!17 update to 4.12.0

From: @lyn1001 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia

CVE-2019-13574-1.patch

@@ -1,47 +0,0 @@
-From 4cd5081e58810d3394d27a67219e8e4e0445d851 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Janko=20Marohni=C4=87?= <janko.marohnic@gmail.com>
-Date: Sun, 26 May 2019 17:30:14 +0200
-Subject: [PATCH] Don't allow remote shell execution
-
-Kernel#open accepts a string of format "| <shell command>" which
-executes the specified shell command and otherwise presumably acts as
-IO.popen. The open-uri standard library overrides Kernel#open to also
-accept URLs.
-
-However, the overridden Kernel#open just delegates to URI#open, so we
-switch to using that directly and avoid the remote shell execution
-vulnerability. For files we just use File.open, which should have the
-same behaviour as Kernel#open.
----
- lib/mini_magick/image.rb           | 14 ++++++--------
- spec/lib/mini_magick/image_spec.rb |  8 ++++++++
- 2 files changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/lib/mini_magick/image.rb b/lib/mini_magick/image.rb
-index a1f47c6..0ac4780 100644
---- a/lib/mini_magick/image.rb
-+++ b/lib/mini_magick/image.rb
-@@ -82,17 +82,15 @@ def self.import_pixels(blob, columns, rows, depth, map, format = 'png')
-     def self.open(path_or_url, ext = nil, options = {})
-       options, ext = ext, nil if ext.is_a?(Hash)
- 
--      ext ||=
--        if File.exist?(path_or_url)
--          File.extname(path_or_url)
--        else
--          File.extname(URI(path_or_url).path)
--        end
-+      uri = URI(path_or_url.to_s)
- 
-+      ext ||= File.extname(uri.path)
-       ext.sub!(/:.*/, '') # hack for filenames or URLs that include a colon
- 
--      Kernel.open(path_or_url, "rb", options) do |file|
--        read(file, ext)
-+      if uri.is_a?(URI::HTTP) || uri.is_a?(URI::FTP)
-+        uri.open(options) { |file| read(file, ext) }
-+      else
-+        File.open(uri.to_s, "rb", options) { |file| read(file, ext) }
-       end
-     end
- 

CVE-2019-13574-2.patch

@@ -1,66 +0,0 @@
-From 4cd5081e58810d3394d27a67219e8e4e0445d851 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Janko=20Marohni=C4=87?= <janko.marohnic@gmail.com>
-Date: Sun, 26 May 2019 17:30:14 +0200
-Subject: [PATCH] Don't allow remote shell execution
-
-Kernel#open accepts a string of format "| <shell command>" which
-executes the specified shell command and otherwise presumably acts as
-IO.popen. The open-uri standard library overrides Kernel#open to also
-accept URLs.
-
-However, the overridden Kernel#open just delegates to URI#open, so we
-switch to using that directly and avoid the remote shell execution
-vulnerability. For files we just use File.open, which should have the
-same behaviour as Kernel#open.
----
- lib/mini_magick/image.rb           | 14 ++++++--------
- spec/lib/mini_magick/image_spec.rb |  8 ++++++++
- 2 files changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/lib/mini_magick/image.rb b/lib/mini_magick/image.rb
-index a1f47c6..0ac4780 100644
---- a/lib/mini_magick/image.rb
-+++ b/lib/mini_magick/image.rb
-@@ -82,17 +82,15 @@ def self.import_pixels(blob, columns, rows, depth, map, format = 'png')
-     def self.open(path_or_url, ext = nil, options = {})
-       options, ext = ext, nil if ext.is_a?(Hash)
- 
--      ext ||=
--        if File.exist?(path_or_url)
--          File.extname(path_or_url)
--        else
--          File.extname(URI(path_or_url).path)
--        end
-+      uri = URI(path_or_url.to_s)
- 
-+      ext ||= File.extname(uri.path)
-       ext.sub!(/:.*/, '') # hack for filenames or URLs that include a colon
- 
--      Kernel.open(path_or_url, "rb", options) do |file|
--        read(file, ext)
-+      if uri.is_a?(URI::HTTP) || uri.is_a?(URI::FTP)
-+        uri.open(options) { |file| read(file, ext) }
-+      else
-+        File.open(uri.to_s, "rb", options) { |file| read(file, ext) }
-       end
-     end
- 
-diff --git a/spec/lib/mini_magick/image_spec.rb b/spec/lib/mini_magick/image_spec.rb
-index 192d834..00f9cb0 100644
---- a/spec/lib/mini_magick/image_spec.rb
-+++ b/spec/lib/mini_magick/image_spec.rb
-@@ -76,6 +76,14 @@
-           expect(File.extname(image.path)).to eq ".jpg"
-         end
- 
-+        it "doesn't allow remote shell execution" do
-+          expect {
-+            described_class.open("| touch file.txt") # Kernel#open accepts this
-+          }.to raise_error(URI::InvalidURIError)
-+
-+          expect(File.exist?("file.txt")).to eq(false)
-+        end
-+
-         it "accepts open-uri options" do
-           stub_request(:get, "http://example.com/image.jpg")
-             .with(headers: {"Foo" => "Bar"})

Replace-deprecated-File.exists-with-File.exist.patch

@@ -1,66 +0,0 @@
-From 47eae0ac7be216b2f09a8cf68ba9863751c805d3 Mon Sep 17 00:00:00 2001
-From: chen-jan <chen_aka_jan@163.com>
-Date: Wed, 2 Aug 2023 11:04:02 +0800
-Subject: [PATCH] Replace deprecated File.exists? with File.exist?
-
----
- spec/lib/mini_magick/image_spec.rb | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/spec/lib/mini_magick/image_spec.rb b/spec/lib/mini_magick/image_spec.rb
-index 74203b1..449956d 100644
---- a/spec/lib/mini_magick/image_spec.rb
-+++ b/spec/lib/mini_magick/image_spec.rb
-@@ -119,7 +119,7 @@ require "webmock/rspec"
- 
-         it "creates an image" do
-           image = create
--          expect(File.exists?(image.path)).to eq true
-+          expect(File.exist?(image.path)).to eq true
-         end
- 
-         it "validates the image if validation is set" do
-@@ -245,12 +245,12 @@ require "webmock/rspec"
-           cache_path = image.path.sub(/mpc$/, "cache")
-           image.format("png")
- 
--          expect(File.exists?(cache_path)).to eq false
-+          expect(File.exist?(cache_path)).to eq false
-         end
- 
-         it "doesn't delete itself when formatted to the same format" do
-           subject.format(subject.type.downcase)
--          expect(File.exists?(subject.path)).to eq true
-+          expect(File.exist?(subject.path)).to eq true
-         end
- 
-         it "reformats multi-image formats to multiple images" do
-@@ -693,14 +693,14 @@ require "webmock/rspec"
-           image = described_class.open(image_path)
-           image.destroy!
- 
--          expect(File.exists?(image.path)).to eq false
-+          expect(File.exist?(image.path)).to eq false
-         end
- 
-         it "doesn't delete when there is no tempfile" do
-           image = described_class.new(image_path)
-           image.destroy!
- 
--          expect(File.exists?(image.path)).to eq true
-+          expect(File.exist?(image.path)).to eq true
-         end
- 
-         it "deletes .cache files generated by handling .mpc files" do
-@@ -708,7 +708,7 @@ require "webmock/rspec"
-           image.format("mpc")
-           image.destroy!
- 
--          expect(File.exists?(image.path.sub(/mpc$/, "cache"))).to eq false
-+          expect(File.exist?(image.path.sub(/mpc$/, "cache"))).to eq false
-         end
-       end
- 
--- 
-2.41.0
-

fix-URI-InvalidURIError-no-such-file-directory.patch

@@ -1,12 +0,0 @@
-diff -Nur a/spec/lib/mini_magick/image_spec.rb b/spec/lib/mini_magick/image_spec.rb
---- a/spec/lib/mini_magick/image_spec.rb	2022-02-25 09:21:57.370368608 +0800
-+++ b/spec/lib/mini_magick/image_spec.rb	2022-02-25 09:24:14.804683516 +0800
-@@ -79,7 +79,7 @@
-         it "doesn't allow remote shell execution" do
-           expect {
-             described_class.open("| touch file.txt") # Kernel#open accepts this
--          }.to raise_error(URI::InvalidURIError)
-+          }.to raise_error(Errno::ENOENT)
- 
-           expect(File.exist?("file.txt")).to eq(false)
-         end

fix-no-implicit-conversion-of-hash-into-integer.patch

@@ -1,39 +0,0 @@
-diff -Nur a/lib/mini_magick/image.rb b/lib/mini_magick/image.rb
---- a/lib/mini_magick/image.rb	2022-02-24 19:57:09.378499137 +0800
-+++ b/lib/mini_magick/image.rb	2022-02-24 20:01:25.738826593 +0800
-@@ -82,15 +82,30 @@
-     def self.open(path_or_url, ext = nil, options = {})
-       options, ext = ext, nil if ext.is_a?(Hash)
- 
--      uri = URI(path_or_url.to_s)
-+      # Don't use Kernel#open, but reuse its logic
-+      openable =
-+        if path_or_url.respond_to?(:open)
-+          path_or_url
-+        elsif path_or_url.respond_to?(:to_str) &&
-+              %r{\A[A-Za-z][A-Za-z0-9+\-\.]*://} =~ path_or_url &&
-+              (uri = URI.parse(path_or_url)).respond_to?(:open)
-+          uri
-+        else
-+          options = { binmode: true }.merge(options)
-+          Pathname(path_or_url)
-+        end
- 
--      ext ||= File.extname(uri.path)
-+      if openable.is_a?(URI::Generic)
-+        ext ||= File.extname(openable.path)
-+      else
-+        ext ||= File.extname(openable.to_s)
-+      end
-       ext.sub!(/:.*/, '') # hack for filenames or URLs that include a colon
- 
--      if uri.is_a?(URI::HTTP) || uri.is_a?(URI::FTP)
--        uri.open(options) { |file| read(file, ext) }
-+      if openable.is_a?(URI::Generic)
-+        openable.open(options) { |file| read(file, ext) }
-       else
--        File.open(uri.to_s, "rb", options) { |file| read(file, ext) }
-+        openable.open(**options) { |file| read(file, ext) }
-       end
-     end
- 

rubygem-mini_magick.spec

@@ -1,17 +1,12 @@
 %global gem_name mini_magick
 Name:                rubygem-%{gem_name}
-Version:             4.8.0
-Release:             5
+Version:             4.12.0
+Release:             1
 Summary:             Manipulate images with minimal use of memory via ImageMagick
 License:             MIT
 URL:                 https://github.com/minimagick/minimagick
 Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
 Source1:             https://github.com/minimagick/minimagick/archive/v%{version}.tar.gz
-Patch2:              CVE-2019-13574-1.patch
-Patch3:              CVE-2019-13574-2.patch
-Patch4:              fix-URI-InvalidURIError-no-such-file-directory.patch
-Patch5:              fix-no-implicit-conversion-of-hash-into-integer.patch
-Patch6:              Replace-deprecated-File.exists-with-File.exist.patch
 Requires:            ImageMagick
 BuildRequires:       ruby(release) rubygems-devel ruby rubygem(rspec) rubygem(webmock) ImageMagick rubygem(rexml)
 BuildArch:           noarch
@@ -30,8 +25,6 @@ Documentation for %{name}.
 
 %prep
 %setup -q -n %{gem_name}-%{version}
-%patch2 -p1
-%patch5 -p1
 
 %build
 gem build ../%{gem_name}-%{version}.gemspec
@@ -46,13 +39,6 @@ cp -a .%{gem_dir}/* \
 pushd .%{gem_instdir}
 tar xzvf %{SOURCE1}
 cd  minimagick-%{version}
-cat %{PATCH3} | patch -p1
-cat %{PATCH4} | patch -p1
-cat %{PATCH5} | patch -p1
-cat %{PATCH6} | patch -p1
-sed -i 's/"red"/"Red"/g' spec/lib/mini_magick/image_spec.rb
-sed -i '/"date:create"/d' spec/lib/mini_magick/image_spec.rb
-sed -i '/Clipping path/d' spec/lib/mini_magick/image_spec.rb
 sed -i -e '/require "pry"/ s/^/#/g' \
        -e '/require "bundler/ s/^/#/g' \
   spec/spec_helper.rb
@@ -63,6 +49,13 @@ sed -i '/^    it "identifies when gm exists" do$/,/    end/ s/^/#/g' \
   spec/lib/mini_magick/utilities_spec.rb
 sed -i "/^    it \"returns GraphicsMagick's version\" do$/,/    end/ s/^/#/g" \
   spec/lib/mini_magick_spec.rb
+sed -i -e 's|, "GraphicsMagick"||' \
+	spec/lib/mini_magick/image_spec.rb
+sed -i "/ have_key(\"date:create\")/ s/^/#/" \
+  spec/lib/mini_magick/image_spec.rb
+sed -i "/^\s*it \"does not hang when parsing verbose data\" do$/ a \ skip" \
+  spec/lib/mini_magick/image_spec.rb
+
 rspec spec
 popd
 
@@ -78,6 +71,9 @@ popd
 %{gem_instdir}/Rakefile
 
 %changelog
+* Fri Nov 17 2023 liyanan <liyanan32@huawei.com> - 4.12.0-1
+- Update to 4.12.0
+
 * Wed Aug 02 2023 chenchen <chen_aka_jan@163.com> - 4.8.0-5
 - Replacei deprecated File.exists with File.exist due to ruby upgrade to 3.2.2