Commit cc0df111 authored by TBK's avatar TBK Committed by Leo
Browse files

main/ruby: security upgrade to 2.7.2

parent ea3fd894
......@@ -3,6 +3,8 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
#
# secfixes:
# 2.7.2-r0:
# - CVE-2020-25613
# 2.6.6-r0:
# - CVE-2020-10663
# - CVE-2020-10933
......@@ -34,9 +36,9 @@
# - CVE-2017-17405
#
pkgname=ruby
pkgver=2.7.1
pkgver=2.7.2
_abiver="${pkgver%.*}.0"
pkgrel=3
pkgrel=0
pkgdesc="An object-oriented language for quick and easy programming"
url="https://www.ruby-lang.org/"
arch="all"
......@@ -71,7 +73,6 @@ source="https://cache.ruby-lang.org/pub/ruby/${pkgver%.*}/ruby-$pkgver.tar.gz
rubygems-avoid-platform-specific-gems.patch
test_insns-lower-recursion-depth.patch
fix-get_main_stack.patch
openssl-config-support-include-directive.patch
arm-coroutines.patch
"
replaces="ruby-gems"
......@@ -111,6 +112,13 @@ prepare() {
update_config_guess
autoconf
# v2.7.1 - Of all the bootstraptest only test_fiber fails on s390x:
# test_fiber.rb bootstraptest.tmp.rb:8: [BUG] vm_call_cfunc: cfp consistency error (0x000003ffb63fefb0, 0x000003ffb42f5f58)
case "$CARCH" in
s390x)
rm bootstraptest/test_fiber.rb ;;
esac
}
build() {
......@@ -357,9 +365,8 @@ _mvgem() {
done
}
sha512sums="d54ec78d46644269a200cc64c84beed1baaea74189e0ffc167f90f4b9540bb6d9e7b19807c0990e1b13738b83d1e2bb4c712396d033db6a7501e6046fff12839 ruby-2.7.1.tar.gz
sha512sums="e80dc16b60149d0d6fedf0ba7b556ae460ff328ee63e9d9e41f5021f67addcc98159cb27bddccaebd6e4b1cddf29266f1c01c32d9ec8bb665aed63c0a2295f2f ruby-2.7.2.tar.gz
cfdc5ea3b2e2ea69c51f38e8e2180cb1dc27008ca55cc6301f142ebafdbab31c3379b3b6bba9ff543153876dd98ed2ad194df3255b7ea77a62e931c935f80538 rubygems-avoid-platform-specific-gems.patch
814fe6359505b70d8ff680adf22f20a74b4dbd3fecc9a63a6c2456ee9824257815929917b6df5394ed069a6869511b8c6dce5b95b4acbbb7867c1f3a975a0150 test_insns-lower-recursion-depth.patch
8d730f02f76e53799f1c220eb23e3d2305940bb31216a7ab1e42d3256149c0721c7d173cdbfe505023b1af2f5cb3faa233dcc1b5d560fa8f980c17c2d29a9d81 fix-get_main_stack.patch
a67813d7aa3553ed336f04b17461c5129546afb71a2a7cca6d1b1c860f8dd5839ca2f7695c971369f295aced3580687a28881ccd6c305f6dbdfe6b0ecf584d0e openssl-config-support-include-directive.patch
eaee5cd1b11506df5d28d6ac909b0eae55d88e7fbb471a0cee1be7293934980a36616603a5bcb5cf8bf8518e5f313e2bba566c52bd57afe62505c8e02b0a7b87 arm-coroutines.patch"
0300bd6f596db73603e9bf1b1ccbc09da27dc2082aa00ef6cecef474809bb91248739375c405e43819e86b0c8cee8dedefdad102478082eba011bdc795e657c7 arm-coroutines.patch"
......@@ -35,35 +35,6 @@ Subject: [PATCH 2/3] Patch assembly so that it aligns properly
coroutine/arm32/Context.S | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/coroutine/arm32/Context.S b/coroutine/arm32/Context.S
index 195364fb655f..b66db29622a4 100644
--- a/coroutine/arm32/Context.S
+++ b/coroutine/arm32/Context.S
@@ -5,9 +5,13 @@
## Copyright, 2018, by Samuel Williams.
##
+.file "Context.S"
.text
-
.globl coroutine_transfer
+.align 2
+.type coroutine_transfer,%function
+.syntax unified
+
coroutine_transfer:
# Save caller state (8 registers + return address)
push {r4-r11,lr}
From 360904b97e0f1012855cd150a59cc0074cfa7453 Mon Sep 17 00:00:00 2001
From: Paul Jordan <paullj1@gmail.com>
Date: Wed, 1 Apr 2020 02:18:23 +0100
Subject: [PATCH 3/3] Fix helper to not assume glibc
---
test/fiddle/helper.rb | 19 ++++++++++++++++---
1 file changed, 16 insertions(+), 3 deletions(-)
diff --git a/test/fiddle/helper.rb b/test/fiddle/helper.rb
index 348131e4480f..f5c7bd2ca6c7 100644
--- a/test/fiddle/helper.rb
......
From f46bac1f3e8634e24c747d06b28e11b874f1e488 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Thu, 16 Aug 2018 19:40:48 +0900
Subject: [PATCH] config: support .include directive
OpenSSL 1.1.1 introduces a new '.include' directive. Update our config
parser to support that.
As mentioned in the referenced GitHub issue, we should use the OpenSSL
API instead of implementing the parsing logic ourselves, but it will
need backwards-incompatible changes which we can't backport to stable
versions. So continue to use the Ruby implementation for now.
Reference: https://github.com/ruby/openssl/issues/208
Patch-Source: https://src.fedoraproject.org/rpms/ruby/blob/04b63f48ea89ff10fcffafe2ff3815dfa0e16e99/f/ruby-2.6.0-config-support-include-directive.patch
---
ext/openssl/lib/openssl/config.rb | 54 ++++++++++++++++++++-----------
test/openssl/test_config.rb | 54 +++++++++++++++++++++++++++++++
2 files changed, 90 insertions(+), 18 deletions(-)
diff --git a/ext/openssl/lib/openssl/config.rb b/ext/openssl/lib/openssl/config.rb
index 88225451..ba3a54c8 100644
--- a/ext/openssl/lib/openssl/config.rb
+++ b/ext/openssl/lib/openssl/config.rb
@@ -77,29 +77,44 @@ def get_key_string(data, section, key) # :nodoc:
def parse_config_lines(io)
section = 'default'
data = {section => {}}
- while definition = get_definition(io)
+ io_stack = [io]
+ while definition = get_definition(io_stack)
definition = clear_comments(definition)
next if definition.empty?
- if definition[0] == ?[
+ case definition
+ when /\A\[/
if /\[([^\]]*)\]/ =~ definition
section = $1.strip
data[section] ||= {}
else
raise ConfigError, "missing close square bracket"
end
- else
- if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
- if $2
- section = $1
- key = $2
- else
- key = $1
+ when /\A\.include (\s*=\s*)?(.+)\z/
+ path = $2
+ if File.directory?(path)
+ files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB)
+ else
+ files = [path]
+ end
+
+ files.each do |filename|
+ begin
+ io_stack << StringIO.new(File.read(filename))
+ rescue
+ raise ConfigError, "could not include file '%s'" % filename
end
- value = unescape_value(data, section, $3)
- (data[section] ||= {})[key] = value.strip
+ end
+ when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/
+ if $2
+ section = $1
+ key = $2
else
- raise ConfigError, "missing equal sign"
+ key = $1
end
+ value = unescape_value(data, section, $3)
+ (data[section] ||= {})[key] = value.strip
+ else
+ raise ConfigError, "missing equal sign"
end
end
data
@@ -212,10 +227,10 @@ def clear_comments(line)
scanned.join
end
- def get_definition(io)
- if line = get_line(io)
+ def get_definition(io_stack)
+ if line = get_line(io_stack)
while /[^\\]\\\z/ =~ line
- if extra = get_line(io)
+ if extra = get_line(io_stack)
line += extra
else
break
@@ -225,9 +240,12 @@ def get_definition(io)
end
end
- def get_line(io)
- if line = io.gets
- line.gsub(/[\r\n]*/, '')
+ def get_line(io_stack)
+ while io = io_stack.last
+ if line = io.gets
+ return line.gsub(/[\r\n]*/, '')
+ end
+ io_stack.pop
end
end
end
diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb
index 99dcc497..5653b5d0 100644
--- a/test/openssl/test_config.rb
+++ b/test/openssl/test_config.rb
@@ -120,6 +120,49 @@ def test_s_parse_format
assert_equal("error in line 7: missing close square bracket", excn.message)
end
+ def test_s_parse_include
+ in_tmpdir("ossl-config-include-test") do |dir|
+ Dir.mkdir("child")
+ File.write("child/a.conf", <<~__EOC__)
+ [default]
+ file-a = a.conf
+ [sec-a]
+ a = 123
+ __EOC__
+ File.write("child/b.cnf", <<~__EOC__)
+ [default]
+ file-b = b.cnf
+ [sec-b]
+ b = 123
+ __EOC__
+ File.write("include-child.conf", <<~__EOC__)
+ key_outside_section = value_a
+ .include child
+ __EOC__
+
+ include_file = <<~__EOC__
+ [default]
+ file-main = unnamed
+ [sec-main]
+ main = 123
+ .include = include-child.conf
+ __EOC__
+
+ # Include a file by relative path
+ c1 = OpenSSL::Config.parse(include_file)
+ assert_equal(["default", "sec-a", "sec-b", "sec-main"], c1.sections.sort)
+ assert_equal(["file-main", "file-a", "file-b"], c1["default"].keys)
+ assert_equal({"a" => "123"}, c1["sec-a"])
+ assert_equal({"b" => "123"}, c1["sec-b"])
+ assert_equal({"main" => "123", "key_outside_section" => "value_a"}, c1["sec-main"])
+
+ # Relative paths are from the working directory
+ assert_raise(OpenSSL::ConfigError) do
+ Dir.chdir("child") { OpenSSL::Config.parse(include_file) }
+ end
+ end
+ end
+
def test_s_load
# alias of new
c = OpenSSL::Config.load
@@ -299,6 +342,17 @@ def test_clone
@it['newsection'] = {'a' => 'b'}
assert_not_equal(@it.sections.sort, c.sections.sort)
end
+
+ private
+
+ def in_tmpdir(*args)
+ Dir.mktmpdir(*args) do |dir|
+ dir = File.realpath(dir)
+ Dir.chdir(dir) do
+ yield dir
+ end
+ end
+ end
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment