| |
@@ -21,7 +21,7 @@
|
| |
%endif
|
| |
|
| |
|
| |
- %global release 127
|
| |
+ %global release 128
|
| |
%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
|
| |
|
| |
# The RubyGems library has to stay out of Ruby directory tree, since the
|
| |
@@ -32,11 +32,14 @@
|
| |
%global rubygems_version 3.0.3
|
| |
%global rubygems_molinillo_version 0.5.7
|
| |
|
| |
- %global bundler_version 1.17.2
|
| |
- %global bundler_fileutils_version 1.1.0
|
| |
- %global bundler_molinillo_version 0.6.6
|
| |
- %global bundler_net_http_persistent_version 2.9.4
|
| |
- %global bundler_thor_version 0.20.0
|
| |
+ %global bundler_version 2.2.22
|
| |
+ %global bundler_connection_pool_version 2.2.2
|
| |
+ %global bundler_fileutils_version 1.4.1
|
| |
+ %global bundler_molinillo_version 0.7.0
|
| |
+ %global bundler_net_http_persistent_version 4.0.0
|
| |
+ %global bundler_thor_version 1.1.0
|
| |
+ %global bundler_tmpdir_version 0.1.0
|
| |
+ %global bundler_uri_version 0.10.0
|
| |
|
| |
%global bigdecimal_version 1.4.1
|
| |
%global did_you_mean_version 1.3.0
|
| |
@@ -106,6 +109,9 @@
|
| |
Source13: test_abrt.rb
|
| |
# SystemTap tests.
|
| |
Source14: test_systemtap.rb
|
| |
+ # git clone --no-checkout git@github.com:rubygems/rubygems.git
|
| |
+ # git -C rubygems archive --prefix=rubygems/ -v -o ruby-rubygems-bundler-v2.2.22.txz bundler-v2.2.22
|
| |
+ Source15: ruby-rubygems-bundler-v%{bundler_version}.txz
|
| |
|
| |
# The load directive is supported since RPM 4.12, i.e. F21+. The build process
|
| |
# fails on older Fedoras.
|
| |
@@ -165,6 +171,18 @@
|
| |
Patch41: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
|
| |
# https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704
|
| |
Patch42: ruby-2.8.0-Moved-not-implemented-method-tests.patch
|
| |
+ # Update `bundler.gemspec` from RubyGems, required to pass `make test-bundler`.
|
| |
+ # Compare RubyGems `bundler/bundler.gemspec` with Ruby `lib/bundler/bundler.gemspec`.
|
| |
+ Patch50: rubygems-bundler-gemspec-for-make-test-bundler.patch
|
| |
+ # A missing gem error message is changed on RubyGems 3.2.13.
|
| |
+ # https://github.com/ruby/ruby/commit/7efc7afcae6720e1af7ab49986d789b6f9d6fe0a
|
| |
+ Patch51: rubygems-3.2.13-test-gem-message.patch
|
| |
+ # Add rake dependnecy to run `make test-bundler`.
|
| |
+ # https://github.com/ruby/ruby/commit/614154bbb6adeb06cce755be7b8540e1594703c5
|
| |
+ Patch52: ruby-2.7.0-test-bundler-add-rake.patch
|
| |
+ # Make spec/bundler/support/path.rb#ruby_core? return true.
|
| |
+ # https://github.com/ruby/ruby/commit/5a384e2c08704dc7af9d8d3bdfc475eb8c0723aa
|
| |
+ Patch53: ruby-2.7.0-test-bundler-add-env-gem-command.patch
|
| |
|
| |
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
| |
Suggests: rubypick
|
| |
@@ -539,12 +557,21 @@
|
| |
|
| |
|
| |
%prep
|
| |
- %setup -q -n %{ruby_archive}
|
| |
+ %setup -q -n %{ruby_archive} -b15
|
| |
|
| |
# Remove bundled libraries to be sure they are not used.
|
| |
rm -rf ext/psych/yaml
|
| |
rm -rf ext/fiddle/libffi*
|
| |
|
| |
+ # Update Bundler to fix CVE-2020-36327.
|
| |
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1958999
|
| |
+ rm -rf lib/bundler{.rb,}
|
| |
+ rm -rf {spec,tool}/bundler
|
| |
+ cp -a %{_builddir}/rubygems/bundler/lib/bundler{.rb,} lib/
|
| |
+ cp -a %{_builddir}/rubygems/bundler/bundler.gemspec lib/bundler/
|
| |
+ cp -a %{_builddir}/rubygems/bundler/spec spec/bundler
|
| |
+ cp -a %{_builddir}/rubygems/bundler/tool/bundler tool/bundler
|
| |
+
|
| |
%patch0 -p1
|
| |
%patch1 -p1
|
| |
%patch2 -p1
|
| |
@@ -562,6 +589,10 @@
|
| |
%patch22 -p1
|
| |
%patch41 -p1
|
| |
%patch42 -p1
|
| |
+ %patch50 -p1
|
| |
+ %patch51 -p1
|
| |
+ %patch52 -p1
|
| |
+ %patch53 -p1
|
| |
|
| |
# Provide an example of usage of the tapset:
|
| |
cp -a %{SOURCE3} .
|
| |
@@ -625,13 +656,9 @@
|
| |
do
|
| |
rm %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert
|
| |
rm -r $(dirname %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/$cert)
|
| |
- rm %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert
|
| |
- rm -r $(dirname %{buildroot}%{ruby_libdir}/bundler/ssl_certs/$cert)
|
| |
done
|
| |
# Ensure there is not forgotten any certificate.
|
| |
test ! "$(ls -A %{buildroot}%{rubygems_dir}/rubygems/ssl_certs/ 2>/dev/null)"
|
| |
- test "$(ls -A %{buildroot}%{ruby_libdir}/bundler/ssl_certs/ 2>/dev/null)" \
|
| |
- = "certificate_manager.rb"
|
| |
|
| |
# Move macros file into proper place and replace the %%{name} macro, since it
|
| |
# would be wrongly evaluated during build of other packages.
|
| |
@@ -798,8 +825,11 @@
|
| |
# Check Bundler bundled dependencies versions.
|
| |
|
| |
# FileUtils.
|
| |
- # TODO: There is no version in bundled FileUtils yet.
|
| |
- #%%{global bundler_fileutils_version}
|
| |
+ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
|
| |
+ module Bundler; end; \
|
| |
+ require 'bundler/vendor/fileutils/lib/fileutils'; \
|
| |
+ puts Bundler::FileUtils::VERSION\\\"\" | tail -1`" \
|
| |
+ == '%{bundler_fileutils_version}' ]
|
| |
|
| |
# Molinillo.
|
| |
[ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
|
| |
@@ -823,6 +853,17 @@
|
| |
puts Bundler::Thor::VERSION\\\"\" | tail -1`" \
|
| |
== '%{bundler_thor_version}' ]
|
| |
|
| |
+ # tmpdir.
|
| |
+ # TODO: There is no version in bundled tmpdir yet.
|
| |
+ #%%{global bundler_tmpdir_version}
|
| |
+
|
| |
+ # URI.
|
| |
+ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" \
|
| |
+ module Bundler; end; \
|
| |
+ require 'bundler/vendor/uri/lib/uri/version'; \
|
| |
+ puts Bundler::URI::VERSION\\\"\" | tail -1`" \
|
| |
+ == '%{bundler_uri_version}' ]
|
| |
+
|
| |
|
| |
# test_debug(TestRubyOptions) fails due to LoadError reported in debug mode,
|
| |
# when abrt.rb cannot be required (seems to be easier way then customizing
|
| |
@@ -1214,6 +1255,10 @@
|
| |
%{_mandir}/man5/gemfile.5*
|
| |
|
| |
%changelog
|
| |
+ * Thu Jul 08 2021 Jun Aruga <jaruga@redhat.com> - 2.6.6-128
|
| |
+ - Upgrade to Bundler 2.2.22.
|
| |
+ Resolves: CVE-2020-36327
|
| |
+
|
| |
* Wed Jul 07 2021 Jun Aruga <jaruga@redhat.com> - 2.6.6-127
|
| |
- Fix FTBFS due to incompatible load directive.
|
| |
- Properly support DWARF5 debug information.
|
| |
Resolves: CVE-2020-36327
This PR is just to show an possibility to upgrade rubygem-bundler sub package in rpms/ruby Ruby 2.6 to fix CVE-2020-36327 as well as the following PRs.
https://src.fedoraproject.org/rpms/ruby/pull-request/88
https://src.fedoraproject.org/rpms/ruby/pull-request/90
This PR is working in progress. The
make check
passes on mock. I am trying to fix themake test-bundler
showing the following error now.