diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ababb4a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ruby-2.0.0-p648.tar.bz2 diff --git a/.ruby.metadata b/.ruby.metadata new file mode 100644 index 0000000..bb08655 --- /dev/null +++ b/.ruby.metadata @@ -0,0 +1 @@ +504be2eae6cdfe93aa7ed02ec55e35043d067ad5 SOURCES/ruby-2.0.0-p648.tar.bz2 diff --git a/SOURCES/abrt_prelude.rb b/SOURCES/abrt_prelude.rb new file mode 100644 index 0000000..5ffc51d --- /dev/null +++ b/SOURCES/abrt_prelude.rb @@ -0,0 +1,4 @@ +begin + require 'abrt' +rescue LoadError +end diff --git a/SOURCES/config.h b/SOURCES/config.h new file mode 100644 index 0000000..b34e398 --- /dev/null +++ b/SOURCES/config.h @@ -0,0 +1,51 @@ +/* + * This config.h is a wrapper include file for the original ruby/config.h, + * which has been renamed to ruby/config-.h. There are conflicts for the + * original ruby/config.h on multilib systems, which result from arch-specific + * configuration options. Please do not use the arch-specific file directly. + */ + +/* + * This wrapped is addpated from SDL's one: + * http://pkgs.fedoraproject.org/cgit/SDL.git/tree/SDL_config.h + */ + +#ifdef ruby_config_wrapper_h +#error "ruby_config_wrapper_h should not be defined!" +#endif +#define ruby_config_wrapper_h + +#if defined(__i386__) +#include "ruby/config-i386.h" +#elif defined(__ia64__) +#include "ruby/config-ia64.h" +#elif defined(__powerpc64__) +#include +#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +#include "ruby/config-ppc64.h" +#else +#include "ruby/config-ppc64le.h" +#endif +#elif defined(__powerpc__) +#include "ruby/config-ppc.h" +#elif defined(__s390x__) +#include "ruby/config-s390x.h" +#elif defined(__s390__) +#include "ruby/config-s390.h" +#elif defined(__x86_64__) +#include "ruby/config-x86_64.h" +#elif defined(__arm__) +#include "ruby/config-arm.h" +#elif defined(__alpha__) +#include "ruby/config-alpha.h" +#elif defined(__sparc__) && defined (__arch64__) +#include "ruby/config-sparc64.h" +#elif defined(__sparc__) +#include "ruby/config-sparc.h" +#elif defined(__aarch64__) +#include "ruby/config-aarch64.h" +#else +#error "The ruby-devel package is not usable with the architecture." +#endif + +#undef ruby_config_wrapper_h diff --git a/SOURCES/libruby.stp b/SOURCES/libruby.stp new file mode 100644 index 0000000..098b39d --- /dev/null +++ b/SOURCES/libruby.stp @@ -0,0 +1,303 @@ +/* SystemTap tapset to make it easier to trace Ruby 2.0 + * + * All probes provided by Ruby can be listed using following command + * (the path to the library must be adjuste appropriately): + * + * stap -L 'process("@LIBRARY_PATH@").mark("*")' + */ + +/** + * probe ruby.array.create - Allocation of new array. + * + * @size: Number of elements (an int) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.array.create = + process("@LIBRARY_PATH@").mark("array__create") +{ + size = $arg1 + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.cmethod.entry - Fired just before a method implemented in C is entered. + * + * @classname: Name of the class (string) + * @methodname: The method about bo be executed (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.cmethod.entry = + process("@LIBRARY_PATH@").mark("cmethod__entry") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.cmethod.return - Fired just after a method implemented in C has returned. + * + * @classname: Name of the class (string) + * @methodname: The executed method (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.cmethod.return = + process("@LIBRARY_PATH@").mark("cmethod__return") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.find.require.entry - Fired when require starts to search load + * path for suitable file to require. + * + * @requiredfile: The name of the file to be required (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.find.require.entry = + process("@LIBRARY_PATH@").mark("find__require__entry") +{ + requiredfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.find.require.return - Fired just after require has finished + * search of load path for suitable file to require. + * + * @requiredfile: The name of the file to be required (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.find.require.return = + process("@LIBRARY_PATH@").mark("find__require__return") +{ + requiredfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.gc.mark.begin - Fired when a GC mark phase is about to start. + * + * It takes no arguments. + */ +probe ruby.gc.mark.begin = + process("@LIBRARY_PATH@").mark("gc__mark__begin") +{ +} + +/** + * probe ruby.gc.mark.end - Fired when a GC mark phase has ended. + * + * It takes no arguments. + */ +probe ruby.gc.mark.end = + process("@LIBRARY_PATH@").mark("gc__mark__end") +{ +} + +/** + * probe ruby.gc.sweep.begin - Fired when a GC sweep phase is about to start. + * + * It takes no arguments. + */ +probe ruby.gc.sweep.begin = + process("@LIBRARY_PATH@").mark("gc__sweep__begin") +{ +} + +/** + * probe ruby.gc.sweep.end - Fired when a GC sweep phase has ended. + * + * It takes no arguments. + */ +probe ruby.gc.sweep.end = + process("@LIBRARY_PATH@").mark("gc__sweep__end") +{ +} + +/** + * probe ruby.hash.create - Allocation of new hash. + * + * @size: Number of elements (int) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.hash.create = + process("@LIBRARY_PATH@").mark("hash__create") +{ + size = $arg1 + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.load.entry - Fired when calls to "load" are made. + * + * @loadedfile: The name of the file to be loaded (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.load.entry = + process("@LIBRARY_PATH@").mark("load__entry") +{ + loadedfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.load.return - Fired just after require has finished + * search of load path for suitable file to require. + * + * @loadedfile: The name of the file that was loaded (string) + */ +probe ruby.load.return = + process("@LIBRARY_PATH@").mark("load__return") +{ + loadedfile = user_string($arg1) +} + +/** + * probe ruby.method.entry - Fired just before a method implemented in Ruby is entered. + * + * @classname: Name of the class (string) + * @methodname: The method about bo be executed (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.method.entry = + process("@LIBRARY_PATH@").mark("method__entry") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.method.return - Fired just after a method implemented in Ruby has returned. + * + * @classname: Name of the class (string) + * @methodname: The executed method (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.method.return = + process("@LIBRARY_PATH@").mark("method__return") +{ + classname = user_string($arg1) + methodname = user_string($arg2) + file = user_string($arg3) + line = $arg4 +} + +/** + * probe ruby.object.create - Allocation of new object. + * + * @classname: Name of the class (string) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.object.create = + process("@LIBRARY_PATH@").mark("object__create") +{ + classname = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.parse.begin - Fired just before a Ruby source file is parsed. + * + * @parsedfile: The name of the file to be parsed (string) + * @parsedline: The line number of beginning of parsing (int) + */ +probe ruby.parse.begin = + process("@LIBRARY_PATH@").mark("parse__begin") +{ + parsedfile = user_string($arg1) + parsedline = $arg2 +} + +/** + * probe ruby.parse.end - Fired just after a Ruby source file was parsed. + * + * @parsedfile: The name of parsed the file (string) + * @parsedline: The line number of beginning of parsing (int) + */ +probe ruby.parse.end = + process("@LIBRARY_PATH@").mark("parse__end") +{ + parsedfile = user_string($arg1) + parsedline = $arg2 +} + +/** + * probe ruby.raise - Fired when an exception is raised. + * + * @classname: The class name of the raised exception (string) + * @file: The name of the file where the exception was raised (string) + * @line: The line number in the file where the exception was raised (int) + */ +probe ruby.raise = + process("@LIBRARY_PATH@").mark("raise") +{ + classname = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.require.entry - Fired on calls to rb_require_safe (when a file + * is required). + * + * @requiredfile: The name of the file to be required (string) + * @file: The file that called "require" (string) + * @line: The line number where the call to require was made(int) + */ +probe ruby.require.entry = + process("@LIBRARY_PATH@").mark("require__entry") +{ + requiredfile = user_string($arg1) + file = user_string($arg2) + line = $arg3 +} + +/** + * probe ruby.require.return - Fired just after require has finished + * search of load path for suitable file to require. + * + * @requiredfile: The file that was required (string) + */ +probe ruby.require.return = + process("@LIBRARY_PATH@").mark("require__return") +{ + requiredfile = user_string($arg1) +} + +/** + * probe ruby.string.create - Allocation of new string. + * + * @size: Number of elements (an int) + * @file: The file name where the method is being called (string) + * @line: The line number where the method is being called (int) + */ +probe ruby.string.create = + process("@LIBRARY_PATH@").mark("string__create") +{ + size = $arg1 + file = user_string($arg2) + line = $arg3 +} diff --git a/SOURCES/macros.ruby b/SOURCES/macros.ruby new file mode 100644 index 0000000..36f4077 --- /dev/null +++ b/SOURCES/macros.ruby @@ -0,0 +1,22 @@ +%ruby_libdir %{_datadir}/%{name} +%ruby_libarchdir %{_libdir}/%{name} + +# This is the local lib/arch and should not be used for packaging. +%ruby_sitedir site_ruby +%ruby_sitelibdir %{_prefix}/local/share/%{name}/%{ruby_sitedir} +%ruby_sitearchdir %{_prefix}/local/%{_lib}/%{name}/%{ruby_sitedir} + +# This is the general location for libs/archs compatible with all +# or most of the Ruby versions available in the Fedora repositories. +%ruby_vendordir vendor_ruby +%ruby_vendorlibdir %{ruby_libdir}/%{ruby_vendordir} +%ruby_vendorarchdir %{ruby_libarchdir}/%{ruby_vendordir} + +# For ruby packages we want to filter out any provides caused by private +# libs in %%{ruby_vendorarchdir}/%%{ruby_sitearchdir}. +# +# Note that this must be invoked in the spec file, preferably as +# "%{?ruby_default_filter}", before any %description block. +%ruby_default_filter %{expand: \ +%global __provides_exclude_from %{?__provides_exclude_from:%{__provides_exclude_from}|}^(%{ruby_vendorarchdir}|%{ruby_sitearchdir})/.*\\\\.so$ \ +} diff --git a/SOURCES/macros.rubygems b/SOURCES/macros.rubygems new file mode 100644 index 0000000..13c378e --- /dev/null +++ b/SOURCES/macros.rubygems @@ -0,0 +1,196 @@ +# The RubyGems root folder. +%gem_dir %{_datadir}/gems +%gem_archdir %{_libdir}/gems + +# Common gem locations and files. +%gem_instdir %{gem_dir}/gems/%{gem_name}-%{version}%{?prerelease} +%gem_extdir_mri %{gem_archdir}/%{name}/%{gem_name}-%{version}%{?prerelease} +%gem_libdir %{gem_instdir}/lib +%gem_cache %{gem_dir}/cache/%{gem_name}-%{version}%{?prerelease}.gem +%gem_spec %{gem_dir}/specifications/%{gem_name}-%{version}%{?prerelease}.gemspec +%gem_docdir %{gem_dir}/doc/%{gem_name}-%{version}%{?prerelease} + + +# %gem_install - Install gem into appropriate directory. +# +# Usage: %gem_install [options] +# +# -n Overrides gem file name for installation. +# -d Set installation directory. +# +%gem_install(d:n:) \ +mkdir -p %{-d*}%{!?-d:.%{gem_dir}} \ +\ +CONFIGURE_ARGS="--with-cflags='%{optflags}' $CONFIGURE_ARGS" \\\ +gem install \\\ + -V \\\ + --local \\\ + --install-dir %{-d*}%{!?-d:.%{gem_dir}} \\\ + --bindir .%{_bindir} \\\ + --force \\\ + --document=ri,rdoc \\\ + %{-n*}%{!?-n:%{gem_name}-%{version}%{?prerelease}.gem} \ +%{nil} + + +# For rubygems packages we want to filter out any provides caused by private +# libs in %%{gem_archdir}. +# +# Note that this must be invoked in the spec file, preferably as +# "%{?rubygems_default_filter}", before any %description block. +%rubygems_default_filter %{expand: \ +%global __provides_exclude_from %{?__provides_exclude_from:%{__provides_exclude_from}|}^%{gem_extdir_mri}/.*\\\\.so$ \ +} + + +# The 'read' command in %%gemspec_* macros is not essential, but it is usefull +# to make the sript appear in build log. + + +# %gemspec_add_dep - Add dependency into .gemspec. +# +# Usage: %gemspec_add_dep -g [options] [requirements] +# +# Add dependency named to .gemspec file. The macro adds runtime +# dependency by default. The [requirements] argument can be used to specify +# the dependency constraints more precisely. It is expected to be valid Ruby +# code. +# +# -s Overrides the default .gemspec location. +# -d Add development dependecy. +# +%gemspec_add_dep(g:s:d) \ +read -d '' gemspec_add_dep_script << 'EOR' || : \ + gemspec_file = '%{-s*}%{!?-s:./%{gem_name}.gemspec}' \ + \ + name = '%{-g*}' \ + requirements = %{*}%{!?1:nil} \ + \ + type = :%{!?-d:runtime}%{?-d:development} \ + \ + spec = Gem::Specification.load(gemspec_file) \ + abort("#{gemspec_file} is not accessible.") unless spec \ + \ + dep = spec.dependencies.detect { |d| d.type == type && d.name == name } \ + if dep \ + dep.requirement.concat requirements \ + else \ + spec.public_send "add_#{type}_dependency", name, requirements \ + end \ + File.write gemspec_file, spec.to_ruby \ +EOR\ +echo "$gemspec_add_dep_script" | ruby \ +unset -v gemspec_add_dep_script \ +%{nil} + + +# %gemspec_remove_dep - Remove dependency from .gemspec. +# +# Usage: %gemspec_remove_dep -g [options] [requirements] +# +# Remove dependency named from .gemspec file. The macro removes runtime +# dependency by default. The [requirements] argument can be used to specify +# the dependency constraints more precisely. It is expected to be valid Ruby +# code. The macro fails if these specific requirements can't be removed. +# +# -s Overrides the default .gemspec location. +# -d Remove development dependecy. +# +%gemspec_remove_dep(g:s:d) \ +read -d '' gemspec_remove_dep_script << 'EOR' || : \ + gemspec_file = '%{-s*}%{!?-s:./%{gem_name}.gemspec}' \ + \ + name = '%{-g*}' \ + requirements = %{*}%{!?1:nil} \ + \ + type = :%{!?-d:runtime}%{?-d:development} \ + \ + spec = Gem::Specification.load(gemspec_file) \ + abort("#{gemspec_file} is not accessible.") unless spec \ + \ + dep = spec.dependencies.detect { |d| d.type == type && d.name == name } \ + if dep \ + if requirements \ + requirements = Gem::Requirement.create(requirements).requirements \ + requirements.each do |r| \ + unless dep.requirement.requirements.reject! { |dependency_requirements| dependency_requirements == r } \ + abort("Requirement '#{r.first} #{r.last}' was not possible to remove for dependency '#{dep}'!") \ + end \ + end \ + spec.dependencies.delete dep if dep.requirement.requirements.empty? \ + else \ + spec.dependencies.delete dep \ + end \ + else \ + abort("Dependency '#{name}' was not found!") \ + end \ + File.write gemspec_file, spec.to_ruby \ +EOR\ +echo "$gemspec_remove_dep_script" | ruby \ +unset -v gemspec_remove_dep_script \ +%{nil} + + +# %%gemspec_add_file - Add files to various files lists in .gemspec. +# +# Usage: %%gemspec_add_file [options] +# +# Add files to .gemspec file. is expected to be valid Ruby code. +# Path to file is expected. Does not check real files in any way. +# By default, `files` list is edited. +# +# -s Overrides the default .gemspec location. +# -t Edit test_files only. +# -r Edit extra_rdoc_files only. +# +%gemspec_add_file(s:tr) \ +read -d '' gemspec_add_file_script << 'EOR' || : \ + gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \ + \ + abort("gemspec_add_file: Use only one '-t' or '-r' at a time.") if "%{?-t}%{?-r}" == "-t-r" \ + \ + filenames = %{*}%{!?1:nil} \ + filenames = Array(filenames) \ + \ + spec = Gem::Specification.load(gemspec_file) \ + abort("#{gemspec_file} is not accessible.") unless spec \ + \ + spec.%{?-t:test_}%{?-r:extra_rdoc_}files += filenames \ + File.write gemspec_file, spec.to_ruby \ +EOR\ +echo "$gemspec_add_file_script" | ruby \ +unset -v gemspec_add_file_script \ +%{nil} + + +# %%gemspec_remove_file - Remove files from various files lists in .gemspec. +# +# Usage: %%gemspec_remove_file [options] +# +# Remove files from .gemspec file. is expected to be valid Ruby code. +# Path to file is expected. Does not check/remove real files in any way. +# By default, `files` list is edited. File has to be removed from `test_files` +# first in order to be removable from `files`. +# +# -s Overrides the default .gemspec location. +# -t Edit test_files only. +# -r Edit extra_rdoc_files only. +# +%gemspec_remove_file(s:tr) \ +read -d '' gemspec_remove_file_script << 'EOR' || : \ + gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \ + \ + abort("gemspec_remove_file: Use only one '-t' or '-r' at a time.") if "%{?-t}%{?-r}" == "-t-r" \ + \ + filenames = %{*}%{!?1:nil} \ + filenames = Array(filenames) \ + \ + spec = Gem::Specification.load(gemspec_file) \ + abort("#{gemspec_file} is not accessible.") unless spec \ + \ + spec.%{?-t:test_}%{?-r:extra_rdoc_}files -= filenames \ + File.write gemspec_file, spec.to_ruby \ +EOR\ +echo "$gemspec_remove_file_script" | ruby \ +unset -v gemspec_remove_file_script \ +%{nil} diff --git a/SOURCES/operating_system.rb b/SOURCES/operating_system.rb new file mode 100644 index 0000000..ff3477e --- /dev/null +++ b/SOURCES/operating_system.rb @@ -0,0 +1,86 @@ +module Gem + class << self + + ## + # Returns full path of previous but one directory of dir in path + # E.g. for '/usr/share/ruby', 'ruby', it returns '/usr' + + def previous_but_one_dir_to(path, dir) + split_path = path.split(File::SEPARATOR) + File.join(split_path.take_while { |one_dir| one_dir !~ /^#{dir}$/ }[0..-2]) + end + private :previous_but_one_dir_to + + ## + # Default gems locations allowed on FHS system (/usr, /usr/share). + # The locations are derived from directories specified during build + # configuration. + + def default_locations + @default_locations ||= { + :system => previous_but_one_dir_to(ConfigMap[:vendordir], ConfigMap[:RUBY_INSTALL_NAME]), + :local => previous_but_one_dir_to(ConfigMap[:sitedir], ConfigMap[:RUBY_INSTALL_NAME]) + } + end + + ## + # For each location provides set of directories for binaries (:bin_dir) + # platform independent (:gem_dir) and dependent (:ext_dir) files. + + def default_dirs + @libdir ||= case RUBY_PLATFORM + when 'java' + ConfigMap[:datadir] + else + ConfigMap[:libdir] + end + + @default_dirs ||= Hash[default_locations.collect do |destination, path| + [destination, { + :bin_dir => File.join(path, ConfigMap[:bindir].split(File::SEPARATOR).last), + :gem_dir => File.join(path, ConfigMap[:datadir].split(File::SEPARATOR).last, 'gems'), + :ext_dir => File.join(path, @libdir.split(File::SEPARATOR).last, 'gems') + }] + end] + end + + ## + # Remove methods we are going to override. This avoids "method redefined;" + # warnings otherwise issued by Ruby. + + remove_method :default_dir if method_defined? :default_dir + remove_method :default_path if method_defined? :default_path + remove_method :default_bindir if method_defined? :default_bindir + remove_method :default_ext_dir_for if method_defined? :default_ext_dir_for + + ## + # RubyGems default overrides. + + def default_dir + if Process.uid == 0 + Gem.default_dirs[:local][:gem_dir] + else + Gem.user_dir + end + end + + def default_path + path = default_dirs.collect {|location, paths| paths[:gem_dir]} + path.unshift Gem.user_dir if File.exist? Gem.user_home + path + end + + def default_bindir + if Process.uid == 0 + Gem.default_dirs[:local][:bin_dir] + else + File.join [Dir.home, 'bin'] + end + end + + def default_ext_dir_for base_dir + dirs = Gem.default_dirs.detect {|location, paths| paths[:gem_dir] == base_dir} + dirs && File.join(dirs.last[:ext_dir], RbConfig::CONFIG['RUBY_INSTALL_NAME']) + end + end +end diff --git a/SOURCES/ruby-1.9.3-always-use-i386.patch b/SOURCES/ruby-1.9.3-always-use-i386.patch new file mode 100644 index 0000000..761f8f2 --- /dev/null +++ b/SOURCES/ruby-1.9.3-always-use-i386.patch @@ -0,0 +1,25 @@ +From 796aa193a0e01f3035361f045ac66486d71f608a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Mon, 19 Nov 2012 14:37:28 +0100 +Subject: [PATCH] Always use i386. + +--- + configure.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/configure.in b/configure.in +index 418b0cb..d26fe5b 100644 +--- a/configure.in ++++ b/configure.in +@@ -3471,6 +3471,8 @@ AC_SUBST(vendorarchdir)dnl + configure_args=$ac_configure_args + AC_SUBST(configure_args)dnl + ++target_cpu=`echo $target_cpu | sed s/i.86/i386/` ++ + if test "${universal_binary-no}" = yes ; then + arch="universal-${target_os}" + AC_CACHE_CHECK(whether __ARCHITECTURE__ is available, rb_cv_architecture_available, +-- +1.8.1 + diff --git a/SOURCES/ruby-1.9.3-custom-rubygems-location.patch b/SOURCES/ruby-1.9.3-custom-rubygems-location.patch new file mode 100644 index 0000000..7bcc443 --- /dev/null +++ b/SOURCES/ruby-1.9.3-custom-rubygems-location.patch @@ -0,0 +1,84 @@ +From b5e9dc3683cb085aa57e7b12c35a4f21b2cc1482 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 11 Nov 2011 13:14:45 +0100 +Subject: [PATCH] Allow to install RubyGems into custom location, outside of + Ruby tree. + +--- + configure.in | 8 ++++++++ + tool/rbinstall.rb | 9 +++++++++ + version.c | 4 ++++ + 3 files changed, 21 insertions(+) + +diff --git a/configure.in b/configure.in +index 1627d12..e064b2b 100644 +--- a/configure.in ++++ b/configure.in +@@ -3401,6 +3401,13 @@ AC_ARG_WITH(vendorarchdir, + [vendorarchdir=$withval], + [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby/${ruby_version}'}${multiarch-'${vendorlibdir}/${sitearch}'}]) + ++AC_ARG_WITH(rubygemsdir, ++ AS_HELP_STRING([--with-rubygemsdir=DIR], [custom rubygems directory]), ++ [rubygemsdir=$withval]) ++if test "$rubygemsdir" != ""; then ++ AC_DEFINE_UNQUOTED(RUBYGEMS_DIR,"$rubygemsdir" !!) ++fi ++ + unexpand_shvar rubylibprefix exec_prefix libdir RUBY_BASE_NAME + unexpand_shvar rubyarchprefix exec_prefix libdir arch RUBY_BASE_NAME archlibdir rubylibprefix + unexpand_shvar rubysitearchprefix exec_prefix libdir sitearch arch RUBY_BASE_NAME archlibdir sitearchlibdir rubylibprefix +@@ -3467,6 +3474,7 @@ AC_SUBST(sitearchdir)dnl + AC_SUBST(vendordir)dnl + AC_SUBST(vendorlibdir)dnl + AC_SUBST(vendorarchdir)dnl ++AC_SUBST(rubygemsdir)dnl + + configure_args=$ac_configure_args + AC_SUBST(configure_args)dnl +diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb +index 92e54c6..c72dfb6 100755 +--- a/tool/rbinstall.rb ++++ b/tool/rbinstall.rb +@@ -320,6 +320,7 @@ sitelibdir = CONFIG["sitelibdir"] + sitearchlibdir = CONFIG["sitearchdir"] + vendorlibdir = CONFIG["vendorlibdir"] + vendorarchlibdir = CONFIG["vendorarchdir"] ++rubygemsdir = CONFIG["rubygemsdir"] + mandir = CONFIG["mandir", true] + docdir = CONFIG["docdir", true] + configure_args = Shellwords.shellwords(CONFIG["configure_args"]) +@@ -507,7 +508,15 @@ end + install?(:local, :comm, :lib) do + prepare "library scripts", rubylibdir + noinst = %w[README* *.txt *.rdoc *.gemspec] ++ noinst += %w[*ubygems.rb rubygems/ datadir.rb] if rubygemsdir + install_recursive(File.join(srcdir, "lib"), rubylibdir, :no_install => noinst, :mode => $data_mode) ++ if rubygemsdir ++ noinst = %w[obsolete.rb] ++ install_recursive(File.join(srcdir, "lib", "rubygems"), File.join(rubygemsdir, "rubygems"), :mode => $data_mode) ++ install_recursive(File.join(srcdir, "lib", "rbconfig"), File.join(rubygemsdir, "rbconfig"), :no_install => noinst, :mode => $data_mode) ++ install(File.join(srcdir, "lib", "ubygems.rb"), File.join(rubygemsdir, "ubygems.rb"), :mode => $data_mode) ++ install(File.join(srcdir, "lib", "rubygems.rb"), File.join(rubygemsdir, "rubygems.rb"), :mode => $data_mode) ++ end + end + + install?(:local, :arch, :lib) do +diff --git a/version.c b/version.c +index 54c4513..d76100b 100644 +--- a/version.c ++++ b/version.c +@@ -99,6 +99,10 @@ const char ruby_initial_load_paths[] = + #endif + #endif + ++#ifdef RUBYGEMS_DIR ++ RUBYGEMS_DIR "\0" ++#endif ++ + RUBY_LIB "\0" + #ifdef RUBY_THINARCH + RUBY_ARCH_LIB_FOR(RUBY_THINARCH) "\0" +-- +1.8.1.2 + diff --git a/SOURCES/ruby-1.9.3-mkmf-verbose.patch b/SOURCES/ruby-1.9.3-mkmf-verbose.patch new file mode 100644 index 0000000..ca72051 --- /dev/null +++ b/SOURCES/ruby-1.9.3-mkmf-verbose.patch @@ -0,0 +1,25 @@ +From ec16398159a161fc77436b4855d489f193b2515b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Mon, 19 Nov 2012 15:14:51 +0100 +Subject: [PATCH] Verbose mkmf. + +--- + lib/mkmf.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/mkmf.rb b/lib/mkmf.rb +index 4b6c52e..67a15ee 100644 +--- a/lib/mkmf.rb ++++ b/lib/mkmf.rb +@@ -1784,7 +1784,7 @@ SRC + SHELL = /bin/sh + + # V=0 quiet, V=1 verbose. other values don't work. +-V = 0 ++V = 1 + Q1 = $(V:1=) + Q = $(Q1:0=@) + ECHO1 = $(V:1=@#{CONFIG['NULLCMD']}) +-- +1.8.1.2 + diff --git a/SOURCES/ruby-1.9.3.p195-fix-webrick-tests.patch b/SOURCES/ruby-1.9.3.p195-fix-webrick-tests.patch new file mode 100644 index 0000000..b340bff --- /dev/null +++ b/SOURCES/ruby-1.9.3.p195-fix-webrick-tests.patch @@ -0,0 +1,13 @@ +diff --git a/test/runner.rb b/test/runner.rb +index 49844c7..8e59a85 100644 +--- a/test/runner.rb ++++ b/test/runner.rb +@@ -2,6 +2,8 @@ require 'rbconfig' + + require 'test/unit' + ++require_relative 'ruby/envutil' ++ + src_testdir = File.dirname(File.realpath(__FILE__)) + $LOAD_PATH << src_testdir + module Gem diff --git a/SOURCES/ruby-2-2.10-webrick-avoid-large-request-fix-tests.patch b/SOURCES/ruby-2-2.10-webrick-avoid-large-request-fix-tests.patch new file mode 100644 index 0000000..aad50c7 --- /dev/null +++ b/SOURCES/ruby-2-2.10-webrick-avoid-large-request-fix-tests.patch @@ -0,0 +1,43 @@ +diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb +index 842668f54e..8bd976c933 100644 +--- a/test/webrick/test_httpauth.rb ++++ b/test/webrick/test_httpauth.rb +@@ -197,11 +197,11 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase + } + assert_equal([], log) + } +- TestWEBrick.start_httpserver({}, log_tester) {|server, addr, port, log| ++ TestWEBrick.start_httpserver_with_log({}, log_tester) {|server, addr, port, log| + realm = "wb auth-int realm" + path = "/digest_auth_int" + +- Tempfile.create("test_webrick_auth_int") {|tmpfile| ++ Tempfile.open("test_webrick_auth_int") {|tmpfile| + tmpfile.close + tmp_pass = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path) + tmp_pass.set_passwd(realm, "foo", "Hunter2") +diff --git a/test/webrick/test_httpserver.rb b/test/webrick/test_httpserver.rb +index f1d58b40f5..594f578d2d 100644 +--- a/test/webrick/test_httpserver.rb ++++ b/test/webrick/test_httpserver.rb +@@ -372,7 +372,7 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase + assert_equal 1, log.size + assert log[0].include?('ERROR headers too large') + } +- TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log| ++ TestWEBrick.start_httpserver_with_log({}, log_tester){|server, addr, port, log| + server.mount('/', WEBrick::HTTPServlet::FileHandler, __FILE__) + TCPSocket.open(addr, port) do |c| + c.write("GET / HTTP/1.0\r\n") +@@ -389,7 +389,7 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase + assert_equal 1, log.size + assert log[0].include?('ERROR bad chunk data size') + end +- TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log| ++ TestWEBrick.start_httpserver_with_log({}, log_tester){|server, addr, port, log| + server.mount_proc('/', ->(req, res) { res.body = req.body }) + TCPSocket.open(addr, port) do |c| + c.write("POST / HTTP/1.1\r\nHost: example.com\r\n" \ +-- +2.17.1 + diff --git a/SOURCES/ruby-2-2.10-webrick-avoid-large-request.patch b/SOURCES/ruby-2-2.10-webrick-avoid-large-request.patch new file mode 100644 index 0000000..c9555c9 --- /dev/null +++ b/SOURCES/ruby-2-2.10-webrick-avoid-large-request.patch @@ -0,0 +1,386 @@ +From ae0065be15b3253042b65baa54f2953f3a6e6926 Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 28 Mar 2018 14:47:30 +0000 +Subject: [PATCH] merge revision(s) 62960-62965: +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + webrick: use IO.copy_stream for multipart response + + Use the new Proc response body feature to generate a multipart + range response dynamically. We use a flat array to minimize + object overhead as much as possible; as many ranges may fit + into an HTTP request header. + + * lib/webrick/httpservlet/filehandler.rb (multipart_body): new method + (make_partial_content): use multipart_body + ------------------------------------------------------------------------ + r62960 | normal | 2018-03-28 17:06:23 +0900 (水, 28 3 2018) | 13 lines + + webrick/httprequest: limit request headers size + + We use the same 112 KB limit started (AFAIK) by Mongrel, Thin, + and Puma to prevent malicious users from using up all the memory + with a single request. This also limits the damage done by + excessive ranges in multipart Range: requests. + + Due to the way we rely on IO#gets and the desire to keep + the code simple, the actual maximum header may be 4093 bytes + larger than 112 KB, but we're splitting hairs at that point. + + * lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH + (read_header): raise when headers exceed max length + ------------------------------------------------------------------------ + r62961 | normal | 2018-03-28 17:06:28 +0900 (水, 28 3 2018) | 9 lines + + webrick/httpservlet/cgihandler: reduce memory use + + WEBrick::HTTPRequest#body can be passed a block to process the + body in chunks. Use this feature to avoid building a giant + string in memory. + + * lib/webrick/httpservlet/cgihandler.rb (do_GET): + avoid reading entire request body into memory + (do_POST is aliased to do_GET, so it handles bodies) + ------------------------------------------------------------------------ + r62962 | normal | 2018-03-28 17:06:34 +0900 (水, 28 3 2018) | 7 lines + + webrick/httprequest: raise correct exception + + "BadRequest" alone does not resolve correctly, it is in the + HTTPStatus namespace. + + * lib/webrick/httprequest.rb (read_chunked): use correct exception + * test/webrick/test_httpserver.rb (test_eof_in_chunk): new test + ------------------------------------------------------------------------ + r62963 | normal | 2018-03-28 17:06:39 +0900 (水, 28 3 2018) | 9 lines + + webrick/httprequest: use InputBufferSize for chunked requests + + While WEBrick::HTTPRequest#body provides a Proc interface + for streaming large request bodies, clients must not force + the server to use an excessively large chunk size. + + * lib/webrick/httprequest.rb (read_chunk_size): limit each + read and block.call to :InputBufferSize in config. + * test/webrick/test_httpserver.rb (test_big_chunks): new test + ------------------------------------------------------------------------ + r62964 | normal | 2018-03-28 17:06:44 +0900 (水, 28 3 2018) | 9 lines + + webrick: add test for Digest auth-int + + No changes to the actual code, this is a new test for + a feature for which no tests existed. I don't understand + the Digest authentication code well at all, but this is + necessary for the subsequent change. + + * test/webrick/test_httpauth.rb (test_digest_auth_int): new test + (credentials_for_request): support bodies with POST + ------------------------------------------------------------------------ + r62965 | normal | 2018-03-28 17:06:49 +0900 (水, 28 3 2018) | 18 lines + + webrick/httpauth/digestauth: stream req.body + + WARNING! WARNING! WARNING! LIKELY BROKEN CHANGE + + Pass a proc to WEBrick::HTTPRequest#body to avoid reading a + potentially large request body into memory during + authentication. + + WARNING! this will break apps completely which want to do + something with the body besides calculating the MD5 digest + of it. + + Also, keep in mind that probably nobody uses "auth-int". + Servers such as Apache, lighttpd, nginx don't seem to + support it; nor does curl when using POST/PUT bodies; + and we didn't have tests for it until now... + + * lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63021 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/webrick/httpauth/digestauth.rb | 8 ++- + lib/webrick/httprequest.rb | 23 +++++-- + lib/webrick/httpservlet/cgihandler.rb | 4 +- + test/webrick/test_httpauth.rb | 90 ++++++++++++++++++++++++++- + test/webrick/test_httpserver.rb | 67 ++++++++++++++++++++ + 5 files changed, 178 insertions(+), 14 deletions(-) + +diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb +index 78ad45b233..2a2319e9b1 100644 +--- a/lib/webrick/httpauth/digestauth.rb ++++ b/lib/webrick/httpauth/digestauth.rb +@@ -235,9 +235,11 @@ module WEBrick + ha2 = hexdigest(req.request_method, auth_req['uri']) + ha2_res = hexdigest("", auth_req['uri']) + elsif auth_req['qop'] == "auth-int" +- ha2 = hexdigest(req.request_method, auth_req['uri'], +- hexdigest(req.body)) +- ha2_res = hexdigest("", auth_req['uri'], hexdigest(res.body)) ++ body_digest = @h.new ++ req.body { |chunk| body_digest.update(chunk) } ++ body_digest = body_digest.hexdigest ++ ha2 = hexdigest(req.request_method, auth_req['uri'], body_digest) ++ ha2_res = hexdigest("", auth_req['uri'], body_digest) + end + + if auth_req['qop'] == "auth" || auth_req['qop'] == "auth-int" +diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb +index 76420730b1..b3bcea7b3d 100644 +--- a/lib/webrick/httprequest.rb ++++ b/lib/webrick/httprequest.rb +@@ -412,9 +412,13 @@ module WEBrick + + MAX_URI_LENGTH = 2083 # :nodoc: + ++ # same as Mongrel, Thin and Puma ++ MAX_HEADER_LENGTH = (112 * 1024) # :nodoc: ++ + def read_request_line(socket) + @request_line = read_line(socket, MAX_URI_LENGTH) if socket +- if @request_line.bytesize >= MAX_URI_LENGTH and @request_line[-1, 1] != LF ++ @request_bytes = @request_line.bytesize ++ if @request_bytes >= MAX_URI_LENGTH and @request_line[-1, 1] != LF + raise HTTPStatus::RequestURITooLarge + end + @request_time = Time.now +@@ -433,6 +437,9 @@ module WEBrick + if socket + while line = read_line(socket) + break if /\A(#{CRLF}|#{LF})\z/om =~ line ++ if (@request_bytes += line.bytesize) > MAX_HEADER_LENGTH ++ raise HTTPStatus::RequestEntityTooLarge, 'headers too large' ++ end + @raw_header << line + end + end +@@ -500,12 +507,16 @@ module WEBrick + def read_chunked(socket, block) + chunk_size, = read_chunk_size(socket) + while chunk_size > 0 +- data = read_data(socket, chunk_size) # read chunk-data +- if data.nil? || data.bytesize != chunk_size +- raise BadRequest, "bad chunk data size." +- end ++ begin ++ sz = [ chunk_size, @buffer_size ].min ++ data = read_data(socket, sz) # read chunk-data ++ if data.nil? || data.bytesize != sz ++ raise HTTPStatus::BadRequest, "bad chunk data size." ++ end ++ block.call(data) ++ end while (chunk_size -= sz) > 0 ++ + read_line(socket) # skip CRLF +- block.call(data) + chunk_size, = read_chunk_size(socket) + end + read_header(socket) # trailer + CRLF +diff --git a/lib/webrick/httpservlet/cgihandler.rb b/lib/webrick/httpservlet/cgihandler.rb +index 7c012ca64b..d5ba756437 100644 +--- a/lib/webrick/httpservlet/cgihandler.rb ++++ b/lib/webrick/httpservlet/cgihandler.rb +@@ -66,9 +66,7 @@ module WEBrick + cgi_in.write("%8d" % dump.bytesize) + cgi_in.write(dump) + +- if req.body and req.body.bytesize > 0 +- cgi_in.write(req.body) +- end ++ req.body { |chunk| cgi_in.write(chunk) } + ensure + cgi_in.close + status = $?.exitstatus +diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb +index 2414be9096..842668f54e 100644 +--- a/test/webrick/test_httpauth.rb ++++ b/test/webrick/test_httpauth.rb +@@ -3,6 +3,7 @@ require "net/http" + require "tempfile" + require "webrick" + require "webrick/httpauth/basicauth" ++require "stringio" + require_relative "utils" + + class TestWEBrickHTTPAuth < Test::Unit::TestCase +@@ -182,12 +183,97 @@ class TestWEBrickHTTPAuth < Test::Unit::TestCase + } + end + ++ def test_digest_auth_int ++ log_tester = lambda {|log, access_log| ++ log.reject! {|line| /\A\s*\z/ =~ line } ++ pats = [ ++ /ERROR Digest wb auth-int realm: no credentials in the request\./, ++ /ERROR WEBrick::HTTPStatus::Unauthorized/, ++ /ERROR Digest wb auth-int realm: foo: digest unmatch\./ ++ ] ++ pats.each {|pat| ++ assert(!log.grep(pat).empty?, "webrick log doesn't have expected error: #{pat.inspect}") ++ log.reject! {|line| pat =~ line } ++ } ++ assert_equal([], log) ++ } ++ TestWEBrick.start_httpserver({}, log_tester) {|server, addr, port, log| ++ realm = "wb auth-int realm" ++ path = "/digest_auth_int" ++ ++ Tempfile.create("test_webrick_auth_int") {|tmpfile| ++ tmpfile.close ++ tmp_pass = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path) ++ tmp_pass.set_passwd(realm, "foo", "Hunter2") ++ tmp_pass.flush ++ ++ htdigest = WEBrick::HTTPAuth::Htdigest.new(tmpfile.path) ++ users = [] ++ htdigest.each{|user, pass| users << user } ++ assert_equal %w(foo), users ++ ++ auth = WEBrick::HTTPAuth::DigestAuth.new( ++ :Realm => realm, :UserDB => htdigest, ++ :Algorithm => 'MD5', ++ :Logger => server.logger, ++ :Qop => %w(auth-int), ++ ) ++ server.mount_proc(path){|req, res| ++ auth.authenticate(req, res) ++ res.body = "bbb" ++ } ++ Net::HTTP.start(addr, port) do |http| ++ post = Net::HTTP::Post.new(path) ++ params = {} ++ data = 'hello=world' ++ body = StringIO.new(data) ++ post.content_length = data.bytesize ++ post['Content-Type'] = 'application/x-www-form-urlencoded' ++ post.body_stream = body ++ ++ http.request(post) do |res| ++ assert_equal('401', res.code, log.call) ++ res["www-authenticate"].scan(DIGESTRES_) do |key, quoted, token| ++ params[key.downcase] = token || quoted.delete('\\') ++ end ++ params['uri'] = "http://#{addr}:#{port}#{path}" ++ end ++ ++ body.rewind ++ cred = credentials_for_request('foo', 'Hunter3', params, body) ++ post['Authorization'] = cred ++ post.body_stream = body ++ http.request(post){|res| ++ assert_equal('401', res.code, log.call) ++ assert_not_equal("bbb", res.body, log.call) ++ } ++ ++ body.rewind ++ cred = credentials_for_request('foo', 'Hunter2', params, body) ++ post['Authorization'] = cred ++ post.body_stream = body ++ http.request(post){|res| assert_equal("bbb", res.body, log.call)} ++ end ++ } ++ } ++ end ++ + private +- def credentials_for_request(user, password, params) ++ def credentials_for_request(user, password, params, body = nil) + cnonce = "hoge" + nonce_count = 1 + ha1 = "#{user}:#{params['realm']}:#{password}" +- ha2 = "GET:#{params['uri']}" ++ if body ++ dig = Digest::MD5.new ++ while buf = body.read(16384) ++ dig.update(buf) ++ end ++ body.rewind ++ ha2 = "POST:#{params['uri']}:#{dig.hexdigest}" ++ else ++ ha2 = "GET:#{params['uri']}" ++ end ++ + request_digest = + "#{Digest::MD5.hexdigest(ha1)}:" \ + "#{params['nonce']}:#{'%08x' % nonce_count}:#{cnonce}:#{params['qop']}:" \ +diff --git a/test/webrick/test_httpserver.rb b/test/webrick/test_httpserver.rb +index ffebf7e843..f1d58b40f5 100644 +--- a/test/webrick/test_httpserver.rb ++++ b/test/webrick/test_httpserver.rb +@@ -366,4 +366,71 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase + } + assert_equal(requested, 1) + end ++ ++ def test_gigantic_request_header ++ log_tester = lambda {|log, access_log| ++ assert_equal 1, log.size ++ assert log[0].include?('ERROR headers too large') ++ } ++ TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log| ++ server.mount('/', WEBrick::HTTPServlet::FileHandler, __FILE__) ++ TCPSocket.open(addr, port) do |c| ++ c.write("GET / HTTP/1.0\r\n") ++ junk = "X-Junk: #{' ' * 1024}\r\n" ++ assert_raise(Errno::ECONNRESET, Errno::EPIPE) do ++ loop { c.write(junk) } ++ end ++ end ++ } ++ end ++ ++ def test_eof_in_chunk ++ log_tester = lambda do |log, access_log| ++ assert_equal 1, log.size ++ assert log[0].include?('ERROR bad chunk data size') ++ end ++ TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log| ++ server.mount_proc('/', ->(req, res) { res.body = req.body }) ++ TCPSocket.open(addr, port) do |c| ++ c.write("POST / HTTP/1.1\r\nHost: example.com\r\n" \ ++ "Transfer-Encoding: chunked\r\n\r\n5\r\na") ++ c.shutdown(Socket::SHUT_WR) # trigger EOF in server ++ res = c.read ++ assert_match %r{\AHTTP/1\.1 400 }, res ++ end ++ } ++ end ++ ++ def test_big_chunks ++ nr_out = 3 ++ buf = 'big' # 3 bytes is bigger than 2! ++ config = { :InputBufferSize => 2 }.freeze ++ total = 0 ++ all = '' ++ TestWEBrick.start_httpserver(config){|server, addr, port, log| ++ server.mount_proc('/', ->(req, res) { ++ err = [] ++ ret = req.body do |chunk| ++ n = chunk.bytesize ++ n > config[:InputBufferSize] and err << "#{n} > :InputBufferSize" ++ total += n ++ all << chunk ++ end ++ ret.nil? or err << 'req.body should return nil' ++ (buf * nr_out) == all or err << 'input body does not match expected' ++ res.header['connection'] = 'close' ++ res.body = err.join("\n") ++ }) ++ TCPSocket.open(addr, port) do |c| ++ c.write("POST / HTTP/1.1\r\nHost: example.com\r\n" \ ++ "Transfer-Encoding: chunked\r\n\r\n") ++ chunk = "#{buf.bytesize.to_s(16)}\r\n#{buf}\r\n" ++ nr_out.times { c.write(chunk) } ++ c.write("0\r\n\r\n") ++ head, body = c.read.split("\r\n\r\n") ++ assert_match %r{\AHTTP/1\.1 200 OK}, head ++ assert_nil body ++ end ++ } ++ end + end +-- +2.17.1 + diff --git a/SOURCES/ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch new file mode 100644 index 0000000..238a503 --- /dev/null +++ b/SOURCES/ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -0,0 +1,70 @@ +From e943a89efd63dcfb80a0ab8d9a4db37f523f508e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 8 Feb 2013 22:48:41 +0100 +Subject: [PATCH] Prevent duplicated paths when empty version string is + configured. + +--- + configure.in | 3 +++ + version.c | 10 ++++++++++ + 2 files changed, 13 insertions(+) + +diff --git a/configure.in b/configure.in +index 5850bbf..7604bb8 100644 +--- a/configure.in ++++ b/configure.in +@@ -3419,6 +3419,9 @@ unexpand_shvar exec_prefix prefix + if test ${RUBY_LIB_VERSION_STYLE+set}; then + AC_DEFINE_UNQUOTED(RUBY_LIB_VERSION_STYLE, $RUBY_LIB_VERSION_STYLE !!) + else ++ if test "x${ruby_version}" = 'x'; then ++ AC_DEFINE(RUBY_LIB_VERSION_BLANK, 1) ++ fi + AC_DEFINE_UNQUOTED(RUBY_LIB_VERSION, [$RUBY_LIB_VERSION] !!) + fi + AC_DEFINE_UNQUOTED(RUBY_EXEC_PREFIX, ${RUBY_EXEC_PREFIX}) +diff --git a/version.c b/version.c +index 282960d..54c4513 100644 +--- a/version.c ++++ b/version.c +@@ -39,9 +39,15 @@ + #define RUBY_VENDOR_LIB RUBY_LIB_PREFIX"/vendor_ruby" + #endif + ++#ifdef RUBY_LIB_VERSION_BLANK ++#define RUBY_LIB RUBY_LIB_PREFIX ++#define RUBY_SITE_LIB2 RUBY_SITE_LIB ++#define RUBY_VENDOR_LIB2 RUBY_VENDOR_LIB ++#else + #define RUBY_LIB RUBY_LIB_PREFIX "/"RUBY_LIB_VERSION + #define RUBY_SITE_LIB2 RUBY_SITE_LIB "/"RUBY_LIB_VERSION + #define RUBY_VENDOR_LIB2 RUBY_VENDOR_LIB "/"RUBY_LIB_VERSION ++#endif + #ifndef RUBY_ARCH_LIB_FOR + #define RUBY_ARCH_LIB_FOR(arch) RUBY_LIB "/"arch + #endif +@@ -77,8 +83,10 @@ const char ruby_initial_load_paths[] = + RUBY_SITE_ARCH_LIB_FOR(RUBY_THINARCH) "\0" + #endif + RUBY_SITE_ARCH_LIB_FOR(RUBY_SITEARCH) "\0" ++#ifndef RUBY_LIB_VERSION_BLANK + RUBY_SITE_LIB "\0" + #endif ++#endif + + #ifndef NO_RUBY_VENDOR_LIB + RUBY_VENDOR_LIB2 "\0" +@@ -86,8 +94,10 @@ const char ruby_initial_load_paths[] = + RUBY_VENDOR_ARCH_LIB_FOR(RUBY_THINARCH) "\0" + #endif + RUBY_VENDOR_ARCH_LIB_FOR(RUBY_SITEARCH) "\0" ++#ifndef RUBY_LIB_VERSION_BLANK + RUBY_VENDOR_LIB "\0" + #endif ++#endif + + RUBY_LIB "\0" + #ifdef RUBY_THINARCH +-- +1.8.1.2 + diff --git a/SOURCES/ruby-2.0.0-p195-aarch64.patch b/SOURCES/ruby-2.0.0-p195-aarch64.patch new file mode 100644 index 0000000..8009d32 --- /dev/null +++ b/SOURCES/ruby-2.0.0-p195-aarch64.patch @@ -0,0 +1,360 @@ +diff -urN ruby-2.0.0-p0/tool/config.guess ruby-2.0.0-p0-aarch64/tool/config.guess +--- ruby-2.0.0-p0/tool/config.guess 2012-01-29 07:50:18.000000000 -0600 ++++ ruby-2.0.0-p0-aarch64/tool/config.guess 2013-03-08 07:15:49.233030866 -0600 +@@ -2,9 +2,9 @@ + # Attempt to guess a canonical system name. + # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, + # 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, +-# 2011 Free Software Foundation, Inc. ++# 2011, 2012 Free Software Foundation, Inc. + +-timestamp='2011-11-11' ++timestamp='2012-09-25' + + # This file is free software; you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by +@@ -17,9 +17,7 @@ + # General Public License for more details. + # + # You should have received a copy of the GNU General Public License +-# along with this program; if not, write to the Free Software +-# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +-# 02110-1301, USA. ++# along with this program; if not, see . + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -57,8 +55,8 @@ + + Originally written by Per Bothner. + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -145,7 +143,7 @@ + case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or +- # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, ++ # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward +@@ -202,6 +200,10 @@ + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; ++ *:Bitrig:*:*) ++ UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` ++ echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} ++ exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} +@@ -304,7 +306,7 @@ + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; +- arm:riscos:*:*|arm:RISCOS:*:*) ++ arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) +@@ -803,6 +805,9 @@ + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; ++ *:MINGW64*:*) ++ echo ${UNAME_MACHINE}-pc-mingw64 ++ exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; +@@ -863,6 +868,13 @@ + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; ++ aarch64:Linux:*:*) ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; ++ aarch64_be:Linux:*:*) ++ UNAME_MACHINE=aarch64_be ++ echo ${UNAME_MACHINE}-unknown-linux-gnu ++ exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; +@@ -897,16 +909,16 @@ + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + cris:Linux:*:*) +- echo cris-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + crisv32:Linux:*:*) +- echo crisv32-axis-linux-gnu ++ echo ${UNAME_MACHINE}-axis-linux-gnu + exit ;; + frv:Linux:*:*) +- echo frv-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + hexagon:Linux:*:*) +- echo hexagon-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + i*86:Linux:*:*) + LIBC=gnu +@@ -948,7 +960,7 @@ + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } + ;; + or32:Linux:*:*) +- echo or32-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu +@@ -989,7 +1001,7 @@ + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; + x86_64:Linux:*:*) +- echo x86_64-unknown-linux-gnu ++ echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu +@@ -1196,6 +1208,9 @@ + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; ++ x86_64:Haiku:*:*) ++ echo x86_64-unknown-haiku ++ exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; +@@ -1251,7 +1266,7 @@ + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; +- NSE-?:NONSTOP_KERNEL:*:*) ++ NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) +@@ -1320,11 +1335,11 @@ + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; ++ x86_64:VMkernel:*:*) ++ echo ${UNAME_MACHINE}-unknown-esx ++ exit ;; + esac + +-#echo '(No uname command or uname output not recognized.)' 1>&2 +-#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 +- + eval $set_cc_for_build + cat >$dummy.c <. + # + # As a special exception to the GNU General Public License, if you + # distribute this file as part of a program that contains a +@@ -76,8 +74,8 @@ + GNU config.sub ($timestamp) + + Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, +-2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free +-Software Foundation, Inc. ++2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012 ++Free Software Foundation, Inc. + + This is free software; see the source for copying conditions. There is NO + warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." +@@ -125,13 +123,17 @@ + maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ +- linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ ++ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; ++ android-linux) ++ os=-linux-android ++ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ++ ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] +@@ -154,7 +156,7 @@ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ +- -apple | -axis | -knuth | -cray | -microblaze) ++ -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; +@@ -223,6 +225,12 @@ + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; ++ -lynx*178) ++ os=-lynxos178 ++ ;; ++ -lynx*5) ++ os=-lynxos5 ++ ;; + -lynx*) + os=-lynxos + ;; +@@ -247,6 +255,7 @@ + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ ++ | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ +@@ -264,7 +273,7 @@ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ +- | maxq | mb | microblaze | mcore | mep | metag \ ++ | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ +@@ -319,8 +328,7 @@ + c6x) + basic_machine=tic6x-unknown + ;; +- m6811 | m68hc11 | m6812 | m68hc12 | picochip) +- # Motorola 68HC11/12. ++ m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; +@@ -333,7 +341,10 @@ + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; +- ++ xgate) ++ basic_machine=$basic_machine-unknown ++ os=-none ++ ;; + xscaleeb) + basic_machine=armeb-unknown + ;; +@@ -356,6 +367,7 @@ + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ ++ | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \ +@@ -377,7 +389,8 @@ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ +- | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \ ++ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ ++ | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ +@@ -719,7 +732,6 @@ + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +-# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 +@@ -777,9 +789,13 @@ + basic_machine=ns32k-utek + os=-sysv + ;; +- microblaze) ++ microblaze*) + basic_machine=microblaze-xilinx + ;; ++ mingw64) ++ basic_machine=x86_64-pc ++ os=-mingw64 ++ ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 +@@ -1341,15 +1357,15 @@ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ +- | -openbsd* | -solidbsd* \ ++ | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ +- | -mingw32* | -linux-gnu* | -linux-android* \ +- | -linux-newlib* | -linux-uclibc* \ ++ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ ++ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ +@@ -1532,6 +1548,9 @@ + c4x-* | tic4x-*) + os=-coff + ;; ++ hexagon-*) ++ os=-elf ++ ;; + tic54x-*) + os=-coff + ;; +@@ -1559,9 +1578,6 @@ + ;; + m68000-sun) + os=-sunos3 +- # This also exists in the configure program, but was not the +- # default. +- # os=-sunos4 + ;; + m68*-cisco) + os=-aout diff --git a/SOURCES/ruby-2.1.0-Adding-Psych.safe_load.patch b/SOURCES/ruby-2.1.0-Adding-Psych.safe_load.patch new file mode 100644 index 0000000..bbe73f1 --- /dev/null +++ b/SOURCES/ruby-2.1.0-Adding-Psych.safe_load.patch @@ -0,0 +1,904 @@ +From 7ceafcbdf5bd2155704839f97b869e689f66feeb Mon Sep 17 00:00:00 2001 +From: tenderlove +Date: Tue, 14 May 2013 17:26:41 +0000 +Subject: [PATCH] * ext/psych/lib/psych.rb: Adding Psych.safe_load for loading + a user defined, restricted subset of Ruby object types. * + ext/psych/lib/psych/class_loader.rb: A class loader for encapsulating the + logic for which objects are allowed to be deserialized. * + ext/psych/lib/psych/deprecated.rb: Changes to use the class loader * + ext/psych/lib/psych/exception.rb: ditto * ext/psych/lib/psych/json/stream.rb: + ditto * ext/psych/lib/psych/nodes/node.rb: ditto * + ext/psych/lib/psych/scalar_scanner.rb: ditto * ext/psych/lib/psych/stream.rb: + ditto * ext/psych/lib/psych/streaming.rb: ditto * + ext/psych/lib/psych/visitors/json_tree.rb: ditto * + ext/psych/lib/psych/visitors/to_ruby.rb: ditto * + ext/psych/lib/psych/visitors/yaml_tree.rb: ditto * ext/psych/psych_to_ruby.c: + ditto * test/psych/helper.rb: ditto * test/psych/test_safe_load.rb: tests for + restricted subset. * test/psych/test_scalar_scanner.rb: ditto * + test/psych/visitors/test_to_ruby.rb: ditto * + test/psych/visitors/test_yaml_tree.rb: ditto + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 24 +++++++ + ext/psych/lib/psych.rb | 57 +++++++++++++++-- + ext/psych/lib/psych/class_loader.rb | 101 ++++++++++++++++++++++++++++++ + ext/psych/lib/psych/deprecated.rb | 3 +- + ext/psych/lib/psych/exception.rb | 6 ++ + ext/psych/lib/psych/json/stream.rb | 1 + + ext/psych/lib/psych/nodes/node.rb | 4 +- + ext/psych/lib/psych/scalar_scanner.rb | 19 +++--- + ext/psych/lib/psych/stream.rb | 1 + + ext/psych/lib/psych/streaming.rb | 15 +++-- + ext/psych/lib/psych/visitors/json_tree.rb | 7 ++- + ext/psych/lib/psych/visitors/to_ruby.rb | 79 +++++++++++++---------- + ext/psych/lib/psych/visitors/yaml_tree.rb | 13 +++- + ext/psych/psych_to_ruby.c | 4 +- + test/psych/helper.rb | 2 +- + test/psych/test_safe_load.rb | 97 ++++++++++++++++++++++++++++ + test/psych/test_scalar_scanner.rb | 2 +- + test/psych/visitors/test_to_ruby.rb | 4 +- + test/psych/visitors/test_yaml_tree.rb | 4 +- + 19 files changed, 383 insertions(+), 60 deletions(-) + create mode 100644 ext/psych/lib/psych/class_loader.rb + create mode 100644 test/psych/test_safe_load.rb + +diff --git a/ChangeLog b/ChangeLog +index be56f61d3a19..e8ad02a53921 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -3137,6 +3137,30 @@ + + * include/ruby/intern.h: should include sys/time.h for struct timeval + if it exists. [ruby-list:49363] ++ ++Wed May 15 02:22:16 2013 Aaron Patterson ++ ++ * ext/psych/lib/psych.rb: Adding Psych.safe_load for loading a user ++ defined, restricted subset of Ruby object types. ++ * ext/psych/lib/psych/class_loader.rb: A class loader for ++ encapsulating the logic for which objects are allowed to be ++ deserialized. ++ * ext/psych/lib/psych/deprecated.rb: Changes to use the class loader ++ * ext/psych/lib/psych/exception.rb: ditto ++ * ext/psych/lib/psych/json/stream.rb: ditto ++ * ext/psych/lib/psych/nodes/node.rb: ditto ++ * ext/psych/lib/psych/scalar_scanner.rb: ditto ++ * ext/psych/lib/psych/stream.rb: ditto ++ * ext/psych/lib/psych/streaming.rb: ditto ++ * ext/psych/lib/psych/visitors/json_tree.rb: ditto ++ * ext/psych/lib/psych/visitors/to_ruby.rb: ditto ++ * ext/psych/lib/psych/visitors/yaml_tree.rb: ditto ++ * ext/psych/psych_to_ruby.c: ditto ++ * test/psych/helper.rb: ditto ++ * test/psych/test_safe_load.rb: tests for restricted subset. ++ * test/psych/test_scalar_scanner.rb: ditto ++ * test/psych/visitors/test_to_ruby.rb: ditto ++ * test/psych/visitors/test_yaml_tree.rb: ditto + + Tue May 14 20:21:41 2013 Eric Hodel + +diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb +index 66a0641f39d8..711b3c1377dc 100644 +--- a/ext/psych/lib/psych.rb ++++ b/ext/psych/lib/psych.rb +@@ -124,6 +124,55 @@ def self.load yaml, filename = nil + result ? result.to_ruby : result + end + ++ ### ++ # Safely load the yaml string in +yaml+. By default, only the following ++ # classes are allowed to be deserialized: ++ # ++ # * TrueClass ++ # * FalseClass ++ # * NilClass ++ # * Numeric ++ # * String ++ # * Array ++ # * Hash ++ # ++ # Recursive data structures are not allowed by default. Arbitrary classes ++ # can be allowed by adding those classes to the +whitelist+. They are ++ # additive. For example, to allow Date deserialization: ++ # ++ # Psych.safe_load(yaml, [Date]) ++ # ++ # Now the Date class can be loaded in addition to the classes listed above. ++ # ++ # Aliases can be explicitly allowed by changing the +aliases+ parameter. ++ # For example: ++ # ++ # x = [] ++ # x << x ++ # yaml = Psych.dump x ++ # Psych.safe_load yaml # => raises an exception ++ # Psych.safe_load yaml, [], [], true # => loads the aliases ++ # ++ # A Psych::DisallowedClass exception will be raised if the yaml contains a ++ # class that isn't in the whitelist. ++ # ++ # A Psych::BadAlias exception will be raised if the yaml contains aliases ++ # but the +aliases+ parameter is set to false. ++ def self.safe_load yaml, whitelist_classes = [], whitelist_symbols = [], aliases = false, filename = nil ++ result = parse(yaml, filename) ++ return unless result ++ ++ class_loader = ClassLoader::Restricted.new(whitelist_classes.map(&:to_s), ++ whitelist_symbols.map(&:to_s)) ++ scanner = ScalarScanner.new class_loader ++ if aliases ++ visitor = Visitors::ToRuby.new scanner, class_loader ++ else ++ visitor = Visitors::NoAliasRuby.new scanner, class_loader ++ end ++ visitor.accept result ++ end ++ + ### + # Parse a YAML string in +yaml+. Returns the first object of a YAML AST. + # +filename+ is used in the exception message if a Psych::SyntaxError is +@@ -234,7 +283,7 @@ def self.dump o, io = nil, options = {} + io = nil + end + +- visitor = Psych::Visitors::YAMLTree.new options ++ visitor = Psych::Visitors::YAMLTree.create options + visitor << o + visitor.tree.yaml io, options + end +@@ -246,7 +295,7 @@ def self.dump o, io = nil, options = {} + # + # Psych.dump_stream("foo\n ", {}) # => "--- ! \"foo\\n \"\n--- {}\n" + def self.dump_stream *objects +- visitor = Psych::Visitors::YAMLTree.new {} ++ visitor = Psych::Visitors::YAMLTree.create({}) + objects.each do |o| + visitor << o + end +@@ -256,7 +305,7 @@ def self.dump_stream *objects + ### + # Dump Ruby object +o+ to a JSON string. + def self.to_json o +- visitor = Psych::Visitors::JSONTree.new ++ visitor = Psych::Visitors::JSONTree.create + visitor << o + visitor.tree.yaml + end +@@ -314,7 +363,7 @@ def self.remove_type type_tag + @load_tags = {} + @dump_tags = {} + def self.add_tag tag, klass +- @load_tags[tag] = klass ++ @load_tags[tag] = klass.name + @dump_tags[klass] = tag + end + +diff --git a/ext/psych/lib/psych/class_loader.rb b/ext/psych/lib/psych/class_loader.rb +new file mode 100644 +index 000000000000..46c6b9362790 +--- /dev/null ++++ b/ext/psych/lib/psych/class_loader.rb +@@ -0,0 +1,101 @@ ++require 'psych/omap' ++require 'psych/set' ++ ++module Psych ++ class ClassLoader # :nodoc: ++ BIG_DECIMAL = 'BigDecimal' ++ COMPLEX = 'Complex' ++ DATE = 'Date' ++ DATE_TIME = 'DateTime' ++ EXCEPTION = 'Exception' ++ OBJECT = 'Object' ++ PSYCH_OMAP = 'Psych::Omap' ++ PSYCH_SET = 'Psych::Set' ++ RANGE = 'Range' ++ RATIONAL = 'Rational' ++ REGEXP = 'Regexp' ++ STRUCT = 'Struct' ++ SYMBOL = 'Symbol' ++ ++ def initialize ++ @cache = CACHE.dup ++ end ++ ++ def load klassname ++ return nil if !klassname || klassname.empty? ++ ++ find klassname ++ end ++ ++ def symbolize sym ++ symbol ++ sym.to_sym ++ end ++ ++ constants.each do |const| ++ konst = const_get const ++ define_method(const.to_s.downcase) do ++ load konst ++ end ++ end ++ ++ private ++ ++ def find klassname ++ @cache[klassname] ||= resolve(klassname) ++ end ++ ++ def resolve klassname ++ name = klassname ++ retried = false ++ ++ begin ++ path2class(name) ++ rescue ArgumentError, NameError => ex ++ unless retried ++ name = "Struct::#{name}" ++ retried = ex ++ retry ++ end ++ raise retried ++ end ++ end ++ ++ CACHE = Hash[constants.map { |const| ++ val = const_get const ++ begin ++ [val, ::Object.const_get(val)] ++ rescue ++ nil ++ end ++ }.compact] ++ ++ class Restricted < ClassLoader ++ def initialize classes, symbols ++ @classes = classes ++ @symbols = symbols ++ super() ++ end ++ ++ def symbolize sym ++ return super if @symbols.empty? ++ ++ if @symbols.include? sym ++ super ++ else ++ raise DisallowedClass, 'Symbol' ++ end ++ end ++ ++ private ++ ++ def find klassname ++ if @classes.include? klassname ++ super ++ else ++ raise DisallowedClass, klassname ++ end ++ end ++ end ++ end ++end +diff --git a/ext/psych/lib/psych/deprecated.rb b/ext/psych/lib/psych/deprecated.rb +index 1e42859b22fe..8c310b320738 100644 +--- a/ext/psych/lib/psych/deprecated.rb ++++ b/ext/psych/lib/psych/deprecated.rb +@@ -35,7 +35,8 @@ def self.detect_implicit thing + warn "#{caller[0]}: detect_implicit is deprecated" if $VERBOSE + return '' unless String === thing + return 'null' if '' == thing +- ScalarScanner.new.tokenize(thing).class.name.downcase ++ ss = ScalarScanner.new(ClassLoader.new) ++ ss.tokenize(thing).class.name.downcase + end + + def self.add_ruby_type type_tag, &block +diff --git a/ext/psych/lib/psych/exception.rb b/ext/psych/lib/psych/exception.rb +index d96c527cfba7..ce9d2caf3fb2 100644 +--- a/ext/psych/lib/psych/exception.rb ++++ b/ext/psych/lib/psych/exception.rb +@@ -4,4 +4,10 @@ class Exception < RuntimeError + + class BadAlias < Exception + end ++ ++ class DisallowedClass < Exception ++ def initialize klass_name ++ super "Tried to load unspecified class: #{klass_name}" ++ end ++ end + end +diff --git a/ext/psych/lib/psych/json/stream.rb b/ext/psych/lib/psych/json/stream.rb +index be1a0a8a8240..fe2a6e911650 100644 +--- a/ext/psych/lib/psych/json/stream.rb ++++ b/ext/psych/lib/psych/json/stream.rb +@@ -6,6 +6,7 @@ module JSON + class Stream < Psych::Visitors::JSONTree + include Psych::JSON::RubyEvents + include Psych::Streaming ++ extend Psych::Streaming::ClassMethods + + class Emitter < Psych::Stream::Emitter # :nodoc: + include Psych::JSON::YAMLEvents +diff --git a/ext/psych/lib/psych/nodes/node.rb b/ext/psych/lib/psych/nodes/node.rb +index 0cefe44e446d..83233a61fdd3 100644 +--- a/ext/psych/lib/psych/nodes/node.rb ++++ b/ext/psych/lib/psych/nodes/node.rb +@@ -1,4 +1,6 @@ + require 'stringio' ++require 'psych/class_loader' ++require 'psych/scalar_scanner' + + module Psych + module Nodes +@@ -32,7 +34,7 @@ def each &block + # + # See also Psych::Visitors::ToRuby + def to_ruby +- Visitors::ToRuby.new.accept self ++ Visitors::ToRuby.create.accept(self) + end + alias :transform :to_ruby + +diff --git a/ext/psych/lib/psych/scalar_scanner.rb b/ext/psych/lib/psych/scalar_scanner.rb +index 8aa594e3337c..5935e26b288a 100644 +--- a/ext/psych/lib/psych/scalar_scanner.rb ++++ b/ext/psych/lib/psych/scalar_scanner.rb +@@ -19,10 +19,13 @@ class ScalarScanner + |[-+]?(?:0|[1-9][0-9_]*) (?# base 10) + |[-+]?0x[0-9a-fA-F_]+ (?# base 16))$/x + ++ attr_reader :class_loader ++ + # Create a new scanner +- def initialize ++ def initialize class_loader + @string_cache = {} + @symbol_cache = {} ++ @class_loader = class_loader + end + + # Tokenize +string+ returning the ruby object +@@ -63,7 +66,7 @@ def tokenize string + when /^\d{4}-(?:1[012]|0\d|\d)-(?:[12]\d|3[01]|0\d|\d)$/ + require 'date' + begin +- Date.strptime(string, '%Y-%m-%d') ++ class_loader.date.strptime(string, '%Y-%m-%d') + rescue ArgumentError + string + end +@@ -75,9 +78,9 @@ def tokenize string + Float::NAN + when /^:./ + if string =~ /^:(["'])(.*)\1/ +- @symbol_cache[string] = $2.sub(/^:/, '').to_sym ++ @symbol_cache[string] = class_loader.symbolize($2.sub(/^:/, '')) + else +- @symbol_cache[string] = string.sub(/^:/, '').to_sym ++ @symbol_cache[string] = class_loader.symbolize(string.sub(/^:/, '')) + end + when /^[-+]?[0-9][0-9_]*(:[0-5]?[0-9])+$/ + i = 0 +@@ -117,6 +120,8 @@ def parse_int string + ### + # Parse and return a Time from +string+ + def parse_time string ++ klass = class_loader.load 'Time' ++ + date, time = *(string.split(/[ tT]/, 2)) + (yy, m, dd) = date.split('-').map { |x| x.to_i } + md = time.match(/(\d+:\d+:\d+)(?:\.(\d*))?\s*(Z|[-+]\d+(:\d\d)?)?/) +@@ -124,10 +129,10 @@ def parse_time string + (hh, mm, ss) = md[1].split(':').map { |x| x.to_i } + us = (md[2] ? Rational("0.#{md[2]}") : 0) * 1000000 + +- time = Time.utc(yy, m, dd, hh, mm, ss, us) ++ time = klass.utc(yy, m, dd, hh, mm, ss, us) + + return time if 'Z' == md[3] +- return Time.at(time.to_i, us) unless md[3] ++ return klass.at(time.to_i, us) unless md[3] + + tz = md[3].match(/^([+\-]?\d{1,2})\:?(\d{1,2})?$/)[1..-1].compact.map { |digit| Integer(digit, 10) } + offset = tz.first * 3600 +@@ -138,7 +143,7 @@ def parse_time string + offset += ((tz[1] || 0) * 60) + end + +- Time.at((time - offset).to_i, us) ++ klass.at((time - offset).to_i, us) + end + end + end +diff --git a/ext/psych/lib/psych/stream.rb b/ext/psych/lib/psych/stream.rb +index 567c1bb790f9..88c4c4cb4e18 100644 +--- a/ext/psych/lib/psych/stream.rb ++++ b/ext/psych/lib/psych/stream.rb +@@ -32,5 +32,6 @@ def streaming? + end + + include Psych::Streaming ++ extend Psych::Streaming::ClassMethods + end + end +diff --git a/ext/psych/lib/psych/streaming.rb b/ext/psych/lib/psych/streaming.rb +index c6fa109d5a61..9d94eb549f26 100644 +--- a/ext/psych/lib/psych/streaming.rb ++++ b/ext/psych/lib/psych/streaming.rb +@@ -1,10 +1,15 @@ + module Psych + module Streaming +- ### +- # Create a new streaming emitter. Emitter will print to +io+. See +- # Psych::Stream for an example. +- def initialize io +- super({}, self.class.const_get(:Emitter).new(io)) ++ module ClassMethods ++ ### ++ # Create a new streaming emitter. Emitter will print to +io+. See ++ # Psych::Stream for an example. ++ def new io ++ emitter = const_get(:Emitter).new(io) ++ class_loader = ClassLoader.new ++ ss = ScalarScanner.new class_loader ++ super(emitter, ss, {}) ++ end + end + + ### +diff --git a/ext/psych/lib/psych/visitors/json_tree.rb b/ext/psych/lib/psych/visitors/json_tree.rb +index 0350dd1faae0..0127ac8aa8c1 100644 +--- a/ext/psych/lib/psych/visitors/json_tree.rb ++++ b/ext/psych/lib/psych/visitors/json_tree.rb +@@ -5,8 +5,11 @@ module Visitors + class JSONTree < YAMLTree + include Psych::JSON::RubyEvents + +- def initialize options = {}, emitter = Psych::JSON::TreeBuilder.new +- super ++ def self.create options = {} ++ emitter = Psych::JSON::TreeBuilder.new ++ class_loader = ClassLoader.new ++ ss = ScalarScanner.new class_loader ++ new(emitter, ss, options) + end + + def accept target +diff --git a/ext/psych/lib/psych/visitors/to_ruby.rb b/ext/psych/lib/psych/visitors/to_ruby.rb +index 75c7bc0c550a..f770bb80aa3a 100644 +--- a/ext/psych/lib/psych/visitors/to_ruby.rb ++++ b/ext/psych/lib/psych/visitors/to_ruby.rb +@@ -1,4 +1,5 @@ + require 'psych/scalar_scanner' ++require 'psych/class_loader' + require 'psych/exception' + + unless defined?(Regexp::NOENCODING) +@@ -10,11 +11,20 @@ module Visitors + ### + # This class walks a YAML AST, converting each node to ruby + class ToRuby < Psych::Visitors::Visitor +- def initialize ss = ScalarScanner.new ++ def self.create ++ class_loader = ClassLoader.new ++ scanner = ScalarScanner.new class_loader ++ new(scanner, class_loader) ++ end ++ ++ attr_reader :class_loader ++ ++ def initialize ss, class_loader + super() + @st = {} + @ss = ss + @domain_types = Psych.domain_types ++ @class_loader = class_loader + end + + def accept target +@@ -33,7 +43,7 @@ def accept target + end + + def deserialize o +- if klass = Psych.load_tags[o.tag] ++ if klass = resolve_class(Psych.load_tags[o.tag]) + instance = klass.allocate + + if instance.respond_to?(:init_with) +@@ -60,19 +70,23 @@ def deserialize o + end + when '!ruby/object:BigDecimal' + require 'bigdecimal' +- BigDecimal._load o.value ++ class_loader.big_decimal._load o.value + when "!ruby/object:DateTime" ++ class_loader.date_time + require 'date' + @ss.parse_time(o.value).to_datetime + when "!ruby/object:Complex" ++ class_loader.complex + Complex(o.value) + when "!ruby/object:Rational" ++ class_loader.rational + Rational(o.value) + when "!ruby/class", "!ruby/module" + resolve_class o.value + when "tag:yaml.org,2002:float", "!float" + Float(@ss.tokenize(o.value)) + when "!ruby/regexp" ++ klass = class_loader.regexp + o.value =~ /^\/(.*)\/([mixn]*)$/ + source = $1 + options = 0 +@@ -86,15 +100,16 @@ def deserialize o + else lang = option + end + end +- Regexp.new(*[source, options, lang].compact) ++ klass.new(*[source, options, lang].compact) + when "!ruby/range" ++ klass = class_loader.range + args = o.value.split(/([.]{2,3})/, 2).map { |s| + accept Nodes::Scalar.new(s) + } + args.push(args.delete_at(1) == '...') +- Range.new(*args) ++ klass.new(*args) + when /^!ruby\/sym(bol)?:?(.*)?$/ +- o.value.to_sym ++ class_loader.symbolize o.value + else + @ss.tokenize o.value + end +@@ -106,7 +121,7 @@ def visit_Psych_Nodes_Scalar o + end + + def visit_Psych_Nodes_Sequence o +- if klass = Psych.load_tags[o.tag] ++ if klass = resolve_class(Psych.load_tags[o.tag]) + instance = klass.allocate + + if instance.respond_to?(:init_with) +@@ -138,22 +153,24 @@ def visit_Psych_Nodes_Sequence o + end + + def visit_Psych_Nodes_Mapping o +- return revive(Psych.load_tags[o.tag], o) if Psych.load_tags[o.tag] ++ if Psych.load_tags[o.tag] ++ return revive(resolve_class(Psych.load_tags[o.tag]), o) ++ end + return revive_hash({}, o) unless o.tag + + case o.tag + when /^!ruby\/struct:?(.*)?$/ +- klass = resolve_class($1) ++ klass = resolve_class($1) if $1 + + if klass + s = register(o, klass.allocate) + + members = {} +- struct_members = s.members.map { |x| x.to_sym } ++ struct_members = s.members.map { |x| class_loader.symbolize x } + o.children.each_slice(2) do |k,v| + member = accept(k) + value = accept(v) +- if struct_members.include?(member.to_sym) ++ if struct_members.include?(class_loader.symbolize(member)) + s.send("#{member}=", value) + else + members[member.to_s.sub(/^@/, '')] = value +@@ -161,22 +178,27 @@ def visit_Psych_Nodes_Mapping o + end + init_with(s, members, o) + else ++ klass = class_loader.struct + members = o.children.map { |c| accept c } + h = Hash[*members] +- Struct.new(*h.map { |k,v| k.to_sym }).new(*h.map { |k,v| v }) ++ klass.new(*h.map { |k,v| ++ class_loader.symbolize k ++ }).new(*h.map { |k,v| v }) + end + + when /^!ruby\/object:?(.*)?$/ + name = $1 || 'Object' + + if name == 'Complex' ++ class_loader.complex + h = Hash[*o.children.map { |c| accept c }] + register o, Complex(h['real'], h['image']) + elsif name == 'Rational' ++ class_loader.rational + h = Hash[*o.children.map { |c| accept c }] + register o, Rational(h['numerator'], h['denominator']) + else +- obj = revive((resolve_class(name) || Object), o) ++ obj = revive((resolve_class(name) || class_loader.object), o) + obj + end + +@@ -204,18 +226,19 @@ def visit_Psych_Nodes_Mapping o + list + + when '!ruby/range' ++ klass = class_loader.range + h = Hash[*o.children.map { |c| accept c }] +- register o, Range.new(h['begin'], h['end'], h['excl']) ++ register o, klass.new(h['begin'], h['end'], h['excl']) + + when /^!ruby\/exception:?(.*)?$/ + h = Hash[*o.children.map { |c| accept c }] + +- e = build_exception((resolve_class($1) || Exception), ++ e = build_exception((resolve_class($1) || class_loader.exception), + h.delete('message')) + init_with(e, h, o) + + when '!set', 'tag:yaml.org,2002:set' +- set = Psych::Set.new ++ set = class_loader.psych_set.new + @st[o.anchor] = set if o.anchor + o.children.each_slice(2) do |k,v| + set[accept(k)] = accept(v) +@@ -226,7 +249,7 @@ def visit_Psych_Nodes_Mapping o + revive_hash resolve_class($1).new, o + + when '!omap', 'tag:yaml.org,2002:omap' +- map = register(o, Psych::Omap.new) ++ map = register(o, class_loader.psych_omap.new) + o.children.each_slice(2) do |l,r| + map[accept(l)] = accept r + end +@@ -326,21 +349,13 @@ def init_with o, h, node + + # Convert +klassname+ to a Class + def resolve_class klassname +- return nil unless klassname and not klassname.empty? +- +- name = klassname +- retried = false +- +- begin +- path2class(name) +- rescue ArgumentError, NameError => ex +- unless retried +- name = "Struct::#{name}" +- retried = ex +- retry +- end +- raise retried +- end ++ class_loader.load klassname ++ end ++ end ++ ++ class NoAliasRuby < ToRuby ++ def visit_Psych_Nodes_Alias o ++ raise BadAlias, "Unknown alias: #{o.anchor}" + end + end + end +diff --git a/ext/psych/lib/psych/visitors/yaml_tree.rb b/ext/psych/lib/psych/visitors/yaml_tree.rb +index 96640e026719..ddd745b34a9c 100644 +--- a/ext/psych/lib/psych/visitors/yaml_tree.rb ++++ b/ext/psych/lib/psych/visitors/yaml_tree.rb +@@ -1,3 +1,7 @@ ++require 'psych/tree_builder' ++require 'psych/scalar_scanner' ++require 'psych/class_loader' ++ + module Psych + module Visitors + ### +@@ -36,7 +40,14 @@ def node_for target + alias :finished? :finished + alias :started? :started + +- def initialize options = {}, emitter = TreeBuilder.new, ss = ScalarScanner.new ++ def self.create options = {}, emitter = nil ++ emitter ||= TreeBuilder.new ++ class_loader = ClassLoader.new ++ ss = ScalarScanner.new class_loader ++ new(emitter, ss, options) ++ end ++ ++ def initialize emitter, ss, options + super() + @started = false + @finished = false +diff --git a/ext/psych/psych_to_ruby.c b/ext/psych/psych_to_ruby.c +index ed5245e12e7a..3cc87a965ec1 100644 +--- a/ext/psych/psych_to_ruby.c ++++ b/ext/psych/psych_to_ruby.c +@@ -31,11 +31,13 @@ static VALUE path2class(VALUE self, VALUE path) + void Init_psych_to_ruby(void) + { + VALUE psych = rb_define_module("Psych"); ++ VALUE class_loader = rb_define_class_under(psych, "ClassLoader", rb_cObject); ++ + VALUE visitors = rb_define_module_under(psych, "Visitors"); + VALUE visitor = rb_define_class_under(visitors, "Visitor", rb_cObject); + cPsychVisitorsToRuby = rb_define_class_under(visitors, "ToRuby", visitor); + + rb_define_private_method(cPsychVisitorsToRuby, "build_exception", build_exception, 2); +- rb_define_private_method(cPsychVisitorsToRuby, "path2class", path2class, 1); ++ rb_define_private_method(class_loader, "path2class", path2class, 1); + } + /* vim: set noet sws=4 sw=4: */ +diff --git a/test/psych/helper.rb b/test/psych/helper.rb +index 77ab0bb9d71c..f9b73cf5b588 100644 +--- a/test/psych/helper.rb ++++ b/test/psych/helper.rb +@@ -31,7 +31,7 @@ def assert_parse_only( obj, yaml ) + end + + def assert_cycle( obj ) +- v = Visitors::YAMLTree.new ++ v = Visitors::YAMLTree.create + v << obj + assert_equal(obj, Psych.load(v.tree.yaml)) + assert_equal( obj, Psych::load(Psych.dump(obj))) +diff --git a/test/psych/test_safe_load.rb b/test/psych/test_safe_load.rb +new file mode 100644 +index 000000000000..dd299c0ebf40 +--- /dev/null ++++ b/test/psych/test_safe_load.rb +@@ -0,0 +1,97 @@ ++require 'psych/helper' ++ ++module Psych ++ class TestSafeLoad < TestCase ++ class Foo; end ++ ++ [1, 2.2, {}, [], "foo"].each do |obj| ++ define_method(:"test_basic_#{obj.class}") do ++ assert_safe_cycle obj ++ end ++ end ++ ++ def test_no_recursion ++ x = [] ++ x << x ++ assert_raises(Psych::BadAlias) do ++ Psych.safe_load Psych.dump(x) ++ end ++ end ++ ++ def test_explicit_recursion ++ x = [] ++ x << x ++ assert_equal(x, Psych.safe_load(Psych.dump(x), [], [], true)) ++ end ++ ++ def test_symbol_whitelist ++ yml = Psych.dump :foo ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load yml ++ end ++ assert_equal(:foo, Psych.safe_load(yml, [Symbol], [:foo])) ++ end ++ ++ def test_symbol ++ assert_raises(Psych::DisallowedClass) do ++ assert_safe_cycle :foo ++ end ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load '--- !ruby/symbol foo', [] ++ end ++ assert_safe_cycle :foo, [Symbol] ++ assert_safe_cycle :foo, %w{ Symbol } ++ assert_equal :foo, Psych.safe_load('--- !ruby/symbol foo', [Symbol]) ++ end ++ ++ def test_foo ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load '--- !ruby/object:Foo {}', [Foo] ++ end ++ assert_raises(Psych::DisallowedClass) do ++ assert_safe_cycle Foo.new ++ end ++ assert_kind_of(Foo, Psych.safe_load(Psych.dump(Foo.new), [Foo])) ++ end ++ ++ X = Struct.new(:x) ++ def test_struct_depends_on_sym ++ assert_safe_cycle(X.new, [X, Symbol]) ++ assert_raises(Psych::DisallowedClass) do ++ cycle X.new, [X] ++ end ++ end ++ ++ def test_anon_struct ++ assert Psych.safe_load(<<-eoyml, [Struct, Symbol]) ++--- !ruby/struct ++ foo: bar ++ eoyml ++ ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load(<<-eoyml, [Struct]) ++--- !ruby/struct ++ foo: bar ++ eoyml ++ end ++ ++ assert_raises(Psych::DisallowedClass) do ++ Psych.safe_load(<<-eoyml, [Symbol]) ++--- !ruby/struct ++ foo: bar ++ eoyml ++ end ++ end ++ ++ private ++ ++ def cycle object, whitelist = [] ++ Psych.safe_load(Psych.dump(object), whitelist) ++ end ++ ++ def assert_safe_cycle object, whitelist = [] ++ other = cycle object, whitelist ++ assert_equal object, other ++ end ++ end ++end +diff --git a/test/psych/test_scalar_scanner.rb b/test/psych/test_scalar_scanner.rb +index a7bf17c912b6..e8e423cb053d 100644 +--- a/test/psych/test_scalar_scanner.rb ++++ b/test/psych/test_scalar_scanner.rb +@@ -7,7 +7,7 @@ class TestScalarScanner < TestCase + + def setup + super +- @ss = Psych::ScalarScanner.new ++ @ss = Psych::ScalarScanner.new ClassLoader.new + end + + def test_scan_time +diff --git a/test/psych/visitors/test_to_ruby.rb b/test/psych/visitors/test_to_ruby.rb +index 022cc2d2d4ea..c13d980468d4 100644 +--- a/test/psych/visitors/test_to_ruby.rb ++++ b/test/psych/visitors/test_to_ruby.rb +@@ -6,7 +6,7 @@ module Visitors + class TestToRuby < TestCase + def setup + super +- @visitor = ToRuby.new ++ @visitor = ToRuby.create + end + + def test_object +@@ -88,7 +88,7 @@ def test_anon_struct + end + + def test_exception +- exc = Exception.new 'hello' ++ exc = ::Exception.new 'hello' + + mapping = Nodes::Mapping.new nil, '!ruby/exception' + mapping.children << Nodes::Scalar.new('message') +diff --git a/test/psych/visitors/test_yaml_tree.rb b/test/psych/visitors/test_yaml_tree.rb +index 496cdd05cc34..40702bce796f 100644 +--- a/test/psych/visitors/test_yaml_tree.rb ++++ b/test/psych/visitors/test_yaml_tree.rb +@@ -5,7 +5,7 @@ module Visitors + class TestYAMLTree < TestCase + def setup + super +- @v = Visitors::YAMLTree.new ++ @v = Visitors::YAMLTree.create + end + + def test_tree_can_be_called_twice +@@ -18,7 +18,7 @@ def test_tree_can_be_called_twice + def test_yaml_tree_can_take_an_emitter + io = StringIO.new + e = Psych::Emitter.new io +- v = Visitors::YAMLTree.new({}, e) ++ v = Visitors::YAMLTree.create({}, e) + v.start + v << "hello world" + v.finish diff --git a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch new file mode 100644 index 0000000..69ed4e4 --- /dev/null +++ b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch @@ -0,0 +1,43 @@ +diff --git a/Makefile.in b/Makefile.in +index a93a1e6..fb30c19 100644 +--- a/Makefile.in ++++ b/Makefile.in +@@ -111,6 +111,7 @@ XRUBY_RUBYLIBDIR = @XRUBY_RUBYLIBDIR@ + XRUBY_RUBYHDRDIR = @XRUBY_RUBYHDRDIR@ + + DEFAULT_PRELUDES = $(@USE_RUBYGEMS@_GEM_PRELUDE) ++OPTIONAL_PRELUDES = @OPTIONAL_PRELUDES@ + + #### End of system configuration section. #### + +diff --git a/common.mk b/common.mk +index e5069e5..ca5e3f9 100644 +--- a/common.mk ++++ b/common.mk +@@ -107,7 +107,7 @@ ALLOBJS = $(NORMALMAINOBJ) $(MINIOBJS) $(COMMONOBJS) $(DMYEXT) + + GOLFOBJS = goruby.$(OBJEXT) golf_prelude.$(OBJEXT) + +-PRELUDE_SCRIPTS = $(srcdir)/prelude.rb $(srcdir)/enc/prelude.rb $(DEFAULT_PRELUDES) ++PRELUDE_SCRIPTS = $(srcdir)/prelude.rb $(srcdir)/enc/prelude.rb $(DEFAULT_PRELUDES) $(OPTIONAL_PRELUDES) + GEM_PRELUDE = $(srcdir)/gem_prelude.rb + YES_GEM_PRELUDE = $(GEM_PRELUDE) + NO_GEM_PRELUDE = +diff --git a/configure.in b/configure.in +index 7977aaf..1ef42cd 100644 +--- a/configure.in ++++ b/configure.in +@@ -3559,6 +3559,13 @@ AC_SUBST(rubyarchhdrdir)dnl + AC_SUBST(sitearchhdrdir)dnl + AC_SUBST(vendorarchhdrdir)dnl + ++AC_ARG_WITH(prelude, ++ AS_HELP_STRING([--with-prelude=FILE-LIST], [specify additional preludes separated by space]), ++ [prelude=$withval]) ++if test "$prelude" != ""; then ++ AC_SUBST(OPTIONAL_PRELUDES, $prelude) ++fi ++ + AC_ARG_WITH(mantype, + AS_HELP_STRING([--with-mantype=TYPE], [specify man page type; TYPE is one of man and doc]), + [ diff --git a/SOURCES/ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch b/SOURCES/ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch new file mode 100644 index 0000000..f103780 --- /dev/null +++ b/SOURCES/ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch @@ -0,0 +1,84 @@ +Index: ChangeLog +=================================================================== +--- ChangeLog (revision 46805) ++++ ChangeLog (revision 46806) +@@ -837,6 +837,11 @@ + * array.c (rb_ary_permutation): `p` is the array of size `r`, as + commented at permute0(). since `n >= r` here, buffer overflow + never happened, just reduce unnecessary allocation though. ++ ++Sun Jul 13 22:52:43 2014 Nobuyoshi Nakada ++ ++ * pack.c (encodes): fix buffer overrun by tail_lf. Thanks to ++ Mamoru Tasaka and Tomas Hoger. [ruby-core:63604] [Bug #10019] + + Mon Jul 7 13:05:04 2014 SHIBATA Hiroshi + +Index: pack.c +=================================================================== +--- pack.c (revision 46805) ++++ pack.c (revision 46806) +@@ -1088,7 +1088,8 @@ + static void + encodes(VALUE str, const char *s, long len, int type, int tail_lf) + { +- char buff[4096]; ++ enum {buff_size = 4096, encoded_unit = 4}; ++ char buff[buff_size + 1]; /* +1 for tail_lf */ + long i = 0; + const char *trans = type == 'u' ? uu_table : b64_table; + char padding; +@@ -1101,7 +1102,7 @@ + padding = '='; + } + while (len >= 3) { +- while (len >= 3 && sizeof(buff)-i >= 4) { ++ while (len >= 3 && buff_size-i >= encoded_unit) { + buff[i++] = trans[077 & (*s >> 2)]; + buff[i++] = trans[077 & (((*s << 4) & 060) | ((s[1] >> 4) & 017))]; + buff[i++] = trans[077 & (((s[1] << 2) & 074) | ((s[2] >> 6) & 03))]; +@@ -1109,7 +1110,7 @@ + s += 3; + len -= 3; + } +- if (sizeof(buff)-i < 4) { ++ if (buff_size-i < encoded_unit) { + rb_str_buf_cat(str, buff, i); + i = 0; + } +@@ -1129,6 +1130,7 @@ + } + if (tail_lf) buff[i++] = '\n'; + rb_str_buf_cat(str, buff, i); ++ if ((size_t)i > sizeof(buff)) rb_bug("encodes() buffer overrun"); + } + + static const char hex_table[] = "0123456789ABCDEF"; +Index: test/ruby/test_pack.rb +=================================================================== +--- test/ruby/test_pack.rb (revision 46805) ++++ test/ruby/test_pack.rb (revision 46806) +@@ -537,6 +537,14 @@ + assert_equal(["\377"], "/w==\n".unpack("m")) + assert_equal(["\377\377"], "//8=\n".unpack("m")) + assert_equal(["\377\377\377"], "////\n".unpack("m")) ++ ++ bug10019 = '[ruby-core:63604] [Bug #10019]' ++ size = ((4096-4)/4*3+1) ++ assert_separately(%W[- #{size} #{bug10019}], <<-'end;') ++ size = ARGV.shift.to_i ++ bug = ARGV.shift ++ assert_equal(size, ["a"*size].pack("m#{size+2}").unpack("m")[0].size, bug) ++ end; + end + + def test_pack_unpack_m0 +Index: . +=================================================================== +--- . (revision 46805) ++++ . (revision 46806) + +Property changes on: . +___________________________________________________________________ +Modified: svn:mergeinfo + Merged /trunk:r46778 diff --git a/SOURCES/ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch b/SOURCES/ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch new file mode 100644 index 0000000..43a954b --- /dev/null +++ b/SOURCES/ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch @@ -0,0 +1,64 @@ +From 59ed302965c5e38526ad33b13d8361859c5e7726 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Sat, 30 Nov 2013 04:28:15 +0000 +Subject: [PATCH] siphash.c: fix missing condition + +* siphash.c (sip_hash24): fix for aligned word access little endian + platforms. [ruby-core:58658] [Bug #9172] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43928 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 5 +++++ + siphash.c | 4 ++-- + test/ruby/test_string.rb | 2 ++ + 3 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index f732f5c..1e803ff 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++Sat Nov 30 13:28:13 2013 Nobuyoshi Nakada ++ ++ * siphash.c (sip_hash24): fix for aligned word access little endian ++ platforms. [ruby-core:58658] [Bug #9172] ++ + Fri Apr 22 21:00:44 2016 Tanaka Akira + + * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow removed + +diff --git a/siphash.c b/siphash.c +index 2018ade..cd8ba62 100644 +--- a/siphash.c ++++ b/siphash.c +@@ -417,7 +417,7 @@ sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len) + SIP_2_ROUND(m, v0, v1, v2, v3); + } + } +-#elif BYTE_ORDER == BIG_ENDIAN ++#else + for (; data != end; data += sizeof(uint64_t)) { + m = U8TO64_LE(data); + SIP_2_ROUND(m, v0, v1, v2, v3); +@@ -453,7 +453,7 @@ sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len) + last.lo |= ((uint32_t *) end)[0]; + #endif + break; +-#elif BYTE_ORDER == BIG_ENDIAN ++#else + OR_BYTE(3); + #endif + case 3: +diff --git a/test/ruby/test_string.rb b/test/ruby/test_string.rb +index 2ff8458..7ce1c06 100644 +--- a/test/ruby/test_string.rb ++++ b/test/ruby/test_string.rb +@@ -895,6 +895,8 @@ class TestString < Test::Unit::TestCase + assert(S("hello").hash != S("helLO").hash) + bug4104 = '[ruby-core:33500]' + assert_not_equal(S("a").hash, S("a\0").hash, bug4104) ++ bug9172 = '[ruby-core:58658] [Bug #9172]' ++ assert_not_equal(S("sub-setter").hash, S("discover").hash, bug9172) + end + + def test_hash_random diff --git a/SOURCES/ruby-2.1.0-fix-hostname-size-limit.patch b/SOURCES/ruby-2.1.0-fix-hostname-size-limit.patch new file mode 100644 index 0000000..6a08bcf --- /dev/null +++ b/SOURCES/ruby-2.1.0-fix-hostname-size-limit.patch @@ -0,0 +1,68 @@ +From e41ee7cf3347ced6e689c198dbf3c5900009d70f Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 25 Feb 2016 10:58:02 +0000 +Subject: [PATCH] merge revision(s) 53677: [Backport #11877] + + * ext/socket/socket.c (sock_gethostname): support unlimited size + hostname. + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_1@53936 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 5 +++++ + ext/socket/socket.c | 26 ++++++++++++++++++++------ + version.h | 2 +- + 3 files changed, 26 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index f407b73..2216dd4 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++Thu Feb 25 19:49:31 2016 Nobuyoshi Nakada ++ ++ * ext/socket/socket.c (sock_gethostname): support unlimited size ++ hostname. ++ + Sat Feb 13 17:11:58 2016 Fabian Wiesel + + * lib/uri/generic.rb (find_proxy): exclude white-spaces and allow +diff --git a/ext/socket/socket.c b/ext/socket/socket.c +index 0592432..13006ab 100644 +--- a/ext/socket/socket.c ++++ b/ext/socket/socket.c +@@ -898,14 +898,28 @@ sock_gethostname(VALUE obj) + #ifndef HOST_NAME_MAX + # define HOST_NAME_MAX 1024 + #endif +- char buf[HOST_NAME_MAX+1]; ++ long len = HOST_NAME_MAX; ++ VALUE name; + + rb_secure(3); +- if (gethostname(buf, (int)sizeof buf - 1) < 0) +- rb_sys_fail("gethostname"); +- +- buf[sizeof buf - 1] = '\0'; +- return rb_str_new2(buf); ++ name = rb_str_new(0, len); ++ while (gethostname(RSTRING_PTR(name), len) < 0) { ++ int e = errno; ++ switch (e) { ++ case ENAMETOOLONG: ++#ifdef __linux__ ++ case EINVAL: ++ /* glibc before version 2.1 uses EINVAL instead of ENAMETOOLONG */ ++#endif ++ break; ++ default: ++ rb_syserr_fail(e, "gethostname(3)"); ++ } ++ rb_str_modify_expand(name, len); ++ len += len; ++ } ++ rb_str_resize(name, strlen(RSTRING_PTR(name))); ++ return name; + } + #else + #ifdef HAVE_UNAME diff --git a/SOURCES/ruby-2.1.0-there-should-be-only-one-exception.patch b/SOURCES/ruby-2.1.0-there-should-be-only-one-exception.patch new file mode 100644 index 0000000..e9b6995 --- /dev/null +++ b/SOURCES/ruby-2.1.0-there-should-be-only-one-exception.patch @@ -0,0 +1,93 @@ +From 476a62fbbec0c8b7dafb74827447cfb4ebd7dd06 Mon Sep 17 00:00:00 2001 +From: tenderlove +Date: Fri, 5 Apr 2013 17:55:53 +0000 +Subject: [PATCH] * ext/psych/lib/psych/exception.rb: there should be only one + exception base class. Fixes tenderlove/psych #125 * ext/psych/lib/psych.rb: + require the correct exception class * ext/psych/lib/psych/syntax_error.rb: + ditto * ext/psych/lib/psych/visitors/to_ruby.rb: ditto + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@40139 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 8 ++++++++ + ext/psych/lib/psych.rb | 6 ------ + ext/psych/lib/psych/exception.rb | 7 +++++++ + ext/psych/lib/psych/syntax_error.rb | 7 +++---- + ext/psych/lib/psych/visitors/to_ruby.rb | 1 + + 5 files changed, 19 insertions(+), 10 deletions(-) + create mode 100644 ext/psych/lib/psych/exception.rb + +diff --git a/ChangeLog b/ChangeLog +index f0dba22e9c27..304ecaba2854 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -3666,6 +3666,14 @@ + * gc.c: Improve accuracy of objspace_live_num() and + allocated/freed counters. patched by tmm1(Aman Gupta). + [Bug #8092] [ruby-core:53392] ++ ++Sat Apr 6 02:54:08 2013 Aaron Patterson ++ ++ * ext/psych/lib/psych/exception.rb: there should be only one exception ++ base class. Fixes tenderlove/psych #125 ++ * ext/psych/lib/psych.rb: require the correct exception class ++ * ext/psych/lib/psych/syntax_error.rb: ditto ++ * ext/psych/lib/psych/visitors/to_ruby.rb: ditto + + Fri Apr 5 00:54:08 2013 NARUSE, Yui + +diff --git a/ext/psych/lib/psych.rb b/ext/psych/lib/psych.rb +index 3ca611748473..7d7d2bfb00f4 100644 +--- a/ext/psych/lib/psych.rb ++++ b/ext/psych/lib/psych.rb +@@ -100,12 +100,6 @@ module Psych + # The version of libyaml Psych is using + LIBYAML_VERSION = Psych.libyaml_version.join '.' + +- class Exception < RuntimeError +- end +- +- class BadAlias < Exception +- end +- + ### + # Load +yaml+ in to a Ruby data structure. If multiple documents are + # provided, the object contained in the first document will be returned. +diff --git a/ext/psych/lib/psych/exception.rb b/ext/psych/lib/psych/exception.rb +new file mode 100644 +index 000000000000..d96c527cfba7 +--- /dev/null ++++ b/ext/psych/lib/psych/exception.rb +@@ -0,0 +1,7 @@ ++module Psych ++ class Exception < RuntimeError ++ end ++ ++ class BadAlias < Exception ++ end ++end +diff --git a/ext/psych/lib/psych/syntax_error.rb b/ext/psych/lib/psych/syntax_error.rb +index f972256f9e37..e200ef006067 100644 +--- a/ext/psych/lib/psych/syntax_error.rb ++++ b/ext/psych/lib/psych/syntax_error.rb +@@ -1,8 +1,7 @@ +-module Psych +- class Error < RuntimeError +- end ++require 'psych/exception' + +- class SyntaxError < Error ++module Psych ++ class SyntaxError < Psych::Exception + attr_reader :file, :line, :column, :offset, :problem, :context + + def initialize file, line, col, offset, problem, context +diff --git a/ext/psych/lib/psych/visitors/to_ruby.rb b/ext/psych/lib/psych/visitors/to_ruby.rb +index b59bc3883070..75c7bc0c550a 100644 +--- a/ext/psych/lib/psych/visitors/to_ruby.rb ++++ b/ext/psych/lib/psych/visitors/to_ruby.rb +@@ -1,4 +1,5 @@ + require 'psych/scalar_scanner' ++require 'psych/exception' + + unless defined?(Regexp::NOENCODING) + Regexp::NOENCODING = 32 diff --git a/SOURCES/ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch b/SOURCES/ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch new file mode 100644 index 0000000..c41d254 --- /dev/null +++ b/SOURCES/ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch @@ -0,0 +1,33 @@ +From 428791543be9e13af9426970f5796f3157dd30a0 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Tue, 9 Dec 2014 01:16:27 +0000 +Subject: [PATCH] thread.c: get rid of invalid ID symbol + +* eval.c (rb_frame_last_func): return the most recent frame method + name. +* thread.c (recursive_list_access): use the last method name, + instead of the current method name which can be unset in some + cases, not to use a symbol by the invalid ID. + [ruby-core:66742] [Bug #10579] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@48744 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 10 ++++++++++ + eval.c | 13 +++++++++++++ + test/ruby/test_objectspace.rb | 7 +++++++ + thread.c | 5 ++++- + 4 files changed, 34 insertions(+), 1 deletion(-) + +diff --git a/thread.c b/thread.c +index 25cc214..360c6cb 100644 +--- a/thread.c ++++ b/thread.c +@@ -4671,6 +4671,8 @@ threadptr_recursive_hash_set(rb_thread_t *th, VALUE hash) + /* variables for recursive traversals */ + static ID recursive_key; + ++ID rb_frame_last_func(void); ++ + /* + * Returns the current "recursive list" used to detect recursion. + * This list is a hash table, unique for the current thread and for diff --git a/SOURCES/ruby-2.2.10-fix-dir.c-check-nul-bytes.patch b/SOURCES/ruby-2.2.10-fix-dir.c-check-nul-bytes.patch new file mode 100644 index 0000000..b1922c4 --- /dev/null +++ b/SOURCES/ruby-2.2.10-fix-dir.c-check-nul-bytes.patch @@ -0,0 +1,98 @@ +From 85b582da9260df77669409f0859ef253712ae115 Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 28 Mar 2018 14:27:51 +0000 +Subject: [PATCH] merge revision(s) 62989: + + dir.c: check NUL bytes + + * dir.c (GlobPathValue): should be used in rb_push_glob only. + other methods should use FilePathValue. + https://hackerone.com/reports/302338 + + * dir.c (rb_push_glob): expand GlobPathValue + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63015 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + dir.c | 22 ++++++++++------------ + test/ruby/test_dir.rb | 4 ++++ + 2 files changed, 14 insertions(+), 12 deletions(-) + +diff --git a/dir.c b/dir.c +index 7d61b61fdb..a65c1deeea 100644 +--- a/dir.c ++++ b/dir.c +@@ -356,15 +356,6 @@ static const rb_data_type_t dir_data_type = { + + static VALUE dir_close(VALUE); + +-#define GlobPathValue(str, safe) \ +- /* can contain null bytes as separators */ \ +- (!RB_TYPE_P((str), T_STRING) ? \ +- (void)FilePathValue(str) : \ +- (void)(check_safe_glob((str), (safe)), \ +- check_glob_encoding(str), (str))) +-#define check_safe_glob(str, safe) ((safe) ? rb_check_safe_obj(str) : (void)0) +-#define check_glob_encoding(str) rb_enc_check((str), rb_enc_from_encoding(rb_usascii_encoding())) +- + static VALUE + dir_s_alloc(VALUE klass) + { +@@ -406,7 +397,7 @@ dir_initialize(int argc, VALUE *argv, VALUE dir) + } + } + +- GlobPathValue(dirname, FALSE); ++ FilePathValue(dirname); + orig = rb_str_dup_frozen(dirname); + dirname = rb_str_encode_ospath(dirname); + dirname = rb_str_dup_frozen(dirname); +@@ -1711,7 +1702,14 @@ rb_push_glob(VALUE str, int flags) /* '\0' is delimiter */ + long offset = 0; + VALUE ary; + +- GlobPathValue(str, TRUE); ++ /* can contain null bytes as separators */ ++ if (!RB_TYPE_P((str), T_STRING)) { ++ FilePathValue(str); ++ } ++ else { ++ rb_check_safe_obj(str); ++ rb_enc_check(str, rb_enc_from_encoding(rb_usascii_encoding())); ++ } + ary = rb_ary_new(); + + while (offset < RSTRING_LEN(str)) { +@@ -1741,7 +1739,7 @@ dir_globs(long argc, VALUE *argv, int flags) + for (i = 0; i < argc; ++i) { + int status; + VALUE str = argv[i]; +- GlobPathValue(str, TRUE); ++ FilePathValue(str); + status = push_glob(ary, str, flags); + if (status) GLOB_JUMP_TAG(status); + } +diff --git a/test/ruby/test_dir.rb b/test/ruby/test_dir.rb +index 2ad6bdefcb..7624836ff4 100644 +--- a/test/ruby/test_dir.rb ++++ b/test/ruby/test_dir.rb +@@ -164,6 +164,9 @@ class TestDir < Test::Unit::TestCase + + assert_equal([File.join(@root, "a")], Dir.glob(File.join(@root, 'a\\'))) + assert_equal((?a..?f).map {|f| File.join(@root, f) }.sort, Dir.glob(File.join(@root, '[abc/def]')).sort) ++ assert_raise(ArgumentError) { ++ Dir.glob([[@root, File.join(@root, "*")].join("\0")]) ++ } + end + + def test_glob_recursive +@@ -194,6 +197,7 @@ class TestDir < Test::Unit::TestCase + + def test_foreach + assert_equal(Dir.foreach(@root).to_a.sort, %w(. ..) + (?a..?z).to_a) ++ assert_raise(ArgumentError) {Dir.foreach(@root+"\0").to_a} + end + + def test_dir_enc +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.10-fix-socket-creation-by_null-byte.patch b/SOURCES/ruby-2.2.10-fix-socket-creation-by_null-byte.patch new file mode 100644 index 0000000..7a3331d --- /dev/null +++ b/SOURCES/ruby-2.2.10-fix-socket-creation-by_null-byte.patch @@ -0,0 +1,87 @@ +From 7fb67f8be47706af6380cd251a2666d6969aa6f1 Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 28 Mar 2018 14:36:23 +0000 +Subject: [PATCH] merge revision(s) 62991,63000: + + unixsocket.c: check NUL bytes + + * ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes. + https://hackerone.com/reports/302997 + + unixsocket.c: abstract namespace + + * ext/socket/unixsocket.c (unixsock_path_value): fix r62991 for + Linux abstract namespace. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63018 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ext/socket/unixsocket.c | 24 +++++++++++++++++++++++- + test/socket/test_unix.rb | 10 ++++++++++ + 2 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/ext/socket/unixsocket.c b/ext/socket/unixsocket.c +index 75da9c1a78..6d68138af4 100644 +--- a/ext/socket/unixsocket.c ++++ b/ext/socket/unixsocket.c +@@ -25,6 +25,28 @@ unixsock_connect_internal(VALUE a) + arg->sockaddrlen, 0); + } + ++static VALUE ++unixsock_path_value(VALUE path) ++{ ++#ifdef __linux__ ++#define TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE 0 ++ ++ VALUE name = path; ++#if TO_STR_FOR_LINUX_ABSTRACT_NAMESPACE ++ const int isstr = !NIL_P(name = rb_check_string_type(name)); ++#else ++ const int isstr = RB_TYPE_P(name, T_STRING); ++#endif ++ if (isstr) { ++ if (RSTRING_LEN(name) == 0 || RSTRING_PTR(name)[0] == '\0') { ++ rb_check_safe_obj(name); ++ return name; /* ignore encoding */ ++ } ++ } ++#endif ++ return rb_get_path(path); ++} ++ + VALUE + rsock_init_unixsock(VALUE sock, VALUE path, int server) + { +@@ -33,7 +55,7 @@ rsock_init_unixsock(VALUE sock, VALUE path, int server) + int fd, status; + rb_io_t *fptr; + +- SafeStringValue(path); ++ path = unixsock_path_value(path); + fd = rsock_socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + rb_sys_fail("socket(2)"); +diff --git a/test/socket/test_unix.rb b/test/socket/test_unix.rb +index eae236a60b..aef23141b8 100644 +--- a/test/socket/test_unix.rb ++++ b/test/socket/test_unix.rb +@@ -253,6 +253,16 @@ class TestSocket_UNIXSocket < Test::Unit::TestCase + File.unlink path if path && File.socket?(path) + end + ++ def test_open_nul_byte ++ tmpfile = Tempfile.new("s") ++ path = tmpfile.path ++ tmpfile.close(true) ++ assert_raise(ArgumentError) {UNIXServer.open(path+"\0")} ++ assert_raise(ArgumentError) {UNIXSocket.open(path+"\0")} ++ ensure ++ File.unlink path if path && File.socket?(path) ++ end ++ + def test_addr + bound_unix_socket(UNIXServer) {|serv, path| + c = UNIXSocket.new(path) +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name-tests.patch b/SOURCES/ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name-tests.patch new file mode 100644 index 0000000..7bf57fc --- /dev/null +++ b/SOURCES/ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name-tests.patch @@ -0,0 +1,44 @@ +diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb +index b6790a06af..68de345116 100644 +--- a/test/test_tempfile.rb ++++ b/test/test_tempfile.rb +@@ -320,18 +320,19 @@ puts Tempfile.new('foo').path + end + end + +- def test_create_with_block ++ def test_open_with_block + path = nil +- Tempfile.create("tempfile-create") {|f| ++ Tempfile.open("tempfile-create") {|f| + path = f.path + assert(File.exist?(path)) + } +- assert(!File.exist?(path)) ++ assert(File.exist?(path)) ++ File.unlink path + end + +- def test_create_without_block ++ def test_open_without_block + path = nil +- f = Tempfile.create("tempfile-create") ++ f = Tempfile.open("tempfile-create") + path = f.path + assert(File.exist?(path)) + f.close +@@ -360,11 +361,4 @@ puts Tempfile.new('foo').path + ensure + t.close! + end +- +- def test_create_traversal_dir +- expect = Dir.glob(TRAVERSAL_PATH + '*').count +- Tempfile.create(TRAVERSAL_PATH + 'foo') +- actual = Dir.glob(TRAVERSAL_PATH + '*').count +- assert_equal expect, actual +- end + end +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name.patch b/SOURCES/ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name.patch new file mode 100644 index 0000000..afce93f --- /dev/null +++ b/SOURCES/ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name.patch @@ -0,0 +1,139 @@ +From 42f5f956c3dbae0151176762a42ce564d603975c Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 28 Mar 2018 14:34:14 +0000 +Subject: [PATCH] merge revision(s) 62990: + + Ignore file separator from tmpfile/tmpdir name. + + From: SHIBATA Hiroshi + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63017 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/tmpdir.rb | 2 ++ + test/test_tempfile.rb | 49 ++++++++++++++++++++++++++++++++++++++++++- + test/test_tmpdir.rb | 40 +++++++++++++++++++++++++++++++++++ + 3 files changed, 90 insertions(+), 1 deletion(-) + +diff --git a/lib/tmpdir.rb b/lib/tmpdir.rb +index 18d4fb683d..e483f16602 100644 +--- a/lib/tmpdir.rb ++++ b/lib/tmpdir.rb +@@ -116,6 +116,8 @@ class Dir + else + raise ArgumentError, "unexpected prefix_suffix: #{prefix_suffix.inspect}" + end ++ prefix = prefix.delete("#{File::SEPARATOR}#{File::ALT_SEPARATOR}") ++ suffix &&= suffix.delete("#{File::SEPARATOR}#{File::ALT_SEPARATOR}") + t = Time.now.strftime("%Y%m%d") + path = "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}" + path << "-#{n}" if n +diff --git a/test/test_tempfile.rb b/test/test_tempfile.rb +index 087d9ad31f..b6790a06af 100644 +--- a/test/test_tempfile.rb ++++ b/test/test_tempfile.rb +@@ -319,5 +319,52 @@ puts Tempfile.new('foo').path + assert_equal(0600, t.stat.mode & 0777) + end + end +-end + ++ def test_create_with_block ++ path = nil ++ Tempfile.create("tempfile-create") {|f| ++ path = f.path ++ assert(File.exist?(path)) ++ } ++ assert(!File.exist?(path)) ++ end ++ ++ def test_create_without_block ++ path = nil ++ f = Tempfile.create("tempfile-create") ++ path = f.path ++ assert(File.exist?(path)) ++ f.close ++ assert(File.exist?(path)) ++ ensure ++ f.close if f && !f.closed? ++ File.unlink path if path ++ end ++ ++ TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' ++ ++ def test_open_traversal_dir ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ t = Tempfile.open([TRAVERSAL_PATH, 'foo']) ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++ ensure ++ t.close! ++ end ++ ++ def test_new_traversal_dir ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ t = Tempfile.new(TRAVERSAL_PATH + 'foo') ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++ ensure ++ t.close! ++ end ++ ++ def test_create_traversal_dir ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ Tempfile.create(TRAVERSAL_PATH + 'foo') ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++ end ++end +diff --git a/test/test_tmpdir.rb b/test/test_tmpdir.rb +index 3bdce3542c..2585453183 100644 +--- a/test/test_tmpdir.rb ++++ b/test/test_tmpdir.rb +@@ -30,4 +30,44 @@ class TestTmpdir < Test::Unit::TestCase + ENV["HOME"] = home + Dir.rmdir(dir) if dir + end ++ ++ def test_mktmpdir_nil ++ Dir.mktmpdir(nil) {|d| ++ assert_kind_of(String, d) ++ } ++ end ++ ++ TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' ++ TRAVERSAL_PATH.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM ++ ++ def test_mktmpdir_traversal ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ Dir.mktmpdir(TRAVERSAL_PATH + 'foo') ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++ end ++ ++ def test_mktmpdir_traversal_array ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ Dir.mktmpdir([TRAVERSAL_PATH, 'foo']) ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++ end ++ ++ TRAVERSAL_PATH = Array.new(Dir.pwd.split('/').count, '..').join('/') + Dir.pwd + '/' ++ TRAVERSAL_PATH.delete!(':') if /mswin|mingw/ =~ RUBY_PLATFORM ++ ++ def test_mktmpdir_traversal ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ Dir.mktmpdir(TRAVERSAL_PATH + 'foo') ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++end ++ ++ def test_mktmpdir_traversal_array ++ expect = Dir.glob(TRAVERSAL_PATH + '*').count ++ Dir.mktmpdir([TRAVERSAL_PATH, 'foo']) ++ actual = Dir.glob(TRAVERSAL_PATH + '*').count ++ assert_equal expect, actual ++ end + end +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities-tests.patch b/SOURCES/ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities-tests.patch new file mode 100644 index 0000000..d9f11a7 --- /dev/null +++ b/SOURCES/ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities-tests.patch @@ -0,0 +1,16 @@ +diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb +index 29e2ce86b1..54ba245b32 100644 +--- a/test/rubygems/test_gem_package.rb ++++ b/test/rubygems/test_gem_package.rb +@@ -608,7 +608,7 @@ class TestGemPackage < Gem::Package::TarTestCase + bogus_data = Gem.gzip 'hello' + fake_signer = Class.new do + def digest_name; 'SHA512'; end +- def digest_algorithm; Digest(:SHA512); end ++ def digest_algorithm; OpenSSL::Digest::SHA512; end + def key; 'key'; end + def sign(*); 'fake_sig'; end + end +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities.patch b/SOURCES/ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities.patch new file mode 100644 index 0000000..65186ba --- /dev/null +++ b/SOURCES/ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities.patch @@ -0,0 +1,493 @@ +From d6f00c288f84523eec263455ff5bfc631bc27188 Mon Sep 17 00:00:00 2001 +From: usa +Date: Fri, 16 Feb 2018 16:27:56 +0000 +Subject: [PATCH] merge revision(s) 58471,58493,62436: [Backport #13505] + + load.c: backtrace of circular require + + * load.c (load_lock): print backtrace of circular require via + `Warning.warn` [ruby-core:80850] [Bug #13505] + + Send the backtrace of the circular require warning as a single String to Warning.warn + + * load.c: send as a single string. + * error.c: expose the string formatted by rb_warning as rb_warning_string(). + * test/ruby/test_exception.rb: update tests. + [ruby-core:80850] [Bug #13505] + + fix regexp literal warning. + + * test/rubygems/test_gem_server.rb: eliminate duplicated character class warning. + [Bug #14481] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@62441 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/rubygems/package.rb | 6 +- + lib/rubygems/package/tar_header.rb | 23 ++- + lib/rubygems/package/tar_writer.rb | 2 + + lib/rubygems/server.rb | 14 +- + lib/rubygems/specification.rb | 15 +- + test/rubygems/test_gem_package.rb | 49 +++++- + test/rubygems/test_gem_package_tar_header.rb | 21 +++ + test/rubygems/test_gem_server.rb | 165 +++++++++++++++++++ + test/rubygems/test_gem_specification.rb | 17 +- + 9 files changed, 295 insertions(+), 17 deletions(-) + +diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb +index c2bbda9b05..9ed5b2c9ed 100644 +--- a/lib/rubygems/package.rb ++++ b/lib/rubygems/package.rb +@@ -374,7 +374,7 @@ EOM + destination = File.expand_path destination + + raise Gem::Package::PathError.new(destination, destination_dir) unless +- destination.start_with? destination_dir ++ destination.start_with? destination_dir + '/' + + destination.untaint + destination +@@ -541,6 +541,10 @@ EOM + raise Gem::Package::FormatError.new \ + 'package content (data.tar.gz) is missing', @gem + end ++ ++ if duplicates = @files.group_by {|f| f }.select {|k,v| v.size > 1 }.map(&:first) and duplicates.any? ++ raise Gem::Security::Exception, "duplicate files in the package: (#{duplicates.map(&:inspect).join(', ')})" ++ end + end + + ## +diff --git a/lib/rubygems/package/tar_header.rb b/lib/rubygems/package/tar_header.rb +index 28da1db0b5..7d75ff5d46 100644 +--- a/lib/rubygems/package/tar_header.rb ++++ b/lib/rubygems/package/tar_header.rb +@@ -103,25 +103,30 @@ class Gem::Package::TarHeader + fields = header.unpack UNPACK_FORMAT + + new :name => fields.shift, +- :mode => fields.shift.oct, +- :uid => fields.shift.oct, +- :gid => fields.shift.oct, +- :size => fields.shift.oct, +- :mtime => fields.shift.oct, +- :checksum => fields.shift.oct, ++ :mode => strict_oct(fields.shift), ++ :uid => strict_oct(fields.shift), ++ :gid => strict_oct(fields.shift), ++ :size => strict_oct(fields.shift), ++ :mtime => strict_oct(fields.shift), ++ :checksum => strict_oct(fields.shift), + :typeflag => fields.shift, + :linkname => fields.shift, + :magic => fields.shift, +- :version => fields.shift.oct, ++ :version => strict_oct(fields.shift), + :uname => fields.shift, + :gname => fields.shift, +- :devmajor => fields.shift.oct, +- :devminor => fields.shift.oct, ++ :devmajor => strict_oct(fields.shift), ++ :devminor => strict_oct(fields.shift), + :prefix => fields.shift, + + :empty => empty + end + ++ def self.strict_oct(str) ++ return str.oct if str =~ /\A[0-7]*\z/ ++ raise ArgumentError, "#{str.inspect} is not an octal string" ++ end ++ + ## + # Creates a new TarHeader using +vals+ + +diff --git a/lib/rubygems/package/tar_writer.rb b/lib/rubygems/package/tar_writer.rb +index f2c11e3544..0fbc1770fb 100644 +--- a/lib/rubygems/package/tar_writer.rb ++++ b/lib/rubygems/package/tar_writer.rb +@@ -176,6 +176,8 @@ class Gem::Package::TarWriter + digest.name == signer.digest_name + end + ++ raise "no #{signer.digest_name} in #{digests.values.compact}" unless signature_digest ++ + signature = signer.sign signature_digest.digest + + add_file_simple "#{name}.sig", 0444, signature.length do |io| +diff --git a/lib/rubygems/server.rb b/lib/rubygems/server.rb +index f2d1428489..af1448e79c 100644 +--- a/lib/rubygems/server.rb ++++ b/lib/rubygems/server.rb +@@ -595,6 +595,18 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; } + executables = nil if executables.empty? + executables.last["is_last"] = true if executables + ++ # Pre-process spec homepage for safety reasons ++ begin ++ homepage_uri = URI.parse(spec.homepage) ++ if [URI::HTTP, URI::HTTPS].member? homepage_uri.class ++ homepage_uri = spec.homepage ++ else ++ homepage_uri = "." ++ end ++ rescue URI::InvalidURIError ++ homepage_uri = "." ++ end ++ + specs << { + "authors" => spec.authors.sort.join(", "), + "date" => spec.date.to_s, +@@ -604,7 +616,7 @@ div.method-source-code pre { color: #ffdead; overflow: hidden; } + "only_one_executable" => (executables && executables.size == 1), + "full_name" => spec.full_name, + "has_deps" => !deps.empty?, +- "homepage" => spec.homepage, ++ "homepage" => homepage_uri, + "name" => spec.name, + "rdoc_installed" => Gem::RDoc.new(spec).rdoc_installed?, + "ri_installed" => Gem::RDoc.new(spec).ri_installed?, +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index c3e39b4759..d04c08b828 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -9,6 +9,7 @@ require 'rubygems/version' + require 'rubygems/requirement' + require 'rubygems/platform' + require 'rubygems/deprecate' ++require 'uri' + + # :stopdoc: + # date.rb can't be loaded for `make install` due to miniruby +@@ -2503,10 +2504,16 @@ class Gem::Specification + raise Gem::InvalidSpecificationException, "#{lazy} is not a summary" + end + +- if homepage and not homepage.empty? and +- homepage !~ /\A[a-z][a-z\d+.-]*:/i then +- raise Gem::InvalidSpecificationException, +- "\"#{homepage}\" is not a URI" ++ # Make sure a homepage is valid HTTP/HTTPS URI ++ if homepage and not homepage.empty? ++ begin ++ homepage_uri = URI.parse(homepage) ++ unless [URI::HTTP, URI::HTTPS].member? homepage_uri.class ++ raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI" ++ end ++ rescue URI::InvalidURIError ++ raise Gem::InvalidSpecificationException, "\"#{homepage}\" is not a valid HTTP URI" ++ end + end + + # Warnings +diff --git a/test/rubygems/test_gem_package.rb b/test/rubygems/test_gem_package.rb +index c77fc47ada..29e2ce86b1 100644 +--- a/test/rubygems/test_gem_package.rb ++++ b/test/rubygems/test_gem_package.rb +@@ -360,6 +360,21 @@ class TestGemPackage < Gem::Package::TarTestCase + "#{@destination} is not allowed", e.message) + end + ++ def test_install_location_suffix ++ package = Gem::Package.new @gem ++ ++ filename = "../#{File.basename(@destination)}suffix.rb" ++ ++ e = assert_raises Gem::Package::PathError do ++ package.install_location filename, @destination ++ end ++ ++ parent = File.expand_path File.join @destination, filename ++ ++ assert_equal("installing into parent path #{parent} of " + ++ "#{@destination} is not allowed", e.message) ++ end ++ + def test_load_spec + entry = StringIO.new Gem.gzip @spec.to_yaml + def entry.full_name() 'metadata.gz' end +@@ -514,6 +529,32 @@ class TestGemPackage < Gem::Package::TarTestCase + assert_match %r%nonexistent.gem$%, e.message + end + ++ def test_verify_duplicate_file ++ FileUtils.mkdir_p 'lib' ++ FileUtils.touch 'lib/code.rb' ++ ++ build = Gem::Package.new @gem ++ build.spec = @spec ++ build.setup_signer ++ open @gem, 'wb' do |gem_io| ++ Gem::Package::TarWriter.new gem_io do |gem| ++ build.add_metadata gem ++ build.add_contents gem ++ ++ gem.add_file_simple 'a.sig', 0444, 0 ++ gem.add_file_simple 'a.sig', 0444, 0 ++ end ++ end ++ ++ package = Gem::Package.new @gem ++ ++ e = assert_raises Gem::Security::Exception do ++ package.verify ++ end ++ ++ assert_equal 'duplicate files in the package: ("a.sig")', e.message ++ end ++ + def test_verify_security_policy + package = Gem::Package.new @gem + package.security_policy = Gem::Security::HighSecurity +@@ -565,7 +606,13 @@ class TestGemPackage < Gem::Package::TarTestCase + + # write bogus data.tar.gz to foil signature + bogus_data = Gem.gzip 'hello' +- gem.add_file_simple 'data.tar.gz', 0444, bogus_data.length do |io| ++ fake_signer = Class.new do ++ def digest_name; 'SHA512'; end ++ def digest_algorithm; Digest(:SHA512); end ++ def key; 'key'; end ++ def sign(*); 'fake_sig'; end ++ end ++ gem.add_file_signed 'data2.tar.gz', 0444, fake_signer.new do |io| + io.write bogus_data + end + +diff --git a/test/rubygems/test_gem_package_tar_header.rb b/test/rubygems/test_gem_package_tar_header.rb +index 5d855435ec..ee30d4afd6 100644 +--- a/test/rubygems/test_gem_package_tar_header.rb ++++ b/test/rubygems/test_gem_package_tar_header.rb +@@ -126,5 +126,26 @@ group\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000 + assert_equal '012467', @tar_header.checksum + end + ++ def test_from_bad_octal ++ test_cases = [ ++ "00000006,44\000", # bogus character ++ "00000006789\000", # non-octal digit ++ "+0000001234\000", # positive sign ++ "-0000001000\000", # negative sign ++ "0x000123abc\000", # radix prefix ++ ] ++ ++ test_cases.each do |val| ++ header_s = @tar_header.to_s ++ # overwrite the size field ++ header_s[124, 12] = val ++ io = TempIO.new header_s ++ assert_raises ArgumentError do ++ new_header = Gem::Package::TarHeader.from io ++ end ++ io.close! if io.respond_to? :close! ++ end ++ end ++ + end + +diff --git a/test/rubygems/test_gem_server.rb b/test/rubygems/test_gem_server.rb +index bf30399db2..5344ebbe69 100644 +--- a/test/rubygems/test_gem_server.rb ++++ b/test/rubygems/test_gem_server.rb +@@ -268,6 +268,171 @@ class TestGemServer < Gem::TestCase + assert_match 'z 9', @res.body + end + ++ ++ def test_xss_homepage_fix_289313 ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'xsshomepagegem', 1 ++ spec.homepage = "javascript:confirm(document.domain)" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'xsshomepagegem 1', @res.body ++ ++ # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a ++ # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here, ++ # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be ++ # validated in future versions of Gem::Specification. ++ # ++ # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex: ++ # ++ # Variant #1 - rdoc not installed ++ # ++ # xsshomepagegem 1 ++ # ++ # ++ # [rdoc] ++ # ++ # ++ # ++ # [www] ++ # ++ # Variant #2 - rdoc installed ++ # ++ # xsshomepagegem 1 ++ # ++ # ++ # \[rdoc\]<\/a> ++ # ++ # ++ # ++ # [www] ++ regex_match = /xsshomepagegem 1<\/b>[\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\s]+\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ ++ def test_invalid_homepage ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'invalidhomepagegem', 1 ++ spec.homepage = "notavalidhomepageurl" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'invalidhomepagegem 1', @res.body ++ ++ # This verifies that the homepage for this spec is not displayed and is set to ".", because it's not a ++ # valid HTTP/HTTPS URL and could be unsafe in an HTML context. We would prefer to throw an exception here, ++ # but spec.homepage is currently free form and not currently required to be a URL, this behavior may be ++ # validated in future versions of Gem::Specification. ++ # ++ # There are two variant we're checking here, one where rdoc is not present, and one where rdoc is present in the same regex: ++ # ++ # Variant #1 - rdoc not installed ++ # ++ # invalidhomepagegem 1 ++ # ++ # ++ # [rdoc] ++ # ++ # ++ # ++ # [www] ++ # ++ # Variant #2 - rdoc installed ++ # ++ # invalidhomepagegem 1 ++ # ++ # ++ # \[rdoc\]<\/a> ++ # ++ # ++ # ++ # [www] ++ regex_match = /invalidhomepagegem 1<\/b>[\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\s]+\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ ++ def test_valid_homepage_http ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'validhomepagegemhttp', 1 ++ spec.homepage = "http://rubygems.org" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'validhomepagegemhttp 1', @res.body ++ ++ regex_match = /validhomepagegemhttp 1<\/b>[\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\s]+\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ ++ def test_valid_homepage_https ++ data = StringIO.new "GET / HTTP/1.0\r\n\r\n" ++ dir = "#{@gemhome}2" ++ ++ spec = util_spec 'validhomepagegemhttps', 1 ++ spec.homepage = "https://rubygems.org" ++ ++ specs_dir = File.join dir, 'specifications' ++ FileUtils.mkdir_p specs_dir ++ ++ open File.join(specs_dir, spec.spec_name), 'w' do |io| ++ io.write spec.to_ruby ++ end ++ ++ server = Gem::Server.new dir, process_based_port, false ++ ++ @req.parse data ++ ++ server.root @req, @res ++ ++ assert_equal 200, @res.status ++ assert_match 'validhomepagegemhttps 1', @res.body ++ ++ regex_match = /validhomepagegemhttps 1<\/b>[\s]+(\[rdoc\]<\/span>|\[rdoc\]<\/a>)[\s]+\[www\]<\/a>/ ++ assert_match regex_match, @res.body ++ end ++ + def test_specs + data = StringIO.new "GET /specs.#{Gem.marshal_version} HTTP/1.0\r\n\r\n" + @req.parse data +diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb +index 85db5356f2..65984675e1 100644 +--- a/test/rubygems/test_gem_specification.rb ++++ b/test/rubygems/test_gem_specification.rb +@@ -1586,7 +1586,22 @@ end + @a1.validate + end + +- assert_equal '"over at my cool site" is not a URI', e.message ++ assert_equal '"over at my cool site" is not a valid HTTP URI', e.message ++ ++ @a1.homepage = 'ftp://rubygems.org' ++ ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ ++ assert_equal '"ftp://rubygems.org" is not a valid HTTP URI', e.message ++ ++ @a1.homepage = 'http://rubygems.org' ++ assert_equal true, @a1.validate ++ ++ @a1.homepage = 'https://rubygems.org' ++ assert_equal true, @a1.validate ++ + end + end + +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.10-webrick-prevent-response.patch b/SOURCES/ruby-2.2.10-webrick-prevent-response.patch new file mode 100644 index 0000000..76a0f26 --- /dev/null +++ b/SOURCES/ruby-2.2.10-webrick-prevent-response.patch @@ -0,0 +1,120 @@ +From 3f591af1e74ec511e38bd40afc9ebbceacdc9fef Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 28 Mar 2018 14:50:27 +0000 +Subject: [PATCH] webrick: prevent response splitting and header injection + +Original patch by tenderlove (with minor style adjustments). + +* lib/webrick/httpresponse.rb (send_header): call check_header + (check_header): raise on embedded CRLF in header value +* test/webrick/test_httpresponse.rb + (test_prevent_response_splitting_headers): new test +* (test_prevent_response_splitting_cookie_headers): ditto + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@63022 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/webrick/httpresponse.rb | 27 +++++++++++++++++++++++++-- + test/webrick/test_httpresponse.rb | 23 +++++++++++++++++++++++ + 2 files changed, 48 insertions(+), 2 deletions(-) + +diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb +index 8e3eb39a31..11cc78d845 100644 +--- a/lib/webrick/httpresponse.rb ++++ b/lib/webrick/httpresponse.rb +@@ -20,6 +20,8 @@ module WEBrick + # WEBrick HTTP Servlet. + + class HTTPResponse ++ class InvalidHeader < StandardError ++ end + + ## + # HTTP Response version +@@ -285,14 +287,19 @@ module WEBrick + data = status_line() + @header.each{|key, value| + tmp = key.gsub(/\bwww|^te$|\b\w/){ $&.upcase } +- data << "#{tmp}: #{value}" << CRLF ++ data << "#{tmp}: #{check_header(value)}" << CRLF + } + @cookies.each{|cookie| +- data << "Set-Cookie: " << cookie.to_s << CRLF ++ data << "Set-Cookie: " << check_header(cookie.to_s) << CRLF + } + data << CRLF + _write_data(socket, data) + end ++ rescue InvalidHeader => e ++ @header.clear ++ @cookies.clear ++ set_error e ++ retry + end + + ## +@@ -349,6 +356,22 @@ module WEBrick + host, port = @config[:ServerName], @config[:Port] + end + ++ error_body(backtrace, ex, host, port) ++ end ++ ++ private ++ ++ def check_header(header_value) ++ if header_value =~ /\r\n/ ++ raise InvalidHeader ++ else ++ header_value ++ end ++ end ++ ++ # :stopdoc: ++ ++ def error_body(backtrace, ex, host, port) + @body = '' + @body << <<-_end_of_html_ + +diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb +index d5d5552796..bdf38e6b5c 100644 +--- a/test/webrick/test_httpresponse.rb ++++ b/test/webrick/test_httpresponse.rb +@@ -1,5 +1,7 @@ + require "webrick" + require "minitest/autorun" ++require "stringio" ++require "net/http" + + module WEBrick + class TestHTTPResponse < MiniTest::Unit::TestCase +@@ -26,6 +28,27 @@ module WEBrick + @res.keep_alive = true + end + ++ def test_prevent_response_splitting_headers ++ res['X-header'] = "malicious\r\nCookie: hack" ++ io = StringIO.new ++ res.send_response io ++ io.rewind ++ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) ++ assert_equal '500', res.code ++ refute_match 'hack', io.string ++ end ++ ++ def test_prevent_response_splitting_cookie_headers ++ user_input = "malicious\r\nCookie: hack" ++ res.cookies << WEBrick::Cookie.new('author', user_input) ++ io = StringIO.new ++ res.send_response io ++ io.rewind ++ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io)) ++ assert_equal '500', res.code ++ refute_match 'hack', io.string ++ end ++ + def test_304_does_not_log_warning + res.status = 304 + res.setup_header +-- +2.17.1 + diff --git a/SOURCES/ruby-2.2.4-check-length-of-selected-NPN-protocol.patch b/SOURCES/ruby-2.2.4-check-length-of-selected-NPN-protocol.patch new file mode 100644 index 0000000..98463c2 --- /dev/null +++ b/SOURCES/ruby-2.2.4-check-length-of-selected-NPN-protocol.patch @@ -0,0 +1,102 @@ +From 950fd771fb8908968cce67a38fdde69ef0cd2b80 Mon Sep 17 00:00:00 2001 +From: nagachika +Date: Fri, 27 Nov 2015 21:24:30 +0000 +Subject: [PATCH] merge revision(s) 52227,52228: [Backport #11369] + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error + in ext/openssl instead of OpenSSL itself because LibreSSL + silently truncate the selected protocol name by casting the length + from int to unsigned char. [Bug #11369] + Patch by Jeremy Evans + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@52772 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 8 ++++++++ + ext/openssl/ossl_ssl.c | 43 +++++++++++++++++++++++++++++++------------ + 2 files changed, 39 insertions(+), 12 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 161a4b9..160143c 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -36,6 +36,14 @@ + + * ext/dl/handle.c (rb_dlhandle_sym): ditto + ++Sat Nov 28 06:12:32 2015 NARUSE, Yui ++ ++ * ext/openssl/ossl_ssl.c (ssl_npn_select_cb): explicitly raise error ++ in ext/openssl instead of OpenSSL itself because LibreSSL ++ silently truncate the selected protocol name by casting the length ++ from int to unsigned char. [Bug #11369] ++ Patch by Jeremy Evans ++ + Tue Aug 18 22:00:12 2015 SHIBATA Hiroshi + + * lib/rubygems.rb: bump version to 2.0.14.1. this version fixed +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index 75e26a4..6e777c9 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -601,29 +601,48 @@ ssl_npn_advertise_cb(SSL *ssl, const unsigned char **out, unsigned int *outlen, + } + + static int +-ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) ++ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen) + { +- int i = 0; +- VALUE sslctx_obj, cb, protocols, selected; +- +- sslctx_obj = (VALUE) arg; +- cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); +- protocols = rb_ary_new(); ++ VALUE selected; ++ long len; ++ unsigned char l; ++ VALUE protocols = rb_ary_new(); + + /* The format is len_1|proto_1|...|len_n|proto_n\0 */ +- while (in[i]) { +- VALUE protocol = rb_str_new((const char *) &in[i + 1], in[i]); ++ while (l = *in++) { ++ VALUE protocol; ++ if (l > inlen) { ++ ossl_raise(eSSLError, "Invalid protocol name list"); ++ } ++ protocol = rb_str_new((const char *)in, l); + rb_ary_push(protocols, protocol); +- i += in[i] + 1; ++ in += l; ++ inlen -= l; + } + + selected = rb_funcall(cb, rb_intern("call"), 1, protocols); + StringValue(selected); +- *out = (unsigned char *) StringValuePtr(selected); +- *outlen = RSTRING_LENINT(selected); ++ len = RSTRING_LEN(selected); ++ if (len < 1 || len >= 256) { ++ ossl_raise(eSSLError, "Selected protocol name must have length 1..255"); ++ } ++ *out = (unsigned char *)RSTRING_PTR(selected); ++ *outlen = (unsigned char)len; + + return SSL_TLSEXT_ERR_OK; + } ++ ++static int ++ssl_npn_select_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg) ++{ ++ VALUE sslctx_obj, cb; ++ ++ sslctx_obj = (VALUE) arg; ++ cb = rb_iv_get(sslctx_obj, "@npn_select_cb"); ++ ++ return ssl_npn_select_cb_common(cb, (const unsigned char **)out, outlen, in, inlen); ++} ++ + #endif + + /* This function may serve as the entry point to support further diff --git a/SOURCES/ruby-2.2.6-fix-parsing-protocol-list.patch b/SOURCES/ruby-2.2.6-fix-parsing-protocol-list.patch new file mode 100644 index 0000000..99f20ce --- /dev/null +++ b/SOURCES/ruby-2.2.6-fix-parsing-protocol-list.patch @@ -0,0 +1,63 @@ +From 30238f96081e47178237e58f5229850514858fd3 Mon Sep 17 00:00:00 2001 +From: usa +Date: Tue, 15 Nov 2016 06:33:36 +0000 +Subject: [PATCH] merge revision(s) 53064: [Backport #11810] + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@56798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 7 +++++++ + ext/openssl/ossl_ssl.c | 17 +++++++---------- + 2 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index cae6e73..f8f303e 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++Tue Nov 15 15:29:36 2016 NARUSE, Yui ++ ++ * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing ++ protocol list. ++ The protocol list from OpenSSL is not null-terminated. ++ patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ + Thu Feb 25 19:49:31 2016 Nobuyoshi Nakada + + * ext/socket/socket.c (sock_gethostname): support unlimited size +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index 0da1eb1..5b00cb7 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -605,19 +605,16 @@ ssl_npn_select_cb_common(VALUE cb, const unsigned char **out, unsigned char *out + { + VALUE selected; + long len; +- unsigned char l; + VALUE protocols = rb_ary_new(); ++ unsigned char l; ++ const unsigned char *in_end = in + inlen; + +- /* The format is len_1|proto_1|...|len_n|proto_n\0 */ +- while (l = *in++) { +- VALUE protocol; +- if (l > inlen) { +- ossl_raise(eSSLError, "Invalid protocol name list"); +- } +- protocol = rb_str_new((const char *)in, l); +- rb_ary_push(protocols, protocol); ++ /* assume OpenSSL verifies this format */ ++ /* The format is len_1|proto_1|...|len_n|proto_n */ ++ while (in < in_end) { ++ l = *in++; ++ rb_ary_push(protocols, rb_str_new((const char *)in, l)); + in += l; +- inlen -= l; + } + + selected = rb_funcall(cb, rb_intern("call"), 1, protocols); diff --git a/SOURCES/ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch b/SOURCES/ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch new file mode 100644 index 0000000..f095685 --- /dev/null +++ b/SOURCES/ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch @@ -0,0 +1,184 @@ +From 4fdfb28e7d2e3eefc0df1e1d034fbfc932c0d2a1 Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:35:52 +0000 +Subject: [PATCH] merge revision(s) 58453,58454: [Backport #13499] + + Fix space flag when Inf/NaN and width==3 + + * sprintf.c (rb_str_format): while `"% 2f"` and `"% 4f"` result in + `" Inf"` and `" Inf"` respectively, `"% 3f"` results in + `"Inf"` (no space). + Refactor "%f" % Inf/NaN + + * sprintf.c (rb_str_format): as for non-finite float, calculate + the exact needed size with the space flag. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59901 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 12 ++++++++++ + sprintf.c | 37 +++++++++++++++----------------- + test/ruby/test_sprintf.rb | 52 ++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 81 insertions(+), 20 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index ef36ffbd1552..a4594f678f8c 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,18 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Thu Sep 14 20:33:52 2017 Nobuyoshi Nakada ++ ++ Fix space flag when Inf/NaN and width==3 ++ ++ * sprintf.c (rb_str_format): while "% 2f" and "% 4f" result in " Inf" ++ and " Inf" respectively, "% 3f" results in "Inf" (no space). ++ ++ Refactor "%f" % Inf/NaN ++ ++ * sprintf.c (rb_str_format): as for non-finite float, calculate the ++ exact needed size with the space flag. + + Sun Sep 10 10:10:05 2017 SHIBATA Hiroshi + +diff --git a/sprintf.c b/sprintf.c +index 70c7cceb14d6..db7499979dc3 100644 +--- a/sprintf.c ++++ b/sprintf.c +@@ -1025,6 +1025,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) + fval = RFLOAT_VALUE(rb_Float(val)); + if (isnan(fval) || isinf(fval)) { + const char *expr; ++ int elen; ++ char sign = '\0'; + + if (isnan(fval)) { + expr = "NaN"; +@@ -1033,33 +1035,28 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) + expr = "Inf"; + } + need = (int)strlen(expr); +- if ((!isnan(fval) && fval < 0.0) || (flags & FPLUS)) +- need++; ++ elen = need; ++ i = 0; ++ if (!isnan(fval) && fval < 0.0) ++ sign = '-'; ++ else if (flags & (FPLUS|FSPACE)) ++ sign = (flags & FPLUS) ? '+' : ' '; ++ if (sign) ++ ++need; + if ((flags & FWIDTH) && need < width) + need = width; + +- CHECK(need + 1); +- snprintf(&buf[blen], need + 1, "%*s", need, ""); ++ FILL(' ', need); + if (flags & FMINUS) { +- if (!isnan(fval) && fval < 0.0) +- buf[blen++] = '-'; +- else if (flags & FPLUS) +- buf[blen++] = '+'; +- else if (flags & FSPACE) +- blen++; +- memcpy(&buf[blen], expr, strlen(expr)); ++ if (sign) ++ buf[blen - need--] = sign; ++ memcpy(&buf[blen - need], expr, elen); + } + else { +- if (!isnan(fval) && fval < 0.0) +- buf[blen + need - strlen(expr) - 1] = '-'; +- else if (flags & FPLUS) +- buf[blen + need - strlen(expr) - 1] = '+'; +- else if ((flags & FSPACE) && need > width) +- blen++; +- memcpy(&buf[blen + need - strlen(expr)], expr, +- strlen(expr)); ++ if (sign) ++ buf[blen - elen - 1] = sign; ++ memcpy(&buf[blen - elen], expr, elen); + } +- blen += strlen(&buf[blen]); + break; + } + +diff --git a/test/ruby/test_sprintf.rb b/test/ruby/test_sprintf.rb +index 3fd4736a54b0..ab3037a8f267 100644 +--- a/test/ruby/test_sprintf.rb ++++ b/test/ruby/test_sprintf.rb +@@ -84,6 +84,18 @@ def test_nan + assert_equal("NaN", sprintf("%-f", nan)) + assert_equal("+NaN", sprintf("%+f", nan)) + ++ assert_equal("NaN", sprintf("%3f", nan)) ++ assert_equal("NaN", sprintf("%-3f", nan)) ++ assert_equal("+NaN", sprintf("%+3f", nan)) ++ ++ assert_equal(" NaN", sprintf("% 3f", nan)) ++ assert_equal(" NaN", sprintf("%- 3f", nan)) ++ assert_equal("+NaN", sprintf("%+ 3f", nan)) ++ ++ assert_equal(" NaN", sprintf("% 03f", nan)) ++ assert_equal(" NaN", sprintf("%- 03f", nan)) ++ assert_equal("+NaN", sprintf("%+ 03f", nan)) ++ + assert_equal(" NaN", sprintf("%8f", nan)) + assert_equal("NaN ", sprintf("%-8f", nan)) + assert_equal(" +NaN", sprintf("%+8f", nan)) +@@ -107,6 +119,26 @@ def test_inf + assert_equal("Inf", sprintf("%-f", inf)) + assert_equal("+Inf", sprintf("%+f", inf)) + ++ assert_equal(" Inf", sprintf("% f", inf)) ++ assert_equal(" Inf", sprintf("%- f", inf)) ++ assert_equal("+Inf", sprintf("%+ f", inf)) ++ ++ assert_equal(" Inf", sprintf("% 0f", inf)) ++ assert_equal(" Inf", sprintf("%- 0f", inf)) ++ assert_equal("+Inf", sprintf("%+ 0f", inf)) ++ ++ assert_equal("Inf", sprintf("%3f", inf)) ++ assert_equal("Inf", sprintf("%-3f", inf)) ++ assert_equal("+Inf", sprintf("%+3f", inf)) ++ ++ assert_equal(" Inf", sprintf("% 3f", inf)) ++ assert_equal(" Inf", sprintf("%- 3f", inf)) ++ assert_equal("+Inf", sprintf("%+ 3f", inf)) ++ ++ assert_equal(" Inf", sprintf("% 03f", inf)) ++ assert_equal(" Inf", sprintf("%- 03f", inf)) ++ assert_equal("+Inf", sprintf("%+ 03f", inf)) ++ + assert_equal(" Inf", sprintf("%8f", inf)) + assert_equal("Inf ", sprintf("%-8f", inf)) + assert_equal(" +Inf", sprintf("%+8f", inf)) +@@ -127,6 +159,26 @@ def test_inf + assert_equal("-Inf", sprintf("%-f", -inf)) + assert_equal("-Inf", sprintf("%+f", -inf)) + ++ assert_equal("-Inf", sprintf("% f", -inf)) ++ assert_equal("-Inf", sprintf("%- f", -inf)) ++ assert_equal("-Inf", sprintf("%+ f", -inf)) ++ ++ assert_equal("-Inf", sprintf("% 0f", -inf)) ++ assert_equal("-Inf", sprintf("%- 0f", -inf)) ++ assert_equal("-Inf", sprintf("%+ 0f", -inf)) ++ ++ assert_equal("-Inf", sprintf("%4f", -inf)) ++ assert_equal("-Inf", sprintf("%-4f", -inf)) ++ assert_equal("-Inf", sprintf("%+4f", -inf)) ++ ++ assert_equal("-Inf", sprintf("% 4f", -inf)) ++ assert_equal("-Inf", sprintf("%- 4f", -inf)) ++ assert_equal("-Inf", sprintf("%+ 4f", -inf)) ++ ++ assert_equal("-Inf", sprintf("% 04f", -inf)) ++ assert_equal("-Inf", sprintf("%- 04f", -inf)) ++ assert_equal("-Inf", sprintf("%+ 04f", -inf)) ++ + assert_equal(" -Inf", sprintf("%8f", -inf)) + assert_equal("-Inf ", sprintf("%-8f", -inf)) + assert_equal(" -Inf", sprintf("%+8f", -inf)) diff --git a/SOURCES/ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch b/SOURCES/ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch new file mode 100644 index 0000000..564c538 --- /dev/null +++ b/SOURCES/ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch @@ -0,0 +1,97 @@ +From d629ce0baa47ce800a26b451215dbeb20b3fb05c Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:44:37 +0000 +Subject: [PATCH] * ext/json: bump to version 1.8.1.1. [Backport #13853] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59904 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 4 ++++ + ext/json/generator/generator.c | 12 ++++++------ + ext/json/generator/generator.h | 1 - + 3 files changed, 10 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 6288f67500fd..65f2d6bc08ac 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,10 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Thu Sep 14 20:44:26 2017 SHIBATA Hiroshi ++ ++ * ext/json: bump to version 1.8.1.1. [Backport #13853] + + Thu Sep 14 20:36:54 2017 Yusuke Endoh + +diff --git a/ext/json/generator/generator.c b/ext/json/generator/generator.c +index f56ac09cd286..ae0e73fcbce3 100644 +--- a/ext/json/generator/generator.c ++++ b/ext/json/generator/generator.c +@@ -290,7 +290,7 @@ static char *fstrndup(const char *ptr, unsigned long len) { + char *result; + if (len <= 0) return NULL; + result = ALLOC_N(char, len); +- memccpy(result, ptr, 0, len); ++ memcpy(result, ptr, len); + return result; + } + +@@ -1025,7 +1025,7 @@ static VALUE cState_indent_set(VALUE self, VALUE indent) + } + } else { + if (state->indent) ruby_xfree(state->indent); +- state->indent = strdup(RSTRING_PTR(indent)); ++ state->indent = fstrndup(RSTRING_PTR(indent), len); + state->indent_len = len; + } + return Qnil; +@@ -1063,7 +1063,7 @@ static VALUE cState_space_set(VALUE self, VALUE space) + } + } else { + if (state->space) ruby_xfree(state->space); +- state->space = strdup(RSTRING_PTR(space)); ++ state->space = fstrndup(RSTRING_PTR(space), len); + state->space_len = len; + } + return Qnil; +@@ -1099,7 +1099,7 @@ static VALUE cState_space_before_set(VALUE self, VALUE space_before) + } + } else { + if (state->space_before) ruby_xfree(state->space_before); +- state->space_before = strdup(RSTRING_PTR(space_before)); ++ state->space_before = fstrndup(RSTRING_PTR(space_before), len); + state->space_before_len = len; + } + return Qnil; +@@ -1136,7 +1136,7 @@ static VALUE cState_object_nl_set(VALUE self, VALUE object_nl) + } + } else { + if (state->object_nl) ruby_xfree(state->object_nl); +- state->object_nl = strdup(RSTRING_PTR(object_nl)); ++ state->object_nl = fstrndup(RSTRING_PTR(object_nl), len); + state->object_nl_len = len; + } + return Qnil; +@@ -1171,7 +1171,7 @@ static VALUE cState_array_nl_set(VALUE self, VALUE array_nl) + } + } else { + if (state->array_nl) ruby_xfree(state->array_nl); +- state->array_nl = strdup(RSTRING_PTR(array_nl)); ++ state->array_nl = fstrndup(RSTRING_PTR(array_nl), len); + state->array_nl_len = len; + } + return Qnil; +diff --git a/ext/json/generator/generator.h b/ext/json/generator/generator.h +index ddd1aa8a309b..395d71e9d34d 100644 +--- a/ext/json/generator/generator.h ++++ b/ext/json/generator/generator.h +@@ -1,7 +1,6 @@ + #ifndef _GENERATOR_H_ + #define _GENERATOR_H_ + +-#include + #include + #include + diff --git a/SOURCES/ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch b/SOURCES/ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch new file mode 100644 index 0000000..bb29b28 --- /dev/null +++ b/SOURCES/ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch @@ -0,0 +1,118 @@ +From 5450329ad1778d72f117b68e5edb97ae1bf4d438 Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:41:59 +0000 +Subject: [PATCH] asn1: fix out-of-bounds read in decoding constructed objects + +* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of + out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the + correct available length to ossl_asn1_decode() when decoding the + inner components of a constructed object. This can cause + out-of-bounds read if a crafted input given. + +Reference: https://hackerone.com/reports/170316 +https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59903 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 13 +++++++++++++ + ext/openssl/ossl_asn1.c | 13 ++++++------- + test/openssl/test_asn1.rb | 23 +++++++++++++++++++++++ + 3 files changed, 42 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 7561c35eb705..6288f67500fd 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -17,6 +17,19 @@ + Thu Sep 14 20:44:26 2017 SHIBATA Hiroshi + + * ext/json: bump to version 1.8.1.1. [Backport #13853] ++ ++Thu Sep 14 20:39:39 2017 Kazuki Yamaguchi ++ ++ asn1: fix out-of-bounds read in decoding constructed objects ++ ++ * OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of ++ out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the ++ correct available length to ossl_asn1_decode() when decoding the ++ inner components of a constructed object. This can cause ++ out-of-bounds read if a crafted input given. ++ ++ Reference: https://hackerone.com/reports/170316 ++ https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b + + Thu Sep 14 20:36:54 2017 Yusuke Endoh + +diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c +index 6d564a312f35..719063c551e5 100644 +--- a/ext/openssl/ossl_asn1.c ++++ b/ext/openssl/ossl_asn1.c +@@ -871,19 +871,18 @@ int_ossl_asn1_decode0_cons(unsigned char **pp, long max_len, long length, + { + VALUE value, asn1data, ary; + int infinite; +- long off = *offset; ++ long available_len, off = *offset; + + infinite = (j == 0x21); + ary = rb_ary_new(); + +- while (length > 0 || infinite) { ++ available_len = infinite ? max_len : length; ++ while (available_len > 0) { + long inner_read = 0; +- value = ossl_asn1_decode0(pp, max_len, &off, depth + 1, yield, &inner_read); ++ value = ossl_asn1_decode0(pp, available_len, &off, depth + 1, yield, &inner_read); + *num_read += inner_read; +- max_len -= inner_read; ++ available_len -= inner_read; + rb_ary_push(ary, value); +- if (length > 0) +- length -= inner_read; + + if (infinite && + NUM2INT(ossl_asn1_get_tag(value)) == V_ASN1_EOC && +@@ -974,7 +973,7 @@ ossl_asn1_decode0(unsigned char **pp, long length, long *offset, int depth, + if(j & V_ASN1_CONSTRUCTED) { + *pp += hlen; + off += hlen; +- asn1data = int_ossl_asn1_decode0_cons(pp, length, len, &off, depth, yield, j, tag, tag_class, &inner_read); ++ asn1data = int_ossl_asn1_decode0_cons(pp, length - hlen, len, &off, depth, yield, j, tag, tag_class, &inner_read); + inner_read += hlen; + } + else { +diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb +index 9fb5a551c66d..a6d7c2c14e00 100644 +--- a/test/openssl/test_asn1.rb ++++ b/test/openssl/test_asn1.rb +@@ -595,6 +595,29 @@ def test_recursive_octet_string_parse + assert_equal(false, asn1.value[3].infinite_length) + end + ++ def test_decode_constructed_overread ++ test = %w{ 31 06 31 02 30 02 05 00 } ++ # ^ <- invalid ++ raw = [test.join].pack("H*") ++ ret = [] ++ assert_raise(OpenSSL::ASN1::ASN1Error) { ++ OpenSSL::ASN1.traverse(raw) { |x| ret << x } ++ } ++ assert_equal 2, ret.size ++ assert_equal 17, ret[0][6] ++ assert_equal 17, ret[1][6] ++ ++ test = %w{ 31 80 30 03 00 00 } ++ # ^ <- invalid ++ raw = [test.join].pack("H*") ++ ret = [] ++ assert_raise(OpenSSL::ASN1::ASN1Error) { ++ OpenSSL::ASN1.traverse(raw) { |x| ret << x } ++ } ++ assert_equal 1, ret.size ++ assert_equal 17, ret[0][6] ++ end ++ + private + + def assert_universal(tag, asn1) diff --git a/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch b/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch new file mode 100644 index 0000000..afd0c0b --- /dev/null +++ b/SOURCES/ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch @@ -0,0 +1,393 @@ +From 97c6e3934c68e90592f6913f68861d0dbc49c6a4 Mon Sep 17 00:00:00 2001 +From: usa +Date: Sun, 10 Sep 2017 01:10:24 +0000 +Subject: [PATCH] * lib/rubygems: fix several vulnerabilities in RubyGems; bump + to version 2.4.5.3. [Backport #13842] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 4 + + lib/rubygems/commands/query_command.rb | 5 - + lib/rubygems/installer.rb | 7 ++ + lib/rubygems/remote_fetcher.rb | 2 +- + lib/rubygems/specification.rb | 12 ++- + lib/rubygems/text.rb | 15 ++++ + test/rubygems/test_gem_commands_query_command.rb | 80 +++++++++++++++++++++++ + test/rubygems/test_gem_installer.rb | 32 +++++++++ + test/rubygems/test_gem_remote_fetcher.rb | 15 ++++ + test/rubygems/test_gem_specification.rb | 32 ++++++++- + test/rubygems/test_gem_text.rb | 11 +++ + 11 files changed, 208 insertions(+), 7 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 08bc53d050..ef36ffbd15 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,10 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Sun Sep 10 10:10:05 2017 SHIBATA Hiroshi ++ ++ * lib/rubygems: fix several vulnerabilities in RubyGems [Backport #13842] + + Thu Feb 25 19:49:31 2016 Nobuyoshi Nakada + +diff --git a/lib/rubygems/commands/query_command.rb b/lib/rubygems/commands/query_command.rb +index 432250e033..44364cfab2 100644 +--- a/lib/rubygems/commands/query_command.rb ++++ b/lib/rubygems/commands/query_command.rb +@@ -193,7 +193,7 @@ def output_versions output, versions + end + end + +- output << make_entry(matching_tuples, platforms) ++ output << clean_text(make_entry(matching_tuples, platforms)) + end + end + +@@ -311,7 +311,8 @@ def spec_platforms entry, platforms + end + + def spec_summary entry, spec +- entry << "\n\n" << format_text(spec.summary, 68, 4) ++ summary = truncate_text(spec.summary, "the summary for #{spec.full_name}") ++ entry << "\n\n" << format_text(summary, 68, 4) + end + + end +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 10fc1a34a5..a27569fe2e 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -596,6 +596,11 @@ def verify_gem_home(unpack = false) # :nodoc: + unpack or File.writable?(gem_home) + end + ++ def verify_spec_name ++ return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN ++ raise Gem::InstallError, "#{spec} has an invalid name" ++ end ++ + ## + # Return the text for an application file. + +@@ -767,6 +772,8 @@ def pre_install_checks + + ensure_loadable_spec + ++ verify_spec_name ++ + Gem.ensure_gem_subdirectories gem_home + + return true if @force +diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb +index b1f6dd17fc..2b9d61c0a1 100644 +--- a/lib/rubygems/remote_fetcher.rb ++++ b/lib/rubygems/remote_fetcher.rb +@@ -105,7 +105,7 @@ def api_endpoint(uri) + else + target = res.target.to_s.strip + +- if /\.#{Regexp.quote(host)}\z/ =~ target ++ if URI("http://" + target).host.end_with?(".#{host}") + return URI.parse "#{uri.scheme}://#{target}#{uri.path}" + end + +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index ab1cd92270..faca837128 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -107,6 +107,8 @@ class Gem::Specification < Gem::BasicSpecification + today = Time.now.utc + TODAY = Time.utc(today.year, today.month, today.day) + ++ VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc: ++ + # :startdoc: + + ## +@@ -2377,9 +2379,15 @@ def validate packaging = true + end + end + +- unless String === name then ++ if !name.is_a?(String) then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: \"#{name.inspect}\" must be a string" ++ elsif name !~ /[a-zA-Z]/ then ++ raise Gem::InvalidSpecificationException, ++ "invalid value for attribute name: #{name.dump} must include at least one letter" ++ elsif name !~ VALID_NAME_PATTERN then + raise Gem::InvalidSpecificationException, +- "invalid value for attribute name: \"#{name.inspect}\"" ++ "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores" + end + + if require_paths.empty? then +diff --git a/lib/rubygems/text.rb b/lib/rubygems/text.rb +index 5c9287ad2e..86a722ffc0 100644 +--- a/lib/rubygems/text.rb ++++ b/lib/rubygems/text.rb +@@ -5,13 +5,26 @@ + + module Gem::Text + ++ ## ++ # Remove any non-printable characters and make the text suitable for ++ # printing. ++ def clean_text(text) ++ text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze) ++ end ++ ++ def truncate_text(text, description, max_length = 100_000) ++ raise ArgumentError, "max_length must be positive" unless max_length > 0 ++ return text if text.size <= max_length ++ "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length] ++ end ++ + ## + # Wraps +text+ to +wrap+ characters and optionally indents by +indent+ + # characters + + def format_text(text, wrap, indent=0) + result = [] +- work = text.dup ++ work = clean_text(text) + + while work.length > wrap do + if work =~ /^(.{0,#{wrap}})[ \n]/ then +diff --git a/test/rubygems/test_gem_commands_query_command.rb b/test/rubygems/test_gem_commands_query_command.rb +index 43fa82571d..ccd2621874 100644 +--- a/test/rubygems/test_gem_commands_query_command.rb ++++ b/test/rubygems/test_gem_commands_query_command.rb +@@ -127,6 +127,86 @@ def test_execute_details + This is a lot of text. This is a lot of text. This is a lot of text. + This is a lot of text. + ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_cleans_text ++ @a2.summary = 'This is a lot of text. ' * 4 ++ @a2.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ @a2.homepage = "http://a.example.com/\x03" ++ ++ @pl1.platform = Gem::Platform.new 'i386-linux' ++ @pl1.instance_variable_set :@original_platform, 'i386-linux' ++ ++ util_clear_gems ++ util_setup_spec_fetcher @a2, @pl1 ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ This is a lot of text. This is a lot of text. This is a lot of text. ++ This is a lot of text. ++ ++pl (1) ++ Platform: i386-linux ++ Author: A User ++ Homepage: http://example.com ++ ++ this is a summary ++ EOF ++ ++ assert_equal expected, @ui.output ++ assert_equal '', @ui.error ++ end ++ ++ def test_execute_details_truncates_summary ++ @a2.summary = 'This is a lot of text. ' * 10_000 ++ @a2.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"] ++ @a2.homepage = "http://a.example.com/\x03" ++ ++ @pl1.platform = Gem::Platform.new 'i386-linux' ++ @pl1.instance_variable_set :@original_platform, 'i386-linux' ++ ++ util_clear_gems ++ util_setup_spec_fetcher @a2, @pl1 ++ ++ @cmd.handle_options %w[-r -d] ++ ++ use_ui @ui do ++ @cmd.execute ++ end ++ ++ expected = <<-EOF ++ ++*** REMOTE GEMS *** ++ ++a (2) ++ Authors: Abraham Lincoln ., . Hirohito ++ Homepage: http://a.example.com/. ++ ++ Truncating the summary for a-2 to 100,000 characters: ++#{" This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449} This is a lot of te ++ + pl (1) + Platform: i386-linux + Author: A User +diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb +index 6f8012feb8..0a439cdf3d 100644 +--- a/test/rubygems/test_gem_installer.rb ++++ b/test/rubygems/test_gem_installer.rb +@@ -1190,6 +1190,38 @@ def test_pre_install_checks_wrong_rubygems_version + end + end + ++ def test_pre_install_checks_malicious_name ++ spec = Gem::Specification.new do |s| ++ s.platform = Gem::Platform::RUBY ++ s.name = '../malicious' ++ s.version = '1' ++ s.author = 'A User' ++ s.email = 'example@example.com' ++ s.homepage = 'http://example.com' ++ s.summary = "this is a summary" ++ s.description = "This is a test description" ++ end ++ ++ Gem::Specification.reset ++ ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate; end ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal '# has an invalid name', e.message ++ end ++ end ++ + def test_shebang + util_make_exec @spec, "#!/usr/bin/ruby" + +diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb +index 63dd8feb38..ca4627810b 100644 +--- a/test/rubygems/test_gem_remote_fetcher.rb ++++ b/test/rubygems/test_gem_remote_fetcher.rb +@@ -191,6 +191,21 @@ def test_api_endpoint + dns.verify + end + ++ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path ++ uri = URI.parse "http://example.com/foo" ++ target = MiniTest::Mock.new ++ target.expect :target, "evil.com/a.example.com" ++ ++ dns = MiniTest::Mock.new ++ dns.expect :getresource, target, [String, Object] ++ ++ fetch = Gem::RemoteFetcher.new nil, dns ++ assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri) ++ ++ target.verify ++ dns.verify ++ end ++ + def test_api_endpoint_ignores_trans_domain_values + uri = URI.parse "http://gems.example.com/foo" + target = MiniTest::Mock.new +diff --git a/test/rubygems/test_gem_specification.rb b/test/rubygems/test_gem_specification.rb +index 3cadc55d5d..4f7076a03a 100644 +--- a/test/rubygems/test_gem_specification.rb ++++ b/test/rubygems/test_gem_specification.rb +@@ -1598,7 +1598,37 @@ def test_validate_name + @a1.validate + end + +- assert_equal 'invalid value for attribute name: ":json"', e.message ++ assert_equal 'invalid value for attribute name: ":json" must be a string', e.message ++ ++ @a1.name = [] ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message ++ ++ @a1.name = "" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message ++ ++ @a1.name = "12345" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message ++ ++ @a1.name = "../malicious" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message ++ ++ @a1.name = "\ba\t" ++ e = assert_raises Gem::InvalidSpecificationException do ++ @a1.validate ++ end ++ assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message + end + + def test_validate_non_nil +diff --git a/test/rubygems/test_gem_text.rb b/test/rubygems/test_gem_text.rb +index e5cfc41e61..9b270b481b 100644 +--- a/test/rubygems/test_gem_text.rb ++++ b/test/rubygems/test_gem_text.rb +@@ -35,6 +35,10 @@ def test_format_text_trailing # for two spaces after . + assert_equal expected, format_text(text, 78) + end + ++ def test_format_removes_nonprintable_characters ++ assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40) ++ end ++ + def test_levenshtein_distance_add + assert_equal 2, levenshtein_distance("zentest", "zntst") + assert_equal 2, levenshtein_distance("zntst", "zentest") +@@ -55,4 +59,11 @@ def test_levenshtein_distance_replace + assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest") + assert_equal 7, levenshtein_distance("zentest", "xxxxxxx") + end ++ ++ def test_truncate_text ++ assert_equal "abc", truncate_text("abc", "desc") ++ assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2) ++ s = "ab" * 500_001 ++ assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) ++ end + end +-- +2.15.1 + diff --git a/SOURCES/ruby-2.2.8-sanitize-any-type-of-logs.patch b/SOURCES/ruby-2.2.8-sanitize-any-type-of-logs.patch new file mode 100644 index 0000000..bcaa558 --- /dev/null +++ b/SOURCES/ruby-2.2.8-sanitize-any-type-of-logs.patch @@ -0,0 +1,164 @@ +From 8a81d04d2588d9c7a898473b431a0dabcab39fbd Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Sep 2017 11:37:47 +0000 +Subject: [PATCH] merge revision(s) 59897: + + lib/webrick/log.rb: sanitize any type of logs + + It had failed to sanitize some type of exception messages. Reported and + patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363 + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@59902 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 7 +++++++ + lib/webrick/httpstatus.rb | 4 ---- + lib/webrick/log.rb | 4 ++-- + test/webrick/test_httpauth.rb | 36 ++++++++++++++++++++++++++++++++++++ + 4 files changed, 45 insertions(+), 6 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index a4594f678f8c..7561c35eb705 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -4,6 +4,13 @@ + protocol list. + The protocol list from OpenSSL is not null-terminated. + patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082] ++ ++Thu Sep 14 20:36:54 2017 Yusuke Endoh ++ ++ lib/webrick/log.rb: sanitize any type of logs ++ ++ It had failed to sanitize some type of exception messages. Reported and ++ patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363 + + Thu Sep 14 20:33:52 2017 Nobuyoshi Nakada + +diff --git a/lib/webrick/httpstatus.rb b/lib/webrick/httpstatus.rb +index 7ffda64cf0f9..5dc136f88f70 100644 +--- a/lib/webrick/httpstatus.rb ++++ b/lib/webrick/httpstatus.rb +@@ -20,10 +20,6 @@ module HTTPStatus + ## + # Root of the HTTP status class hierarchy + class Status < StandardError +- def initialize(*args) # :nodoc: +- args[0] = AccessLog.escape(args[0]) unless args.empty? +- super(*args) +- end + class << self + attr_reader :code, :reason_phrase # :nodoc: + end +diff --git a/lib/webrick/log.rb b/lib/webrick/log.rb +index 41cde4a74084..4f069ac0c549 100644 +--- a/lib/webrick/log.rb ++++ b/lib/webrick/log.rb +@@ -117,10 +117,10 @@ def debug?; @level >= DEBUG; end + # * Otherwise it will return +arg+.inspect. + def format(arg) + if arg.is_a?(Exception) +- "#{arg.class}: #{arg.message}\n\t" << ++ "#{arg.class}: #{AccessLog.escape(arg.message)}\n\t" << + arg.backtrace.join("\n\t") << "\n" + elsif arg.respond_to?(:to_str) +- arg.to_str ++ AccessLog.escape(arg.to_str) + else + arg.inspect + end +diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb +index 27c37f36770b..0aebb7a231c7 100644 +--- a/test/webrick/test_httpauth.rb ++++ b/test/webrick/test_httpauth.rb +@@ -79,6 +79,43 @@ def test_basic_auth3 + WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) + } + tmpfile.close(true) ++ end ++ ++ def test_bad_username_with_control_characters ++ log_tester = lambda {|log, access_log| ++ assert_equal(2, log.length) ++ assert_match(/ERROR Basic WEBrick's realm: foo\\ebar: the user is not allowed./, log[0]) ++ assert_match(/ERROR WEBrick::HTTPStatus::Unauthorized/, log[1]) ++ } ++ TestWEBrick.start_httpserver_with_log({}, log_tester) {|server, addr, port, log| ++ realm = "WEBrick's realm" ++ path = "/basic_auth" ++ ++ Tempfile.open("test_webrick_auth") {|tmpfile| ++ tmpfile.close ++ tmp_pass = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) ++ tmp_pass.set_passwd(realm, "webrick", "supersecretpassword") ++ tmp_pass.set_passwd(realm, "foo", "supersecretpassword") ++ tmp_pass.flush ++ ++ htpasswd = WEBrick::HTTPAuth::Htpasswd.new(tmpfile.path) ++ users = [] ++ htpasswd.each{|user, pass| users << user } ++ server.mount_proc(path){|req, res| ++ auth = WEBrick::HTTPAuth::BasicAuth.new( ++ :Realm => realm, :UserDB => htpasswd, ++ :Logger => server.logger ++ ) ++ auth.authenticate(req, res) ++ res.body = "hoge" ++ } ++ http = Net::HTTP.new(addr, port) ++ g = Net::HTTP::Get.new(path) ++ g.basic_auth("foo\ebar", "passwd") ++ http.request(g){|res| assert_not_equal("hoge", res.body, log.call) } ++ File.unlink tmpfile.path rescue nil ++ } ++ } + end + + DIGESTRES_ = / +diff --git a/test/webrick/utils.rb b/test/webrick/utils.rb +index e1c2344fb1aa..0e94ad34da71 100644 +--- a/test/webrick/utils.rb ++++ b/test/webrick/utils.rb +@@ -54,4 +54,43 @@ + def start_httpproxy(config={}, &block) + start_server(WEBrick::HTTPProxyServer, config, &block) + end ++ ++ DefaultLogTester = lambda {|log, access_log| assert_equal([], log) } ++ ++ def start_server_with_log(klass, config={}, log_tester=DefaultLogTester, &block) ++ log_ary = [] ++ access_log_ary = [] ++ log = proc { "webrick log start:\n" + (log_ary+access_log_ary).join.gsub(/^/, " ").chomp + "\nwebrick log end" } ++ server = klass.new({ ++ :BindAddress => "127.0.0.1", :Port => 0, ++ :ServerType => Thread, ++ :Logger => WEBrick::Log.new(log_ary, WEBrick::BasicLog::WARN), ++ :AccessLog => [[access_log_ary, ""]] ++ }.update(config)) ++ server_thread = server.start ++ server_thread2 = Thread.new { ++ server_thread.join ++ if log_tester ++ log_tester.call(log_ary, access_log_ary) ++ end ++ } ++ addr = server.listeners[0].addr ++ client_thread = Thread.new { ++ begin ++ block.yield([server, addr[3], addr[1], log]) ++ ensure ++ server.shutdown ++ end ++ } ++ client_thread.join ++ server_thread2.join ++ end ++ ++ def start_httpserver_with_log(config={}, log_tester=DefaultLogTester, &block) ++ start_server_with_log(WEBrick::HTTPServer, config, log_tester, &block) ++ end ++ ++ def start_httpproxy_with_log(config={}, log_tester=DefaultLogTester, &block) ++ start_server_with_log(WEBrick::HTTPProxyServer, config, log_tester, &block) ++ end + end diff --git a/SOURCES/ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch b/SOURCES/ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch new file mode 100644 index 0000000..77b0edf --- /dev/null +++ b/SOURCES/ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch @@ -0,0 +1,386 @@ +From 0207c68ea39b74fc99e445231c1ac08ad5406720 Mon Sep 17 00:00:00 2001 +From: usa +Date: Thu, 14 Dec 2017 13:53:48 +0000 +Subject: [PATCH 1/2] merge revision(s) 61242: [Backport #14185] + + Fix a command injection vulnerability in Net::FTP. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@61246 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 4 + + lib/net/ftp.rb | 10 +- + test/net/ftp/test_ftp.rb | 234 +++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 243 insertions(+), 5 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 177ff95c8b..ecff5aff99 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,7 @@ ++Thu Dec 14 22:52:11 2017 Shugo Maeda ++ ++ Fix a command injection vulnerability in Net::FTP. ++ + Tue Nov 15 15:29:36 2016 NARUSE, Yui + + * ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing +diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb +index c9b80c6804..79edb80864 100644 +--- a/lib/net/ftp.rb ++++ b/lib/net/ftp.rb +@@ -607,10 +607,10 @@ module Net + if localfile + if @resume + rest_offset = File.size?(localfile) +- f = open(localfile, "a") ++ f = File.open(localfile, "a") + else + rest_offset = nil +- f = open(localfile, "w") ++ f = File.open(localfile, "w") + end + elsif !block_given? + result = "" +@@ -638,7 +638,7 @@ module Net + def gettextfile(remotefile, localfile = File.basename(remotefile)) # :yield: line + result = nil + if localfile +- f = open(localfile, "w") ++ f = File.open(localfile, "w") + elsif !block_given? + result = "" + end +@@ -684,7 +684,7 @@ module Net + else + rest_offset = nil + end +- f = open(localfile) ++ f = File.open(localfile) + begin + f.binmode + if rest_offset +@@ -703,7 +703,7 @@ module Net + # passing in the transmitted data one line at a time. + # + def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line +- f = open(localfile) ++ f = File.open(localfile) + begin + storlines("STOR " + remotefile, f, &block) + ensure +diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb +index cb311695d0..91a6002c5c 100644 +--- a/test/net/ftp/test_ftp.rb ++++ b/test/net/ftp/test_ftp.rb +@@ -2,6 +2,7 @@ require "net/ftp" + require "test/unit" + require "ostruct" + require "stringio" ++require "tmpdir" + + class FTPTest < Test::Unit::TestCase + SERVER_ADDR = "127.0.0.1" +@@ -783,6 +784,227 @@ class FTPTest < Test::Unit::TestCase + end + end + ++ def test_getbinaryfile_command_injection ++ skip "| is not allowed in filename on Windows" if windows? ++ [false, true].each do |resume| ++ commands = [] ++ binary_data = (0..0xff).map {|i| i.chr}.join * 4 * 3 ++ server = create_ftp_server { |sock| ++ sock.print("220 (test_ftp).\r\n") ++ commands.push(sock.gets) ++ sock.print("331 Please specify the password.\r\n") ++ commands.push(sock.gets) ++ sock.print("230 Login successful.\r\n") ++ commands.push(sock.gets) ++ sock.print("200 Switching to Binary mode.\r\n") ++ line = sock.gets ++ commands.push(line) ++ host, port = process_port_or_eprt(sock, line) ++ commands.push(sock.gets) ++ sock.print("150 Opening BINARY mode data connection for |echo hello (#{binary_data.size} bytes)\r\n") ++ conn = TCPSocket.new(host, port) ++ binary_data.scan(/.{1,1024}/nm) do |s| ++ conn.print(s) ++ end ++ conn.shutdown(Socket::SHUT_WR) ++ conn.read ++ conn.close ++ sock.print("226 Transfer complete.\r\n") ++ } ++ begin ++ chdir_to_tmpdir do ++ begin ++ ftp = Net::FTP.new ++ ftp.resume = resume ++ ftp.read_timeout = 0.2 ++ ftp.connect(SERVER_ADDR, server.port) ++ ftp.login ++ assert_match(/\AUSER /, commands.shift) ++ assert_match(/\APASS /, commands.shift) ++ assert_equal("TYPE I\r\n", commands.shift) ++ ftp.getbinaryfile("|echo hello") ++ assert_equal(binary_data, File.binread("./|echo hello")) ++ assert_match(/\A(PORT|EPRT) /, commands.shift) ++ assert_equal("RETR |echo hello\r\n", commands.shift) ++ assert_equal(nil, commands.shift) ++ ensure ++ ftp.close if ftp ++ end ++ end ++ ensure ++ server.close ++ end ++ end ++ end ++ ++ def test_gettextfile_command_injection ++ skip "| is not allowed in filename on Windows" if windows? ++ commands = [] ++ text_data = < +Date: Thu, 14 Dec 2017 15:08:49 +0000 +Subject: [PATCH 2/2] * test/net/ftp/test_ftp.rb (process_port_or_eprt): merge + a part of r56973 to pass the test introduced at previous commit. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_2@61255 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 5 +++++ + test/net/ftp/test_ftp.rb | 18 ++++++++++++++++++ + 2 files changed, 23 insertions(+), 0 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index ecff5aff99..d9d9629ffa 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++Fri Dec 15 00:08:26 2017 NAKAMURA Usaku ++ ++ * test/net/ftp/test_ftp.rb (process_port_or_eprt): merge a part of ++ r56973 to pass the test introduced at previous commit. ++ + Thu Dec 14 22:52:11 2017 Shugo Maeda + + Fix a command injection vulnerability in Net::FTP. +diff --git a/test/net/ftp/test_ftp.rb b/test/net/ftp/test_ftp.rb +index 91a6002c5c..52e5873d61 100644 +--- a/test/net/ftp/test_ftp.rb ++++ b/test/net/ftp/test_ftp.rb +@@ -1044,4 +1044,22 @@ EOF + end + end + end ++ ++ def process_port_or_eprt(sock, line) ++ case line ++ when /\APORT (.*)/ ++ port_args = $1.split(/,/) ++ host = port_args[0, 4].join(".") ++ port = port_args[4, 2].map(&:to_i).inject {|x, y| (x << 8) + y} ++ sock.print("200 PORT command successful.\r\n") ++ return host, port ++ when /\AEPRT \|2\|(.*?)\|(.*?)\|/ ++ host = $1 ++ port = $2.to_i ++ sock.print("200 EPRT command successful.\r\n") ++ return host, port ++ else ++ flunk "PORT or EPRT expected" ++ end ++ end + end +-- +2.15.1 + diff --git a/SOURCES/ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch b/SOURCES/ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch new file mode 100644 index 0000000..e067cbd --- /dev/null +++ b/SOURCES/ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch @@ -0,0 +1,30 @@ +From 6398515adfc86813686605019a3e22d49cd95517 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Fri, 19 Jun 2015 06:04:00 +0000 +Subject: [PATCH] test_gem_remote_fetcher.rb: get rid of errors + +* test/rubygems/test_gem_remote_fetcher.rb (start_ssl_server): + temporary measure for "dh key too small" error of OpenSSL + 1.0.2c+. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@50972 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/rubygems/test_gem_remote_fetcher.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/rubygems/test_gem_remote_fetcher.rb b/test/rubygems/test_gem_remote_fetcher.rb +index 6b29e18..63dd8fe 100644 +--- a/test/rubygems/test_gem_remote_fetcher.rb ++++ b/test/rubygems/test_gem_remote_fetcher.rb +@@ -979,7 +979,7 @@ + end + + DIR = File.expand_path(File.dirname(__FILE__)) +- DH_PARAM = OpenSSL::PKey::DH.new(128) ++ DH_PARAM = OpenSSL::PKey::DH.new(2048) + + def start_ssl_server(config = {}) + null_logger = NilLog.new +-- +2.4.3 + diff --git a/SOURCES/ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch b/SOURCES/ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch new file mode 100644 index 0000000..dde5de6 --- /dev/null +++ b/SOURCES/ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch @@ -0,0 +1,60 @@ +From c5c60ded6dbb6256640b0308a45c42da8c7fe071 Mon Sep 17 00:00:00 2001 +From: akr +Date: Fri, 22 Apr 2016 12:20:06 +0000 +Subject: [PATCH] * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow + removed to avoid test failures due to the tzdata change. + https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 + Found by naruse. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@54706 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 7 +++++++ + test/ruby/test_time_tz.rb | 13 ------------- + 2 files changed, 7 insertions(+), 13 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 3b96a9b..965f296 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++Fri Apr 22 21:00:44 2016 Tanaka Akira ++ ++ * test/ruby/test_time_tz.rb: Tests depends on Europe/Moscow removed ++ to avoid test failures due to the tzdata change. ++ https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 ++ Found by naruse. ++ + Wed Dec 16 21:16:55 2015 CHIKANAGA Tomoyuki + + * ext/fiddle/handle.c: check tainted string arguments. +diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb +index f5d4690..b40b1ac 100644 +--- a/test/ruby/test_time_tz.rb ++++ b/test/ruby/test_time_tz.rb +@@ -161,13 +161,6 @@ def test_europe_lisbon + } + end if has_lisbon_tz + +- def test_europe_moscow +- with_tz(tz="Europe/Moscow") { +- assert_time_constructor(tz, "1992-03-29 00:00:00 +0400", :local, [1992,3,28,23,0,0]) +- assert_time_constructor(tz, "1992-03-29 00:59:59 +0400", :local, [1992,3,28,23,59,59]) +- } +- end +- + def test_pacific_kiritimati + with_tz(tz="Pacific/Kiritimati") { + assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59]) +@@ -346,12 +339,6 @@ def self.gen_zdump_test(data) + Europe/London Sun Aug 10 01:00:00 1947 UTC = Sun Aug 10 02:00:00 1947 BST isdst=1 gmtoff=3600 + Europe/London Sun Nov 2 01:59:59 1947 UTC = Sun Nov 2 02:59:59 1947 BST isdst=1 gmtoff=3600 + Europe/London Sun Nov 2 02:00:00 1947 UTC = Sun Nov 2 02:00:00 1947 GMT isdst=0 gmtoff=0 +-Europe/Moscow Sat Jan 18 23:59:59 1992 UTC = Sun Jan 19 01:59:59 1992 MSK isdst=0 gmtoff=7200 +-Europe/Moscow Sun Jan 19 00:00:00 1992 UTC = Sun Jan 19 03:00:00 1992 MSK isdst=0 gmtoff=10800 +-Europe/Moscow Sat Mar 28 19:59:59 1992 UTC = Sat Mar 28 22:59:59 1992 MSK isdst=0 gmtoff=10800 +-Europe/Moscow Sat Mar 28 20:00:00 1992 UTC = Sun Mar 29 00:00:00 1992 MSD isdst=1 gmtoff=14400 +-Europe/Moscow Sat Sep 26 18:59:59 1992 UTC = Sat Sep 26 22:59:59 1992 MSD isdst=1 gmtoff=14400 +-Europe/Moscow Sat Sep 26 19:00:00 1992 UTC = Sat Sep 26 22:00:00 1992 MSK isdst=0 gmtoff=10800 + Pacific/Kiritimati Sun Jan 1 09:59:59 1995 UTC = Sat Dec 31 23:59:59 1994 LINT isdst=0 gmtoff=-36000 + Pacific/Kiritimati Sun Jan 1 10:00:00 1995 UTC = Mon Jan 2 00:00:00 1995 LINT isdst=0 gmtoff=50400 + End diff --git a/SOURCES/ruby-2.3.8-fix-flags-not-propagated-in-array-pack-and-string-unpack.patch b/SOURCES/ruby-2.3.8-fix-flags-not-propagated-in-array-pack-and-string-unpack.patch new file mode 100644 index 0000000..76da5d6 --- /dev/null +++ b/SOURCES/ruby-2.3.8-fix-flags-not-propagated-in-array-pack-and-string-unpack.patch @@ -0,0 +1,106 @@ +From 216e73a58ed85014d547cbc89006ff2a987bab1f Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 17 Oct 2018 15:09:24 +0000 +Subject: [PATCH] merge revision(s) 65125: + + infect taint flag on Array#pack and String#unpack + with the directives "B", "b", "H" and "h". + + * pack.c (pack_pack, pack_unpack_internal): infect taint flag. + + * test/ruby/test_pack.rb: add test for above. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@65130 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + pack.c | 8 ++++++++ + test/ruby/test_pack.rb | 15 +++++++++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/pack.c b/pack.c +index d304dd2eea..b64c0f64cb 100644 +--- a/pack.c ++++ b/pack.c +@@ -944,6 +944,7 @@ pack_pack(VALUE ary, VALUE fmt) + StringValue(from); + ptr = RSTRING_PTR(from); + plen = RSTRING_LEN(from); ++ OBJ_INFECT(res, from); + + if (len == 0 && type == 'm') { + encodes(res, ptr, plen, type, 0); +@@ -971,6 +972,7 @@ pack_pack(VALUE ary, VALUE fmt) + + case 'M': /* quoted-printable encoded string */ + from = rb_obj_as_string(NEXTFROM); ++ OBJ_INFECT(res, from); + if (len <= 1) + len = 72; + qpencode(res, from, len); +@@ -996,6 +998,8 @@ pack_pack(VALUE ary, VALUE fmt) + } + else { + t = StringValuePtr(from); ++ OBJ_INFECT(res, from); ++ rb_obj_taint(from); + } + if (!associates) { + associates = rb_ary_new(); +@@ -1487,6 +1491,7 @@ pack_unpack(VALUE str, VALUE fmt) + len = (send - s) * 8; + bits = 0; + UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len)); ++ OBJ_INFECT(bitstr, str); + t = RSTRING_PTR(bitstr); + for (i=0; i>= 1; +@@ -1507,6 +1512,7 @@ pack_unpack(VALUE str, VALUE fmt) + len = (send - s) * 8; + bits = 0; + UNPACK_PUSH(bitstr = rb_usascii_str_new(0, len)); ++ OBJ_INFECT(bitstr, str); + t = RSTRING_PTR(bitstr); + for (i=0; i +Date: Wed, 28 Mar 2018 10:37:07 +0000 +Subject: [PATCH] pack.c: fix underflow + +* pack.c (pack_unpack_internal): get rid of underflow. + https://hackerone.com/reports/298246 + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@62997 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + pack.c | 2 +- + test/ruby/test_pack.rb | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/pack.c b/pack.c +index 487fdf82fa..d304dd2eea 100644 +--- a/pack.c ++++ b/pack.c +@@ -1430,7 +1430,7 @@ pack_unpack(VALUE str, VALUE fmt) + else if (ISDIGIT(*p)) { + errno = 0; + len = STRTOUL(p, (char**)&p, 10); +- if (errno) { ++ if (len < 0 || errno) { + rb_raise(rb_eRangeError, "pack length too big"); + } + } +diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb +index f51d0b44e4..8ca34051a9 100644 +--- a/test/ruby/test_pack.rb ++++ b/test/ruby/test_pack.rb +@@ -471,6 +471,9 @@ class TestPack < Test::Unit::TestCase + assert_equal([1, 2], "\x01\x00\x00\x02".unpack("C@3C")) + assert_equal([nil], "\x00".unpack("@1C")) # is it OK? + assert_raise(ArgumentError) { "\x00".unpack("@2C") } ++ ++ pos = (1 << [nil].pack("p").bytesize * 8) - 100 # -100 ++ assert_raise(RangeError) {"0123456789".unpack("@#{pos}C10")} + end + + def test_pack_unpack_percent +-- +2.17.1 + diff --git a/SOURCES/ruby-2.3.8-rubygems-2.7.6-a-safe-mkdir-to-verify-inside-destination-dir.patch b/SOURCES/ruby-2.3.8-rubygems-2.7.6-a-safe-mkdir-to-verify-inside-destination-dir.patch new file mode 100644 index 0000000..3780572 --- /dev/null +++ b/SOURCES/ruby-2.3.8-rubygems-2.7.6-a-safe-mkdir-to-verify-inside-destination-dir.patch @@ -0,0 +1,79 @@ +diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb +index 13eb25bd26..9b1cb3a142 100644 +--- a/lib/rubygems/package.rb ++++ b/lib/rubygems/package.rb +@@ -332,7 +332,16 @@ EOM + + FileUtils.rm_rf destination + +- FileUtils.mkdir_p File.dirname destination ++ mkdir_options = {} ++ mkdir_options[:mode] = entry.header.mode if entry.directory? ++ mkdir = ++ if entry.directory? then ++ destination ++ else ++ File.dirname destination ++ end ++ ++ mkdir_p_safe mkdir, mkdir_options, destination_dir, entry.full_name + + open destination, 'wb', entry.header.mode do |out| + out.write entry.read +@@ -367,12 +376,9 @@ EOM + raise Gem::Package::PathError.new(filename, destination_dir) if + filename.start_with? '/' + +- destination_dir = File.realpath destination_dir if +- File.respond_to? :realpath ++ destination_dir = realpath destination_dir + + destination = File.join destination_dir, filename +- destination = File.realpath destination if +- File.respond_to? :realpath + destination = File.expand_path destination + + raise Gem::Package::PathError.new(destination, destination_dir) unless +@@ -382,6 +388,22 @@ EOM + destination + end + ++ def mkdir_p_safe mkdir, mkdir_options, destination_dir, file_name ++ destination_dir = realpath File.expand_path(destination_dir) ++ parts = mkdir.split(File::SEPARATOR) ++ parts.reduce do |path, basename| ++ path = realpath path unless path == "" ++ path = File.expand_path(path + File::SEPARATOR + basename) ++ lstat = File.lstat path rescue nil ++ if !lstat || !lstat.directory? ++ unless path.start_with? destination_dir and (FileUtils.mkdir path, mkdir_options rescue false) ++ raise Gem::Package::PathError.new(file_name, destination_dir) ++ end ++ end ++ path ++ end ++ end ++ + ## + # Loads a Gem::Specification from the TarEntry +entry+ + +@@ -560,6 +582,16 @@ EOM + raise Gem::Package::FormatError.new(e.message, entry.full_name) + end + ++ if File.respond_to? :realpath ++ def realpath file ++ File.realpath file ++ end ++ else ++ def realpath file ++ file ++ end ++ end ++ + end + + require 'rubygems/package/digest_io' +-- +2.20.1 + diff --git a/SOURCES/ruby-2.3.8-rubygems-2.7.6-fix-unsafe-object-deserialization.patch b/SOURCES/ruby-2.3.8-rubygems-2.7.6-fix-unsafe-object-deserialization.patch new file mode 100644 index 0000000..1e845e5 --- /dev/null +++ b/SOURCES/ruby-2.3.8-rubygems-2.7.6-fix-unsafe-object-deserialization.patch @@ -0,0 +1,81 @@ +From dcd09da317d9710c61000dbda5df2c9a6d59b1fb Mon Sep 17 00:00:00 2001 +From: usa +Date: Fri, 16 Feb 2018 16:21:44 +0000 +Subject: [PATCH] Fix Unsafe Object Deserialization Vulnerability in gem owner. + +merge revision(s) 58471,58493,62436: [Backport #13505] + + load.c: backtrace of circular require + + * load.c (load_lock): print backtrace of circular require via + `Warning.warn` [ruby-core:80850] [Bug #13505] + + Send the backtrace of the circular require warning as a single String to Warning.warn + + * load.c: send as a single string. + * error.c: expose the string formatted by rb_warning as rb_warning_string(). + * test/ruby/test_exception.rb: update tests. + [ruby-core:80850] [Bug #13505] + + fix regexp literal warning. + + * test/rubygems/test_gem_server.rb: eliminate duplicated character class warning. + [Bug #14481] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@62439 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/rubygems/commands/owner_command.rb | 2 +- + .../test_gem_commands_owner_command.rb | 24 +++++++++++++++++++ + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/lib/rubygems/commands/owner_command.rb b/lib/rubygems/commands/owner_command.rb +index 11e6e026fd..df64f41e59 100644 +--- a/lib/rubygems/commands/owner_command.rb ++++ b/lib/rubygems/commands/owner_command.rb +@@ -48,7 +48,7 @@ class Gem::Commands::OwnerCommand < Gem::Command + end + + with_response response do |resp| +- owners = YAML.load resp.body ++ owners = Gem::SafeYAML.load resp.body + + say "Owners for gem: #{name}" + owners.each do |owner| +diff --git a/test/rubygems/test_gem_commands_owner_command.rb b/test/rubygems/test_gem_commands_owner_command.rb +index dfbc2572dc..22272d4a22 100644 +--- a/test/rubygems/test_gem_commands_owner_command.rb ++++ b/test/rubygems/test_gem_commands_owner_command.rb +@@ -34,6 +34,30 @@ EOF + assert_match %r{- user2@example.com}, @ui.output + end + ++ def test_show_owners_dont_load_objects ++ skip "testing a psych-only API" unless defined?(::Psych::DisallowedClass) ++ ++ response = < +Date: Sat, 13 Feb 2016 08:12:21 +0000 +Subject: [PATCH] no_proxy with whitespaces and leading dots + +* lib/uri/generic.rb (find_proxy): exclude white-spaces and allow + for a leading dot in the domain name in no_proxy. + [ruby-core:54542] [Feature #8317] + +The previous implementation wouldn't allow for white-spaces nor a leading dot +in the domain name. The latter is described in the wget documentation as a valid case. + +By being more strict on the characters, which are counted to a domainname, +we allow for white-spaces. +Also, a possible leading dot will be handled gracefully. + +[Fix GH-285] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@53816 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 6 ++++++ + lib/uri/generic.rb | 2 +- + test/uri/test_generic.rb | 4 ++++ + 3 files changed, 11 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 2945679..44116e0 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,9 @@ ++Sat Feb 13 17:11:58 2016 Fabian Wiesel ++ ++ * lib/uri/generic.rb (find_proxy): exclude white-spaces and allow ++ for a leading dot in the domain name in no_proxy. ++ [ruby-core:54542] [Feature #8317] ++ + Sat Nov 30 13:28:13 2013 Nobuyoshi Nakada + + * siphash.c (sip_hash24): fix for aligned word access little endian +diff --git a/lib/uri/generic.rb b/lib/uri/generic.rb +index aba54c1..f2a2d56 100644 +--- a/lib/uri/generic.rb ++++ b/lib/uri/generic.rb +@@ -1662,7 +1662,7 @@ def find_proxy + + name = 'no_proxy' + if no_proxy = ENV[name] || ENV[name.upcase] +- no_proxy.scan(/([^:,]*)(?::(\d+))?/) {|host, port| ++ no_proxy.scan(/(?!\.)([^:,\s]+)(?::(\d+))?/) {|host, port| + if /(\A|\.)#{Regexp.quote host}\z/i =~ self.host && + (!port || self.port == port.to_i) + return nil +diff --git a/test/uri/test_generic.rb b/test/uri/test_generic.rb +index fcfe1f9..ad189fc 100644 +--- a/test/uri/test_generic.rb ++++ b/test/uri/test_generic.rb +@@ -773,6 +773,14 @@ def test_find_proxy + assert_equal(URI('http://127.0.0.1:8080'), URI("http://192.0.2.1/").find_proxy) + assert_nil(URI("http://192.0.2.2/").find_proxy) + } ++ with_env('http_proxy'=>'http://127.0.0.1:8080', 'no_proxy'=>'example.org') { ++ assert_nil(URI("http://example.org/").find_proxy) ++ assert_nil(URI("http://www.example.org/").find_proxy) ++ } ++ with_env('http_proxy'=>'http://127.0.0.1:8080', 'no_proxy'=>'.example.org') { ++ assert_nil(URI("http://example.org/").find_proxy) ++ assert_nil(URI("http://www.example.org/").find_proxy) ++ } + with_env('http_proxy'=>'') { + assert_nil(URI("http://192.0.2.1/").find_proxy) + assert_nil(URI("ftp://192.0.2.1/").find_proxy) diff --git a/SOURCES/ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch b/SOURCES/ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch new file mode 100644 index 0000000..d448d91 --- /dev/null +++ b/SOURCES/ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch @@ -0,0 +1,147 @@ +From 1281e56682692859e726e24fff30e44aac6f948b Mon Sep 17 00:00:00 2001 +From: nagachika +Date: Wed, 11 Oct 2017 13:48:14 +0000 +Subject: [PATCH] merge revision(s) 60149: [Backport #14003] + + Merge rubygems-2.6.14 changes. + + It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@60168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/rubygems.rb | 5 +++-- + lib/rubygems/config_file.rb | 2 +- + lib/rubygems/package.rb | 2 +- + lib/rubygems/package/old.rb | 2 +- + lib/rubygems/safe_yaml.rb | 48 +++++++++++++++++++++++++++++++++++++++++++ + lib/rubygems/specification.rb | 2 +- + 6 files changed, 55 insertions(+), 6 deletions(-) + create mode 100644 lib/rubygems/safe_yaml.rb + +diff --git a/lib/rubygems.rb b/lib/rubygems.rb +index 55aa85b8b2bd..0685bcb3c629 100644 +--- a/lib/rubygems.rb ++++ b/lib/rubygems.rb +@@ -574,7 +574,7 @@ def self.load_yaml + + unless test_syck + begin +- gem 'psych', '~> 1.2', '>= 1.2.1' ++ gem 'psych', '>= 2.0.0' + rescue Gem::LoadError + # It's OK if the user does not have the psych gem installed. We will + # attempt to require the stdlib version +@@ -598,6 +598,7 @@ def self.load_yaml + end + + require 'yaml' ++ require 'rubygems/safe_yaml' + + # If we're supposed to be using syck, then we may have to force + # activate it via the YAML::ENGINE API. +diff --git a/lib/rubygems/config_file.rb b/lib/rubygems/config_file.rb +index c95d7dd1f14e..63583b361615 100644 +--- a/lib/rubygems/config_file.rb ++++ b/lib/rubygems/config_file.rb +@@ -316,7 +316,7 @@ def load_file(filename) + return {} unless filename and File.exist? filename + + begin +- content = YAML.load(File.read(filename)) ++ content = Gem::SafeYAML.load(File.read(filename)) + unless content.kind_of? Hash + warn "Failed to load #{filename} because it doesn't contain valid YAML hash" + return {} +diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb +index c36e71d800a2..77811ed5ecaa 100644 +--- a/lib/rubygems/package.rb ++++ b/lib/rubygems/package.rb +@@ -418,7 +418,7 @@ def read_checksums gem + + @checksums = gem.seek 'checksums.yaml.gz' do |entry| + Zlib::GzipReader.wrap entry do |gz_io| +- YAML.load gz_io.read ++ Gem::SafeYAML.safe_load gz_io.read + end + end + end +diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb +index 5e722baa3540..071f7141ab78 100644 +--- a/lib/rubygems/package/old.rb ++++ b/lib/rubygems/package/old.rb +@@ -100,7 +100,7 @@ def file_list io # :nodoc: + header << line + end + +- YAML.load header ++ Gem::SafeYAML.safe_load header + end + + ## +diff --git a/lib/rubygems/safe_yaml.rb b/lib/rubygems/safe_yaml.rb +new file mode 100644 +index 000000000000..b98cfaa5e60d +--- /dev/null ++++ b/lib/rubygems/safe_yaml.rb +@@ -0,0 +1,48 @@ ++module Gem ++ ++ ### ++ # This module is used for safely loading YAML specs from a gem. The ++ # `safe_load` method defined on this module is specifically designed for ++ # loading Gem specifications. For loading other YAML safely, please see ++ # Psych.safe_load ++ ++ module SafeYAML ++ WHITELISTED_CLASSES = %w( ++ Symbol ++ Time ++ Date ++ Gem::Dependency ++ Gem::Platform ++ Gem::Requirement ++ Gem::Specification ++ Gem::Version ++ Gem::Version::Requirement ++ YAML::Syck::DefaultKey ++ Syck::DefaultKey ++ ) ++ ++ WHITELISTED_SYMBOLS = %w( ++ development ++ runtime ++ ) ++ ++ if ::YAML.respond_to? :safe_load ++ def self.safe_load input ++ ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true) ++ end ++ ++ def self.load input ++ ::YAML.safe_load(input, [::Symbol]) ++ end ++ else ++ warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)." ++ def self.safe_load input, *args ++ ::YAML.load input ++ end ++ ++ def self.load input ++ ::YAML.load input ++ end ++ end ++ end ++end +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index 88e320c05ac9..40e3a70d476c 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -910,7 +910,7 @@ def self.from_yaml(input) + Gem.load_yaml + + input = normalize_yaml_input input +- spec = YAML.load input ++ spec = Gem::SafeYAML.safe_load input + + if spec && spec.class == FalseClass then + raise Gem::EndOfYAMLException diff --git a/SOURCES/ruby-2.4.6-Applied-security-patches-for-RubyGems.patch b/SOURCES/ruby-2.4.6-Applied-security-patches-for-RubyGems.patch new file mode 100644 index 0000000..c4f4bdd --- /dev/null +++ b/SOURCES/ruby-2.4.6-Applied-security-patches-for-RubyGems.patch @@ -0,0 +1,340 @@ +From f86e5daee790ee509cb17f4f51f95cc76ca89a4e Mon Sep 17 00:00:00 2001 +From: usa +Date: Mon, 18 Mar 2019 18:30:36 +0000 +Subject: [PATCH] Applied security patches for RubyGems + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67303 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/rubygems/command_manager.rb | 10 ++- + lib/rubygems/commands/owner_command.rb | 5 +- + lib/rubygems/gemcutter_utilities.rb | 8 +- + lib/rubygems/installer.rb | 29 +++++-- + lib/rubygems/user_interaction.rb | 8 +- + test/rubygems/test_gem_installer.rb | 108 +++++++++++++++++++++++++ + test/rubygems/test_gem_text.rb | 5 ++ + 7 files changed, 159 insertions(+), 14 deletions(-) + +diff --git a/lib/rubygems/command_manager.rb b/lib/rubygems/command_manager.rb +index 451b719c4683..d3ff6614dc47 100644 +--- a/lib/rubygems/command_manager.rb ++++ b/lib/rubygems/command_manager.rb +@@ -6,6 +6,7 @@ + + require 'rubygems/command' + require 'rubygems/user_interaction' ++require 'rubygems/text' + + ## + # The command manager registers and installs all the individual sub-commands +@@ -31,6 +32,7 @@ + + class Gem::CommandManager + ++ include Gem::Text + include Gem::UserInteraction + + ## +@@ -129,7 +131,7 @@ def command_names + def run(args, build_args=nil) + process_args(args, build_args) + rescue StandardError, Timeout::Error => ex +- alert_error "While executing gem ... (#{ex.class})\n #{ex.to_s}" ++ alert_error clean_text("While executing gem ... (#{ex.class})\n #{ex}") + ui.backtrace ex + + if Gem.configuration.really_verbose and \ +@@ -142,7 +144,7 @@ def run(args, build_args=nil) + + terminate_interaction(1) + rescue Interrupt +- alert_error "Interrupted" ++ alert_error clean_text("Interrupted") + terminate_interaction(1) + end + +@@ -162,7 +164,7 @@ def process_args(args, build_args=nil) + say Gem::VERSION + terminate_interaction 0 + when /^-/ then +- alert_error "Invalid option: #{args.first}. See 'gem --help'." ++ alert_error clean_text("Invalid option: #{args.first}. See 'gem --help'.") + terminate_interaction 1 + else + cmd_name = args.shift.downcase +@@ -211,7 +213,7 @@ def load_and_instantiate(command_name) + rescue Exception => e + e = load_error if load_error + +- alert_error "Loading command: #{command_name} (#{e.class})\n\t#{e}" ++ alert_error clean_text("Loading command: #{command_name} (#{e.class})\n\t#{e}") + ui.backtrace e + end + end +diff --git a/lib/rubygems/commands/owner_command.rb b/lib/rubygems/commands/owner_command.rb +index 2ee7f84462c1..7842a322cfce 100644 +--- a/lib/rubygems/commands/owner_command.rb ++++ b/lib/rubygems/commands/owner_command.rb +@@ -1,8 +1,11 @@ + require 'rubygems/command' + require 'rubygems/local_remote_options' + require 'rubygems/gemcutter_utilities' ++require 'rubygems/text' + + class Gem::Commands::OwnerCommand < Gem::Command ++ ++ include Gem::Text + include Gem::LocalRemoteOptions + include Gem::GemcutterUtilities + +@@ -48,7 +51,7 @@ def show_owners name + end + + with_response response do |resp| +- owners = Gem::SafeYAML.load resp.body ++ owners = Gem::SafeYAML.load clean_text(resp.body) + + say "Owners for gem: #{name}" + owners.each do |owner| +diff --git a/lib/rubygems/gemcutter_utilities.rb b/lib/rubygems/gemcutter_utilities.rb +index 7c6d6bb36404..623d9301b598 100644 +--- a/lib/rubygems/gemcutter_utilities.rb ++++ b/lib/rubygems/gemcutter_utilities.rb +@@ -1,6 +1,10 @@ + require 'rubygems/remote_fetcher' ++require 'rubygems/text' + + module Gem::GemcutterUtilities ++ ++ include Gem::Text ++ + # TODO: move to Gem::Command + OptionParser.accept Symbol do |value| + value.to_sym +@@ -93,13 +97,13 @@ def with_response response, error_prefix = nil + if block_given? then + yield resp + else +- say resp.body ++ say clean_text(resp.body) + end + else + message = resp.body + message = "#{error_prefix}: #{message}" if error_prefix + +- say message ++ say clean_text(message) + terminate_interaction 1 # TODO: question this + end + end +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 6fd3399dd44c..5818b94fb5f8 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -596,9 +596,26 @@ def verify_gem_home(unpack = false) # :nodoc: + unpack or File.writable?(gem_home) + end + +- def verify_spec_name +- return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN +- raise Gem::InstallError, "#{spec} has an invalid name" ++ def verify_spec ++ unless spec.name =~ Gem::Specification::VALID_NAME_PATTERN ++ raise Gem::InstallError, "#{spec} has an invalid name" ++ end ++ ++ if spec.require_paths.any?{|path| path =~ /\r\n|\r|\n/ } ++ raise Gem::InstallError, "#{spec} has an invalid require_paths" ++ end ++ ++ if spec.extensions.any?{|ext| ext =~ /\r\n|\r|\n/ } ++ raise Gem::InstallError, "#{spec} has an invalid extensions" ++ end ++ ++ unless spec.specification_version.to_s =~ /\A\d+\z/ ++ raise Gem::InstallError, "#{spec} has an invalid specification_version" ++ end ++ ++ if spec.dependencies.any? {|dep| dep.type =~ /\r\n|\r|\n/ || dep.name =~ /\r\n|\r|\n/ } ++ raise Gem::InstallError, "#{spec} has an invalid dependencies" ++ end + end + + ## +@@ -770,9 +787,11 @@ def dir + @security_policy = nil if + @force and @security_policy and not @security_policy.only_signed + ++ # The name and require_paths must be verified first, since it could contain ++ # ruby code that would be eval'ed in #ensure_loadable_spec ++ verify_spec ++ + ensure_loadable_spec +- +- verify_spec_name + + Gem.ensure_gem_subdirectories gem_home + +diff --git a/lib/rubygems/user_interaction.rb b/lib/rubygems/user_interaction.rb +index 390d0f2aea72..237ae2bc71c2 100644 +--- a/lib/rubygems/user_interaction.rb ++++ b/lib/rubygems/user_interaction.rb +@@ -4,11 +4,15 @@ + # See LICENSE.txt for permissions. + #++ + ++require 'rubygems/text' ++ + ## + # Module that defines the default UserInteraction. Any class including this + # module will have access to the +ui+ method that returns the default UI. + + module Gem::DefaultUserInteraction ++ ++ include Gem::Text + + ## + # The default UI is a class variable of the singleton class for this +@@ -124,8 +128,8 @@ def terminate_interaction exit_code = 0 + # Calls +say+ with +msg+ or the results of the block if really_verbose + # is true. + +- def verbose msg = nil +- say(msg || yield) if Gem.configuration.really_verbose ++ def verbose(msg = nil) ++ say(clean_text(msg || yield)) if Gem.configuration.really_verbose + end + end + +diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb +index dd049214fbb8..af4573cde8d2 100644 +--- a/test/rubygems/test_gem_installer.rb ++++ b/test/rubygems/test_gem_installer.rb +@@ -1222,6 +1222,114 @@ def spec.validate; end + end + end + ++ def test_pre_install_checks_malicious_name_before_eval ++ spec = util_spec "malicious\n::Object.const_set(:FROM_EVAL, true)#", '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate(*args); end ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal "# has an invalid name", e.message ++ end ++ refute defined?(::Object::FROM_EVAL) ++ end ++ ++ def test_pre_install_checks_malicious_require_paths_before_eval ++ spec = util_spec "malicious", '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate(*args); end ++ spec.require_paths = ["malicious\n``"] ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal "# has an invalid require_paths", e.message ++ end ++ end ++ ++ def test_pre_install_checks_malicious_extensions_before_eval ++ skip "mswin environment disallow to create file contained the carriage return code." if Gem.win_platform? ++ ++ spec = util_spec "malicious", '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate(*args); end ++ spec.extensions = ["malicious\n``"] ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal "# has an invalid extensions", e.message ++ end ++ end ++ ++ def test_pre_install_checks_malicious_specification_version_before_eval ++ spec = util_spec "malicious", '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate(*args); end ++ spec.specification_version = "malicious\n``" ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal "# has an invalid specification_version", e.message ++ end ++ end ++ ++ def test_pre_install_checks_malicious_dependencies_before_eval ++ spec = util_spec "malicious", '1' ++ def spec.full_name # so the spec is buildable ++ "malicious-1" ++ end ++ def spec.validate(*args); end ++ spec.add_dependency "b\nfoo", '> 5' ++ ++ util_build_gem spec ++ ++ gem = File.join(@gemhome, 'cache', spec.file_name) ++ ++ use_ui @ui do ++ @installer = Gem::Installer.new gem ++ @installer.ignore_dependencies = true ++ e = assert_raises Gem::InstallError do ++ @installer.pre_install_checks ++ end ++ assert_equal "# has an invalid dependencies", e.message ++ end ++ end ++ + def test_shebang + util_make_exec @spec, "#!/usr/bin/ruby" + +diff --git a/test/rubygems/test_gem_text.rb b/test/rubygems/test_gem_text.rb +index 04f3f605e8c0..8ce6df94bbc0 100644 +--- a/test/rubygems/test_gem_text.rb ++++ b/test/rubygems/test_gem_text.rb +@@ -66,4 +66,9 @@ def test_truncate_text + s = "ab" * 500_001 + assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000) + end ++ ++ def test_clean_text ++ assert_equal ".]2;nyan.", clean_text("\e]2;nyan\a") ++ end ++ + end diff --git a/SOURCES/ruby-2.5.0-Disable-Tokyo-TZ-tests.patch b/SOURCES/ruby-2.5.0-Disable-Tokyo-TZ-tests.patch new file mode 100644 index 0000000..a36b897 --- /dev/null +++ b/SOURCES/ruby-2.5.0-Disable-Tokyo-TZ-tests.patch @@ -0,0 +1,30 @@ +diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb +index 20a57fe7dd..5b9e5a8bde 100644 +--- a/test/ruby/test_time_tz.rb ++++ b/test/ruby/test_time_tz.rb +@@ -125,8 +125,8 @@ def test_asia_singapore + + def test_asia_tokyo + with_tz(tz="Asia/Tokyo") { +- assert_time_constructor(tz, "1951-05-06 03:00:00 +1000", :local, [1951,5,6,2,0,0]) +- assert_time_constructor(tz, "1951-05-06 03:59:59 +1000", :local, [1951,5,6,2,59,59]) ++# assert_time_constructor(tz, "1951-05-06 03:00:00 +1000", :local, [1951,5,6,2,0,0]) ++# assert_time_constructor(tz, "1951-05-06 03:59:59 +1000", :local, [1951,5,6,2,59,59]) + assert_time_constructor(tz, "2010-06-10 06:13:28 +0900", :local, [2010,6,10,6,13,28]) + } + end +@@ -319,10 +319,10 @@ def self.gen_zdump_test(data) + Asia/Singapore Sun Aug 8 16:30:00 1965 UTC = Mon Aug 9 00:00:00 1965 SGT isdst=0 gmtoff=27000 + Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000 + Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800 +-Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 +-Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 +-Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 +-Asia/Tokyo Fri Sep 7 16:00:00 1951 UTC = Sat Sep 8 01:00:00 1951 JST isdst=0 gmtoff=32400 ++#Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 ++#Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 ++#Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 ++#Asia/Tokyo Fri Sep 7 16:00:00 1951 UTC = Sat Sep 8 01:00:00 1951 JST isdst=0 gmtoff=32400 + America/St_Johns Sun Mar 11 03:30:59 2007 UTC = Sun Mar 11 00:00:59 2007 NST isdst=0 gmtoff=-12600 + America/St_Johns Sun Mar 11 03:31:00 2007 UTC = Sun Mar 11 01:01:00 2007 NDT isdst=1 gmtoff=-9000 + America/St_Johns Sun Nov 4 02:30:59 2007 UTC = Sun Nov 4 00:00:59 2007 NDT isdst=1 gmtoff=-9000 diff --git a/SOURCES/ruby-2.5.0-Fixed-command-Injection.patch b/SOURCES/ruby-2.5.0-Fixed-command-Injection.patch new file mode 100644 index 0000000..70b8a02 --- /dev/null +++ b/SOURCES/ruby-2.5.0-Fixed-command-Injection.patch @@ -0,0 +1,156 @@ +From ba0d5f7a6df6ba5545c3ce0b09e107e10d082d49 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Wed, 20 Dec 2017 04:18:31 +0000 +Subject: [PATCH 1/3] Fixed command Injection + +* resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential + command Injection in Hosts::new() by use of Kernel#open. + [Fix GH-1777] [ruby-core:84347] [Bug #14205] + +From: Drigg3r + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/resolv.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/resolv.rb b/lib/resolv.rb +index 1044b95e68..56183b837d 100644 +--- a/lib/resolv.rb ++++ b/lib/resolv.rb +@@ -186,7 +186,7 @@ def lazy_initialize # :nodoc: + unless @initialized + @name2addr = {} + @addr2name = {} +- open(@filename, 'rb') {|f| ++ File.open(@filename, 'rb') {|f| + f.each {|line| + line.sub!(/#.*/, '') + addr, hostname, *aliases = line.split(/\s+/) +-- +2.15.1 + + +From 0b6213635018ef73567388c1095ad1c556e1f4ee Mon Sep 17 00:00:00 2001 +From: nobu +Date: Wed, 20 Dec 2017 04:25:01 +0000 +Subject: [PATCH 2/3] Fixed command Injection + +* lib/resolv.rb (Resolv::Config.parse_resolv_conf): fixed + potential command injection by use of Kernel#open. + [ruby-core:84347] [Bug #14205] + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + lib/resolv.rb | 2 +- + test/resolv/test_addr.rb | 11 +++++++++++ + test/resolv/test_dns.rb | 10 ++++++++++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/lib/resolv.rb b/lib/resolv.rb +index 56183b837d..48ee400efe 100644 +--- a/lib/resolv.rb ++++ b/lib/resolv.rb +@@ -904,7 +904,7 @@ def Config.parse_resolv_conf(filename) + nameserver = [] + search = nil + ndots = 1 +- open(filename, 'rb') {|f| ++ File.open(filename, 'rb') {|f| + f.each {|line| + line.sub!(/[#;].*/, '') + keyword, *args = line.split(/\s+/) +diff --git a/test/resolv/test_addr.rb b/test/resolv/test_addr.rb +index 4a2df5bfca..78a28c9633 100644 +--- a/test/resolv/test_addr.rb ++++ b/test/resolv/test_addr.rb +@@ -26,4 +26,15 @@ def test_invalid_byte_comment + end + end + end ++ ++ def test_hosts_by_command ++ Dir.mktmpdir do |dir| ++ Dir.chdir(dir) do ++ hosts = Resolv::Hosts.new("|echo error") ++ assert_raise(Errno::ENOENT) do ++ hosts.each_name("") {} ++ end ++ end ++ end ++ end + end +diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb +index f21a094b20..8236078374 100644 +--- a/test/resolv/test_dns.rb ++++ b/test/resolv/test_dns.rb +@@ -176,6 +176,16 @@ def test_invalid_byte_comment + end + end + ++ def test_resolv_conf_by_command ++ Dir.mktmpdir do |dir| ++ Dir.chdir(dir) do ++ assert_raise(Errno::ENOENT) do ++ Resolv::DNS::Config.parse_resolv_conf("|echo foo") ++ end ++ end ++ end ++ end ++ + def test_dots_diffences + name1 = Resolv::DNS::Name.create("example.org") + name2 = Resolv::DNS::Name.create("ex.ampl.eo.rg") +-- +2.15.1 + + +From dd71a5a9a459dbda9b9a4786f6a0b5bd59a81aae Mon Sep 17 00:00:00 2001 +From: usa +Date: Wed, 20 Dec 2017 16:04:41 +0000 +Subject: [PATCH 3/3] fix test errors on Windows + + * test/resolv/test_addr.rb (test_hosts_by_command): on Windows, `|` is + invalid charactor for path and raises `Errno::EINVAL` if trying to + open. + + * test/resolv/test_dns.rb (test_resolv_conf_by_command): ditto. + + cf. [Bug #14205] + + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61374 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/resolv/test_addr.rb | 2 +- + test/resolv/test_dns.rb | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/resolv/test_addr.rb b/test/resolv/test_addr.rb +index 78a28c9633..14ec2651ab 100644 +--- a/test/resolv/test_addr.rb ++++ b/test/resolv/test_addr.rb +@@ -31,7 +31,7 @@ def test_hosts_by_command + Dir.mktmpdir do |dir| + Dir.chdir(dir) do + hosts = Resolv::Hosts.new("|echo error") +- assert_raise(Errno::ENOENT) do ++ assert_raise(Errno::ENOENT, Errno::EINVAL) do + hosts.each_name("") {} + end + end +diff --git a/test/resolv/test_dns.rb b/test/resolv/test_dns.rb +index 8236078374..1b44f32807 100644 +--- a/test/resolv/test_dns.rb ++++ b/test/resolv/test_dns.rb +@@ -179,7 +179,7 @@ def test_invalid_byte_comment + def test_resolv_conf_by_command + Dir.mktmpdir do |dir| + Dir.chdir(dir) do +- assert_raise(Errno::ENOENT) do ++ assert_raise(Errno::ENOENT, Errno::EINVAL) do + Resolv::DNS::Config.parse_resolv_conf("|echo foo") + end + end +-- +2.15.1 + diff --git a/SOURCES/ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch b/SOURCES/ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch new file mode 100644 index 0000000..416c34e --- /dev/null +++ b/SOURCES/ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch @@ -0,0 +1,65 @@ +diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb +index 58670e9a49..ba10ce4421 100644 +--- a/test/ruby/test_time_tz.rb ++++ b/test/ruby/test_time_tz.rb +@@ -84,6 +84,10 @@ class TestTimeTZ < Test::Unit::TestCase + has_right_tz &&= have_tz_offset?("right/America/Los_Angeles") + has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon") + ++ CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") { ++ Time.local(1994, 12, 31, 0, 0, 0).year == 1995 ++ } ++ + def time_to_s(t) + t.to_s + end +@@ -163,9 +167,17 @@ class TestTimeTZ < Test::Unit::TestCase + + def test_pacific_kiritimati + with_tz(tz="Pacific/Kiritimati") { +- assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59]) +- assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0]) +- assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59]) ++ assert_time_constructor(tz, "1994-12-30 00:00:00 -1000", :local, [1994,12,30,0,0,0]) ++ assert_time_constructor(tz, "1994-12-30 23:59:59 -1000", :local, [1994,12,30,23,59,59]) ++ if CORRECT_KIRITIMATI_SKIP_1994 ++ assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1994,12,31,0,0,0]) ++ assert_time_constructor(tz, "1995-01-01 23:59:59 +1400", :local, [1994,12,31,23,59,59]) ++ assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1995,1,1,0,0,0]) ++ else ++ assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59]) ++ assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0]) ++ assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59]) ++ end + assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,2,0,0,0]) + } + end +@@ -339,9 +351,18 @@ Europe/London Sun Aug 10 00:59:59 1947 UTC = Sun Aug 10 02:59:59 1947 BDST isds + Europe/London Sun Aug 10 01:00:00 1947 UTC = Sun Aug 10 02:00:00 1947 BST isdst=1 gmtoff=3600 + Europe/London Sun Nov 2 01:59:59 1947 UTC = Sun Nov 2 02:59:59 1947 BST isdst=1 gmtoff=3600 + Europe/London Sun Nov 2 02:00:00 1947 UTC = Sun Nov 2 02:00:00 1947 GMT isdst=0 gmtoff=0 ++End ++ if CORRECT_KIRITIMATI_SKIP_1994 ++ gen_zdump_test <<'End' ++Pacific/Kiritimati Sat Dec 31 09:59:59 1994 UTC = Fri Dec 30 23:59:59 1994 LINT isdst=0 gmtoff=-36000 ++Pacific/Kiritimati Sat Dec 31 10:00:00 1994 UTC = Sun Jan 1 00:00:00 1995 LINT isdst=0 gmtoff=50400 ++End ++ else ++ gen_zdump_test <<'End' + Pacific/Kiritimati Sun Jan 1 09:59:59 1995 UTC = Sat Dec 31 23:59:59 1994 LINT isdst=0 gmtoff=-36000 + Pacific/Kiritimati Sun Jan 1 10:00:00 1995 UTC = Mon Jan 2 00:00:00 1995 LINT isdst=0 gmtoff=50400 + End ++ end + gen_zdump_test <<'End' if has_right_tz + right/America/Los_Angeles Fri Jun 30 23:59:60 1972 UTC = Fri Jun 30 16:59:60 1972 PDT isdst=1 gmtoff=-25200 + right/America/Los_Angeles Wed Dec 31 23:59:60 2008 UTC = Wed Dec 31 15:59:60 2008 PST isdst=0 gmtoff=-28800 +@@ -389,5 +410,6 @@ End + gen_variational_zdump_test "lisbon", <<'End' if has_lisbon_tz + Europe/Lisbon Mon Jan 1 00:36:31 1912 UTC = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2192 + Europe/Lisbon Mon Jan 1 00:36:44 1912 UT = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2205 ++Europe/Lisbon Sun Dec 31 23:59:59 1911 UT = Sun Dec 31 23:23:14 1911 LMT isdst=0 gmtoff=-2205 + End + end +-- +2.17.1 + diff --git a/SOURCES/ruby-2.5.3-fix-openssl-x509-name.patch b/SOURCES/ruby-2.5.3-fix-openssl-x509-name.patch new file mode 100644 index 0000000..1ae92ab --- /dev/null +++ b/SOURCES/ruby-2.5.3-fix-openssl-x509-name.patch @@ -0,0 +1,57 @@ +From 3ab0720cc4a6b2525850ea192a99235873f22d6b Mon Sep 17 00:00:00 2001 +From: Kazuki Yamaguchi +Date: Fri, 27 Jul 2018 17:01:04 +0900 +Subject: [PATCH] x509name: fix OpenSSL::X509::Name#{cmp,<=>} + +Fix wrong use of X509_NAME_cmp() return value. OpenSSL::X509::Name#<=> +could return 0 when the two objects aren't identical. + +Reported by Tyler Eckstein. CVE-2018-16395. + +Reference: https://hackerone.com/reports/387250 +--- + ext/openssl/ossl_x509name.c | 2 +- + test/openssl/test_x509name.rb | 14 ++++++++++---- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c +index 4b397055ab..a2662159e3 100644 +--- a/ext/openssl/ossl_x509name.c ++++ b/ext/openssl/ossl_x509name.c +@@ -321,7 +321,7 @@ ossl_x509name_cmp(VALUE self, VALUE other) + + result = ossl_x509name_cmp0(self, other); + if (result < 0) return INT2FIX(-1); +- if (result > 1) return INT2FIX(1); ++ if (result > 0) return INT2FIX(1); + + return INT2FIX(0); + } +diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb +index de35fc303a..642d7094a8 100644 +--- a/test/openssl/test_x509name.rb ++++ b/test/openssl/test_x509name.rb +@@ -337,10 +337,16 @@ class OpenSSL::TestX509Name < Test::Unit::TestCase + end + + def test_spaceship +- n1 = OpenSSL::X509::Name.parse 'CN=a' +- n2 = OpenSSL::X509::Name.parse 'CN=b' +- +- assert_equal(-1, n1 <=> n2) ++ n1 = OpenSSL::X509::Name.new([["CN", "a"]]) ++ n2 = OpenSSL::X509::Name.new([["CN", "a"]]) ++ n3 = OpenSSL::X509::Name.new([["CN", "ab"]]) ++ ++ assert_equal 0, n1 <=> n2 ++ assert_equal -1, n1 <=> n3 ++ assert_equal 0, n2 <=> n1 ++ assert_equal -1, n2 <=> n3 ++ assert_equal 1, n3 <=> n1 ++ assert_equal 1, n3 <=> n2 + end + + def name_hash(name) +-- +2.17.1 + diff --git a/SOURCES/ruby-2.6.0-Try-to-update-cert.patch b/SOURCES/ruby-2.6.0-Try-to-update-cert.patch new file mode 100644 index 0000000..a0bea8c --- /dev/null +++ b/SOURCES/ruby-2.6.0-Try-to-update-cert.patch @@ -0,0 +1,502 @@ +From f234e6c3d3170f37508e214cdaef78d4b2584e5a Mon Sep 17 00:00:00 2001 +From: kazu +Date: Wed, 2 Jan 2019 03:08:20 +0000 +Subject: [PATCH 1/2] Try to update cert + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/net/imap/cacert.pem | 86 +++++++------------------- + test/net/imap/server.crt | 113 +++++++++++++++++++++++------------ + test/net/imap/server.key | 43 ++++++++----- + 3 files changed, 124 insertions(+), 118 deletions(-) + +diff --git a/test/net/imap/cacert.pem b/test/net/imap/cacert.pem +index 7073387877..f623bd62ed 100644 +--- a/test/net/imap/cacert.pem ++++ b/test/net/imap/cacert.pem +@@ -1,66 +1,24 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: +- b9:90:a2:bf:62:69:17:9c +- Signature Algorithm: sha1WithRSAEncryption +- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org +- Validity +- Not Before: Jan 3 01:34:17 2014 GMT +- Not After : Jan 2 01:34:17 2019 GMT +- Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6: +- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be: +- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13: +- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5: +- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40: +- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d: +- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89: +- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6: +- d0:fc:d6:eb:fc:06:82:10:fb +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Subject Key Identifier: +- E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 +- X509v3 Authority Key Identifier: +- keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 +- DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org +- serial:B9:90:A2:BF:62:69:17:9C +- +- X509v3 Basic Constraints: +- CA:TRUE +- Signature Algorithm: sha1WithRSAEncryption +- 8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95: +- f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8: +- 61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56: +- d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a: +- 08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e: +- 84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e: +- 35:03:ea:0a:65:5a:33:38:c6:cc:81:46:c0:bc:36:86:96:39: +- 10:7d + -----BEGIN CERTIFICATE----- +-MIIDjTCCAvagAwIBAgIJALmQor9iaRecMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD +-VQQGEwJKUDEQMA4GA1UECBMHU2hpbWFuZTEUMBIGA1UEBxMLTWF0ei1lIGNpdHkx +-FzAVBgNVBAoTDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDEwxSdWJ5IFRlc3QgQ0Ex +-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTQwMTAz +-MDEzNDE3WhcNMTkwMTAyMDEzNDE3WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT +-B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv +-cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz +-ZWN1cml0eUBydWJ5LWxhbmcub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +-gQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv70BpBrLJE51+ +-66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl9Ny7XaVBYOep +-dLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQABo4H0MIHxMB0G +-A1UdDgQWBBToflisE3sDIo2erzILhImAgAwewjCBwQYDVR0jBIG5MIG2gBToflis +-E3sDIo2erzILhImAgAwewqGBkqSBjzCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT +-B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv +-cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz +-ZWN1cml0eUBydWJ5LWxhbmcub3JnggkAuZCiv2JpF5wwDAYDVR0TBAUwAwEB/zAN +-BgkqhkiG9w0BAQUFAAOBgQCPdwZOMXIS7mgJcCfUMYXvEJX5DytmYwg3iG63m0A+ +-GHczhuhharc8y8em1tWSah9W0J9cMlbTN1L+DiDCeg3+LTyB2rh/TWoIAdm+eqIV +-vqbOSWSQjJrKbi6ESB2UGVaURqolm2jCgGC/yy41A+oKZVozOMbMgUbAvDaGljkQ +-fQ== ++MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD ++VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx ++FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex ++JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy ++MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM ++B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv ++cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz ++ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB ++CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV ++SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI ++3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d ++BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L ++2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R ++WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9 ++I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw ++DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA ++of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q ++aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS ++2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee ++uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s ++K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+ ++mA== + -----END CERTIFICATE----- +diff --git a/test/net/imap/server.crt b/test/net/imap/server.crt +index fa4f99493a..817ecc222c 100644 +--- a/test/net/imap/server.crt ++++ b/test/net/imap/server.crt +@@ -1,48 +1,83 @@ + Certificate: + Data: +- Version: 1 (0x0) +- Serial Number: 0 (0x0) +- Signature Algorithm: sha1WithRSAEncryption ++ Version: 3 (0x2) ++ Serial Number: 1 (0x1) ++ Signature Algorithm: sha256WithRSAEncryption + Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org + Validity +- Not Before: Jan 3 01:34:17 2014 GMT +- Not After : Jan 2 01:34:17 2019 GMT +- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost ++ Not Before: Jan 2 03:06:53 2019 GMT ++ Not After : Jan 1 03:06:53 2024 GMT ++ Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- RSA Public Key: (1024 bit) +- Modulus (1024 bit): +- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6: +- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be: +- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13: +- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5: +- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40: +- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d: +- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89: +- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6: +- d0:fc:d6:eb:fc:06:82:10:fb ++ Public-Key: (2048 bit) ++ Modulus: ++ 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86: ++ c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68: ++ 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87: ++ e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71: ++ 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be: ++ c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3: ++ 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd: ++ 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57: ++ d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc: ++ 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84: ++ 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0: ++ 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f: ++ 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1: ++ dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd: ++ fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e: ++ 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de: ++ ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82: ++ 96:a9 + Exponent: 65537 (0x10001) +- Signature Algorithm: sha1WithRSAEncryption +- 85:f5:d3:05:8b:8c:f4:43:1c:88:f2:8f:b2:f2:93:77:b7:3d: +- 95:c6:a0:34:bc:33:6a:d8:85:5f:3e:86:08:10:c5:5c:c1:76: +- a3:53:3c:dc:38:98:23:97:e7:da:21:ac:e8:4d:3c:96:70:29: +- ff:ff:1e:4a:9a:17:2b:db:04:62:b9:ef:ab:ea:a7:a5:e8:7c: +- b1:d5:ed:30:a8:6c:78:de:51:7e:e3:8a:c2:a4:64:a8:63:a2: +- bc:fd:43:9c:f3:55:7d:54:c9:6a:d8:53:1c:4b:6b:03:aa:b6: +- 19:e6:a4:4f:47:00:96:c5:42:59:85:4e:c3:4e:cd:41:82:53: +- 10:f8 ++ X509v3 extensions: ++ X509v3 Basic Constraints: ++ CA:FALSE ++ Netscape Comment: ++ OpenSSL Generated Certificate ++ X509v3 Subject Key Identifier: ++ F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43 ++ X509v3 Authority Key Identifier: ++ keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 ++ ++ Signature Algorithm: sha256WithRSAEncryption ++ 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19: ++ 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4: ++ 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42: ++ 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7: ++ fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea: ++ 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75: ++ 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45: ++ ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87: ++ 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06: ++ 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d: ++ bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27: ++ f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07: ++ fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5: ++ 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87: ++ 9d:64:28:ce + -----BEGIN CERTIFICATE----- +-MIICXDCCAcUCAQAwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD +-VQQIEwdTaGltYW5lMRQwEgYDVQQHEwtNYXR6LWUgY2l0eTEXMBUGA1UEChMOUnVi +-eSBDb3JlIFRlYW0xFTATBgNVBAMTDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ +-ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0xNDAxMDMwMTM0MTdaFw0xOTAx +-MDIwMTM0MTdaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdTaGltYW5lMRcwFQYD +-VQQKEw5SdWJ5IENvcmUgVGVhbTESMBAGA1UECxMJUnVieSBUZXN0MRIwEAYDVQQD +-Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANt10EXesd+/ +-caAOsKXmvPQcneUlZ2TFe8vxr8a+mqrqfg/MBa/vQGkGsskTnX7rogbi6n0Hx8eZ +-x/vVuOtjd2IrGBLDU1jQ9cdADAHRJoI0Fgnj3GX03LtdpUFg56l0utdMtqOcxYyJ +-r8vonwX+6v5kJL/n7eP20PzW6/wGghD7AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA +-hfXTBYuM9EMciPKPsvKTd7c9lcagNLwzatiFXz6GCBDFXMF2o1M83DiYI5fn2iGs +-6E08lnAp//8eSpoXK9sEYrnvq+qnpeh8sdXtMKhseN5RfuOKwqRkqGOivP1DnPNV +-fVTJathTHEtrA6q2GeakT0cAlsVCWYVOw07NQYJTEPg= ++MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx ++EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK ++DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI ++hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX ++DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx ++FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex ++JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG ++SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m ++u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W ++vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI ++Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT ++Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI ++BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5 ++MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl ++cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME ++GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK ++Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx ++DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2 ++Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN ++/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS ++SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm ++gJGByxo9tY6HnWQozg== + -----END CERTIFICATE----- +diff --git a/test/net/imap/server.key b/test/net/imap/server.key +index 7c57546ece..1e73232728 100644 +--- a/test/net/imap/server.key ++++ b/test/net/imap/server.key +@@ -1,15 +1,28 @@ +------BEGIN RSA PRIVATE KEY----- +-MIICXQIBAAKBgQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv +-70BpBrLJE51+66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl +-9Ny7XaVBYOepdLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQAB +-AoGAGtYHR+P5gFDaxiXFuCPFC1zMeg7e29XCU6gURIteQnQ2QhxCvcbV64HkLu51 +-HeYWhB0Pa4aeCWxmpgb2e+JH4MEoIjeJSGyZQeqwkQLgWJDdvkgWx5am58QzA60I +-ipkZ9QHcPffSs5RiGx4yfr58KqAmwFphGCY8W7v4LqaENdECQQD9H5VTW9g4gj1c +-j3uNYvSI/D7a9P7gfI+ziczuwMm5xsBx3D/t5TAr3SJKNne3sl1E6ZERCUbzxf+C +-k58EiHx1AkEA3fRLGqDOq7EcQhbjTcA/v/t5MwlGEUsS9+XrqOWn50YuoIwRZJ3v +-qHRQzfQfFNklGtfBvwQ4md3irXjMeGVprwJBAMEAuwiDiHuV+xm/ofKtmE13IKot +-ksYy1BOOp/8IawhHXueyi+BmF/PqOkIiA+jCjNGF0oIN89beizPSQbbgJx0CQG/K +-qL1bu1ys0y/SeWBi8XkP/0aeaCUzq/UiYCTsrzoEll2UzvnftqMhGsXxLGqCyHaR +-r2s3hA6zvIVlL4+AfM8CQQClq+WDrC5VKciLYakZNWJjV1m+H2Ut/0fXdUjKHajE +-FWLcsrOhADf6bkTb71GwPxnKRkkRmud5upP0ZYYTqM4X +------END RSA PRIVATE KEY----- ++-----BEGIN PRIVATE KEY----- ++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k ++339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu ++cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l ++//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT ++XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP ++CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym ++WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM ++BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9 ++fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j ++hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T ++uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q ++8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB ++s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z ++AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl ++lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x ++u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm ++gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr ++45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN ++W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM ++spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3 ++bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW ++uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox ++kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+ ++XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE ++bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml ++uCiVeqoPl+JIg4m8Tz76XWo= ++-----END PRIVATE KEY----- +-- +2.20.1 + + +From 1e0b49a293d3792826c67b7e05c5fcbd09c9ea6e Mon Sep 17 00:00:00 2001 +From: kazu +Date: Wed, 2 Jan 2019 03:29:01 +0000 +Subject: [PATCH 2/2] Try to update cert (2nd try) + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/net/imap/server.crt | 115 +++++++++++++++++------------------ + test/net/imap/server.key | 52 ++++++++-------- + 2 files changed, 83 insertions(+), 84 deletions(-) + +diff --git a/test/net/imap/server.crt b/test/net/imap/server.crt +index 817ecc222c..5ca78a6d14 100644 +--- a/test/net/imap/server.crt ++++ b/test/net/imap/server.crt +@@ -1,35 +1,35 @@ + Certificate: + Data: + Version: 3 (0x2) +- Serial Number: 1 (0x1) ++ Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org + Validity +- Not Before: Jan 2 03:06:53 2019 GMT +- Not After : Jan 1 03:06:53 2024 GMT +- Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org ++ Not Before: Jan 2 03:27:13 2019 GMT ++ Not After : Jan 1 03:27:13 2024 GMT ++ Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: +- 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86: +- c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68: +- 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87: +- e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71: +- 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be: +- c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3: +- 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd: +- 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57: +- d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc: +- 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84: +- 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0: +- 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f: +- 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1: +- dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd: +- fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e: +- 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de: +- ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82: +- 96:a9 ++ 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07: ++ 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48: ++ e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57: ++ 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67: ++ cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1: ++ 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7: ++ bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc: ++ 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1: ++ 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9: ++ 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19: ++ 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04: ++ 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3: ++ 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4: ++ de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d: ++ 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc: ++ e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d: ++ 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10: ++ 4f:41 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: +@@ -37,47 +37,46 @@ Certificate: + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: +- F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43 ++ ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36 + X509v3 Authority Key Identifier: + keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 + + Signature Algorithm: sha256WithRSAEncryption +- 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19: +- 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4: +- 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42: +- 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7: +- fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea: +- 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75: +- 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45: +- ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87: +- 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06: +- 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d: +- bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27: +- f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07: +- fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5: +- 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87: +- 9d:64:28:ce ++ 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c: ++ ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35: ++ 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51: ++ fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a: ++ 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a: ++ 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15: ++ 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64: ++ 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62: ++ d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab: ++ 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d: ++ 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2: ++ 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff: ++ 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf: ++ da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69: ++ fd:be:bd:6e + -----BEGIN CERTIFICATE----- +-MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx ++MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx + EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK + DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI +-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX +-DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex +-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG +-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m +-u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W +-vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI +-Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT +-Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI +-BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5 +-MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl +-cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME +-GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK +-Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx +-DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2 +-Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN +-/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS +-SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm +-gJGByxo9tY6HnWQozg== ++hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX ++DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx ++FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ ++BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ++AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ ++zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj ++VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ ++wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r ++sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d ++dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC ++AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o ++wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N +++J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ ++y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW ++EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL ++Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1 ++oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j ++28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u + -----END CERTIFICATE----- +diff --git a/test/net/imap/server.key b/test/net/imap/server.key +index 1e73232728..7f2380e71e 100644 +--- a/test/net/imap/server.key ++++ b/test/net/imap/server.key +@@ -1,28 +1,28 @@ + -----BEGIN PRIVATE KEY----- +-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k +-339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu +-cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l +-//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT +-XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP +-CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym +-WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM +-BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9 +-fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j +-hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T +-uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q +-8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB +-s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z +-AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl +-lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x +-u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm +-gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr +-45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN +-W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM +-spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3 +-bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW +-uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox +-kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+ +-XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE +-bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml +-uCiVeqoPl+JIg4m8Tz76XWo= ++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN ++XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU ++Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC ++6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE ++cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ ++n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u ++/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ ++DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho ++LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX ++QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej ++hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ ++1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt ++liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd ++U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc ++pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC ++A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1 ++ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs ++oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD ++gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ ++xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn ++kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ ++uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ ++y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ ++g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8 ++wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7 ++2whRF0FEjKA8ehrNhAq+VFfFNw== + -----END PRIVATE KEY----- +-- +2.20.1 + diff --git a/SOURCES/ruby-exercise.stp b/SOURCES/ruby-exercise.stp new file mode 100644 index 0000000..df9df41 --- /dev/null +++ b/SOURCES/ruby-exercise.stp @@ -0,0 +1,39 @@ +/* Example tapset file. + * + * You can execute the tapset using following command (please adjust the path + * prior running the command, if needed): + * + * stap /usr/share/doc/ruby-2.0.0.0/ruby-exercise.stp -c "ruby -e \"puts 'test'\"" + */ + +probe ruby.cmethod.entry { + printf("%d -> %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.cmethod.return { + printf("%d <- %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.method.entry { + printf("%d -> %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.method.return { + printf("%d <- %s::%s %s:%d\n", tid(), classname, methodname, file, line); +} + +probe ruby.gc.mark.begin { printf("%d gc.mark.begin\n", tid()); } + +probe ruby.gc.mark.end { printf("%d gc.mark.end\n", tid()); } + +probe ruby.gc.sweep.begin { printf("%d gc.sweep.begin\n", tid()); } + +probe ruby.gc.sweep.end { printf("%d gc.sweep.end\n", tid()); } + +probe ruby.object.create{ + printf("%d obj.create %s %s:%d\n", tid(), classname, file, line); +} + +probe ruby.raise { + printf("%d raise %s %s:%d\n", tid(), classname, file, line); +} diff --git a/SOURCES/ruby-trunk-tk-extconf-fix.patch b/SOURCES/ruby-trunk-tk-extconf-fix.patch new file mode 100644 index 0000000..7e6e51b --- /dev/null +++ b/SOURCES/ruby-trunk-tk-extconf-fix.patch @@ -0,0 +1,71 @@ +From 399ef04d6540bf708e5281d8e649165f03e61e1e Mon Sep 17 00:00:00 2001 +From: Josef Stribny +Date: Thu, 9 Jan 2014 14:50:36 +0100 +Subject: [PATCH] Fix tk extconf to pass arrays instead of strings to + libpathflag + +--- + ext/tk/extconf.rb | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ext/tk/extconf.rb b/ext/tk/extconf.rb +index ca99129..5b7c19b 100644 +--- a/ext/tk/extconf.rb ++++ b/ext/tk/extconf.rb +@@ -623,7 +623,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + $INCFLAGS << " -I" << File.join(File.dirname(File.dirname(file)),"include") if is_win32? + else + tcllibs = append_library($libs, libname) +- tcllibs = "#{libpathflag(tcldir)} #{tcllibs}" ++ tcllibs = "#{libpathflag([tcldir])} #{tcllibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -665,7 +665,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + else + tklibs = append_library("", libname) + #tklibs = append_library("", $1) +- tklibs = "#{libpathflag(tkdir)} #{tklibs}" ++ tklibs = "#{libpathflag([tkdir])} #{tklibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -1161,7 +1161,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths) + tcllibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tcllibs = append_library($libs, lib_w_sufx) +- tcllibs = "#{libpathflag(path)} #{tcllibs}" ++ tcllibs = "#{libpathflag([path])} #{tcllibs}" + end + if try_func(func, tcllibs, ["tcl.h"]) + return [true, path, nil, tcllibs, *inc] +@@ -1300,7 +1300,7 @@ def find_tk(tklib, stubs, version, *opt_paths) + tklibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tklibs = append_library($libs, lib_w_sufx) +- tklibs = "#{libpathflag(path)} #{tklibs}" ++ tklibs = "#{libpathflag([path])} #{tklibs}" + end + if try_func(func, tklibs, ["tcl.h", "tk.h"]) + return [true, path, nil, tklibs, *inc] +@@ -2013,7 +2013,7 @@ $defs += collect_tcltk_defs(TclConfig_Info['TCL_DEFS'], TkConfig_Info['TK_DEFS'] + # MacOS X Frameworks? + if TkLib_Config["tcltk-framework"] + puts("Use MacOS X Frameworks.") +- ($LDFLAGS ||= "") << " " << libpathflag(TkLib_Config["tcl-build-dir"]) if TkLib_Config["tcl-build-dir"] ++ ($LDFLAGS ||= "") << " " << libpathflag([TkLib_Config["tcl-build-dir"]]) if TkLib_Config["tcl-build-dir"] + + libs = '' + if tcl_cfg_dir +@@ -2039,7 +2039,7 @@ if TkLib_Config["tcltk-framework"] + end + end + +- libs << " " << libpathflag(TkLib_Config["tk-build-dir"]) if TkLib_Config["tk-build-dir"] ++ libs << " " << libpathflag([TkLib_Config["tk-build-dir"]]) if TkLib_Config["tk-build-dir"] + + if tk_cfg_dir + TkConfig_Info['TK_LIBS'] ||= "" +-- +1.8.3.1 + diff --git a/SOURCES/ruby-trunk-tk-rpath-fix.patch b/SOURCES/ruby-trunk-tk-rpath-fix.patch new file mode 100644 index 0000000..935e01f --- /dev/null +++ b/SOURCES/ruby-trunk-tk-rpath-fix.patch @@ -0,0 +1,61 @@ +diff --git a/ext/tk/extconf.rb b/ext/tk/extconf.rb +index 709e4d2..fa1bc80 100644 +--- a/ext/tk/extconf.rb ++++ b/ext/tk/extconf.rb +@@ -623,7 +623,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + $INCFLAGS << " -I" << File.join(File.dirname(File.dirname(file)),"include") if is_win32? + else + tcllibs = append_library($libs, libname) +- tcllibs = "-L#{tcldir.quote} -Wl,-R#{tcldir.quote} " + tcllibs ++ tcllibs = "#{libpathflag(tcldir)} #{tcllibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -665,7 +665,7 @@ def libcheck_for_tclConfig(tcldir, tkdir, tclconf, tkconf) + else + tklibs = append_library("", libname) + #tklibs = append_library("", $1) +- tklibs = "-L#{tkdir.quote} -Wl,-R#{tkdir.quote} " + tklibs ++ tklibs = "#{libpathflag(tkdir)} #{tklibs}" + + # FIX ME: avoid pathname trouble (fail to find) on MinGW. + $INCFLAGS << " -I" << File.join(File.dirname(tcldir),"include") if is_win32? +@@ -1161,7 +1161,7 @@ def find_tcl(tcllib, stubs, version, *opt_paths) + tcllibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tcllibs = append_library($libs, lib_w_sufx) +- tcllibs = "-L#{path.quote} -Wl,-R#{path.quote} " + tcllibs ++ tcllibs = "#{libpathflag(path)} #{tcllibs}" + end + if try_func(func, tcllibs, ["tcl.h"]) + return [true, path, nil, tcllibs, *inc] +@@ -1300,7 +1300,7 @@ def find_tk(tklib, stubs, version, *opt_paths) + tklibs = libs_param + " -DSTATIC_BUILD " + fname.quote + else + tklibs = append_library($libs, lib_w_sufx) +- tklibs = "-L#{path.quote} -Wl,-R#{path.quote} " + tklibs ++ tklibs = "#{libpathflag(path)} #{tklibs}" + end + if try_func(func, tklibs, ["tcl.h", "tk.h"]) + return [true, path, nil, tklibs, *inc] +@@ -2013,7 +2013,7 @@ $defs += collect_tcltk_defs(TclConfig_Info['TCL_DEFS'], TkConfig_Info['TK_DEFS'] + # MacOS X Frameworks? + if TkLib_Config["tcltk-framework"] + puts("Use MacOS X Frameworks.") +- ($LDFLAGS ||= "") << " -L#{TkLib_Config["tcl-build-dir"].quote} -Wl,-R#{TkLib_Config["tcl-build-dir"].quote}" if TkLib_Config["tcl-build-dir"] ++ ($LDFLAGS ||= "") << " " << libpathflag(TkLib_Config["tcl-build-dir"]) if TkLib_Config["tcl-build-dir"] + + libs = '' + if tcl_cfg_dir +@@ -2039,7 +2039,7 @@ if TkLib_Config["tcltk-framework"] + end + end + +- libs << " -L#{TkLib_Config["tk-build-dir"].quote} -Wl,-R#{TkLib_Config["tk-build-dir"].quote}" if TkLib_Config["tk-build-dir"] ++ libs << " " << libpathflag(TkLib_Config["tk-build-dir"]) if TkLib_Config["tk-build-dir"] + + if tk_cfg_dir + TkConfig_Info['TK_LIBS'] ||= "" +-- +1.8.5.2 + diff --git a/SOURCES/rubygem-rdoc-4.0.1-unterminated-heredoc.patch b/SOURCES/rubygem-rdoc-4.0.1-unterminated-heredoc.patch new file mode 100644 index 0000000..08fdb92 --- /dev/null +++ b/SOURCES/rubygem-rdoc-4.0.1-unterminated-heredoc.patch @@ -0,0 +1,38 @@ +t a/lib/rdoc/ruby_lex.rb b/lib/rdoc/ruby_lex.rb +index e6e0b41..da17cd5 100644 +--- a/lib/rdoc/ruby_lex.rb ++++ b/lib/rdoc/ruby_lex.rb +@@ -1028,6 +1028,8 @@ def identify_here_document + end + + if output_heredoc then ++ raise Error, "Missing terminating #{quoted} for string" unless l ++ + doc << l.chomp + else + doc << '"' +diff --git a/test/rdoc/test_rdoc_ruby_lex.rb b/test/rdoc/test_rdoc_ruby_lex.rb +index 0dcb425..56ddf60 100644 +--- a/test/rdoc/test_rdoc_ruby_lex.rb ++++ b/test/rdoc/test_rdoc_ruby_lex.rb +@@ -162,6 +162,18 @@ def test_class_tokenize_heredoc_indent + assert_equal expected, tokens + end + ++ def test_class_tokenize_heredoc_missing_end ++ e = assert_raises RDoc::RubyLex::Error do ++ RDoc::RubyLex.tokenize <<-'RUBY', nil ++>> string1 = <<-TXT ++>" That's swell ++>" TXT ++ RUBY ++ end ++ ++ assert_equal 'Missing terminating TXT for string', e.message ++ end ++ + def test_class_tokenize_heredoc_percent_N + tokens = RDoc::RubyLex.tokenize <<-'RUBY', nil + a b <<-U +-- +1.8.4 diff --git a/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch b/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch new file mode 100644 index 0000000..1e58ff7 --- /dev/null +++ b/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch @@ -0,0 +1,151 @@ +From b95b9942361104dc5b7fd08eb4970f893d8c1a54 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 13 Feb 2013 13:12:30 +0100 +Subject: [PATCH 1/3] Remove duplicated check. + +The loaded specifications are rejected already in #gather_dependencies, +so this condition cannot trigger. +--- + lib/rubygems/dependency_installer.rb | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index d811f62..dffa8df 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -337,9 +337,6 @@ class Gem::DependencyInstaller + + last = @gems_to_install.size - 1 + @gems_to_install.each_with_index do |spec, index| +- # REFACTOR more current spec set hardcoding, should be abstracted? +- next if Gem::Specification.include?(spec) and index != last +- + # TODO: make this sorta_verbose so other users can benefit from it + say "Installing gem #{spec.full_name}" if Gem.configuration.really_verbose + +-- +1.8.1.2 + + +From 2fa9087b1986db6c7945c0f997fed2bfff5ce06a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 13 Feb 2013 15:47:47 +0100 +Subject: [PATCH 2/3] Do not modify global Specification.dirs during + installation. + +While gems are installed into --install-dir just fine even without +modifications of Specification.dirs, change in it makes inaccessible +gems already present on the system. +--- + lib/rubygems/dependency_installer.rb | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index dffa8df..841f26a 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -57,16 +57,14 @@ class Gem::DependencyInstaller + # :build_args:: See Gem::Installer::new + + def initialize(options = {}) +- @install_dir = options[:install_dir] || Gem.dir + + if options[:install_dir] then +- # HACK shouldn't change the global settings, needed for -i behavior +- # maybe move to the install command? See also github #442 +- Gem::Specification.dirs = @install_dir ++ Gem.ensure_gem_subdirectories options[:install_dir] + end + + options = DEFAULT_OPTIONS.merge options + ++ @install_dir = options[:install_dir] + @bin_dir = options[:bin_dir] + @dev_shallow = options[:dev_shallow] + @development = options[:development] +@@ -91,7 +88,7 @@ class Gem::DependencyInstaller + @installed_gems = [] + @toplevel_specs = nil + +- @cache_dir = options[:cache_dir] || @install_dir ++ @cache_dir = options[:cache_dir] || @install_dir || Gem.dir + + # Set with any errors that SpecFetcher finds while search through + # gemspecs for a dep +@@ -201,7 +199,7 @@ class Gem::DependencyInstaller + # that this isn't dependent only on the currently installed gems + dependency_list.specs.reject! { |spec| + not keep_names.include?(spec.full_name) and +- Gem::Specification.include?(spec) ++ (!@install_dir && Gem::Specification.include?(spec)) + } + + unless dependency_list.ok? or @ignore_dependencies or @force then +@@ -253,7 +251,7 @@ class Gem::DependencyInstaller + to_do.push t.spec + end + +- results.remove_installed! dep ++ results.remove_installed! dep unless @install_dir + + @available << results + results.inject_into_list dependency_list +@@ -367,7 +365,7 @@ class Gem::DependencyInstaller + :force => @force, + :format_executable => @format_executable, + :ignore_dependencies => @ignore_dependencies, +- :install_dir => @install_dir, ++ :install_dir => (@install_dir || Gem.dir), + :security_policy => @security_policy, + :user_install => @user_install, + :wrappers => @wrappers, +-- +1.8.1.2 + + +From d473204ce920702dd87257db49355929f31530d4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 15 Feb 2013 17:02:44 +0100 +Subject: [PATCH 3/3] Default to Gem.dir as late as possible. + +--- + lib/rubygems/dependency_installer.rb | 2 +- + lib/rubygems/installer.rb | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index 841f26a..abcfa0f 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -365,7 +365,7 @@ class Gem::DependencyInstaller + :force => @force, + :format_executable => @format_executable, + :ignore_dependencies => @ignore_dependencies, +- :install_dir => (@install_dir || Gem.dir), ++ :install_dir => @install_dir, + :security_policy => @security_policy, + :user_install => @user_install, + :wrappers => @wrappers, +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 780a88b..6543130 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -547,13 +547,13 @@ class Gem::Installer + :bin_dir => nil, + :env_shebang => false, + :force => false, +- :install_dir => Gem.dir, + :only_install_dir => false + }.merge options + + @env_shebang = options[:env_shebang] + @force = options[:force] +- @gem_home = options[:install_dir] ++ @install_dir = options[:install_dir] ++ @gem_home = options[:install_dir] || Gem.dir + @ignore_dependencies = options[:ignore_dependencies] + @format_executable = options[:format_executable] + @security_policy = options[:security_policy] +-- +1.8.1.2 + diff --git a/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch b/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch new file mode 100644 index 0000000..365dc7b --- /dev/null +++ b/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch @@ -0,0 +1,34 @@ +From c9b2eff36728266052ccfff54d3ac0a0624fd0f1 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Thu, 14 Feb 2013 11:50:41 +0100 +Subject: [PATCH] Use File.join insteado of manual path creation. + +This prevents issues, when File.join in #new_default_spec removes +superfluous slashes while they are kept in expected paths. E.g. the test +would fail if ruby configuration specifies --with-ruby-version=''. +--- + test/rubygems/test_gem_commands_contents_command.rb | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/test/rubygems/test_gem_commands_contents_command.rb b/test/rubygems/test_gem_commands_contents_command.rb +index 60df53f..35c9631 100644 +--- a/test/rubygems/test_gem_commands_contents_command.rb ++++ b/test/rubygems/test_gem_commands_contents_command.rb +@@ -140,10 +140,10 @@ lib/foo.rb + @cmd.execute + end + +- expected = %W[ +- #{Gem::ConfigMap[:bindir]}/default_command +- #{Gem::ConfigMap[:rubylibdir]}/default/gem.rb +- #{Gem::ConfigMap[:archdir]}/default_gem.so ++ expected = [ ++ File.join(Gem::ConfigMap[:bindir], 'default_command'), ++ File.join(Gem::ConfigMap[:rubylibdir], 'default/gem.rb'), ++ File.join(Gem::ConfigMap[:archdir], 'default_gem.so') + ].sort.join "\n" + + assert_equal expected, @ui.output.chomp +-- +1.8.1.2 + diff --git a/SOURCES/rubygems-2.0.0-binary-extensions.patch b/SOURCES/rubygems-2.0.0-binary-extensions.patch new file mode 100644 index 0000000..aa9fdbd --- /dev/null +++ b/SOURCES/rubygems-2.0.0-binary-extensions.patch @@ -0,0 +1,344 @@ +From ec90622235ae19b28a327cb50a10e0311e8f3d71 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Thu, 3 Nov 2011 16:43:05 +0100 +Subject: [PATCH 1/8] Add dedicate extensions folder into $LOAD_PATH. + +--- + lib/rubygems/specification.rb | 32 ++++++++++++++++++++++++++++++-- + 1 file changed, 30 insertions(+), 2 deletions(-) + +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index cabdf8d..87b14d2 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1269,6 +1269,12 @@ class Gem::Specification + File.join full_gem_path, path + end + ++ unless extensions.empty? ++ paths += require_paths.map do |path| ++ File.join ext_dir, path ++ end ++ end ++ + # gem directories must come after -I and ENV['RUBYLIB'] + insert_index = Gem.load_path_insert_index + +@@ -1389,11 +1395,16 @@ class Gem::Specification + + def contains_requirable_file? file + root = full_gem_path ++ ext = ext_dir + suffixes = Gem.suffixes + + require_paths.any? do |lib| +- base = "#{root}/#{lib}/#{file}" +- suffixes.any? { |suf| File.file? "#{base}#{suf}" } ++ base = ["#{root}/#{lib}/#{file}"] ++ base << "#{ext}/#{lib}/#{file}" unless extensions.empty? ++ ++ base.any? do |path| ++ suffixes.any? { |suf| File.file? "#{path}#{suf}" } ++ end + end + end + +@@ -1691,6 +1699,23 @@ class Gem::Specification + end + + ## ++ # Returns the full path to this spec's ext directory. ++ # eg: /usr/local/lib/ruby/1.8/exts/mygem-1.0 ++ ++ def ext_dir ++ @gem_dir ||= File.expand_path File.join(exts_dir, full_name) ++ end ++ ++ ## ++ # Returns the full path to the exts directory containing this spec's ++ # gem directory. eg: /usr/local/lib/ruby/1.8/exts ++ ++ def exts_dir ++ # TODO: this logic seems terribly broken, but tests fail if just base_dir ++ @exts_dir ||= File.join(loaded_from && base_dir || Gem.dir, "exts") ++ end ++ ++ ## + # Deprecated and ignored, defaults to true. + # + # Formerly used to indicate this gem was RDoc-capable. +-- +1.8.1.2 + + +From e42819f32fc5d935f7e7189ec4be8bdab0a2cf3f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 16 Nov 2011 13:26:48 +0100 +Subject: [PATCH 2/8] Use spec's ext dir for extension installation. + +--- + lib/rubygems/installer.rb | 2 +- + lib/rubygems/specification.rb | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 780a88b..854c177 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = File.join gem_dir, spec.require_paths.first ++ dest_path = spec.ext_dir + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index 87b14d2..492ddbe 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1706,16 +1706,15 @@ class Gem::Specification + # eg: /usr/local/lib/ruby/1.8/exts/mygem-1.0 + + def ext_dir +- @gem_dir ||= File.expand_path File.join(exts_dir, full_name) ++ @ext_dir ||= File.join exts_dir, full_name, require_paths.first + end + + ## + # Returns the full path to the exts directory containing this spec's +- # gem directory. eg: /usr/local/lib/ruby/1.8/exts ++ # gem directory. eg: /usr/local/lib/ruby/1.8/gems + + def exts_dir +- # TODO: this logic seems terribly broken, but tests fail if just base_dir +- @exts_dir ||= File.join(loaded_from && base_dir || Gem.dir, "exts") ++ @exts_dir ||= gems_dir + end + + ## +-- +1.8.1.2 + + +From 0e9dd0655111f7dda805233c79a3771459d9a66a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Wed, 16 Nov 2011 14:52:16 +0100 +Subject: [PATCH 3/9] Simplify the extending of $LOAD_PATH for binary gems. + +--- + lib/rubygems/specification.rb | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index 492ddbe..c703827 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1269,11 +1269,7 @@ class Gem::Specification + File.join full_gem_path, path + end + +- unless extensions.empty? +- paths += require_paths.map do |path| +- File.join ext_dir, path +- end +- end ++ paths << ext_dir unless extensions.empty? || paths.include?(ext_dir) + + # gem directories must come after -I and ENV['RUBYLIB'] + insert_index = Gem.load_path_insert_index +@@ -1714,7 +1710,10 @@ class Gem::Specification + # gem directory. eg: /usr/local/lib/ruby/1.8/gems + + def exts_dir +- @exts_dir ||= gems_dir ++ @exts_dir ||= begin ++ dirs = Gem.default_dirs.detect {|location, paths| paths[:gem_dir] == base_dir} ++ dirs ? File.join(dirs.last[:ext_dir], 'exts') : gems_dir ++ end + end + + ## +-- +1.8.1.2 + + +From 9a8556c609e800d0dbd24af416d613f2e82f323c Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 9 Dec 2011 16:31:04 +0100 +Subject: [PATCH 4/8] Fix the binary extension search path construction. + +--- + lib/rubygems/installer.rb | 2 +- + lib/rubygems/specification.rb | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index 854c177..f1f2ad7 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = spec.ext_dir ++ dest_path = File.join spec.ext_dir, spec.require_paths.first + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index c703827..fa9ea6e 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1269,7 +1269,7 @@ class Gem::Specification + File.join full_gem_path, path + end + +- paths << ext_dir unless extensions.empty? || paths.include?(ext_dir) ++ paths << File.join(ext_dir, require_paths.first) unless extensions.empty? || (ext_dir == full_gem_path) + + # gem directories must come after -I and ENV['RUBYLIB'] + insert_index = Gem.load_path_insert_index +@@ -1702,7 +1702,7 @@ class Gem::Specification + # eg: /usr/local/lib/ruby/1.8/exts/mygem-1.0 + + def ext_dir +- @ext_dir ||= File.join exts_dir, full_name, require_paths.first ++ @ext_dir ||= File.join exts_dir, full_name + end + + ## +-- +1.8.1.2 + + +From 476c2f90cc6f5f490858f253a9b23eb19d53d2fc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Tue, 13 Dec 2011 12:14:54 +0100 +Subject: [PATCH 5/8] Remove binary extensions during uninstall. + +--- + lib/rubygems/uninstaller.rb | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/rubygems/uninstaller.rb b/lib/rubygems/uninstaller.rb +index d672b9d..5c31a0c 100644 +--- a/lib/rubygems/uninstaller.rb ++++ b/lib/rubygems/uninstaller.rb +@@ -246,6 +246,7 @@ class Gem::Uninstaller + File.writable?(spec.base_dir) + + FileUtils.rm_rf spec.full_gem_path ++ FileUtils.rm_rf spec.ext_dir + + # TODO: should this be moved to spec?... I vote eww (also exists in docmgr) + old_platform_name = [spec.name, +-- +1.8.1.2 + + +From 35dc17e86f701fe1be80d98ace79735c535fd570 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Tue, 13 Dec 2011 14:27:14 +0100 +Subject: [PATCH 6/8] Avoid dependency on customized operating_system.rb. + +--- + lib/rubygems/defaults.rb | 11 +++++++++++ + lib/rubygems/specification.rb | 5 +---- + 2 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/lib/rubygems/defaults.rb b/lib/rubygems/defaults.rb +index ea84e5c..b221954 100644 +--- a/lib/rubygems/defaults.rb ++++ b/lib/rubygems/defaults.rb +@@ -103,6 +103,17 @@ module Gem + end + + ## ++ # Returns binary extensions dir for specified RubyGems base dir or nil ++ # if such directory cannot be determined. ++ # ++ # By default, the binary extensions are located side by side with their ++ # Ruby counterparts, therefore nil is returned ++ ++ def self.default_ext_dir_for base_dir ++ nil ++ end ++ ++ ## + # A wrapper around RUBY_ENGINE const that may not be defined + + def self.ruby_engine +diff --git a/lib/rubygems/specification.rb b/lib/rubygems/specification.rb +index fa9ea6e..2b10499 100644 +--- a/lib/rubygems/specification.rb ++++ b/lib/rubygems/specification.rb +@@ -1710,10 +1710,7 @@ class Gem::Specification + # gem directory. eg: /usr/local/lib/ruby/1.8/gems + + def exts_dir +- @exts_dir ||= begin +- dirs = Gem.default_dirs.detect {|location, paths| paths[:gem_dir] == base_dir} +- dirs ? File.join(dirs.last[:ext_dir], 'exts') : gems_dir +- end ++ @exts_dir ||= Gem.default_ext_dir_for(base_dir) || gems_dir + end + + ## +-- +1.8.1.2 + + +From 0937c0b0a3c2ed08ab5b0875f7f95e24157525c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Thu, 7 Feb 2013 13:07:34 +0100 +Subject: [PATCH 7/8] Fix binary extensions installation when --install-dir is + specified. + +--- + lib/rubygems/installer.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index f1f2ad7..e1577fc 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = File.join spec.ext_dir, spec.require_paths.first ++ dest_path = File.join(options[:install_dir] ? gem_dir : spec.ext_dir, spec.require_paths.first) + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +-- +1.8.1.2 + + +From 062a11c59731f5875d5a8821a212c8a41cb84577 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Fri, 15 Feb 2013 17:07:07 +0100 +Subject: [PATCH 8/8] Use correct option. + +--- + lib/rubygems/installer.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index e1577fc..1492c68 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -656,7 +656,7 @@ TEXT + say "This could take a while..." + end + +- dest_path = File.join(options[:install_dir] ? gem_dir : spec.ext_dir, spec.require_paths.first) ++ dest_path = File.join(@install_dir ? gem_dir : spec.ext_dir, spec.require_paths.first) + ran_rake = false # only run rake once + + spec.extensions.each do |extension| +-- +1.8.1.2 + diff --git a/SOURCES/rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch b/SOURCES/rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch new file mode 100644 index 0000000..878cf70 --- /dev/null +++ b/SOURCES/rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch @@ -0,0 +1,35 @@ +From 40ce9bfd4917f8d8aa023c92073ec5e9da898f71 Mon Sep 17 00:00:00 2001 +From: Eric Hodel +Date: Tue, 23 Jul 2013 13:47:53 -0700 +Subject: [PATCH] Fix test failure when ruby is not yet installed + +Other uses of ruby in a Makefile use ENV['RUBY'] which contains a +miniruby invocation when ruby is not yet installed (tests run during the +ruby build). +--- + test/rubygems/test_gem_ext_ext_conf_builder.rb | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/test/rubygems/test_gem_ext_ext_conf_builder.rb b/test/rubygems/test_gem_ext_ext_conf_builder.rb +index 33398ac..dfbf3fe 100644 +--- a/test/rubygems/test_gem_ext_ext_conf_builder.rb ++++ b/test/rubygems/test_gem_ext_ext_conf_builder.rb +@@ -120,8 +120,13 @@ def test_class_build_unconventional + extconf.puts <<-'EXTCONF' + include RbConfig + +-ruby_exe = "#{CONFIG['RUBY_INSTALL_NAME']}#{CONFIG['EXEEXT']}" +-ruby = File.join CONFIG['bindir'], ruby_exe ++ruby = ++ if ENV['RUBY'] then ++ ENV['RUBY'] ++ else ++ ruby_exe = "#{CONFIG['RUBY_INSTALL_NAME']}#{CONFIG['EXEEXT']}" ++ File.join CONFIG['bindir'], ruby_exe ++ end + + open 'Makefile', 'w' do |io| + io.write <<-Makefile +-- +1.8.5.5 + diff --git a/SOURCES/rubygems-2.3.0-refactor-checking-really_verbose.patch b/SOURCES/rubygems-2.3.0-refactor-checking-really_verbose.patch new file mode 100644 index 0000000..9353347 --- /dev/null +++ b/SOURCES/rubygems-2.3.0-refactor-checking-really_verbose.patch @@ -0,0 +1,219 @@ +From 75821c744f0bfda185eac35b91810254bf9e2367 Mon Sep 17 00:00:00 2001 +From: Aaron Patterson +Date: Wed, 5 Feb 2014 16:42:04 -0800 +Subject: [PATCH] refactor checking `really_verbose` + +This commit tries to reduce the number of places in RubyGems where we +test `really_verbose`. +--- + lib/rubygems/commands/cleanup_command.rb | 4 ++-- + lib/rubygems/dependency_installer.rb | 6 +++--- + lib/rubygems/installer.rb | 6 +++--- + lib/rubygems/package.rb | 2 +- + lib/rubygems/package/old.rb | 2 +- + lib/rubygems/rdoc.rb | 2 +- + lib/rubygems/remote_fetcher.rb | 23 ++++++++--------------- + lib/rubygems/user_interaction.rb | 8 ++++++++ + 8 files changed, 27 insertions(+), 26 deletions(-) + +diff --git a/lib/rubygems/commands/cleanup_command.rb b/lib/rubygems/commands/cleanup_command.rb +index c8f0082bfb..69975640fe 100644 +--- a/lib/rubygems/commands/cleanup_command.rb ++++ b/lib/rubygems/commands/cleanup_command.rb +@@ -66,10 +66,10 @@ def execute + + say "Clean Up Complete" + +- if Gem.configuration.really_verbose then ++ verbose do + skipped = @default_gems.map { |spec| spec.full_name } + +- say "Skipped default gems: #{skipped.join ', '}" ++ "Skipped default gems: #{skipped.join ', '}" + end + end + +diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_installer.rb +index 5644b5ce73..4ea3847b70 100644 +--- a/lib/rubygems/dependency_installer.rb ++++ b/lib/rubygems/dependency_installer.rb +@@ -165,9 +165,9 @@ def find_gems_with_sources dep, best_only=false # :nodoc: + # FIX if there is a problem talking to the network, we either need to always tell + # the user (no really_verbose) or fail hard, not silently tell them that we just + # couldn't find their requested gem. +- if Gem.configuration.really_verbose then +- say "Error fetching remote data:\t\t#{e.message}" +- say "Falling back to local-only install" ++ verbose do ++ "Error fetching remote data:\t\t#{e.message}\n" \ ++ "Falling back to local-only install" + end + @domain = :local + end +diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb +index cbae8234a1..548f1262a8 100644 +--- a/lib/rubygems/installer.rb ++++ b/lib/rubygems/installer.rb +@@ -357,7 +357,7 @@ def generate_windows_script(filename, bindir) + file.puts windows_stub_script(bindir, filename) + end + +- say script_path if Gem.configuration.really_verbose ++ verbose script_path + end + end + +@@ -408,7 +408,7 @@ def generate_bin_script(filename, bindir) + file.print app_script_text(filename) + end + +- say bin_script_path if Gem.configuration.really_verbose ++ verbose bin_script_path + + generate_windows_script filename, bindir + end +@@ -694,7 +694,7 @@ def build_extension extension, dest_path # :nodoc: + results = builder.build(extension, gem_dir, dest_path, + results, @build_args) + +- say results.join("\n") if Gem.configuration.really_verbose ++ verbose { results.join("\n") } + end + end + rescue +diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb +index ae20f22b94..417b34b79f 100644 +--- a/lib/rubygems/package.rb ++++ b/lib/rubygems/package.rb +@@ -347,7 +347,7 @@ def extract_tar_gz io, destination_dir, pattern = "*" # :nodoc: + out.write entry.read + end + +- say destination if Gem.configuration.really_verbose ++ verbose destination + end + end + end +diff --git a/lib/rubygems/package/old.rb b/lib/rubygems/package/old.rb +index 30c30c0201..c47210d2a0 100644 +--- a/lib/rubygems/package/old.rb ++++ b/lib/rubygems/package/old.rb +@@ -83,7 +83,7 @@ def extract_files destination_dir + out.write file_data + end + +- say destination if Gem.configuration.really_verbose ++ verbose destination + end + end + rescue Zlib::DataError +diff --git a/lib/rubygems/rdoc.rb b/lib/rubygems/rdoc.rb +index 633bd893a5..394e502051 100644 +--- a/lib/rubygems/rdoc.rb ++++ b/lib/rubygems/rdoc.rb +@@ -263,7 +263,7 @@ def legacy_rdoc *args + Gem::Requirement.new('>= 2.4.0') =~ self.class.rdoc_version + + r = new_rdoc +- say "rdoc #{args.join ' '}" if Gem.configuration.really_verbose ++ verbose { "rdoc #{args.join ' '}" } + + Dir.chdir @spec.full_gem_path do + begin +diff --git a/lib/rubygems/remote_fetcher.rb b/lib/rubygems/remote_fetcher.rb +index 2490c69556..9df48bf6f3 100644 +--- a/lib/rubygems/remote_fetcher.rb ++++ b/lib/rubygems/remote_fetcher.rb +@@ -168,8 +168,7 @@ def download(spec, source_uri, install_dir = Gem.dir) + when 'http', 'https' then + unless File.exist? local_gem_path then + begin +- say "Downloading gem #{gem_file_name}" if +- Gem.configuration.really_verbose ++ verbose "Downloading gem #{gem_file_name}" + + remote_gem_path = source_uri + "gems/#{gem_file_name}" + +@@ -179,8 +178,7 @@ def download(spec, source_uri, install_dir = Gem.dir) + + alternate_name = "#{spec.original_name}.gem" + +- say "Failed, downloading gem #{alternate_name}" if +- Gem.configuration.really_verbose ++ verbose "Failed, downloading gem #{alternate_name}" + + remote_gem_path = source_uri + "gems/#{alternate_name}" + +@@ -199,8 +197,7 @@ def download(spec, source_uri, install_dir = Gem.dir) + local_gem_path = source_uri.to_s + end + +- say "Using local gem #{local_gem_path}" if +- Gem.configuration.really_verbose ++ verbose "Using local gem #{local_gem_path}" + when nil then # TODO test for local overriding cache + source_path = if Gem.win_platform? && source_uri.scheme && + !source_uri.path.include?(':') then +@@ -218,8 +215,7 @@ def download(spec, source_uri, install_dir = Gem.dir) + local_gem_path = source_uri.to_s + end + +- say "Using local gem #{local_gem_path}" if +- Gem.configuration.really_verbose ++ verbose "Using local gem #{local_gem_path}" + else + raise ArgumentError, "unsupported URI scheme #{source_uri.scheme}" + end +@@ -506,8 +502,7 @@ def fetch + begin + @requests[connection.object_id] += 1 + +- say "#{request.method} #{uri}" if +- Gem.configuration.really_verbose ++ verbose "#{request.method} #{uri}" + + file_name = File.basename(uri.path) + # perform download progress reporter only for gems +@@ -536,11 +531,10 @@ def fetch + response = connection.request request + end + +- say "#{response.code} #{response.message}" if +- Gem.configuration.really_verbose ++ verbose "#{response.code} #{response.message}" + + rescue Net::HTTPBadResponse +- say "bad response" if Gem.configuration.really_verbose ++ verbose "bad response" + + reset connection + +@@ -555,8 +549,7 @@ def fetch + Errno::ECONNABORTED, Errno::ECONNRESET, Errno::EPIPE + + requests = @requests[connection.object_id] +- say "connection reset after #{requests} requests, retrying" if +- Gem.configuration.really_verbose ++ verbose "connection reset after #{requests} requests, retrying" + + raise FetchError.new('too many connection resets', uri) if retried + +diff --git a/lib/rubygems/user_interaction.rb b/lib/rubygems/user_interaction.rb +index f5e460f994..42ab6e2c24 100644 +--- a/lib/rubygems/user_interaction.rb ++++ b/lib/rubygems/user_interaction.rb +@@ -119,6 +119,14 @@ def say statement = '' + def terminate_interaction(*args) + ui.terminate_interaction(*args) + end ++ ++ ## ++ # Calls +say+ with +msg+ or the results of the block if really_verbose ++ # is true. ++ ++ def verbose msg = nil ++ say(msg || yield) if Gem.configuration.really_verbose ++ end + end + + ## diff --git a/SOURCES/test_abrt.rb b/SOURCES/test_abrt.rb new file mode 100644 index 0000000..6d110ba --- /dev/null +++ b/SOURCES/test_abrt.rb @@ -0,0 +1,7 @@ +if !!$LOADED_FEATURES.detect { |f| f =~ /abrt\.rb/ } + exit true +else + puts 'ERROR: ABRT hook was not loaded.' + + exit false +end diff --git a/SOURCES/test_systemtap.rb b/SOURCES/test_systemtap.rb new file mode 100644 index 0000000..eb518df --- /dev/null +++ b/SOURCES/test_systemtap.rb @@ -0,0 +1,64 @@ +require 'set' + +LIBRUBY_SO = 'libruby.so' +PROBES_D = 'probes.d' + +### +# Detect SystemTap section headers presence. + +stap_headers = [ + '\.stapsdt\.base', + '\.note\.stapsdt' +] + +header_regexp = %r{ (#{stap_headers.join('|')}) } + +section_headers = `readelf -S "#{LIBRUBY_SO}"` +detected_stap_headers = section_headers.scan(header_regexp).flatten + +# Assume there are both headers until this is proven wrong ;) +unless detected_stap_headers.size == 2 + puts 'ERROR: SystemTap (DTrace) headers were not detected in resulting library.' + exit false +end + +### +# Find if every declared probe is propagated to resulting library. + +# Colect probes specified in probes.d file. +probes = [] + +File.open(PROBES_D) do |file| + file.each_line do |line| + if probe = line[/probe (\S+)\(.*\);/, 1] + probes << probe + end + end +end + +probes = Set.new probes + +# These probes are excluded by VM_COLLECT_USAGE_DETAILS ifdef. +EXCLUDE_PROBES = Set.new %w(insn insn__operand) +unless EXCLUDE_PROBES.subset? probes + puts 'ERROR: Change in SystemTap (DTrace) probes definition file detected.' + exit false +end + +probes -= EXCLUDE_PROBES + +# Detect probes in resulting library. +probe_regexp = %r{ +^\s*stapsdt\s*0[xX][0-9a-fA-F]+\tNT_STAPSDT \(SystemTap probe descriptors\)$ +^\s*Provider: ruby$ +^\s*Name: (\S+)$ +} + +notes = `readelf -n "#{LIBRUBY_SO}"` +detected_probes = Set.new notes.scan(probe_regexp).flatten + +# Both sets must be equal, otherwise something is wrong. +unless probes == detected_probes + puts 'ERROR: SystemTap (DTrace) probes were not correctly propagated into resulting library.' + exit false +end diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec new file mode 100644 index 0000000..21d59ba --- /dev/null +++ b/SPECS/ruby.spec @@ -0,0 +1,2396 @@ +%global major_version 2 +%global minor_version 0 +%global teeny_version 0 +%global patch_level 648 + +%global major_minor_version %{major_version}.%{minor_version} + +%global ruby_version %{major_minor_version}.%{teeny_version} +%global ruby_version_patch_level %{major_minor_version}.%{teeny_version}.%{patch_level} +%global ruby_release %{ruby_version} + +# Specify the named version. It has precedense to revision. +#%%global milestone preview2 + +# Keep the revision enabled for pre-releases from SVN. +#%%global revision 39387 + +%global ruby_archive %{name}-%{ruby_version} + +# If revision and milestone are removed/commented out, the official release build is expected. +%if 0%{?milestone:1}%{?revision:1} != 0 +%global development_release %{?milestone}%{?!milestone:%{?revision:r%{revision}}} +%global ruby_archive %{ruby_archive}-%{?milestone}%{?!milestone:%{?revision:r%{revision}}} +%else +%global ruby_archive %{ruby_archive}-p%{patch_level} +%endif + + +%global release 36 +%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} + +%global rubygems_version 2.0.14.1 + +# The RubyGems library has to stay out of Ruby directory three, since the +# RubyGems should be share by all Ruby implementations. +%global rubygems_dir %{_datadir}/rubygems + +%global rake_version 0.9.6 +# TODO: The IRB has strange versioning. Keep the Ruby's versioning ATM. +# http://redmine.ruby-lang.org/issues/5313 +%global irb_version %{ruby_version_patch_level} +%global rdoc_version 4.0.0 +%global bigdecimal_version 1.2.0 +%global io_console_version 0.4.2 +%global json_version 1.7.7 +%global minitest_version 4.3.2 +%global psych_version 2.0.0 + +# Might not be needed in the future, if we are lucky enough. +# https://bugzilla.redhat.com/show_bug.cgi?id=888262 +%global tapset_root %{_datadir}/systemtap +%global tapset_dir %{tapset_root}/tapset +%global tapset_libdir %(echo %{_libdir} | sed 's/64//')* + +%global _normalized_cpu %(echo %{_target_cpu} | sed 's/^ppc/powerpc/;s/i.86/i386/;s/sparcv./sparc/') + +%if 0%{?fedora} >= 19 +%global with_rubypick 1 +%endif + +Summary: An interpreter of object-oriented scripting language +Name: ruby +Version: %{ruby_version_patch_level} +Release: %{release_string} +Group: Development/Languages +# Public Domain for example for: include/ruby/st.h, strftime.c, ... +License: (Ruby or BSD) and Public Domain +URL: http://ruby-lang.org/ +Source0: ftp://ftp.ruby-lang.org/pub/%{name}/%{major_minor_version}/%{ruby_archive}.tar.bz2 +Source1: operating_system.rb +# TODO: Try to push SystemTap support upstream. +Source2: libruby.stp +Source3: ruby-exercise.stp +Source4: macros.ruby +Source5: macros.rubygems +Source6: abrt_prelude.rb +# This wrapper fixes https://bugzilla.redhat.com/show_bug.cgi?id=977941 +# Hopefully, it will get removed soon: +# https://fedorahosted.org/fpc/ticket/312 +# https://bugzilla.redhat.com/show_bug.cgi?id=977941 +Source7: config.h +# ABRT hoook test case. +Source8: test_abrt.rb +# SystemTap tests. +Source9: test_systemtap.rb + + +# Include the constants defined in macros files. +# http://rpm.org/ticket/866 +%{lua: + +function source_macros(file) + local macro = nil + + for line in io.lines(file) do + if not macro and line:match("^%%") then + macro = line:match("^%%(.*)$") + line = nil + end + + if macro then + if line and macro:match("^.-%s*\\%s*$") then + macro = macro .. '\n' .. line + end + + if not macro:match("^.-%s*\\%s*$") then + rpm.define(macro) + macro = nil + end + end + end +end + +source_macros(rpm.expand("%{SOURCE4}")) +source_macros(rpm.expand("%{SOURCE5}")) + +} + +# http://bugs.ruby-lang.org/issues/7807 +Patch0: ruby-2.0.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +# Force multiarch directories for i.86 to be always named i386. This solves +# some differencies in build between Fedora and RHEL. +Patch3: ruby-1.9.3-always-use-i386.patch +# Fixes random WEBRick test failures. +# https://bugs.ruby-lang.org/issues/6573. +Patch5: ruby-1.9.3.p195-fix-webrick-tests.patch +# Allows to install RubyGems into custom directory, outside of Ruby's tree. +# http://redmine.ruby-lang.org/issues/5617 +Patch8: ruby-1.9.3-custom-rubygems-location.patch +# Add support for installing binary extensions according to FHS. +# https://github.com/rubygems/rubygems/issues/210 +# Note that 8th patch might be resolved by +# https://bugs.ruby-lang.org/issues/7897 +Patch9: rubygems-2.0.0-binary-extensions.patch +# Make mkmf verbose by default +Patch12: ruby-1.9.3-mkmf-verbose.patch +# This slightly changes behavior of "gem install --install-dir" behavior. +# Without this patch, Specifications.dirs is modified and gems installed on +# the system cannot be required anymore. This causes later issues when RDoc +# documentation should be generated, since json gem is sudenly not accessible. +# https://github.com/rubygems/rubygems/pull/452 +Patch13: rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch +# This prevents issues, when ruby configuration specifies --with-ruby-version=''. +# https://github.com/rubygems/rubygems/pull/455 +Patch14: rubygems-2.0.0-Fixes-for-empty-ruby-version.patch +# Adds aarch64 support. +# http://bugs.ruby-lang.org/issues/8331 +# https://bugzilla.redhat.com/show_bug.cgi?id=926463 +# Please note that this is the BZ patch, it might be good idea to update it +# with its upstream version when available. +Patch16: ruby-2.0.0-p195-aarch64.patch +# Adds support for '--with-prelude' configuration option. This allows to built +# in support for ABRT. +# http://bugs.ruby-lang.org/issues/8566 +Patch17: ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch +# CVE-2014-4975: Fix off-by-one stack-based buffer overflow in the encodes() function +# https://bugs.ruby-lang.org/issues/10019 +Patch24: ruby-2.1.0-CVE-2014-4975-fix-buffer-overru-by-tail_lf.patch +# Remove tests depending on europe/moscow to avoid failures due to tzdata change +# https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 +Patch26: ruby-2.3.1-remove-tests-depending-on-europe-moscow.patch +# Raise an Error on a unterminated heredoc +# https://github.com/rdoc/rdoc/commit/f4f5b94285aa9b20cacf78bda61450e17be63a22 +Patch27: rubygem-rdoc-4.0.1-unterminated-heredoc.patch +# Fix tk extconf not to include -rpath +# - p24 is upstream revision +# - p25 is my fix for the revision (otherwise tcl/tk won't build) +# https://bugs.ruby-lang.org/issues/9386 +Patch28: ruby-trunk-tk-rpath-fix.patch +Patch29: ruby-trunk-tk-extconf-fix.patch +# Fix test_execute_default_gem(TestGemCommandsContentsCommand) test error. +# https://github.com/rubygems/rubygems/commit/6b8681421b516be1244e17618507811923b1bb3b +Patch30: rubygems-2.1.0-Fix-test-failure-when-ruby-is-not-yet-installed.patch +# Fix "dh key too small" error of OpenSSL 1.0.2c+. +# https://github.com/rubygems/rubygems/issues/1289 +# https://github.com/ruby/ruby/commit/6398515adfc86813686605019a3e22d49cd95517 +Patch31: ruby-2.3.0-test_gem_remote_fetcher.rb-get-rid-of-errors.patch +# Fix significant hash table performance slowdown on ppc64le +# https://bugzilla.redhat.com/show_bug.cgi?id=1163032 +# https://github.com/ruby/ruby/commit/59ed302965c5e38526ad33b13d8361859c5e7726 +Patch32: ruby-2.1.0-fix-hash-table-performance-slowdown-on-ppc64le.patch +# Support in no_proxy for domain names with whitespaces and leading dots +# https://bugzilla.redhat.com/show_bug.cgi?id=1300433 +# https://github.com/ruby/ruby/commit/423d042371d0402071c309dc403ea2701600a98b +Patch33: ruby-2.4.0-no_proxy-with-whitespaces-and-leading-dots.patch +# Fix missing declaration of 'rb_frame_last_func' +# https://github.com/ruby/ruby/commit/428791543be9e13af9426970f5796f3157dd30a0 +Patch34: ruby-2.2.0-fix-missing-declaration-of-rb_frame_last_func.patch +# Fix hostname size limit +# https://bugs.ruby-lang.org/issues/11877 +# https://bugzilla.redhat.com/show_bug.cgi?id=1343945 +Patch35: ruby-2.1.0-fix-hostname-size-limit.patch +# Fix test_npn_protocol_selection_ary and test_npn_protocol_selection_enum +# failures with newest openssl. +# https://bugzilla.redhat.com/show_bug.cgi?id=1416123 +# https://bugs.ruby-lang.org/issues/11369 +Patch36: ruby-2.2.4-check-length-of-selected-NPN-protocol.patch +# https://bugs.ruby-lang.org/issues/11810 +Patch37: ruby-2.2.6-fix-parsing-protocol-list.patch +# CVE-2017-0903: Fix unsafe object deserialization through YAML formatted gem +# specifications. +# https://bugs.ruby-lang.org/issues/14003 +Patch38: ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization-vulnerability.patch +# CVE-2017-0899 - Fix an ANSI escape sequence vulnerability. +# CVE-2017-0900 - Fix a DOS vulernerability in the query command. +# CVE-2017-0901 - Fix a vulnerability in the gem installer that allowed +# a malicious gem to overwrite arbitrary files. +# CVE-2017-0902 - Fix a DNS request hijacking vulnerability. +# https://bugs.ruby-lang.org/issues/13842 +Patch39: ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch +# CVE-2017-0898 - Buffer underrun vulnerability in Kernel.sprintf +# https://bugs.ruby-lang.org/issues/13499 +Patch40: ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch +# CVE-2017-10784 - Escape sequence injection vulnerability in the Basic +# authentication of WEBrick +# https://github.com/ruby/ruby/commit/8a81d04d2588d9c7a898473b431a0dabcab39fbd +Patch41: ruby-2.2.8-sanitize-any-type-of-logs.patch +# CVE-2017-14064 - Arbitrary heap exposure during a JSON.generate call +# https://bugs.ruby-lang.org/issues/13853 +Patch42: ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch +# CVE-2017-17405 - Command injection vulnerability in Net::FTP +# https://bugs.ruby-lang.org/issues/14185 +Patch43: ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch +# CVE-2017-14033 - Buffer underrun in OpenSSL ASN1 decode. +# https://github.com/ruby/ruby/commit/5450329ad1778d72f117b68e5edb97ae1bf4d438 +Patch44: ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch +# CVE-2017-17790 - Command injection in lib/resolv.rb:lazy_initialize() allows +# arbitrary code execution +# https://bugs.ruby-lang.org/issues/14205 +Patch45: ruby-2.5.0-Fixed-command-Injection.patch +# Patch for CVE-2017-0903 depends on Psych.safe_load method, which should be +# available in Psych 2.0.0, which is being part of Ruby 2.0.0, but that is +# apparently not true :/ +# https://github.com/ruby/ruby/commit/476a62fbbec0c8b7dafb74827447cfb4ebd7dd06 +Patch46: ruby-2.1.0-there-should-be-only-one-exception.patch +# https://github.com/ruby/ruby/commit/7ceafcbdf5bd2155704839f97b869e689f66feeb +Patch47: ruby-2.1.0-Adding-Psych.safe_load.patch +# Recent tzdata change breaks Ruby test suite. +# https://bugs.ruby-lang.org/issues/14438 +Patch48: ruby-2.5.0-Disable-Tokyo-TZ-tests.patch +# TestTimeTZ test failures Kiritimati and Lisbon +# https://bugs.ruby-lang.org/issues/14655 +Patch49: ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch +# CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work. +# https://bugzilla.redhat.com/show_bug.cgi?id=1643086 +# https://github.com/ruby/openssl/commit/f653cfa43f0f20e8c440122ea982382b6228e7f5 +# https://github.com/ruby/ruby/commit/93bc10272734cbbb9197470ca629cc4ea019f6f0 +Patch50: ruby-2.5.3-fix-openssl-x509-name.patch +# CVE-2018-8778: Fix buffer under-read in String#unpack +# https://bugzilla.redhat.com/show_bug.cgi?id=1561953 +# https://github.com/ruby/ruby/commit/b9121fe7602a560c4fee9ab353a7f57a3988ec73 +Patch51: ruby-2.3.8-pack.c-fix-underflow.patch +# CVE-2017-17742: Fix HTTP response splitting in WEBrick +# https://bugzilla.redhat.com/show_bug.cgi?id=1561952 +# https://github.com/ruby/ruby/commit/bbda1a027475bf7ce5e1a9583a7b55d0be71c8fe +Patch52: ruby-2.2.10-webrick-prevent-response.patch +# CVE-2018-8777: Fix DoS by large request in WEBrick +# https://bugzilla.redhat.com/show_bug.cgi?id=1561950 +# https://github.com/ruby/ruby/commit/a45622669bb1ff18d3ee9b411128acd839c4263e +Patch53: ruby-2-2.10-webrick-avoid-large-request.patch +# Fix tests for Ruby 2.0 compatibility. +Patch54: ruby-2-2.10-webrick-avoid-large-request-fix-tests.patch +# CVE-2018-8780: Fix directory traversal by poisoned NULL byte in Dir. +# https://bugzilla.redhat.com/show_bug.cgi?id=1561949 +# https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 +Patch55: ruby-2.2.10-fix-dir.c-check-nul-bytes.patch +# CVE-2018-6914: Fix file and directory creation with directory traversal. +# https://bugzilla.redhat.com/show_bug.cgi?id=1561947 +# https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b +Patch56: ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name.patch +# Fix tests for Ruby 2.0 compatibility. +Patch57: ruby-2.2.10-ignore-file-separator-from-tmp-file-dir-name-tests.patch +# CVE-2018-8779: Fix socket creation by poisoned NULL byte. +# https://bugzilla.redhat.com/show_bug.cgi?id=1561948 +# https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 +Patch58: ruby-2.2.10-fix-socket-creation-by_null-byte.patch +# CVE-2018-16396: Fix flags not propagated in Array#pack and String#unpack. +# https://bugzilla.redhat.com/show_bug.cgi?id=1643089 +# https://github.com/ruby/ruby/commit/b18c513e24dad5f464701a4ad49ac699f435bbbe +Patch59: ruby-2.3.8-fix-flags-not-propagated-in-array-pack-and-string-unpack.patch +# CVE-2018-1000075: Strictly interpret octal fields in tar headers. +# https://bugzilla.redhat.com/show_bug.cgi?id=1547420 +# CVE-2018-1000076: Raise a security error for duplicate files in a package. +# https://bugzilla.redhat.com/show_bug.cgi?id=1547421 +# CVE-2018-1000077: Enforce URL validation on spec homepage attribute. +# https://bugzilla.redhat.com/show_bug.cgi?id=1547422 +# CVE-2018-1000078: Mitigate XSS vulnerability in homepage attribute. +# https://bugzilla.redhat.com/show_bug.cgi?id=1547425 +# CVE-2018-1000079: Prevent Path Traversal issue during gem installation. +# https://bugzilla.redhat.com/show_bug.cgi?id=1547426 +# https://github.com/ruby/ruby/commit/664b94fd2b4b19edd7d75c6bbcd3154905b2624e +Patch60: ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities.patch +# Fix test modified by ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities.patch +# Change testing digest class from Digest to OpenSSL::Digest::SHA512, +# because when for current logic, the digest class does not have name method, +# lib/rubygems/package/tar_writer.rb#add_file_digest raises an error. +# Upstream changed the logic on Ruby 2.1.0 by +# https://github.com/ruby/ruby/commit/269503b544247b5b3e30dbe60a0bab4f2ca00e4e +Patch61: ruby-2.2.10-rubygems-2.7.6-multiple-vulnerabilities-tests.patch +# CVE-2018-1000074: Fix Unsafe Object Deserialization Vulnerability in gem owner. +# https://bugzilla.redhat.com/show_bug.cgi?id=1547419 +# https://github.com/ruby/ruby/commit/08fb5c2153deaee53e481ebe3602fe1d59e256c7 +# https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d +Patch62: ruby-2.3.8-rubygems-2.7.6-fix-unsafe-object-deserialization.patch +# Refresh expired certificates. +# https://bugs.ruby-lang.org/issues/15502 +Patch63: ruby-2.6.0-Try-to-update-cert.patch +# CVE-2018-1000073: Path traversal when writing to a symlinked basedir outside +# of the root +# https://bugzilla.redhat.com/show_bug.cgi?id=1547418 +# https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2 +Patch64: ruby-2.3.8-rubygems-2.7.6-install-location-deducing-symlinked-base-dirs.patch +# https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099 +Patch65: ruby-2.3.8-rubygems-2.7.6-a-safe-mkdir-to-verify-inside-destination-dir.patch +# Introduce `Gem::UserInteraction#verbose` method as precondition +# to fix CVE-2019-8321. +# https://github.com/rubygems/rubygems/commit/75821c744f0bfda185eac35b91810254bf9e2367 +Patch66: rubygems-2.3.0-refactor-checking-really_verbose.patch +# CVE-2019-8321: Escape sequence injection vulnerability in verbose +# https://bugzilla.redhat.com/show_bug.cgi?id=1692514 +# CVE-2019-8322: Escape sequence injection vulnerability in gem owner +# https://bugzilla.redhat.com/show_bug.cgi?id=1692516 +# CVE-2019-8323: Escape sequence injection vulnerability in API response handling +# https://bugzilla.redhat.com/show_bug.cgi?id=1692519 +# CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution +# https://bugzilla.redhat.com/show_bug.cgi?id=1692520 +# CVE-2019-8325: Escape sequence injection vulnerability in errors +# https://bugzilla.redhat.com/show_bug.cgi?id=1692522 +# https://github.com/ruby/ruby/commit/f86e5daee790ee509cb17f4f51f95cc76ca89a4e +Patch67: ruby-2.4.6-Applied-security-patches-for-RubyGems.patch + +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: ruby(rubygems) >= %{rubygems_version} +# Make the bigdecimal gem a runtime dependency of Ruby to avoid problems +# with user-installed gems, that don't require it in gemspec/Gemfile +# See https://bugzilla.redhat.com/show_bug.cgi?id=829209 +# and http://bugs.ruby-lang.org/issues/6123 +Requires: rubygem(bigdecimal) >= %{bigdecimal_version} + +BuildRequires: autoconf +BuildRequires: gdbm-devel +BuildRequires: ncurses-devel +BuildRequires: libdb-devel +BuildRequires: libffi-devel +BuildRequires: openssl-devel +BuildRequires: libyaml-devel +BuildRequires: readline-devel +BuildRequires: tk-devel +# Needed to pass test_set_program_name(TestRubyOptions) +BuildRequires: procps +BuildRequires: %{_bindir}/dtrace +# Unbundle cert.pem +BuildRequires: ca-certificates + +# This package provides %%{_bindir}/ruby-mri therefore it is marked by this +# virtual provide. It can be installed as dependency of rubypick. +Provides: ruby(runtime_executable) = %{ruby_release} + +%global __provides_exclude_from ^(%{ruby_libarchdir}|%{gem_archdir})/.*\\.so$ + +%description +Ruby is the interpreted scripting language for quick and easy +object-oriented programming. It has many features to process text +files and to do system management tasks (as in Perl). It is simple, +straight-forward, and extensible. + + +%package devel +Summary: A Ruby development environment +Group: Development/Languages +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +Header files and libraries for building an extension library for the +Ruby or an application embedding Ruby. + +%package libs +Summary: Libraries necessary to run Ruby +Group: Development/Libraries +License: Ruby or BSD +Provides: ruby(release) = %{ruby_release} + +%description libs +This package includes the libruby, necessary to run Ruby. + +# TODO: Rename or not rename to ruby-rubygems? +%package -n rubygems +Summary: The Ruby standard for packaging ruby libraries +Version: %{rubygems_version} +Group: Development/Libraries +License: Ruby or MIT +Requires: ruby(release) +Requires: rubygem(rdoc) >= %{rdoc_version} +Requires: rubygem(io-console) >= %{io_console_version} +Requires: rubygem(psych) >= %{psych_version} +Requires: ca-certificates +Provides: gem = %{version}-%{release} +Provides: ruby(rubygems) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygems +RubyGems is the Ruby standard for publishing and managing third party +libraries. + + +%package -n rubygems-devel +Summary: Macros and development tools for packaging RubyGems +Version: %{rubygems_version} +Group: Development/Libraries +License: Ruby or MIT +Requires: ruby(rubygems) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygems-devel +Macros and development tools for packaging RubyGems. + + +%package -n rubygem-rake +Summary: Ruby based make-like utility +Version: %{rake_version} +Group: Development/Libraries +License: Ruby or MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rake = %{version}-%{release} +Provides: rubygem(rake) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygem-rake +Rake is a Make-like program implemented in Ruby. Tasks and dependencies are +specified in standard Ruby syntax. + + +%package irb +Summary: The Interactive Ruby +Version: %{irb_version} +Group: Development/Libraries +Requires: %{name}-libs = %{ruby_version_patch_level} +Provides: irb = %{version}-%{release} +Provides: ruby(irb) = %{version}-%{release} +BuildArch: noarch + +%description irb +The irb is acronym for Interactive Ruby. It evaluates ruby expression +from the terminal. + + +%package -n rubygem-rdoc +Summary: A tool to generate HTML and command-line documentation for Ruby projects +Version: %{rdoc_version} +Group: Development/Libraries +License: GPLv2 and Ruby and MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Requires: ruby(irb) = %{irb_version} +Requires: rubygem(json) >= %{json_version} +Provides: rdoc = %{version}-%{release} +Provides: ri = %{version}-%{release} +Provides: rubygem(rdoc) = %{version}-%{release} +Obsoletes: ruby-rdoc < %{version} +Obsoletes: ruby-ri < %{version} +BuildArch: noarch + +%description -n rubygem-rdoc +RDoc produces HTML and command-line documentation for Ruby projects. RDoc +includes the 'rdoc' and 'ri' tools for generating and displaying online +documentation. + + +%package doc +Summary: Documentation for %{name} +Group: Documentation +Requires: %{_bindir}/ri +BuildArch: noarch + +%description doc +This package contains documentation for %{name}. + + +%package -n rubygem-bigdecimal +Summary: BigDecimal provides arbitrary-precision floating point decimal arithmetic +Version: %{bigdecimal_version} +Group: Development/Libraries +License: GPL+ or Artistic +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(bigdecimal) = %{version}-%{release} + +%description -n rubygem-bigdecimal +Ruby provides built-in support for arbitrary precision integer arithmetic. +For example: + +42**13 -> 1265437718438866624512 + +BigDecimal provides similar support for very large or very accurate floating +point numbers. Decimal arithmetic is also useful for general calculation, +because it provides the correct answers people expect–whereas normal binary +floating point arithmetic often introduces subtle errors because of the +conversion between base 10 and base 2. + + +%package -n rubygem-io-console +Summary: IO/Console is a simple console utilizing library +Version: %{io_console_version} +Group: Development/Libraries +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(io-console) = %{version}-%{release} + +%description -n rubygem-io-console +IO/Console provides very simple and portable access to console. It doesn't +provide higher layer features, such like curses and readline. + + +%package -n rubygem-json +Summary: This is a JSON implementation as a Ruby extension in C +Version: %{json_version} +Group: Development/Libraries +License: Ruby or GPLv2 +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(json) = %{version}-%{release} + +%description -n rubygem-json +This is a implementation of the JSON specification according to RFC 4627. +You can think of it as a low fat alternative to XML, if you want to store +data to disk or transmit it over a network rather than use a verbose +markup language. + + +%package -n rubygem-minitest +Summary: Minitest provides a complete suite of testing facilities +Version: %{minitest_version} +Group: Development/Libraries +License: MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(minitest) = %{version}-%{release} +BuildArch: noarch + +%description -n rubygem-minitest +minitest/unit is a small and incredibly fast unit testing framework. + +minitest/spec is a functionally complete spec engine. + +minitest/benchmark is an awesome way to assert the performance of your +algorithms in a repeatable manner. + +minitest/mock by Steven Baker, is a beautifully tiny mock object +framework. + +minitest/pride shows pride in testing and adds coloring to your test +output. + + +%package -n rubygem-psych +Summary: A libyaml wrapper for Ruby +Version: %{psych_version} +Group: Development/Libraries +License: MIT +Requires: ruby(release) +Requires: ruby(rubygems) >= %{rubygems_version} +Provides: rubygem(psych) = %{version}-%{release} + +%description -n rubygem-psych +Psych is a YAML parser and emitter. Psych leverages +libyaml[http://pyyaml.org/wiki/LibYAML] for its YAML parsing and emitting +capabilities. In addition to wrapping libyaml, Psych also knows how to +serialize and de-serialize most Ruby objects to and from the YAML format. + +# TODO: +# %%pacakge -n rubygem-test-unit + + +%package tcltk +Summary: Tcl/Tk interface for scripting language Ruby +Group: Development/Languages +Requires: %{name}-libs%{?_isa} = %{ruby_version_patch_level} +Provides: ruby(tcltk) = %{ruby_version_patch_level}-%{release} + +%description tcltk +Tcl/Tk interface for the object-oriented scripting language Ruby. + +%prep +%setup -q -n %{ruby_archive} + +%patch0 -p1 +%patch3 -p1 +%patch5 -p1 +%patch8 -p1 +%patch9 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch16 -p1 +%patch17 -p1 +%patch24 +%patch26 -p1 +%patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p1 +%patch38 -p1 +%patch39 -p1 +%patch40 -p1 +%patch41 -p1 +%patch42 -p1 +%patch43 -p1 +%patch44 -p1 +%patch45 -p1 +%patch46 -p1 +%patch47 -p1 +%patch48 -p1 +%patch49 -p1 +%patch50 -p1 +%patch51 -p1 +%patch52 -p1 +%patch53 -p1 +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 + +# Provide an example of usage of the tapset: +cp -a %{SOURCE3} . + +# Make abrt_prelude.rb available for compilation process. The prelude must be +# available together with Ruby's source due to +# https://github.com/ruby/ruby/blob/trunk/tool/compile_prelude.rb#L26 +cp -a %{SOURCE6} . + +%build +autoconf + +%configure \ + --with-rubylibprefix='%{ruby_libdir}' \ + --with-rubyarchprefix='%{ruby_libarchdir}' \ + --with-sitedir='%{ruby_sitelibdir}' \ + --with-sitearchdir='%{ruby_sitearchdir}' \ + --with-vendordir='%{ruby_vendorlibdir}' \ + --with-vendorarchdir='%{ruby_vendorarchdir}' \ + --with-rubyhdrdir='%{_includedir}' \ + --with-rubyarchhdrdir='%{_includedir}' \ + --with-sitearchhdrdir='$(sitehdrdir)/$(arch)' \ + --with-vendorarchhdrdir='$(vendorhdrdir)/$(arch)' \ + --with-rubygemsdir='%{rubygems_dir}' \ + --with-ruby-pc='%{name}.pc' \ + --disable-rpath \ + --enable-shared \ + --with-ruby-version='' \ + --enable-multiarch \ + --with-prelude=./abrt_prelude.rb \ + + + +# Q= makes the build output more verbose and allows to check Fedora +# compiler options. +make %{?_smp_mflags} COPY="cp -p" Q= + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} + +# Rename ruby/config.h to ruby/config-.h to avoid file conflicts on +# multilib systems and install config.h wrapper +mv %{buildroot}%{_includedir}/%{name}/config.h %{buildroot}%{_includedir}/%{name}/config-%{_arch}.h +install -m644 %{SOURCE7} %{buildroot}%{_includedir}/%{name}/config.h + +# Rename the ruby executable. It is replaced by RubyPick. +%{?with_rubypick:mv %{buildroot}%{_bindir}/%{name}{,-mri}} + +# Version is empty if --with-ruby-version is specified. +# http://bugs.ruby-lang.org/issues/7807 +sed -i 's/Version: \${ruby_version}/Version: %{ruby_version}/' %{buildroot}%{_libdir}/pkgconfig/%{name}.pc + +# Kill bundled certificates, as they should be part of ca-certificates. +for cert in \ + AddTrustExternalCARoot-2048.pem \ + AddTrustExternalCARoot.pem \ + Class3PublicPrimaryCertificationAuthority.pem \ + DigiCertHighAssuranceEVRootCA.pem \ + EntrustnetSecureServerCertificationAuthority.pem \ + GeoTrustGlobalCA.pem +do + rm %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert +done +# Ensure there is not forgotten any certificate. +test ! "$(ls -A %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ 2>/dev/null)" + +# Move macros file insto proper place and replace the %%{name} macro, since it +# would be wrongly evaluated during build of other packages. +mkdir -p %{buildroot}%{_sysconfdir}/rpm +install -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/rpm/macros.ruby +sed -i "s/%%{name}/%{name}/" %{buildroot}%{_sysconfdir}/rpm/macros.ruby +install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/rpm/macros.rubygems +sed -i "s/%%{name}/%{name}/" %{buildroot}%{_sysconfdir}/rpm/macros.rubygems + +# Kill bundled cert.pem +mkdir -p %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ +ln -sf %{_sysconfdir}/pki/tls/cert.pem \ + %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ca-bundle.pem + +# Install custom operating_system.rb. +mkdir -p %{buildroot}%{rubygems_dir}/rubygems/defaults +cp %{SOURCE1} %{buildroot}%{rubygems_dir}/rubygems/defaults + +# Move gems root into common direcotry, out of Ruby directory structure. +mv %{buildroot}%{ruby_libdir}/gems %{buildroot}%{gem_dir} + +# Create folders for gem binary extensions. +# TODO: These folders should go into rubygem-filesystem but how to achieve it, +# since noarch package cannot provide arch dependent subpackages? +# http://rpm.org/ticket/78 +mkdir -p %{buildroot}%{_exec_prefix}/lib{,64}/gems/%{name} + +# Move bundled rubygems to %%gem_dir and %%gem_extdir_mri +# make symlinks for io-console and bigdecimal, which are considered to be part of stdlib by other Gems +mkdir -p %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/lib +mv %{buildroot}%{ruby_libdir}/rake* %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/rake-%{rake_version}.gemspec %{buildroot}%{gem_dir}/specifications + +mkdir -p %{buildroot}%{gem_dir}/gems/rdoc-%{rdoc_version}/lib +mv %{buildroot}%{ruby_libdir}/rdoc* %{buildroot}%{gem_dir}/gems/rdoc-%{rdoc_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/rdoc-%{rdoc_version}.gemspec %{buildroot}%{gem_dir}/specifications + +mkdir -p %{buildroot}%{gem_dir}/gems/bigdecimal-%{bigdecimal_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version}/lib +mv %{buildroot}%{ruby_libdir}/bigdecimal %{buildroot}%{gem_dir}/gems/bigdecimal-%{bigdecimal_version}/lib +mv %{buildroot}%{ruby_libarchdir}/bigdecimal.so %{buildroot}%{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/bigdecimal-%{bigdecimal_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/bigdecimal-%{bigdecimal_version}/lib/bigdecimal %{buildroot}%{ruby_libdir}/bigdecimal +ln -s %{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version}/lib/bigdecimal.so %{buildroot}%{ruby_libarchdir}/bigdecimal.so + +mkdir -p %{buildroot}%{gem_dir}/gems/io-console-%{io_console_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/io-console-%{io_console_version}/lib/io +mv %{buildroot}%{ruby_libdir}/io %{buildroot}%{gem_dir}/gems/io-console-%{io_console_version}/lib +mv %{buildroot}%{ruby_libarchdir}/io/console.so %{buildroot}%{_libdir}/gems/%{name}/io-console-%{io_console_version}/lib/io +mv %{buildroot}%{gem_dir}/specifications/default/io-console-%{io_console_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/io-console-%{io_console_version}/lib/io %{buildroot}%{ruby_libdir}/io +ln -s %{_libdir}/gems/%{name}/io-console-%{io_console_version}/lib/io/console.so %{buildroot}%{ruby_libarchdir}/io/console.so + +mkdir -p %{buildroot}%{gem_dir}/gems/json-%{json_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/json-%{json_version}/lib +mv %{buildroot}%{ruby_libdir}/json* %{buildroot}%{gem_dir}/gems/json-%{json_version}/lib +mv %{buildroot}%{ruby_libarchdir}/json/ %{buildroot}%{_libdir}/gems/%{name}/json-%{json_version}/lib/ +mv %{buildroot}%{gem_dir}/specifications/default/json-%{json_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/json-%{json_version}/lib/json.rb %{buildroot}%{ruby_libdir}/json.rb +ln -s %{gem_dir}/gems/json-%{json_version}/lib/json %{buildroot}%{ruby_libdir}/json +ln -s %{_libdir}/gems/%{name}/json-%{json_version}/lib/json/ %{buildroot}%{ruby_libarchdir}/json + +mkdir -p %{buildroot}%{gem_dir}/gems/minitest-%{minitest_version}/lib +mv %{buildroot}%{ruby_libdir}/minitest %{buildroot}%{gem_dir}/gems/minitest-%{minitest_version}/lib +mv %{buildroot}%{gem_dir}/specifications/default/minitest-%{minitest_version}.gemspec %{buildroot}%{gem_dir}/specifications + +mkdir -p %{buildroot}%{gem_dir}/gems/psych-%{psych_version}/lib +mkdir -p %{buildroot}%{_libdir}/gems/%{name}/psych-%{psych_version}/lib +mv %{buildroot}%{ruby_libdir}/psych* %{buildroot}%{gem_dir}/gems/psych-%{psych_version}/lib +mv %{buildroot}%{ruby_libarchdir}/psych.so %{buildroot}%{_libdir}/gems/%{name}/psych-%{psych_version}/lib/ +mv %{buildroot}%{gem_dir}/specifications/default/psych-%{psych_version}.gemspec %{buildroot}%{gem_dir}/specifications +ln -s %{gem_dir}/gems/psych-%{psych_version}/lib/psych %{buildroot}%{ruby_libdir}/psych +ln -s %{gem_dir}/gems/psych-%{psych_version}/lib/psych.rb %{buildroot}%{ruby_libdir}/psych.rb +ln -s %{_libdir}/gems/%{name}/psych-%{psych_version}/lib/psych.so %{buildroot}%{ruby_libarchdir}/psych.so + +# Adjust the gemspec files so that the gems will load properly +sed -i '/^end$/ i\ + s.require_paths = ["lib"]' %{buildroot}%{gem_dir}/specifications/rake-%{rake_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]' %{buildroot}%{gem_dir}/specifications/rdoc-%{rdoc_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]\ + s.extensions = ["bigdecimal.so"]' %{buildroot}%{gem_dir}/specifications/bigdecimal-%{bigdecimal_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]\ + s.extensions = ["io/console.so"]' %{buildroot}%{gem_dir}/specifications/io-console-%{io_console_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]\ + s.extensions = ["json/ext/parser.so", "json/ext/generator.so"]' %{buildroot}%{gem_dir}/specifications/json-%{json_version}.gemspec + +sed -i '/^end$/ i\ + s.require_paths = ["lib"]' %{buildroot}%{gem_dir}/specifications/minitest-%{minitest_version}.gemspec + +# Install a tapset and fix up the path to the library. +mkdir -p %{buildroot}%{tapset_dir} +sed -e "s|@LIBRARY_PATH@|%{tapset_libdir}/libruby.so.%{ruby_version}|" \ + %{SOURCE2} > %{buildroot}%{tapset_dir}/libruby.so.%{ruby_version}.stp +# Escape '*/' in comment. +sed -i -r "s|( \*.*\*)\/(.*)|\1\\\/\2|" %{buildroot}%{tapset_dir}/libruby.so.%{ruby_version}.stp + +%check +# Check RubyGems version correctness. +[ "`make runruby TESTRUN_SCRIPT='bin/gem -v' | tail -1`" == '%{rubygems_version}' ] + +DISABLE_TESTS="" + +%ifarch armv7l armv7hl armv7hnl +# test_call_double(DL::TestDL) fails on ARM HardFP +# http://bugs.ruby-lang.org/issues/6592 +DISABLE_TESTS="-x test_dl2.rb $DISABLE_TESTS" +%endif + +# test_debug(TestRubyOptions) fails due to LoadError reported in debug mode, +# when abrt.rb cannot be required (seems to be easier way then customizing +# the test suite). +touch abrt.rb + +# Check if abrt hook is required (RubyGems are disabled by default when using +# runruby, so re-enable them). +make runruby TESTRUN_SCRIPT="--enable-gems %{SOURCE8}" + +# Check if systemtap is supported. +make runruby TESTRUN_SCRIPT=%{SOURCE9} + +# Tests fail without installed Ruby, possibly due to build with prefix. +# https://bugs.ruby-lang.org/issues/11434 +sed -i "/test_try_/ a\ return;" test/mkmf/test_flags.rb + +# Recent glibc seqfaults when executed with LD_PRELOAD => hardcode +# the check result for now. +# https://bugzilla.redhat.com/show_bug.cgi?id=1428369#c6 +sed -i '/combination(STRINGS, STRINGS) {|str, salt|/i\ strict_crypt = true' \ + test/ruby/test_m17n_comb.rb + +# Fix "Could not find 'minitest'" error. +# http://bugs.ruby-lang.org/issues/9259 +sed -i "/^ gem 'minitest', '~> 4.0'/ s/^/#/" lib/rubygems/test_case.rb + +# Allow MD5 in OpenSSL. +# https://bugs.ruby-lang.org/issues/9154 +OPENSSL_ENABLE_MD5_VERIFY=1 make check TESTS="-v $DISABLE_TESTS" + +%post libs -p /sbin/ldconfig + +%postun libs -p /sbin/ldconfig + +%files +%doc COPYING +%lang(ja) %doc COPYING.ja +%doc GPL +%doc LEGAL +%{_bindir}/erb +%{_bindir}/%{name}%{?with_rubypick:-mri} +%{_bindir}/testrb +%{_mandir}/man1/erb* +%{_mandir}/man1/ruby* + +# http://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries +%exclude %{_libdir}/libruby-static.a + +%files devel +%doc COPYING* +%doc GPL +%doc LEGAL +%doc README.EXT +%lang(ja) %doc README.EXT.ja + +%{_sysconfdir}/rpm/macros.ruby + +%{_includedir}/* +%{_libdir}/libruby.so +%{_libdir}/pkgconfig/%{name}.pc + +%files libs +%doc COPYING +%lang(ja) %doc COPYING.ja +%doc GPL +%doc LEGAL +%doc README +%lang(ja) %doc README.ja +%doc NEWS +%doc doc/NEWS-* +# Exclude /usr/local directory since it is supposed to be managed by +# local system administrator. +%exclude %{ruby_sitelibdir} +%exclude %{ruby_sitearchdir} +%dir %{ruby_vendorlibdir} +%dir %{ruby_vendorarchdir} + +# List all these files explicitly to prevent surprises +# Platform independent libraries. +%dir %{ruby_libdir} +%{ruby_libdir}/*.rb +%exclude %{ruby_libdir}/*-tk.rb +%exclude %{ruby_libdir}/irb.rb +%exclude %{ruby_libdir}/tcltk.rb +%exclude %{ruby_libdir}/tk*.rb +%exclude %{ruby_libdir}/psych.rb +%{ruby_libdir}/cgi +%{ruby_libdir}/date +%{ruby_libdir}/digest +%{ruby_libdir}/dl +%{ruby_libdir}/drb +%{ruby_libdir}/fiddle +%exclude %{ruby_libdir}/gems +%exclude %{ruby_libdir}/irb +%{ruby_libdir}/matrix +%{ruby_libdir}/net +%{ruby_libdir}/openssl +%{ruby_libdir}/optparse +%{ruby_libdir}/racc +%{ruby_libdir}/rbconfig +%{ruby_libdir}/rexml +%{ruby_libdir}/rinda +%{ruby_libdir}/ripper +%{ruby_libdir}/rss +%{ruby_libdir}/shell +%{ruby_libdir}/syslog +%{ruby_libdir}/test +%exclude %{ruby_libdir}/tk +%exclude %{ruby_libdir}/tkextlib +%{ruby_libdir}/uri +%{ruby_libdir}/webrick +%{ruby_libdir}/xmlrpc +%{ruby_libdir}/yaml + +# Platform specific libraries. +%{_libdir}/libruby.so.* +%dir %{ruby_libarchdir} +%{ruby_libarchdir}/continuation.so +%{ruby_libarchdir}/coverage.so +%{ruby_libarchdir}/curses.so +%{ruby_libarchdir}/date_core.so +%{ruby_libarchdir}/dbm.so +%dir %{ruby_libarchdir}/digest +%{ruby_libarchdir}/digest.so +%{ruby_libarchdir}/digest/bubblebabble.so +%{ruby_libarchdir}/digest/md5.so +%{ruby_libarchdir}/digest/rmd160.so +%{ruby_libarchdir}/digest/sha1.so +%{ruby_libarchdir}/digest/sha2.so +%dir %{ruby_libarchdir}/dl +%{ruby_libarchdir}/dl.so +%{ruby_libarchdir}/dl/callback.so +%dir %{ruby_libarchdir}/enc +%{ruby_libarchdir}/enc/big5.so +%{ruby_libarchdir}/enc/cp949.so +%{ruby_libarchdir}/enc/emacs_mule.so +%{ruby_libarchdir}/enc/encdb.so +%{ruby_libarchdir}/enc/euc_jp.so +%{ruby_libarchdir}/enc/euc_kr.so +%{ruby_libarchdir}/enc/euc_tw.so +%{ruby_libarchdir}/enc/gb18030.so +%{ruby_libarchdir}/enc/gb2312.so +%{ruby_libarchdir}/enc/gbk.so +%{ruby_libarchdir}/enc/iso_8859_1.so +%{ruby_libarchdir}/enc/iso_8859_10.so +%{ruby_libarchdir}/enc/iso_8859_11.so +%{ruby_libarchdir}/enc/iso_8859_13.so +%{ruby_libarchdir}/enc/iso_8859_14.so +%{ruby_libarchdir}/enc/iso_8859_15.so +%{ruby_libarchdir}/enc/iso_8859_16.so +%{ruby_libarchdir}/enc/iso_8859_2.so +%{ruby_libarchdir}/enc/iso_8859_3.so +%{ruby_libarchdir}/enc/iso_8859_4.so +%{ruby_libarchdir}/enc/iso_8859_5.so +%{ruby_libarchdir}/enc/iso_8859_6.so +%{ruby_libarchdir}/enc/iso_8859_7.so +%{ruby_libarchdir}/enc/iso_8859_8.so +%{ruby_libarchdir}/enc/iso_8859_9.so +%{ruby_libarchdir}/enc/koi8_r.so +%{ruby_libarchdir}/enc/koi8_u.so +%{ruby_libarchdir}/enc/shift_jis.so +%dir %{ruby_libarchdir}/enc/trans +%{ruby_libarchdir}/enc/trans/big5.so +%{ruby_libarchdir}/enc/trans/chinese.so +%{ruby_libarchdir}/enc/trans/emoji.so +%{ruby_libarchdir}/enc/trans/emoji_iso2022_kddi.so +%{ruby_libarchdir}/enc/trans/emoji_sjis_docomo.so +%{ruby_libarchdir}/enc/trans/emoji_sjis_kddi.so +%{ruby_libarchdir}/enc/trans/emoji_sjis_softbank.so +%{ruby_libarchdir}/enc/trans/escape.so +%{ruby_libarchdir}/enc/trans/gb18030.so +%{ruby_libarchdir}/enc/trans/gbk.so +%{ruby_libarchdir}/enc/trans/iso2022.so +%{ruby_libarchdir}/enc/trans/japanese.so +%{ruby_libarchdir}/enc/trans/japanese_euc.so +%{ruby_libarchdir}/enc/trans/japanese_sjis.so +%{ruby_libarchdir}/enc/trans/korean.so +%{ruby_libarchdir}/enc/trans/single_byte.so +%{ruby_libarchdir}/enc/trans/transdb.so +%{ruby_libarchdir}/enc/trans/utf8_mac.so +%{ruby_libarchdir}/enc/trans/utf_16_32.so +%{ruby_libarchdir}/enc/utf_16be.so +%{ruby_libarchdir}/enc/utf_16le.so +%{ruby_libarchdir}/enc/utf_32be.so +%{ruby_libarchdir}/enc/utf_32le.so +%{ruby_libarchdir}/enc/windows_1251.so +%{ruby_libarchdir}/enc/windows_31j.so +%{ruby_libarchdir}/etc.so +%{ruby_libarchdir}/fcntl.so +%{ruby_libarchdir}/fiber.so +%{ruby_libarchdir}/fiddle.so +%{ruby_libarchdir}/gdbm.so +%dir %{ruby_libarchdir}/io +%{ruby_libarchdir}/io/nonblock.so +%{ruby_libarchdir}/io/wait.so +%dir %{ruby_libarchdir}/mathn +%{ruby_libarchdir}/mathn/complex.so +%{ruby_libarchdir}/mathn/rational.so +%{ruby_libarchdir}/nkf.so +%{ruby_libarchdir}/objspace.so +%{ruby_libarchdir}/openssl.so +%{ruby_libarchdir}/pathname.so +%{ruby_libarchdir}/pty.so +%dir %{ruby_libarchdir}/racc +%{ruby_libarchdir}/racc/cparse.so +%{ruby_libarchdir}/rbconfig.rb +%{ruby_libarchdir}/readline.so +%{ruby_libarchdir}/ripper.so +%{ruby_libarchdir}/sdbm.so +%{ruby_libarchdir}/socket.so +%{ruby_libarchdir}/stringio.so +%{ruby_libarchdir}/strscan.so +%{ruby_libarchdir}/syslog.so +%exclude %{ruby_libarchdir}/tcltklib.so +%exclude %{ruby_libarchdir}/tkutil.so +%{ruby_libarchdir}/zlib.so + +%{tapset_root} + +# TODO rubygems 2.0.0 does not create test-unit gemspec +# TODO for now put this in ruby-libs rpm +# TODO check if the following can be removed after +# TODO test-unit rebuild +%dir %{gem_dir} +%dir %{gem_dir}/specifications +%dir %{gem_dir}/specifications/default +%{gem_dir}/specifications/default/test-unit-*.gemspec + +%files -n rubygems +%{_bindir}/gem +%{rubygems_dir} +%{gem_dir} +%exclude %{gem_dir}/gems/* +%{_exec_prefix}/lib*/gems +%exclude %{_exec_prefix}/lib*/gems/%{name}/bigdecimal-%{bigdecimal_version} +%exclude %{_exec_prefix}/lib*/gems/%{name}/io-console-%{io_console_version} +%exclude %{_exec_prefix}/lib*/gems/%{name}/json-%{json_version} +%exclude %{_exec_prefix}/lib*/gems/%{name}/psych-%{psych_version} +%exclude %{gem_dir}/gems/rake-%{rake_version} +%exclude %{gem_dir}/gems/rdoc-%{rdoc_version} +%exclude %{gem_dir}/specifications/bigdecimal-%{bigdecimal_version}.gemspec +%exclude %{gem_dir}/specifications/io-console-%{io_console_version}.gemspec +%exclude %{gem_dir}/specifications/json-%{json_version}.gemspec +%exclude %{gem_dir}/specifications/minitest-%{minitest_version}.gemspec +%exclude %{gem_dir}/specifications/rake-%{rake_version}.gemspec +%exclude %{gem_dir}/specifications/rdoc-%{rdoc_version}.gemspec +%exclude %{gem_dir}/specifications/psych-%{psych_version}.gemspec +# TODO rubygems 2.0.0 does not create test-unit gemspec +# TODO where to put test-unit-*.gemspec?? +%exclude %{gem_dir}/specifications/default/test-unit-*.gemspec + +%files -n rubygems-devel +%{_sysconfdir}/rpm/macros.rubygems + +%files -n rubygem-rake +%{_bindir}/rake +%{gem_dir}/gems/rake-%{rake_version} +%{gem_dir}/specifications/rake-%{rake_version}.gemspec +%{_mandir}/man1/rake.1* + +%files irb +%{_bindir}/irb +%{ruby_libdir}/irb.rb +%{ruby_libdir}/irb +%{_mandir}/man1/irb.1* + +%files -n rubygem-rdoc +%{_bindir}/rdoc +%{_bindir}/ri +%{gem_dir}/gems/rdoc-%{rdoc_version} +%{gem_dir}/specifications/rdoc-%{rdoc_version}.gemspec +%{_mandir}/man1/ri* + +%files doc +%doc README +%lang(ja) %doc README.ja +%doc ChangeLog +%doc doc/ChangeLog-* +%doc ruby-exercise.stp +%{_datadir}/ri + +%files -n rubygem-bigdecimal +%{ruby_libdir}/bigdecimal +%{ruby_libarchdir}/bigdecimal.so +%{_libdir}/gems/%{name}/bigdecimal-%{bigdecimal_version} +%{gem_dir}/gems/bigdecimal-%{bigdecimal_version} +%{gem_dir}/specifications/bigdecimal-%{bigdecimal_version}.gemspec + +%files -n rubygem-io-console +%{ruby_libdir}/io +%{ruby_libarchdir}/io/console.so +%{_libdir}/gems/%{name}/io-console-%{io_console_version} +%{gem_dir}/gems/io-console-%{io_console_version} +%{gem_dir}/specifications/io-console-%{io_console_version}.gemspec + +%files -n rubygem-json +%{ruby_libdir}/json* +%{ruby_libarchdir}/json* +%{_libdir}/gems/%{name}/json-%{json_version} +%{gem_dir}/gems/json-%{json_version} +%{gem_dir}/specifications/json-%{json_version}.gemspec + +%files -n rubygem-minitest +%{gem_dir}/gems/minitest-%{minitest_version} +%{gem_dir}/specifications/minitest-%{minitest_version}.gemspec + +%files -n rubygem-psych +%{ruby_libdir}/psych +%{ruby_libdir}/psych.rb +%{ruby_libarchdir}/psych.so +%{_libdir}/gems/%{name}/psych-%{psych_version} +%{gem_dir}/gems/psych-%{psych_version} +%{gem_dir}/specifications/psych-%{psych_version}.gemspec + +%files tcltk +%{ruby_libdir}/*-tk.rb +%{ruby_libdir}/tcltk.rb +%{ruby_libdir}/tk*.rb +%{ruby_libarchdir}/tcltklib.so +%{ruby_libarchdir}/tkutil.so +%{ruby_libdir}/tk +%{ruby_libdir}/tkextlib + +%changelog +* Thu Apr 04 2019 Vít Ondruch - 2.0.0.648-36 +- Introduce `Gem::UserInteraction#verbose` method as precondition to fix + CVE-2019-8321. + * rubygems-2.3.0-refactor-checking-really_verbose.patch +- Fix escape sequence injection vulnerability in verbose. +- Fix escape sequence injection vulnerability in gem owner. + Resolves: CVE-2019-8322 +- Fix escape sequence injection vulnerability in API response handling. + Resolves: CVE-2019-8323 +- Prohibit arbitrary code execution when installing a malicious gem. + Resolves: CVE-2019-8324 +- Fix escape sequence injection vulnerability in errors. + Resolves: CVE-2019-8325 + * ruby-2.4.6-Applied-security-patches-for-RubyGems.patch + +* Mon Feb 04 2019 Jun Aruga - 2.0.0.648-35 +- Kill bundled certificates. +- Add macros to edit files lists in .gemspec +- Fix buffer under-read in String#unpack + Resolves: CVE-2018-8778 +- Fix HTTP response splitting in WEBrick + Resolves: CVE-2017-17742 +- Fix DoS by large request in WEBrick + Resolves: CVE-2018-8777 +- Fix directory traversal by poisoned NULL byte in Dir. + Resolves: CVE-2018-8780 +- Fix file and directory creation with directory traversal. + Resolves: CVE-2018-6914 +- Fix socket creation by poisoned NULL byte. + Resolves: CVE-2018-8779 +- Fix: return default path with nonexistent home dir +- Fix flags not propagated in Array#pack and String#unpack. + Resolves: CVE-2018-16396 +- Fix strictly interpret octal fields in tar headers. + Resolves: CVE-2018-1000075 +- Fix a security error for duplicate files in a package. + Resolves: CVE-2018-1000076 +- Enforce URL validation on spec homepage attribute. + Resolves: CVE-2018-1000077 +- Mitigate XSS vulnerability in homepage attribute. + Resolves: CVE-2018-1000078 +- Prevent Path Traversal issue during gem installation. + Resolves: CVE-2018-1000079 +- Fix unsafe Object Deserialization Vulnerability in gem owner. + Resolves: CVE-2018-1000074 +- Refresh expired certificates. +- Fix path traversal when writing to a symlinked basedir outside of the root + Resolves: CVE-2018-1000073 + +* Thu Nov 01 2018 Jun Aruga - 2.0.0.648-34 +- CVE-2018-16395: Fix OpenSSL::X509::Name equality check does not work. + Resolves: CVE-2018-16395 + +* Mon Feb 19 2018 Vít Ondruch - 2.0.0.648-33 +- Fix always passing WEBrick test. + +* Fri Feb 16 2018 Vít Ondruch - 2.0.0.648-32 +- Add Psych.safe_load + * ruby-2.1.0-there-should-be-only-one-exception.patch + * ruby-2.1.0-Adding-Psych.safe_load.patch + Related: CVE-2017-0903 +- Disable Tokyo TZ tests broken by recen tzdata update. + * ruby-2.5.0-Disable-Tokyo-TZ-tests.patch + Related: CVE-2017-0903 + +* Mon Jan 15 2018 Vít Ondruch - 2.0.0.648-31 +- Fix unsafe object deserialization in RubyGems (CVE-2017-0903). + * ruby-2.4.3-CVE-2017-0903-Fix-unsafe-object-deserialization + -vulnerability.patch + Resolves: CVE-2017-0903 +- Fix an ANSI escape sequence vulnerability (CVE-2017-0899). + Resolves: CVE-2017-0899 +- Fix a DOS vulernerability in the query command (CVE-2017-0900). + Resolves: CVE-2017-0900 +- Fix a vulnerability in the gem installer that allowed a malicious gem + to overwrite arbitrary files (CVE-2017-0901). + Resolves: CVE-2017-0901 +- Fix a DNS request hijacking vulnerability (CVE-2017-0902). + * ruby-2.2.8-lib-rubygems-fix-several-vulnerabilities-in-RubyGems.patch + Resolves: CVE-2017-0902 +- Fix buffer underrun vulnerability in Kernel.sprintf (CVE-2017-0898). + * ruby-2.2.8-Buffer-underrun-vulnerability-in-Kernel.sprintf.patch + Resolves: CVE-2017-0898 +- Escape sequence injection vulnerability in the Basic + authentication of WEBrick (CVE-2017-10784). + * ruby-2.2.8-sanitize-any-type-of-logs.patch + Resolves: CVE-2017-10784 +- Arbitrary heap exposure during a JSON.generate call (CVE-2017-14064). + * ruby-2.2.8-Fix-arbitrary-heap-exposure-during-a-JSON.generate-call.patch + Resolves: CVE-2017-14064 +- Command injection vulnerability in Net::FTP (CVE-2017-17405). + * ruby-2.2.9-Fix-a-command-injection-vulnerability-in-Net-FTP.patch + Resolves: CVE-2017-17405 +- Buffer underrun in OpenSSL ASN1 decode (CVE-2017-14033). + * ruby-2.2.8-asn1-fix-out-of-bounds-read-in-decoding-constructed-objects.patch + Resolves: CVE-2017-14033 +- Command injection in lib/resolv.rb:lazy_initialize() allows arbitrary code + execution(CVE-2017-17790). + * ruby-2.5.0-Fixed-command-Injection.patch + Resolves: CVE-2017-17790 + +* Wed Mar 01 2017 Vít Ondruch - 2.0.0.648-30 +- Fix test_npn_protocol_selection_ary and test_npn_protocol_selection_enum + failures with newest openssl. + Resolves: rhbz#1416123 +- Add gemspec_add_dep and gemspec_remove_dep macros. +- Extend 'gem_' macros for pre-release version support. + Resolves: rhbz#1397390 +- Make symlinks for json gem. + Resolves: rhbz#1308992 + +* Wed Jun 08 2016 Pavel Valena - 2.0.0.648-29 +- Fix hostname size limit + Resolves: rhbz#1343945 + +* Mon Jun 06 2016 Pavel Valena - 2.0.0.648-28 +- Fix missing declaration of 'rb_frame_last_func' + Related: rhbz#1197720 + +* Fri Jun 03 2016 Pavel Valena - 2.0.0.648-27 +- Apply previously unapplied patch #14 + Related: rhbz#1197720 + +* Mon May 09 2016 Pavel Valena - 2.0.0.648-26 +- Rebase to Ruby 2.0.0-p648 + Resolves: rhbz#1197720, rhbz#1298282, rhbz#1258863 + * Remove Patch18: ruby-2.0.0-p247-Revert-mkmf.rb-prefix-install_dirs-only- + with-DESTDIR.patch; subsumed + * Remove Patch23: ruby-openssl-wrap-cipher-fix.patch; subsumed + * Remove Patch25: ruby-2.0.0-p607-DNS-Resolv-fall-back-if-canonicalization- + fails.patch; subsumed +- Remove tests depending on europe/moscow to avoid failures due to tzdata change + https://github.com/eggert/tz/commit/8ee11a301cf173afb0c76e0315b9f9ec8ebb9d95 +- Add checks for systemtap, abrt hook and rubygems version +- Fix significant hash table performance slowdown on ppc64le + Resolves: rhbz#1163032 +- Support in no_proxy for domain names with whitespaces and leading dots + Resolves: rhbz#1300433 + +* Mon Apr 27 2015 Vít Ondruch - 2.0.0.598-25 +- Fix broken DNS Resolv when resolv.conf has option ndots > 1. + Resolves: rhbz#1200419 + +* Fri Nov 14 2014 Vít Ondruch - 2.0.0.598-24 +- Rebased to Ruby 2.0.0-p598. + * Remove Patch19: ruby-2.0.0-p247-Make-stable-Gem-Specification.files-in- + default-.gems.patch; subsumed + * Remove Patch20: ruby-2.1.1-fix-test-failures-due-to-expired-certs.patch; + subsumed + * Remove Patch21: ruby-2.1.0-test_aes_gcm_wrong_tag-Dont-use-String + -succ.patch; subsumed + * Remove Patch22: ruby-2.2.0-fix-error-with-tzdata.patch; subsumed + Resolves: rhbz#1071187 +- Incorporates fixes for CVE-2014-8080 and CVE-2015-8090. + Resolves: rhbz#1164000 +- Fix for Proxy Realm feature. + Resolves: rhbz#1122140 +- Fix off-by-one stack-based buffer overflow in the encodes() function + (CVE-2014-4975). + Related: rhbz#1164000 + +* Wed Sep 24 2014 Josef Stribny - 2.0.0.353-23 +- Add missing patch for new tzdata + Related: rhbz#1144023 +- Add missing patch for RFC 5649 in OpenSSL + Related: rhbz#1145692 + +* Tue Sep 23 2014 Josef Stribny - 2.0.0.353-22 +- Fix FTBFS with new tzdata + Resolves: rhbz#1144023 +- Fix FTBFS due to a support for RFC 5649 in OpenSSL + Resolves: rhbz#1145692 + +* Thu Aug 14 2014 Vít Ondruch - 2.0.0.353-21 +- Add support for ppc64le arch. + Resolves: rhbz#1126146 + +* Fri Jan 24 2014 Daniel Mach - 2.0.0.353-20 +- Mass rebuild 2014-01-24 + +* Tue Jan 07 2014 Vít Ondruch - 2.0.0.353-19 +- Update to Ruby 2.0.0-p353. + - Resolves: rhbz#1033923 +- Allow MD5 in OpenSSL for tests. + +* Fri Jan 03 2014 Vít Ondruch - 2.0.0.247-18 +- Fix FTBFS due to expired certificate for IMAP test case. +- Fix test_aes_gcm_wrong_tag random failures. + - Resolves: rhbz#1048899 + +* Fri Dec 27 2013 Daniel Mach - 2.0.0.247-18 +- Mass rebuild 2013-12-27 + +* Mon Nov 25 2013 Vít Ondruch - 2.0.0.247-17 +- Heap overflow in floating point parsing (CVE-2013-4164). + * ruby-2.0.0-p353-CVE-2013-4164-ignore-too-long-fraction-part.patch + - Resolves: rhbz#1033503 +- Allow MD5 in OpenSSL tests. + +* Wed Sep 25 2013 Vít Ondruch - 2.0.0.247-16 +- Fix version regex algorithmic complexity vulnerability (CVE for incomplete + fix for CVE-2013-4287) (CVE-2013-4363). + - Related: rhbz#1006429 + +* Tue Sep 17 2013 Vít Ondruch - 2.0.0.247-15 +- Fix version regex algorithmic complexity vulnerability (CVE-2013-4287). + - Resolves: rhbz#1006429 + +* Mon Jul 15 2013 Vít Ondruch - 2.0.0.247-14 +- Add forgotten psych.rb link into rubygem-psych to fix "private method `load' + called for Psych:Moduler" error (rhbz#979133). + +* Thu Jul 11 2013 Vít Ondruch - 2.0.0.247-13 +- Fixes multilib conlicts of .gemspec files. +- Make symlinks for psych gem to ruby stdlib dirs (rhbz#979133). +- Use system-wide cert.pem. + +* Thu Jul 04 2013 Vít Ondruch - 2.0.0.247-12 +- Fix RubyGems search paths when building gems with native extension + (rhbz#979133). + +* Tue Jul 02 2013 Vít Ondruch - 2.0.0.247-11 +- Fix RubyGems version. + +* Tue Jul 02 2013 Vít Ondruch - 2.0.0.247-10 +- Better support for build without configuration (rhbz#977941). + +* Mon Jul 01 2013 Vít Ondruch - 2.0.0.247-9 +- Update to Ruby 2.0.0-p247 (rhbz#979605). +- Fix CVE-2013-4073. +- Fix for wrong makefiles created by mkmf (rhbz#921650). +- Add support for ABRT autoloading. + +* Fri May 17 2013 Vít Ondruch - 2.0.0.195-8 +- Update to Ruby 2.0.0-p195 (rhbz#917374). +- Fix object taint bypassing in DL and Fiddle (CVE-2013-2065). +- Fix build against OpenSSL with enabled ECC curves. +- Add aarch64 support (rhbz#926463). + +* Fri Apr 19 2013 Vít Ondruch - 2.0.0.0-7 +- Macro definition moved into macros.ruby and macros.rubygems files. +- Added filtering macros. +- Filter automatically generated provides of private libraries (rhbz#947408). + +* Fri Mar 22 2013 Vít Ondruch - 2.0.0.0-6 +- Fix RbConfig::CONFIG['exec_prefix'] returns empty string (rhbz#924851). + +* Thu Mar 21 2013 Vít Ondruch - 2.0.0.0-5 +- Make Ruby buildable without rubypick. +- Prevent random test failures. + +* Fri Mar 08 2013 Mamoru TASAKA - 2.0.0.0-4 +- Don't mark rpm config file as %%config (fpc#259) + +* Tue Mar 05 2013 Vít Ondruch - 2.0.0.0-3 +- Avoid "method redefined;" warnings due to modified operating_system.rb. +- Fix strange paths created during build of binary gems. + +* Mon Feb 25 2013 Vít Ondruch - 2.0.0.0-2 +- Prevent squash of %%gem_install with following line. + +* Mon Feb 25 2013 Vít Ondruch - 2.0.0.0-1 +- Update to Ruby 2.0.0-p0. +- Change %%{ruby_extdir} to %%{ruby_extdir_mri} in preparation for better + JRuby support. + +* Mon Feb 25 2013 Mamoru TASAKA - 2.0.0.0-0.3.r39387 +- Move test-unit.gemspec to -libs subpackage for now because rubygems + 2.0.0 does not create this + +* Fri Feb 22 2013 Vít Ondruch - 2.0.0.0-0.2.r39387 +- Fix issues with wrong value of Rubygem's shebang introduced in r39267. + +* Fri Feb 22 2013 Vít Ondruch - 2.0.0.0-0.1.r39387 +- Upgrade to Ruby 2.0.0 (r39387). +- Introduce %%gem_install macro. +- Build against libdb instead of libdb4 (rhbz#894022). +- Move native extensions from exts to ruby directory. +- Enable most of the PPC test suite. +- Change ruby(abi) -> ruby(release). +- Rename ruby executable to ruby-mri, to be prepared for RubyPick. +- Add ruby(runtime_executable) virtual provide, which is later used + by RubyPick. +- RDoc now depends on JSON. +- Try to make -doc subpackage noarch again, since the new RDoc should resolve + the arch dependent issues (https://github.com/rdoc/rdoc/issues/71). +- Enable SystemTap support. +- Add TapSet for Ruby. +- Split Psych into rubygem-psych subpackage. + +* Mon Feb 11 2013 Mamoru TASAKA - 1.9.3.385-28 +- Update to 1.9.3 p385 + +* Sat Jan 19 2013 Mamoru TASAKA - 1.9.3.374-27 +- Update to 1.9.3 p374 +- Fix provided variables in pkgconfig (bug 789532: + Vít Ondruch ) + +* Fri Jan 18 2013 Mamoru TASAKA - 1.9.3.362-26 +- Provide non-versioned pkgconfig file (bug 789532) +- Use db5 on F-19 (bug 894022) + +* Wed Jan 16 2013 Mamoru TASAKA - 1.9.3.362-25 +- Backport fix for the upstream PR7629, save the proc made from the given block + (bug 895173) + +* Wed Jan 2 2013 Mamoru TASAKA - 1.9.3.362-24 +- Update to 1.9.3.362 + +* Mon Dec 03 2012 Jaromir Capik - 1.9.3.327-23 +- Skipping test_parse.rb (fails on ARM at line 787) +- http://bugs.ruby-lang.org/issues/6899 + +* Sun Nov 11 2012 Mamoru TASAKA - 1.9.3.327-23 +- Skip test_str_crypt (on rawhide) for now (upstream bug 7312) + +* Sat Nov 10 2012 Mamoru TASAKA - 1.9.3.327-22 +- Ignore some network related tests + +* Sat Nov 10 2012 Mamoru TASAKA - 1.9.3.327-21 +- Update to 1.9.3.327 +- Fix Hash-flooding DoS vulnerability on MurmurHash function + (CVE-2012-5371) + +* Sat Oct 13 2012 Mamoru TASAKA - 1.9.3.286-19 +- Update to 1.9.3 p286 +- Don't create files when NUL-containing path name is passed + (bug 865940, CVE-2012-4522) + +* Thu Oct 04 2012 Mamoru Tasaka - 1.9.3.194-18 +- Patch from trunk for CVE-2012-4464, CVE-2012-4466 + +* Thu Sep 06 2012 Vít Ondruch - 1.9.3.194-17 +- Split documentation into -doc subpackage (rhbz#854418). + +* Tue Aug 14 2012 Vít Ondruch - 1.9.3.194-16 +- Revert the dependency of ruby-libs on rubygems (rhbz#845011, rhbz#847482). + +* Wed Aug 01 2012 Vít Ondruch - 1.9.3.194-15 +- ruby-libs must require rubygems (rhbz#845011). + +* Sat Jul 21 2012 Fedora Release Engineering - 1.9.3.194-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 11 2012 Bohuslav Kabrda - 1.9.3.194-13 +- Make the bigdecimal gem a runtime dependency of Ruby. + +* Mon Jun 11 2012 Bohuslav Kabrda - 1.9.3.194-12 +- Make symlinks for bigdecimal and io-console gems to ruby stdlib dirs (RHBZ 829209). + +* Tue May 29 2012 Bohuslav Kabrda - 1.9.3.194-11 +- Fix license to contain Public Domain. +- macros.ruby now contains unexpanded macros. + +* Sun Apr 22 2012 Mamoru Tasaka - 1.9.3.194-10.1 +- Bump release + +* Fri Apr 20 2012 Vít Ondruch - 1.9.3.194-1 +- Update to Ruby 1.9.3-p194. + +* Mon Apr 09 2012 Karsten Hopp 1.9.3.125-3 +- disable check on ppc(64), RH bugzilla 803698 + +* Wed Feb 29 2012 Peter Robinson - 1.9.3.125-2 +- Temporarily disable make check on ARM until it's fixed upstream. Tracked in RHBZ 789410 + +* Mon Feb 20 2012 Vít Ondruch - 1.9.3.125-1 +- Upgrade to Ruby 1.9.3-p125. + +* Sun Jan 29 2012 Mamoru Tasaka - 1.9.3.0-7 +- Make mkmf.rb verbose by default + +* Thu Jan 26 2012 Vít Ondruch - 1.9.3.0-6 +- Relax dependencies to allow external updates of bundled gems. + +* Wed Jan 18 2012 Vít Ondruch - 1.9.3.0-5 +- Initial release of Ruby 1.9.3. +- Add rubygems dependency on io-console for user interactions. +- Gems license clarification. + +* Tue Jan 17 2012 Vít Ondruch - 1.9.3.0-4 +- Bundled gems moved into dedicated directories and subpackages. +- Create and own RubyGems directories for binary extensions. +- Fix build with GCC 4.7. + +* Mon Jan 16 2012 Vít Ondruch - 1.9.3.0-3 +- Fix RHEL build. +- Fixed directory ownership. +- Verose build output. + +* Sun Jan 15 2012 Vít Ondruch - 1.9.3.0-2 +- Install RubyGems outside of Ruby directory structure. +- RubyGems has not its own -devel subpackage. +- Enhanced macros.ruby and macros.rubygems. +- All tests are green now (bkabrda). + +* Sat Jan 14 2012 Vít Ondruch - 1.9.3.0-1 +- Initial package + +* Sat Jan 14 2012 Fedora Release Engineering - 1.8.7.357-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Dec 29 2011 Mamoru Tasaka - 1.8.7.357-1 +- Update to 1.8.7p357 +- Randomize hash on process startup (CVE-2011-4815, bug 750564) + +* Fri Dec 23 2011 Dennis Gilmore - 1.8.7.352-2 +- dont normalise arm cpus to arm +- there is something weird about how ruby choses where to put bits + +* Thu Nov 17 2011 Mamoru Tasaka - 1.8.7.352-3 +- F-17: kill gdbm support for now due to licensing compatibility issue + +* Sat Oct 1 2011 Mamoru Tasaka - 1.8.7.352-2 +- F-17: rebuild against new gdbm + +* Sat Jul 16 2011 Mamoru Tasaka - 1.8.7.352-1 +- Update to 1.8.7 p352 +- CVE-2011-2686 is fixed in this version (bug 722415) +- Update ext/tk to the latest git +- Remove duplicate path entry (bug 718695) + +* Thu Jul 14 2011 Mamoru Tasaka - 1.8.7.334-4 +- Once fix FTBFS (bug 716021) + +* Mon Jul 11 2011 Dennis Gilmore - 1.8.7.334-3 +- normalise arm cpus to arm + +* Mon May 30 2011 Mamoru Tasaka - 1.8.7.334-2 +- Own %%{_normalized_cpu}-%%{_target_os} directory (bug 708816) + +* Sat Feb 19 2011 Mamoru Tasaka - 1.8.7.334-1 +- Update to 1.8.7 p334 + +* Wed Feb 09 2011 Fedora Release Engineering - 1.8.7.330-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Jan 02 2011 Dennis Gilmore - 1.8.7.330-2 +- nomalise the 32 bit sparc archs to sparc + +* Sun Dec 26 2010 Mamoru Tasaka - 1.8.7.330-1 +- Update to 1.8.7 p330 +- ext/tk updated to the newest header + +* Thu Nov 4 2010 Mamoru Tasaka - 1.8.7.302-2 +- Avoid multilib conflict on -libs subpackage (bug 649174) + +* Mon Aug 23 2010 Mamoru Tasaka - 1.8.7.302-1 +- Update to 1.8.7.302 +- CVE-2010-0541 (bug 587731) is fixed in this version +- Update ext/tk to the latest head + +* Mon Aug 2 2010 Mamoru Tasaka - 1.8.7.299-5 +- More cleanup of spec file, expecially for rpmlint issue +- build ri files in %%build + +* Mon Jul 26 2010 Mamoru Tasaka - 1.8.7.299-4 +- Cleanup spec file +- Make -irb, -rdoc subpackage noarch +- Make dependencies between arch-dependent subpackages isa specific +- Improve sample documentation gathering + +* Mon Jul 12 2010 Mohammed Morsi - 1.8.7.299-3 +- updated packaged based on feedback (from mtasaka) +- added comments to all patches / sources +- obsoleted ruby-mode, as it's now provided by the emacs package itself +- readded missing documentation +- various small compatability/regression fixes + +* Tue Jul 06 2010 Mohammed Morsi - 1.8.7.299-2 +- readded bits to pull tk package from upstream source branch +- removed unecessary .tk.old dir +- renamed macros which may cause confusion, removed unused ones + +* Thu Jun 24 2010 Mohammed Morsi - 1.8.7.299-1 +- integrate more of jmeyering's and mtaska's feedback +- removed emacs bits that are now shipped with the emacs package +- various patch and spec cleanup +- rebased to ruby 1.8.7 patch 299, removed patches no longer needed: + ruby-1.8.7-openssl-1.0.patch, ruby-1.8.7-rb_gc_guard_ptr-optimization.patch + +* Wed Jun 23 2010 Mohammed Morsi - 1.8.7.249-5 +- Various fixes + +* Wed Jun 23 2010 Mohammed Morsi - 1.8.7.249-4 +- Fixed incorrect paths in 1.8.7 rpm + +* Tue Jun 22 2010 Mohammed Morsi - 1.8.7.249-3 +- Integrated Jim Meyering's feedback and changes in to: +- remove trailing blanks +- placate rpmlint +- ruby_* definitions: do not use trailing slashes in directory names +- _normalized_cpu: simplify definition + +* Mon Jun 21 2010 Mohammed Morsi - 1.8.7.249-2 +- Integrate mtasaka's feedback and changes +- patch101 ruby_1_8_7-rb_gc_guard_ptr-optimization.patch + +* Tue Jun 15 2010 Mohammed Morsi - 1.8.7.249-1 +- Initial Ruby 1.8.7 specfile + +* Wed May 19 2010 Mamoru Tasaka - 1.8.6.399-5 +- Retry for bug 559158, Simplify the OpenSSL::Digest class + pull more change commits from ruby_1_8 branch + +* Mon May 17 2010 Mamoru Tasaka - 1.8.6.399-4 +- Patch36 (ruby-1.8.x-RHASH_SIZE-rb_hash_lookup-def.patch) + also backport rb_hash_lookup definition (bug 592936) + +* Thu May 13 2010 Mamoru Tasaka - 1.8.6.399-3 +- ruby-1.8.x-null-class-must-be-Qnil.patch (bug 530407) +- Recreate some patches using upstream svn when available, and + add some comments for patches + +* Tue May 11 2010 Mamoru Tasaka - 1.8.6.399-2 +- tcltk: Give up using potentially unmaintained ruby_1_8_6 branch + and instead completely replace with ruby_1_8 branch head + (at this time, using rev 27738) + (seems to fix 560053, 590503) +- Fix Japanese encoding strings under ruby-tcltk/ext/tk/sample/ + +* Tue Apr 27 2010 Mamoru Tasaka - 1.8.6.399-1 +- Update to 1.8.6 p 399 (bug 579675) +- Patch to fix gc bug causing open4 crash (bug 580993) + +* Fri Mar 12 2010 Mamoru Tasaka - 1.8.6.388-9 +- F-14: rebuild against new gdbm + +* Thu Jan 28 2010 Mamoru Tasaka +- Once revert the previous change (patch34) + +* Wed Jan 27 2010 Jeroen van Meeuwen - 1.8.6.388-8 +- Backport openssl/digest functions providing digest and hexdigest functions + directly in OpenSSL::Digest.methods +- Make sure that Red Hat people version their changelog entries +- This is actually release #1, but now needs to be release #7 + +* Mon Jan 18 2010 Akira TAGOH - 1.8.6.388-1 +- Add conditional for RHEL. + +* Wed Jan 13 2010 Mamoru Tasaka - 1.8.6.383-6 +- CVE-2009-4492 ruby WEBrick log escape sequence (bug 554485) + +* Wed Dec 9 2009 Mamoru Tasaka - 1.8.6.383-5 +- Change mkmf.rb to use LIBRUBYARG_SHARED so that have_library() works + without libruby-static.a (bug 428384) +- And move libruby-static.a to -static subpackage + +* Thu Oct 29 2009 Mamoru Tasaka - 1.8.6.383-4 +- Use bison to regenerate parse.c to keep the original format of error + messages (bug 530275 comment 4) + +* Sun Oct 25 2009 Mamoru Tasaka - 1.8.6.383-3 +- Patch so that irb saves its history (bug 518584, ruby issue 1556) + +* Sat Oct 24 2009 Mamoru Tasaka - 1.8.6.383-2 +- Update to 1.8.6 patchlevel 383 (bug 520063) + +* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-5 +- Much better idea for Patch31 provided by Akira TAGOH + +* Wed Oct 14 2009 Mamoru Tasaka - 1.8.6.369-4 +- Fix the search path of ri command for ri manuals installed with gem + (bug 528787) + +* Wed Aug 26 2009 Tomas Mraz - 1.8.6.369-3 +- Rebuild against new openssl + +* Thu Jul 23 2009 Mamoru Tasaka - 1.8.6.369-2 +- Make sure that readline.so is linked against readline 5 because + Ruby is under GPLv2 + +* Sat Jun 20 2009 Jeroen van Meeuwen - 1.8.6.369-1 +- New patchlevel fixing CVE-2009-1904 +- Fix directory on ARM (#506233, Kedar Sovani) + +* Sun May 31 2009 Jeroen van Meeuwen - 1.8.6.368-1 +- New upstream release (p368) + +* Sat Apr 11 2009 Mamoru Tasaka - 1.8.6.287-8 +- Merge Review fix (#226381) + +* Wed Mar 18 2009 Jeroen van Meeuwen - 1.8.6.287-7 +- Fix regression in CVE-2008-3790 (#485383) + +* Mon Mar 16 2009 Mamoru Tasaka - 1.8.6.287-6 +- Again use -O2 optimization level +- i586 should search i386-linux directory (on <= F-11) + +* Thu Mar 05 2009 Jeroen van Meeuwen - 1.8.6.287-5 +- Rebuild for gcc4.4 + +* Fri Feb 27 2009 Jeroen van Meeuwen - 1.8.6.287-3 +- CVE-2008-5189: CGI header injection. + +* Wed Oct 8 2008 Akira TAGOH - 1.8.6.287-2 +- CVE-2008-3790: DoS vulnerability in the REXML module. + +* Sat Aug 23 2008 Akira TAGOH - 1.8.6.287-1 +- New upstream release. +- Security fixes. + - CVE-2008-3655: Ruby does not properly restrict access to critical + variables and methods at various safe levels. + - CVE-2008-3656: DoS vulnerability in WEBrick. + - CVE-2008-3657: Lack of taintness check in dl. + - CVE-2008-1447: DNS spoofing vulnerability in resolv.rb. + - CVE-2008-3443: Memory allocation failure in Ruby regex engine. +- Remove the unnecessary backported patches. + +* Thu Jul 10 2008 Tom "spot" Callaway - 1.8.6.230-5 +- rebuild against db4-4.7 + +* Tue Jul 1 2008 Akira TAGOH - 1.8.6.230-4 +- Backported from upstream SVN to fix a segfault issue with Array#fill. + +* Mon Jun 30 2008 Akira TAGOH - 1.8.6.230-3 +- Backported from upstream SVN to fix a segfault issue. (#452825) +- Backported from upstream SVN to fix an integer overflow in rb_ary_fill. + +* Wed Jun 25 2008 Akira TAGOH - 1.8.6.230-2 +- Fix a segfault issue. (#452810) + +* Tue Jun 24 2008 Akira TAGOH - 1.8.6.230-1 +- New upstream release. +- Security fixes. (#452295) + - CVE-2008-1891: WEBrick CGI source disclosure. + - CVE-2008-2662: Integer overflow in rb_str_buf_append(). + - CVE-2008-2663: Integer overflow in rb_ary_store(). + - CVE-2008-2664: Unsafe use of alloca in rb_str_format(). + - CVE-2008-2725: Integer overflow in rb_ary_splice(). + - CVE-2008-2726: Integer overflow in rb_ary_splice(). +- ruby-1.8.6.111-CVE-2007-5162.patch: removed. +- Build ruby-mode package for all archtectures. + +* Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 +- Security fix for CVE-2008-1145. +- Improve a spec file. (#226381) + - Correct License tag. + - Fix a timestamp issue. + - Own a arch-specific directory. + +* Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 +- Autorebuild for GCC 4.3 + +* Tue Feb 19 2008 Akira TAGOH - 1.8.6.111-8 +- Rebuild for gcc-4.3. + +* Tue Jan 15 2008 Akira TAGOH - 1.8.6.111-7 +- Revert the change of libruby-static.a. (#428384) + +* Fri Jan 11 2008 Akira TAGOH - 1.8.6.111-6 +- Fix an unnecessary replacement for shebang. (#426835) + +* Fri Jan 4 2008 Akira TAGOH - 1.8.6.111-5 +- Rebuild. + +* Fri Dec 28 2007 Akira TAGOH - 1.8.6.111-4 +- Clean up again. + +* Fri Dec 21 2007 Akira TAGOH - 1.8.6.111-3 +- Clean up the spec file. +- Remove ruby-man-1.4.6 stuff. this is entirely the out-dated document. + this could be replaced by ri. +- Disable the static library building. + +* Tue Dec 04 2007 Release Engineering - 1.8.6.111-2 + - Rebuild for openssl bump + +* Wed Oct 31 2007 Akira TAGOH +- Fix the dead link. + +* Mon Oct 29 2007 Akira TAGOH - 1.8.6.111-1 +- New upstream release. +- ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes + at trunk to enable the fix without any modifications on the users' scripts. + Note that Net::HTTP#enable_post_connection_check isn't available anymore. + If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE + to Net::HTTP#verify_mode= instead of. + +* Mon Oct 15 2007 Akira TAGOH - 1.8.6.110-2 +- Enable pthread support for ppc too. (#201452) +- Fix unexpected dependencies appears in ruby-libs. (#253325) + +* Wed Oct 10 2007 Akira TAGOH - 1.8.6.110-1 +- New upstream release. + - ruby-r12567.patch: removed. +- ruby-1.8.6-CVE-2007-5162.patch: security fix for Net::HTTP that is + insufficient verification of SSL certificate. + +* Thu Aug 23 2007 Akira TAGOH - 1.8.6.36-4 +- Rebuild + +* Fri Aug 10 2007 Akira TAGOH +- Update License tag. + +* Mon Jun 25 2007 Akira TAGOH - 1.8.6.36-3 +- ruby-r12567.patch: backport patch from upstream svn to get rid of + the unnecessary declarations. (#245446) + +* Wed Jun 20 2007 Akira TAGOH - 1.8.6.36-2 +- New upstream release. + - Fix Etc::getgrgid to get the correct gid as requested. (#236647) + +* Wed Mar 28 2007 Akira TAGOH - 1.8.6-2 +- Fix search path breakage. (#234029) + +* Thu Mar 15 2007 Akira TAGOH - 1.8.6-1 +- New upstream release. +- clean up a spec file. + +* Tue Feb 13 2007 Akira TAGOH - 1.8.5.12-2 +- Rebuild + +* Mon Feb 5 2007 Akira TAGOH - 1.8.5.12-1 +- New upstream release. + +* Mon Dec 11 2006 Akira TAGOH - 1.8.5.2-1 +- security fix release. + +* Fri Oct 27 2006 Akira TAGOH - 1.8.5-4 +- security fix release. +- ruby-1.8.5-cgi-CVE-2006-5467.patch: fix a CGI multipart parsing bug that + causes the denial of service. (#212396) + +* Sun Oct 01 2006 Jesse Keating - 1.8.5-3 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Tue Sep 26 2006 Akira TAGOH - 1.8.5-2 +- fixed rbconfig.rb to refer to DESTDIR for sitearchdir. (#207311) + +* Mon Aug 28 2006 Akira TAGOH - 1.8.5-1 +- New upstream release. +- removed the unnecessary patches: + - ruby-1.8.4-no-eaccess.patch + - ruby-1.8.4-64bit-pack.patch + - ruby-1.8.4-fix-insecure-dir-operation.patch + - ruby-1.8.4-fix-insecure-regexp-modification.patch + - ruby-1.8.4-fix-alias-safe-level.patch +- build with --enable-pthread except on ppc. +- ruby-1.8.5-hash-memory-leak.patch: backported from CVS to fix a memory leak + on Hash. [ruby-talk:211233] + +* Mon Aug 7 2006 Akira TAGOH - 1.8.4-12 +- owns sitearchdir. (#201208) + +* Thu Jul 20 2006 Akira TAGOH - 1.8.4-11 +- security fixes [CVE-2006-3694] + - ruby-1.8.4-fix-insecure-dir-operation.patch: + - ruby-1.8.4-fix-insecure-regexp-modification.patch: fixed the insecure + operations in the certain safe-level restrictions. (#199538) + - ruby-1.8.4-fix-alias-safe-level.patch: fixed to not bypass the certain + safe-level restrictions. (#199543) + +* Wed Jul 12 2006 Jesse Keating - 1.8.4-10.fc6.1 +- rebuild + +* Mon Jun 19 2006 Akira TAGOH - 1.8.4-10 +- fixed the wrong file list again. moved tcltk library into ruby-tcltk. + (#195872) + +* Thu Jun 8 2006 Akira TAGOH - 1.8.4-8 +- ruby-deprecated-sitelib-search-path.patch: correct the order of search path. + +* Wed Jun 7 2006 Akira TAGOH - 1.8.4-7 +- exclude ppc64 to make ruby-mode package. right now emacs.ppc64 isn't provided + and buildsys became much stricter. +- ruby-deprecated-sitelib-search-path.patch: applied to add more search path + for backward compatiblity. +- added byacc to BuildReq. (#194161) + +* Wed May 17 2006 Akira TAGOH - 1.8.4-6 +- ruby-deprecated-search-path.patch: added the deprecated installation paths + to the search path for the backward compatibility. +- added a Provides: ruby(abi) to ruby-libs. +- ruby-1.8.4-64bit-pack.patch: backport patch from upstream to fix unpack("l") + not working on 64bit arch and integer overflow on template "w". (#189350) +- updated License tag to be more comfortable, and with a pointer to get more + details, like Python package does. (#179933) +- clean up. + +* Wed Apr 19 2006 Akira TAGOH +- ruby-rubyprefix.patch: moved all arch-independent modules under /usr/lib/ruby + and keep arch-dependent modules under /usr/lib64/ruby for 64bit archs. + so 'rubylibdir', 'sitelibdir' and 'sitedir' in Config::CONFIG points to + the kind of /usr/lib/ruby now. (#184199) + +* Mon Apr 17 2006 Akira TAGOH - 1.8.4-4 +- correct sitelibdir. (#184198) + +* Fri Feb 10 2006 Jesse Keating - 1.8.4-3.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 1.8.4-3.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Feb 6 2006 Akira TAGOH - 1.8.4-3 +- ruby-1.8.4-no-eaccess.patch: backported from ruby CVS to avoid conflict + between newer glibc. (#179835) + +* Wed Jan 4 2006 Akira TAGOH - 1.8.4-2 +- ruby-tcltk-multilib.patch: fixed a typo. + +* Tue Dec 27 2005 Akira TAGOH - 1.8.4-1 +- New upstream release. + - fixed a missing return statement. (#140833) + - fixed an use of uninitialized variable. (#144890) + +* Fri Dec 16 2005 Akira TAGOH - 1.8.4-0.4.preview2 +- updates to 1.8.4-preview2. +- renamed the packages to ruby-* (#175765) + - irb -> ruby-irb + - rdoc -> ruby-rdoc + - ri -> ruby-ri +- added tcl-devel and tk-devel into BuildRequires. + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Thu Nov 10 2005 Akira TAGOH - 1.8.4-0.3.preview1 +- rebuilt against the latest openssl. + +* Tue Nov 1 2005 Akira TAGOH - 1.8.4-0.2.preview1 +- build-deps libX11-devel instead of xorg-x11-devel. + +* Mon Oct 31 2005 Akira TAGOH - 1.8.4-0.1.preview1 +- New upstream release. +- ruby-1.8.2-strscan-memset.patch: removed because it's no longer needed. + +* Tue Oct 4 2005 Akira TAGOH - 1.8.3-4 +- moved the documents from ruby-libs to ruby-docs, which contains the arch + specific thing and to be multilib support. (#168826) + +* Mon Oct 3 2005 Akira TAGOH - 1.8.3-3 +- fixed the wrong file list. the external library for tcl/tk was included + in ruby-libs unexpectedly. + +* Mon Sep 26 2005 Akira TAGOH - 1.8.3-2 +- ruby-multilib.patch: added another chunk for multilib. (#169127) + +* Wed Sep 21 2005 Akira TAGOH - 1.8.3-1 +- New upstream release. +- Build-Requires xorg-x11-devel instead of XFree86-devel. +- ruby-multilib.patch: applied for only 64-bit archs. +- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: removed. it has already been in upstream. + +* Tue Jun 21 2005 Akira TAGOH - 1.8.2-9 +- ruby-1.8.2-xmlrpc-CAN-2005-1992.patch: fixed the arbitrary command execution + on XMLRPC server. (#161096) + +* Thu Jun 16 2005 Akira TAGOH - 1.8.2-8 +- ruby-1.8.2-tcltk-multilib.patch: applied to get tcltklib.so built. (#160194) + +* Thu Apr 7 2005 Akira TAGOH - 1.8.2-7 +- ruby-1.8.2-deadcode.patch: removed the dead code from the source. (#146108) +- make sure that all documentation files in ruby-docs are the world- + readable. (#147279) + +* Tue Mar 22 2005 Akira TAGOH - 1.8.2-6 +- ruby-1.8.2-strscan-memset.patch: fixed an wrong usage of memset(3). + +* Tue Mar 15 2005 Akira TAGOH - 1.8.2-5 +- rebuilt + +* Tue Jan 25 2005 Akira TAGOH - 1.8.2-4 +- fixed the wrong generation of file manifest. (#146055) +- spec file clean up. + +* Mon Jan 24 2005 Akira TAGOH - 1.8.2-3 +- separated out to rdoc package. +- make the dependency of irb for rdoc. (#144708) + +* Wed Jan 12 2005 Tim Waugh - 1.8.2-2 +- Rebuilt for new readline. + +* Wed Jan 5 2005 Akira TAGOH - 1.8.2-1 +- New upstream release. +- ruby-1.8.1-ia64-stack-limit.patch: removed - it's no longer needed. +- ruby-1.8.1-cgi_session_perms.patch: likewise. +- ruby-1.8.1-cgi-dos.patch: likewise. +- generated Ruby interactive documentation - senarated package. + it's now provided as ri package. (#141806) + +* Thu Nov 11 2004 Jeff Johnson 1.8.1-10 +- rebuild against db-4.3.21. + +* Wed Nov 10 2004 Akira TAGOH - 1.8.1-9 +- ruby-1.8.1-cgi-dos.patch: security fix [CAN-2004-0983] +- ruby-1.8.1-cgi_session_perms.patch: security fix [CAN-2004-0755] + +* Fri Oct 29 2004 Akira TAGOH - 1.8.1-8 +- added openssl-devel and db4-devel into BuildRequires (#137479) + +* Wed Oct 6 2004 Akira TAGOH - 1.8.1-7 +- require emacs-common instead of emacs. + +* Wed Jun 23 2004 Akira TAGOH 1.8.1-4 +- updated the documentation. + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Wed Feb 04 2004 Akira TAGOH 1.8.1-1 +- New upstream release. +- don't use any optimization for ia64 to avoid the build failure. +- ruby-1.8.1-ia64-stack-limit.patch: applied to fix SystemStackError when the optimization is disabled. + +* Sat Dec 13 2003 Jeff Johnson 1.8.0-3 +- rebuild against db-4.2.52. + +* Thu Sep 25 2003 Jeff Johnson 1.8.0-2 +- rebuild against db-4.2.42. + +* Tue Aug 5 2003 Akira TAGOH 1.8.0-1 +- New upstream release. + +* Thu Jul 24 2003 Akira TAGOH 1.6.8-9.1 +- rebuilt + +* Thu Jul 24 2003 Akira TAGOH 1.6.8-9 +- ruby-1.6.8-castnode.patch: handling the nodes with correct cast. + use this patch now instead of ruby-1.6.8-fix-x86_64.patch. + +* Fri Jul 04 2003 Akira TAGOH 1.6.8-8 +- rebuilt + +* Fri Jul 04 2003 Akira TAGOH 1.6.8-7 +- fix the gcc warnings. (#82192) +- ruby-1.6.8-fix-x86_64.patch: correct a patch. + NOTE: DON'T USE THIS PATCH FOR BIG ENDIAN ARCHITECTURE. +- ruby-1.6.7-long2int.patch: removed. + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Fri Feb 7 2003 Jens Petersen - 1.6.8-5 +- rebuild against ucs4 tcltk + +* Wed Jan 22 2003 Tim Powers +- rebuilt + +* Wed Jan 22 2003 Akira TAGOH 1.6.8-3 +- ruby-1.6.8-multilib.patch: applied to fix the search path issue on x86_64 + +* Tue Jan 21 2003 Akira TAGOH 1.6.8-2 +- ruby-1.6.8-require.patch: applied to fix the search bug in require. +- don't apply long2int patch to s390 and s390x. it doesn't work. + +* Wed Jan 15 2003 Akira TAGOH 1.6.8-1 +- New upstream release. +- removed some patches. it's no longer needed. + - ruby-1.6.7-100.patch + - ruby-1.6.7-101.patch + - ruby-1.6.7-102.patch + - ruby-1.6.7-103.patch + - 801_extmk.rb-shellwords.patch + - 801_mkmf.rb-shellwords.patch + - 804_parse.y-new-bison.patch + - 805_uri-bugfix.patch + - ruby-1.6.6-900_XXX_strtod.patch + - ruby-1.6.7-sux0rs.patch + - ruby-1.6.7-libobj.patch + +* Wed Jan 15 2003 Jens Petersen 1.6.7-14 +- rebuild to update tcltk deps + +* Mon Dec 16 2002 Elliot Lee 1.6.7-13 +- Remove ExcludeArch: x86_64 +- Fix x86_64 ruby with long2int.patch (ruby was assuming that sizeof(long) + == sizeof(int). The patch does not fix the source of the problem, just + makes it a non-issue.) +- _smp_mflags + +* Tue Dec 10 2002 Tim Powers 1.6.7-12 +- rebuild to fix broken tcltk deps + +* Tue Oct 22 2002 Akira TAGOH 1.6.7-11 +- use %%configure macro instead of configure script. +- use the latest config.{sub,guess}. +- get archname from rbconfig.rb for %%dir +- applied some patches from Debian: + - 801_extmk.rb-shellwords.patch: use Shellwords + - 801_mkmf.rb-shellwords.patch: mkmf.rb creates bad Makefile. the Makefile + links libruby.a to the target. + - 803_sample-fix-shbang.patch: all sample codes should be + s|/usr/local/bin|/usr/bin|g + - 804_parse.y-new-bison.patch: fix syntax warning. + - 805_uri-bugfix.patch: uri.rb could not handle correctly broken mailto-uri. +- add ExcludeArch x86_64 temporarily to fix Bug#74581. Right now ruby can't be + built on x86_64. + +* Tue Aug 27 2002 Akira TAGOH 1.6.7-10 +- moved sitedir to /usr/lib/ruby/site_ruby again according as our perl and + python. +- ruby-1.6.7-resolv1.patch, ruby-1.6.7-resolv2.patch: applied to fix 'Too many + open files - "/etc/resolv.conf"' issue. (Bug#64830) + +* Thu Jul 18 2002 Akira TAGOH 1.6.7-9 +- add the owned directory. + +* Fri Jul 12 2002 Akira TAGOH 1.6.7-8 +- fix typo. + +* Thu Jul 04 2002 Akira TAGOH 1.6.7-7 +- removed the ruby-mode-xemacs because it's merged to the xemacs sumo. + +* Fri Jun 21 2002 Tim Powers +- automated rebuild + +* Wed Jun 19 2002 Akira TAGOH 1.6.7-5 +- fix the stripped binary. +- use the appropriate macros. + +* Sun May 26 2002 Tim Powers +- automated rebuild + +* Thu May 23 2002 Akira TAGOH 1.6.7-3 +- ruby-1.6.7-libobj.patch: applied to fix autoconf2.53 error. + +* Mon Mar 18 2002 Akira TAGOH 1.6.7-2 +- ruby-man-1.4.6-jp.tar.bz2: removed. +- ruby-refm-rdp-1.4.7-ja-html.tar.bz2: uses it instead of. +- ruby-1.6.7-500-marshal-proc.patch, ruby-1.6.7-501-class-var.patch: + removed. +- ruby-1.6.7-100.patch: applied a bug fix patch. + (ruby-dev#16274: patch for 'wm state') + (PR#206ja: SEGV handle EXIT) +- ruby-1.6.7-101.patch: applied a bug fix patch. + (ruby-list#34313: singleton should not be Marshal.dump'ed) + (ruby-dev#16411: block local var) +- ruby-1.6.7-102.patch: applied a bug fix patch. + (handling multibyte chars is partially broken) +- ruby-1.6.7-103.patch: applied a bug fix patch. + (ruby-dev#16462: preserve reference for GC, but link should be cut) + +* Fri Mar 8 2002 Akira TAGOH 1.6.7-1 +- New upstream release. +- ruby-1.6.6-100.patch, ruby-1.6.6-501-ruby-mode.patch: + removed. these patches no longer should be needed. +- ruby-1.6.7-500-marshal-proc.patch: applied a fix patch. + (ruby-dev#16178: Marshal::dump should call Proc#call.) +- ruby-1.6.7-501-class-var.patch: applied a fix patch. + (ruby-talk#35157: class vars broken in 1.6.7) + +* Wed Feb 27 2002 Akira TAGOH 1.6.6-5 +- Disable alpha because nothing is xemacs for alpha now. + +* Tue Feb 5 2002 Akira TAGOH 1.6.6-3 +- Fixed the duplicate files. + +* Tue Feb 5 2002 Akira TAGOH 1.6.6-2 +- Fixed the missing %%defattr + +* Fri Feb 1 2002 Akira TAGOH 1.6.6-1 +- New upstream release. +- Applied bug fix patches: + - ruby-1.6.6-501-ruby-mode.patch: ruby-talk#30479: disables font-lock + coloring. + - ruby-1.6.6-100.patch: ruby-talk#30203: Ruby 1.6.6 bug and fix + ruby-list#33047: regex bug + PR#230: problem with -d in 1.6.6 +- Added ruby-mode and ruby-mode-xemacs packages. +- Ruby works fine for ia64. so re-enable to build with ia64. + (probably it should be worked for alpha) + +* Wed Jan 09 2002 Tim Powers +- automated rebuild + +* Thu Jul 19 2001 Bernhard Rosenkraenzer 1.6.4-2 +- Remove Japanese description and summaries; they belong in specspo and + break rpm +- Clean up specfile +- Mark language specific files (README.jp) as such +- bzip2 sources +- rename the libruby package to ruby-libs for consistency +- Exclude ia64 (doesn't build - the code doesn't seem to be 64-bit clean + [has been excluded on alpha forever]) + +* Tue Jul 17 2001 Akira TAGOH 1.6.4-1 +- rebuild for Red Hat 7.2 + +* Mon Jun 04 2001 akira yamada +- upgrade to nwe upstream version 1.6.4. + +* Mon Apr 02 2001 akira yamada +- applied patch: + - fixed method cache bug. etc. (Patch103, Patch104) + +* Tue Mar 27 2001 akira yamada +- applied patch: + - fixed marshal for bignum bug. + - fixed scope of constant variables bug. + +* Tue Mar 20 2001 akira yamada +- upgraded to new upstream version 1.6.3. + +* Fri Feb 09 2001 akira yamada +- fixed bad group for libruby. +- Applied patch: upgraded to cvs version (2001-02-08): + fixed minor bugs. + +* Thu Jan 18 2001 akira yamada +- Applied patch: upgraded to cvs version (2001-01-15): + fixed minor bugs(e.g. ruby makes extention librares too large...). + +* Wed Jan 10 2001 akira yamada +- Applied patch: upgraded to cvs version (2001-01-09): + fixed minor bugs. + +* Sat Dec 30 2000 akira yamada +- Applied bug fix patch. + +* Mon Dec 25 2000 akira yamada +- Updated to new upstream version 1.6.2. + +* Fri Dec 22 2000 akira yamada +- Removed ruby_cvs.2000122019.patch, added ruby_cvs.2000122215.patch + (upgraded ruby to latest cvs version, 1.6.2-preview4). + +* Wed Dec 20 2000 akira yamada +- Removed ruby_cvs.2000121413.patch, added ruby_cvs.2000122019.patch + (upgraded ruby to latest cvs version). +- new package: libruby + +* Thu Dec 14 2000 akira yamada +- Removed ruby_cvs.2000101901.patch, added ruby_cvs.2000121413.patch + (upgraded ruby to latest cvs version). +- Removed ruby-dev.11262.patch, ruby-dev.11265.patch, + and ruby-dev.11268.patch (included into above patch). + +* Sun Nov 12 2000 MACHINO, Satoshi 1.6.1-0vl9 +- build on gcc-2.95.3 + +* Thu Oct 19 2000 akira yamada +- Added ruby-dev.11268.patch. + +* Thu Oct 19 2000 akira yamada +- Removed ruby_cvs.2000101117.patch and added ruby_cvs.2000101901.patch + (upgraded ruby to latest cvs version). +- Added ruby-dev.11262.patch. +- Added ruby-dev.11265.patch. + +* Wed Oct 11 2000 akira yamada +- Removed ruby_cvs.2000100313.patch and added ruby_cvs.2000101117.patch + (upgraded ruby to latest cvs version). + +* Mon Oct 09 2000 akira yamada +- Removed ruby_cvs.2000100313.patch and added ruby_cvs.2000100313.patch + (upgraded ruby to latest cvs version). + +* Tue Oct 03 2000 akira yamada +- Removed ruby_cvs.2000100218.patch and added ruby_cvs.2000100313.patch + (upgraded ruby to latest cvs version). + +* Mon Oct 02 2000 akira yamada +- Removed ruby_cvs.2000092718.patch and added ruby_cvs.2000100218.patch + (upgraded ruby to latest cvs version). + +* Wed Sep 27 2000 akira yamada +- Updated to upstream version 1.6.1. +- Removed ruby_cvs.2000082901.patch and added ruby_cvs.2000092718.patch + (upgraded ruby to latest cvs version). + +* Tue Aug 29 2000 akira yamada +- Updated to version 1.4.6. +- removed ruby-dev.10123.patch(included into ruby-1.4.6). +- Added ruby_cvs.2000082901.patch(upgraded ruby to latest cvs version). + +* Tue Jun 27 2000 akira yamada +- Updated manuals to version 1.4.5. + +* Sun Jun 25 2000 akira yamada +- Added ruby-dev.10123.patch. + +* Sat Jun 24 2000 akira yamada +- Updated to version 1.4.5. +- Removed ruby_cvs.2000062401.patch(included into ruby-1.4.5). + +* Thu Jun 22 2000 akira yamada +- Updated to version 1.4.4(06/22/2000 CVS). +- Removed ruby-dev.10054.patch(included into ruby_cvs.patch). + +* Thu Jun 22 2000 akira yamada +- Renamed to ruby_cvs20000620.patch from ruby_cvs.patch. + +* Tue Jun 20 2000 akira yamada +- Updated to version 1.4.4(06/20/2000 CVS). +- Removed ruby-list.23190.patch(included into ruby_cvs.patch). +- Added ruby-dev.10054.patch. + +* Thu Jun 15 2000 akira yamada +- Updated to version 1.4.4(06/12/2000 CVS). +- Added manuals and FAQs. +- Split into ruby, ruby-devel, ruby-tcltk, ruby-docs, irb. + +* Tue Jun 13 2000 Mitsuo Hamada +- Updated to version 1.4.4 + +* Wed Dec 08 1999 Atsushi Yamagata +- Updated to version 1.4.3 + +* Mon Sep 20 1999 Atsushi Yamagata +- Updated to version 1.4.2 (Sep 18) + +* Fri Sep 17 1999 Atsushi Yamagata +- Updated to version 1.4.2 + +* Tue Aug 17 1999 Atsushi Yamagata +- Updated to version 1.4.0 + +* Fri Jul 23 1999 Atsushi Yamagata +- 2nd release +- Updated to version 1.2.6(15 Jul 1999) +- striped %%{prefix}/bin/ruby + +* Mon Jun 28 1999 Atsushi Yamagata +- Updated to version 1.2.6(21 Jun 1999) + +* Wed Apr 14 1999 Atsushi Yamagata +- Updated to version 1.2.5 + +* Fri Apr 09 1999 Atsushi Yamagata +- Updated to version 1.2.4 + +* Fri Dec 25 1998 Toru Hoshina +- Version up to 1.2 stable. + +* Fri Nov 27 1998 Toru Hoshina +- Version up to 1.1c9. + +* Thu Nov 19 1998 Toru Hoshina +- Version up to 1.1c8, however it appear short life :-P + +* Fri Nov 13 1998 Toru Hoshina +- Version up. + +* Tue Sep 22 1998 Toru Hoshina +- To make a libruby.so. + +* Mon Sep 21 1998 Toru Hoshina +- Modified SPEC in order to install libruby.a so that it should be used by + another ruby entention. +- 2nd release. + +* Mon Mar 9 1998 Shoichi OZAWA +- Added a powerPC arch part. Thanks, MURATA Nobuhiro