diff --git a/rubygem-puma-3.12.0-TLS13-fix.patch b/rubygem-puma-3.12.0-TLS13-fix.patch new file mode 100644 index 0000000..ccb552f --- /dev/null +++ b/rubygem-puma-3.12.0-TLS13-fix.patch @@ -0,0 +1,32 @@ +From 6a7112d51b3de3439c4be512f68a8d4e33e02665 Mon Sep 17 00:00:00 2001 +From: MSP-Greg +Date: Tue, 21 Aug 2018 20:08:06 -0500 +Subject: [PATCH] Update test files + +2. Stability changes +--- + test_puma_server_ssl.rb | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/test_puma_server_ssl.rb b/test/test_puma_server_ssl.rb +index d479203f..7ffecc36 100644 +--- a/test/test_puma_server_ssl.rb ++++ b/test/test_puma_server_ssl.rb +@@ -152,7 +162,7 @@ def assert_ssl_client_error_match(error, subject=nil, &blk) + req = Net::HTTP::Get.new "/", {} + http.request(req) + end +- rescue OpenSSL::SSL::SSLError ++ rescue OpenSSL::SSL::SSLError, EOFError + client_error = true + end + +@@ -165,7 +175,7 @@ def assert_ssl_client_error_match(error, subject=nil, &blk) + assert_equal host, events.addr if error + assert_equal subject, events.cert.subject.to_s if subject + end +- ++ ensure + server.stop(true) + end + diff --git a/rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch b/rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch index 3f04761..b4e8a2c 100644 --- a/rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch +++ b/rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch @@ -2,15 +2,15 @@ diff --git a/ext/puma_http11/mini_ssl.c b/ext/puma_http11/mini_ssl.c index 7e0fd5e..88c4652 100644 --- a/ext/puma_http11/mini_ssl.c +++ b/ext/puma_http11/mini_ssl.c -@@ -175,7 +175,7 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) { - SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_COMPRESSION); - SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); - -- SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH"); -+ SSL_CTX_set_cipher_list(ctx, "PROFILE=SYSTEM"); +@@ -183,7 +183,7 @@ VALUE engine_init_server(VALUE self, VALUE mini_ssl_ctx) { + SSL_CTX_set_cipher_list(ctx, RSTRING_PTR(ssl_cipher_filter)); + } + else { +- SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL@STRENGTH"); ++ SSL_CTX_set_cipher_list(ctx, "PROFILE=SYSTEM"); + } DH *dh = get_dh1024(); - SSL_CTX_set_tmp_dh(ctx, dh); -- 2.5.5 diff --git a/rubygem-puma.spec b/rubygem-puma.spec index 4cf074f..a75f21a 100644 --- a/rubygem-puma.spec +++ b/rubygem-puma.spec @@ -2,26 +2,29 @@ %global gem_name puma Name: rubygem-%{gem_name} -Version: 3.11.4 -Release: 2%{?dist} +Version: 3.12.0 +Release: 1%{?dist} Summary: A simple, fast, threaded, and highly concurrent HTTP 1.1 server License: BSD URL: http://puma.io Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem # The puma gem doesn't ship with the test suite. # git clone https://github.com/puma/puma.git && cd puma -# git checkout v3.11.4 && tar czvf puma-3.11.4-tests.tgz test/ +# git checkout v3.12.0 && tar czvf puma-3.12.0-tests.tgz test/ Source1: %{gem_name}-%{version}-tests.tgz # The puma gem doesn't ship with the examples used in test suite. -# tar czvf puma-3.11.4-examples.tgz examples/ +# tar czvf puma-3.12.0-examples.tgz examples/ Source3: %{gem_name}-%{version}-examples.tgz # Set the default cipher list "PROFILE=SYSTEM". # https://fedoraproject.org/wiki/Packaging:CryptoPolicies Patch2: rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch +# TLS 1.3 makes some test behave a bit differently. +# https://github.com/puma/puma/commit/6a7112d51b3de3439c4be512f68a8d4e33e02665 +Patch3: rubygem-puma-3.12.0-TLS13-fix.patch BuildRequires: openssl-devel BuildRequires: ruby(release) BuildRequires: rubygems-devel -BuildRequires: ruby-devel >= 1.9.3 +BuildRequires: ruby-devel BuildRequires: rubygem(rack) BuildRequires: rubygem(minitest) BuildRequires: %{_bindir}/ragel @@ -47,6 +50,10 @@ Documentation for %{name}. %patch2 -p1 +pushd %{_builddir} +%patch3 -p1 +popd + # Regenarate the parser. # https://fedoraproject.org/wiki/Packaging:Guidelines#Use_of_pregenerated_code rm -f ext/puma_http11/http11_parser.c @@ -95,6 +102,9 @@ sed -i "/Minitest::Retry/ s/^/#/" test/helper.rb # Skip unstable tests. sed -i '/^ def test_timeout_in_data_phase$/a\ skip "Unstable test"' test/test_puma_server.rb +# https://github.com/puma/puma/issues/1615 +sed -i '/^ def test_control_url$/a\ + skip "Unstable test"' test/test_pumactl.rb # Not sure how to enable SSLv3 on client side, which is by default disabled # on Fedora, to test the server :/ @@ -131,6 +141,9 @@ popd %{gem_instdir}/tools %changelog +* Tue Sep 25 2018 Vít Ondruch - 3.12.0-1 +- Update to Puma 3.12.0. + * Sat Jul 14 2018 Fedora Release Engineering - 3.11.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/sources b/sources index 8e303d8..5be4f87 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (puma-3.11.4.gem) = 2c83c2f2ac538fab915bf2f1846728f70185d3fd3825c3081a36dddcff8bafef1e9ba022a000ee6fe3dcece886ea189779f0cd0af0d55523d151ae300bf5adda -SHA512 (puma-3.11.4-tests.tgz) = 1bb56362d068ec751773b5e9f6bbe602069285a4a4c437de763184b39d6351e76b62dcb64ef5995812157c8fe48937b4b77ca29d7d09750cb3e158cc52001dcc -SHA512 (puma-3.11.4-examples.tgz) = 98f33cc70c8c8910b37ae91312d35908408278f3d3053764e518625846f888edc2aa14a624b0e1ece837be8e15ee167b5371024db6f46130e494b4bdd5512f5c +SHA512 (puma-3.12.0-examples.tgz) = b106ef8fc6f9e81e545bace4f63a1ba15bf294e68b15cd705fa2f9c585d109ff30c07ab1d5175abce097885f27227a1ca87356eccc2346787942c1bc254c7a47 +SHA512 (puma-3.12.0-tests.tgz) = edd1b7f63447bc5b134a80f574126170605309eb5e95597fb301b38ded06328f1c1fbc63b649d44966107368865c0946b97931beea7c6094b415d3871057a849 +SHA512 (puma-3.12.0.gem) = d940675c488830a2a656b3f86483226cc2cfaefea87e763280a1a831fea033f75e54b8c15d3609d041814b095288a73a44d32d9ec05831f3e9aeac6b01ddd1ff