2010 Mamoru Tasaka - 1.8.6.399-4 +- Patch36 (ruby-1.8.x-RHASH_SIZE-rb_hash_lookup-def.patch) + also backport rb_hash_lookup definition (bug 592936) + +* Thu May 13 2010 Mamoru Tasaka - 1.8.6.399-3 +- ruby-1.8.x-null-class-must-be-Qnil.patch (bug 530407) +- Recreate some patches using upstream svn when available, and + add some comments for patches + +* Tue May 11 2010 Mamoru Tasaka - 1.8.6.399-2 +- tcltk: Give up using potentially unmaintained ruby_1_8_6 branch + and instead completely replace with ruby_1_8 branch head + (at this time, using rev 27738) + (seems to fix 560053, 590503) +- Fix Japanese encoding strings under ruby-tcltk/ext/tk/sample/ + +* Tue Apr 27 2010 Mamoru Tasaka - 1.8.6.399-1 +- Update to 1.8.6 p 399 (bug 579675) +- Patch to fix gc bug causing open4 crash (bug 580993) + +* Fri Mar 12 2010 Mamoru Tasaka - 1.8.6.388-9 +- F-14: rebuild against new gdbm + +* Thu Jan 28 2010 Mamoru Tasaka +- Once revert the previous change (patch34) + +* Wed Jan 27 2010 Jeroen van Meeuwen - 1.8.6.388-8 +- Backport openssl/digest functions providing digest and hexdigest functions + directly in OpenSSL::Digest.methods +- Make sure that Red Hat people version their changelog entries +- This is actually release #1, but now needs to be release #7 + +* Mon Jan 18 2010 Akira TAGOH - 1.8.6.388-1 +- Add conditional for RHEL. + +* Wed Jan 13 2010 Mamoru Tasaka - 1.8.6.383-6 +- CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485) + +* Wed Dec 9 2009 Mamoru Tasaka - 1.8.6.383-5 +- Change mkmf.rb to use LIBRUBYARG_SHARED so that have_library() works + without libruby-static.a (bug 428384) +- And move libruby-static.a to -static subpackage + +* Thu Oct 29 2009 Mamoru Tasaka - 1.8.6.383-4 +- Use bison to regenerate parse.c to keep the original format of error + messages (bug 530275 comment 4) + +* Sun Oct 25 2009 Mamoru Tasaka - 1.8.6.383-3 +- Patch so that irb saves its history (bug 518584, ruby issue 1556) + +* Sat Oct 24 2009 Mamoru Tasaka - 1.8.6.383-2 +- Update to 1.8.6 patchlevel 383 (bug 520063) + +* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-5 +- Much better idea for Patch31 provided by Akira TAGOH + +* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-4 +- Fix the search path of ri command for ri manuals installed with gem + (bug 528787) + +* Wed Aug 26 2009 Tomas Mraz - 1.8.6.369-3 +- Rebuild against new openssl + +* Thu Jul 23 2009 Mamoru Tasaka - 1.8.6.369-2 +- Make sure that readline.so is linked against readline 5 because + Ruby is under GPLv2 + +* Sat Jun 20 2009 Jeroen van Meeuwen - 1.8.6.369-1 +- New patchlevel fixing CVE-2009-1904 +- Fix directory on ARM (#506233, Kedar Sovani) + +* Sun May 31 2009 Jeroen van Meeuwen - 1.8.6.368-1 +- New upstream release (p368) + +* Sat Apr 11 2009 Mamoru Tasaka - 1.8.6.287-8 +- Merge Review fix (#226381) + +* Wed Mar 18 2009 Jeroen van Meeuwen - 1.8.6.287-7 +- Fix regression in CVE-2008-3790 (#485383) + +* Mon Mar 16 2009 Mamoru Tasaka - 1.8.6.287-6 +- Again use -O2 optimization level +- i586 should search i386-linux directory (on <= F-11) + +* Thu Mar 05 2009 Jeroen van Meeuwen - 1.8.6.287-5 +- Rebuild for gcc4.4 + +* Fri Feb 27 2009 Jeroen van Meeuwen - 1.8.6.287-3 +- CVE-2008-5189: CGI header injection. + +* Wed Oct 8 2008 Akira TAGOH - 1.8.6.287-2 +- CVE-2008-3790: DoS vulnerability in the REXML module. + +* Sat Aug 23 2008 Akira TAGOH - 1.8.6.287-1 +- New upstream release. +- Security fixes. + - CVE-2008-3655: Ruby does not properly restrict access to critical + variables and methods at various safe levels. + - CVE-2008-3656: DoS vulnerability in WEBrick. + - CVE-2008-3657: Lack of taintness check in dl. + - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb. + - CVE-2008-3443: Memory allocation failure in Ruby regex engine. +- Remove the unnecessary backported patches. + +* Thu Jul 10 2008 Tom "spot" Callaway - 1.8.6.230-5 +- rebuild against db4-4.7 + +* Tue Jul 1 2008 Akira TAGOH - 1.8.6.230-4 +- Backported from upstream SVN to fix a segfault issue with Array#fill. + +* Mon Jun 30 2008 Akira TAGOH - 1.8.6.230-3 +- Backported from upstream SVN to fix a segfault issue. (#452825) +- Backported from upstream SVN to fix an integer overflow in rb_ary_fill. + +* Wed Jun 25 2008 Akira TAGOH - 1.8.6.230-2 +- Fix a segfault issue. (#452810) + +* Tue Jun 24 2008 Akira TAGOH - 1.8.6.230-1 +- New upstream release. +- Security fixes. (#452295) + - CVE-2008-1891: WEBrick CGI source disclosure. + - CVE-2008-2662: Integer overflow in rb_str_buf_append(). + - CVE-2008-2663: Integer overflow in rb_ary_store(). + - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). + - CVE-2008-2725: Integer overflow in rb_ary_splice(). + - CVE-2008-2726: Integer overflow in rb_ary_splice(). +- ruby-1.8.6.111-CVE-2007-5162.patch: removed. +- Build ruby-mode package for all archtectures. + +* Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 +- Security fix for CVE-2008-1145. +- Improve a spec file. (#226381) + - Correct License tag. + - Fix a timestamp issue. + - Own a arch-specific directory. + +* Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Akira TAGOH - 1.8.6.111-8 +- Rebuild for gcc-4.3. + +* Tue Jan 15 2008 Akira TAGOH - 1.8.6.111-7 +- Revert the change of libruby-static.a. (#428384) + +* Fri Jan 11 2008 Akira TAGOH - 1.8.6.111-6 +- Fix an unnecessary replacement for shebang. (#426835) + +* Fri Jan 4 2008 Akira TAGOH - 1.8.6.111-5 +- Rebuild. + +* Fri Dec 28 2007 Akira TAGOH - 1.8.6.111-4 +- Clean up again. + +* Fri Dec 21 2007 Akira TAGOH - 1.8.6.111-3 +- Clean up the spec file. +- Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. + this could be replaced by ri. +- Disable the static library building. + +* Tue Dec 04 2007 Release Engineering - 1.8.6.111-2 + - Rebuild for openssl bump + +* Wed Oct 31 2007 Akira TAGOH +- Fix the dead link. + +* Mon Oct 29 2007 Akira TAGOH - 1.8.6.111-1 +- New upstream release. +- ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes + at trunk to enable the fix without any modifications on the users' scripts. + Note that Net::HTTP#enable_post_connection_check isn't available anymore. + If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE + to Net::HTTP#verify_mode= instead of. + +* Mon Oct 15 2007 Akira TAGOH - 1.8.6.110-2 +- Enable pthread support for ppc too. (#201452) +- Fix unexpected dependencies appears in ruby-libs. (#253325) + +* Wed Oct 10 2007 Akira TAGOH - 1.8.6.110-1 +- New upstream release. + - ruby-r12567.patch: removed. +- ruby-1.8.6-CVE-2007-5162.patch: security fix for Net::HTTP that is + insufficient verification of SSL certificate. + +* Thu Aug 23 2007 Akira TAGOH - 1.8.6.36-4 +- Rebuild + +* Fri Aug 10 2007 Akira TAGOH +- Update License tag. + +* Mon Jun 25 2007 Akira TAGOH - 1.8.6.36-3 +- ruby-r12567.patch: backport patch from upstream svn to get rid of + the unnecessary declarations. (#245446) + +* Wed Jun 20 2007 Akira TAGOH - 1.8.6.36-2 +- New upstream release. + - Fix Etc::getgrgid to get the correct gid as requested. (#236647) + +* Wed Mar 28 2007 Akira TAGOH - 1.8.6-2 +- Fix search path breakage. (#234029) + +* Thu Mar 15 2007 Akira TAGOH - 1.8.6-1 +- New upstream release. +- clean up a spec file. + +* Tue Feb 13 2007 Akira TAGOH - 1.8.5.12-2 +- Rebuild + +* Mon Feb 5 2007 Akira TAGOH - 1.8.5.12-1 +- New upstream release. + +* Mon Dec 11 2006 Akira TAGOH - 1.8.5.2-1 +- security fix release. + +* Fri Oct 27 2006 Akira TAGOH - 1.8.5-4 +- security fix release. +- ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that + causes the denial of service. (#212396) + +* Sun Oct 01 2006 Jesse Keating - 1.8.5-3 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Tue Sep 26 2006 Akira TAGOH - 1.8.5-2 +- fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) + +* Mon Aug 28 2006 Akira TAGOH - 1.8.5-1 +- New upstream release. +- removed the unnecessary patches: + - ruby-1.8.4-no-eaccess.patch + - ruby-1.8.4-64bit-pack.patch + - ruby-1.8.4-fix-insecure-dir-operation.patch + - ruby-1.8.4-fix-insecure-regexp-modification.patch + - ruby-1.8.4-fix-alias-safe-level.patch +- build with --enable-pthread except on ppc. +- ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak + on Hash. [ruby-talk:211233] + +* Mon Aug 7 2006 Akira TAGOH - 1.8.4-12 +- owns sitearchdir. (#201208) + +* Thu Jul 20 2006 Akira TAGOH - 1.8.4-11 +- security fixes [CVE-2006-3694] + - ruby-1.8.4-fix-insecure-dir-operation.patch: + - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure + operations in the certain safe-level restrictions. (#199538) + - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain + safe-level restrictions. (#199543) + +* Wed Jul 12 2006 Jesse Keating - 1.8.4-10.fc6.1 +- rebuild + +* Mon Jun 19 2006 Akira TAGOH - 1.8.4-10 +- fixed the wrong file list again. moved tcltk library into ruby-tcltk. + (#195872) + +* Thu Jun 8 2006 Akira TAGOH - 1.8.4-8 +- ruby-deprecated-sitelib-search-path.patch: correct the order of search path. + +* Wed Jun 7 2006 Akira TAGOH - 1.8.4-7 +- exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided + and buildsys became much stricter. +- ruby-deprecated-sitelib-search-path.patch: applied to add more search path + for backward compatiblity. +- added byacc to BuildReq. (#194161) + +* Wed May 17 2006 Akira TAGOH - 1.8.4-6 +- ruby-deprecated-search-path.patch: added the deprecated installation paths + to the search path for the backward compatibility. +- added a Provides: ruby(abi) to ruby-libs. +- ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack("l") + not working on 64bit arch and integer overflow on template "w". (#189350) +- updated License tag to be more comfortable, and with a pointer to get more + details, like Python package does. (#179933) +- clean up. + +* Wed Apr 19 2006 Akira TAGOH +- ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby + and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs. + so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to + the kind of /usr/lib/ruby now. (#184199) + +* Mon Apr 17 2006 Akira TAGOH - 1.8.4-4 +- correct sitelibdir. (#184198) + +* Fri Feb 10 2006 Jesse Keating - 1.8.4-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.8.4-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Feb 6 2006 Akira TAGOH - 1.8.4-3 +- ruby-1.8.4-no-eaccess.patch: backported from ruby CVS to avoid conflict + between newer glibc. (#179835) + +* Wed Jan 4 2006 Akira TAGOH - 1.8.4-2 +- ruby-tcltk-multilib.patch: fixed a typo. + +* Tue Dec 27 2005 Akira TAGOH - 1.8.4-1 +- New upstream release. + - fixed a missing return statement. (#140833) + - fixed an use of uninitialized variable. (#144890) + +* Fri Dec 16 2005 Akira TAGOH - 1.8.4-0.4.preview2 +- updates to 1.8.4-preview2. +- renamed the packages to ruby-* (#175765) + - irb -> ruby-irb + - rdoc -> ruby-rdoc + - ri -> ruby-ri +- added tcl-devel and tk-devel into BuildRequires. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Nov 10 2005 Akira TAGOH - 1.8.4-0.3.preview1 +- rebuilt against the latest openssl. + +* Tue Nov 1 2005 Akira TAGOH - 1.8.4-0.2.preview1 +- build-deps libX11-devel instead of xorg-x11-devel. + +* Mon Oct 31 2005 Akira TAGOH - 1.8.4-0.1.preview1 +- New upstream release. +- ruby-1.8.2-strscan-memset.patch: removed because it's no longer needed. + +* Tue Oct 4 2005 Akira TAGOH - 1.8.3-4 +- moved the documents from ruby-libs to ruby-docs, which contains the arch + specific thing and to be multilib support. (#168826) + +* Mon Oct 3 2005 Akira TAGOH - 1.8.3-3 +- fixed the wrong file list. the external library for tcl/tk was included + in ruby-libs unexpectedly. + +* Mon Sep 26 2005 Akira TAGOH - 1.8.3-2 +- ruby-multilib.patch: added another chunk for multilib. (#169127) + +* Wed Sep 21 2005 Akira TAGOH - 1.8.3-1 +- New upstream release. +- Build-Requires xorg-x11-devel instead of XFree86-devel. +- ruby-multilib.patch: applied for only 64-bit archs. +- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: removed. it has already been in upstream. + +* Tue Jun 21 2005 Akira TAGOH - 1.8.2-9 +- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution + on XMLRPC server. (#161096) + +* Thu Jun 16 2005 Akira TAGOH - 1.8.2-8 +- ruby-1.8.2-tcltk-multilib.patch: applied to get tcltklib.so built. (#160194) + +* Thu Apr 7 2005 Akira TAGOH - 1.8.2-7 +- ruby-1.8.2-deadcode.patch: removed the dead code from the source. (#146108) +- make sure that all documentation files in ruby-docs are the world- + readable. (#147279) + +* Tue Mar 22 2005 Akira TAGOH - 1.8.2-6 +- ruby-1.8.2-strscan-memset.patch: fixed an wrong usage of memset(3). + +* Tue Mar 15 2005 Akira TAGOH - 1.8.2-5 +- rebuilt + +* Tue Jan 25 2005 Akira TAGOH - 1.8.2-4 +- fixed the wrong generation of file manifest. (#146055) +- spec file clean up. + +* Mon Jan 24 2005 Akira TAGOH - 1.8.2-3 +- separated out to rdoc package. +- make the dependency of irb for rdoc. (#144708) + +* Wed Jan 12 2005 Tim Waugh - 1.8.2-2 +- Rebuilt for new readline. + +* Wed Jan 5 2005 Akira TAGOH - 1.8.2-1 +- New upstream release. +- ruby-1.8.1-ia64-stack-limit.patch: removed - it's no longer needed. +- ruby-1.8.1-cgi_session_perms.patch: likewise. +- ruby-1.8.1-cgi-dos.patch: likewise. +- generated Ruby interactive documentation - senarated package. + it's now provided as ri package. (#141806) + +* Thu Nov 11 2004 Jeff Johnson 1.8.1-10 +- rebuild against db-4.3.21. + +* Wed Nov 10 2004 Akira TAGOH - 1.8.1-9 +- ruby-1.8.1-cgi-dos.patch: security fix [CAN-2004-0983] +- ruby-1.8.1-cgi_session_perms.patch: security fix [CAN-2004-0755] + +* Fri Oct 29 2004 Akira TAGOH - 1.8.1-8 +- added openssl-devel and db4-devel into BuildRequires (#137479) + +* Wed Oct 6 2004 Akira TAGOH - 1.8.1-7 +- require emacs-common instead of emacs. + +* Wed Jun 23 2004 Akira TAGOH 1.8.1-4 +- updated the documentation. + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Feb 04 2004 Akira TAGOH 1.8.1-1 +- New upstream release. +- don't use any optimization for ia64 to avoid the build failure. +- ruby-1.8.1-ia64-stack-limit.patch: applied to fix SystemStackError when the optimization is disabled. + +* Sat Dec 13 2003 Jeff Johnson 1.8.0-3 +- rebuild against db-4.2.52. + +* Thu Sep 25 2003 Jeff Johnson 1.8.0-2 +- rebuild against db-4.2.42. + +* Tue Aug 5 2003 Akira TAGOH 1.8.0-1 +- New upstream release. + +* Thu Jul 24 2003 Akira TAGOH 1.6.8-9.1 +- rebuilt + +* Thu Jul 24 2003 Akira TAGOH 1.6.8-9 +- ruby-1.6.8-castnode.patch: handling the nodes with correct cast. + use this patch now instead of ruby-1.6.8-fix-x86_64.patch. + +* Fri Jul 04 2003 Akira TAGOH 1.6.8-8 +- rebuilt + +* Fri Jul 04 2003 Akira TAGOH 1.6.8-7 +- fix the gcc warnings. (#82192) +- ruby-1.6.8-fix-x86_64.patch: correct a patch. + NOTE: DON'T USE THIS PATCH FOR BIG ENDIAN ARCHITECTURE. +- ruby-1.6.7-long2int.patch: removed. + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Fri Feb 7 2003 Jens Petersen - 1.6.8-5 +- rebuild against ucs4 tcltk + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Jan 22 2003 Akira TAGOH 1.6.8-3 +- ruby-1.6.8-multilib.patch: applied to fix the search path issue on x86_64 + +* Tue Jan 21 2003 Akira TAGOH 1.6.8-2 +- ruby-1.6.8-require.patch: applied to fix the search bug in require. +- don't apply long2int patch to s390 and s390x. it doesn't work. + +* Wed Jan 15 2003 Akira TAGOH 1.6.8-1 +- New upstream release. +- removed some patches. it's no longer needed. + - ruby-1.6.7-100.patch + - ruby-1.6.7-101.patch + - ruby-1.6.7-102.patch + - ruby-1.6.7-103.patch + - 801_extmk.rb-shellwords.patch + - 801_mkmf.rb-shellwords.patch + - 804_parse.y-new-bison.patch + - 805_uri-bugfix.patch + - ruby-1.6.6-900_XXX_strtod.patch + - ruby-1.6.7-sux0rs.patch + - ruby-1.6.7-libobj.patch + +* Wed Jan 15 2003 Jens Petersen 1.6.7-14 +- rebuild to update tcltk deps + +* Mon Dec 16 2002 Elliot Lee 1.6.7-13 +- Remove ExcludeArch: x86_64 +- Fix x86_64 ruby with long2int.patch (ruby was assuming that sizeof(long) + == sizeof(int). The patch does not fix the source of the problem, just + makes it a non-issue.) +- _smp_mflags + +* Tue Dec 10 2002 Tim Powers 1.6.7-12 +- rebuild to fix broken tcltk deps + +* Tue Oct 22 2002 Akira TAGOH 1.6.7-11 +- use %%configure macro instead of configure script. +- use the latest config.{sub,guess}. +- get archname from rbconfig.rb for %%dir +- applied some patches from Debian: + - 801_extmk.rb-shellwords.patch: use Shellwords + - 801_mkmf.rb-shellwords.patch: mkmf.rb creates bad Makefile. the Makefile + links libruby.a to the target. + - 803_sample-fix-shbang.patch: all sample codes should be + s|/usr/local/bin|/usr/bin|g + - 804_parse.y-new-bison.patch: fix syntax warning. + - 805_uri-bugfix.patch: uri.rb could not handle correctly broken mailto-uri. +- add ExcludeArch x86_64 temporarily to fix Bug#74581. Right now ruby can't be + built on x86_64. + +* Tue Aug 27 2002 Akira TAGOH 1.6.7-10 +- moved sitedir to /usr/lib/ruby/site_ruby again according as our perl and + python. +- ruby-1.6.7-resolv1.patch, ruby-1.6.7-resolv2.patch: applied to fix 'Too many + open files - "/etc/resolv.conf"' issue. (Bug#64830) + +* Thu Jul 18 2002 Akira TAGOH 1.6.7-9 +- add the owned directory. + +* Fri Jul 12 2002 Akira TAGOH 1.6.7-8 +- fix typo. + +* Thu Jul 04 2002 Akira TAGOH 1.6.7-7 +- removed the ruby-mode-xemacs because it's merged to the xemacs sumo. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Wed Jun 19 2002 Akira TAGOH 1.6.7-5 +- fix the stripped binary. +- use the appropriate macros. + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Akira TAGOH 1.6.7-3 +- ruby-1.6.7-libobj.patch: applied to fix autoconf2.53 error. + +* Mon Mar 18 2002 Akira TAGOH 1.6.7-2 +- ruby-man-1.4.6-jp.tar.bz2: removed. +- ruby-refm-rdp-1.4.7-ja-html.tar.bz2: uses it instead of. +- ruby-1.6.7-500-marshal-proc.patch, ruby-1.6.7-501-class-var.patch: + removed. +- ruby-1.6.7-100.patch: applied a bug fix patch. + (ruby-dev#16274: patch for 'wm state') + (PR#206ja: SEGV handle EXIT) +- ruby-1.6.7-101.patch: applied a bug fix patch. + (ruby-list#34313: singleton should not be Marshal.dump'ed) + (ruby-dev#16411: block local var) +- ruby-1.6.7-102.patch: applied a bug fix patch. + (handling multibyte chars is partially broken) +- ruby-1.6.7-103.patch: applied a bug fix patch. + (ruby-dev#16462: preserve reference for GC, but link should be cut) + +* Fri Mar 8 2002 Akira TAGOH 1.6.7-1 +- New upstream release. +- ruby-1.6.6-100.patch, ruby-1.6.6-501-ruby-mode.patch: + removed. these patches no longer should be needed. +- ruby-1.6.7-500-marshal-proc.patch: applied a fix patch. + (ruby-dev#16178: Marshal::dump should call Proc#call.) +- ruby-1.6.7-501-class-var.patch: applied a fix patch. + (ruby-talk#35157: class vars broken in 1.6.7) + +* Wed Feb 27 2002 Akira TAGOH 1.6.6-5 +- Disable alpha because nothing is xemacs for alpha now. + +* Tue Feb 5 2002 Akira TAGOH 1.6.6-3 +- Fixed the duplicate files. + +* Tue Feb 5 2002 Akira TAGOH 1.6.6-2 +- Fixed the missing %%defattr + +* Fri Feb 1 2002 Akira TAGOH 1.6.6-1 +- New upstream release. +- Applied bug fix patches: + - ruby-1.6.6-501-ruby-mode.patch: ruby-talk#30479: disables font-lock + coloring. + - ruby-1.6.6-100.patch: ruby-talk#30203: Ruby 1.6.6 bug and fix + ruby-list#33047: regex bug + PR#230: problem with -d in 1.6.6 +- Added ruby-mode and ruby-mode-xemacs packages. +- Ruby works fine for ia64. so re-enable to build with ia64. + (probably it should be worked for alpha) + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Thu Jul 19 2001 Bernhard Rosenkraenzer 1.6.4-2 +- Remove Japanese description and summaries; they belong in specspo and + break rpm +- Clean up specfile +- Mark language specific files (README.jp) as such +- bzip2 sources +- rename the libruby package to ruby-libs for consistency +- Exclude ia64 (doesn't build - the code doesn't seem to be 64-bit clean + [has been excluded on alpha forever]) + +* Tue Jul 17 2001 Akira TAGOH 1.6.4-1 +- rebuild for Red Hat 7.2 + +* Mon Jun 04 2001 akira yamada +- upgrade to nwe upstream version 1.6.4. + +* Mon Apr 02 2001 akira yamada +- applied patch: + - fixed method cache bug. etc. (Patch103, Patch104) + +* Tue Mar 27 2001 akira yamada +- applied patch: + - fixed marshal for bignum bug. + - fixed scope of constant variables bug. + +* Tue Mar 20 2001 akira yamada +- upgraded to new upstream version 1.6.3. + +* Fri Feb 09 2001 akira yamada +- fixed bad group for libruby. +- Applied patch: upgraded to cvs version (2001-02-08): + fixed minor bugs. + +* Thu Jan 18 2001 akira yamada +- Applied patch: upgraded to cvs version (2001-01-15): + fixed minor bugs(e.g. ruby makes extention librares too large...). + +* Wed Jan 10 2001 akira yamada +- Applied patch: upgraded to cvs version (2001-01-09): + fixed minor bugs. + +* Sat Dec 30 2000 akira yamada +- Applied bug fix patch. + +* Mon Dec 25 2000 akira yamada +- Updated to new upstream version 1.6.2. + +* Fri Dec 22 2000 akira yamada +- Removed ruby_cvs.2000122019.patch, added ruby_cvs.2000122215.patch + (upgraded ruby to latest cvs version, 1.6.2-preview4). + +* Wed Dec 20 2000 akira yamada +- Removed ruby_cvs.2000121413.patch, added ruby_cvs.2000122019.patch + (upgraded ruby to latest cvs version). +- new package: libruby + +* Thu Dec 14 2000 akira yamada +- Removed ruby_cvs.2000101901.patch, added ruby_cvs.2000121413.patch + (upgraded ruby to latest cvs version). +- Removed ruby-dev.11262.patch, ruby-dev.11265.patch, + and ruby-dev.11268.patch (included into above patch). + +* Sun Nov 12 2000 MACHINO, Satoshi 1.6.1-0vl9 +- build on gcc-2.95.3 + +* Thu Oct 19 2000 akira yamada +- Added ruby-dev.11268.patch. + +* Thu Oct 19 2000 akira yamada +- Removed ruby_cvs.2000101117.patch and added ruby_cvs.2000101901.patch + (upgraded ruby to latest cvs version). +- Added ruby-dev.11262.patch. +- Added ruby-dev.11265.patch. + +* Wed Oct 11 2000 akira yamada +- Removed ruby_cvs.2000100313.patch and added ruby_cvs.2000101117.patch + (upgraded ruby to latest cvs version). + +* Mon Oct 09 2000 akira yamada +- Removed ruby_cvs.2000100313.patch and added ruby_cvs.2000100313.patch + (upgraded ruby to latest cvs version). + +* Tue Oct 03 2000 akira yamada +- Removed ruby_cvs.2000100218.patch and added ruby_cvs.2000100313.patch + (upgraded ruby to latest cvs version). + +* Mon Oct 02 2000 akira yamada +- Removed ruby_cvs.2000092718.patch and added ruby_cvs.2000100218.patch + (upgraded ruby to latest cvs version). + +* Wed Sep 27 2000 akira yamada +- Updated to upstream version 1.6.1. +- Removed ruby_cvs.2000082901.patch and added ruby_cvs.2000092718.patch + (upgraded ruby to latest cvs version). + +* Tue Aug 29 2000 akira yamada +- Updated to version 1.4.6. +- removed ruby-dev.10123.patch(included into ruby-1.4.6). +- Added ruby_cvs.2000082901.patch(upgraded ruby to latest cvs version). + +* Tue Jun 27 2000 akira yamada +- Updated manuals to version 1.4.5. + +* Sun Jun 25 2000 akira yamada +- Added ruby-dev.10123.patch. + +* Sat Jun 24 2000 akira yamada +- Updated to version 1.4.5. +- Removed ruby_cvs.2000062401.patch(included into ruby-1.4.5). + +* Thu Jun 22 2000 akira yamada +- Updated to version 1.4.4(06/22/2000 CVS). +- Removed ruby-dev.10054.patch(included into ruby_cvs.patch). + +* Thu Jun 22 2000 akira yamada +- Renamed to ruby_cvs20000620.patch from ruby_cvs.patch. + +* Tue Jun 20 2000 akira yamada +- Updated to version 1.4.4(06/20/2000 CVS). +- Removed ruby-list.23190.patch(included into ruby_cvs.patch). +- Added ruby-dev.10054.patch. + +* Thu Jun 15 2000 akira yamada +- Updated to version 1.4.4(06/12/2000 CVS). +- Added manuals and FAQs. +- Split into ruby, ruby-devel, ruby-tcltk, ruby-docs, irb. + +* Tue Jun 13 2000 Mitsuo Hamada +- Updated to version 1.4.4 + +* Wed Dec 08 1999 Atsushi Yamagata +- Updated to version 1.4.3 + +* Mon Sep 20 1999 Atsushi Yamagata +- Updated to version 1.4.2 (Sep 18) + +* Fri Sep 17 1999 Atsushi Yamagata +- Updated to version 1.4.2 + +* Tue Aug 17 1999 Atsushi Yamagata +- Updated to version 1.4.0 + +* Fri Jul 23 1999 Atsushi Yamagata +- 2nd release +- Updated to version 1.2.6(15 Jul 1999) +- striped %%{prefix}/bin/ruby + +* Mon Jun 28 1999 Atsushi Yamagata +- Updated to version 1.2.6(21 Jun 1999) + +* Wed Apr 14 1999 Atsushi Yamagata +- Updated to version 1.2.5 + +* Fri Apr 09 1999 Atsushi Yamagata +- Updated to version 1.2.4 + +* Fri Dec 25 1998 Toru Hoshina +- Version up to 1.2 stable. + +* Fri Nov 27 1998 Toru Hoshina +- Version up to 1.1c9. + +* Thu Nov 19 1998 Toru Hoshina +- Version up to 1.1c8, however it appear short life :-P + +* Fri Nov 13 1998 Toru Hoshina +- Version up. + +* Tue Sep 22 1998 Toru Hoshina +- To make a libruby.so. + +* Mon Sep 21 1998 Toru Hoshina +- Modified SPEC in order to install libruby.a so that it should be used by + another ruby entention. +- 2nd release. + +* Mon Mar 9 1998 Shoichi OZAWA +- Added a powerPC arch part. Thanks, MURATA Nobuhiro