diff --git a/Add-support-dalli-3.2.2.patch b/Add-support-dalli-3.2.2.patch deleted file mode 100644 index ab2bc8d65f4bfeab29099da92ae53cf2ec2069f6..0000000000000000000000000000000000000000 --- a/Add-support-dalli-3.2.2.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -Nur a/cache/stores/mem_cache_store_test.rb b/cache/stores/mem_cache_store_test.rb ---- a/cache/stores/mem_cache_store_test.rb 2021-08-20 00:25:04.000000000 +0800 -+++ b/cache/stores/mem_cache_store_test.rb 2022-07-05 11:22:22.774850776 +0800 -@@ -17,8 +17,12 @@ - end - end - --class UnavailableDalliServer < Dalli::Server -- def alive? -+class UnavailableDalliServer < Dalli::Protocol::Binary -+ def alive? # before https://github.com/petergoldstein/dalli/pull/863 -+ false -+ end -+ -+ def ensure_connected! # after https://github.com/petergoldstein/dalli/pull/863 - false - end - end -@@ -263,17 +267,21 @@ - end - - def emulating_unavailability -- old_server = Dalli.send(:remove_const, :Server) -- Dalli.const_set(:Server, UnavailableDalliServer) -+ old_server = Dalli::Protocol.send(:remove_const, :Binary) -+ Dalli::Protocol.const_set(:Binary, UnavailableDalliServer) - - yield ActiveSupport::Cache::MemCacheStore.new - ensure -- Dalli.send(:remove_const, :Server) -- Dalli.const_set(:Server, old_server) -+ Dalli::Protocol.send(:remove_const, :Binary) -+ Dalli::Protocol.const_set(:Binary, old_server) - end - - def servers(cache = @cache) -- client(cache).instance_variable_get(:@servers) -+ if client(cache).instance_variable_defined?(:@normalized_servers) -+ client(cache).instance_variable_get(:@normalized_servers) -+ else -+ client(cache).instance_variable_get(:@servers) -+ end - end - - def client(cache = @cache) diff --git a/CVE-2023-22796.patch b/CVE-2023-22796.patch deleted file mode 100644 index 314bc13236cd5b0a15e29e8e031e69234ec2577a..0000000000000000000000000000000000000000 --- a/CVE-2023-22796.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2164d4f6a1bde74b911fe9ba3c8df1b5bf345bf8 Mon Sep 17 00:00:00 2001 -From: John Hawthorn -Date: Wed, 11 Jan 2023 10:14:55 -0800 -Subject: [PATCH] Avoid regex backtracking in Inflector.underscore - -[CVE-2023-22796] ---- - activesupport/lib/active_support/inflector/methods.rb | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/activesupport/lib/active_support/inflector/methods.rb b/activesupport/lib/active_support/inflector/methods.rb -index 68a00d73f2..43abb9c4e1 100644 ---- a/activesupport/lib/active_support/inflector/methods.rb -+++ b/activesupport/lib/active_support/inflector/methods.rb -@@ -97,7 +97,7 @@ def underscore(camel_cased_word) - return camel_cased_word.to_s unless /[A-Z-]|::/.match?(camel_cased_word) - word = camel_cased_word.to_s.gsub("::", "/") - word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" } -- word.gsub!(/([A-Z]+)(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" } -+ word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" } - word.tr!("-", "_") - word.downcase! - word --- -2.35.1 - diff --git a/activesupport-7.0.4.gem b/activesupport-7.0.4.gem deleted file mode 100644 index 3c823a0fa145f351e8db893ea88d531ca123083b..0000000000000000000000000000000000000000 Binary files a/activesupport-7.0.4.gem and /dev/null differ diff --git a/activesupport-7.0.4-tests.txz b/activesupport-7.0.6-tests.txz similarity index 98% rename from activesupport-7.0.4-tests.txz rename to activesupport-7.0.6-tests.txz index fb308940daa088103d3afe5deb39ed83659d0104..0ff280c7a09ad0372269741c736ad2218e9a0756 100644 Binary files a/activesupport-7.0.4-tests.txz and b/activesupport-7.0.6-tests.txz differ diff --git a/activesupport-7.0.6.gem b/activesupport-7.0.6.gem new file mode 100644 index 0000000000000000000000000000000000000000..dbbaf53dcf4189c68c6dc764cb34e163e2970966 Binary files /dev/null and b/activesupport-7.0.6.gem differ diff --git a/rails-7.0.4-tools.txz b/rails-7.0.6-tools.txz similarity index 97% rename from rails-7.0.4-tools.txz rename to rails-7.0.6-tools.txz index a34575fdf39b93e8e835d608b0b5ba493a31d89d..379b0d3d7b8f851d3070ea5d45093599bfb9142f 100644 Binary files a/rails-7.0.4-tools.txz and b/rails-7.0.6-tools.txz differ diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec index 409982d125dc6c2256285bdd93366ab02c9c3903..094ca87e90abe7865d7dfa32cb2b9ef6866b23d1 100644 --- a/rubygem-activesupport.spec +++ b/rubygem-activesupport.spec @@ -1,8 +1,8 @@ %global gem_name activesupport Name: rubygem-%{gem_name} Epoch: 1 -Version: 7.0.4 -Release: 2 +Version: 7.0.6 +Release: 1 Summary: A support libraries and Ruby core extensions extracted from the Rails framework License: MIT URL: http://rubyonrails.org @@ -23,7 +23,6 @@ Patch1: rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_calle Patch2: rubygem-activesupport-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with-test.patch # https://github.com/rails/rails/pull/45370 Patch3: rubygem-activesupport-7.0.2.3-Fix-tests-for-minitest-5.16.patch -Patch4: CVE-2023-22796.patch Requires: rubygem(bigdecimal) rubygem(json) BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder) @@ -31,6 +30,7 @@ BuildRequires: rubygem(concurrent-ruby) rubygem(connection_pool) rubygem(d BuildRequires: (rubygem(i18n) >= 0.7 with rubygem(i18n) < 2) rubygem(minitest) >= 5.0.0 BuildRequires: rubygem(rack) rubygem(tzinfo) >= 2.0 rubygem(listen) rubygem(redis) memcached rubygem(rexml) BuildArch: noarch + %description A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, @@ -47,7 +47,6 @@ Documentation for %{name}. %setup -q -n %{gem_name}-%{version} -b1 -b2 %patch1 -p2 %patch3 -p2 -%patch4 -p2 pushd %{_builddir} %patch2 -p2 @@ -97,6 +96,9 @@ popd %doc %{gem_instdir}/README.rdoc %changelog +* Wed Aug 02 2023 jiangxinyu - 1:7.0.6-1 +- Upgrade to version 7.0.6 + * Tue Feb 21 2023 wushaozheng - 1:7.0.4-2 - fix CVE-2023-22796