Bug#1079697: marked as done (ruby3.1: diff for NMU version 3.1.2-8.4)

Thu, 24 Apr 2025 23:52:15 -0700 

Your message dated Fri, 25 Apr 2025 06:48:29 +0000
with message-id <e1u8crn-003den...@fasolo.debian.org>
and subject line Bug#1095937: Removed package(s) from unstable
has caused the Debian Bug report #1079697,
regarding ruby3.1: diff for NMU version 3.1.2-8.4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1079697: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1079697
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: ruby3.1
Version: 3.1.2-8.3
Severity: normal
Tags: patch pending

Dear maintainer,

I've prepared an NMU for ruby3.1 (versioned as 3.1.2-8.4) and uploaded
it to DELAYED/2.  Please feel free to tell me if I should delay it
longer.

I'm aware that this doesn't fix the pile of CVEs open against ruby3.1.
My motivation here is just to unblock openssh from migrating to testing;
it's currently blocked on openssl, which in turn is blocked on ruby3.1
autopkgtest failures.

For your convenience, I opened
https://salsa.debian.org/ruby-team/ruby/-/merge_requests/8 which is
equivalent to the attached diff here but broken down into separate
commits.

Thanks,

-- 
Colin Watson (he/him)                              [cjwat...@debian.org]

diff -Nru ruby3.1-3.1.2/debian/changelog ruby3.1-3.1.2/debian/changelog
--- ruby3.1-3.1.2/debian/changelog	2024-03-17 17:06:13.000000000 +0000
+++ ruby3.1-3.1.2/debian/changelog	2024-08-26 14:00:57.000000000 +0100
@@ -1,3 +1,11 @@
+ruby3.1 (3.1.2-8.4) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix test failures with OpenSSL 3.3 (closes: #1075922).
+  * Deduplicate results from getaddrinfo (closes: #1069399).
+
+ -- Colin Watson <cjwat...@debian.org>  Mon, 26 Aug 2024 14:00:57 +0100
+
 ruby3.1 (3.1.2-8.3) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru ruby3.1-3.1.2/debian/patches/deduplicate-getaddrinfo.patch ruby3.1-3.1.2/debian/patches/deduplicate-getaddrinfo.patch
--- ruby3.1-3.1.2/debian/patches/deduplicate-getaddrinfo.patch	1970-01-01 01:00:00.000000000 +0100
+++ ruby3.1-3.1.2/debian/patches/deduplicate-getaddrinfo.patch	2024-08-26 01:35:23.000000000 +0100
@@ -0,0 +1,51 @@
+From: Colin Watson <cjwat...@debian.org>
+Date: Mon, 26 Aug 2024 01:35:10 +0100
+Subject: Deduplicate results from getaddrinfo
+
+In certain configurations it's possible to get duplicate results back
+from getaddrinfo: for example, if you accidentally have more than one
+line in /etc/hosts mapping the same name to the same IP address, then
+Linux/glibc systems will return multiple identical entries.  This minor
+misconfiguration is normally harmless, but it caused this program to
+fail with `EADDRINUSE`:
+
+    require 'socket'
+    Socket.tcp_server_sockets('localhost', 0)
+
+Prior to https://github.com/ruby/net-http/pull/180, this caused a number
+of `TestNetHTTP*` tests to fail, as seen in these Debian bugs:
+
+  https://bugs.debian.org/1069399 (Ruby 3.1)
+  https://bugs.debian.org/1064685 (Ruby 3.2)
+  https://bugs.debian.org/1077462 (Ruby 3.3)
+
+It's easy enough to deduplicate these.
+
+Bug-Debian: https://bugs.debian.org/1069399
+Forwarded: https://github.com/ruby/ruby/pull/11456
+Last-Update: 2024-08-26
+---
+ ext/socket/lib/socket.rb | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/ext/socket/lib/socket.rb b/ext/socket/lib/socket.rb
+index d756a32..19684b3 100644
+--- a/ext/socket/lib/socket.rb
++++ b/ext/socket/lib/socket.rb
+@@ -668,10 +668,16 @@ class Socket < BasicSocket
+   # :stopdoc:
+   def self.ip_sockets_port0(ai_list, reuseaddr)
+     sockets = []
++    ai_seen = {}
+     begin
+       sockets.clear
+       port = nil
+       ai_list.each {|ai|
++        ai_id = [ai.pfamily, ai.socktype, ai.protocol, ai.ip_address]
++        if ai_seen.include?(ai_id)
++          next
++        end
++        ai_seen[ai_id] = nil
+         begin
+           s = Socket.new(ai.pfamily, ai.socktype, ai.protocol)
+         rescue SystemCallError
diff -Nru ruby3.1-3.1.2/debian/patches/openssl-3.3.patch ruby3.1-3.1.2/debian/patches/openssl-3.3.patch
--- ruby3.1-3.1.2/debian/patches/openssl-3.3.patch	1970-01-01 01:00:00.000000000 +0100
+++ ruby3.1-3.1.2/debian/patches/openssl-3.3.patch	2024-08-26 01:35:23.000000000 +0100
@@ -0,0 +1,65 @@
+From: Jun Aruga <jar...@redhat.com>
+Date: Tue, 12 Mar 2024 14:39:05 +0100
+Subject: test_asn1.rb: Remove the assertions of the time string format
+ without second.
+
+This commit fixes the following errors in the tests.
+Because the OpenSSL project changed the code to make the time string format
+without second invalid. So, we drop the assertions.
+
+```
+1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime'
+     430:       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
+     431:     # LibreSSL 3.6.0 requires the seconds element
+     432:     return if libressl?
+  => 433:     decode_test B(%w{ 18 0D }) + "201612081934Z".b,
+     434:       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
+     435:     # not implemented
+     436:     # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
+
+2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime'
+     408:     end
+     409:     # Seconds is omitted. LibreSSL 3.6.0 requires it
+     410:     return if libressl?
+  => 411:     decode_test B(%w{ 17 0B }) + "1609082343Z".b,
+     412:       OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
+     413:     # not implemented
+     414:     # decode_test B(%w{ 17 11 }) + "500908234339+0930".b,
+```
+
+Bug-Debian: https://bugs.debian.org/1075922
+Origin: upstream, https://github.com/ruby/openssl/pull/728
+Last-Update: 2024-08-25
+---
+ test/openssl/test_asn1.rb | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
+index 0fd7971..7e5b969 100644
+--- a/test/openssl/test_asn1.rb
++++ b/test/openssl/test_asn1.rb
+@@ -404,9 +404,6 @@ class  OpenSSL::TestASN1 < OpenSSL::TestCase
+   def test_utctime
+     encode_decode_test B(%w{ 17 0D }) + "160908234339Z".b,
+       OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 39))
+-    # Seconds is omitted
+-    decode_test B(%w{ 17 0B }) + "1609082343Z".b,
+-      OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
+     begin
+       # possible range of UTCTime is 1969-2068 currently
+       encode_decode_test B(%w{ 17 0D }) + "690908234339Z".b,
+@@ -432,8 +429,6 @@ class  OpenSSL::TestASN1 < OpenSSL::TestCase
+       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 29))
+     encode_decode_test B(%w{ 18 0F }) + "99990908234339Z".b,
+       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
+-    decode_test B(%w{ 18 0D }) + "201612081934Z".b,
+-      OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
+     # not implemented
+     # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
+     #   OpenSSL::ASN1::GeneralizedTime.new(Time.new(2016, 12, 8, 19, 34, 39, "+09:30"))
diff -Nru ruby3.1-3.1.2/debian/patches/series ruby3.1-3.1.2/debian/patches/series
--- ruby3.1-3.1.2/debian/patches/series	2024-03-15 16:41:16.000000000 +0000
+++ ruby3.1-3.1.2/debian/patches/series	2024-08-26 01:35:23.000000000 +0100
@@ -17,3 +17,5 @@
 openssl-3.0.1.patch
 Fix-splitting-relative-URI.patch
 Update-test-certificates.patch
+openssl-3.3.patch
+deduplicate-getaddrinfo.patch

--- End Message ---
--- Begin Message --- 
Version: 3.1.2-8.5+rm

Dear submitter,

as the package ruby3.1 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/1095937

The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.

Please note that the changes have been done on the master archive and
will not propagate to any mirrors until the next dinstall run at the
earliest.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Thorsten Alteholz (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to