The package rpms/rubygem-puma.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s): https://src.fedoraproject.org/cgit/rpms/rubygem-puma.git/commit/?id=e6b76385....

Change: +%ifarch aarch64 ppc64le s390x

Thanks.

Full change: ============

commit e6b7638510a712aa31d523c8af5627cc087661d3 Author: Jun Aruga jaruga@redhat.com Date: Wed Mar 25 16:53:23 2020 +0100

Update to puma 4.3.3.

- Fix newline characters to insert malicious content (CVE-2020-5247). - Fix carriage return character to insert malicious content (CVE-2020-5249). - Skip a test that needs internet. This test often takes long time on Koji. - Update skipped tests that is unstable on Koji. - Add man page generated using help2man.

diff --git a/rubygem-puma-4.1.0-fix-no-zombie-test.patch b/rubygem-puma-4.1.0-fix-no-zombie-test.patch deleted file mode 100644 index 55a9640..0000000 --- a/rubygem-puma-4.1.0-fix-no-zombie-test.patch +++ /dev/null @@ -1,74 +0,0 @@ -From d9196df80e3d4b71988fdb088b1d2a0d34ede80e Mon Sep 17 00:00:00 2001 -From: Nate Berkopec nate.berkopec@gmail.com -Date: Sat, 17 Aug 2019 12:21:08 +0000 -Subject: [PATCH] Msp greg zombie test fix intermittent (#1915) - -* test_integration.rb - fix intermittent test_no_zombie_children - -even with fix, Ruby 2.2 is still intermittent, skipped - -When run with other parallel tests, previous code would inteermittently return pid's not related to the test. - -* Cleanup + nosleep ---- - test/test_integration.rb | 26 +++++++++++++++++--------- - 1 file changed, 17 insertions(+), 9 deletions(-) - -diff --git a/test/test_integration.rb b/test/test_integration.rb -index fa131424..ae7774d8 100644 ---- a/test/test_integration.rb -+++ b/test/test_integration.rb -@@ -84,17 +84,13 @@ def restart_server_and_listen(argv) - [initial_reply, read_body(connect)] - end - -- def signal(which) -- Process.kill which, @server.pid -- end -- - def wait_booted - @wait.sysread 1 - end - - # reuses an existing connection to make sure that works - def restart_server(server, connection) -- signal :USR2 -+ Process.kill :USR2, @server.pid - - connection.write "GET / HTTP/1.1\r\n\r\n" # trigger it to start by sending a new request - -@@ -377,6 +373,7 @@ def test_not_accepts_new_connections_after_term_signal - - def test_no_zombie_children - skip NO_FORK_MSG unless HAS_FORK -+ skip "Intermittent failure on Ruby 2.2" if RUBY_VERSION < '2.3' - - worker_pids = [] - server = server("-w 2 test/rackup/hello.ru") -@@ -385,11 +382,22 @@ def test_no_zombie_children - next unless line = server.gets.match(/pid: (\d+)/) - worker_pids << line.captures.first.to_i - end -+ - # Signal the workers to terminate, and wait for them to die. -- worker_pids.each { |pid| Process.kill :TERM, pid } -- sleep 2 -+ Process.kill :TERM, @server.pid -+ Process.wait @server.pid -+ @server = nil # prevent `#teardown` from killing already killed server - -- # Should return nil if Puma has correctly cleaned up -- assert_nil Process.waitpid(-1, Process::WNOHANG) -+ # Check if the worker processes remain in the process table. -+ # Process.kill should raise the Errno::ESRCH exception, -+ # indicating the process is dead and has been reaped. -+ zombies = worker_pids.map do |pid| -+ begin -+ pid if Process.kill 0, pid -+ rescue Errno::ESRCH -+ nil -+ end -+ end.compact -+ assert_empty zombies, "Process ids #{zombies} became zombies" - end - end diff --git a/rubygem-puma.spec b/rubygem-puma.spec index 15e961d..0794c00 100644 --- a/rubygem-puma.spec +++ b/rubygem-puma.spec @@ -1,28 +1,29 @@ # Generated from puma-3.6.0.gem by gem2rpm -*- rpm-spec -*- %global gem_name puma

+# Current Ragel version does not support Ruby. +# https://github.com/whitequark/parser/issues/317 +# https://github.com/puma/puma/issues/2207 %bcond_with ragel +%bcond_without help2man

Name: rubygem-%{gem_name} -Version: 4.1.0 -Release: 3%{?dist} +Version: 4.3.3 +Release: 1%{?dist} Summary: A simple, fast, threaded, and highly concurrent HTTP 1.1 server License: BSD URL: http://puma.io Source0: https://rubygems.org/gems/%%7Bgem_name%7D-%%7Bversion%7D.gem # The puma gem doesn't ship with the test suite. -# git clone https://github.com/puma/puma.git && cd puma -# git checkout v4.1.0 && tar czvf puma-4.1.0-tests.tgz test/ -Source1: %{gem_name}-%{version}-tests.tgz +# git clone https://github.com/puma/puma --no-checkout +# cd puma && git archive -v -o puma-4.3.3-tests.txz v4.3.3 test +Source1: %{gem_name}-%{version}-tests.txz # The puma gem doesn't ship with the examples used in test suite. -# tar czvf puma-4.1.0-examples.tgz examples/ -Source3: %{gem_name}-%{version}-examples.tgz +# git archive -v -o puma-4.3.3-examples.txz v4.3.3 examples +Source3: %{gem_name}-%{version}-examples.txz # Set the default cipher list "PROFILE=SYSTEM". # https://fedoraproject.org/wiki/Packaging:CryptoPolicies Patch2: rubygem-puma-3.6.0-fedora-crypto-policy-cipher-list.patch -# Fix test_no_zombie_children test -# https://github.com/puma/puma/pull/1915 -Patch3: rubygem-puma-4.1.0-fix-no-zombie-test.patch

BuildRequires: openssl-devel BuildRequires: ruby(release) @@ -36,6 +37,9 @@ BuildRequires: rubygem(nio4r) %if %{with ragel} BuildRequires: %{_bindir}/ragel %endif +%if %{with help2man} +BuildRequires: help2man +%endif # Compiler is required for build of gem binary extension. # https://fedoraproject.org/wiki/Packaging:C_and_C++#BuildRequires_and_Require... BuildRequires: gcc @@ -95,39 +99,55 @@ find %{buildroot}%{gem_instdir}/bin -type f | xargs chmod a+x find %{buildroot}%{gem_instdir}/bin -type f | \ xargs sed -i 's|^#!/usr/bin/env ruby$|#!/usr/bin/ruby|'

+%if %{with help2man} +# Turn `puma --help` into man page. +export GEM_PATH="%{gem_dir}:%{buildroot}/usr/share/gems/gems" +mkdir -p %{buildroot}%{_mandir}/man1 +help2man --no-discard-stderr -N -s1 -o %{buildroot}%{_mandir}/man1/%{name}.1 \ + %{buildroot}/usr/share/gems/gems/%{gem_name}-%{version}/bin/%{gem_name} +%endif + + # Run the test suite %check pushd .%{gem_instdir} ln -s %{_builddir}/test . ln -s %{_builddir}/examples .

-pushd test -cat %{PATCH3} | patch -p2 -popd - # We do not ship minitest-retry or minitest-proveit. sed -i -e "/require..minitest/(retry|proveit)./ s/^/#/" test/helper.rb sed -i "/Minitest::Retry/ s/^/#/" test/helper.rb sed -i '/prove_it!/ s/^/#/' test/helper.rb

-# Skip unstable tests. +# Increase timeout seconds to avoid the timeout for every test case on Koji. +sed -i '/::Timeout.timeout/ s/60/600/' test/helper.rb + +# Skip an unstable test on Koji. +# TestCLI#test_control failing with "pool_capacity": 0 +# https://github.com/puma/puma/issues/2212 +%ifarch aarch64 ppc64le s390x +sed -i '/^ def test_control$/,/^ end$/ s/^/#/' test/test_cli.rb +%endif + +# Skip a test that needs internet. +# This test often takes long time on Koji. sed -i '/^ def test_timeout_in_data_phase$/a\ - skip "Unstable test"' test/test_puma_server.rb -# https://github.com/puma/puma/issues/1615 -sed -i '/^ def test_control_url$/a\ - skip "Unstable test"' test/test_pumactl.rb -sed -i '/^ def test_bad_client/ a\ - skip "Unstable test"' test/test_web_server.rb - -# Not sure how to enable SSLv3 on client side, which is by default disabled -# on Fedora, to test the server :/ -sed -i '/^ def test_ssl_v3_rejection$/a\ + skip' test/test_puma_server.rb + +# Skip a randomly failed SSL test. +# Errno::ECONNRESET: Connection reset by peer +# /usr/share/ruby/openssl/buffering.rb:182:in `sysread_nonblock' +# /usr/share/ruby/openssl/buffering.rb:182:in `read_nonblock' +sed -i '/^ def test_verify_fail_if_client_unknown_ca$/a\ skip' test/test_puma_server_ssl.rb

-# Clustered server is not terminated properly for some reason. -# https://github.com/puma/puma/issues/1720 -sed -i '/^ def test_term_signal_exit_code_in_clustered_mode$/a\ - skip "Clustered server does not stop properly"' test/test_integration.rb +# Skip unstable tests on Koji. +# test_integration_cluster.rb: not expected replies +# https://github.com/puma/puma/issues/2209 +sed -i '/^ def test_term_closes_listeners_/a\ + skip' test/test_integration_cluster.rb +sed -i '/^ def test_usr1_all_respond_/a\ + skip' test/test_integration_cluster.rb

# Make binary exension available in Ruby load path. # Enable verbose mode to check unstable tests easily. @@ -157,8 +177,16 @@ popd %doc %{gem_instdir}/README.md %doc %{gem_instdir}/docs %{gem_instdir}/tools +%if %{with help2man} +%{_mandir}/man1/%{name}.1* +%endif

%changelog +* Tue Mar 31 2020 Jun Aruga jaruga@redhat.com - 4.3.3-1 +- Update to puma 4.3.3. +- Fix newline characters to insert malicious content (CVE-2020-5247). +- Fix carriage return character to insert malicious content (CVE-2020-5249). + * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 4.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

diff --git a/sources b/sources index 8b02e3a..1e4ec9a 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (puma-4.1.0.gem) = 57aa55ad5cdecca4a44df44f1b50143e84306b907bf85ca32939c54acfcc3939beb29fe8e4a459c5dc7cd03fc0db1c95d31ed822cb0b1407ad924f5f627e84a8 -SHA512 (puma-4.1.0-tests.tgz) = 14d45e6c0cdddc249c742b551ebd05559c02dfaf73fb9b79bcb3f125435161f4a356b7026e00f38575ba23a9053ef142e156c083374afcc29f8744c8a4331755 -SHA512 (puma-4.1.0-examples.tgz) = 732cb35ccce872fbe438be229cf6dc712074996d88241ef77bf95a691e4b0db4bef787b7565cb6db440eaf616acd8ec5daaf54191a3324a941054189b234c102 +SHA512 (puma-4.3.3-examples.txz) = b3a3ff564c41a2d9d8793aa1657a6fce77b932a9cf168ea41c3dcf00f72221be36697a8087e0173d425bbbaf1197081d28ddc9ba4a835e13a3bf379c90de1bf7 +SHA512 (puma-4.3.3-tests.txz) = 705ca3e26fc0475558cc6ee0e8004c534f2d2b79f7902aad05c71b6101f206fcf683e0d5d957d84aa3a12f452cd252849cfd2b2a4c59b28a8f8c1f79cc05c0fe +SHA512 (puma-4.3.3.gem) = 12d6cfd483f6c10f61ab1480e15ad32bbb878f451a9cf1b5e07f54b41608ff265f5963c018c6b73b247dd58fda4c2f47bba1975e8e61df37cb788280fbb4ed0e