!13 upgrade 6.1.4.1

From: @lyn1001 Reviewed-by: @small_leek Signed-off-by: @small_leek
2022-03-31 01:31:47 +00:00 · 2022-03-31 01:31:47 +00:00 · e33bc1f06b
commit e33bc1f06b
parent 4b2f06d67d 4a6c682804
8 changed files with 25 additions and 92 deletions
--- a/CVE-2021-22880-1.patch
+++ b/CVE-2021-22880-1.patch
@ -1,35 +0,0 @@
-From 63e8026805ae9e78ef44efd72e07aeca5c2244fe Mon Sep 17 00:00:00 2001
-From: wang_yue111 <648774160@qq.com>
-Date: Mon, 15 Mar 2021 11:14:45 +0800
-Subject: [PATCH] Fix possible DoS vector in PostgreSQL money type
-
-Carefully crafted input can cause a DoS via the regular expressions used
-for validating the money format in the PostgreSQL adapter.  This patch
-fixes the regexp.
-
-Thanks to @dee-see from Hackerone for this patch!
-
-[CVE-2021-22880]
---
- lib/active_record/connection_adapters/postgresql/oid/money.rb | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/active_record/connection_adapters/postgresql/oid/money.rb b/lib/active_record/connection_adapters/postgresql/oid/money.rb
-index 6434377..3703e9a 100644
--- a/lib/active_record/connection_adapters/postgresql/oid/money.rb
-+++ b/lib/active_record/connection_adapters/postgresql/oid/money.rb
-@@ -26,9 +26,9 @@ module ActiveRecord
- 
-             value = value.sub(/^\((.+)\)$/, '-\1') # (4)
-             case value
-            when /^-?\D+[\d,]+\.\d{2}$/  # (1)
-+            when /^-?\D*+[\d,]+\.\d{2}$/  # (1)
-               value.gsub!(/[^-\d.]/, "")
-            when /^-?\D+[\d.]+,\d{2}$/  # (2)
-+            when /^-?\D*+[\d.]+,\d{2}$/  # (2)
-               value.gsub!(/[^-\d,]/, "").sub!(/,/, ".")
-             end
- 
-- 
-2.23.0
-
--- a/CVE-2021-22880-2.patch
+++ b/CVE-2021-22880-2.patch
@ -1,31 +0,0 @@
-From 13b0efd97b9ec1b755d011ea2d0eceee70c5ae37 Mon Sep 17 00:00:00 2001
-From: wang_yue111 <648774160@qq.com>
-Date: Tue, 16 Mar 2021 10:46:45 +0800
-Subject: [PATCH] test CVE-2021-22880
-
---
- .../test/cases/adapters/postgresql/money_test.rb          | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb b/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb
-index 61e75e7..cb31413 100644
--- a/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb
-+++ b/rails-5.2.4.4/activerecord/test/cases/adapters/postgresql/money_test.rb
-@@ -58,6 +58,14 @@ def test_money_type_cast
-     assert_equal(-2.25, type.cast("($2.25)".dup))
-   end
- 
-+  def test_money_regex_backtracking
-+    type = PostgresqlMoney.type_for_attribute("wealth")
-+    Timeout.timeout(0.1) do
-+      assert_equal(0.0, type.cast("$" + "," * 100000 + ".11!"))
-+      assert_equal(0.0, type.cast("$" + "." * 100000 + ",11!"))
-+    end
-+  end
-+
-   def test_schema_dumping
-     output = dump_table_schema("postgresql_moneys")
-     assert_match %r{t\.money\s+"wealth",\s+scale: 2$}, output
-- 
-2.23.0
-
--- a/activerecord-5.2.4.4.gem
+++ b/activerecord-5.2.4.4.gem
--- a/activerecord-6.1.4.1-tests.txz
+++ b/activerecord-6.1.4.1-tests.txz
--- a/activerecord-6.1.4.1.gem
+++ b/activerecord-6.1.4.1.gem
--- a/rails-6.1.4.1-tools.txz
+++ b/rails-6.1.4.1-tools.txz
--- a/rubygem-activerecord.spec
+++ b/rubygem-activerecord.spec
@ -1,20 +1,27 @@
 %global gem_name activerecord
 Name:                rubygem-%{gem_name}
 Epoch:               1
-Version:             5.2.4.4
-Release:             2
+Version:             6.1.4.1
+Release:             1
 Summary:             Object-relational mapper framework (part of Rails)
 License:             MIT
 URL:                 http://rubyonrails.org
-Source0:             https://rubygems.org/gems/activerecord-5.2.4.4.gem
-Source1:             https://github.com/rails/rails/archive/v5.2.4.4.tar.gz
-Patch0:              CVE-2021-22880-1.patch 
-Patch1:              CVE-2021-22880-2.patch
+Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
+# The gem doesn't ship with the test suite.
+# You may check it out like so
+# git clone http://github.com/rails/rails.git
+# cd rails/activerecord && git archive -v -o activerecord-6.1.4.1-tests.txz v6.1.4.1 test/
+Source1:             activerecord-%{version}-tests.txz
+# The tools are needed for the test suite, are however unpackaged in gem file.
+# You may check it out like so
+# git clone http://github.com/rails/rails.git --no-checkout
+# cd rails && git archive -v -o rails-6.1.4.1-tools.txz v6.1.4.1 tools/
+Source2:             rails-%{version}-tools.txz

 Suggests:            %{_bindir}/sqlite3
 BuildRequires:       rubygems-devel rubygem(bcrypt) rubygem(activesupport) = %{version}
 BuildRequires:       rubygem(activemodel) = %{version} rubygem(builder) rubygem(sqlite3)
-BuildRequires:       rubygem(mocha) rubygem(arel) rubygem(rack) sqlite
+BuildRequires:       rubygem(actionpack) = %{version} rubygem(pg) rubygem(mocha) rubygem(rack)
 BuildArch:           noarch
 %description
 Implements the ActiveRecord pattern (Fowler, PoEAA) for ORM. It ties database
@ -30,11 +37,7 @@ BuildArch:           noarch
 Documentation for %{name}.

 %prep
-%setup -q -n %{gem_name}-%{version} -b 1
-%patch0 -p1
-pushd %{_builddir}
-%patch1 -p1
-popd
+%setup -q -n %{gem_name}-%{version} -b1 -b2

 %build
 gem build ../%{gem_name}-%{version}.gemspec
@ -47,20 +50,13 @@ cp -a .%{gem_dir}/* \

 %check
 pushd .%{gem_instdir}
-cp -a %{_builddir}/rails-%{version}/%{gem_name}/test test
-sed -i '/^\s*def test_too_many_binds$/ a skip' \
-  test/cases/bind_parameter_test.rb
-sed -i '/^\s*def test_preloading_has_many_through_with_implicit_source$/ a skip' \
-  test/cases/associations/eager_test.rb
-sed -i '/^\s*def test_eager_habtm_with_association_inheritance$/ a skip' \
-  test/cases/associations/eager_test.rb
-ruby -Itest:lib <<EOF
-  test_files = Dir.glob( "./test/cases/**/*_test.rb" )
-  test_files.reject! { |x| x =~ %r|/adapters/| }
-  # Only test sqlite3 backend
-  test_files += Dir.glob("./test/cases/adapters/sqlite3/*_test.rb")
-  test_files.sort.each { |f| require f }
-EOF
+ln -s %{_builddir}/tools ..
+mv %{_builddir}/test .
+sed -i '/^\s*def test_generates_absolute_path_with_given_root$/ a skip' \
+  test/cases/tasks/sqlite_rake_test.rb
+sed -i '/require .byebug./ s/^/#/g' test/cases/base_prevent_writes_test.rb
+mv test/cases/adapters/sqlite3/explain_test.rb{,.disable}
+ruby -rpg -Itest:lib -e 'Dir.glob("./test/cases/**/*_test.rb").sort.each{ |f| require f }'
 popd

 %files
@ -77,6 +73,9 @@ popd
 %{gem_instdir}/examples

 %changelog
+* Tue Mar 29 liyanan <liyanan32@huawei.com> - 6.1.4.1-1
+- update to 6.1.4.1
+
 * Tue Mar 16 2021 wangyue <wangyue92@huawei.com> - 5.2.4.4-2
 - fix CVE-2021-22880
 
--- a/v5.2.4.4.tar.gz
+++ b/v5.2.4.4.tar.gz