!9 rubygem-addressable升级至社区最新版本

From: @wu-leilei 
Reviewed-by: @shinwell_hu 
Signed-off-by: @shinwell_hu

CVE-2021-32740.patch

@@ -1,57 +0,0 @@
-From b48ff03347a6d46e8dc674e242ce74c6381962a5 Mon Sep 17 00:00:00 2001
-From: Security Curious <security-curious@pm.me>
-Date: Fri, 2 Jul 2021 15:30:02 -0400
-Subject: [PATCH] Prevent ReDOS vuln on URI Template matching
-
-The regular expression used to match a template against a URL is
-vulnerable to a regular expression denial-of-service via catastrophic
-backtracking.
-
-This commit includes a test that demonstrates the failure without
-the fix as well as updates the regexp to remove the vulnerability.
-The vulnerability is removed by updating the grouping to be atomic.
----
- lib/addressable/template.rb       | 2 +-
- spec/addressable/template_spec.rb | 9 +++++++++
- 2 files changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/lib/addressable/template.rb b/lib/addressable/template.rb
-index 2696695..45967ce 100644
---- a/lib/addressable/template.rb
-+++ b/lib/addressable/template.rb
-@@ -37,7 +37,7 @@ class Template
-       Addressable::URI::CharacterClasses::DIGIT + '_'
- 
-     var_char =
--      "(?:(?:[#{variable_char_class}]|%[a-fA-F0-9][a-fA-F0-9])+)"
-+      "(?>(?:[#{variable_char_class}]|%[a-fA-F0-9][a-fA-F0-9])+)"
-     RESERVED =
-       "(?:[#{anything}]|%[a-fA-F0-9][a-fA-F0-9])"
-     UNRESERVED =
-diff --git a/spec/addressable/template_spec.rb b/spec/addressable/template_spec.rb
-index a019165..d47589a 100644
---- a/spec/addressable/template_spec.rb
-+++ b/spec/addressable/template_spec.rb
-@@ -19,6 +19,7 @@
- require "spec_helper"
- 
- require "bigdecimal"
-+require "timeout"
- require "addressable/template"
- 
- shared_examples_for 'expands' do |tests|
-@@ -1340,6 +1341,14 @@ def self.match(name)
-         expect(subject).not_to match("foo_bar*")
-         expect(subject).not_to match("foo_bar:20")
-       end
-+
-+      it 'should parse in a reasonable time' do
-+        expect do
-+          Timeout.timeout(0.1) do
-+            expect(subject).not_to match("0"*25 + "!")
-+          end
-+        end.not_to raise_error
-+      end
-     end
-     context "VARIABLE_LIST" do
-       subject { Addressable::Template::VARIABLE_LIST }

fix_addressable_tests.patch

@@ -1,71 +0,0 @@
---- spec/addressable/uri_spec_orig.rb
-+++ spec/addressable/uri_spec.rb
-@@ -401,9 +401,9 @@
-     expect(@uri.normalized_host).to eq("example.com")
-   end
- 
--  it "returns 'com' for #tld" do
--    expect(@uri.tld).to eq("com")
--  end
-+  # it "returns 'com' for #tld" do
-+  #   expect(@uri.tld).to eq("com")
-+  # end
- 
-   it "returns 'user:password@example.com:8080' for #authority" do
-     expect(@uri.authority).to eq("user:password@example.com:8080")
-@@ -2393,9 +2393,9 @@
-     expect(@uri.origin).to eq('http://example.com')
-   end
- 
--  it "should have a tld of 'com'" do
--    expect(@uri.tld).to eq('com')
--  end
-+  # it "should have a tld of 'com'" do
-+  #   expect(@uri.tld).to eq('com')
-+  # end
- end
- 
- describe Addressable::URI, "when parsed from " +
-@@ -2408,13 +2408,13 @@
-     expect(@uri.origin).to eq('http://www.example.co.uk')
-   end
- 
--  it "should have a tld of 'co.uk'" do
--    expect(@uri.tld).to eq('co.uk')
--  end
--
--  it "should have a domain of 'example.co.uk'" do
--    expect(@uri.domain).to eq('example.co.uk')
--  end
-+  # it "should have a tld of 'co.uk'" do
-+  #   expect(@uri.tld).to eq('co.uk')
-+  # end
-+
-+  # it "should have a domain of 'example.co.uk'" do
-+  #   expect(@uri.domain).to eq('example.co.uk')
-+  # end
- end
- 
- describe Addressable::URI, "when parsed from " +
-@@ -2427,13 +2427,13 @@
-     expect(@uri.origin).to eq('http://sub_domain.blogspot.com')
-   end
- 
--  it "should have a tld of 'com'" do
--    expect(@uri.tld).to eq('com')
--  end
--
--  it "should have a domain of 'blogspot.com'" do
--    expect(@uri.domain).to eq('blogspot.com')
--  end
-+  # it "should have a tld of 'com'" do
-+  #   expect(@uri.tld).to eq('com')
-+  # end
-+
-+  # it "should have a domain of 'blogspot.com'" do
-+  #   expect(@uri.domain).to eq('blogspot.com')
-+  # end
- end
- 
- describe Addressable::URI, "when parsed from " +
-

no-rack-mount.patch

@@ -1,18 +0,0 @@
---- Gemfile
-+++ Gemfile
-@@ -14,13 +14,11 @@
- end
- 
- group :test, :development do
--  gem 'rake', '> 10.0', '< 12'
-+  gem 'rake', '> 10.0', '< 12.1'
-   gem 'simplecov', :require => false
-   gem 'coveralls', :require => false, :platforms => [
-     :ruby_20, :ruby_21, :ruby_22, :ruby_23
-   ]
--  # Used to test compatibility.
--  gem 'rack-mount', git: 'https://github.com/sporkmonger/rack-mount.git', require: 'rack/mount'
- 
-   if RUBY_VERSION.start_with?('2.0', '2.1')
-     gem 'rack', '< 2', :require => false
-

remove-deprecated-warning.patch

@@ -1,30 +0,0 @@
-From a9432d389954611956ea389de2f819986985ba35 Mon Sep 17 00:00:00 2001
-From: takkanm <takkanm@gmail.com>
-Date: Tue, 26 Dec 2017 20:44:52 +0900
-Subject: [PATCH] remove deprecated warning
-
-BigDecimal.new is deprecated in Ruby2.5
-
-```
-spec/addressable/template_spec.rb:85: warning: BigDecimal.new is deprecated; use Kernel.BigDecimal method instead.
-```
----
- spec/addressable/template_spec.rb | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/spec/addressable/template_spec.rb b/spec/addressable/template_spec.rb
-index bd8ab12..cff4a87 100644
---- a/spec/addressable/template_spec.rb
-+++ b/spec/addressable/template_spec.rb
-@@ -82,7 +82,7 @@ describe "Type conversion" do
-       :hello => 1234,
-       :nothing => nil,
-       :sym => :symbolic,
--      :decimal => BigDecimal.new('1')
-+      :decimal => BigDecimal('1')
-     }
-   }
- 
--- 
-2.30.0
-

rubygem-addressable.spec

@@ -1,7 +1,7 @@
 %global gem_name addressable
 Name:                rubygem-%{gem_name}
-Version:             2.5.2
+Version:             2.8.0
-Release:             3
+Release:             1
 Summary:             URI Implementation
 License:             ASL 2.0
 URL:                 https://github.com/sporkmonger/addressable
@@ -9,12 +9,7 @@ Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
 BuildRequires:       ruby(release) rubygems-devel rubygem(bigdecimal) rubygem(public_suffix)
 BuildRequires:       rubygem(rspec-its) rubygem(idn)
 BuildArch:           noarch
-# Revert f1d5855162c48d06eb1907871909d5859b9a7d3c (rack-mount)
+
-Patch0:              no-rack-mount.patch
-# Comment out failing tests
-Patch1:              fix_addressable_tests.patch
-Patch2:              CVE-2021-32740.patch
-Patch3:              remove-deprecated-warning.patch
 %description
 Addressable is a replacement for the URI implementation that is part of
 Ruby's standard library. It more closely conforms to the relevant RFCs and
@@ -28,16 +23,10 @@ BuildArch:           noarch
 Documentation for %{name}.
 
 %prep
-gem unpack %{SOURCE0}
+%setup -q -n %{gem_name}-%{version}
-%setup -q -D -T -n  %{gem_name}-%{version}
-gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
-%patch0
-%patch1
-%patch2 -p1
-%patch3 -p1
 
 %build
-gem build %{gem_name}.gemspec
+gem build ../%{gem_name}-%{version}.gemspec
 %gem_install
 
 %install
@@ -47,11 +36,10 @@ cp -a .%{gem_dir}/* \
 
 %check
 pushd .%{gem_instdir}
-rm spec/addressable/rack_mount_compat_spec.rb
 sed -i "/require 'bundler\/setup'/ s/^/#/" spec/spec_helper.rb
 sed -i '/^begin$/,/^end$/ s/^/#/' spec/spec_helper.rb
-rm spec/addressable/net_http_compat_spec.rb
+mv spec/addressable/net_http_compat_spec.rb{,.disabled}
-rspec spec/
+LC_ALL=C.UTF-8 rspec spec/
 popd
 
 %files
@@ -70,8 +58,12 @@ popd
 %doc %{gem_instdir}/README.md
 %{gem_instdir}/Rakefile
 %{gem_instdir}/spec
+%{gem_instdir}/%{gem_name}.gemspec
 
 %changelog
+* Thu Jun 30 2022 wulei <wulei80@h-partners.com> - 2.8.0-1
+- Upgrade to 2.8.0
+
 * Fri Jan 21 2022 chenchen <chen_aka_jan@163.com> - 2.5.2-3
 - remove deprecated warning for fix build error