1788998 – Add `bundled()` provides for libraries shipped with StdLib.

Bug 1788998 - Add `bundled()` provides for libraries shipped with StdLib.

Summary: Add `bundled()` provides for libraries shipped with StdLib.

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ruby
Sub Component:
Version:	42
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Vít Ondruch
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-08 14:35 UTC by Vít Ondruch
Modified:	2025-04-10 07:46 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Vít Ondruch 2020-01-08 14:35:46 UTC

Description of problem:
Ruby StdLib ships with a lot of bundled packages, which has nowadays separate upstream repositories and releases. Therefore, such packages should be marked by `bundled()` provides.


Version-Release number of selected component (if applicable):
$ rpm -q ruby
ruby-2.6.5-124.fc32.x86_64


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
No `bundled()` provides for StdLib gems.

Expected results:
StdLib gems are marked by `bundled()` provide.


Additional info:

Comment 1 Ben Cotton 2020-02-11 17:37:00 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 32 development cycle.
Changing version to 32.

Comment 2 Fedora Program Management 2021-04-29 16:01:45 UTC

This message is a reminder that Fedora 32 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 32 on 2021-05-25.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '32'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 32 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 3 Ben Cotton 2021-08-10 12:47:03 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 35 development cycle.
Changing version to 35.

Comment 4 Ben Cotton 2022-11-29 16:47:31 UTC

This message is a reminder that Fedora Linux 35 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '35'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 35 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 5 Ben Cotton 2023-02-07 14:51:25 UTC

This bug appears to have been reported against 'rawhide' during the Fedora Linux 38 development cycle.
Changing version to 38.

Comment 6 Aoife Moloney 2024-05-07 15:42:01 UTC

This message is a reminder that Fedora Linux 38 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 38 on 2024-05-21.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
'version' of '38'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, change the 'version' 
to a later Fedora Linux version. Note that the version field may be hidden.
Click the "Show advanced fields" button if you do not see it.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora Linux 38 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora Linux, you are encouraged to change the 'version' to a later version
prior to this bug being closed.

Comment 7 Aoife Moloney 2025-02-26 12:50:38 UTC

This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.

Comment 8 Vít Ondruch 2025-04-10 07:33:02 UTC

As it turns out, provides such as `bundled(rubygem-cgi)` would help with triaging CVEs such as bug CVE-2025-27219. However, does anybody have any idea how to match the upstream repository structure / gem availability with the content of StdLib?

Comment 9 Vít Ondruch 2025-04-10 07:46:16 UTC

(In reply to Vít Ondruch from comment #8)
> However, does anybody have any idea how to match the upstream repository structure / gem availability with the content of StdLib?

There seems to be list of default gems here:

https://github.com/ruby/ruby/blob/master/tool/sync_default_gems.rb

Note You need to log in before you can comment on or make changes to this bug.