diff --git a/CVE-2022-44566.patch b/CVE-2022-44566.patch deleted file mode 100644 index 39c77ee..0000000 --- a/CVE-2022-44566.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 82bcdc011e2ff674e7dd8fd8cee3a831c908d29b Mon Sep 17 00:00:00 2001 -From: Zack Deveau -Date: Mon, 21 Nov 2022 17:11:31 -0500 -Subject: [PATCH] Added integer width check to PostgreSQL::Quoting - -Given a value outside the range for a 64bit signed integer type -PostgreSQL will treat the column type as numeric. -Comparing integer values against numeric values can result -in a slow sequential scan. - -This behavior is configurable via -ActiveRecord.raise_int_wider_than_64bit which defaults to true. - -[CVE-2022-44566] ---- - activerecord-7.0.4/lib/active_record.rb | 8 ++++++ - .../connection_adapters/postgresql/quoting.rb | 26 +++++++++++++++++ - .../cases/adapters/postgresql/quoting_test.rb | 28 +++++++++++++++++++ - 3 files changed, 85 insertions(+) - -diff --git a/activerecord-7.0.4/lib/active_record.rb b/activerecord-7.0.4/lib/active_record.rb -index d553fe5c7c..4f6e5493e7 100644 ---- a/activerecord-7.0.4/lib/active_record.rb -+++ b/activerecord-7.0.4/lib/active_record.rb -@@ -347,6 +347,14 @@ def self.global_executor_concurrency # :nodoc: - singleton_class.attr_accessor :use_yaml_unsafe_load - self.use_yaml_unsafe_load = false - -+ ## -+ # :singleton-method: -+ # Application configurable boolean that denotes whether or not to raise -+ # an exception when the PostgreSQLAdapter is provided with an integer that -+ # is wider than signed 64bit representation -+ singleton_class.attr_accessor :raise_int_wider_than_64bit -+ self.raise_int_wider_than_64bit = true -+ - ## - # :singleton-method: - # Application configurable array that provides additional permitted classes -diff --git a/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb b/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb -index 0d1cd8b02d..d5591dbe00 100644 ---- a/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb -+++ b/activerecord-7.0.4/lib/active_record/connection_adapters/postgresql/quoting.rb -@@ -4,6 +4,12 @@ - module ConnectionAdapters - module PostgreSQL - module Quoting -+ class IntegerOutOf64BitRange < StandardError -+ def initialize(msg) -+ super(msg) -+ end -+ end -+ - # Escapes binary strings for bytea input to the database. - def escape_bytea(value) - @connection.escape_bytea(value) if value -@@ -16,7 +22,27 @@ def unescape_bytea(value) - @connection.unescape_bytea(value) if value - end - -+ def check_int_in_range(value) -+ if value.to_int > 9223372036854775807 || value.to_int < -9223372036854775808 -+ exception = <<~ERROR -+ Provided value outside of the range of a signed 64bit integer. -+ -+ PostgreSQL will treat the column type in question as a numeric. -+ This may result in a slow sequential scan due to a comparison -+ being performed between an integer or bigint value and a numeric value. -+ -+ To allow for this potentially unwanted behavior, set -+ ActiveRecord.raise_int_wider_than_64bit to false. -+ ERROR -+ raise IntegerOutOf64BitRange.new exception -+ end -+ end -+ - def quote(value) # :nodoc: -+ if ActiveRecord.raise_int_wider_than_64bit && value.is_a?(Integer) -+ check_int_in_range(value) -+ end -+ - case value - when OID::Xml::Data - "xml '#{quote_string(value.to_s)}'" -diff --git a/test/cases/adapters/postgresql/quoting_test.rb b/test/cases/adapters/postgresql/quoting_test.rb -index d571355a9c..7e01defd96 100644 ---- a/test/cases/adapters/postgresql/quoting_test.rb -+++ b/test/cases/adapters/postgresql/quoting_test.rb -@@ -8,6 +8,7 @@ - class QuotingTest < ActiveRecord::PostgreSQLTestCase - def setup - @conn = ActiveRecord::Base.connection -+ @raise_int_wider_than_64bit = ActiveRecord.raise_int_wider_than_64bit - end - - def test_type_cast_true -@@ -44,6 +45,33 @@ def test_quote_table_name_with_spaces - value = "user posts" - assert_equal "\"user posts\"", @conn.quote_table_name(value) - end -+ -+ def test_raise_when_int_is_wider_than_64bit -+ value = 9223372036854775807 + 1 -+ assert_raise ActiveRecord::ConnectionAdapters::PostgreSQL::Quoting::IntegerOutOf64BitRange do -+ @conn.quote(value) -+ end -+ -+ value = -9223372036854775808 - 1 -+ assert_raise ActiveRecord::ConnectionAdapters::PostgreSQL::Quoting::IntegerOutOf64BitRange do -+ @conn.quote(value) -+ end -+ end -+ -+ def test_do_not_raise_when_int_is_not_wider_than_64bit -+ value = 9223372036854775807 -+ assert_equal "9223372036854775807", @conn.quote(value) -+ -+ value = -9223372036854775808 -+ assert_equal "-9223372036854775808", @conn.quote(value) -+ end -+ -+ def test_do_not_raise_when_raise_int_wider_than_64bit_is_false -+ ActiveRecord.raise_int_wider_than_64bit = false -+ value = 9223372036854775807 + 1 -+ assert_equal "9223372036854775808", @conn.quote(value) -+ ActiveRecord.raise_int_wider_than_64bit = @raise_int_wider_than_64bit -+ end - end - end - end --- -2.35.1 - diff --git a/CVE-2023-22794.patch b/CVE-2023-22794.patch deleted file mode 100644 index e0fca48..0000000 --- a/CVE-2023-22794.patch +++ /dev/null @@ -1,171 +0,0 @@ -From d7aba06953f9fa789c411676b941d20df8ef73de Mon Sep 17 00:00:00 2001 -From: John Hawthorn -Date: Tue, 6 Sep 2022 15:49:26 -0700 -Subject: [PATCH] Make sanitize_as_sql_comment more strict - -Though this method was likely never meant to take user input, it was -attempting sanitization. That sanitization could be bypassed with -carefully crafted input. - -This commit makes the sanitization more robust by replacing any -occurrances of "/*" or "*/" with "/ *" or "* /". It also performs a -first pass to remove one surrounding comment to avoid compatibility -issues for users relying on the existing removal. - -This also clarifies in the documentation of annotate that it should not -be provided user input. - -[CVE-2023-22794] ---- - .../connection_adapters/abstract/quoting.rb | 11 ++++++++++- - activerecord-7.0.4/lib/active_record/query_logs.rb | 13 ++++++++++++- - .../lib/active_record/relation/query_methods.rb | 2 ++ - activerecord-7.0.4/test/cases/annotate_test.rb | 11 ++++++++--- - activerecord-7.0.4/test/cases/query_logs_test.rb | 5 +++-- - activerecord-7.0.4/test/cases/relation_test.rb | 10 +++------- - 6 files changed, 38 insertions(+), 14 deletions(-) - -diff --git a/activerecord-7.0.4/lib/active_record/connection_adapters/abstract/quoting.rb b/activerecord-7.0.4/lib/active_record/connection_adapters/abstract/quoting.rb -index dda3145bdd..3b7819eb56 100644 ---- a/activerecord-7.0.4/lib/active_record/connection_adapters/abstract/quoting.rb -+++ b/activerecord-7.0.4/lib/active_record/connection_adapters/abstract/quoting.rb -@@ -146,7 +146,16 @@ def quoted_binary(value) # :nodoc: - end - - def sanitize_as_sql_comment(value) # :nodoc: -- value.to_s.gsub(%r{ (/ (?: | \g<1>) \*) \+? \s* | \s* (\* (?: | \g<2>) /) }x, "") -+ # Sanitize a string to appear within a SQL comment -+ # For compatibility, this also surrounding "/*+", "/*", and "*/" -+ # charcacters, possibly with single surrounding space. -+ # Then follows that by replacing any internal "*/" or "/ *" with -+ # "* /" or "/ *" -+ comment = value.to_s.dup -+ comment.gsub!(%r{\A\s*/\*\+?\s?|\s?\*/\s*\Z}, "") -+ comment.gsub!("*/", "* /") -+ comment.gsub!("/*", "/ *") -+ comment - end - - def column_name_matcher # :nodoc: -diff --git a/activerecord-7.0.4/lib/active_record/query_logs.rb b/activerecord-7.0.4/lib/active_record/query_logs.rb -index f116a154dd..2fd6ca3640 100644 ---- a/activerecord-7.0.4/lib/active_record/query_logs.rb -+++ b/activerecord-7.0.4/lib/active_record/query_logs.rb -@@ -33,6 +33,8 @@ - # want to add to the comment. Dynamic content can be created by setting a proc or lambda value in a hash, - # and can reference any value stored in the +context+ object. - # -+ # Escaping is performed on the string returned, however untrusted user input should not be used. -+ # - # Example: - # - # tags = [ -@@ -109,7 +111,16 @@ def uncached_comment - end - - def escape_sql_comment(content) -- content.to_s.gsub(%r{ (/ (?: | \g<1>) \*) \+? \s* | \s* (\* (?: | \g<2>) /) }x, "") -+ # Sanitize a string to appear within a SQL comment -+ # For compatibility, this also surrounding "/*+", "/*", and "*/" -+ # charcacters, possibly with single surrounding space. -+ # Then follows that by replacing any internal "*/" or "/ *" with -+ # "* /" or "/ *" -+ comment = content.to_s.dup -+ comment.gsub!(%r{\A\s*/\*\+?\s?|\s?\*/\s*\Z}, "") -+ comment.gsub!("*/", "* /") -+ comment.gsub!("/*", "/ *") -+ comment - end - - def tag_content -diff --git a/activerecord-7.0.4/lib/active_record/relation/query_methods.rb b/activerecord-7.0.4/lib/active_record/relation/query_methods.rb -index 25136331f9..cf7c524291 100644 ---- a/activerecord-7.0.4/lib/active_record/relation/query_methods.rb -+++ b/activerecord-7.0.4/lib/active_record/relation/query_methods.rb -@@ -1216,6 +1216,8 @@ def skip_preloading! # :nodoc: - # # SELECT "users"."name" FROM "users" /* selecting */ /* user */ /* names */ - # - # The SQL block comment delimiters, "/*" and "*/", will be added automatically. -+ # -+ # Some escaping is performed, however untrusted user input should not be used. - def annotate(*args) - check_if_method_has_arguments!(__callee__, args) - spawn.annotate!(*args) -diff --git a/test/cases/annotate_test.rb b/test/cases/annotate_test.rb -index b0802ca559..ed1d846178 100644 ---- a/test/cases/annotate_test.rb -+++ b/test/cases/annotate_test.rb -@@ -18,17 +18,22 @@ def test_annotate_wraps_content_in_an_inline_comment - def test_annotate_is_sanitized - quoted_posts_id, quoted_posts = regexp_escape_table_name("posts.id"), regexp_escape_table_name("posts") - -- assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* foo \*/}i) do -+ assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* \* /foo/ \* \*/}i) do - posts = Post.select(:id).annotate("*/foo/*") - assert posts.first - end - -- assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* foo \*/}i) do -+ assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* \*\* //foo// \*\* \*/}i) do - posts = Post.select(:id).annotate("**//foo//**") - assert posts.first - end - -- assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* foo \*/ /\* bar \*/}i) do -+ assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* \* \* //foo// \* \* \*/}i) do -+ posts = Post.select(:id).annotate("* *//foo//* *") -+ assert posts.first -+ end -+ -+ assert_sql(%r{SELECT #{quoted_posts_id} FROM #{quoted_posts} /\* \* /foo/ \* \*/ /\* \* /bar \*/}i) do - posts = Post.select(:id).annotate("*/foo/*").annotate("*/bar") - assert posts.first - end -diff --git a/test/cases/query_logs_test.rb b/test/cases/query_logs_test.rb -index 05207f17e3..09ca530417 100644 ---- a/test/cases/query_logs_test.rb -+++ b/test/cases/query_logs_test.rb -@@ -42,8 +42,9 @@ def test_escaping_good_comment - end - - def test_escaping_bad_comments -- assert_equal "; DROP TABLE USERS;", ActiveRecord::QueryLogs.send(:escape_sql_comment, "*/; DROP TABLE USERS;/*") -- assert_equal "; DROP TABLE USERS;", ActiveRecord::QueryLogs.send(:escape_sql_comment, "**//; DROP TABLE USERS;/*") -+ assert_equal "* /; DROP TABLE USERS;/ *", ActiveRecord::QueryLogs.send(:escape_sql_comment, "*/; DROP TABLE USERS;/*") -+ assert_equal "** //; DROP TABLE USERS;/ *", ActiveRecord::QueryLogs.send(:escape_sql_comment, "**//; DROP TABLE USERS;/*") -+ assert_equal "* * //; DROP TABLE USERS;// * *", ActiveRecord::QueryLogs.send(:escape_sql_comment, "* *//; DROP TABLE USERS;//* *") - end - - def test_basic_commenting -diff --git a/test/cases/relation_test.rb b/test/cases/relation_test.rb -index 1da95bd3ae..0aed326678 100644 ---- a/test/cases/relation_test.rb -+++ b/test/cases/relation_test.rb -@@ -345,7 +345,7 @@ def test_relation_with_annotation_chains_sql_comments - - def test_relation_with_annotation_filters_sql_comment_delimiters - post_with_annotation = Post.where(id: 1).annotate("**//foo//**") -- assert_match %r{= 1 /\* foo \*/}, post_with_annotation.to_sql -+ assert_includes post_with_annotation.to_sql, "= 1 /* ** //foo// ** */" - end - - def test_relation_with_annotation_includes_comment_in_count_query -@@ -367,13 +367,9 @@ def test_relation_without_annotation_does_not_include_an_empty_comment - - def test_relation_with_optimizer_hints_filters_sql_comment_delimiters - post_with_hint = Post.where(id: 1).optimizer_hints("**//BADHINT//**") -- assert_match %r{BADHINT}, post_with_hint.to_sql -- assert_no_match %r{\*/BADHINT}, post_with_hint.to_sql -- assert_no_match %r{\*//BADHINT}, post_with_hint.to_sql -- assert_no_match %r{BADHINT/\*}, post_with_hint.to_sql -- assert_no_match %r{BADHINT//\*}, post_with_hint.to_sql -+ assert_includes post_with_hint.to_sql, "/*+ ** //BADHINT// ** */" - post_with_hint = Post.where(id: 1).optimizer_hints("/*+ BADHINT */") -- assert_match %r{/\*\+ BADHINT \*/}, post_with_hint.to_sql -+ assert_includes post_with_hint.to_sql, "/*+ BADHINT */" - end - - def test_does_not_duplicate_optimizer_hints_on_merge --- -2.35.1 - diff --git a/activerecord-7.0.4.gem b/activerecord-7.0.4.gem deleted file mode 100644 index 5fc11d7..0000000 Binary files a/activerecord-7.0.4.gem and /dev/null differ diff --git a/activerecord-7.0.4-tests.txz b/activerecord-7.0.7-tests.txz similarity index 97% rename from activerecord-7.0.4-tests.txz rename to activerecord-7.0.7-tests.txz index 18051cb..c19c4ac 100644 Binary files a/activerecord-7.0.4-tests.txz and b/activerecord-7.0.7-tests.txz differ diff --git a/activerecord-7.0.7.gem b/activerecord-7.0.7.gem new file mode 100644 index 0000000..423e377 Binary files /dev/null and b/activerecord-7.0.7.gem differ diff --git a/rails-7.0.4-tools.txz b/rails-7.0.7-tools.txz similarity index 97% rename from rails-7.0.4-tools.txz rename to rails-7.0.7-tools.txz index a34575f..842cffc 100644 Binary files a/rails-7.0.4-tools.txz and b/rails-7.0.7-tools.txz differ diff --git a/rubygem-activerecord-7.0.2.3-Fix-assert_called_with-with-empty-args-array.patch b/rubygem-activerecord-7.0.2.3-Fix-assert_called_with-with-empty-args-array.patch deleted file mode 100644 index ff095ff..0000000 --- a/rubygem-activerecord-7.0.2.3-Fix-assert_called_with-with-empty-args-array.patch +++ /dev/null @@ -1,49 +0,0 @@ -From d536ffd591d6a2363aaa1ad140f7b450e2e67ac6 Mon Sep 17 00:00:00 2001 -From: Jess Bees -Date: Fri, 29 Oct 2021 15:02:04 -0400 -Subject: [PATCH] Raise an exception when using unrecognized options in - change_table block - -In a database migration, the expressions `add_column`, `remove_index`, -etc. accept as keyword options `if_exists: true`/`if_not_exists: true` -which will skip that table alteration if the column or index does or -does not already exist. - -This might lead some to think that within a change_table block, -``` -change_table(:table) do |t| - t.column :new_column, if_not_exists: true - t.remove_index :old_column, if_exists: true -end -``` -also works, but it doesn't. Or rather, it is silently ignored when -change_table is called with `bulk: true`, and it works accidentally -otherwise. - -This commit raises an exception when these options are used in a -change_table block, which suggests the similar syntax: -`t.column :new_column unless t.column_exists?(:new_column)`. This -suggestion is already made in the documentation to -`ActiveRecord::ConnectionAdapters::Table`. -https://api.rubyonrails.org/classes/ActiveRecord/ConnectionAdapters/Table.html#method-i-column_exists-3F - -Do not raise these new exceptions on migrations before 7.0 ---- - .../abstract/schema_definitions.rb | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb b/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb -index eccb49adb91d8..e88d1637f68c7 100644 ---- a/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb -+++ b/activerecord/lib/active_record/connection_adapters/abstract/schema_definitions.rb -@@ -657,8 +659,8 @@ def index(column_name, **options) - # end - # - # See {connection.index_exists?}[rdoc-ref:SchemaStatements#index_exists?] -- def index_exists?(column_name, options = {}) -- @base.index_exists?(name, column_name, options) -+ def index_exists?(column_name, **options) -+ @base.index_exists?(name, column_name, **options) - end - - # Renames the given index on the table. diff --git a/rubygem-activerecord-7.0.2.3-Fix-tests-for-minitest-5.16.patch b/rubygem-activerecord-7.0.2.3-Fix-tests-for-minitest-5.16.patch index 7fc41aa..eb1658a 100644 --- a/rubygem-activerecord-7.0.2.3-Fix-tests-for-minitest-5.16.patch +++ b/rubygem-activerecord-7.0.2.3-Fix-tests-for-minitest-5.16.patch @@ -35,7 +35,7 @@ diff --git a/activerecord/test/cases/fixtures_test.rb b/activerecord/test/cases/ index 0267da5116bdd..772f421f2c852 100644 --- a/activerecord/test/cases/fixtures_test.rb +++ b/activerecord/test/cases/fixtures_test.rb -@@ -996,7 +996,7 @@ def rollback_transaction(*args); end +@@ -997,7 +997,7 @@ def rollback_transaction(*args); end def lock_thread=(lock_thread); end end.new @@ -44,7 +44,7 @@ index 0267da5116bdd..772f421f2c852 100644 fire_connection_notification(connection) end end -@@ -1036,14 +1036,14 @@ def rollback_transaction(*args); end +@@ -1037,14 +1037,14 @@ def rollback_transaction(*args); end def lock_thread=(lock_thread); end end.new @@ -237,7 +237,7 @@ index 5cf6493e52ba2..620319b38655c 100644 t.xml :foo, :bar end end -@@ -152,120 +166,120 @@ def test_remove_exclusion_constraint_removes_exclusion_constraint +@@ -166,120 +166,120 @@ module ActiveRecord def test_column_creates_column with_change_table do |t| @@ -283,7 +283,7 @@ index 5cf6493e52ba2..620319b38655c 100644 def test_index_exists with_change_table do |t| -- @connection.expect :index_exists?, nil, [:delete_me, :bar, {}] +- @connection.expect :index_exists?, nil, [:delete_me, :bar] + expect :index_exists?, nil, [:delete_me, :bar] t.index_exists?(:bar) end diff --git a/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method-tests.patch b/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method-tests.patch index 43b38c9..b986d87 100644 --- a/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method-tests.patch +++ b/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method-tests.patch @@ -3,10 +3,10 @@ From: Nicolas Iragorri Dominguez Date: Tue, 27 Dec 2022 01:24:19 +0100 Subject: [PATCH] [issue-46741] remove `require pathname` from `drop` method - + --- .../test/cases/tasks/sqlite_rake_test.rb | 42 +++++++------------ - + diff --git a/activerecord/test/cases/tasks/sqlite_rake_test.rb b/activerecord/test/cases/tasks/sqlite_rake_test.rb index 98257867aa773..9b534b88220bd 100644 --- a/activerecord/test/cases/tasks/sqlite_rake_test.rb diff --git a/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method.patch b/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method.patch index ac02f64..13e6c94 100644 --- a/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method.patch +++ b/rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method.patch @@ -11,7 +11,7 @@ diff --git a/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb b/act index d920d874ef308..fdfa299fa0e8c 100644 --- a/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb +++ b/activerecord/lib/active_record/tasks/sqlite_database_tasks.rb -@@ -22,10 +22,8 @@ +@@ -22,10 +22,8 @@ def create end def drop diff --git a/rubygem-activerecord.spec b/rubygem-activerecord.spec index a8116af..5fdcb47 100644 --- a/rubygem-activerecord.spec +++ b/rubygem-activerecord.spec @@ -1,8 +1,8 @@ %global gem_name activerecord Name: rubygem-%{gem_name} Epoch: 1 -Version: 7.0.4 -Release: 3 +Version: 7.0.7 +Release: 1 Summary: Object-relational mapper framework (part of Rails) License: MIT URL: http://rubyonrails.org @@ -10,24 +10,20 @@ Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem # The gem doesn't ship with the test suite. # You may check it out like so # git clone http://github.com/rails/rails.git -# cd rails/activerecord && git archive -v -o activerecord-7.0.4-tests.txz v7.0.4 test/ +# cd rails/activerecord && git archive -v -o activerecord-7.0.7-tests.txz v7.0.7 test/ Source1: activerecord-%{version}-tests.txz # The tools are needed for the test suite, are however unpackaged in gem file. # You may check it out like so # git clone http://github.com/rails/rails.git --no-checkout -# cd rails && git archive -v -o rails-7.0.4-tools.txz v7.0.4 tools/ +# cd rails && git archive -v -o rails-7.0.7-tools.txz v7.0.7 tools/ Source2: rails-%{version}-tools.txz # Fixes for Minitest 5.16+ -# https://github.com/rails/rails/pull/43807 -Patch0: rubygem-activerecord-7.0.2.3-Fix-assert_called_with-with-empty-args-array.patch # https://github.com/rails/rails/pull/45380 Patch1: rubygem-activerecord-7.0.2.3-Remove-the-multi-call-form-of-assert_called_with.patch # https://github.com/rails/rails/pull/45370 Patch2: rubygem-activerecord-7.0.2.3-Fix-tests-for-minitest-5.16.patch -Patch3: CVE-2022-44566.patch -Patch4: CVE-2023-22794.patch -Patch5: rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method.patch -Patch6: rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method-tests.patch +Patch3: rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method.patch +Patch4: rubygem-activerecord-7.0.4-remove-require-pathname-from-drop-method-tests.patch Suggests: %{_bindir}/sqlite3 BuildRequires: rubygems-devel rubygem(bcrypt) rubygem(activesupport) = %{version} @@ -51,15 +47,12 @@ Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version} -b1 -b2 -%patch0 -p2 -%patch5 -p2 - +%patch 3 -p2 + pushd %{_builddir} -%patch1 -p2 -%patch2 -p2 -%patch3 -p1 -%patch4 -p1 -%patch6 -p2 +%patch 1 -p2 +%patch 2 -p2 +%patch 4 -p2 popd %build gem build ../%{gem_name}-%{version}.gemspec @@ -112,6 +105,9 @@ popd %{gem_instdir}/examples %changelog +* Fri Aug 18 2023 liyanan - 1:7.0.7-1 +- Upgrade to version 7.0.7 + * Mon Aug 14 2023 liyanan - 1:7.0.4-3 - fix build error