From 117a0907bac799e22e836986ffa61cc801947368 Mon Sep 17 00:00:00 2001 From: lyn1001 Date: Tue, 29 Mar 2022 20:01:40 +0800 Subject: [PATCH] Fix no implicit conversion of Hash into Integer --- ...validURIError-no-such-file-directory.patch | 12 ++++++ ...icit-conversion-of-hash-into-integer.patch | 39 +++++++++++++++++++ ...smallcase-for-Image-details-in-tests.patch | 23 ----------- ...-new-identify-error-message-in-tests.patch | 23 ----------- rubygem-mini_magick.spec | 23 ++++++----- 5 files changed, 64 insertions(+), 56 deletions(-) create mode 100644 fix-URI-InvalidURIError-no-such-file-directory.patch create mode 100644 fix-no-implicit-conversion-of-hash-into-integer.patch delete mode 100644 mini_magick-4.8.0-Use-smallcase-for-Image-details-in-tests.patch delete mode 100644 mini_magick-4.8.0-match-new-identify-error-message-in-tests.patch diff --git a/fix-URI-InvalidURIError-no-such-file-directory.patch b/fix-URI-InvalidURIError-no-such-file-directory.patch new file mode 100644 index 0000000..3aa5933 --- /dev/null +++ b/fix-URI-InvalidURIError-no-such-file-directory.patch @@ -0,0 +1,12 @@ +diff -Nur a/spec/lib/mini_magick/image_spec.rb b/spec/lib/mini_magick/image_spec.rb +--- a/spec/lib/mini_magick/image_spec.rb 2022-02-25 09:21:57.370368608 +0800 ++++ b/spec/lib/mini_magick/image_spec.rb 2022-02-25 09:24:14.804683516 +0800 +@@ -79,7 +79,7 @@ + it "doesn't allow remote shell execution" do + expect { + described_class.open("| touch file.txt") # Kernel#open accepts this +- }.to raise_error(URI::InvalidURIError) ++ }.to raise_error(Errno::ENOENT) + + expect(File.exist?("file.txt")).to eq(false) + end diff --git a/fix-no-implicit-conversion-of-hash-into-integer.patch b/fix-no-implicit-conversion-of-hash-into-integer.patch new file mode 100644 index 0000000..c42b91e --- /dev/null +++ b/fix-no-implicit-conversion-of-hash-into-integer.patch @@ -0,0 +1,39 @@ +diff -Nur a/lib/mini_magick/image.rb b/lib/mini_magick/image.rb +--- a/lib/mini_magick/image.rb 2022-02-24 19:57:09.378499137 +0800 ++++ b/lib/mini_magick/image.rb 2022-02-24 20:01:25.738826593 +0800 +@@ -82,15 +82,30 @@ + def self.open(path_or_url, ext = nil, options = {}) + options, ext = ext, nil if ext.is_a?(Hash) + +- uri = URI(path_or_url.to_s) ++ # Don't use Kernel#open, but reuse its logic ++ openable = ++ if path_or_url.respond_to?(:open) ++ path_or_url ++ elsif path_or_url.respond_to?(:to_str) && ++ %r{\A[A-Za-z][A-Za-z0-9+\-\.]*://} =~ path_or_url && ++ (uri = URI.parse(path_or_url)).respond_to?(:open) ++ uri ++ else ++ options = { binmode: true }.merge(options) ++ Pathname(path_or_url) ++ end + +- ext ||= File.extname(uri.path) ++ if openable.is_a?(URI::Generic) ++ ext ||= File.extname(openable.path) ++ else ++ ext ||= File.extname(openable.to_s) ++ end + ext.sub!(/:.*/, '') # hack for filenames or URLs that include a colon + +- if uri.is_a?(URI::HTTP) || uri.is_a?(URI::FTP) +- uri.open(options) { |file| read(file, ext) } ++ if openable.is_a?(URI::Generic) ++ openable.open(options) { |file| read(file, ext) } + else +- File.open(uri.to_s, "rb", options) { |file| read(file, ext) } ++ openable.open(**options) { |file| read(file, ext) } + end + end + diff --git a/mini_magick-4.8.0-Use-smallcase-for-Image-details-in-tests.patch b/mini_magick-4.8.0-Use-smallcase-for-Image-details-in-tests.patch deleted file mode 100644 index b0c80ca..0000000 --- a/mini_magick-4.8.0-Use-smallcase-for-Image-details-in-tests.patch +++ /dev/null @@ -1,23 +0,0 @@ -From ea9df8283b4d2c354f0f1887ea29f742913d44b7 Mon Sep 17 00:00:00 2001 -From: Pavel Valena -Date: Tue, 5 Jun 2018 18:06:47 +0200 -Subject: [PATCH] Fix test: Use smallcase for MiniMagick::Image#details - -`MiniMagick::Image#details` has been deprecated, as it was causing too many parsing errors. You should use MiniMagick::Image#data instead, which differs in a way that the keys are in camelcase. ---- - spec/lib/mini_magick/image_spec.rb | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/spec/lib/mini_magick/image_spec.rb b/spec/lib/mini_magick/image_spec.rb -index 784d01a..b240516 100644 ---- a/spec/lib/mini_magick/image_spec.rb -+++ b/spec/lib/mini_magick/image_spec.rb -@@ -420,7 +420,7 @@ def create(path = image_path) - it "returns a hash of verbose information" do - expect(subject.details["Format"]).to match /^JPEG/ - if MiniMagick.cli == :imagemagick -- expect(subject.details["Channel depth"]["Red"]).to eq "8-bit" -+ expect(subject.details["Channel depth"]["red"]).to eq "8-bit" - expect(subject.details).to have_key("Background color") - expect(subject.details["Properties"]).to have_key("date:create") - else diff --git a/mini_magick-4.8.0-match-new-identify-error-message-in-tests.patch b/mini_magick-4.8.0-match-new-identify-error-message-in-tests.patch deleted file mode 100644 index 783756f..0000000 --- a/mini_magick-4.8.0-match-new-identify-error-message-in-tests.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 0d6d7b630cf5971f2a2e3d27a50977d76ddbb9af Mon Sep 17 00:00:00 2001 -From: Pavel Valena -Date: Tue, 5 Jun 2018 18:37:50 +0200 -Subject: [PATCH] Fix test: match new `identify` error message - -[identify](https://linux.die.net/man/1/identify) changed output. ---- - spec/lib/mini_magick/shell_spec.rb | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/spec/lib/mini_magick/shell_spec.rb b/spec/lib/mini_magick/shell_spec.rb -index cb50a51..1389c18 100644 ---- a/spec/lib/mini_magick/shell_spec.rb -+++ b/spec/lib/mini_magick/shell_spec.rb -@@ -51,7 +51,7 @@ - stdout, stderr, status = subject.execute(%W[identify foo]) - - expect(stdout).to eq "" -- expect(stderr).to match("unable to open image 'foo'") -+ expect(stderr).to match(/identify: unable to open image `foo': No such file or directory/) - expect(status).to eq 1 - end - diff --git a/rubygem-mini_magick.spec b/rubygem-mini_magick.spec index ab33cde..3a544da 100644 --- a/rubygem-mini_magick.spec +++ b/rubygem-mini_magick.spec @@ -1,22 +1,18 @@ %global gem_name mini_magick Name: rubygem-%{gem_name} Version: 4.8.0 -Release: 3 +Release: 4 Summary: Manipulate images with minimal use of memory via ImageMagick License: MIT URL: https://github.com/minimagick/minimagick Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem Source1: https://github.com/minimagick/minimagick/archive/v%{version}.tar.gz -# Use smallcase for MiniMagick::Image#details -# https://github.com/minimagick/minimagick/pull/454/ -Patch0: mini_magick-4.8.0-Use-smallcase-for-Image-details-in-tests.patch -# Match new `identify` error message -# https://github.com/minimagick/minimagick/pull/455/ -Patch1: mini_magick-4.8.0-match-new-identify-error-message-in-tests.patch Patch2: CVE-2019-13574-1.patch Patch3: CVE-2019-13574-2.patch +Patch4: fix-URI-InvalidURIError-no-such-file-directory.patch +Patch5: fix-no-implicit-conversion-of-hash-into-integer.patch Requires: ImageMagick -BuildRequires: ruby(release) rubygems-devel ruby rubygem(rspec) rubygem(webmock) ImageMagick +BuildRequires: ruby(release) rubygems-devel ruby rubygem(rspec) rubygem(webmock) ImageMagick rubygem(rexml) BuildArch: noarch %description A ruby wrapper for ImageMagick command line. Using MiniMagick the ruby @@ -34,6 +30,7 @@ Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version} %patch2 -p1 +%patch5 -p1 %build gem build ../%{gem_name}-%{version}.gemspec @@ -48,9 +45,12 @@ cp -a .%{gem_dir}/* \ pushd .%{gem_instdir} tar xzvf %{SOURCE1} cd minimagick-%{version} -cat %{PATCH0} | patch -p1 -cat %{PATCH1} | patch -p1 cat %{PATCH3} | patch -p1 +cat %{PATCH4} | patch -p1 +cat %{PATCH5} | patch -p1 +sed -i 's/"red"/"Red"/g' spec/lib/mini_magick/image_spec.rb +sed -i '/"date:create"/d' spec/lib/mini_magick/image_spec.rb +sed -i '/Clipping path/d' spec/lib/mini_magick/image_spec.rb sed -i -e '/require "pry"/ s/^/#/g' \ -e '/require "bundler/ s/^/#/g' \ spec/spec_helper.rb @@ -76,6 +76,9 @@ popd %{gem_instdir}/Rakefile %changelog +* Tue Mar 29 2022 liyanan - 1.0.2-4 +- Fix no implicit conversion of Hash into Integer + * Tue Apr 13 2021 wangxiao65 - 1.0.2-3 - Fix CVE-2019-13574