From 562bd39c98078c223a68fbf6fce2c57b7a72eacc Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 3 Apr 2024 19:58:41 +0300 Subject: [PATCH] import ruby-3.1.4-143.module+el9.3.0+21558+96b51efd --- .gitignore | 2 +- .ruby.metadata | 2 +- SOURCES/ruby-1.9.3-mkmf-verbose.patch | 25 -- ...0-Enable-configuration-of-archlibdir.patch | 2 +- ...ed-paths-when-empty-version-string-i.patch | 2 +- SOURCES/ruby-2.1.0-always-use-i386.patch | 2 +- .../ruby-2.1.0-custom-rubygems-location.patch | 4 +- SOURCES/ruby-2.3.0-ruby_version.patch | 42 +- SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch | 4 +- .../ruby-3.1.2-ossl-tests-replace-sha1.patch | 378 +++------------- ..._bug_19529-if-compaction-unsupported.patch | 23 + ...by-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch | 135 ++++++ ...-extension-libraries-in-bundled-gems.patch | 338 --------------- ...ct-compaction-support-during-runtime.patch | 59 ++- ...paction-methods-as-rb_f_notimplement.patch | 408 +++++++++++------- ...c-compaction-methods_generated-files.patch | 44 +- ....3.0-openssl-3.2.0-fips-enable-tests.patch | 32 ++ ...2.0-fips-fix-pkey-dh-require-openssl.patch | 73 ++++ ....2.0-fips-fix-pkey-read-in-openssl-3.patch | 188 ++++++++ ...-3.2.0-fix-fips-get-set-in-openssl-3.patch | 142 ++++++ ...uby-net-http-Renew-test-certificates.patch | 256 +++++++++++ ...0-bundle-update-bundler-test-in-ruby.patch | 31 -- .../ruby-irb-1.4.1-drop-rdoc-hard-dep.patch | 24 ++ .../ruby-irb-1.4.1-set-rdoc-soft-dep.patch | 35 ++ ...sue-of-Bundler-not-falling-back-test.patch | 72 ++++ ...er-issue-of-Bundler-not-falling-back.patch | 54 +++ ...bundler-Gemfile-resolving-regression.patch | 144 +++++++ ...er-2.3.26-Tests-from-bundler-PR-6225.patch | 60 +++ SOURCES/test_openssl_fips.rb | 34 ++ SPECS/ruby.spec | 231 ++++++---- 30 files changed, 1837 insertions(+), 1009 deletions(-) delete mode 100644 SOURCES/ruby-1.9.3-mkmf-verbose.patch create mode 100644 SOURCES/ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch create mode 100644 SOURCES/ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch delete mode 100644 SOURCES/ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch create mode 100644 SOURCES/ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch create mode 100644 SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch create mode 100644 SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch create mode 100644 SOURCES/ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch create mode 100644 SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch delete mode 100644 SOURCES/ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch create mode 100644 SOURCES/ruby-irb-1.4.1-drop-rdoc-hard-dep.patch create mode 100644 SOURCES/ruby-irb-1.4.1-set-rdoc-soft-dep.patch create mode 100644 SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch create mode 100644 SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch create mode 100644 SOURCES/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch create mode 100644 SOURCES/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch create mode 100644 SOURCES/test_openssl_fips.rb diff --git a/.gitignore b/.gitignore index d6cd946..15e614a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-3.1.2.tar.xz +SOURCES/ruby-3.1.4.tar.xz diff --git a/.ruby.metadata b/.ruby.metadata index 886f73e..e0e2f08 100644 --- a/.ruby.metadata +++ b/.ruby.metadata @@ -1 +1 @@ -4c47f1dfeeb23fc55d65bcae50cf70c23bc28aa3 SOURCES/ruby-3.1.2.tar.xz +2e2fbf43b7db6f24280548a3544912535bed8212 SOURCES/ruby-3.1.4.tar.xz diff --git a/SOURCES/ruby-1.9.3-mkmf-verbose.patch b/SOURCES/ruby-1.9.3-mkmf-verbose.patch deleted file mode 100644 index 2113bea..0000000 --- a/SOURCES/ruby-1.9.3-mkmf-verbose.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 28cc0749d6729aa2444661ee7b411e183fe220b0 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Mon, 19 Nov 2012 15:14:51 +0100 -Subject: [PATCH] Verbose mkmf. - ---- - lib/mkmf.rb | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/mkmf.rb b/lib/mkmf.rb -index 682eb46..e6b1445 100644 ---- a/lib/mkmf.rb -+++ b/lib/mkmf.rb -@@ -1974,7 +1974,7 @@ def configuration(srcdir) - SHELL = /bin/sh - - # V=0 quiet, V=1 verbose. other values don't work. --V = 0 -+V = 1 - V0 = $(V:0=) - Q1 = $(V:1=) - Q = $(Q1:0=@) --- -1.8.3.1 - diff --git a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index f82660f..81261f1 100644 --- a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3368,6 +3368,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3381,6 +3381,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index 041f475..aacd076 100644 --- a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4026,7 +4026,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4039,7 +4039,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/SOURCES/ruby-2.1.0-always-use-i386.patch b/SOURCES/ruby-2.1.0-always-use-i386.patch index dffeb91..0e788dc 100644 --- a/SOURCES/ruby-2.1.0-always-use-i386.patch +++ b/SOURCES/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4090,6 +4090,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4103,6 +4103,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch index fdf0dfe..b3cb639 100644 --- a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch +++ b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4062,6 +4062,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4075,6 +4075,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4086,6 +4090,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4099,6 +4104,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch index 1f42472..cb2871e 100644 --- a/SOURCES/ruby-2.3.0-ruby_version.patch +++ b/SOURCES/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -3977,9 +3977,6 @@ AS_CASE(["$target_os"], +@@ -3990,9 +3990,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4002,56 +3999,62 @@ AC_ARG_WITH(ridir, +@@ -4015,56 +4015,62 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -120,7 +120,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4068,6 +4071,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4081,6 +4081,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl @@ -202,8 +202,8 @@ index d4ff4a262c..3f9a5bf590 100644 # specified in the environment def self.default_dir -- @default_dir ||= File.join(RbConfig::CONFIG['rubylibprefix'], 'gems', RbConfig::CONFIG['ruby_version']) -+ @default_dir ||= File.join(RbConfig::CONFIG['rubylibprefix'], 'gems', RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version']) +- @default_dir ||= File.join(RbConfig::CONFIG["rubylibprefix"], "gems", RbConfig::CONFIG["ruby_version"]) ++ @default_dir ||= File.join(RbConfig::CONFIG["rubylibprefix"], "gems", RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"]) end ## @@ -211,18 +211,18 @@ index d4ff4a262c..3f9a5bf590 100644 gem_dir = File.join(Gem.user_home, ".gem") gem_dir = File.join(Gem.data_home, "gem") unless File.exist?(gem_dir) parts = [gem_dir, ruby_engine] -- parts << RbConfig::CONFIG['ruby_version'] unless RbConfig::CONFIG['ruby_version'].empty? -+ ruby_version_dir_name = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version'] +- parts << RbConfig::CONFIG["ruby_version"] unless RbConfig::CONFIG["ruby_version"].empty? ++ ruby_version_dir_name = RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"] + parts << ruby_version_dir_name unless ruby_version_dir_name.empty? File.join parts end @@ -234,7 +235,7 @@ def self.vendor_dir # :nodoc: - return nil unless RbConfig::CONFIG.key? 'vendordir' + return nil unless RbConfig::CONFIG.key? "vendordir" - File.join RbConfig::CONFIG['vendordir'], 'gems', -- RbConfig::CONFIG['ruby_version'] -+ RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version'] + File.join RbConfig::CONFIG["vendordir"], "gems", +- RbConfig::CONFIG["ruby_version"] ++ RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"] end ## @@ -230,22 +230,22 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index b25068405d..e9fef4a311 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1410,7 +1410,8 @@ def test_self_use_paths +@@ -1395,7 +1395,8 @@ def test_self_use_paths def test_self_user_dir - parts = [@userhome, '.gem', Gem.ruby_engine] -- parts << RbConfig::CONFIG['ruby_version'] unless RbConfig::CONFIG['ruby_version'].empty? -+ ruby_version_dir_name = RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version'] + parts = [@userhome, ".gem", Gem.ruby_engine] +- parts << RbConfig::CONFIG["ruby_version"] unless RbConfig::CONFIG["ruby_version"].empty? ++ ruby_version_dir_name = RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"] + parts << ruby_version_dir_name unless ruby_version_dir_name.empty? FileUtils.mkdir_p File.join(parts) -@@ -1486,7 +1487,7 @@ def test_self_vendor_dir - vendordir(File.join(@tempdir, 'vendor')) do +@@ -1471,7 +1472,7 @@ def test_self_vendor_dir + vendordir(File.join(@tempdir, "vendor")) do expected = - File.join RbConfig::CONFIG['vendordir'], 'gems', -- RbConfig::CONFIG['ruby_version'] -+ RbConfig::CONFIG['ruby_version_dir_name'] || RbConfig::CONFIG['ruby_version'] + File.join RbConfig::CONFIG["vendordir"], "gems", +- RbConfig::CONFIG["ruby_version"] ++ RbConfig::CONFIG["ruby_version_dir_name"] || RbConfig::CONFIG["ruby_version"] assert_equal expected, Gem.vendor_dir end @@ -267,7 +267,7 @@ diff --git a/configure.ac b/configure.ac index a00f2b6776..999e2d6d5d 100644 --- a/configure.ac +++ b/configure.ac -@@ -108,7 +108,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"` +@@ -115,7 +115,7 @@ RUBY_BASE_NAME=`echo ruby | sed "$program_transform_name"` RUBYW_BASE_NAME=`echo rubyw | sed "$program_transform_name"` AC_SUBST(RUBY_BASE_NAME) AC_SUBST(RUBYW_BASE_NAME) diff --git a/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch b/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch index fc2bd08..4d5ab29 100644 --- a/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch +++ b/SOURCES/ruby-2.7.0-Initialize-ABRT-hook.patch @@ -45,7 +45,7 @@ index b2e5b2b6d0..f39f81da5c 100644 +++ b/common.mk @@ -82,7 +82,8 @@ ENC_MK = enc.mk MAKE_ENC = -f $(ENC_MK) V="$(V)" UNICODE_HDR_DIR="$(UNICODE_HDR_DIR)" \ - RUBY="$(MINIRUBY)" MINIRUBY="$(MINIRUBY)" $(mflags) + RUBY="$(BOOTSTRAPRUBY)" MINIRUBY="$(BOOTSTRAPRUBY)" $(mflags) -COMMONOBJS = array.$(OBJEXT) \ +COMMONOBJS = abrt.$(OBJEXT) \ @@ -57,7 +57,7 @@ diff --git a/ruby.c b/ruby.c index 60c57d6259..1eec16f2c8 100644 --- a/ruby.c +++ b/ruby.c -@@ -1611,10 +1611,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) +@@ -1623,10 +1623,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt) void Init_builtin_features(void); diff --git a/SOURCES/ruby-3.1.2-ossl-tests-replace-sha1.patch b/SOURCES/ruby-3.1.2-ossl-tests-replace-sha1.patch index 8f0e2b3..226ee36 100644 --- a/SOURCES/ruby-3.1.2-ossl-tests-replace-sha1.patch +++ b/SOURCES/ruby-3.1.2-ossl-tests-replace-sha1.patch @@ -1,175 +1,21 @@ -diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb -index fedcb93..53ad621 100644 ---- a/ext/openssl/extconf.rb -+++ b/ext/openssl/extconf.rb -@@ -169,6 +169,7 @@ have_func("SSL_CTX_set_post_handshake_auth") - - # added in 1.1.1 - have_func("EVP_PKEY_check") -+have_func("SSL_CTX_set_ciphersuites") - - # added in 3.0.0 - have_func("SSL_set0_tmp_dh_pkey") -diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h -index 4b51268..2ab8aea 100644 ---- a/ext/openssl/ossl.h -+++ b/ext/openssl/ossl.h -@@ -43,13 +43,13 @@ - #ifndef LIBRESSL_VERSION_NUMBER - # define OSSL_IS_LIBRESSL 0 - # define OSSL_OPENSSL_PREREQ(maj, min, pat) \ -- (OPENSSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12)) -+ (OPENSSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12))) - # define OSSL_LIBRESSL_PREREQ(maj, min, pat) 0 - #else - # define OSSL_IS_LIBRESSL 1 - # define OSSL_OPENSSL_PREREQ(maj, min, pat) 0 - # define OSSL_LIBRESSL_PREREQ(maj, min, pat) \ -- (LIBRESSL_VERSION_NUMBER >= (maj << 28) | (min << 20) | (pat << 12)) -+ (LIBRESSL_VERSION_NUMBER >= ((maj << 28) | (min << 20) | (pat << 12))) - #endif - - #if !defined(OPENSSL_NO_ENGINE) && !OSSL_OPENSSL_PREREQ(3, 0, 0) -diff --git a/ext/openssl/ossl_asn1.c b/ext/openssl/ossl_asn1.c -index a61d3ee..0d3fa9a 100644 ---- a/ext/openssl/ossl_asn1.c -+++ b/ext/openssl/ossl_asn1.c -@@ -1522,7 +1522,7 @@ Init_ossl_asn1(void) - * - * An Array that stores the name of a given tag number. These names are - * the same as the name of the tag constant that is additionally defined, -- * e.g. +UNIVERSAL_TAG_NAME[2] = "INTEGER"+ and +OpenSSL::ASN1::INTEGER = 2+. -+ * e.g. UNIVERSAL_TAG_NAME[2] = "INTEGER" and OpenSSL::ASN1::INTEGER = 2. - * - * == Example usage - * -diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c -index 2a4835a..24d0da4 100644 ---- a/ext/openssl/ossl_pkey.c -+++ b/ext/openssl/ossl_pkey.c -@@ -670,7 +670,7 @@ ossl_pkey_export_traditional(int argc, VALUE *argv, VALUE self, int to_der) - } - } - else { --#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER) -+#if OSSL_OPENSSL_PREREQ(1, 1, 0) || OSSL_LIBRESSL_PREREQ(3, 5, 0) - if (!PEM_write_bio_PrivateKey_traditional(bio, pkey, enc, NULL, 0, - ossl_pem_passwd_cb, - (void *)pass)) { -diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c -index 9a0682a..af262d9 100644 ---- a/ext/openssl/ossl_ssl.c -+++ b/ext/openssl/ossl_ssl.c -@@ -959,27 +959,13 @@ ossl_sslctx_get_ciphers(VALUE self) - return ary; - } - --/* -- * call-seq: -- * ctx.ciphers = "cipher1:cipher2:..." -- * ctx.ciphers = [name, ...] -- * ctx.ciphers = [[name, version, bits, alg_bits], ...] -- * -- * Sets the list of available cipher suites for this context. Note in a server -- * context some ciphers require the appropriate certificates. For example, an -- * RSA cipher suite can only be chosen when an RSA certificate is available. -- */ - static VALUE --ossl_sslctx_set_ciphers(VALUE self, VALUE v) -+build_cipher_string(VALUE v) - { -- SSL_CTX *ctx; - VALUE str, elem; - int i; - -- rb_check_frozen(self); -- if (NIL_P(v)) -- return v; -- else if (RB_TYPE_P(v, T_ARRAY)) { -+ if (RB_TYPE_P(v, T_ARRAY)) { - str = rb_str_new(0, 0); - for (i = 0; i < RARRAY_LEN(v); i++) { - elem = rb_ary_entry(v, i); -@@ -993,14 +979,67 @@ ossl_sslctx_set_ciphers(VALUE self, VALUE v) - StringValue(str); - } - -+ return str; -+} -+ -+/* -+ * call-seq: -+ * ctx.ciphers = "cipher1:cipher2:..." -+ * ctx.ciphers = [name, ...] -+ * ctx.ciphers = [[name, version, bits, alg_bits], ...] -+ * -+ * Sets the list of available cipher suites for this context. Note in a server -+ * context some ciphers require the appropriate certificates. For example, an -+ * RSA cipher suite can only be chosen when an RSA certificate is available. -+ */ -+static VALUE -+ossl_sslctx_set_ciphers(VALUE self, VALUE v) -+{ -+ SSL_CTX *ctx; -+ VALUE str; -+ -+ rb_check_frozen(self); -+ if (NIL_P(v)) -+ return v; -+ -+ str = build_cipher_string(v); -+ - GetSSLCTX(self, ctx); -- if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) { -+ if (!SSL_CTX_set_cipher_list(ctx, StringValueCStr(str))) - ossl_raise(eSSLError, "SSL_CTX_set_cipher_list"); -- } - - return v; - } - -+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES -+/* -+ * call-seq: -+ * ctx.ciphersuites = "cipher1:cipher2:..." -+ * ctx.ciphersuites = [name, ...] -+ * ctx.ciphersuites = [[name, version, bits, alg_bits], ...] -+ * -+ * Sets the list of available TLSv1.3 cipher suites for this context. -+ */ -+static VALUE -+ossl_sslctx_set_ciphersuites(VALUE self, VALUE v) -+{ -+ SSL_CTX *ctx; -+ VALUE str; -+ -+ rb_check_frozen(self); -+ if (NIL_P(v)) -+ return v; -+ -+ str = build_cipher_string(v); -+ -+ GetSSLCTX(self, ctx); -+ if (!SSL_CTX_set_ciphersuites(ctx, StringValueCStr(str))) -+ ossl_raise(eSSLError, "SSL_CTX_set_ciphersuites"); -+ -+ return v; -+} -+#endif -+ - #ifndef OPENSSL_NO_DH - /* - * call-seq: -@@ -2703,6 +2742,9 @@ Init_ossl_ssl(void) - ossl_sslctx_set_minmax_proto_version, 2); - rb_define_method(cSSLContext, "ciphers", ossl_sslctx_get_ciphers, 0); - rb_define_method(cSSLContext, "ciphers=", ossl_sslctx_set_ciphers, 1); -+#ifdef HAVE_SSL_CTX_SET_CIPHERSUITES -+ rb_define_method(cSSLContext, "ciphersuites=", ossl_sslctx_set_ciphersuites, 1); -+#endif - #ifndef OPENSSL_NO_DH - rb_define_method(cSSLContext, "tmp_dh=", ossl_sslctx_set_tmp_dh, 1); - #endif +From 32648da2f6f8036581859c12af2c38b0cf7abf08 Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Tue, 18 Oct 2022 09:52:13 +0200 +Subject: [PATCH] Use SHA256 instead of SHA1 where needed in tests. + +Systems such as RHEL 9 are moving away from SHA1 +disabling it completely in default configuration. +--- + test/openssl/test_asn1.rb | 6 +++--- + test/openssl/test_ns_spki.rb | 2 +- + test/openssl/test_pkey_dsa.rb | 4 ++-- + test/openssl/test_pkey_ec.rb | 4 ++-- + test/openssl/test_pkey_rsa.rb | 18 +++++++++--------- + test/openssl/test_x509cert.rb | 4 +++- + test/openssl/test_x509crl.rb | 20 ++++++++++---------- + test/openssl/test_x509req.rb | 25 +++++++++++++------------ + 8 files changed, 43 insertions(+), 40 deletions(-) + diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb index 0fd7971..c79bc14 100644 --- a/test/openssl/test_asn1.rb @@ -215,10 +61,10 @@ index ed3be86..383931b 100644 assert(spki.verify(key1.public_key)) assert(!spki.verify(key2.public_key)) diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb -index 726b7db..08213df 100644 +index de6aa63..d105909 100644 --- a/test/openssl/test_pkey_dsa.rb +++ b/test/openssl/test_pkey_dsa.rb -@@ -36,8 +36,8 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase +@@ -55,8 +55,8 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase assert_equal true, dsa512.verify(OpenSSL::Digest.new('DSS1'), signature, data) end @@ -230,10 +76,10 @@ index 726b7db..08213df 100644 signature0 = (<<~'end;').unpack("m")[0] MCwCFH5h40plgU5Fh0Z4wvEEpz0eE9SnAhRPbkRB8ggsN/vsSEYMXvJwjGg/ diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb -index ffe5a94..c06fe6f 100644 +index 9a4818d..451bab0 100644 --- a/test/openssl/test_pkey_ec.rb +++ b/test/openssl/test_pkey_ec.rb -@@ -98,8 +98,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase +@@ -100,8 +100,8 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase def test_sign_verify p256 = Fixtures.pkey("p256") data = "Sign me!" @@ -245,7 +91,7 @@ index ffe5a94..c06fe6f 100644 signature0 = (<<~'end;').unpack("m")[0] MEQCIEOTY/hD7eI8a0qlzxkIt8LLZ8uwiaSfVbjX2dPAvN11AiAQdCYx56Fq diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb -index 4bb39ed..9e06e43 100644 +index fa84b76..b0ae578 100644 --- a/test/openssl/test_pkey_rsa.rb +++ b/test/openssl/test_pkey_rsa.rb @@ -80,8 +80,8 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase @@ -259,7 +105,7 @@ index 4bb39ed..9e06e43 100644 signature0 = (<<~'end;').unpack("m")[0] oLCgbprPvfhM4pjFQiDTFeWI9Sk+Og7Nh9TmIZ/xSxf2CGXQrptlwo7NQ28+ -@@ -113,10 +113,10 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase +@@ -118,10 +118,10 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase def test_sign_verify_raw key = Fixtures.pkey("rsa-1") data = "Sign me!" @@ -274,7 +120,7 @@ index 4bb39ed..9e06e43 100644 # Too long data assert_raise(OpenSSL::PKey::PKeyError) { -@@ -129,9 +129,9 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase +@@ -134,9 +134,9 @@ class OpenSSL::TestPKeyRSA < OpenSSL::PKeyTestCase "rsa_pss_saltlen" => 20, "rsa_mgf1_md" => "SHA256" } @@ -287,132 +133,19 @@ index 4bb39ed..9e06e43 100644 end def test_sign_verify_raw_legacy -diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb -index a7607da..3ba8b39 100644 ---- a/test/openssl/test_ssl.rb -+++ b/test/openssl/test_ssl.rb -@@ -676,10 +676,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase - # buzz.example.net, respectively). ... - assert_equal(true, OpenSSL::SSL.verify_certificate_identity( - create_cert_with_san('DNS:baz*.example.com'), 'baz1.example.com')) -+ -+ # LibreSSL 3.5.0+ doesn't support other wildcard certificates -+ # (it isn't required to, as RFC states MAY, not MUST) -+ return if libressl?(3, 5, 0) -+ - assert_equal(true, OpenSSL::SSL.verify_certificate_identity( - create_cert_with_san('DNS:*baz.example.com'), 'foobaz.example.com')) - assert_equal(true, OpenSSL::SSL.verify_certificate_identity( - create_cert_with_san('DNS:b*z.example.com'), 'buzz.example.com')) -+ - # Section 6.4.3 of RFC6125 states that client should NOT match identifier - # where wildcard is other than left-most label. - # -@@ -1563,6 +1569,99 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase - end - end - -+ def test_ciphersuites_method_tls_connection -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ if !tls13_supported? || !ssl_ctx.respond_to?(:ciphersuites=) -+ pend 'TLS 1.3 not supported' -+ end -+ -+ csuite = ['TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128, 128] -+ inputs = [csuite[0], [csuite[0]], [csuite]] -+ -+ start_server do |port| -+ inputs.each do |input| -+ cli_ctx = OpenSSL::SSL::SSLContext.new -+ cli_ctx.min_version = cli_ctx.max_version = OpenSSL::SSL::TLS1_3_VERSION -+ cli_ctx.ciphersuites = input -+ -+ server_connect(port, cli_ctx) do |ssl| -+ assert_equal('TLSv1.3', ssl.ssl_version) -+ if libressl?(3, 4, 0) && !libressl?(3, 5, 0) -+ assert_equal("AEAD-AES128-GCM-SHA256", ssl.cipher[0]) -+ else -+ assert_equal(csuite[0], ssl.cipher[0]) -+ end -+ ssl.puts('abc'); assert_equal("abc\n", ssl.gets) -+ end -+ end -+ end -+ end -+ -+ def test_ciphersuites_method_nil_argument -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) -+ -+ assert_nothing_raised { ssl_ctx.ciphersuites = nil } -+ end -+ -+ def test_ciphersuites_method_frozen_object -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) -+ -+ ssl_ctx.freeze -+ assert_raise(FrozenError) { ssl_ctx.ciphersuites = 'TLS_AES_256_GCM_SHA384' } -+ end -+ -+ def test_ciphersuites_method_bogus_csuite -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=) -+ -+ assert_raise_with_message( -+ OpenSSL::SSL::SSLError, -+ /SSL_CTX_set_ciphersuites: no cipher match/i -+ ) { ssl_ctx.ciphersuites = 'BOGUS' } -+ end -+ -+ def test_ciphers_method_tls_connection -+ csuite = ['ECDHE-RSA-AES256-GCM-SHA384', 'TLSv1.2', 256, 256] -+ inputs = [csuite[0], [csuite[0]], [csuite]] -+ -+ start_server do |port| -+ inputs.each do |input| -+ cli_ctx = OpenSSL::SSL::SSLContext.new -+ cli_ctx.min_version = cli_ctx.max_version = OpenSSL::SSL::TLS1_2_VERSION -+ cli_ctx.ciphers = input -+ -+ server_connect(port, cli_ctx) do |ssl| -+ assert_equal('TLSv1.2', ssl.ssl_version) -+ assert_equal(csuite[0], ssl.cipher[0]) -+ ssl.puts('abc'); assert_equal("abc\n", ssl.gets) -+ end -+ end -+ end -+ end -+ -+ def test_ciphers_method_nil_argument -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ assert_nothing_raised { ssl_ctx.ciphers = nil } -+ end -+ -+ def test_ciphers_method_frozen_object -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ -+ ssl_ctx.freeze -+ assert_raise(FrozenError) { ssl_ctx.ciphers = 'ECDHE-RSA-AES128-SHA' } -+ end -+ -+ def test_ciphers_method_bogus_csuite -+ ssl_ctx = OpenSSL::SSL::SSLContext.new -+ -+ assert_raise_with_message( -+ OpenSSL::SSL::SSLError, -+ /SSL_CTX_set_cipher_list: no cipher match/i -+ ) { ssl_ctx.ciphers = 'BOGUS' } -+ end -+ - def test_connect_works_when_setting_dh_callback_to_nil - ctx_proc = -> ctx { - ctx.max_version = :TLS1_2 diff --git a/test/openssl/test_x509cert.rb b/test/openssl/test_x509cert.rb -index d696b98..4e2bd0c 100644 +index d696b98..6480550 100644 --- a/test/openssl/test_x509cert.rb +++ b/test/openssl/test_x509cert.rb -@@ -180,6 +180,7 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase +@@ -173,13 +173,14 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase + end + + def test_sign_and_verify_rsa_sha1 +- cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil, digest: "sha1") ++ cert = issue_cert(@ca, @rsa2048, 1, [], nil, nil, digest: "SHA1") + assert_equal(false, cert.verify(@rsa1024)) + assert_equal(true, cert.verify(@rsa2048)) + assert_equal(false, certificate_error_returns_false { cert.verify(@dsa256) }) assert_equal(false, certificate_error_returns_false { cert.verify(@dsa512) }) cert.serial = 2 assert_equal(false, cert.verify(@rsa2048)) @@ -420,15 +153,11 @@ index d696b98..4e2bd0c 100644 end def test_sign_and_verify_rsa_md5 -@@ -226,9 +227,8 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase - assert_equal("dsa_with_SHA256", cert.signature_algorithm) - # TODO: need more tests for dsa + sha2 - -- # SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requires DSS1) -- cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha1") -- assert_equal("dsaWithSHA1", cert.signature_algorithm) -+ cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha512") -+ assert_equal("dsa_with_SHA512", cert.signature_algorithm) +@@ -229,6 +230,7 @@ class OpenSSL::TestX509Certificate < OpenSSL::TestCase + # SHA1 is allowed from OpenSSL 1.0.0 (0.9.8 requires DSS1) + cert = issue_cert(@ca, @dsa256, 1, [], nil, nil, digest: "sha1") + assert_equal("dsaWithSHA1", cert.signature_algorithm) ++ rescue OpenSSL::X509::CertificateError # RHEL 9 disables SHA1 end def test_check_private_key @@ -520,7 +249,7 @@ index bcdb0a6..146ee07 100644 assert_equal(false, crl_error_returns_false { crl.verify(@rsa2048) }) assert_equal(false, crl.verify(@dsa256)) diff --git a/test/openssl/test_x509req.rb b/test/openssl/test_x509req.rb -index ee9c678..a84b162 100644 +index ee9c678..ff17c41 100644 --- a/test/openssl/test_x509req.rb +++ b/test/openssl/test_x509req.rb @@ -23,31 +23,31 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase @@ -572,16 +301,15 @@ index ee9c678..a84b162 100644 req1.attributes = attrs assert_equal(req0.to_der, req1.to_der) -@@ -101,7 +101,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase +@@ -108,6 +108,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase + assert_equal(false, request_error_returns_false { req.verify(@dsa512) }) + req.version = 1 + assert_equal(false, req.verify(@rsa1024)) ++ rescue OpenSSL::X509::RequestError # RHEL 9 disables SHA1 end - def test_sign_and_verify_rsa_sha1 -- req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA1')) -+ req = issue_csr(0, @dn, @rsa1024, OpenSSL::Digest.new('SHA256')) - assert_equal(true, req.verify(@rsa1024)) - assert_equal(false, req.verify(@rsa2048)) - assert_equal(false, request_error_returns_false { req.verify(@dsa256) }) -@@ -122,7 +122,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase + def test_sign_and_verify_rsa_md5 +@@ -122,7 +123,7 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase end def test_sign_and_verify_dsa @@ -590,7 +318,7 @@ index ee9c678..a84b162 100644 assert_equal(false, request_error_returns_false { req.verify(@rsa1024) }) assert_equal(false, request_error_returns_false { req.verify(@rsa2048) }) assert_equal(false, req.verify(@dsa256)) -@@ -137,13 +137,13 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase +@@ -137,14 +138,14 @@ class OpenSSL::TestX509Request < OpenSSL::TestCase end def test_dup @@ -602,8 +330,10 @@ index ee9c678..a84b162 100644 def test_eq - req1 = issue_csr(0, @dn, @rsa1024, "sha1") - req2 = issue_csr(0, @dn, @rsa1024, "sha1") -+ req1 = issue_csr(0, @dn, @rsa1024, "sha512") -+ req2 = issue_csr(0, @dn, @rsa1024, "sha512") - req3 = issue_csr(0, @dn, @rsa1024, "sha256") +- req3 = issue_csr(0, @dn, @rsa1024, "sha256") ++ req1 = issue_csr(0, @dn, @rsa1024, "sha256") ++ req2 = issue_csr(0, @dn, @rsa1024, "sha256") ++ req3 = issue_csr(0, @dn, @rsa1024, "sha512") assert_equal false, req1 == 12345 + assert_equal true, req1 == req2 diff --git a/SOURCES/ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch b/SOURCES/ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch new file mode 100644 index 0000000..acfa992 --- /dev/null +++ b/SOURCES/ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch @@ -0,0 +1,23 @@ +From bffadcd6d46ccfccade79ce0efb60ced8eac4483 Mon Sep 17 00:00:00 2001 +From: Peter Zhu +Date: Thu, 6 Apr 2023 13:35:25 -0400 +Subject: [PATCH] Add guard to compaction test in WeakMap + +Some platforms don't support compaction, so we should skip this test. +--- + test/ruby/test_weakmap.rb | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/test/ruby/test_weakmap.rb b/test/ruby/test_weakmap.rb +index c72e7310db101..7fc956dfae474 100644 +--- a/test/ruby/test_weakmap.rb ++++ b/test/ruby/test_weakmap.rb +@@ -178,6 +178,8 @@ def test_no_memory_leak + end + + def test_compaction_bug_19529 ++ omit "compaction is not supported on this platform" unless GC.respond_to?(:compact) ++ + obj = Object.new + 100.times do |i| + GC.compact diff --git a/SOURCES/ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch b/SOURCES/ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch new file mode 100644 index 0000000..253ba89 --- /dev/null +++ b/SOURCES/ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch @@ -0,0 +1,135 @@ +From 7af748ba924ba6119251ff959231c126784621e2 Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA +Date: Wed, 21 Jun 2023 13:26:37 +0900 +Subject: [PATCH 1/2] Bump up v0.12.2 + +--- + lib/uri/rfc2396_parser.rb | 4 ++-- + lib/uri/rfc3986_parser.rb | 2 +- + lib/uri/version.rb | 2 +- + test/uri/test_parser.rb | 22 ++++++++++++++++++++++ + 4 files changed, 26 insertions(+), 4 deletions(-) + +diff --git a/lib/uri/rfc2396_parser.rb b/lib/uri/rfc2396_parser.rb +index 76a8f99fd48ccd..00c66cf0422213 100644 +--- a/lib/uri/rfc2396_parser.rb ++++ b/lib/uri/rfc2396_parser.rb +@@ -497,8 +497,8 @@ def initialize_regexp(pattern) + ret = {} + + # for URI::split +- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) +- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) ++ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) ++ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) + + # for URI::extract + ret[:URI_REF] = Regexp.new(pattern[:URI_REF]) +diff --git a/lib/uri/rfc3986_parser.rb b/lib/uri/rfc3986_parser.rb +index dd24a409ea174e..9b1663dbb6efe3 100644 +--- a/lib/uri/rfc3986_parser.rb ++++ b/lib/uri/rfc3986_parser.rb +@@ -100,7 +100,7 @@ def default_regexp # :nodoc: + QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, + FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, + OPAQUE: /\A(?:[^\/].*)?\z/, +- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/, ++ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/, + } + end + +diff --git a/lib/uri/version.rb b/lib/uri/version.rb +index 7497a7d31a5df7..f0aca586acab4f 100644 +--- a/lib/uri/version.rb ++++ b/lib/uri/version.rb +@@ -1,6 +1,6 @@ + module URI + # :stopdoc: +- VERSION_CODE = '001201'.freeze ++ VERSION_CODE = '001202'.freeze + VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze + # :startdoc: + end +diff --git a/test/uri/test_parser.rb b/test/uri/test_parser.rb +index 72fb5901d963f6..cee0acb4b57c87 100644 +--- a/test/uri/test_parser.rb ++++ b/test/uri/test_parser.rb +@@ -79,4 +79,26 @@ def test_split + assert_equal([nil, nil, "example.com", nil, nil, "", nil, nil, nil], URI.split("//example.com")) + assert_equal([nil, nil, "[0::0]", nil, nil, "", nil, nil, nil], URI.split("//[0::0]")) + end ++ ++ def test_rfc2822_parse_relative_uri ++ pre = ->(length) { ++ " " * length + "\0" ++ } ++ parser = URI::RFC2396_Parser.new ++ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |uri| ++ assert_raise(URI::InvalidURIError) do ++ parser.split(uri) ++ end ++ end ++ end ++ ++ def test_rfc3986_port_check ++ pre = ->(length) {"\t" * length + "a"} ++ uri = URI.parse("http://my.example.com") ++ assert_linear_performance((1..5).map {|i| 10**i}, pre: pre) do |port| ++ assert_raise(URI::InvalidComponentError) do ++ uri.port = port ++ end ++ end ++ end + end + +From b2deea8a2e71ab880370080a9ddf243747abc8fd Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA +Date: Wed, 21 Jun 2023 14:15:26 +0900 +Subject: [PATCH 2/2] Merge URI-0.10.3 for Bundler + +--- + lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb | 4 ++-- + lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb | 2 +- + lib/bundler/vendor/uri/lib/uri/version.rb | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb b/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +index e48e164f4c13e7..09ed40754d5bfe 100644 +--- a/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb ++++ b/lib/bundler/vendor/uri/lib/uri/rfc2396_parser.rb +@@ -491,8 +491,8 @@ def initialize_regexp(pattern) + ret = {} + + # for Bundler::URI::split +- ret[:ABS_URI] = Regexp.new('\A\s*' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) +- ret[:REL_URI] = Regexp.new('\A\s*' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) ++ ret[:ABS_URI] = Regexp.new('\A\s*+' + pattern[:X_ABS_URI] + '\s*\z', Regexp::EXTENDED) ++ ret[:REL_URI] = Regexp.new('\A\s*+' + pattern[:X_REL_URI] + '\s*\z', Regexp::EXTENDED) + + # for Bundler::URI::extract + ret[:URI_REF] = Regexp.new(pattern[:URI_REF]) +diff --git a/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb b/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +index cd4dd0c7526630..870720e5b3e8d0 100644 +--- a/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb ++++ b/lib/bundler/vendor/uri/lib/uri/rfc3986_parser.rb +@@ -95,7 +95,7 @@ def default_regexp # :nodoc: + QUERY: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, + FRAGMENT: /\A(?:%\h\h|[!$&-.0-;=@-Z_a-z~\/?])*\z/, + OPAQUE: /\A(?:[^\/].*)?\z/, +- PORT: /\A[\x09\x0a\x0c\x0d ]*\d*[\x09\x0a\x0c\x0d ]*\z/, ++ PORT: /\A[\x09\x0a\x0c\x0d ]*+\d*[\x09\x0a\x0c\x0d ]*\z/, + } + end + +diff --git a/lib/bundler/vendor/uri/lib/uri/version.rb b/lib/bundler/vendor/uri/lib/uri/version.rb +index 3895df0de5c53a..d65b7e5b7574d8 100644 +--- a/lib/bundler/vendor/uri/lib/uri/version.rb ++++ b/lib/bundler/vendor/uri/lib/uri/version.rb +@@ -1,6 +1,6 @@ + module Bundler::URI + # :stopdoc: +- VERSION_CODE = '001002'.freeze ++ VERSION_CODE = '001003'.freeze + VERSION = VERSION_CODE.scan(/../).collect{|n| n.to_i}.join('.').freeze + # :startdoc: + end diff --git a/SOURCES/ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch b/SOURCES/ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch deleted file mode 100644 index de8d4d3..0000000 --- a/SOURCES/ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 111f8422427d78becc9183ae149b2105a16bf327 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Tue, 5 Apr 2022 23:24:00 +0900 -Subject: [PATCH 1/5] Bundled gems are expanded under `.bundle/gems` now - ---- - ext/extmk.rb | 13 +++++++------ - template/exts.mk.tmpl | 2 +- - 2 files changed, 8 insertions(+), 7 deletions(-) - -diff --git a/ext/extmk.rb b/ext/extmk.rb -index 4a087f294ac9..1da9e2704521 100755 ---- a/ext/extmk.rb -+++ b/ext/extmk.rb -@@ -146,7 +146,7 @@ def extmake(target, basedir = 'ext', maybestatic = true) - top_srcdir = $top_srcdir - topdir = $topdir - hdrdir = $hdrdir -- prefix = "../" * (target.count("/")+1) -+ prefix = "../" * (basedir.count("/")+target.count("/")+1) - $top_srcdir = relative_from(top_srcdir, prefix) - $hdrdir = relative_from(hdrdir, prefix) - $topdir = prefix + $topdir -@@ -460,10 +460,11 @@ def $mflags.defined?(var) - end unless $extstatic - - @gemname = nil --if ARGV[0] -- ext_prefix, exts = ARGV.shift.split('/', 2) -+if exts = ARGV.shift -+ ext_prefix = exts[%r[\A(?>\.bundle/)?[^/]+(?:/(?=(.+)?)|\z)]] -+ exts = $1 - $extension = [exts] if exts -- if ext_prefix == 'gems' -+ if ext_prefix.start_with?('.') - @gemname = exts - elsif exts - $static_ext.delete_if {|t, *| !File.fnmatch(t, exts)} -@@ -515,7 +516,7 @@ def $mflags.defined?(var) - exts.delete_if {|d| File.fnmatch?("-*", d)} - end - end --ext_prefix = File.basename(ext_prefix) -+ext_prefix = ext_prefix[$top_srcdir.size+1..-2] - - extend Module.new { - def timestamp_file(name, target_prefix = nil) -@@ -634,7 +635,7 @@ def initialize(src) - end - } - --Dir.chdir ".." -+Dir.chdir dir - unless $destdir.to_s.empty? - $mflags.defined?("DESTDIR") or $mflags << "DESTDIR=#{$destdir}" - end -diff --git a/template/exts.mk.tmpl b/template/exts.mk.tmpl -index 2f37f4480ac5..964939e365a1 100644 ---- a/template/exts.mk.tmpl -+++ b/template/exts.mk.tmpl -@@ -25,7 +25,7 @@ macros["old_extensions"] = [] - - contpat = /(?>(?>[^\\\n]|\\.)*\\\n)*(?>[^\\\n]|\\.)*/ - Dir.glob("{ext,.bundle/gems}/*/exts.mk") do |e| -- gem = /\Agems(?=\/)/ =~ e -+ gem = e.start_with?(".bundle/gems/") - s = File.read(e) - s.scan(/^(extensions|SUBMAKEOPTS|EXT[A-Z]+|MFLAGS|NOTE_[A-Z]+)[ \t]*=[ \t]*(#{contpat})$/o) do |n, v| - v.gsub!(/\\\n[ \t]*/, ' ') - -From 6ea34cac22131d28a9cc50e7875e854aed9bdb88 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Wed, 6 Apr 2022 20:25:53 +0900 -Subject: [PATCH 2/5] Retrieve configured gems info - ---- - template/configure-ext.mk.tmpl | 2 +- - template/exts.mk.tmpl | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/template/configure-ext.mk.tmpl b/template/configure-ext.mk.tmpl -index 6636a7759c54..8ba6b963e3ec 100644 ---- a/template/configure-ext.mk.tmpl -+++ b/template/configure-ext.mk.tmpl -@@ -27,7 +27,7 @@ SCRIPT_ARGS = <%=script_args.gsub("#", "\\#")%> - EXTMK_ARGS = $(SCRIPT_ARGS) --gnumake=$(gnumake) --extflags="$(EXTLDFLAGS)" \ - --make-flags="MINIRUBY='$(MINIRUBY)'" - --all: exts # gems -+all: exts gems - exts: - gems: - -diff --git a/template/exts.mk.tmpl b/template/exts.mk.tmpl -index 964939e365a1..e544c4c88bd7 100644 ---- a/template/exts.mk.tmpl -+++ b/template/exts.mk.tmpl -@@ -19,7 +19,7 @@ opt = OptionParser.new do |o| - o.on('--configure-exts=FILE') {|v| confexts = v} - o.order!(ARGV) - end --confexts &&= File.read(confexts).scan(/^exts: (.*\.mk)/).flatten rescue nil -+confexts &&= File.read(confexts).scan(/^(?:ext|gem)s: (.*\.mk)/).flatten rescue nil - confexts ||= [] - macros["old_extensions"] = [] - -@@ -30,7 +30,7 @@ Dir.glob("{ext,.bundle/gems}/*/exts.mk") do |e| - s.scan(/^(extensions|SUBMAKEOPTS|EXT[A-Z]+|MFLAGS|NOTE_[A-Z]+)[ \t]*=[ \t]*(#{contpat})$/o) do |n, v| - v.gsub!(/\\\n[ \t]*/, ' ') - next if v.empty? -- next if gem and n != "extensions" -+ next if n != "extensions" - n = "old_extensions" if n == "extensions" and !confexts.include?(e) - v = v.split - m = macros[n] ||= [] - -From be9d00ee7c72766551ba8c3530f1538034498a6a Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Wed, 6 Apr 2022 20:28:00 +0900 -Subject: [PATCH 3/5] Move the target directory of bundled gems like as - rubygems - ---- - ext/extmk.rb | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/ext/extmk.rb b/ext/extmk.rb -index 1da9e2704521..a440af27fc5d 100755 ---- a/ext/extmk.rb -+++ b/ext/extmk.rb -@@ -2,6 +2,9 @@ - # -*- mode: ruby; coding: us-ascii -*- - # frozen_string_literal: false - -+module Gem; end # only needs Gem::Platform -+require 'rubygems/platform' -+ - # :stopdoc: - $extension = nil - $extstatic = nil -@@ -535,11 +538,12 @@ def create_makefile(*args, &block) - super(*args) do |conf| - conf.find do |s| - s.sub!(/^(TARGET_SO_DIR *= *)\$\(RUBYARCHDIR\)/) { -- "TARGET_GEM_DIR = $(extout)/gems/$(arch)/#{@gemname}\n"\ -+ "TARGET_GEM_DIR = $(topdir)/.bundle/extensions/$(gem_platform)/$(ruby_version)/#{@gemname}\n"\ - "#{$1}$(TARGET_GEM_DIR)$(target_prefix)" - } - end - conf.any? {|s| /^TARGET *= *\S/ =~ s} and conf << %{ -+gem_platform = #{Gem::Platform.local} - - # default target - all: - -From c4daf8e445925695c34bab8bf5135dcd1e8575a3 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Wed, 6 Apr 2022 22:57:01 +0900 -Subject: [PATCH 4/5] Obey spec file locations to rubygems - ---- - common.mk | 3 ++- - defs/gmake.mk | 2 +- - tool/gem-unpack.rb | 5 +++-- - 3 files changed, 6 insertions(+), 4 deletions(-) - -diff --git a/common.mk b/common.mk -index 7c552cba1e04..b4adb2729c0e 100644 ---- a/common.mk -+++ b/common.mk -@@ -1359,10 +1359,11 @@ extract-gems$(gnumake:yes=-nongnumake): PHONY - $(Q) $(RUNRUBY) -C "$(srcdir)" \ - -Itool -rgem-unpack -answ \ - -e 'BEGIN {FileUtils.mkdir_p(d = ".bundle/gems")}' \ -+ -e 'BEGIN {FileUtils.mkdir_p(s = ".bundle/specifications")}' \ - -e 'gem, ver = *$$F' \ - -e 'next if !ver or /^#/=~gem' \ - -e 'g = "#{gem}-#{ver}"' \ -- -e 'File.directory?("#{d}/#{g}") or Gem.unpack("gems/#{g}.gem", d)' \ -+ -e 'File.directory?("#{d}/#{g}") or Gem.unpack("gems/#{g}.gem", d, s)' \ - gems/bundled_gems - - update-bundled_gems: PHONY -diff --git a/defs/gmake.mk b/defs/gmake.mk -index a625379a6804..27e3e21cc4d6 100644 ---- a/defs/gmake.mk -+++ b/defs/gmake.mk -@@ -290,7 +290,7 @@ extract-gems: | $(patsubst %,.bundle/gems/%,$(bundled-gems)) - $(ECHO) Extracting bundle gem $*... - $(Q) $(BASERUBY) -C "$(srcdir)" \ - -Itool -rgem-unpack \ -- -e 'Gem.unpack("gems/$(@F).gem", ".bundle/gems")' -+ -e 'Gem.unpack("gems/$(@F).gem", ".bundle/gems", ".bundle/specifications")' - - $(srcdir)/.bundle/gems: - $(MAKEDIRS) $@ -diff --git a/tool/gem-unpack.rb b/tool/gem-unpack.rb -index cb05719463f2..fe10b0e420fa 100644 ---- a/tool/gem-unpack.rb -+++ b/tool/gem-unpack.rb -@@ -5,13 +5,14 @@ - # This library is used by "make extract-gems" to - # unpack bundled gem files. - --def Gem.unpack(file, dir = nil) -+def Gem.unpack(file, dir = nil, spec_dir = nil) - pkg = Gem::Package.new(file) - spec = pkg.spec - target = spec.full_name - target = File.join(dir, target) if dir - pkg.extract_files target -- spec_file = File.join(target, "#{spec.name}-#{spec.version}.gemspec") -+ FileUtils.mkdir_p(spec_dir ||= target) -+ spec_file = File.join(spec_dir, "#{spec.name}-#{spec.version}.gemspec") - open(spec_file, 'wb') do |f| - f.print spec.to_ruby - end - -From 3de652d8198be9cd2998c095903889a80e738275 Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Thu, 7 Apr 2022 01:44:43 +0900 -Subject: [PATCH 5/5] Install built gem extension binaries - ---- - tool/rbinstall.rb | 56 ++++++++++++++--------------------------------- - 1 file changed, 16 insertions(+), 40 deletions(-) - -diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb -index 9d9b672be472..624961b4eee6 100755 ---- a/tool/rbinstall.rb -+++ b/tool/rbinstall.rb -@@ -858,6 +858,9 @@ class UnpackedInstaller < GemInstaller - def write_cache_file - end - -+ def build_extensions -+ end -+ - def shebang(bin_file_name) - path = File.join(gem_dir, spec.bindir, bin_file_name) - first_line = File.open(path, "rb") {|file| file.gets} -@@ -940,13 +943,12 @@ def ensure_writable_dir(dir) - install_default_gem('ext', srcdir, bindir) - end - --def load_gemspec(file, expanded = false) -+def load_gemspec(file, base = nil) - file = File.realpath(file) - code = File.read(file, encoding: "utf-8:-") - code.gsub!(/(?:`git[^\`]*`|%x\[git[^\]]*\])\.split\([^\)]*\)/m) do - files = [] -- if expanded -- base = File.dirname(file) -+ if base - Dir.glob("**/*", File::FNM_DOTMATCH, base: base) do |n| - case File.basename(n); when ".", ".."; next; end - next if File.directory?(File.join(base, n)) -@@ -959,7 +961,7 @@ def load_gemspec(file, expanded = false) - unless Gem::Specification === spec - raise TypeError, "[#{file}] isn't a Gem::Specification (#{spec.class} instead)." - end -- spec.loaded_from = file -+ spec.loaded_from = base ? File.join(base, File.basename(file)) : file - spec.files.reject! {|n| n.end_with?(".gemspec") or n.start_with?(".git")} - - spec -@@ -1014,20 +1016,6 @@ def install_default_gem(dir, srcdir, bindir) - end - - install?(:ext, :comm, :gem, :'bundled-gems') do -- if CONFIG['CROSS_COMPILING'] == 'yes' -- # The following hacky steps set "$ruby = BASERUBY" in tool/fake.rb -- $hdrdir = '' -- $extmk = nil -- $ruby = nil # ... -- ruby_path = $ruby + " -I#{Dir.pwd}" # $baseruby + " -I#{Dir.pwd}" -- else -- # ruby_path = File.expand_path(with_destdir(File.join(bindir, ruby_install_name))) -- ENV['RUBYLIB'] = nil -- ENV['RUBYOPT'] = nil -- ruby_path = File.expand_path(with_destdir(File.join(bindir, ruby_install_name))) + " --disable=gems -I#{with_destdir(archlibdir)}" -- end -- Gem.instance_variable_set(:@ruby, ruby_path) if Gem.ruby != ruby_path -- - gem_dir = Gem.default_dir - install_dir = with_destdir(gem_dir) - prepare "bundled gems", gem_dir -@@ -1047,40 +1035,28 @@ def install_default_gem(dir, srcdir, bindir) - :wrappers => true, - :format_executable => true, - } -- gem_ext_dir = "#$extout/gems/#{CONFIG['arch']}" -- extensions_dir = with_destdir(Gem::StubSpecification.gemspec_stub("", gem_dir, gem_dir).extensions_dir) -+ -+ extensions_dir = Gem::StubSpecification.gemspec_stub("", gem_dir, gem_dir).extensions_dir -+ specifications_dir = File.join(gem_dir, "specifications") -+ build_dir = Gem::StubSpecification.gemspec_stub("", ".bundle", ".bundle").extensions_dir - - File.foreach("#{srcdir}/gems/bundled_gems") do |name| - next if /^\s*(?:#|$)/ =~ name - next unless /^(\S+)\s+(\S+).*/ =~ name - gem_name = "#$1-#$2" -- path = "#{srcdir}/.bundle/gems/#{gem_name}/#{gem_name}.gemspec" -- if File.exist?(path) -- spec = load_gemspec(path) -- else -- path = "#{srcdir}/.bundle/gems/#{gem_name}/#$1.gemspec" -- next unless File.exist?(path) -- spec = load_gemspec(path, true) -- end -+ path = "#{srcdir}/.bundle/specifications/#{gem_name}.gemspec" -+ next unless File.exist?(path) -+ spec = load_gemspec(path, "#{srcdir}/.bundle/gems/#{gem_name}") - next unless spec.platform == Gem::Platform::RUBY - next unless spec.full_name == gem_name -- if !spec.extensions.empty? && CONFIG["EXTSTATIC"] == "static" -- puts "skip installation of #{spec.name} #{spec.version}; bundled gem with an extension library is not supported on --with-static-linked-ext" -- next -- end - spec.extension_dir = "#{extensions_dir}/#{spec.full_name}" -- if File.directory?(ext = "#{gem_ext_dir}/#{spec.full_name}") -- spec.extensions[0] ||= "-" -- end - package = RbInstall::DirPackage.new spec - ins = RbInstall::UnpackedInstaller.new(package, options) - puts "#{INDENT}#{spec.name} #{spec.version}" - ins.install -- unless $dryrun -- File.chmod($data_mode, File.join(install_dir, "specifications", "#{spec.full_name}.gemspec")) -- end -- unless spec.extensions.empty? -- install_recursive(ext, spec.extension_dir) -+ install_recursive("#{build_dir}/#{gem_name}", "#{extensions_dir}/#{gem_name}") do |src, dest| -+ # puts "#{INDENT} #{dest[extensions_dir.size+gem_name.size+2..-1]}" -+ install src, dest, :mode => (File.executable?(src) ? $prog_mode : $data_mode) - end - installed_gems[spec.full_name] = true - end diff --git a/SOURCES/ruby-3.2.0-Detect-compaction-support-during-runtime.patch b/SOURCES/ruby-3.2.0-Detect-compaction-support-during-runtime.patch index 589c3e5..aecfb2a 100644 --- a/SOURCES/ruby-3.2.0-Detect-compaction-support-during-runtime.patch +++ b/SOURCES/ruby-3.2.0-Detect-compaction-support-during-runtime.patch @@ -64,6 +64,41 @@ $ git add gc.c $ git commit ``` +== Notes for the patch == + +``` ++# define GC_COMPACTION_SUPPORTED (GC_CAN_COMPILE_COMPACTION && USE_MMAP_ALIGNED_ALLOC) +``` + +We use the USE_MMAP_ALIGNED_ALLOC instead of HEAP_PAGE_ALLOC_USE_MMAP on +the line above. Because while the Ruby on the master branch replaced the +USE_MMAP_ALIGNED_ALLOC with HEAP_PAGE_ALLOC_USE_MMAP, Ruby 3.1.2 doesn't. +See . + +``` ++ rb_define_singleton_method(rb_mGC, "verify_compaction_references", gc_verify_compaction_references, -1); +``` + +We added the line in the case that GC_COMPACTION_SUPPORTED is true. +Because while the Ruby on the master branch defines the +GC.verify_compaction_references in the gc.rb in +the case that GC_COMPACTION_SUPPORTED is true, Ruby 3.1.2 +doesn't define it in the gc.rb. +See . + +``` ++ OPT(GC_COMPACTION_SUPPORTED); +``` + +We added the line to expose the C macro to Ruby level. +In Ruby the macro existance can then be checked like so: +```Ruby +GC::OPTS.include?("GC_COMPACTION_SUPPORTED") +``` +It will return `true` if the GC_COMPACTION_SUPPORTED evaluates to `true` on the +C level, `false` otherwise. +See + == Original commit messages == This is a combination of 3 commits. @@ -104,7 +139,7 @@ diff --git a/gc.c b/gc.c index 1c35856c44..bff0666a17 100644 --- a/gc.c +++ b/gc.c -@@ -4980,6 +4980,23 @@ gc_unprotect_pages(rb_objspace_t *objspace, rb_heap_t *heap) +@@ -4985,6 +4985,23 @@ gc_unprotect_pages(rb_objspace_t *objspace, rb_heap_t *heap) static void gc_update_references(rb_objspace_t * objspace); static void invalidate_moved_page(rb_objspace_t *objspace, struct heap_page *page); @@ -128,7 +163,7 @@ index 1c35856c44..bff0666a17 100644 static void read_barrier_handler(uintptr_t address) { -@@ -5000,6 +5017,7 @@ read_barrier_handler(uintptr_t address) +@@ -5005,6 +5022,7 @@ read_barrier_handler(uintptr_t address) } RB_VM_LOCK_LEAVE(); } @@ -136,7 +171,7 @@ index 1c35856c44..bff0666a17 100644 #if defined(_WIN32) static LPTOP_LEVEL_EXCEPTION_FILTER old_handler; -@@ -9250,13 +9268,7 @@ gc_start_internal(rb_execution_context_t *ec, VALUE self, VALUE full_mark, VALUE +@@ -9268,13 +9286,7 @@ gc_start_internal(rb_execution_context_t *ec, VALUE self, VALUE full_mark, VALUE /* For now, compact implies full mark / sweep, so ignore other flags */ if (RTEST(compact)) { @@ -151,7 +186,7 @@ index 1c35856c44..bff0666a17 100644 reason |= GPR_FLAG_COMPACT; } -@@ -9421,7 +9433,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size) +@@ -9439,7 +9451,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size) return (VALUE)src; } @@ -160,7 +195,7 @@ index 1c35856c44..bff0666a17 100644 static int compare_free_slots(const void *left, const void *right, void *dummy) { -@@ -10149,7 +10161,7 @@ gc_update_references(rb_objspace_t *objspace) +@@ -10167,7 +10179,7 @@ gc_update_references(rb_objspace_t *objspace) gc_update_table_refs(objspace, finalizer_table); } @@ -169,7 +204,7 @@ index 1c35856c44..bff0666a17 100644 /* * call-seq: * GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}} -@@ -10190,7 +10202,7 @@ gc_compact_stats(VALUE self) +@@ -10208,7 +10220,7 @@ gc_compact_stats(VALUE self) # define gc_compact_stats rb_f_notimplement #endif @@ -178,7 +213,7 @@ index 1c35856c44..bff0666a17 100644 static void root_obj_check_moved_i(const char *category, VALUE obj, void *data) { -@@ -10269,7 +10281,7 @@ gc_compact(VALUE self) +@@ -10287,7 +10299,7 @@ gc_compact(VALUE self) # define gc_compact rb_f_notimplement #endif @@ -187,7 +222,7 @@ index 1c35856c44..bff0666a17 100644 /* * call-seq: * GC.verify_compaction_references(toward: nil, double_heap: false) -> hash -@@ -10800,7 +10812,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _) +@@ -10818,7 +10830,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _) return rb_gc_disable(); } @@ -196,7 +231,7 @@ index 1c35856c44..bff0666a17 100644 /* * call-seq: * GC.auto_compact = flag -@@ -10814,8 +10826,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _) +@@ -10832,8 +10844,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _) static VALUE gc_set_auto_compact(VALUE _, VALUE v) { @@ -206,7 +241,7 @@ index 1c35856c44..bff0666a17 100644 ruby_enable_autocompact = RTEST(v); return v; -@@ -10824,7 +10835,8 @@ gc_set_auto_compact(VALUE _, VALUE v) +@@ -10842,7 +10853,8 @@ gc_set_auto_compact(VALUE _, VALUE v) # define gc_set_auto_compact rb_f_notimplement #endif @@ -216,7 +251,7 @@ index 1c35856c44..bff0666a17 100644 /* * call-seq: * GC.auto_compact -> true or false -@@ -13696,11 +13708,21 @@ Init_GC(void) +@@ -13753,11 +13776,21 @@ Init_GC(void) rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0); rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0); #endif @@ -243,7 +278,7 @@ index 1c35856c44..bff0666a17 100644 #if GC_DEBUG_STRESS_TO_CLASS rb_define_singleton_method(rb_mGC, "add_stress_to_class", rb_gcdebug_add_stress_to_class, -1); -@@ -13724,6 +13746,7 @@ Init_GC(void) +@@ -13781,6 +13803,7 @@ Init_GC(void) OPT(MALLOC_ALLOCATED_SIZE); OPT(MALLOC_ALLOCATED_SIZE_CHECK); OPT(GC_PROFILE_DETAIL_MEMORY); diff --git a/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch b/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch index 1e34def..89842ea 100644 --- a/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch +++ b/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch @@ -1,34 +1,31 @@ -commit 6d1ca6737f31b2e24664a093f1827dd74a121a9f -Author: Jarek Prokop -Date: Thu May 26 11:28:13 2022 +0200 +From 1b3502156a665e2782f366aa5ac8c3bfd7637ab8 Mon Sep 17 00:00:00 2001 +From: Mike Dalessio +Date: Mon, 23 May 2022 15:40:22 -0400 +Subject: [PATCH 1/2] Move compaction-related methods into gc.c - Gc ppc64le fix +These methods are removed from gc.rb and added to gc.c: + +- GC.compact +- GC.auto_compact +- GC.auto_compact= +- GC.latest_compact_info +- GC.verify_compaction_references + +This is a prefactor to allow setting these methods to +`rb_f_notimplement` in a followup commit. +--- + gc.c | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++++------ + gc.rb | 68 --------------------------------------- + 2 files changed, 91 insertions(+), 78 deletions(-) diff --git a/gc.c b/gc.c index ef9327df1f..1c35856c44 100644 --- a/gc.c +++ b/gc.c -@@ -9421,6 +9421,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size) - return (VALUE)src; - } - -+#if GC_COMPACTION_SUPPORTED - static int - compare_free_slots(const void *left, const void *right, void *dummy) - { -@@ -9468,6 +9469,7 @@ gc_sort_heap_by_empty_slots(rb_objspace_t *objspace) - free(page_list); - } - } -+#endif - - static void - gc_ref_update_array(rb_objspace_t * objspace, VALUE v) -@@ -10147,8 +10149,21 @@ gc_update_references(rb_objspace_t *objspace) +@@ -10165,8 +10165,20 @@ gc_update_references(rb_objspace_t *objspace) gc_update_table_refs(objspace, finalizer_table); } -+#if GC_COMPACTION_SUPPORTED +/* + * call-seq: + * GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}} @@ -47,19 +44,7 @@ index ef9327df1f..1c35856c44 100644 { size_t i; rb_objspace_t *objspace = &rb_objspace; -@@ -10171,7 +10186,11 @@ gc_compact_stats(rb_execution_context_t *ec, VALUE self) - - return h; - } -+#else -+# define gc_compact_stats rb_f_notimplement -+#endif - -+#if GC_COMPACTION_SUPPORTED - static void - root_obj_check_moved_i(const char *category, VALUE obj, void *data) - { -@@ -10221,22 +10240,78 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data) +@@ -10239,22 +10251,70 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data) return 0; } @@ -75,10 +60,6 @@ index ef9327df1f..1c35856c44 100644 + * + * This method is implementation specific and not expected to be implemented + * in any implementation besides MRI. -+ * -+ * To test whether GC compaction is supported, use the idiom: -+ * -+ * GC.respond_to?(:compact) + */ static VALUE -gc_compact(rb_execution_context_t *ec, VALUE self) @@ -91,11 +72,7 @@ index ef9327df1f..1c35856c44 100644 - return gc_compact_stats(ec, self); + return gc_compact_stats(self); } -+#else -+# define gc_compact rb_f_notimplement -+#endif -+#if GC_COMPACTION_SUPPORTED +/* + * call-seq: + * GC.verify_compaction_references(toward: nil, double_heap: false) -> hash @@ -143,7 +120,7 @@ index ef9327df1f..1c35856c44 100644 RB_VM_LOCK_ENTER(); { -@@ -10256,13 +10331,16 @@ gc_verify_compaction_references(rb_execution_context_t *ec, VALUE self, VALUE do +@@ -10274,12 +10334,12 @@ gc_verify_compaction_references(rb_execution_context_t *ec, VALUE self, VALUE do } RB_VM_LOCK_LEAVE(); @@ -156,17 +133,12 @@ index ef9327df1f..1c35856c44 100644 - return gc_compact_stats(ec, self); + return gc_compact_stats(self); } -+#else -+# define gc_verify_compaction_references rb_f_notimplement -+#endif VALUE - rb_gc_start(void) -@@ -10722,26 +10800,45 @@ gc_disable(rb_execution_context_t *ec, VALUE _) +@@ -10740,8 +10800,18 @@ gc_disable(rb_execution_context_t *ec, VALUE _) return rb_gc_disable(); } -+#if GC_COMPACTION_SUPPORTED +/* + * call-seq: + * GC.auto_compact = flag @@ -183,20 +155,10 @@ index ef9327df1f..1c35856c44 100644 { /* If not MinGW, Windows, or does not have mmap, we cannot use mprotect for * the read barrier, so we must disable automatic compaction. */ --#if !defined(__MINGW32__) && !defined(_WIN32) -- if (!USE_MMAP_ALIGNED_ALLOC) { -- rb_raise(rb_eNotImpError, "Automatic compaction isn't available on this platform"); -- } --#endif - - ruby_enable_autocompact = RTEST(v); +@@ -10755,8 +10825,14 @@ gc_set_auto_compact(rb_execution_context_t *ec, VALUE _, VALUE v) return v; } -+#else -+# define gc_set_auto_compact rb_f_notimplement -+#endif -+#if GC_COMPACTION_SUPPORTED +/* + * call-seq: + * GC.auto_compact -> true or false @@ -209,13 +171,7 @@ index ef9327df1f..1c35856c44 100644 { return RBOOL(ruby_enable_autocompact); } -+#else -+# define gc_get_auto_compact rb_f_notimplement -+#endif - - static int - get_envparam_size(const char *name, size_t *default_value, size_t lower_bound) -@@ -13599,6 +13696,11 @@ Init_GC(void) +@@ -13656,6 +13732,11 @@ Init_GC(void) rb_define_singleton_method(rb_mGC, "malloc_allocated_size", gc_malloc_allocated_size, 0); rb_define_singleton_method(rb_mGC, "malloc_allocations", gc_malloc_allocations, 0); #endif @@ -227,6 +183,236 @@ index ef9327df1f..1c35856c44 100644 #if GC_DEBUG_STRESS_TO_CLASS rb_define_singleton_method(rb_mGC, "add_stress_to_class", rb_gcdebug_add_stress_to_class, -1); +diff --git a/gc.rb b/gc.rb +index 72637f3796..9265dd7b57 100644 +--- a/gc.rb ++++ b/gc.rb +@@ -38,27 +38,6 @@ def garbage_collect full_mark: true, immediate_mark: true, immediate_sweep: true + Primitive.gc_start_internal full_mark, immediate_mark, immediate_sweep, false + end + +- # call-seq: +- # GC.auto_compact -> true or false +- # +- # Returns whether or not automatic compaction has been enabled. +- # +- def self.auto_compact +- Primitive.gc_get_auto_compact +- end +- +- # call-seq: +- # GC.auto_compact = flag +- # +- # Updates automatic compaction mode. +- # +- # When enabled, the compactor will execute on every major collection. +- # +- # Enabling compaction will degrade performance on major collections. +- def self.auto_compact=(flag) +- Primitive.gc_set_auto_compact(flag) +- end +- + # call-seq: + # GC.enable -> true or false + # +@@ -210,53 +189,6 @@ def self.latest_gc_info hash_or_key = nil + Primitive.gc_latest_gc_info hash_or_key + end + +- # call-seq: +- # GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}} +- # +- # Returns information about object moved in the most recent GC compaction. +- # +- # The returned hash has two keys :considered and :moved. The hash for +- # :considered lists the number of objects that were considered for movement +- # by the compactor, and the :moved hash lists the number of objects that +- # were actually moved. Some objects can't be moved (maybe they were pinned) +- # so these numbers can be used to calculate compaction efficiency. +- def self.latest_compact_info +- Primitive.gc_compact_stats +- end +- +- # call-seq: +- # GC.compact +- # +- # This function compacts objects together in Ruby's heap. It eliminates +- # unused space (or fragmentation) in the heap by moving objects in to that +- # unused space. This function returns a hash which contains statistics about +- # which objects were moved. See `GC.latest_gc_info` for details about +- # compaction statistics. +- # +- # This method is implementation specific and not expected to be implemented +- # in any implementation besides MRI. +- def self.compact +- Primitive.gc_compact +- end +- +- # call-seq: +- # GC.verify_compaction_references(toward: nil, double_heap: false) -> hash +- # +- # Verify compaction reference consistency. +- # +- # This method is implementation specific. During compaction, objects that +- # were moved are replaced with T_MOVED objects. No object should have a +- # reference to a T_MOVED object after compaction. +- # +- # This function doubles the heap to ensure room to move all objects, +- # compacts the heap to make sure everything moves, updates all references, +- # then performs a full GC. If any object contains a reference to a T_MOVED +- # object, that object should be pushed on the mark stack, and will +- # make a SEGV. +- def self.verify_compaction_references(toward: nil, double_heap: false) +- Primitive.gc_verify_compaction_references(double_heap, toward == :empty) +- end +- + # call-seq: + # GC.using_rvargc? -> true or false + # + +From d3273559356db6852d1fd794f0f076fba100e09e Mon Sep 17 00:00:00 2001 +From: Mike Dalessio +Date: Mon, 23 May 2022 17:31:14 -0400 +Subject: [PATCH 2/2] Define unsupported GC compaction methods as + rb_f_notimplement + +Fixes [Bug #18779] + +Define the following methods as `rb_f_notimplement` on unsupported +platforms: + +- GC.compact +- GC.auto_compact +- GC.auto_compact= +- GC.latest_compact_info +- GC.verify_compaction_references + +This change allows users to call `GC.respond_to?(:compact)` to +properly test for compaction support. Previously, it was necessary to +invoke `GC.compact` or `GC.verify_compaction_references` and check if +those methods raised `NotImplementedError` to determine if compaction +was supported. + +This follows the precedent set for other platform-specific +methods. For example, in `process.c` for methods such as +`Process.fork`, `Process.setpgid`, and `Process.getpriority`. +--- + gc.c | 31 +++++++++++++++---- + test/ruby/test_gc_compact.rb | 58 ++++++++++++++++++++++++++---------- + 2 files changed, 69 insertions(+), 20 deletions(-) + +diff --git a/gc.c b/gc.c +index 92ed76cf96..d71924846a 100644 +--- a/gc.c ++++ b/gc.c +@@ -9439,6 +9439,7 @@ gc_move(rb_objspace_t *objspace, VALUE scan, VALUE free, size_t slot_size) + return (VALUE)src; + } + ++#if GC_COMPACTION_SUPPORTED + static int + compare_free_slots(const void *left, const void *right, void *dummy) + { +@@ -9486,6 +9487,7 @@ gc_sort_heap_by_empty_slots(rb_objspace_t *objspace) + free(page_list); + } + } ++#endif + + static void + gc_ref_update_array(rb_objspace_t * objspace, VALUE v) +@@ -10165,6 +10167,7 @@ gc_update_references(rb_objspace_t *objspace) + gc_update_table_refs(objspace, finalizer_table); + } + ++#if GC_COMPACTION_SUPPORTED + /* + * call-seq: + * GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}} +@@ -10201,7 +10204,11 @@ gc_compact_stats(VALUE self) + + return h; + } ++#else ++# define gc_compact_stats rb_f_notimplement ++#endif + ++#if GC_COMPACTION_SUPPORTED + static void + root_obj_check_moved_i(const char *category, VALUE obj, void *data) + { +@@ -10263,6 +10270,10 @@ heap_check_moved_i(void *vstart, void *vend, size_t stride, void *data) + * + * This method is implementation specific and not expected to be implemented + * in any implementation besides MRI. ++ * ++ * To test whether GC compaction is supported, use the idiom: ++ * ++ * GC.respond_to?(:compact) + */ + static VALUE + gc_compact(VALUE self) +@@ -10272,7 +10283,11 @@ gc_compact(VALUE self) + + return gc_compact_stats(self); + } ++#else ++# define gc_compact rb_f_notimplement ++#endif + ++#if GC_COMPACTION_SUPPORTED + /* + * call-seq: + * GC.verify_compaction_references(toward: nil, double_heap: false) -> hash +@@ -10341,6 +10356,9 @@ gc_verify_compaction_references(int argc, VALUE *argv, VALUE self) + + return gc_compact_stats(self); + } ++#else ++# define gc_verify_compaction_references rb_f_notimplement ++#endif + + VALUE + rb_gc_start(void) +@@ -10800,6 +10818,7 @@ gc_disable(rb_execution_context_t *ec, VALUE _) + return rb_gc_disable(); + } + ++#if GC_COMPACTION_SUPPORTED + /* + * call-seq: + * GC.auto_compact = flag +@@ -10815,16 +10834,15 @@ gc_set_auto_compact(VALUE _, VALUE v) + { + /* If not MinGW, Windows, or does not have mmap, we cannot use mprotect for + * the read barrier, so we must disable automatic compaction. */ +-#if !defined(__MINGW32__) && !defined(_WIN32) +- if (!USE_MMAP_ALIGNED_ALLOC) { +- rb_raise(rb_eNotImpError, "Automatic compaction isn't available on this platform"); +- } +-#endif + + ruby_enable_autocompact = RTEST(v); + return v; + } ++#else ++# define gc_set_auto_compact rb_f_notimplement ++#endif + ++#if GC_COMPACTION_SUPPORTED + /* + * call-seq: + * GC.auto_compact -> true or false +@@ -10836,6 +10854,9 @@ gc_get_auto_compact(VALUE _) + { + return RBOOL(ruby_enable_autocompact); + } ++#else ++# define gc_get_auto_compact rb_f_notimplement ++#endif + + static int + get_envparam_size(const char *name, size_t *default_value, size_t lower_bound) diff --git a/test/ruby/test_gc_compact.rb b/test/ruby/test_gc_compact.rb index 42ad028530..411d5eab69 100644 --- a/test/ruby/test_gc_compact.rb @@ -314,89 +500,3 @@ index 42ad028530..411d5eab69 100644 end def test_gc_compact_stats -diff --git a/gc.rb b/gc.rb -index 72637f3796..9265dd7b57 100644 ---- a/gc.rb -+++ b/gc.rb -@@ -38,27 +38,6 @@ def garbage_collect full_mark: true, immediate_mark: true, immediate_sweep: true - Primitive.gc_start_internal full_mark, immediate_mark, immediate_sweep, false - end - -- # call-seq: -- # GC.auto_compact -> true or false -- # -- # Returns whether or not automatic compaction has been enabled. -- # -- def self.auto_compact -- Primitive.gc_get_auto_compact -- end -- -- # call-seq: -- # GC.auto_compact = flag -- # -- # Updates automatic compaction mode. -- # -- # When enabled, the compactor will execute on every major collection. -- # -- # Enabling compaction will degrade performance on major collections. -- def self.auto_compact=(flag) -- Primitive.gc_set_auto_compact(flag) -- end -- - # call-seq: - # GC.enable -> true or false - # -@@ -210,53 +189,6 @@ def self.latest_gc_info hash_or_key = nil - Primitive.gc_latest_gc_info hash_or_key - end - -- # call-seq: -- # GC.latest_compact_info -> {:considered=>{:T_CLASS=>11}, :moved=>{:T_CLASS=>11}} -- # -- # Returns information about object moved in the most recent GC compaction. -- # -- # The returned hash has two keys :considered and :moved. The hash for -- # :considered lists the number of objects that were considered for movement -- # by the compactor, and the :moved hash lists the number of objects that -- # were actually moved. Some objects can't be moved (maybe they were pinned) -- # so these numbers can be used to calculate compaction efficiency. -- def self.latest_compact_info -- Primitive.gc_compact_stats -- end -- -- # call-seq: -- # GC.compact -- # -- # This function compacts objects together in Ruby's heap. It eliminates -- # unused space (or fragmentation) in the heap by moving objects in to that -- # unused space. This function returns a hash which contains statistics about -- # which objects were moved. See `GC.latest_gc_info` for details about -- # compaction statistics. -- # -- # This method is implementation specific and not expected to be implemented -- # in any implementation besides MRI. -- def self.compact -- Primitive.gc_compact -- end -- -- # call-seq: -- # GC.verify_compaction_references(toward: nil, double_heap: false) -> hash -- # -- # Verify compaction reference consistency. -- # -- # This method is implementation specific. During compaction, objects that -- # were moved are replaced with T_MOVED objects. No object should have a -- # reference to a T_MOVED object after compaction. -- # -- # This function doubles the heap to ensure room to move all objects, -- # compacts the heap to make sure everything moves, updates all references, -- # then performs a full GC. If any object contains a reference to a T_MOVED -- # object, that object should be pushed on the mark stack, and will -- # make a SEGV. -- def self.verify_compaction_references(toward: nil, double_heap: false) -- Primitive.gc_verify_compaction_references(double_heap, toward == :empty) -- end -- - # call-seq: - # GC.using_rvargc? -> true or false - # diff --git a/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch b/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch index 240cc9c..654c54c 100644 --- a/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch +++ b/SOURCES/ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch @@ -1,5 +1,5 @@ ---- ruby-3.1.2/gc.rbinc 2022-04-12 13:11:17.000000000 +0200 -+++ ruby/gc.rbinc 2022-06-08 12:49:16.288024971 +0200 +--- ruby-3.1.3/gc.rbinc 2022-11-24 11:20:33.000000000 +0100 ++++ ruby/gc.rbinc 2022-11-25 11:50:19.939820992 +0100 @@ -9,27 +9,27 @@ #include "builtin.h" /* for RB_BUILTIN_FUNCTION */ struct rb_execution_context_struct; /* in vm_core.h */ @@ -218,8 +218,8 @@ COMPILER_WARNING_POP // load ---- ruby-3.1.2/miniprelude.c 2022-04-12 13:11:17.000000000 +0200 -+++ ruby/miniprelude.c 2022-06-08 12:49:16.377024871 +0200 +--- ruby-3.1.3/miniprelude.c 2022-11-24 11:20:33.000000000 +0100 ++++ ruby/miniprelude.c 2022-11-25 11:50:20.012820803 +0100 @@ -545,11 +545,10 @@ static const char prelude_name2[] = ""; @@ -446,57 +446,57 @@ }; static const char prelude_name11[] = ""; -@@ -3305,7 +3234,7 @@ +@@ -3309,7 +3238,7 @@ " }\n" " end\n" "end\n" --#line 3309 "miniprelude.c" -+#line 3238 "miniprelude.c" +-#line 3313 "miniprelude.c" ++#line 3242 "miniprelude.c" }; static const char prelude_name12[] = ""; -@@ -3628,7 +3557,7 @@ +@@ -3632,7 +3561,7 @@ " Primitive.time_init_args(year, mon, mday, hour, min, sec, zone)\n" " end\n" "end\n" --#line 3632 "miniprelude.c" -+#line 3561 "miniprelude.c" +-#line 3636 "miniprelude.c" ++#line 3565 "miniprelude.c" }; static const char prelude_name13[] = ""; -@@ -3661,7 +3590,7 @@ +@@ -3665,7 +3594,7 @@ " return 0.0\n" " end\n" "end\n" --#line 3665 "miniprelude.c" -+#line 3594 "miniprelude.c" +-#line 3669 "miniprelude.c" ++#line 3598 "miniprelude.c" }; static const char prelude_name14[] = ""; -@@ -3691,7 +3620,7 @@ +@@ -3695,7 +3624,7 @@ "\n" " private :pp\n" "end\n" --#line 3695 "miniprelude.c" -+#line 3624 "miniprelude.c" +-#line 3699 "miniprelude.c" ++#line 3628 "miniprelude.c" }; static const char prelude_name15[] = ""; -@@ -3718,7 +3647,7 @@ +@@ -3722,7 +3651,7 @@ "rescue LoadError\n" " warn \"`did_you_mean' was not loaded.\"\n" "end if defined?(DidYouMean)\n" --#line 3722 "miniprelude.c" -+#line 3651 "miniprelude.c" +-#line 3726 "miniprelude.c" ++#line 3655 "miniprelude.c" }; static const char prelude_name16[] = ""; -@@ -4059,7 +3988,7 @@ +@@ -4063,7 +3992,7 @@ " end\n" " end\n" "end\n" --#line 4063 "miniprelude.c" -+#line 3992 "miniprelude.c" +-#line 4067 "miniprelude.c" ++#line 3996 "miniprelude.c" }; COMPILER_WARNING_POP diff --git a/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch b/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch new file mode 100644 index 0000000..7f66fa1 --- /dev/null +++ b/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch @@ -0,0 +1,32 @@ +From f0b254f1f6610294821bbfc06b414d2af452db5b Mon Sep 17 00:00:00 2001 +From: Jun Aruga +Date: Thu, 13 Apr 2023 17:28:27 +0200 +Subject: [PATCH] [ruby/openssl] Drop a common logic disabling the FIPS mode in + the tests. + +We want to run the unit tests in the FIPS mode too. + +https://github.com/ruby/openssl/commit/ab92baff34 +--- + test/openssl/utils.rb | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb +index 4ebcb9837b..8a0be0d154 100644 +--- a/test/openssl/utils.rb ++++ b/test/openssl/utils.rb +@@ -1,11 +1,6 @@ + # frozen_string_literal: true + begin + require "openssl" +- +- # Disable FIPS mode for tests for installations +- # where FIPS mode would be enabled by default. +- # Has no effect on all other installations. +- OpenSSL.fips_mode=false + rescue LoadError + end + +-- +2.41.0 + diff --git a/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch b/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch new file mode 100644 index 0000000..156cf88 --- /dev/null +++ b/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch @@ -0,0 +1,73 @@ +From b6d7cdc2bad0eadbca73f3486917f0ec7a475814 Mon Sep 17 00:00:00 2001 +From: Kazuki Yamaguchi +Date: Tue, 29 Aug 2023 19:46:02 +0900 +Subject: [PATCH] [ruby/openssl] ssl: use ffdhe2048 from RFC 7919 as the + default DH group parameters + +In TLS 1.2 or before, if DH group parameters for DHE are not supplied +with SSLContext#tmp_dh= or #tmp_dh_callback=, we currently use the +self-generated parameters added in commit https://github.com/ruby/openssl/commit/bb3399a61c03 ("support 2048 +bit length DH-key", 2016-01-15) as the fallback. + +While there is no known weakness in the current parameters, it would be +a good idea to switch to pre-defined, more well audited parameters. + +This also allows the fallback to work in the FIPS mode. + +The PEM encoding was derived with: + + # RFC 7919 Appendix A.1. ffdhe2048 + print OpenSSL::PKey.read(OpenSSL::ASN1::Sequence([OpenSSL::ASN1::Integer((<<-END).split.join.to_i(16)), OpenSSL::ASN1::Integer(2)]).to_der).to_pem + FFFFFFFF FFFFFFFF ADF85458 A2BB4A9A AFDC5620 273D3CF1 + D8B9C583 CE2D3695 A9E13641 146433FB CC939DCE 249B3EF9 + 7D2FE363 630C75D8 F681B202 AEC4617A D3DF1ED5 D5FD6561 + 2433F51F 5F066ED0 85636555 3DED1AF3 B557135E 7F57C935 + 984F0C70 E0E68B77 E2A689DA F3EFE872 1DF158A1 36ADE735 + 30ACCA4F 483A797A BC0AB182 B324FB61 D108A94B B2C8E3FB + B96ADAB7 60D7F468 1D4F42A3 DE394DF4 AE56EDE7 6372BB19 + 0B07A7C8 EE0A6D70 9E02FCE1 CDF7E2EC C03404CD 28342F61 + 9172FE9C E98583FF 8E4F1232 EEF28183 C3FE3B1B 4C6FAD73 + 3BB5FCBC 2EC22005 C58EF183 7D1683B2 C6F34A26 C1B2EFFA + 886B4238 61285C97 FFFFFFFF FFFFFFFF + END + +https://github.com/ruby/openssl/commit/a5527cb4f4 +--- + ext/openssl/lib/openssl/ssl.rb | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/ext/openssl/lib/openssl/ssl.rb b/ext/openssl/lib/openssl/ssl.rb +index ea8bb2a18e533..94be6ba80b894 100644 +--- a/ext/openssl/lib/openssl/ssl.rb ++++ b/ext/openssl/lib/openssl/ssl.rb +@@ -31,21 +31,21 @@ class SSLContext + } + + if defined?(OpenSSL::PKey::DH) +- DEFAULT_2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_ ++ DH_ffdhe2048 = OpenSSL::PKey::DH.new <<-_end_of_pem_ + -----BEGIN DH PARAMETERS----- +-MIIBCAKCAQEA7E6kBrYiyvmKAMzQ7i8WvwVk9Y/+f8S7sCTN712KkK3cqd1jhJDY +-JbrYeNV3kUIKhPxWHhObHKpD1R84UpL+s2b55+iMd6GmL7OYmNIT/FccKhTcveab +-VBmZT86BZKYyf45hUF9FOuUM9xPzuK3Vd8oJQvfYMCd7LPC0taAEljQLR4Edf8E6 +-YoaOffgTf5qxiwkjnlVZQc3whgnEt9FpVMvQ9eknyeGB5KHfayAc3+hUAvI3/Cr3 +-1bNveX5wInh5GDx1FGhKBZ+s1H+aedudCm7sCgRwv8lKWYGiHzObSma8A86KG+MD +-7Lo5JquQ3DlBodj3IDyPrxIv96lvRPFtAwIBAg== ++MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a ++87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 ++YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi ++7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ++ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== + -----END DH PARAMETERS----- + _end_of_pem_ +- private_constant :DEFAULT_2048 ++ private_constant :DH_ffdhe2048 + + DEFAULT_TMP_DH_CALLBACK = lambda { |ctx, is_export, keylen| # :nodoc: + warn "using default DH parameters." if $VERBOSE +- DEFAULT_2048 ++ DH_ffdhe2048 + } + end + diff --git a/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch b/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch new file mode 100644 index 0000000..6b79156 --- /dev/null +++ b/SOURCES/ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch @@ -0,0 +1,188 @@ +From 114140236e1835c60a9697f7b89b818c1cbb9350 Mon Sep 17 00:00:00 2001 +From: Jun Aruga +Date: Wed, 12 Apr 2023 17:15:21 +0200 +Subject: [PATCH] Fix OpenSSL::PKey.read in OpenSSL 3 FIPS module. + +This is a combination of the following 2 commits. Because the combined patch is +easy to merge. + +This is the 1st commit message: + +[ruby/openssl] Workaround: Fix OpenSSL::PKey.read that cannot parse PKey in the FIPS mode. + +This commit is a workaround to avoid the error below that the +`OpenSSL::PKey.read` fails with the OpenSSL 3.0 FIPS mode. + +``` +$ openssl genrsa -out key.pem 4096 + +$ ruby -e "require 'openssl'; OpenSSL::PKey.read(File.read('key.pem'))" +-e:1:in `read': Could not parse PKey (OpenSSL::PKey::PKeyError) + from -e:1:in `
' +``` + +The root cause is on the OpenSSL side. The `OSSL_DECODER_CTX_set_selection` +doesn't apply the selection value properly if there are multiple providers, and +a provider (e.g. "base" provider) handles the decoder implementation, and +another provider (e.g. "fips" provider) handles the keys. + +The workaround is to create `OSSL_DECODER_CTX` variable each time without using +the `OSSL_DECODER_CTX_set_selection`. + +https://github.com/ruby/openssl/commit/5ff4a31621 + +This is the commit message #2: + +[ruby/openssl] ossl_pkey.c: Workaround: Decode with non-zero selections. + +This is a workaround for the decoding issue in ossl_pkey_read_generic(). +The issue happens in the case that a key management provider is different from +a decoding provider. + +Try all the non-zero selections in order, instead of selection 0 for OpenSSL 3 +to avoid the issue. + +https://github.com/ruby/openssl/commit/db688fa739 +--- + ext/openssl/ossl_pkey.c | 103 ++++++++++++++++++++++++---------------- + 1 file changed, 63 insertions(+), 40 deletions(-) + +diff --git a/ext/openssl/ossl_pkey.c b/ext/openssl/ossl_pkey.c +index ee143d66ee..51ee0bacba 100644 +--- a/ext/openssl/ossl_pkey.c ++++ b/ext/openssl/ossl_pkey.c +@@ -82,31 +82,62 @@ ossl_pkey_new(EVP_PKEY *pkey) + #if OSSL_OPENSSL_PREREQ(3, 0, 0) + # include + +-EVP_PKEY * +-ossl_pkey_read_generic(BIO *bio, VALUE pass) ++static EVP_PKEY * ++ossl_pkey_read(BIO *bio, const char *input_type, int selection, VALUE pass) + { + void *ppass = (void *)pass; + OSSL_DECODER_CTX *dctx; + EVP_PKEY *pkey = NULL; + int pos = 0, pos2; + +- dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, NULL, 0, NULL, NULL); ++ dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, input_type, NULL, NULL, ++ selection, NULL, NULL); + if (!dctx) + goto out; +- if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb, ppass) != 1) +- goto out; +- +- /* First check DER */ +- if (OSSL_DECODER_from_bio(dctx, bio) == 1) ++ if (OSSL_DECODER_CTX_set_pem_password_cb(dctx, ossl_pem_passwd_cb, ++ ppass) != 1) + goto out; ++ while (1) { ++ if (OSSL_DECODER_from_bio(dctx, bio) == 1) ++ goto out; ++ if (BIO_eof(bio)) ++ break; ++ pos2 = BIO_tell(bio); ++ if (pos2 < 0 || pos2 <= pos) ++ break; ++ ossl_clear_error(); ++ pos = pos2; ++ } ++ out: + OSSL_BIO_reset(bio); ++ OSSL_DECODER_CTX_free(dctx); ++ return pkey; ++} + +- /* Then check PEM; multiple OSSL_DECODER_from_bio() calls may be needed */ +- if (OSSL_DECODER_CTX_set_input_type(dctx, "PEM") != 1) +- goto out; ++EVP_PKEY * ++ossl_pkey_read_generic(BIO *bio, VALUE pass) ++{ ++ EVP_PKEY *pkey = NULL; ++ /* First check DER, then check PEM. */ ++ const char *input_types[] = {"DER", "PEM"}; ++ int input_type_num = (int)(sizeof(input_types) / sizeof(char *)); + /* +- * First check for private key formats. This is to keep compatibility with +- * ruby/openssl < 3.0 which decoded the following as a private key. ++ * Non-zero selections to try to decode. ++ * ++ * See EVP_PKEY_fromdata(3) - Selections to see all the selections. ++ * ++ * This is a workaround for the decoder failing to decode or returning ++ * bogus keys with selection 0, if a key management provider is different ++ * from a decoder provider. The workaround is to avoid using selection 0. ++ * ++ * Affected OpenSSL versions: >= 3.1.0, <= 3.1.2, or >= 3.0.0, <= 3.0.10 ++ * Fixed OpenSSL versions: 3.2, next release of the 3.1.z and 3.0.z ++ * ++ * See https://github.com/openssl/openssl/pull/21519 for details. ++ * ++ * First check for private key formats (EVP_PKEY_KEYPAIR). This is to keep ++ * compatibility with ruby/openssl < 3.0 which decoded the following as a ++ * private key. + * + * $ openssl ecparam -name prime256v1 -genkey -outform PEM + * -----BEGIN EC PARAMETERS----- +@@ -124,36 +155,28 @@ ossl_pkey_read_generic(BIO *bio, VALUE pass) + * + * Note that normally, the input is supposed to contain a single decodable + * PEM block only, so this special handling should not create a new problem. ++ * ++ * Note that we need to create the OSSL_DECODER_CTX variable each time when ++ * we use the different selection as a workaround. ++ * See https://github.com/openssl/openssl/issues/20657 for details. + */ +- OSSL_DECODER_CTX_set_selection(dctx, EVP_PKEY_KEYPAIR); +- while (1) { +- if (OSSL_DECODER_from_bio(dctx, bio) == 1) +- goto out; +- if (BIO_eof(bio)) +- break; +- pos2 = BIO_tell(bio); +- if (pos2 < 0 || pos2 <= pos) +- break; +- ossl_clear_error(); +- pos = pos2; +- } +- +- OSSL_BIO_reset(bio); +- OSSL_DECODER_CTX_set_selection(dctx, 0); +- while (1) { +- if (OSSL_DECODER_from_bio(dctx, bio) == 1) +- goto out; +- if (BIO_eof(bio)) +- break; +- pos2 = BIO_tell(bio); +- if (pos2 < 0 || pos2 <= pos) +- break; +- ossl_clear_error(); +- pos = pos2; ++ int selections[] = { ++ EVP_PKEY_KEYPAIR, ++ EVP_PKEY_KEY_PARAMETERS, ++ EVP_PKEY_PUBLIC_KEY ++ }; ++ int selection_num = (int)(sizeof(selections) / sizeof(int)); ++ int i, j; ++ ++ for (i = 0; i < input_type_num; i++) { ++ for (j = 0; j < selection_num; j++) { ++ pkey = ossl_pkey_read(bio, input_types[i], selections[j], pass); ++ if (pkey) { ++ goto out; ++ } ++ } + } +- + out: +- OSSL_DECODER_CTX_free(dctx); + return pkey; + } + #else +-- +2.41.0 + diff --git a/SOURCES/ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch b/SOURCES/ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch new file mode 100644 index 0000000..ab6a777 --- /dev/null +++ b/SOURCES/ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch @@ -0,0 +1,142 @@ +From 29920ec109751459a65c6478525f2e59c644891f Mon Sep 17 00:00:00 2001 +From: Jun Aruga +Date: Thu, 16 Mar 2023 21:36:43 +0100 +Subject: [PATCH] [ruby/openssl] Implement FIPS functions on OpenSSL 3. + +This commit is to implement the `OpenSSL::OPENSSL_FIPS`, `ossl_fips_mode_get` +and `ossl_fips_mode_set` to pass the test `test/openssl/test_fips.rb`. + +It seems that the `OPENSSL_FIPS` macro is not used on the FIPS mode case any +more, and some FIPS related APIs also were removed in OpenSSL 3. + +See the document +the section OPENSSL 3.0 > Main Changes from OpenSSL 1.1.1 > +Other notable deprecations and changes - Removed FIPS_mode() and FIPS_mode_set() . + +The `OpenSSL::OPENSSL_FIPS` returns always true in OpenSSL 3 because the used +functions `EVP_default_properties_enable_fips` and `EVP_default_properties_is_fips_enabled` +works with the OpenSSL installed without FIPS option. + +The `TEST_RUBY_OPENSSL_FIPS_ENABLED` is set on the FIPS mode case on the CI. +Because I want to test that the `OpenSSL.fips_mode` returns the `true` or +'false' surely in the CI. You can test the FIPS mode case by setting +`TEST_RUBY_OPENSSL_FIPS_ENABLED` on local too. Right now I don't find a better +way to get the status of the FIPS mode enabled or disabled for this purpose. I +am afraid of the possibility that the FIPS test case is unintentionally skipped. + +I also replaced the ambiguous "returns" with "should return" in the tests. + +https://github.com/ruby/openssl/commit/c5b2bc1268 +--- + ext/openssl/ossl.c | 25 +++++++++++++++++++++---- + test/openssl/test_fips.rb | 32 ++++++++++++++++++++++++++++---- + 2 files changed, 49 insertions(+), 8 deletions(-) + +diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c +index 6c532aca94..fcf3744c65 100644 +--- a/ext/openssl/ossl.c ++++ b/ext/openssl/ossl.c +@@ -418,7 +418,11 @@ static VALUE + ossl_fips_mode_get(VALUE self) + { + +-#ifdef OPENSSL_FIPS ++#if OSSL_OPENSSL_PREREQ(3, 0, 0) ++ VALUE enabled; ++ enabled = EVP_default_properties_is_fips_enabled(NULL) ? Qtrue : Qfalse; ++ return enabled; ++#elif OPENSSL_FIPS + VALUE enabled; + enabled = FIPS_mode() ? Qtrue : Qfalse; + return enabled; +@@ -442,8 +446,18 @@ ossl_fips_mode_get(VALUE self) + static VALUE + ossl_fips_mode_set(VALUE self, VALUE enabled) + { +- +-#ifdef OPENSSL_FIPS ++#if OSSL_OPENSSL_PREREQ(3, 0, 0) ++ if (RTEST(enabled)) { ++ if (!EVP_default_properties_enable_fips(NULL, 1)) { ++ ossl_raise(eOSSLError, "Turning on FIPS mode failed"); ++ } ++ } else { ++ if (!EVP_default_properties_enable_fips(NULL, 0)) { ++ ossl_raise(eOSSLError, "Turning off FIPS mode failed"); ++ } ++ } ++ return enabled; ++#elif OPENSSL_FIPS + if (RTEST(enabled)) { + int mode = FIPS_mode(); + if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */ +@@ -1198,7 +1212,10 @@ Init_openssl(void) + * Boolean indicating whether OpenSSL is FIPS-capable or not + */ + rb_define_const(mOSSL, "OPENSSL_FIPS", +-#ifdef OPENSSL_FIPS ++/* OpenSSL 3 is FIPS-capable even when it is installed without fips option */ ++#if OSSL_OPENSSL_PREREQ(3, 0, 0) ++ Qtrue ++#elif OPENSSL_FIPS + Qtrue + #else + Qfalse +diff --git a/test/openssl/test_fips.rb b/test/openssl/test_fips.rb +index 8cd474f9a3..56a12a94ce 100644 +--- a/test/openssl/test_fips.rb ++++ b/test/openssl/test_fips.rb +@@ -4,22 +4,46 @@ + if defined?(OpenSSL) + + class OpenSSL::TestFIPS < OpenSSL::TestCase ++ def test_fips_mode_get_is_true_on_fips_mode_enabled ++ unless ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"] ++ omit "Only for FIPS mode environment" ++ end ++ ++ assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;") ++ assert OpenSSL.fips_mode == true, ".fips_mode should return true on FIPS mode enabled" ++ end; ++ end ++ ++ def test_fips_mode_get_is_false_on_fips_mode_disabled ++ if ENV["TEST_RUBY_OPENSSL_FIPS_ENABLED"] ++ omit "Only for non-FIPS mode environment" ++ end ++ ++ assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;") ++ message = ".fips_mode should return false on FIPS mode disabled. " \ ++ "If you run the test on FIPS mode, please set " \ ++ "TEST_RUBY_OPENSSL_FIPS_ENABLED=true" ++ assert OpenSSL.fips_mode == false, message ++ end; ++ end ++ + def test_fips_mode_is_reentrant + OpenSSL.fips_mode = false + OpenSSL.fips_mode = false + end + +- def test_fips_mode_get +- return unless OpenSSL::OPENSSL_FIPS ++ def test_fips_mode_get_with_fips_mode_set ++ omit('OpenSSL is not FIPS-capable') unless OpenSSL::OPENSSL_FIPS ++ + assert_separately([{ "OSSL_MDEBUG" => nil }, "-ropenssl"], <<~"end;") + require #{__FILE__.dump} + + begin + OpenSSL.fips_mode = true +- assert OpenSSL.fips_mode == true, ".fips_mode returns true when .fips_mode=true" ++ assert OpenSSL.fips_mode == true, ".fips_mode should return true when .fips_mode=true" + + OpenSSL.fips_mode = false +- assert OpenSSL.fips_mode == false, ".fips_mode returns false when .fips_mode=false" ++ assert OpenSSL.fips_mode == false, ".fips_mode should return false when .fips_mode=false" + rescue OpenSSL::OpenSSLError + pend "Could not set FIPS mode (OpenSSL::OpenSSLError: \#$!); skipping" + end +-- +2.41.0 + diff --git a/SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch b/SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch new file mode 100644 index 0000000..34a18e0 --- /dev/null +++ b/SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch @@ -0,0 +1,256 @@ +From d3933fc753187a055a4904af82f5f3794c88c416 Mon Sep 17 00:00:00 2001 +From: Sorah Fukumori +Date: Mon, 1 Jan 2024 20:45:54 +0900 +Subject: [PATCH] [ruby/net-http] Renew test certificates + +The private key is replaced with a public known test key published at +[RFC 9500]. + +Also lifetime has been extended to 10 years from 4 years. + +[RFC 9500]: https://www.rfc-editor.org/rfc/rfc9500.html + +https://github.com/ruby/net-http/commit/4ab6c4a500 +--- + test/net/fixtures/Makefile | 6 +-- + test/net/fixtures/cacert.pem | 44 ++++++++-------- + test/net/fixtures/server.crt | 99 +++++++----------------------------- + test/net/fixtures/server.key | 55 ++++++++++---------- + 4 files changed, 71 insertions(+), 133 deletions(-) + +diff --git a/test/net/fixtures/Makefile b/test/net/fixtures/Makefile +index b2bc9c7368ee2..88c232e3b6c16 100644 +--- a/test/net/fixtures/Makefile ++++ b/test/net/fixtures/Makefile +@@ -5,11 +5,11 @@ regen_certs: + make server.crt + + cacert.pem: server.key +- openssl req -new -x509 -days 1825 -key server.key -out cacert.pem -text -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" ++ openssl req -new -x509 -days 3650 -key server.key -out cacert.pem -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" + + server.csr: +- openssl req -new -key server.key -out server.csr -text -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" ++ openssl req -new -key server.key -out server.csr -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" + + server.crt: server.csr cacert.pem +- openssl x509 -days 1825 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -text -out server.crt ++ openssl x509 -days 3650 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -out server.crt + rm server.csr +diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem +index f623bd62ed375..24c83f1c65225 100644 +--- a/test/net/fixtures/cacert.pem ++++ b/test/net/fixtures/cacert.pem +@@ -1,24 +1,24 @@ + -----BEGIN CERTIFICATE----- +-MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD +-VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex +-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy +-MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM +-B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv +-cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz +-ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +-CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV +-SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI +-3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d +-BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L +-2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R +-WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9 +-I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw +-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA +-of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q +-aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS +-2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee +-uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s +-K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+ +-mA== ++MIID+zCCAuOgAwIBAgIUGMvHl3EhtKPKcgc3NQSAYfFuC+8wDQYJKoZIhvcNAQEL ++BQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRQwEgYDVQQHDAtN ++YXR6LWUgY2l0eTEXMBUGA1UECgwOUnVieSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1 ++YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAcnVieS1sYW5nLm9y ++ZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEyMjkxMTQ3MjNaMIGMMQswCQYDVQQGEwJK ++UDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkxFzAVBgNV ++BAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0ExJTAjBgkq ++hkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqGSIb3DQEB ++AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI +++1GSqyi1bFBgsRjM0THllIdMbKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0f ++qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0 ++yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe ++NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1 ++JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjUzBRMB0GA1Ud ++DgQWBBSJGVleDvFp9cu9R+E0/OKYzGkwkTAfBgNVHSMEGDAWgBSJGVleDvFp9cu9 ++R+E0/OKYzGkwkTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl ++8GLB8skAWlkSw/FwbUmEV3zyqu+p7PNP5YIYoZs0D74e7yVulGQ6PKMZH5hrZmHo ++orFSQU+VUUirG8nDGj7Rzce8WeWBxsaDGC8CE2dq6nC6LuUwtbdMnBrH0LRWAz48 ++jGFF3jHtVz8VsGfoZTZCjukWqNXvU6hETT9GsfU+PZqbqcTVRPH52+XgYayKdIbD ++r97RM4X3+aXBHcUW0b76eyyi65RR/Xtvn8ioZt2AdX7T2tZzJyXJN3Hupp77s6Ui ++AZR35SToHCZeTZD12YBvLBdaTPLZN7O/Q/aAO9ZiJaZ7SbFOjz813B2hxXab4Fob ++2uJX6eMWTVxYK5D4M9lm + -----END CERTIFICATE----- +diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt +index 5ca78a6d146a0..5d2923795dabc 100644 +--- a/test/net/fixtures/server.crt ++++ b/test/net/fixtures/server.crt +@@ -1,82 +1,21 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 2 (0x2) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org +- Validity +- Not Before: Jan 2 03:27:13 2019 GMT +- Not After : Jan 1 03:27:13 2024 GMT +- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- Public-Key: (2048 bit) +- Modulus: +- 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07: +- 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48: +- e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57: +- 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67: +- cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1: +- 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7: +- bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc: +- 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1: +- 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9: +- 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19: +- 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04: +- 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3: +- 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4: +- de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d: +- 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc: +- e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d: +- 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10: +- 4f:41 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36 +- X509v3 Authority Key Identifier: +- keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 +- +- Signature Algorithm: sha256WithRSAEncryption +- 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c: +- ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35: +- 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51: +- fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a: +- 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a: +- 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15: +- 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64: +- 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62: +- d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab: +- 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d: +- 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2: +- 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff: +- 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf: +- da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69: +- fd:be:bd:6e + -----BEGIN CERTIFICATE----- +-MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx +-EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK +-DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI +-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX +-DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ +-BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +-AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ +-zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj +-VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ +-wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r +-sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d +-dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +-AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o +-wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N +-+J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ +-y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW +-EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL +-Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1 +-oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j +-28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u ++MIIDYTCCAkkCAQAwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD ++VQQIDAdTaGltYW5lMRQwEgYDVQQHDAtNYXR6LWUgY2l0eTEXMBUGA1UECgwOUnVi ++eSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ ++ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEy ++MjkxMTQ3MjNaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRcwFQYD ++VQQKDA5SdWJ5IENvcmUgVGVhbTESMBAGA1UECwwJUnVieSBUZXN0MRIwEAYDVQQD ++DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ ++Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ ++tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA ++aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a ++a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj ++702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G ++9zKyqGtGAWXAj1MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACtGNdj5TEtnJBYp ++M+LhBeU3oNteldfycEm993gJp6ghWZFg23oX8fVmyEeJr/3Ca9bAgDqg0t9a0npN ++oWKEY6wVKqcHgu3gSvThF5c9KhGbeDDmlTSVVNQmXWX0K2d4lS2cwZHH8mCm2mrY ++PDqlEkSc7k4qSiqigdS8i80Yk+lDXWsm8CjsiC93qaRM7DnS0WPQR0c16S95oM6G ++VklFKUSDAuFjw9aVWA/nahOucjn0w5fVW6lyIlkBslC1ChlaDgJmvhz+Ol3iMsE0 ++kAmFNu2KKPVrpMWaBID49QwQTDyhetNLaVVFM88iUdA9JDoVMEuP1mm39JqyzHTu ++uBrdP4Q= + -----END CERTIFICATE----- +diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key +index 7f2380e71e637..6a83d5bcf4a52 100644 +--- a/test/net/fixtures/server.key ++++ b/test/net/fixtures/server.key +@@ -1,28 +1,27 @@ +------BEGIN PRIVATE KEY----- +-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN +-XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU +-Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC +-6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE +-cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ +-n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u +-/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ +-DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho +-LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX +-QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej +-hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ +-1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt +-liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd +-U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc +-pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC +-A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1 +-ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs +-oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD +-gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ +-xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn +-kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ +-uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ +-y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ +-g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8 +-wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7 +-2whRF0FEjKA8ehrNhAq+VFfFNw== +------END PRIVATE KEY----- ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso ++tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE ++89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU ++l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s ++B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59 ++3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+ ++dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI ++FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J ++aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2 ++BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx ++IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/ ++fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u ++pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT ++Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl ++u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD ++fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X ++Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE ++k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo ++qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS ++CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ ++XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw ++AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r ++UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0 ++2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5 ++7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3 ++-----END RSA PRIVATE KEY----- diff --git a/SOURCES/ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch b/SOURCES/ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch deleted file mode 100644 index b208537..0000000 --- a/SOURCES/ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch +++ /dev/null @@ -1,31 +0,0 @@ -From bfa2f72cfa3bfde34049d26dcb24976316074ad7 Mon Sep 17 00:00:00 2001 -From: Jun Aruga -Date: Mon, 21 Mar 2022 15:36:51 +0100 -Subject: [PATCH] Fix a test for `bin/bundle update --bundler` to pass on - ruby/ruby. - -Consider the case that the latest Bundler version on RubyGems is higher than -the `system_bundler_version` (= `Bundler::VERSION`) in `make test-bundler` on -ruby/ruby. - -See . ---- - spec/bundler/commands/binstubs_spec.rb | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/spec/bundler/commands/binstubs_spec.rb b/spec/bundler/commands/binstubs_spec.rb -index 198226207bc..2634f43417c 100644 ---- a/spec/bundler/commands/binstubs_spec.rb -+++ b/spec/bundler/commands/binstubs_spec.rb -@@ -226,7 +226,10 @@ - - it "calls through to the latest bundler version" do - sys_exec "bin/bundle update --bundler", :env => { "DEBUG" => "1" } -- expect(out).to include %(Using bundler #{system_bundler_version}\n) -+ using_bundler_line = /Using bundler ([\w\.]+)\n/.match(out) -+ expect(using_bundler_line).to_not be_nil -+ latest_version = using_bundler_line[1] -+ expect(Gem::Version.new(latest_version)).to be >= Gem::Version.new(system_bundler_version) - end - - it "calls through to the explicit bundler version" do diff --git a/SOURCES/ruby-irb-1.4.1-drop-rdoc-hard-dep.patch b/SOURCES/ruby-irb-1.4.1-drop-rdoc-hard-dep.patch new file mode 100644 index 0000000..711c514 --- /dev/null +++ b/SOURCES/ruby-irb-1.4.1-drop-rdoc-hard-dep.patch @@ -0,0 +1,24 @@ +From 54c8df06ff9e161012f89d19a4e3aa2e0e37e1b0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?V=C3=ADt=20Ondruch?= +Date: Tue, 23 Aug 2022 10:41:28 +0200 +Subject: [PATCH] Drop hard dependency on RDoc. + +This has been introduced in 026700499dfd640b2072d7bf0370247a98d5ac40, +but it seems that this is just be mistake, otherwise the later handling +of `LoadError` would not be needed. +--- + lib/irb/input-method.rb | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/lib/irb/input-method.rb b/lib/irb/input-method.rb +index fd68239e..a8227caa 100644 +--- a/lib/irb/input-method.rb ++++ b/lib/irb/input-method.rb +@@ -14,7 +14,6 @@ + require_relative 'completion' + require 'io/console' + require 'reline' +-require 'rdoc' + + module IRB + STDIN_FILE_NAME = "(line)" # :nodoc: diff --git a/SOURCES/ruby-irb-1.4.1-set-rdoc-soft-dep.patch b/SOURCES/ruby-irb-1.4.1-set-rdoc-soft-dep.patch new file mode 100644 index 0000000..db8aba7 --- /dev/null +++ b/SOURCES/ruby-irb-1.4.1-set-rdoc-soft-dep.patch @@ -0,0 +1,35 @@ +From b24852058fc87c940252c8a711c60ae2eb298082 Mon Sep 17 00:00:00 2001 +From: Jun Aruga +Date: Thu, 25 Aug 2022 20:11:34 +0200 +Subject: [PATCH] Require RDoc in `input-method.rb` again in a limited scope. + +RDoc is implemented as soft dependency in IRB. See how the rdoc is required in +the files. I reverted the commit below. + +``` +$ grep -ril rdoc lib/ +lib/irb/cmd/help.rb +lib/irb/completion.rb +lib/irb/easter-egg.rb +lib/irb/input-method.rb +``` +--- + lib/irb/input-method.rb | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/lib/irb/input-method.rb b/lib/irb/input-method.rb +index a8227ca..b77fd32 100644 +--- a/lib/irb/input-method.rb ++++ b/lib/irb/input-method.rb +@@ -320,6 +320,11 @@ def auto_indent(&block) + [195, 164], # The "ä" that appears when Alt+d is pressed on xterm. + [226, 136, 130] # The "∂" that appears when Alt+d in pressed on iTerm2. + ] ++ begin ++ require 'rdoc' ++ rescue LoadError ++ return nil ++ end + + if just_cursor_moving and completion_journey_data.nil? + return nil diff --git a/SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch b/SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch new file mode 100644 index 0000000..e082682 --- /dev/null +++ b/SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch @@ -0,0 +1,72 @@ +diff --git a/bundler/spec/install/gemfile/specific_platform_spec.rb b/bundler/spec/install/gemfile/specific_platform_spec.rb +index a29446305..e35d8bc16 100644 +--- a/bundler/spec/install/gemfile/specific_platform_spec.rb ++++ b/bundler/spec/install/gemfile/specific_platform_spec.rb +@@ -104,40 +104,53 @@ + L + end + +- it "still installs the generic RUBY variant if necessary even when running on a legacy lockfile locked only to RUBY" do +- build_repo4 do +- build_gem "nokogiri", "1.3.10" +- build_gem "nokogiri", "1.3.10" do |s| +- s.platform = "arm64-darwin" +- s.required_ruby_version = "< #{Gem.ruby_version}" ++ context "when running on a legacy lockfile locked only to RUBY" do ++ around do |example| ++ build_repo4 do ++ build_gem "nokogiri", "1.3.10" ++ build_gem "nokogiri", "1.3.10" do |s| ++ s.platform = "arm64-darwin" ++ s.required_ruby_version = "< #{Gem.ruby_version}" ++ end ++ ++ build_gem "bundler", "2.1.4" + end + +- build_gem "bundler", "2.1.4" +- end +- +- gemfile <<~G ++ gemfile <<~G + source "#{file_uri_for(gem_repo4)}" ++ + gem "nokogiri" +- G ++ G + +- lockfile <<-L ++ lockfile <<-L + GEM + remote: #{file_uri_for(gem_repo4)}/ + specs: + nokogiri (1.3.10) ++ + PLATFORMS + ruby ++ + DEPENDENCIES + nokogiri ++ + RUBY VERSION + 2.5.3p105 ++ + BUNDLED WITH + 2.1.4 +- L ++ L + +- simulate_platform "arm64-darwin-22" do ++ simulate_platform "arm64-darwin-22", &example ++ end ++ ++ it "still installs the generic RUBY variant if necessary" do + bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } + end ++ ++ it "still installs the generic RUBY variant if necessary, even in frozen mode" do ++ bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s, "BUNDLE_FROZEN" => "true" } ++ end + end + + it "doesn't discard previously installed platform specific gem and fall back to ruby on subsequent bundles" do diff --git a/SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch b/SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch new file mode 100644 index 0000000..7617e02 --- /dev/null +++ b/SOURCES/rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch @@ -0,0 +1,54 @@ +From 891246c3865ed0af7e277ca50c079f466d035f7c Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Thu, 1 Jun 2023 13:22:24 +0200 +Subject: [PATCH] Backport "Fix another issue of Bundler not falling back to an + installable candidate" + +In this case, when materializing a legacy lockfile using only "ruby" +platform, and in frozen mode. + +===== + +Commit adapted from: https://github.com/rubygems/rubygems/pull/6261 +--- + bundler/lib/bundler/lazy_specification.rb | 11 +++-- + .../install/gemfile/specific_platform_spec.rb | 41 ++++++++++++------- + 2 files changed, 35 insertions(+), 17 deletions(-) + +diff --git a/bundler/lib/bundler/lazy_specification.rb b/bundler/lib/bundler/lazy_specification.rb +index e8bee25ab..a65020e6c 100644 +--- a/bundler/lib/bundler/lazy_specification.rb ++++ b/bundler/lib/bundler/lazy_specification.rb +@@ -85,7 +85,7 @@ def materialize_for_installation + + installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform) + +- specification = __materialize__(installable_candidates) ++ specification = __materialize__(installable_candidates, :fallback_to_non_installable => false) + return specification unless specification.nil? + + if target_platform != platform +@@ -98,13 +98,18 @@ def materialize_for_installation + __materialize__(candidates) + end + +- def __materialize__(candidates) ++ # If in frozen mode, we fallback to a non-installable candidate because by ++ # doing this we avoid re-resolving and potentially end up changing the ++ # lock file, which is not allowed. In that case, we will give a proper error ++ # about the mismatch higher up the stack, right before trying to install the ++ # bad gem. ++ def __materialize__(candidates, fallback_to_non_installable: Bundler.frozen_bundle?) + search = candidates.reverse.find do |spec| + spec.is_a?(StubSpecification) || + (spec.matches_current_ruby? && + spec.matches_current_rubygems?) + end +- if search.nil? && Bundler.frozen_bundle? ++ if search.nil? && fallback_to_non_installable + search = candidates.last + else + search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification)) +-- +2.41.0.rc1 + diff --git a/SOURCES/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch b/SOURCES/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch new file mode 100644 index 0000000..157a5be --- /dev/null +++ b/SOURCES/rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch @@ -0,0 +1,144 @@ +From 0985592ad2d815ac461100807f5b2621e5f49b21 Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Fri, 31 Mar 2023 11:54:07 +0200 +Subject: [PATCH 1/2] Provide fix for bundler Gemfile resolving regression. + +Instead of resolving to correct Ruby platform, it preferred the +archful package, that is actually incompatible. + +See https://github.com/sclorg/s2i-ruby-container/issues/469 +for an example of the bug. + +Commit taken from: + +and adapted: + +for the PR#6225. +--- + bundler/lib/bundler/index.rb | 5 ++ + bundler/lib/bundler/lazy_specification.rb | 64 ++++++++++------------- + 2 files changed, 34 insertions(+), 35 deletions(-) + +diff --git a/bundler/lib/bundler/index.rb b/bundler/lib/bundler/index.rb +index ed16c90a3..903e220d5 100644 +--- a/bundler/lib/bundler/index.rb ++++ b/bundler/lib/bundler/index.rb +@@ -71,6 +71,7 @@ def local_search(query) + when Gem::Specification, RemoteSpecification, LazySpecification, EndpointSpecification then search_by_spec(query) + when String then specs_by_name(query) + when Gem::Dependency then search_by_dependency(query) ++ when Array then search_by_name_and_version(*query) + else + raise "You can't search for a #{query.inspect}." + end +@@ -173,6 +174,10 @@ def search_by_dependency(dependency) + end + end + ++ def search_by_name_and_version(name, version) ++ specs_by_name(name).select { |spec| spec.version == version } ++ end ++ + EMPTY_SEARCH = [].freeze + + def search_by_spec(spec) +diff --git a/bundler/lib/bundler/lazy_specification.rb b/bundler/lib/bundler/lazy_specification.rb +index 949e8264b..e8bee25ab 100644 +--- a/bundler/lib/bundler/lazy_specification.rb ++++ b/bundler/lib/bundler/lazy_specification.rb +@@ -13,7 +13,6 @@ def initialize(name, version, platform, source = nil) + @dependencies = [] + @platform = platform || Gem::Platform::RUBY + @source = source +- @specification = nil + end + + def full_name +@@ -76,37 +75,41 @@ def to_lock + def materialize_for_installation + source.local! + +- candidates = if source.is_a?(Source::Path) || !ruby_platform_materializes_to_ruby_platform? +- target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform ++ matching_specs = source.specs.search(use_exact_resolved_specifications? ? self : [name, version]) ++ return self if matching_specs.empty? + +- GemHelpers.select_best_platform_match(source.specs.search(Dependency.new(name, version)), target_platform) +- else +- source.specs.search(self) +- end ++ candidates = if use_exact_resolved_specifications? ++ matching_specs ++ else ++ target_platform = ruby_platform_materializes_to_ruby_platform? ? platform : local_platform ++ ++ installable_candidates = GemHelpers.select_best_platform_match(matching_specs, target_platform) ++ ++ specification = __materialize__(installable_candidates) ++ return specification unless specification.nil? + +- return self if candidates.empty? ++ if target_platform != platform ++ installable_candidates = GemHelpers.select_best_platform_match(matching_specs, platform) ++ end ++ ++ installable_candidates ++ end + + __materialize__(candidates) + end + + def __materialize__(candidates) +- @specification = begin +- search = candidates.reverse.find do |spec| +- spec.is_a?(StubSpecification) || +- (spec.matches_current_ruby? && +- spec.matches_current_rubygems?) +- end +- if search.nil? && Bundler.frozen_bundle? +- search = candidates.last +- else +- search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification)) +- end +- search ++ search = candidates.reverse.find do |spec| ++ spec.is_a?(StubSpecification) || ++ (spec.matches_current_ruby? && ++ spec.matches_current_rubygems?) + end +- end +- +- def respond_to?(*args) +- super || @specification ? @specification.respond_to?(*args) : nil ++ if search.nil? && Bundler.frozen_bundle? ++ search = candidates.last ++ else ++ search.dependencies = dependencies if search && search.full_name == full_name && (search.is_a?(RemoteSpecification) || search.is_a?(EndpointSpecification)) ++ end ++ search + end + + def to_s +@@ -127,17 +130,8 @@ def git_version + end + + private +- +- def to_ary +- nil +- end +- +- def method_missing(method, *args, &blk) +- raise "LazySpecification has not been materialized yet (calling :#{method} #{args.inspect})" unless @specification +- +- return super unless respond_to?(method) +- +- @specification.send(method, *args, &blk) ++ def use_exact_resolved_specifications? ++ @use_exact_resolved_specifications ||= !source.is_a?(Source::Path) && ruby_platform_materializes_to_ruby_platform? + end + + # +-- +2.40.0 + diff --git a/SOURCES/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch b/SOURCES/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch new file mode 100644 index 0000000..33f29d4 --- /dev/null +++ b/SOURCES/rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch @@ -0,0 +1,60 @@ +From cb3d287a91e9b6762e47635137d6024fe39e117d Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Fri, 31 Mar 2023 12:06:21 +0200 +Subject: [PATCH] Tests from bundler's PR#6225. + +See . +--- + .../install/gemfile/specific_platform_spec.rb | 36 +++++++++++++++++++ + 1 file changed, 36 insertions(+) + +diff --git a/bundler/spec/install/gemfile/specific_platform_spec.rb b/bundler/spec/install/gemfile/specific_platform_spec.rb +index 98efec396..a29446305 100644 +--- a/bundler/spec/install/gemfile/specific_platform_spec.rb ++++ b/bundler/spec/install/gemfile/specific_platform_spec.rb +@@ -104,6 +104,42 @@ + L + end + ++ it "still installs the generic RUBY variant if necessary even when running on a legacy lockfile locked only to RUBY" do ++ build_repo4 do ++ build_gem "nokogiri", "1.3.10" ++ build_gem "nokogiri", "1.3.10" do |s| ++ s.platform = "arm64-darwin" ++ s.required_ruby_version = "< #{Gem.ruby_version}" ++ end ++ ++ build_gem "bundler", "2.1.4" ++ end ++ ++ gemfile <<~G ++ source "#{file_uri_for(gem_repo4)}" ++ gem "nokogiri" ++ G ++ ++ lockfile <<-L ++ GEM ++ remote: #{file_uri_for(gem_repo4)}/ ++ specs: ++ nokogiri (1.3.10) ++ PLATFORMS ++ ruby ++ DEPENDENCIES ++ nokogiri ++ RUBY VERSION ++ 2.5.3p105 ++ BUNDLED WITH ++ 2.1.4 ++ L ++ ++ simulate_platform "arm64-darwin-22" do ++ bundle "update --bundler", :artifice => "compact_index", :env => { "BUNDLER_SPEC_GEM_REPO" => gem_repo4.to_s } ++ end ++ end ++ + it "doesn't discard previously installed platform specific gem and fall back to ruby on subsequent bundles" do + build_repo2 do + build_gem("libv8", "8.4.255.0") +-- +2.40.0 + diff --git a/SOURCES/test_openssl_fips.rb b/SOURCES/test_openssl_fips.rb new file mode 100644 index 0000000..ffc7883 --- /dev/null +++ b/SOURCES/test_openssl_fips.rb @@ -0,0 +1,34 @@ +require 'openssl' + +# Run openssl tests in OpenSSL FIPS. See the link below for how to test. +# https://github.com/ruby/openssl/blob/master/.github/workflows/test.yml +# - step name: test on fips module + +# Listing the testing files by an array explicitly rather than the `Dir.glob` +# to prevent the test files from not loading unintentionally. +TEST_FILES = %w[ + test/openssl/test_fips.rb + test/openssl/test_pkey.rb +].freeze + +if ARGV.empty? + puts 'ERROR: Argument base_dir required.' + puts "Usage: #{__FILE__} base_dir [options]" + exit false +end +BASE_DIR = ARGV[0] +abs_test_files = TEST_FILES.map { |file| File.join(BASE_DIR, file) } + +# Set Fedora/RHEL downstream OpenSSL downstream environment variable to enable +# FIPS module in non-FIPS OS environment. It is available in Fedora 38 or later +# versions. +# https://src.fedoraproject.org/rpms/openssl/blob/rawhide/f/0009-Add-Kernel-FIPS-mode-flag-support.patch +ENV['OPENSSL_FORCE_FIPS_MODE'] = '1' +# A flag to tell the tests the current environment is FIPS enabled. +# https://github.com/ruby/openssl/blob/master/test/openssl/test_fips.rb +ENV['TEST_RUBY_OPENSSL_FIPS_ENABLED'] = 'true' + +abs_test_files.each do |file| + puts "INFO: Loading #{file}." + require file +end diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 0353b41..3f063cc 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 1 -%global teeny_version 2 +%global teeny_version 4 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -22,7 +22,7 @@ %endif -%global release 141 +%global release 143 %{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} # The RubyGems library has to stay out of Ruby directory tree, since the @@ -30,20 +30,22 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.3.7 +%global rubygems_version 3.3.26 %global rubygems_molinillo_version 0.7.0 +%global rubygems_optparse_version 0.2.0 +%global rubygems_tsort_version 0.1.0 # Default gems. -%global bundler_version 2.3.7 +%global bundler_version 2.3.26 %global bundler_connection_pool_version 2.3.0 %global bundler_fileutils_version 1.4.1 -%global bundler_molinillo_version 0.7.0 +%global bundler_molinillo_version 0.8.0 %global bundler_net_http_persistent_version 4.0.0 %global bundler_thor_version 1.2.1 %global bundler_tmpdir_version 0.1.0 # TODO: Check the version if/when available in library. %global bundler_tsort_version 0.1.1 -%global bundler_uri_version 0.10.1 +%global bundler_uri_version 0.10.3 %global bigdecimal_version 3.1.1 %global did_you_mean_version 1.6.1 @@ -51,8 +53,8 @@ %global io_console_version 0.5.11 %global irb_version 1.4.1 %global json_version 2.6.1 -%global openssl_version 3.0.0 -%global psych_version 4.0.3 +%global openssl_version 3.0.1 +%global psych_version 4.0.4 %global racc_version 1.6.0 %global rdoc_version 6.4.0 %global stringio_version 3.0.1 @@ -70,9 +72,9 @@ %global net_smtp_version 0.3.1 %global matrix_version 0.4.2 %global prime_version 0.1.2 -%global rbs_version 2.1.0 -%global typeprof_version 0.21.2 -%global debug_version 1.4.0 +%global rbs_version 2.7.0 +%global typeprof_version 0.21.3 +%global debug_version 1.6.3 %global tapset_libdir %(echo %{_libdir} | sed 's/64//')* @@ -118,6 +120,8 @@ Source11: rubygems.con Source13: test_abrt.rb # SystemTap tests. Source14: test_systemtap.rb +# Ruby OpenSSL FIPS tests. +Source15: test_openssl_fips.rb # The load directive is supported since RPM 4.12, i.e. F21+. The build process # fails on older Fedoras. @@ -139,8 +143,6 @@ Patch3: ruby-2.1.0-always-use-i386.patch # Allows to install RubyGems into custom directory, outside of Ruby's tree. # http://bugs.ruby-lang.org/issues/5617 Patch4: ruby-2.1.0-custom-rubygems-location.patch -# Make mkmf verbose by default -Patch5: ruby-1.9.3-mkmf-verbose.patch # The ABRT hook used to be initialized by preludes via following patches: # https://bugs.ruby-lang.org/issues/8566 # https://bugs.ruby-lang.org/issues/15306 @@ -159,14 +161,6 @@ Patch7: ruby-3.1.0-Don-t-query-RubyVM-FrozenCore-for-class-path.patch # Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add. # https://bugs.ruby-lang.org/issues/16492 Patch19: ruby-2.7.1-Timeout-the-test_bug_reporter_add-witout-raising-err.patch -# Fix a test for `bin/bundle update --bundler` in `make test-bundler`. -# https://bugs.ruby-lang.org/issues/18643 -# https://github.com/rubygems/rubygems/commit/bfa2f72cfa3bfde34049d26dcb24976316074ad7 -Patch20: ruby-bundler-2.4.0-bundle-update-bundler-test-in-ruby.patch -# Workaround gem binary extensions build and installation issues. -# https://bugs.ruby-lang.org/issues/18373 -# https://github.com/ruby/ruby/pull/5774 -Patch21: ruby-3.2.0-Build-extension-libraries-in-bundled-gems.patch # If digest argument to method `sign` is nil, # NULL will be provided to OpenSSL function # to let it choose digest itself. @@ -181,21 +175,75 @@ Patch23: ruby-3.1.2-ossl-tests-replace-sha1.patch # https://github.com/ruby/ruby/pull/5934 Patch24: ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch # To regenerate the patch you need to have ruby, autoconf, xz, tar and make installed: -# tar -Jxvf ./ruby-3.1.2.tar.xz +# tar -Jxvf ./ruby-3.1.4.tar.xz # git clone https://github.com/ruby/ruby.git -# cd ruby && git checkout v3_1_2 +# cd ruby && git checkout v3_1_4 # patch -p1 < ../ruby-3.2.0-define-unsupported-gc-compaction-methods-as-rb_f_notimplement.patch # ./autogen.sh && ./configure # make gc.rbinc miniprelude.c # cd .. -# diff -u {ruby-3.1.2,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch -# diff -u {ruby-3.1.2,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch +# diff -u {ruby-3.1.4,ruby}/gc.rbinc > ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch +# diff -u {ruby-3.1.4,ruby}/miniprelude.c >> ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch Patch25: ruby-3.2.0-define-unsupported-gc-compaction-methods_generated-files.patch # Define the GC compaction support macro at run time. # https://bugs.ruby-lang.org/issues/18829 # https://github.com/ruby/ruby/pull/6019 # https://github.com/ruby/ruby/commit/2c190863239bee3f54cfb74b16bb6ea4cae6ed20 Patch26: ruby-3.2.0-Detect-compaction-support-during-runtime.patch +# Fix OpenSSL.fips_mode in OpenSSL 3 FIPS. +# https://github.com/ruby/openssl/pull/608 +# https://github.com/ruby/ruby/commit/678d41bc51fe31834eec0b653ba0e47de5420aa0 +Patch30: ruby-3.3.0-openssl-3.2.0-fix-fips-get-set-in-openssl-3.patch +# Fix OpenSSL::PKey.read in OpenSSL 3 FIPS. +# The patch is a combination of the following 2 commits to simplify the patch. +# https://github.com/ruby/openssl/pull/615 +# https://github.com/ruby/ruby/commit/2a4834057b30a26c38ece3961b370c0b2ee59380 +# https://github.com/ruby/openssl/pull/669 +# https://github.com/ruby/ruby/commit/b0ec1db8a72c530460abd9462ac75845362886bd +Patch31: ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-read-in-openssl-3.patch +# Enable tests in OpenSSL FIPS. +# https://github.com/ruby/openssl/pull/615 +# https://github.com/ruby/ruby/commit/920bc71284f417f9044b0dc1822b1d29a8fc61e5 +Patch32: ruby-3.3.0-openssl-3.2.0-fips-enable-tests.patch +# ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters +# https://github.com/ruby/openssl/pull/674 +# https://github.com/ruby/ruby/commit/b6d7cdc2bad0eadbca73f3486917f0ec7a475814 +Patch33: ruby-3.3.0-openssl-3.2.0-fips-fix-pkey-dh-require-openssl.patch +# Drop hard dependency on RDoc in IRB. +# https://github.com/ruby/irb/pull/393 +Patch34: ruby-irb-1.4.1-drop-rdoc-hard-dep.patch +# Set soft dependency on RDoc in input-method.rb in IRB. +# https://github.com/ruby/irb/pull/395 +Patch35: ruby-irb-1.4.1-set-rdoc-soft-dep.patch +# A Weakmap test uses compaction without safeguarding if the method is defined. +# This test should be skipped if compaction is not supported on the platform. +# https://github.com/ruby/ruby/commit/bffadcd6d46ccfccade79ce0efb60ced8eac4483 +# https://bugs.ruby-lang.org/issues/19529#note-7 +Patch36: ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch +# Bundler does not correctly resolve archful gems in 2.3.26. +# Example of such an issue +# https://github.com/sclorg/s2i-ruby-container/issues/469 +# The patch is an amalgamation of the following: +# https://github.com/rubygems/rubygems/pull/6225 +# https://github.com/rubygems/rubygems/commit/7b64c64262a7a980c0eb23b96ea56cf72ea06e89 +# Backport requested in +# https://bugs.ruby-lang.org/issues/19576 +Patch37: rubygem-bundler-2.3.26-Provide-fix-for-bundler-Gemfile-resolving-regression.patch +Patch38: rubygem-bundler-2.3.26-Tests-from-bundler-PR-6225.patch +# Continuation of the bundler fix for s2i-ruby-container #469 issue. +# Additionally to already described problem, when bundler is run with +# --deployment it again resolves to the incorrect gem from Rubygems repository. +# Fix and test from: +# https://github.com/rubygems/rubygems/pull/6261 +# https://bugs.ruby-lang.org/issues/19576#note-4 +Patch39: rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back.patch +Patch40: rubygem-bundler-2.3.26-Backport-Fix-another-issue-of-Bundler-not-falling-back-test.patch +# Renew expired test certificates. +# https://github.com/ruby/net-http/pull/169 +Patch41: ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch +# Update URI to 0.12.2 and Bundler::URI to 0.10.3 to mitigate CVE-2023-36617. +# https://github.com/ruby/ruby/pull/7996 +Patch42: ruby-3.1.5-CVE-2023-36617-for-Ruby-3.1.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} Suggests: rubypick @@ -338,6 +386,7 @@ Requires: ruby(rubygems) >= %{rubygems_version} # ruby-default-gems is required to run irb. # https://bugs.ruby-lang.org/issues/16951 Requires: ruby-default-gems >= %{ruby_version} +Recommends: rubygem(rdoc) >= %{rdoc_version} Provides: irb = %{version}-%{release} Provides: rubygem(irb) = %{version}-%{release} # Obsoleted by Ruby 2.6 in F30 timeframe. @@ -477,6 +526,8 @@ many machines, systematically and repeatably. %package bundled-gems Summary: Bundled gems which are part of Ruby StdLib Requires: ruby(rubygems) >= %{rubygems_version} +# Runtime dependency of rubygem(debug). +Recommends: rubygem(irb) >= %{irb_version} Provides: rubygem(net-ftp) = %{net_ftp_version} Provides: rubygem(net-imap) = %{net_imap_version} Provides: rubygem(net-pop) = %{net_pop_version} @@ -646,23 +697,30 @@ rm -rf ext/fiddle/libffi* %patch2 -p1 %patch3 -p1 %patch4 -p1 -%patch5 -p1 %patch6 -p1 %patch7 -p1 %patch19 -p1 -%patch20 -p1 - -# Once the upstream tarball contains the files on the right place, this code -# won't be necessary. This should happen at the same moment when the patch21 -# is not needed anymore. -mkdir .bundle/specifications -find .bundle/gems -name '*-[0-9]*.gemspec' -exec cp -t .bundle/specifications/ {} + -%patch21 -p1 %patch22 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 +%patch35 -p1 +%patch36 -p1 +%patch37 -p2 +%patch39 -p2 +%patch41 -p1 +%patch42 -p1 + +pushd spec/bundler +%patch38 -p3 +%patch40 -p3 +popd # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -686,13 +744,16 @@ autoconf --with-ruby-pc='%{name}.pc' \ --with-compress-debug-sections=no \ --disable-rpath \ + --enable-mkmf-verbose \ --enable-shared \ --with-ruby-version='' \ --enable-multiarch \ # V=1 in %%make_build outputs the compiler options more verbosely. +# Set the V=1 VERBOSE=1. RPM 4.14 or earlier versions do not have the options. +# https://github.com/rpm-software-management/rpm/commit/8655493bdfd6b76271893b148033f2ff580d2d39 # https://bugs.ruby-lang.org/issues/18756 -%make_build COPY="cp -p" +%make_build COPY="cp -p" V=1 VERBOSE=1 %install rm -rf %{buildroot} @@ -873,6 +934,21 @@ checksec --file=libruby.so.%{ruby_version} | \ puts Gem::Resolver::Molinillo::VERSION\\\"\" | tail -1`" \ == '%{rubygems_molinillo_version}' ] +# OptParse. +make runruby TESTRUN_SCRIPT="-e \" \ + module Gem; end; \ + require 'rubygems/optparse/lib/optparse'; \ + puts '%%{rubygems_optparse_version}: %{rubygems_optparse_version}'; \ + puts %Q[Gem::OptionParser::Version: #{Gem::OptionParser::Version}]; \ + exit 1 if Gem::OptionParser::Version != '%{rubygems_optparse_version}'; \ +\"" + +# tsort +# TODO: Provide some real version test if version is available. +make runruby TESTRUN_SCRIPT="-e \" \ + module Gem; end;\ + require 'rubygems/tsort/lib/tsort'\"" + # Check Bundler bundled dependencies versions. # connection_pool. @@ -944,44 +1020,31 @@ MSPECOPTS="" # Avoid `hostname' dependency. %{!?with_hostname:MSPECOPTS="-P 'Socket.gethostname returns the host name'"} -# https://bugs.ruby-lang.org/issues/18380 -DISABLE_TESTS="$DISABLE_TESTS -n !/TestAddressResolve#test_socket_getnameinfo_domain_blocking/" - -# These tests use certificates that were generated using SHA1, which seems to be the problem with them -# as setting the crypto policy to LEGACY makes them pass. -# https://github.com/rubygems/rubygems/issues/5454 -DISABLE_TESTS="$DISABLE_TESTS \ - -n !/TestGemSecurityPolicy#test_check_cert_issuer/ \ - -n !/TestGemSecurityPolicy#test_check_chain/ \ - -n !/TestGemSecurityPolicy#test_check_chain_invalid/ \ - -n !/TestGemSecurityPolicy#test_verify_signatures_missing/ \ - -n !/TestGemSecurityPolicy#test_verify_signatures_trust/ \ - -n !/TestGemSecurityPolicy#test_check_root/ \ - -n !/TestGemSecurityPolicy#test_verify_signatures_chain/ \ - -n !/TestGemSecurityPolicy#test_verify_chain_signatures/ \ - -n !/TestGemSecurityPolicy#test_verify_signatures/ \ - -n !/TestGemSecurityPolicy#test_verify_signatures_root/ \ - -n !/TestGemSecuritySigner#test_sign/ \ - -n !/TestGemPackage#test_verify_security_policy_checksum_missing/ \ - -n !/TestGemPackage#test_build_auto_signed/ \ - -n !/TestGemPackage#test_build_signed_encrypted_key/ \ - -n !/TestGemPackage#test_verify_security_policy_low_security/ \ - -n !/TestGemPackage#test_build_auto_signed_encrypted_key/ \ - -n !/TestGemPackage#test_build_signed/ \ - -n !/TestGemPackageTarWriter#test_add_file_signer/ \ - -n !/TestGemRequest#test_configure_connection_for_https/ \ - -n !/TestGemRequest#test_configure_connection_for_https_ssl_ca_cert/" - # Several test broken by libffi-3.4.2. There should be fix in libffi, once # other components are fixed. # https://bugzilla.redhat.com/show_bug.cgi?id=2040380 mv test/fiddle/test_import.rb{,.disable} +mv test/fiddle/test_closure.rb{,.disable} +DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunc#test_qsort1/" +DISABLE_TESTS="$DISABLE_TESTS -n !/Fiddle::TestFunction#test_argument_count/" + +# Some infra allows DNS resolution but then does not allow +# connection to proceed, let's ignore it altogether for now. +# Our expectation is that there is no network connectivity outside +# available loopback interface. That is not the reality currently. +# https://issues.redhat.com/browse/CS-1959 +DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/" # Give an option to increase the timeout in tests. # https://bugs.ruby-lang.org/issues/16921 %{?test_timeout_scale:RUBY_TEST_TIMEOUT_SCALE="%{test_timeout_scale}"} \ make check TESTS="-v $DISABLE_TESTS" MSPECOPT="-fs $MSPECOPTS" +# Run Ruby OpenSSL tests in OpenSSL FIPS. +make runruby TESTRUN_SCRIPT=" \ + -I%{_builddir}/%{buildsubdir}/tool/lib --enable-gems \ + %{SOURCE15} %{_builddir}/%{buildsubdir} --verbose" + %{?with_bundler_tests:make test-bundler-parallel} %files @@ -1233,8 +1296,8 @@ mv test/fiddle/test_import.rb{,.disable} %{gem_dir}/specifications/default/abbrev-0.1.0.gemspec %{gem_dir}/specifications/default/base64-0.1.1.gemspec %{gem_dir}/specifications/default/benchmark-0.2.0.gemspec -%{gem_dir}/specifications/default/cgi-0.3.1.gemspec -%{gem_dir}/specifications/default/csv-3.2.2.gemspec +%{gem_dir}/specifications/default/cgi-0.3.6.gemspec +%{gem_dir}/specifications/default/csv-3.2.5.gemspec %{gem_dir}/specifications/default/date-3.2.2.gemspec %{gem_dir}/specifications/default/delegate-0.2.0.gemspec %{gem_dir}/specifications/default/did_you_mean-%{did_you_mean_version}.gemspec @@ -1255,7 +1318,7 @@ mv test/fiddle/test_import.rb{,.disable} %{gem_dir}/specifications/default/ipaddr-1.2.4.gemspec %{gem_dir}/specifications/default/logger-1.5.0.gemspec %{gem_dir}/specifications/default/mutex_m-0.1.1.gemspec -%{gem_dir}/specifications/default/net-http-0.2.0.gemspec +%{gem_dir}/specifications/default/net-http-0.3.0.gemspec %{gem_dir}/specifications/default/net-protocol-0.1.2.gemspec %{gem_dir}/specifications/default/nkf-0.1.1.gemspec %{gem_dir}/specifications/default/observer-0.1.1.gemspec @@ -1271,12 +1334,12 @@ mv test/fiddle/test_import.rb{,.disable} %{gem_dir}/specifications/default/racc-%{racc_version}.gemspec %{gem_dir}/specifications/default/readline-0.0.3.gemspec %{gem_dir}/specifications/default/readline-ext-0.1.4.gemspec -%{gem_dir}/specifications/default/reline-0.3.0.gemspec +%{gem_dir}/specifications/default/reline-0.3.1.gemspec %{gem_dir}/specifications/default/resolv-0.2.1.gemspec %{gem_dir}/specifications/default/resolv-replace-0.1.0.gemspec %{gem_dir}/specifications/default/rinda-0.1.1.gemspec %{gem_dir}/specifications/default/ruby2_keywords-0.0.5.gemspec -%{gem_dir}/specifications/default/securerandom-0.1.1.gemspec +%{gem_dir}/specifications/default/securerandom-0.2.0.gemspec %{gem_dir}/specifications/default/set-1.0.2.gemspec %{gem_dir}/specifications/default/shellwords-0.1.0.gemspec %{gem_dir}/specifications/default/singleton-0.1.1.gemspec @@ -1284,12 +1347,12 @@ mv test/fiddle/test_import.rb{,.disable} %{gem_dir}/specifications/default/strscan-3.0.1.gemspec %{gem_dir}/specifications/default/syslog-0.1.0.gemspec %{gem_dir}/specifications/default/tempfile-0.1.2.gemspec -%{gem_dir}/specifications/default/time-0.2.0.gemspec +%{gem_dir}/specifications/default/time-0.2.2.gemspec %{gem_dir}/specifications/default/timeout-0.2.0.gemspec %{gem_dir}/specifications/default/tmpdir-0.1.2.gemspec %{gem_dir}/specifications/default/tsort-0.1.0.gemspec %{gem_dir}/specifications/default/un-0.2.0.gemspec -%{gem_dir}/specifications/default/uri-0.11.0.gemspec +%{gem_dir}/specifications/default/uri-0.12.2.gemspec %{gem_dir}/specifications/default/weakref-0.1.1.gemspec #%%{gem_dir}/specifications/default/win32ole-1.8.8.gemspec %{gem_dir}/specifications/default/yaml-0.2.0.gemspec @@ -1375,7 +1438,6 @@ mv test/fiddle/test_import.rb{,.disable} %doc %{gem_dir}/gems/debug-%{debug_version}/README.md %{gem_dir}/gems/debug-%{debug_version}/Rakefile %doc %{gem_dir}/gems/debug-%{debug_version}/TODO.md -%{gem_dir}/gems/debug-%{debug_version}/bin %{gem_dir}/gems/debug-%{debug_version}/exe %{gem_dir}/gems/debug-%{debug_version}/lib %{gem_dir}/gems/debug-%{debug_version}/misc @@ -1466,7 +1528,7 @@ mv test/fiddle/test_import.rb{,.disable} %license %{gem_dir}/gems/rbs-%{rbs_version}/BSDL %doc %{gem_dir}/gems/rbs-%{rbs_version}/CHANGELOG.md %license %{gem_dir}/gems/rbs-%{rbs_version}/COPYING -%{gem_dir}/gems/rbs-%{rbs_version}/Gemfile +%{gem_dir}/gems/rbs-%{rbs_version}/Gemfile* %doc %{gem_dir}/gems/rbs-%{rbs_version}/README.md %{gem_dir}/gems/rbs-%{rbs_version}/Rakefile %{gem_dir}/gems/rbs-%{rbs_version}/Steepfile @@ -1523,7 +1585,6 @@ mv test/fiddle/test_import.rb{,.disable} %{gem_dir}/gems/typeprof-%{typeprof_version}/lib %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/tools %exclude %{gem_dir}/gems/typeprof-%{typeprof_version}/typeprof-lsp -%exclude %{gem_dir}/gems/typeprof-%{typeprof_version}/vscode %{gem_dir}/specifications/typeprof-%{typeprof_version}.gemspec %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/Gemfile* %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/README.md @@ -1531,6 +1592,30 @@ mv test/fiddle/test_import.rb{,.disable} %changelog +* Thu Mar 14 2024 Jarek Prokop - 3.1.4-143 +- Upgrade to Ruby 3.1.4. + Resolves: RHEL-29052 +- Fix HTTP response splitting in CGI. + Resolves: RHEL-29054 +- Fix ReDos vulnerability in URI. + Resolves: RHEL-29051 + Resolves: RHEL-29050 +- Fix ReDos vulnerability in Time. + Resolves: RHEL-29053 +- Make RDoc soft dependency in IRB. + Resolves: RHEL-29048 + +* Sun Dec 03 2023 Jun Aruga - 3.1.2-142 +- Bypass git submodule test failure on Git >= 2.38.1. +- Fix tests with Europe/Amsterdam pre-1970 time on tzdata version 2022b. +- Fix for tzdata-2022g. +- Fix OpenSSL.fips_mode and OpenSSL::PKey.read in OpenSSL 3 FIPS. + Resolves: RHEL-12437 +- ssl: use ffdhe2048 from RFC 7919 as the default DH group parameters + Related: RHEL-12437 +- Disable fiddle tests that use FFI closures. + Related: RHEL-12437 + * Wed Mar 29 2023 MSVSphere Packaging Team - 3.1.2-141 - Rebuilt for MSVSphere 9.1.