#10 WIP: Update to Ruby 2.4.3.
Closed 3 years ago by pvalena. Opened 3 years ago by pvalena.
rpms/ pvalena/ruby rebase  into  master

@@ -0,0 +1,29 @@ 

+ From e7464561b5151501beb356fc750d5dd1a88014f7 Mon Sep 17 00:00:00 2001

+ From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>

+ Date: Wed, 20 Dec 2017 04:18:31 +0000

+ Subject: [PATCH] Fixed command Injection

+ 

+ * resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential

+   command Injection in Hosts::new() by use of Kernel#open.

+   [Fix GH-1777] [ruby-core:84347] [Bug #14205]

+ 

+ From: Drigg3r <drigg3r@yandex.com>

+ 

+ git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

+ ---

+  lib/resolv.rb | 2 +-

+  1 file changed, 1 insertion(+), 1 deletion(-)

+ 

+ diff --git a/lib/resolv.rb b/lib/resolv.rb

+ index 1044b95e6810..56183b837d81 100644

+ --- a/lib/resolv.rb

+ +++ b/lib/resolv.rb

+ @@ -188,7 +188,7 @@ def lazy_initialize # :nodoc:

+          unless @initialized

+            @name2addr = {}

+            @addr2name = {}

+ -          open(@filename, 'rb') {|f|

+ +          File.open(@filename, 'rb') {|f|

+              f.each {|line|

+                line.sub!(/#.*/, '')

+                addr, hostname, *aliases = line.split(/\s+/)

file modified
+10 -2
@@ -1,6 +1,6 @@ 

  %global major_version 2

  %global minor_version 4

- %global teeny_version 2

+ %global teeny_version 3

  %global major_minor_version %{major_version}.%{minor_version}

  

  %global ruby_version %{major_minor_version}.%{teeny_version}
@@ -29,7 +29,7 @@ 

  %global rubygems_dir %{_datadir}/rubygems

  

  # Bundled libraries versions

- %global rubygems_version 2.6.13

+ %global rubygems_version 2.6.14

  %global molinillo_version 0.5.7

  

  # TODO: The IRB has strange versioning. Keep the Ruby's versioning ATM.
@@ -131,6 +131,10 @@ 

  # hardening features of glibc (rhbz#1361037).

  # https://bugs.ruby-lang.org/issues/12666

  Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch

+ # Fix: Command injection in lib/resolv.rb:lazy_initialize()

+ # https://bugzilla.redhat.com/show_bug.cgi?id=1528226

+ # https://github.com/ruby/ruby/commit/e7464561b5151501beb356fc750d5dd1a88014f7

+ Patch10: ruby-2.4.3-Fix-Command-injection-in-lib-resolv-lazy_initialize.patch

  

  Requires: %{name}-libs%{?_isa} = %{version}-%{release}

  Suggests: rubypick
@@ -1035,6 +1039,10 @@ 

  %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec

  

  %changelog

+ * Thu Dec 21 2017 Pavel Valena <pvalena@redhat.com> - 2.4.3-86

+ - Update to Ruby 2.4.3.

+ - Fix: Command injection in lib/resolv.rb:lazy_initialize() (rhbz#1528226)

+ 

  * Fri Oct 27 2017 Jun Aruga <jaruga@redhat.com> - 2.4.2-86

  - Add macro to remove rubypick dependency.

  - Improve "with" conditional statement as inline.

file modified
+1 -1
@@ -1,1 +1,1 @@ 

- SHA512 (ruby-2.4.2.tar.xz) = c1d42272fb0d94b693452e703b0ea4942bf59cbd4b08ba83bf039f54be97ebc88511632413da0164970b4cf97bc302bccb88aab48edfa8fa147498e7ee741595

+ SHA512 (ruby-2.4.3.tar.xz) = 8bcf60c994a96787da5d743c66f5609a5a6d834d6d61243cdea7fd059197c3b10da43c99e5649be85e2f2329eedcbb1dd76e89ce3ac586be9056348f7449ed09

Includes fix for rhbz#1528226.

WIP

Currently fails on ppc64le during debuginfo generation:

extracting debug info from /builddir/build/BUILDROOT/ruby-2.4.3-86.fc28.ppc64le/usr/lib64/libruby.so.2.4.3
/usr/lib/rpm/sepdebugcrcfix: Updated 101 CRC32s, 0 CRC32s did match.
cpio: ext/ripper/defs/keywords: Cannot stat: No such file or directory
cpio: ext/ripper/parse.c: Cannot stat: No such file or directory
cpio: probes.o.dtrace-temp.c: Cannot stat: No such file or directory
56232 blocks

https://koji.fedoraproject.org/koji/taskinfo?taskID=23829678
https://koji.fedoraproject.org/koji/taskinfo?taskID=23828734

Other random test failures:

TestTrace#test_trace_stackoverflow [/builddir/build/BUILD/ruby-2.4.3/test/ruby/test_trace.rb:64]:
pid 29850 killed by SIGSEGV (signal 11) (core dumped)
| -:5: [BUG] object allocation during garbage collection phase
| ruby 2.4.3p205 (2017-12-14 revision 61247) [x86_64-linux]
| 
| -- Control frame information -----------------------------------------------

https://koji.fedoraproject.org/koji/taskinfo?taskID=23828733

TestThread#test_thread_interrupt_for_killed_thread [/builddir/build/BUILD/ruby-2.4.3/test/ruby/test_thread.rb:1173]:
[Bug #8996]
pid 13449 killed by SIGABRT (signal 6) (core dumped)

https://koji.fedoraproject.org/koji/taskinfo?taskID=23831047

TestIO_Console#test_ioflush2 [/builddir/build/BUILD/ruby-2.4.3/test/io/console/test_io_console.rb:230]:
Expected ["b", "ab"] to include "a".

https://koji.fedoraproject.org/koji/taskinfo?taskID=23831046

Currently fails on ppc64le during debuginfo generation:

You don't read the log correctly. This is what fails:

+ grep 'Full RELRO.*Canary found.*NX enabled.*DSO.*No RPATH.*No RUNPATH.*No.*\d*.*\d*.*libruby.so.2.4.3'
+ checksec -f libruby.so.2.4.3

And that is because rhbz#1479302 was fixed. Please see this [1] commit for the necessary change (not sure why I have not committed it separately, sorry :/ ).

Thanks!

@vondruch , so the missing files/ warnings are false positives only?
(Taking in account it's separated from the root cause of failure.)

@vondruch , so the missing files/ warnings are false positives only?

Yep

Pull-Request has been closed by pvalena

3 years ago