diff --git a/Add-support-dalli-3.2.2.patch b/Add-support-dalli-3.2.2.patch new file mode 100644 index 0000000000000000000000000000000000000000..ab2bc8d65f4bfeab29099da92ae53cf2ec2069f6 --- /dev/null +++ b/Add-support-dalli-3.2.2.patch @@ -0,0 +1,45 @@ +diff -Nur a/cache/stores/mem_cache_store_test.rb b/cache/stores/mem_cache_store_test.rb +--- a/cache/stores/mem_cache_store_test.rb 2021-08-20 00:25:04.000000000 +0800 ++++ b/cache/stores/mem_cache_store_test.rb 2022-07-05 11:22:22.774850776 +0800 +@@ -17,8 +17,12 @@ + end + end + +-class UnavailableDalliServer < Dalli::Server +- def alive? ++class UnavailableDalliServer < Dalli::Protocol::Binary ++ def alive? # before https://github.com/petergoldstein/dalli/pull/863 ++ false ++ end ++ ++ def ensure_connected! # after https://github.com/petergoldstein/dalli/pull/863 + false + end + end +@@ -263,17 +267,21 @@ + end + + def emulating_unavailability +- old_server = Dalli.send(:remove_const, :Server) +- Dalli.const_set(:Server, UnavailableDalliServer) ++ old_server = Dalli::Protocol.send(:remove_const, :Binary) ++ Dalli::Protocol.const_set(:Binary, UnavailableDalliServer) + + yield ActiveSupport::Cache::MemCacheStore.new + ensure +- Dalli.send(:remove_const, :Server) +- Dalli.const_set(:Server, old_server) ++ Dalli::Protocol.send(:remove_const, :Binary) ++ Dalli::Protocol.const_set(:Binary, old_server) + end + + def servers(cache = @cache) +- client(cache).instance_variable_get(:@servers) ++ if client(cache).instance_variable_defined?(:@normalized_servers) ++ client(cache).instance_variable_get(:@normalized_servers) ++ else ++ client(cache).instance_variable_get(:@servers) ++ end + end + + def client(cache = @cache) diff --git a/CVE-2023-22796.patch b/CVE-2023-22796.patch new file mode 100644 index 0000000000000000000000000000000000000000..6d48383f66104ba84bb422114a0ee214a9b409fc --- /dev/null +++ b/CVE-2023-22796.patch @@ -0,0 +1,27 @@ +From a7cda7e6aa5334ab41b1f4b0f671be931be946ef Mon Sep 17 00:00:00 2001 +From: John Hawthorn +Date: Wed, 11 Jan 2023 10:14:55 -0800 +Subject: [PATCH] Avoid regex backtracking in Inflector.underscore + +[CVE-2023-22796] +--- + activesupport/lib/active_support/inflector/methods.rb | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb b/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb +index ad136532bf..acb86fe1a4 100644 +--- a/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb ++++ b/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb +@@ -93,8 +93,7 @@ def underscore(camel_cased_word) + return camel_cased_word unless /[A-Z-]|::/.match?(camel_cased_word) + word = camel_cased_word.to_s.gsub("::", "/") + word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" } +- word.gsub!(/([A-Z\d]+)([A-Z][a-z])/, '\1_\2') +- word.gsub!(/([a-z\d])([A-Z])/, '\1_\2') ++ word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" } + word.tr!("-", "_") + word.downcase! + word +-- +2.35.1 + diff --git a/activesupport-5.2.4.4.gem b/activesupport-5.2.4.4.gem deleted file mode 100644 index 3df172640a4ead9c85b58ab1f9dd24b502cb3e3b..0000000000000000000000000000000000000000 Binary files a/activesupport-5.2.4.4.gem and /dev/null differ diff --git a/activesupport-7.0.4-tests.txz b/activesupport-7.0.4-tests.txz new file mode 100644 index 0000000000000000000000000000000000000000..fb308940daa088103d3afe5deb39ed83659d0104 Binary files /dev/null and b/activesupport-7.0.4-tests.txz differ diff --git a/activesupport-7.0.4.gem b/activesupport-7.0.4.gem new file mode 100644 index 0000000000000000000000000000000000000000..3c823a0fa145f351e8db893ea88d531ca123083b Binary files /dev/null and b/activesupport-7.0.4.gem differ diff --git a/rails-7.0.4-tools.txz b/rails-7.0.4-tools.txz new file mode 100644 index 0000000000000000000000000000000000000000..a34575fdf39b93e8e835d608b0b5ba493a31d89d Binary files /dev/null and b/rails-7.0.4-tools.txz differ diff --git a/rubygem-activesupport-7.0.2.3-Fix-tests-for-minitest-5.16.patch b/rubygem-activesupport-7.0.2.3-Fix-tests-for-minitest-5.16.patch new file mode 100644 index 0000000000000000000000000000000000000000..4f325b0a32f05dc3bc733888874f666232f8e47d --- /dev/null +++ b/rubygem-activesupport-7.0.2.3-Fix-tests-for-minitest-5.16.patch @@ -0,0 +1,72 @@ +From 9766eb4a833c26c64012230b96dd1157ebb8e8a2 Mon Sep 17 00:00:00 2001 +From: eileencodes +Date: Wed, 15 Jun 2022 12:44:11 -0400 +Subject: [PATCH] Fix tests for minitest 5.16 + +In minitest/minitest@6e06ac9 minitest changed such that it now accepts +`kwargs` instead of requiring kwargs to be shoved into the args array. +This is a good change but required some updates to our test code to get +the new version of minitest passing. + +Changes are as follows: + +1) Lock minitest to 5.15 for Ruby 2.7. We don't love this change but +it's pretty difficult to get 2.7 and 3.0 to play nicely together with +the new kwargs changes. Dropping 2.7 support isn't an option right +now for Rails. This is safe because all of the code changes here are +internal methods to Rails like assert_called_with. Applications +shouldn't be consuming them as they are no-doc'd. +2) Update the `assert_called_with` method to take any kwargs but also +the returns kwarg. +3) Update callers of `assert_called_with` to move the kwargs outside the +args array. +4) Update the message from marshaled exceptions. In 5.16 the exception +message is "result not reported" instead of "Wrapped undumpable +exception". + +Co-authored-by: Matthew Draper +--- + .../testing/method_call_assertions.rb | 22 +++- + 1 file changed, 20 insertions(+), 2 deletions(-) + +diff --git a/activesupport/lib/active_support/testing/method_call_assertions.rb b/activesupport/lib/active_support/testing/method_call_assertions.rb +index 72451faaa8cc4..f146eefce0354 100644 +--- a/activesupport/lib/active_support/testing/method_call_assertions.rb ++++ b/activesupport/lib/active_support/testing/method_call_assertions.rb +@@ -17,9 +17,9 @@ def assert_called(object, method_name, message = nil, times: 1, returns: nil, &b + assert_equal times, times_called, error + end + +- def assert_called_with(object, method_name, args, returns: nil, &block) ++ def assert_called_with(object, method_name, args, returns: false, **kwargs, &block) + mock = Minitest::Mock.new +- mock.expect(:call, returns, args) ++ expect_called_with(mock, args, returns: returns, **kwargs) + + object.stub(method_name, mock, &block) + +@@ -30,6 +30,24 @@ def assert_not_called(object, method_name, message = nil, &block) + assert_called(object, method_name, message, times: 0, &block) + end + ++ #-- ++ # This method is a temporary wrapper for mock.expect as part of ++ # the Minitest 5.16 / Ruby 3.0 kwargs transition. It can go away ++ # when we drop support for Ruby 2.7. ++ if Minitest::Mock.instance_method(:expect).parameters.map(&:first).include?(:keyrest) ++ def expect_called_with(mock, args, returns: false, **kwargs) ++ mock.expect(:call, returns, args, **kwargs) ++ end ++ else ++ def expect_called_with(mock, args, returns: false, **kwargs) ++ if !kwargs.empty? ++ mock.expect(:call, returns, [*args, kwargs]) ++ else ++ mock.expect(:call, returns, args) ++ end ++ end ++ end ++ + def assert_called_on_instance_of(klass, method_name, message = nil, times: 1, returns: nil) + times_called = 0 + klass.define_method("stubbed_#{method_name}") do |*| diff --git a/rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with-test.patch b/rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..7baf4185e372fc61205595ce59887c04f1ed504a --- /dev/null +++ b/rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with-test.patch @@ -0,0 +1,39 @@ +From df0de681dc1873534ecd2fc8371e1f2562984b68 Mon Sep 17 00:00:00 2001 +From: John Crepezzi +Date: Thu, 16 Jun 2022 08:34:05 -0400 +Subject: [PATCH] Remove the multi-call form of assert_called_with + +The `assert_called_with` helper allows passing a multi-dimensional array to +mock multiple calls to the same method for a given block. This works +fine now, but when adding support for real kwargs arguments to line up with +recent upgrades in Minitest, this approach is no longer workable because +we can't pass multiple sets of differing kwargs. + +Rather than complicated this method further, this commit removes the +multi-call form of `assert_called_with` and modifies the tests that +currently make use of that functionality to just use the underlying +`Minitest::Mock` calls. + +Co-authored-by: Eileen M. Uchitelle +--- + .../testing/method_call_assertions_test.rb | 7 -- + 1 file changed, 7 deletions(-) + +diff --git a/activesupport/test/testing/method_call_assertions_test.rb b/activesupport/test/testing/method_call_assertions_test.rb +index e75630d2e4228..4d59e0bd3c222 100644 +--- a/activesupport/test/testing/method_call_assertions_test.rb ++++ b/activesupport/test/testing/method_call_assertions_test.rb +@@ -82,13 +82,6 @@ def test_assert_called_with_failure + end + end + +- def test_assert_called_with_multiple_expected_arguments +- assert_called_with(@object, :<<, [ [ 1 ], [ 2 ] ]) do +- @object << 1 +- @object << 2 +- end +- end +- + def test_assert_called_on_instance_of_with_defaults_to_expect_once + assert_called_on_instance_of Level, :increment do + @object.increment diff --git a/rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with.patch b/rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with.patch new file mode 100644 index 0000000000000000000000000000000000000000..b368c92c95c3586c64498270754cd22e89f32716 --- /dev/null +++ b/rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with.patch @@ -0,0 +1,39 @@ +From df0de681dc1873534ecd2fc8371e1f2562984b68 Mon Sep 17 00:00:00 2001 +From: John Crepezzi +Date: Thu, 16 Jun 2022 08:34:05 -0400 +Subject: [PATCH] Remove the multi-call form of assert_called_with + +The `assert_called_with` helper allows passing a multi-dimensional array to +mock multiple calls to the same method for a given block. This works +fine now, but when adding support for real kwargs arguments to line up with +recent upgrades in Minitest, this approach is no longer workable because +we can't pass multiple sets of differing kwargs. + +Rather than complicated this method further, this commit removes the +multi-call form of `assert_called_with` and modifies the tests that +currently make use of that functionality to just use the underlying +`Minitest::Mock` calls. + +Co-authored-by: Eileen M. Uchitelle +--- + .../testing/method_call_assertions.rb | 7 +- + 1 file changed, 1 insertion(+), 6 deletions(-) + +diff --git a/activesupport/lib/active_support/testing/method_call_assertions.rb b/activesupport/lib/active_support/testing/method_call_assertions.rb +index c8d2dbaa52ab5..72451faaa8cc4 100644 +--- a/activesupport/lib/active_support/testing/method_call_assertions.rb ++++ b/activesupport/lib/active_support/testing/method_call_assertions.rb +@@ -19,12 +19,7 @@ def assert_called(object, method_name, message = nil, times: 1, returns: nil, &b + + def assert_called_with(object, method_name, args, returns: nil, &block) + mock = Minitest::Mock.new +- +- if args.all?(Array) +- args.each { |arg| mock.expect(:call, returns, arg) } +- else +- mock.expect(:call, returns, args) +- end ++ mock.expect(:call, returns, args) + + object.stub(method_name, mock, &block) + diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec index ff467a18fc9ed714c7054cddca82117aa72f716a..cdf34d30678b6077ec0a07000c417edd093b7b25 100644 --- a/rubygem-activesupport.spec +++ b/rubygem-activesupport.spec @@ -1,19 +1,21 @@ -%bcond_with bootstrap %global gem_name activesupport Name: rubygem-%{gem_name} -Epoch: 2 -Version: 5.2.4.4 -Release: 1 +Epoch: 1 +Version: 6.1.4.1 +Release: 2 Summary: A support libraries and Ruby core extensions extracted from the Rails framework License: MIT URL: http://rubyonrails.org -Source0: https://rubygems.org/gems/activesupport-5.2.4.4.gem -Source1: https://github.com/rails/rails/archive/v5.2.4.4.tar.gz +Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem +Source1: %{gem_name}-%{version}-tests.txz +Source2: rails-%{version}-tools.txz +Patch0: Add-support-dalli-3.2.2.patch +Patch1: CVE-2023-22796.patch Requires: rubygem(bigdecimal) rubygem(json) BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder) BuildRequires: rubygem(concurrent-ruby) rubygem(connection_pool) rubygem(dalli) BuildRequires: (rubygem(i18n) >= 0.7 with rubygem(i18n) < 2) rubygem(minitest) >= 5.0.0 -BuildRequires: rubygem(rack) rubygem(tzinfo) >= 1.1 rubygem(listen) rubygem(redis) memcached +BuildRequires: rubygem(rack) rubygem(tzinfo) >= 2.0 rubygem(listen) rubygem(redis) memcached rubygem(rexml) BuildArch: noarch %description A toolkit of support libraries and Ruby core extensions extracted from the @@ -28,7 +30,12 @@ BuildArch: noarch Documentation for %{name}. %prep -%setup -q -n %{gem_name}-%{version} +%setup -q -n %{gem_name}-%{version} -b1 -b2 +pushd %{_builddir}/test +%patch0 -p1 +popd +%patch1 -p2 + %build gem build ../%{gem_name}-%{version}.gemspec @@ -39,11 +46,10 @@ mkdir -p %{buildroot}%{gem_dir} cp -a .%{gem_dir}/* \ %{buildroot}%{gem_dir}/ -%if %{with bootstrap} %check pushd .%{gem_instdir} -tar xzvf %{SOURCE1} -cd rails-%{version}/%{gem_name} +ln -s %{_builddir}/tools .. +mv %{_builddir}/test . for f in \ test/evented_file_update_checker_test.rb \ test/cache/stores/redis_cache_store_test.rb # failed to require "redis/connection/hiredis" @@ -51,13 +57,14 @@ do mv $f{,.disable} done sed -i '/def test_iso8601_output_and_reparsing$/,/^ end$/ s/^/#/' test/core_ext/duration_test.rb +sed -i '/assert_nil mapped\[:b\]/ s/^/#/' test/core_ext/hash/transform_values_test.rb +sed -i '/require .bundler./ s/^/#/' test/abstract_unit.rb memcached & mPID=$! sleep 1 ruby -Ilib:test -e 'Dir.glob "./test/**/*_test.rb", &method(:require)' kill -15 $mPID popd -%endif %files %dir %{gem_instdir} @@ -72,6 +79,15 @@ popd %doc %{gem_instdir}/README.rdoc %changelog +* Mon Feb 02 2023 wushaozheng - 6.1.4.1-3 +- fix CVE-2021-20300 + +* Tue Jul 05 2022 liyanan - 6.1.4.1-2 +- Add support dalli 3.2.2 + +* Wed Mar 02 2022 jiangxinyu - 6.1.4.1-1 +- update to 6.1.4.1 + * Mon Feb 8 2021 sunguoshuai - 5.2.4.4-1 - Upgrade to 5.2.4.4 diff --git a/v5.2.4.4.tar.gz b/v5.2.4.4.tar.gz deleted file mode 100644 index 6191daf33e0601a05f29c470eca8d428974f5e8e..0000000000000000000000000000000000000000 Binary files a/v5.2.4.4.tar.gz and /dev/null differ