packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to 2.5.8

Browse Source
This commit is contained in:
sxt1001 2020-07-28 20:05:54 +08:00
parent 09a8767ac8
commit 0bd411b976
17 changed files with 48 additions and 2075 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2019-15845.patch
View File

@ -1,40 +0,0 @@
From a0a2640b398cffd351f87d3f6243103add66575b Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Wed, 12 Dec 2018 14:38:09 +0900
Subject: [PATCH] Fix for wrong fnmatch patttern
* dir.c (file_s_fnmatch): ensure that pattern does not contain a
NUL character. https://hackerone.com/reports/449617
---
dir.c | 2 +-
test/ruby/test_fnmatch.rb | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/dir.c b/dir.c
index 6d1f50192743..d20cf60a7f4e 100644
--- a/dir.c
+++ b/dir.c
@@ -3211,7 +3211,7 @@ file_s_fnmatch(int argc, VALUE *argv, VALUE obj)
else
flags = 0;
- StringValue(pattern);
+ StringValueCStr(pattern);
FilePathStringValue(path);
if (flags & FNM_EXTGLOB) {
diff --git a/test/ruby/test_fnmatch.rb b/test/ruby/test_fnmatch.rb
index f594a00ad3d6..16f1076e48cc 100644
--- a/test/ruby/test_fnmatch.rb
+++ b/test/ruby/test_fnmatch.rb
@@ -160,4 +160,10 @@ def test_unicode
assert_file.fnmatch("[a-\u3042]*", "\u3042")
assert_file.not_fnmatch("[a-\u3042]*", "\u3043")
end
+
+ def test_nullchar
+ assert_raise(ArgumentError) {
+ File.fnmatch("a\0z", "a")
+ }
+ end
end

75
CVE-2019-16201.patch
View File

@ -1,75 +0,0 @@
From 36e057e26ef2104bc2349799d6c52d22bb1c7d03 Mon Sep 17 00:00:00 2001
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
Date: Tue, 13 Aug 2019 12:14:28 +0900
Subject: [PATCH] Loop with String#scan without creating substrings
Create the substrings necessary parts only, instead of cutting the
rest of the buffer. Also removed a useless, probable typo, regexp.
---
lib/webrick/httpauth/digestauth.rb | 19 ++-----------------
test/webrick/test_httpauth.rb | 22 ++++++++++++++++++++++
2 files changed, 24 insertions(+), 17 deletions(-)
diff --git a/lib/webrick/httpauth/digestauth.rb b/lib/webrick/httpauth/digestauth.rb
index 6416a40998f5..3cf12899d2f2 100644
--- a/lib/webrick/httpauth/digestauth.rb
+++ b/lib/webrick/httpauth/digestauth.rb
@@ -290,23 +290,8 @@ def _authenticate(req, res)
def split_param_value(string)
ret = {}
- while string.bytesize != 0
- case string
- when /^\s*([\w\-\.\*\%\!]+)=\s*\"((\\.|[^\"])*)\"\s*,?/
- key = $1
- matched = $2
- string = $'
- ret[key] = matched.gsub(/\\(.)/, "\\1")
- when /^\s*([\w\-\.\*\%\!]+)=\s*([^,\"]*),?/
- key = $1
- matched = $2
- string = $'
- ret[key] = matched.clone
- when /^s*^,/
- string = $'
- else
- break
- end
+ string.scan(/\G\s*([\w\-.*%!]+)=\s*(?:\"((?>\\.|[^\"])*)\"|([^,\"]*))\s*,?/) do
+ ret[$1] = $3 || $2.gsub(/\\(.)/, "\\1")
end
ret
end
diff --git a/test/webrick/test_httpauth.rb b/test/webrick/test_httpauth.rb
index 4df7141e857a..9fe8af8be215 100644
--- a/test/webrick/test_httpauth.rb
+++ b/test/webrick/test_httpauth.rb
@@ -310,6 +310,28 @@ def test_digest_auth_int
}
end
+ def test_digest_auth_invalid
+ digest_auth = WEBrick::HTTPAuth::DigestAuth.new(Realm: 'realm', UserDB: '')
+
+ def digest_auth.error(fmt, *)
+ end
+
+ def digest_auth.try_bad_request(len)
+ request = {"Authorization" => %[Digest a="#{'\b'*len}]}
+ authenticate request, nil
+ end
+
+ bad_request = WEBrick::HTTPStatus::BadRequest
+ t0 = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+ assert_raise(bad_request) {digest_auth.try_bad_request(10)}
+ limit = (Process.clock_gettime(Process::CLOCK_MONOTONIC) - t0)
+ [20, 50, 100, 200].each do |len|
+ assert_raise(bad_request) do
+ Timeout.timeout(len*limit) {digest_auth.try_bad_request(len)}
+ end
+ end
+ end
+
private
def credentials_for_request(user, password, params, body = nil)
cnonce = "hoge"

106
CVE-2019-16254.patch
View File

@ -1,106 +0,0 @@
From f98b3023bd786b4e7dfdb94b573a5f5d3d37d145 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 1 Oct 2019 11:01:05 +0000
Subject: [PATCH] merge revision(s) 3ce238b5f9795581eb84114dcfbdf4aa086bfecc
WEBrick: prevent response splitting and header injection
This is a follow up to d9d4a28.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.
Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67813 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
lib/webrick/httpresponse.rb | 3 +-
test/webrick/test_httpresponse.rb | 46 +++++++++++++++++++++++++++++--
2 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/lib/webrick/httpresponse.rb b/lib/webrick/httpresponse.rb
index 6d77692140f0..d26324c54a11 100644
--- a/lib/webrick/httpresponse.rb
+++ b/lib/webrick/httpresponse.rb
@@ -367,7 +367,8 @@ def set_error(ex, backtrace=false)
private
def check_header(header_value)
- if header_value =~ /\r\n/
+ header_value = header_value.to_s
+ if /[\r\n]/ =~ header_value
raise InvalidHeader
else
header_value
diff --git a/test/webrick/test_httpresponse.rb b/test/webrick/test_httpresponse.rb
index 6263e0a71044..24a6968582e9 100644
--- a/test/webrick/test_httpresponse.rb
+++ b/test/webrick/test_httpresponse.rb
@@ -29,7 +29,7 @@ def setup
@res.keep_alive = true
end
- def test_prevent_response_splitting_headers
+ def test_prevent_response_splitting_headers_crlf
res['X-header'] = "malicious\r\nCookie: hack"
io = StringIO.new
res.send_response io
@@ -39,7 +39,7 @@ def test_prevent_response_splitting_headers
refute_match 'hack', io.string
end
- def test_prevent_response_splitting_cookie_headers
+ def test_prevent_response_splitting_cookie_headers_crlf
user_input = "malicious\r\nCookie: hack"
res.cookies << WEBrick::Cookie.new('author', user_input)
io = StringIO.new
@@ -50,6 +50,48 @@ def test_prevent_response_splitting_cookie_headers
refute_match 'hack', io.string
end
+ def test_prevent_response_splitting_headers_cr
+ res['X-header'] = "malicious\rCookie: hack"
+ io = StringIO.new
+ res.send_response io
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ assert_equal '500', res.code
+ refute_match 'hack', io.string
+ end
+
+ def test_prevent_response_splitting_cookie_headers_cr
+ user_input = "malicious\rCookie: hack"
+ res.cookies << WEBrick::Cookie.new('author', user_input)
+ io = StringIO.new
+ res.send_response io
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ assert_equal '500', res.code
+ refute_match 'hack', io.string
+ end
+
+ def test_prevent_response_splitting_headers_lf
+ res['X-header'] = "malicious\nCookie: hack"
+ io = StringIO.new
+ res.send_response io
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ assert_equal '500', res.code
+ refute_match 'hack', io.string
+ end
+
+ def test_prevent_response_splitting_cookie_headers_lf
+ user_input = "malicious\nCookie: hack"
+ res.cookies << WEBrick::Cookie.new('author', user_input)
+ io = StringIO.new
+ res.send_response io
+ io.rewind
+ res = Net::HTTPResponse.read_new(Net::BufferedIO.new(io))
+ assert_equal '500', res.code
+ refute_match 'hack', io.string
+ end
+
def test_304_does_not_log_warning
res.status = 304
res.setup_header

60
CVE-2019-16255.patch
View File

@ -1,60 +0,0 @@
From 3af01ae1101e0b8815ae5a106be64b0e82a58640 Mon Sep 17 00:00:00 2001
From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 1 Oct 2019 11:01:53 +0000
Subject: [PATCH] lib/shell/command-processor.rb (Shell#[]): prevent unknown
command
`FileTest.send(command, ...)` allows to call not only FileTest-related
methods but also any method that belongs to Kernel, Object, etc.
patched by <mame@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
lib/shell/command-processor.rb | 3 +++
test/shell/test_command_processor.rb | 18 ++++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/lib/shell/command-processor.rb b/lib/shell/command-processor.rb
index b52cb0043f75..08ea5c874c12 100644
--- a/lib/shell/command-processor.rb
+++ b/lib/shell/command-processor.rb
@@ -180,6 +180,9 @@ def test(command, file1, file2=nil)
top_level_test(command, file1)
end
else
+ unless FileTest.methods(false).include?(command.to_sym)
+ raise "unsupported command: #{ command }"
+ end
if file2
FileTest.send(command, file1, file2)
else
diff --git a/test/shell/test_command_processor.rb b/test/shell/test_command_processor.rb
index 06b5ecc1d9b4..51e14b5a6954 100644
--- a/test/shell/test_command_processor.rb
+++ b/test/shell/test_command_processor.rb
@@ -67,6 +67,24 @@ def test_system_directory
Dir.rmdir(path)
end
+ def test_test
+ name = "foo#{exeext}"
+ path = File.join(@tmpdir, name)
+ open(path, "w", 0644) {}
+
+ assert_equal(true, @shell[?e, path])
+ assert_equal(true, @shell[:e, path])
+ assert_equal(true, @shell["e", path])
+ assert_equal(true, @shell[:exist?, path])
+ assert_equal(true, @shell["exist?", path])
+ assert_raise_with_message(RuntimeError, /unsupported command/) do
+ assert_equal(true, @shell[:instance_eval, path])
+ end
+ ensure
+ Process.waitall
+ File.unlink(path)
+ end
+
def test_option_type
name = 'foo.cmd'
path = File.join(@tmpdir, name)

355
CVE-2019-8322-8323-8324-8325.patch
View File

@ -1,355 +0,0 @@
--- ruby-2.5.1/lib/rubygems/command_manager.rb 2017-10-07 21:32:18.000000000 -0400
+++ ruby-2.5.1-old/lib/rubygems/command_manager.rb 2019-05-20 09:09:51.814000000 -0400
@@ -7,7 +7,7 @@
require 'rubygems/command'
require 'rubygems/user_interaction'
-
+require 'rubygems/text'
##
# The command manager registers and installs all the individual sub-commands
# supported by the gem command.
@@ -31,7 +31,7 @@ require 'rubygems/user_interaction'
# See Gem::Command for instructions on writing gem commands.
class Gem::CommandManager
-
+ include Gem::Text
include Gem::UserInteraction
BUILTIN_COMMANDS = [ # :nodoc:
@@ -140,12 +140,12 @@ class Gem::CommandManager
def run(args, build_args=nil)
process_args(args, build_args)
rescue StandardError, Timeout::Error => ex
- alert_error "While executing gem ... (#{ex.class})\n #{ex}"
+ alert_error clean_text("While executing gem ... (#{ex.class})\n #{ex}")
ui.backtrace ex
terminate_interaction(1)
rescue Interrupt
- alert_error "Interrupted"
+ alert_error clean_text("Interrupted")
terminate_interaction(1)
end
@@ -163,7 +163,7 @@ class Gem::CommandManager
say Gem::VERSION
terminate_interaction 0
when /^-/ then
- alert_error "Invalid option: #{args.first}. See 'gem --help'."
+ alert_error clean_text("Invalid option: #{args.first}. See 'gem --help'.")
terminate_interaction 1
else
cmd_name = args.shift.downcase
@@ -212,7 +212,7 @@ class Gem::CommandManager
rescue Exception => e
e = load_error if load_error
- alert_error "Loading command: #{command_name} (#{e.class})\n\t#{e}"
+ alert_error clean_text("Loading command: #{command_name} (#{e.class})\n\t#{e}")
ui.backtrace e
end
end
--- ruby-2.5.1/lib/rubygems/commands/owner_command.rb 2018-03-19 04:27:04.000000000 -0400
+++ ruby-2.5.1-old/lib/rubygems/commands/owner_command.rb 2019-05-20 09:10:50.674000000 -0400
@@ -2,8 +2,11 @@
require 'rubygems/command'
require 'rubygems/local_remote_options'
require 'rubygems/gemcutter_utilities'
+require 'rubygems/text'
class Gem::Commands::OwnerCommand < Gem::Command
+
+ include Gem::Text
include Gem::LocalRemoteOptions
include Gem::GemcutterUtilities
@@ -64,7 +67,7 @@ permission to.
end
with_response response do |resp|
- owners = Gem::SafeYAML.load resp.body
+ owners = Gem::SafeYAML.load clean_text(resp.body)
say "Owners for gem: #{name}"
owners.each do |owner|
--- ruby-2.5.1/lib/rubygems/gemcutter_utilities.rb 2016-03-03 19:29:40.000000000 -0500
+++ ruby-2.5.1-old/lib/rubygems/gemcutter_utilities.rb 2019-05-20 09:13:08.502000000 -0400
@@ -1,10 +1,12 @@
# frozen_string_literal: true
require 'rubygems/remote_fetcher'
+require 'rubygems/text'
##
# Utility methods for using the RubyGems API.
module Gem::GemcutterUtilities
+ include Gem::Text
# TODO: move to Gem::Command
OptionParser.accept Symbol do |value|
@@ -145,13 +147,13 @@ module Gem::GemcutterUtilities
if block_given? then
yield response
else
- say response.body
+ say clean_text(response.body)
end
else
message = response.body
message = "#{error_prefix}: #{message}" if error_prefix
- say message
+ say clean_text(message)
terminate_interaction 1 # TODO: question this
end
end
--- ruby-2.5.1/lib/rubygems/installer.rb 2018-03-19 04:27:04.000000000 -0400
+++ ruby-2.5.1-old/lib/rubygems/installer.rb 2019-05-20 09:17:16.858000000 -0400
@@ -707,9 +707,26 @@ class Gem::Installer
unpack or File.writable?(gem_home)
end
- def verify_spec_name
- return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
- raise Gem::InstallError, "#{spec} has an invalid name"
+ def verify_spec
+ unless spec.name =~ Gem::Specification::VALID_NAME_PATTERN
+ raise Gem::InstallError, "#{spec} has an invalid name"
+ end
+
+ if spec.raw_require_paths.any?{|path| path =~ /\r\n|\r|\n/ }
+ raise Gem::InstallError, "#{spec} has an invalid require_paths"
+ end
+
+ if spec.extensions.any?{|ext| ext =~ /\r\n|\r|\n/ }
+ raise Gem::InstallError, "#{spec} has an invalid extensions"
+ end
+
+ unless spec.specification_version.to_s =~ /\A\d+\z/
+ raise Gem::InstallError, "#{spec} has an invalid specification_version"
+ end
+
+ if spec.dependencies.any? {|dep| dep.type =~ /\r\n|\r|\n/ || dep.name =~ /\r\n|\r|\n/ }
+ raise Gem::InstallError, "#{spec} has an invalid dependencies"
+ end
end
##
@@ -835,11 +852,12 @@ TEXT
def pre_install_checks
verify_gem_home options[:unpack]
+ # The name and require_paths must be verified first, since it could contain
+ # ruby code that would be eval'ed in #ensure_loadable_spec
+ verify_spec
ensure_loadable_spec
- verify_spec_name
-
if options[:install_as_default]
Gem.ensure_default_gem_subdirectories gem_home
else
--- ruby-2.5.1/lib/rubygems/package.rb 2018-03-19 04:27:04.000000000 -0400
+++ ruby-2.5.1-old/lib/rubygems/package.rb 2019-05-20 09:18:49.772000000 -0400
@@ -425,6 +425,16 @@ EOM
raise Gem::Package::PathError.new(destination, destination_dir) unless
destination.start_with? destination_dir + '/'
+ begin
+ real_destination = File.expand_path(File.realpath(destination))
+ rescue
+ # it's fine if the destination doesn't exist, because rm -rf'ing it can't cause any damage
+ nil
+ else
+ raise Gem::Package::PathError.new(real_destination, destination_dir) unless
+ real_destination.start_with? destination_dir + '/'
+ end
+
destination.untaint
destination
end
--- ruby-2.5.1/lib/rubygems/user_interaction.rb 2017-10-07 21:32:18.000000000 -0400
+++ ruby-2.5.1-old/lib/rubygems/user_interaction.rb 2019-05-20 09:20:18.208000000 -0400
@@ -6,13 +6,14 @@
#++
require 'rubygems/util'
-
+require 'rubygems/text'
##
# Module that defines the default UserInteraction. Any class including this
# module will have access to the +ui+ method that returns the default UI.
module Gem::DefaultUserInteraction
+ include Gem::Text
##
# The default UI is a class variable of the singleton class for this
# module.
@@ -160,8 +161,8 @@ module Gem::UserInteraction
# Calls +say+ with +msg+ or the results of the block if really_verbose
# is true.
- def verbose msg = nil
- say(msg || yield) if Gem.configuration.really_verbose
+ def verbose(msg = nil)
+ say(clean_text(msg || yield)) if Gem.configuration.really_verbose
end
end
--- ruby-2.5.1/test/rubygems/test_gem_installer.rb 2018-03-19 04:27:04.000000000 -0400
+++ ruby-2.5.1-old/test/rubygems/test_gem_installer.rb 2019-05-20 09:21:08.061000000 -0400
@@ -1474,6 +1474,94 @@ gem 'other', version
end
end
+ def test_pre_install_checks_malicious_name_before_eval
+ spec = util_spec "malicious\n::Object.const_set(:FROM_EVAL, true)#", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ util_build_gem spec
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious\n::Object.const_set(:FROM_EVAL, true)# version=1> has an invalid name", e.message
+ end
+ refute defined?(::Object::FROM_EVAL)
+ end
+ def test_pre_install_checks_malicious_require_paths_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.require_paths = ["malicious\n``"]
+ util_build_gem spec
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid require_paths", e.message
+ end
+ end
+ def test_pre_install_checks_malicious_extensions_before_eval
+ skip "mswin environment disallow to create file contained the carriage return code." if Gem.win_platform?
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.extensions = ["malicious\n``"]
+ util_build_gem spec
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid extensions", e.message
+ end
+ end
+ def test_pre_install_checks_malicious_specification_version_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.specification_version = "malicious\n``"
+ util_build_gem spec
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid specification_version", e.message
+ end
+ end
+ def test_pre_install_checks_malicious_dependencies_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.add_dependency "b\nfoo", '> 5'
+ util_build_gem spec
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ @installer.ignore_dependencies = true
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid dependencies", e.message
+ end
+ end
+
def test_shebang
util_make_exec @spec, "#!/usr/bin/ruby"
--- ruby-2.5.1/test/rubygems/test_gem_package.rb 2018-03-19 04:27:04.000000000 -0400
+++ ruby-2.5.1-old/test/rubygems/test_gem_package.rb 2019-05-20 09:23:11.311000000 -0400
@@ -480,6 +480,41 @@ class TestGemPackage < Gem::Package::Tar
"#{destination_subdir} is not allowed", e.message)
end
+ def test_extract_symlink_parent_doesnt_delete_user_dir
+ skip if RUBY_VERSION <= "1.8.7"
+ package = Gem::Package.new @gem
+
+ # Extract into a subdirectory of @destination; if this test fails it writes
+ # a file outside destination_subdir, but we want the file to remain inside
+ # @destination so it will be cleaned up.
+ destination_subdir = File.join @destination, 'subdir'
+ FileUtils.mkdir_p destination_subdir
+
+ destination_user_dir = File.join @destination, 'user'
+ destination_user_subdir = File.join destination_user_dir, 'dir'
+ FileUtils.mkdir_p destination_user_subdir
+
+ tgz_io = util_tar_gz do |tar|
+ tar.add_symlink 'link', destination_user_dir, 16877
+ tar.add_symlink 'link/dir', '.', 16877
+ end
+
+ e = assert_raises(Gem::Package::PathError, Errno::EACCES) do
+ package.extract_tar_gz tgz_io, destination_subdir
+ end
+
+ assert_path_exists destination_user_subdir
+
+ if Gem::Package::PathError === e
+ assert_equal("installing into parent path #{destination_user_subdir} of " +
+ "#{destination_subdir} is not allowed", e.message)
+ elsif win_platform?
+ skip "symlink - must be admin with no UAC on Windows"
+ else
+ raise e
+ end
+ end
+
def test_extract_tar_gz_directory
package = Gem::Package.new @gem
--- ruby-2.5.1/test/rubygems/test_gem_text.rb 2017-08-28 04:31:28.000000000 -0400
+++ ruby-2.5.1-old/test/rubygems/test_gem_text.rb 2019-05-20 09:23:59.928000000 -0400
@@ -85,4 +85,9 @@ Without the wrapping, the text might not
s = "ab" * 500_001
assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
end
+
+ def test_clean_text
+ assert_equal ".]2;nyan.", clean_text("\e]2;nyan\a")
+ end
+
end

37
CVE-2020-10663.patch
View File

@ -1,37 +0,0 @@
From 85487773ba69ec2179cac77ed725cec1b6cdffc8 Mon Sep 17 00:00:00 2001
Subject: [PATCH] fix CVE-2020-10663
---
ext/json/parser/parser.c | 2 +-
ext/json/parser/parser.rl | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/ext/json/parser/parser.c b/ext/json/parser/parser.c
index d2e4eb6..ae90b2e 100644
--- a/ext/json/parser/parser.c
+++ b/ext/json/parser/parser.c
@@ -1815,7 +1815,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
diff --git a/ext/json/parser/parser.rl b/ext/json/parser/parser.rl
index 29900a4..f7dbcff 100644
--- a/ext/json/parser/parser.rl
+++ b/ext/json/parser/parser.rl
@@ -710,7 +710,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
} else {
json->max_nesting = 100;
json->allow_nan = 0;
- json->create_additions = 1;
+ json->create_additions = 0;
json->create_id = rb_funcall(mJSON, i_create_id, 0);
json->object_class = Qnil;
json->array_class = Qnil;
--
2.23.0

88
CVE-2020-10933.patch
View File

@ -1,88 +0,0 @@
From 61b7f86248bd121be2e83768be71ef289e8e5b90 Mon Sep 17 00:00:00 2001
From: Yusuke Endoh <mame@ruby-lang.org>
Date: Tue, 31 Mar 2020 20:18:21 +0900
Subject: [PATCH] ext/socket/init.c: do not return uninitialized buffer
Resize string buffer only if some data is received in
BasicSocket#read_nonblock and some methods.
Co-Authored-By: Samuel Williams <samuel.williams@oriontransfer.co.nz>
---
ext/socket/init.c | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/ext/socket/init.c b/ext/socket/init.c
index 0675194d7442..6d17ecfb4e2f 100644
--- a/ext/socket/init.c
+++ b/ext/socket/init.c
@@ -121,6 +121,7 @@ rsock_send_blocking(void *data)
struct recvfrom_arg {
int fd, flags;
VALUE str;
+ size_t length;
socklen_t alen;
union_sockaddr buf;
};
@@ -131,10 +132,11 @@ recvfrom_blocking(void *data)
struct recvfrom_arg *arg = data;
socklen_t len0 = arg->alen;
ssize_t ret;
- ret = recvfrom(arg->fd, RSTRING_PTR(arg->str), RSTRING_LEN(arg->str),
+ ret = recvfrom(arg->fd, RSTRING_PTR(arg->str), arg->length,
arg->flags, &arg->buf.addr, &arg->alen);
if (ret != -1 && len0 < arg->alen)
arg->alen = len0;
+
return (VALUE)ret;
}
@@ -152,7 +154,6 @@ rsock_strbuf(VALUE str, long buflen)
} else {
rb_str_modify_expand(str, buflen - len);
}
- rb_str_set_len(str, buflen);
return str;
}
@@ -188,6 +189,7 @@ rsock_s_recvfrom(VALUE sock, int argc, VALUE *argv, enum sock_recv_type from)
arg.fd = fptr->fd;
arg.alen = (socklen_t)sizeof(arg.buf);
arg.str = str;
+ arg.length = buflen;
while (rb_io_check_closed(fptr),
rsock_maybe_wait_fd(arg.fd),
@@ -198,9 +200,8 @@ rsock_s_recvfrom(VALUE sock, int argc, VALUE *argv, enum sock_recv_type from)
}
}
- if (slen != RSTRING_LEN(str)) {
- rb_str_set_len(str, slen);
- }
+ /* Resize the string to the amount of data received */
+ rb_str_set_len(str, slen);
rb_obj_taint(str);
switch (from) {
case RECV_RECV:
@@ -330,6 +331,7 @@ rsock_read_nonblock(VALUE sock, VALUE length, VALUE buf, VALUE ex)
GetOpenFile(sock, fptr);
if (len == 0) {
+ rb_str_set_len(str, 0);
return str;
}
@@ -347,12 +349,9 @@ rsock_read_nonblock(VALUE sock, VALUE length, VALUE buf, VALUE ex)
rb_syserr_fail_path(e, fptr->pathv);
}
}
- if (len != n) {
+ if (n != RSTRING_LEN(str)) {
rb_str_modify(str);
rb_str_set_len(str, n);
- if (str != buf) {
- rb_str_resize(str, n);
- }
}
if (n == 0) {
if (ex == Qfalse) return Qnil;

50
ruby-2.1.0-custom-rubygems-location.patch
View File

@ -11,11 +11,10 @@ Subject: [PATCH] Allow to install RubyGems into custom location, outside of
tool/rbinstall.rb | 7 +++++++ tool/rbinstall.rb | 7 +++++++
4 files changed, 19 insertions(+) 4 files changed, 19 insertions(+)
diff --git a/configure.ac b/configure.ac diff -Naur a/configure.ac b/configure.ac
index 6bba453e3c..028ef7ca3e 100644 --- a/configure.ac 2020-07-27 16:38:47.589749033 +0800
--- a/configure.ac +++ b/configure.ac 2020-07-27 16:24:09.948494621 +0800
+++ b/configure.ac @@ -4288,6 +4288,10 @@
@@ -4287,6 +4287,10 @@ AC_ARG_WITH(vendorarchdir,
[vendorarchdir=$withval], [vendorarchdir=$withval],
[vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
@ -26,7 +25,7 @@ index 6bba453e3c..028ef7ca3e 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [ AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
RUBY_EXEC_PREFIX='' RUBY_EXEC_PREFIX=''
@@ -4311,6 +4315,7 @@ AC_SUBST(sitearchdir)dnl @@ -4312,6 +4316,7 @@
AC_SUBST(vendordir)dnl AC_SUBST(vendordir)dnl
AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorlibdir)dnl
AC_SUBST(vendorarchdir)dnl AC_SUBST(vendorarchdir)dnl
@ -34,11 +33,11 @@ index 6bba453e3c..028ef7ca3e 100644
AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl
diff --git a/loadpath.c b/loadpath.c
index 623dc9d..74c5d9e 100644 diff -Naur a/loadpath.c b/loadpath.c
--- a/loadpath.c --- a/loadpath.c 2020-07-27 16:38:47.589749033 +0800
+++ b/loadpath.c +++ b/loadpath.c 2020-07-27 16:24:09.948494621 +0800
@@ -94,6 +94,10 @@ const char ruby_initial_load_paths[] = @@ -94,6 +94,10 @@
#endif #endif
#endif #endif
@ -49,10 +48,10 @@ index 623dc9d..74c5d9e 100644
RUBY_LIB "\0" RUBY_LIB "\0"
#ifdef RUBY_THINARCH #ifdef RUBY_THINARCH
RUBY_ARCH_LIB_FOR(RUBY_THINARCH) "\0" RUBY_ARCH_LIB_FOR(RUBY_THINARCH) "\0"
diff --git a/template/verconf.h.tmpl b/template/verconf.h.tmpl
index 79c003e..34f2382 100644 diff -Naur a/template/verconf.h.tmpl b/template/verconf.h.tmpl
--- a/template/verconf.h.tmpl --- a/template/verconf.h.tmpl 2020-07-27 16:38:47.589749033 +0800
+++ b/template/verconf.h.tmpl +++ b/template/verconf.h.tmpl 2020-07-27 16:24:09.948494621 +0800
@@ -36,6 +36,9 @@ @@ -36,6 +36,9 @@
% if C["RUBY_SEARCH_PATH"] % if C["RUBY_SEARCH_PATH"]
#define RUBY_SEARCH_PATH "${RUBY_SEARCH_PATH}" #define RUBY_SEARCH_PATH "${RUBY_SEARCH_PATH}"
@ -63,19 +62,19 @@ index 79c003e..34f2382 100644
% %
% R = {} % R = {}
% R["ruby_version"] = '"RUBY_LIB_VERSION"' % R["ruby_version"] = '"RUBY_LIB_VERSION"'
diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb
index b47b6e1..0b99408 100755 diff -Naur a/tool/rbinstall.rb b/tool/rbinstall.rb
--- a/tool/rbinstall.rb --- a/tool/rbinstall.rb 2020-07-27 16:22:12.328326341 +0800
+++ b/tool/rbinstall.rb +++ b/tool/rbinstall.rb 2020-07-27 16:31:57.009162449 +0800
@@ -331,6 +331,7 @@ def CONFIG.[](name, mandatory = false) @@ -335,6 +335,7 @@
sitearchlibdir = CONFIG["sitearchdir"] vendorlibdir = CONFIG["vendorlibdir"]
vendorlibdir = CONFIG["vendorlibdir"] vendorarchlibdir = CONFIG["vendorarchdir"]
vendorarchlibdir = CONFIG["vendorarchdir"] end
+rubygemsdir = CONFIG["rubygemsdir"] +rubygemsdir = CONFIG["rubygemsdir"]
mandir = CONFIG["mandir", true] mandir = CONFIG["mandir", true]
docdir = CONFIG["docdir", true] docdir = CONFIG["docdir", true]
configure_args = Shellwords.shellwords(CONFIG["configure_args"]) configure_args = Shellwords.shellwords(CONFIG["configure_args"])
@@ -537,7 +538,13 @@ def install(src, cmd) @@ -541,7 +542,13 @@
install?(:local, :comm, :lib) do install?(:local, :comm, :lib) do
prepare "library scripts", rubylibdir prepare "library scripts", rubylibdir
noinst = %w[*.txt *.rdoc *.gemspec] noinst = %w[*.txt *.rdoc *.gemspec]
@ -89,6 +88,3 @@ index b47b6e1..0b99408 100755
end end
install?(:local, :comm, :hdr, :'comm-hdr') do install?(:local, :comm, :hdr, :'comm-hdr') do
--
1.8.3.1

112
ruby-2.5.1-Test-fixes-for-OpenSSL-1.1.1.patch
View File

@ -1,112 +0,0 @@
From 71057ca5963108bac1e2c31bd0e8e205ba74cc19 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Fri, 11 May 2018 13:43:32 +0900
Subject: [PATCH 1/2] test/test_pkey_rsa: fix test failure with OpenSSL 1.1.1
OpenSSL 1.1.1 raised the minimum size for RSA keys to 512 bits.
---
test/openssl/test_pkey_rsa.rb | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/test/openssl/test_pkey_rsa.rb b/test/openssl/test_pkey_rsa.rb
index c1205563..b4393e68 100644
--- a/test/openssl/test_pkey_rsa.rb
+++ b/test/openssl/test_pkey_rsa.rb
@@ -60,6 +60,13 @@ def test_new_with_exponent
end
end
+ def test_generate
+ key = OpenSSL::PKey::RSA.generate(512, 17)
+ assert_equal 512, key.n.num_bits
+ assert_equal 17, key.e
+ assert_not_nil key.d
+ end
+
def test_new_break
assert_nil(OpenSSL::PKey::RSA.new(1024) { break })
assert_raise(RuntimeError) do
@@ -256,7 +263,7 @@ def test_pem_passwd
end
def test_dup
- key = OpenSSL::PKey::RSA.generate(256, 17)
+ key = Fixtures.pkey("rsa1024")
key2 = key.dup
assert_equal key.params, key2.params
key2.set_key(key2.n, 3, key2.d)
From a5e26bc1345fe325bdc619f9b1768b7ad3c94214 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Fri, 11 May 2018 14:12:39 +0900
Subject: [PATCH 2/2] test/test_ssl_session: set client protocol version
explicitly
Clients that implement TLS 1.3's Middlebox Compatibility Mode will
always provide a non-empty session ID in the ClientHello. This means
the "get" callback for the server-side session caching may be called
for the initial connection.
---
test/openssl/test_ssl_session.rb | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index af8c65b1..6db0c2d1 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -198,7 +198,9 @@ def test_server_session_cache
first_session = nil
10.times do |i|
connections = i
- server_connect_with_session(port, nil, first_session) { |ssl|
+ cctx = OpenSSL::SSL::SSLContext.new
+ cctx.ssl_version = :TLSv1_2
+ server_connect_with_session(port, cctx, first_session) { |ssl|
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
first_session ||= ssl.session
@@ -257,6 +259,8 @@ def test_ctx_server_session_cb
connections = nil
called = {}
+ cctx = OpenSSL::SSL::SSLContext.new
+ cctx.ssl_version = :TLSv1_2
sctx = nil
ctx_proc = Proc.new { |ctx|
sctx = ctx
@@ -292,7 +296,7 @@ def test_ctx_server_session_cb
}
start_server(ctx_proc: ctx_proc) do |port|
connections = 0
- sess0 = server_connect_with_session(port, nil, nil) { |ssl|
+ sess0 = server_connect_with_session(port, cctx, nil) { |ssl|
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
assert_equal false, ssl.session_reused?
ssl.session
@@ -307,7 +311,7 @@ def test_ctx_server_session_cb
# Internal cache hit
connections = 1
- server_connect_with_session(port, nil, sess0.dup) { |ssl|
+ server_connect_with_session(port, cctx, sess0.dup) { |ssl|
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
assert_equal true, ssl.session_reused?
ssl.session
@@ -328,7 +332,7 @@ def test_ctx_server_session_cb
# External cache hit
connections = 2
- sess2 = server_connect_with_session(port, nil, sess0.dup) { |ssl|
+ sess2 = server_connect_with_session(port, cctx, sess0.dup) { |ssl|
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
if !ssl.session_reused? && openssl?(1, 1, 0) && !openssl?(1, 1, 0, 7)
# OpenSSL >= 1.1.0, < 1.1.0g
@@ -355,7 +359,7 @@ def test_ctx_server_session_cb
# Cache miss
connections = 3
- sess3 = server_connect_with_session(port, nil, sess0.dup) { |ssl|
+ sess3 = server_connect_with_session(port, cctx, sess0.dup) { |ssl|
ssl.puts("abc"); assert_equal "abc\n", ssl.gets
assert_equal false, ssl.session_reused?
ssl.session

115
ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch
View File

@ -1,115 +0,0 @@
From 584b5929f9b769c4d0b03e322a9fddf2b2dd3454 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 1 Apr 2018 13:02:11 +0000
Subject: [PATCH] test_time_tz.rb: Kiritimati tzdata fix
* test/ruby/test_time_tz.rb (gen_zdump_test): fix the expected
data at the Kiritimati's skip of New Year's Eve 1994.
[Bug #14655]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/ruby/test_time_tz.rb | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
index dfe139033ed3..ac5f81892878 100644
--- a/test/ruby/test_time_tz.rb
+++ b/test/ruby/test_time_tz.rb
@@ -364,9 +364,18 @@ def self.gen_zdump_test(data)
Europe/London Sun Aug 10 01:00:00 1947 UTC = Sun Aug 10 02:00:00 1947 BST isdst=1 gmtoff=3600
Europe/London Sun Nov 2 01:59:59 1947 UTC = Sun Nov 2 02:59:59 1947 BST isdst=1 gmtoff=3600
Europe/London Sun Nov 2 02:00:00 1947 UTC = Sun Nov 2 02:00:00 1947 GMT isdst=0 gmtoff=0
+End
+ if CORRECT_KIRITIMATI_SKIP_1994
+ gen_zdump_test <<'End'
+Pacific/Kiritimati Sat Dec 31 09:59:59 1994 UTC = Fri Dec 30 23:59:59 1994 LINT isdst=0 gmtoff=-36000
+Pacific/Kiritimati Sat Dec 31 10:00:00 1994 UTC = Sun Jan 1 00:00:00 1995 LINT isdst=0 gmtoff=50400
+End
+ else
+ gen_zdump_test <<'End'
Pacific/Kiritimati Sun Jan 1 09:59:59 1995 UTC = Sat Dec 31 23:59:59 1994 LINT isdst=0 gmtoff=-36000
Pacific/Kiritimati Sun Jan 1 10:00:00 1995 UTC = Mon Jan 2 00:00:00 1995 LINT isdst=0 gmtoff=50400
End
+ end
gen_zdump_test <<'End' if has_right_tz
right/America/Los_Angeles Fri Jun 30 23:59:60 1972 UTC = Fri Jun 30 16:59:60 1972 PDT isdst=1 gmtoff=-25200
right/America/Los_Angeles Wed Dec 31 23:59:60 2008 UTC = Wed Dec 31 15:59:60 2008 PST isdst=0 gmtoff=-28800
--
From 2965c2d4df78e6f5acf8759f84c88ce14a4e70f1 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 1 Apr 2018 02:00:36 +0000
Subject: [PATCH] test_time_tz.rb: Kiritimati tzdata fix
* test/ruby/test_time_tz.rb (TestTimeTZ#test_pacific_kiritimati):
fix the expected data at the skip of New Year's Eve 1994.
[Bug #14655]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63054 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/ruby/test_time_tz.rb | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
index 39b830d28a3d..dfe139033ed3 100644
--- a/test/ruby/test_time_tz.rb
+++ b/test/ruby/test_time_tz.rb
@@ -89,6 +89,9 @@ def group_by(e, &block)
Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata
end
}
+ CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") {
+ Time.local(1994, 12, 31, 0, 0, 0).year == 1995
+ }
def time_to_s(t)
t.to_s
@@ -178,9 +181,17 @@ def test_europe_lisbon
def test_pacific_kiritimati
with_tz(tz="Pacific/Kiritimati") {
- assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59])
- assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0])
- assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59])
+ assert_time_constructor(tz, "1994-12-30 00:00:00 -1000", :local, [1994,12,30,0,0,0])
+ assert_time_constructor(tz, "1994-12-30 23:59:59 -1000", :local, [1994,12,30,23,59,59])
+ if CORRECT_KIRITIMATI_SKIP_1994
+ assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1994,12,31,0,0,0])
+ assert_time_constructor(tz, "1995-01-01 23:59:59 +1400", :local, [1994,12,31,23,59,59])
+ assert_time_constructor(tz, "1995-01-01 00:00:00 +1400", :local, [1995,1,1,0,0,0])
+ else
+ assert_time_constructor(tz, "1994-12-31 23:59:59 -1000", :local, [1994,12,31,23,59,59])
+ assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,1,0,0,0])
+ assert_time_constructor(tz, "1995-01-02 23:59:59 +1400", :local, [1995,1,1,23,59,59])
+ end
assert_time_constructor(tz, "1995-01-02 00:00:00 +1400", :local, [1995,1,2,0,0,0])
}
end
--
From a0e6607a8172f9eaf9a15f03065736deb2035771 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sun, 1 Apr 2018 13:16:14 +0000
Subject: [PATCH] test_time_tz.rb: Lisbon tzdata fix
* test/ruby/test_time_tz.rb (gen_variational_zdump_test): Update
Lisbon zdump data, which fixed the 1912-01-01 transition for
Portugual and its colonies. [Bug #14655]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@63056 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/ruby/test_time_tz.rb | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
index ac5f81892878..b32caff9c539 100644
--- a/test/ruby/test_time_tz.rb
+++ b/test/ruby/test_time_tz.rb
@@ -434,5 +434,6 @@ def self.gen_variational_zdump_test(hint, data)
gen_variational_zdump_test "lisbon", <<'End' if has_lisbon_tz
Europe/Lisbon Mon Jan 1 00:36:31 1912 UTC = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2192
Europe/Lisbon Mon Jan 1 00:36:44 1912 UT = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2205
+Europe/Lisbon Sun Dec 31 23:59:59 1911 UT = Sun Dec 31 23:23:14 1911 LMT isdst=0 gmtoff=-2205
End
end

BIN
ruby-2.5.1.tar.xz → ruby-2.5.8.tar.xz
View File

Binary file not shown.

501
ruby-2.6.0-Try-to-update-cert.patch
View File

@ -1,501 +0,0 @@
From f234e6c3d3170f37508e214cdaef78d4b2584e5a Mon Sep 17 00:00:00 2001
From: kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 2 Jan 2019 03:08:20 +0000
Subject: [PATCH 1/2] Try to update cert
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/net/fixtures/cacert.pem | 86 +++++++-------------------
test/net/fixtures/server.crt | 113 +++++++++++++++++++++++------------
test/net/fixtures/server.key | 43 ++++++++-----
3 files changed, 124 insertions(+), 118 deletions(-)
diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem
index 7073387877..f623bd62ed 100644
--- a/test/net/fixtures/cacert.pem
+++ b/test/net/fixtures/cacert.pem
@@ -1,66 +1,24 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b9:90:a2:bf:62:69:17:9c
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- Validity
- Not Before: Jan 3 01:34:17 2014 GMT
- Not After : Jan 2 01:34:17 2019 GMT
- Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6:
- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be:
- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13:
- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5:
- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40:
- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d:
- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89:
- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6:
- d0:fc:d6:eb:fc:06:82:10:fb
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
- X509v3 Authority Key Identifier:
- keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
- DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- serial:B9:90:A2:BF:62:69:17:9C
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95:
- f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8:
- 61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56:
- d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a:
- 08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e:
- 84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e:
- 35:03:ea:0a:65:5a:33:38:c6:cc:81:46:c0:bc:36:86:96:39:
- 10:7d
-----BEGIN CERTIFICATE-----
-MIIDjTCCAvagAwIBAgIJALmQor9iaRecMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
-VQQGEwJKUDEQMA4GA1UECBMHU2hpbWFuZTEUMBIGA1UEBxMLTWF0ei1lIGNpdHkx
-FzAVBgNVBAoTDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDEwxSdWJ5IFRlc3QgQ0Ex
-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTQwMTAz
-MDEzNDE3WhcNMTkwMTAyMDEzNDE3WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT
-B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv
-cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
-ZWN1cml0eUBydWJ5LWxhbmcub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv70BpBrLJE51+
-66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl9Ny7XaVBYOep
-dLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQABo4H0MIHxMB0G
-A1UdDgQWBBToflisE3sDIo2erzILhImAgAwewjCBwQYDVR0jBIG5MIG2gBToflis
-E3sDIo2erzILhImAgAwewqGBkqSBjzCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT
-B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv
-cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
-ZWN1cml0eUBydWJ5LWxhbmcub3JnggkAuZCiv2JpF5wwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCPdwZOMXIS7mgJcCfUMYXvEJX5DytmYwg3iG63m0A+
-GHczhuhharc8y8em1tWSah9W0J9cMlbTN1L+DiDCeg3+LTyB2rh/TWoIAdm+eqIV
-vqbOSWSQjJrKbi6ESB2UGVaURqolm2jCgGC/yy41A+oKZVozOMbMgUbAvDaGljkQ
-fQ==
+MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
+VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx
+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
+JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy
+MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM
+B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv
+cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
+ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV
+SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI
+3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d
+BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L
+2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R
+WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9
+I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA
+of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q
+aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS
+2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee
+uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s
+K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+
+mA==
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt
index fa4f99493a..817ecc222c 100644
--- a/test/net/fixtures/server.crt
+++ b/test/net/fixtures/server.crt
@@ -1,48 +1,83 @@
Certificate:
Data:
- Version: 1 (0x0)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
Validity
- Not Before: Jan 3 01:34:17 2014 GMT
- Not After : Jan 2 01:34:17 2019 GMT
- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost
+ Not Before: Jan 2 03:06:53 2019 GMT
+ Not After : Jan 1 03:06:53 2024 GMT
+ Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6:
- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be:
- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13:
- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5:
- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40:
- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d:
- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89:
- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6:
- d0:fc:d6:eb:fc:06:82:10:fb
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86:
+ c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68:
+ 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87:
+ e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71:
+ 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be:
+ c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3:
+ 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd:
+ 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57:
+ d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc:
+ 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84:
+ 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0:
+ 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f:
+ 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1:
+ dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd:
+ fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e:
+ 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de:
+ ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82:
+ 96:a9
Exponent: 65537 (0x10001)
- Signature Algorithm: sha1WithRSAEncryption
- 85:f5:d3:05:8b:8c:f4:43:1c:88:f2:8f:b2:f2:93:77:b7:3d:
- 95:c6:a0:34:bc:33:6a:d8:85:5f:3e:86:08:10:c5:5c:c1:76:
- a3:53:3c:dc:38:98:23:97:e7:da:21:ac:e8:4d:3c:96:70:29:
- ff:ff:1e:4a:9a:17:2b:db:04:62:b9:ef:ab:ea:a7:a5:e8:7c:
- b1:d5:ed:30:a8:6c:78:de:51:7e:e3:8a:c2:a4:64:a8:63:a2:
- bc:fd:43:9c:f3:55:7d:54:c9:6a:d8:53:1c:4b:6b:03:aa:b6:
- 19:e6:a4:4f:47:00:96:c5:42:59:85:4e:c3:4e:cd:41:82:53:
- 10:f8
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43
+ X509v3 Authority Key Identifier:
+ keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19:
+ 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4:
+ 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42:
+ 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7:
+ fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea:
+ 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75:
+ 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45:
+ ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87:
+ 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06:
+ 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d:
+ bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27:
+ f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07:
+ fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5:
+ 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87:
+ 9d:64:28:ce
-----BEGIN CERTIFICATE-----
-MIICXDCCAcUCAQAwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD
-VQQIEwdTaGltYW5lMRQwEgYDVQQHEwtNYXR6LWUgY2l0eTEXMBUGA1UEChMOUnVi
-eSBDb3JlIFRlYW0xFTATBgNVBAMTDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ
-ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0xNDAxMDMwMTM0MTdaFw0xOTAx
-MDIwMTM0MTdaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdTaGltYW5lMRcwFQYD
-VQQKEw5SdWJ5IENvcmUgVGVhbTESMBAGA1UECxMJUnVieSBUZXN0MRIwEAYDVQQD
-Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANt10EXesd+/
-caAOsKXmvPQcneUlZ2TFe8vxr8a+mqrqfg/MBa/vQGkGsskTnX7rogbi6n0Hx8eZ
-x/vVuOtjd2IrGBLDU1jQ9cdADAHRJoI0Fgnj3GX03LtdpUFg56l0utdMtqOcxYyJ
-r8vonwX+6v5kJL/n7eP20PzW6/wGghD7AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA
-hfXTBYuM9EMciPKPsvKTd7c9lcagNLwzatiFXz6GCBDFXMF2o1M83DiYI5fn2iGs
-6E08lnAp//8eSpoXK9sEYrnvq+qnpeh8sdXtMKhseN5RfuOKwqRkqGOivP1DnPNV
-fVTJathTHEtrA6q2GeakT0cAlsVCWYVOw07NQYJTEPg=
+MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
+EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK
+DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI
+hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX
+DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
+JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m
+u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W
+vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI
+Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT
+Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI
+BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5
+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME
+GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK
+Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx
+DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2
+Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN
+/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS
+SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm
+gJGByxo9tY6HnWQozg==
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key
index 7c57546ece..1e73232728 100644
--- a/test/net/fixtures/server.key
+++ b/test/net/fixtures/server.key
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv
-70BpBrLJE51+66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl
-9Ny7XaVBYOepdLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQAB
-AoGAGtYHR+P5gFDaxiXFuCPFC1zMeg7e29XCU6gURIteQnQ2QhxCvcbV64HkLu51
-HeYWhB0Pa4aeCWxmpgb2e+JH4MEoIjeJSGyZQeqwkQLgWJDdvkgWx5am58QzA60I
-ipkZ9QHcPffSs5RiGx4yfr58KqAmwFphGCY8W7v4LqaENdECQQD9H5VTW9g4gj1c
-j3uNYvSI/D7a9P7gfI+ziczuwMm5xsBx3D/t5TAr3SJKNne3sl1E6ZERCUbzxf+C
-k58EiHx1AkEA3fRLGqDOq7EcQhbjTcA/v/t5MwlGEUsS9+XrqOWn50YuoIwRZJ3v
-qHRQzfQfFNklGtfBvwQ4md3irXjMeGVprwJBAMEAuwiDiHuV+xm/ofKtmE13IKot
-ksYy1BOOp/8IawhHXueyi+BmF/PqOkIiA+jCjNGF0oIN89beizPSQbbgJx0CQG/K
-qL1bu1ys0y/SeWBi8XkP/0aeaCUzq/UiYCTsrzoEll2UzvnftqMhGsXxLGqCyHaR
-r2s3hA6zvIVlL4+AfM8CQQClq+WDrC5VKciLYakZNWJjV1m+H2Ut/0fXdUjKHajE
-FWLcsrOhADf6bkTb71GwPxnKRkkRmud5upP0ZYYTqM4X
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k
+339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu
+cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l
+//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT
+XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP
+CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym
+WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM
+BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9
+fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j
+hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T
+uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q
+8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB
+s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z
+AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl
+lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x
+u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm
+gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr
+45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN
+W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM
+spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3
+bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW
+uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox
+kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+
+XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE
+bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml
+uCiVeqoPl+JIg4m8Tz76XWo=
+-----END PRIVATE KEY-----
--
2.20.1
From 1e0b49a293d3792826c67b7e05c5fcbd09c9ea6e Mon Sep 17 00:00:00 2001
From: kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 2 Jan 2019 03:29:01 +0000
Subject: [PATCH 2/2] Try to update cert (2nd try)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/net/fixtures/server.crt | 115 +++++++++++++++++------------------
test/net/fixtures/server.key | 52 ++++++++--------
2 files changed, 83 insertions(+), 84 deletions(-)
diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt
index 817ecc222c..5ca78a6d14 100644
--- a/test/net/fixtures/server.crt
+++ b/test/net/fixtures/server.crt
@@ -1,35 +1,35 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 1 (0x1)
+ Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
Validity
- Not Before: Jan 2 03:06:53 2019 GMT
- Not After : Jan 1 03:06:53 2024 GMT
- Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
+ Not Before: Jan 2 03:27:13 2019 GMT
+ Not After : Jan 1 03:27:13 2024 GMT
+ Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
- 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86:
- c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68:
- 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87:
- e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71:
- 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be:
- c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3:
- 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd:
- 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57:
- d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc:
- 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84:
- 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0:
- 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f:
- 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1:
- dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd:
- fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e:
- 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de:
- ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82:
- 96:a9
+ 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07:
+ 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48:
+ e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57:
+ 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67:
+ cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1:
+ 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7:
+ bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc:
+ 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1:
+ 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9:
+ 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19:
+ 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04:
+ 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3:
+ 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4:
+ de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d:
+ 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc:
+ e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d:
+ 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10:
+ 4f:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
@@ -37,47 +37,46 @@ Certificate:
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
- F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43
+ ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36
X509v3 Authority Key Identifier:
keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53
Signature Algorithm: sha256WithRSAEncryption
- 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19:
- 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4:
- 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42:
- 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7:
- fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea:
- 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75:
- 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45:
- ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87:
- 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06:
- 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d:
- bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27:
- f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07:
- fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5:
- 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87:
- 9d:64:28:ce
+ 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c:
+ ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35:
+ 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51:
+ fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a:
+ 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a:
+ 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15:
+ 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64:
+ 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62:
+ d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab:
+ 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d:
+ 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2:
+ 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff:
+ 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf:
+ da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69:
+ fd:be:bd:6e
-----BEGIN CERTIFICATE-----
-MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
+MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK
DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI
-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX
-DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m
-u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W
-vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI
-Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT
-Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI
-BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5
-MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
-cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME
-GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK
-Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx
-DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2
-Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN
-/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS
-SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm
-gJGByxo9tY6HnWQozg==
+hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX
+DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ
+zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj
+VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ
+wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r
+sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d
+dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o
+wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N
++J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ
+y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW
+EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL
+Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1
+oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j
+28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key
index 1e73232728..7f2380e71e 100644
--- a/test/net/fixtures/server.key
+++ b/test/net/fixtures/server.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k
-339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu
-cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l
-//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT
-XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP
-CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym
-WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM
-BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9
-fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j
-hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T
-uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q
-8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB
-s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z
-AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl
-lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x
-u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm
-gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr
-45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN
-W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM
-spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3
-bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW
-uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox
-kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+
-XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE
-bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml
-uCiVeqoPl+JIg4m8Tz76XWo=
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN
+XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU
+Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC
+6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE
+cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ
+n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u
+/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ
+DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho
+LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX
+QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej
+hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ
+1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt
+liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd
+U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc
+pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC
+A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1
+ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs
+oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD
+gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ
+xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn
+kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ
+uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ
+y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ
+g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8
+wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7
+2whRF0FEjKA8ehrNhAq+VFfFNw==
-----END PRIVATE KEY-----
--
2.20.1

203
ruby-2.6.0-fix-test-failure-with-TLS-1.3.patch
View File

@ -1,203 +0,0 @@
From 6fcc6c0efc42d1c6325cf4bb0ca16e2a448cdbed Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Mon, 6 Aug 2018 20:51:42 +0900
Subject: [PATCH] test/test_ssl: fix test failure with TLS 1.3
SSL_connect() on the client side may return before SSL_accept() on
server side returns. This will fix test failures with OpenSSL's current
master.
---
test/openssl/test_ssl.rb | 45 ++++++++++++++++++++++++++--------------
test/openssl/test_ssl_session.rb | 1 +
2 files changed, 31 insertions(+), 15 deletions(-)
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 7bb32adf..408c7d82 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -47,6 +47,8 @@ def test_ssl_with_server_cert
assert_equal 2, ssl.peer_cert_chain.size
assert_equal @svr_cert.to_der, ssl.peer_cert_chain[0].to_der
assert_equal @ca_cert.to_der, ssl.peer_cert_chain[1].to_der
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock&.close
@@ -157,6 +159,7 @@ def test_sync_close
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_not_predicate sock, :closed?
ensure
@@ -168,6 +171,7 @@ def test_sync_close
ssl = OpenSSL::SSL::SSLSocket.new(sock)
ssl.sync_close = true # !!
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ssl.close
assert_predicate sock, :closed?
ensure
@@ -259,7 +263,10 @@ def test_client_ca
client_ca_from_server = sslconn.client_ca
[@cli_cert, @cli_key]
end
- server_connect(port, ctx) { |ssl| assert_equal([@ca], client_ca_from_server) }
+ server_connect(port, ctx) { |ssl|
+ assert_equal([@ca], client_ca_from_server)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
end
@@ -356,21 +363,16 @@ def test_verify_result
}
start_server { |port|
- sock = TCPSocket.new("127.0.0.1", port)
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.verify_callback = Proc.new do |preverify_ok, store_ctx|
store_ctx.error = OpenSSL::X509::V_OK
true
end
- ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
- ssl.sync_close = true
- begin
- ssl.connect
+ server_connect(port, ctx) { |ssl|
assert_equal(OpenSSL::X509::V_OK, ssl.verify_result)
- ensure
- ssl.close
- end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+ }
}
start_server(ignore_listener_error: true) { |port|
@@ -455,6 +457,8 @@ def test_post_connection_check
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert_raise(sslerr){ssl.post_connection_check("localhost.localdomain")}
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert(ssl.post_connection_check("localhost"))
@@ -476,6 +482,8 @@ def test_post_connection_check
@svr_cert = issue_cert(@svr, @svr_key, 4, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert(ssl.post_connection_check("127.0.0.1"))
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -496,6 +502,8 @@ def test_post_connection_check
@svr_cert = issue_cert(@svr, @svr_key, 5, exts, @ca_cert, @ca_key)
start_server { |port|
server_connect(port) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
+
assert(ssl.post_connection_check("localhost.localdomain"))
assert_raise(sslerr){ssl.post_connection_check("127.0.0.1")}
assert_raise(sslerr){ssl.post_connection_check("localhost")}
@@ -722,6 +730,8 @@ def test_tlsext_hostname
ssl.connect
assert_equal @cli_cert.serial, ssl.peer_cert.serial
assert_predicate fooctx, :frozen?
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -733,6 +743,8 @@ def test_tlsext_hostname
ssl.hostname = "bar.example.com"
ssl.connect
assert_equal @svr_cert.serial, ssl.peer_cert.serial
+
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
ensure
ssl&.close
sock.close
@@ -805,7 +817,8 @@ def test_verify_hostname_on_connect
ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
ssl.hostname = name
if expected_ok
- assert_nothing_raised { ssl.connect }
+ ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
else
assert_handshake_error { ssl.connect }
end
@@ -1086,6 +1099,7 @@ def test_renegotiation_cb
start_server_version(:SSLv23, ctx_proc) { |port|
server_connect(port) { |ssl|
assert_equal(1, num_handshakes)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -1104,6 +1118,7 @@ def test_alpn_protocol_selection_ary
ctx.alpn_protocols = advertised
server_connect(port, ctx) { |ssl|
assert_equal(advertised.first, ssl.alpn_protocol)
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
}
end
@@ -1226,14 +1241,11 @@ def test_npn_selected_protocol_too_long
end
def test_close_after_socket_close
- server_proc = proc { |ctx, ssl|
- # Do nothing
- }
- start_server(server_proc: server_proc) { |port|
+ start_server { |port|
sock = TCPSocket.new("127.0.0.1", port)
ssl = OpenSSL::SSL::SSLSocket.new(sock)
- ssl.sync_close = true
ssl.connect
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
sock.close
assert_nothing_raised do
ssl.close
@@ -1298,6 +1310,7 @@ def test_get_ephemeral_key
ctx.ciphers = "DEFAULT:!kRSA:!kEDH"
server_connect(port, ctx) { |ssl|
assert_instance_of OpenSSL::PKey::EC, ssl.tmp_key
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
@@ -1440,6 +1453,7 @@ def test_ecdh_curves
assert_equal "secp384r1", ssl.tmp_key.group.curve_name
end
end
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
if openssl?(1, 0, 2) || libressl?(2, 5, 1)
@@ -1455,6 +1469,7 @@ def test_ecdh_curves
server_connect(port, ctx) { |ssl|
assert_equal "secp521r1", ssl.tmp_key.group.curve_name
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
}
end
end
diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
index 6db0c2d1..78b160ed 100644
--- a/test/openssl/test_ssl_session.rb
+++ b/test/openssl/test_ssl_session.rb
@@ -113,6 +113,7 @@ def test_resumption
non_resumable = nil
start_server { |port|
server_connect_with_session(port, nil, nil) { |ssl|
+ ssl.puts "abc"; assert_equal "abc\n", ssl.gets
non_resumable = ssl.session
}
}

157
ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch
View File

@ -1,157 +0,0 @@
From 1dfc377ae3b174b043d3f0ed36de57b0296b34d0 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 8 Aug 2018 14:13:55 +0000
Subject: [PATCH] net/http, net/ftp: fix session resumption with TLS 1.3
When TLS 1.3 is in use, the session ticket may not have been sent yet
even though a handshake has finished. Also, the ticket could change if
multiple session ticket messages are sent by the server. Use
SSLContext#session_new_cb instead of calling SSLSocket#session
immediately after a handshake. This way also works with earlier protocol
versions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
lib/net/ftp.rb | 5 ++++-
lib/net/http.rb | 7 +++++--
test/net/http/test_https.rb | 35 ++++++++++-------------------------
3 files changed, 19 insertions(+), 28 deletions(-)
diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
index c3ee47ef4d36..9902f9dc657a 100644
--- a/lib/net/ftp.rb
+++ b/lib/net/ftp.rb
@@ -230,6 +230,10 @@ def initialize(host = nil, user_or_options = {}, passwd = nil, acct = nil)
if defined?(VerifyCallbackProc)
@ssl_context.verify_callback = VerifyCallbackProc
end
+ @ssl_context.session_cache_mode =
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+ @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
@ssl_session = nil
if options[:private_data_connection].nil?
@private_data_connection = true
@@ -349,7 +353,6 @@ def start_tls_session(sock)
if @ssl_context.verify_mode != VERIFY_NONE
ssl_sock.post_connection_check(@host)
end
- @ssl_session = ssl_sock.session
return ssl_sock
end
private :start_tls_session
diff --git a/lib/net/http.rb b/lib/net/http.rb
index 281b15cedff0..683a884f5dbe 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -983,6 +983,10 @@ def connect
end
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context.set_params(ssl_parameters)
+ @ssl_context.session_cache_mode =
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+ @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
D "starting SSL for #{conn_address}:#{conn_port}..."
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
s.sync_close = true
@@ -990,13 +994,12 @@ def connect
s.hostname = @address if s.respond_to? :hostname=
if @ssl_session and
Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
- s.session = @ssl_session if @ssl_session
+ s.session = @ssl_session
end
ssl_socket_connect(s, @open_timeout)
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
s.post_connection_check(@address)
end
- @ssl_session = s.session
D "SSL established"
end
@socket = BufferedIO.new(s, read_timeout: @read_timeout,
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
index 8004d5c5f29f..a5182a1fe9db 100644
--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
@@ -71,20 +71,11 @@ def test_session_reuse
http.get("/")
http.finish
- http.start
- http.get("/")
- http.finish # three times due to possible bug in OpenSSL 0.9.8
-
- sid = http.instance_variable_get(:@ssl_session).id
-
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
-
- assert socket.session_reused?
-
- assert_equal sid, http.instance_variable_get(:@ssl_session).id
+ assert_equal true, socket.session_reused?
http.finish
rescue SystemCallError
@@ -101,16 +92,12 @@ def test_session_reuse_but_expire
http.get("/")
http.finish
- sid = http.instance_variable_get(:@ssl_session).id
-
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
assert_equal false, socket.session_reused?
- assert_not_equal sid, http.instance_variable_get(:@ssl_session).id
-
http.finish
rescue SystemCallError
skip $!
@@ -160,15 +147,16 @@ def test_certificate_verify_failure
end
def test_identity_verify_failure
+ # the certificate's subject has CN=localhost
http = Net::HTTP.new("127.0.0.1", config("port"))
http.use_ssl = true
- http.verify_callback = Proc.new do |preverify_ok, store_ctx|
- true
- end
+ http.cert_store = TEST_STORE
+ @log_tester = lambda {|_| }
ex = assert_raise(OpenSSL::SSL::SSLError){
http.request_get("/") {|res| }
}
- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
+ re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/
+ assert_match(re_msg, ex.message)
end
def test_timeout_during_SSL_handshake
@@ -193,16 +181,13 @@ def test_timeout_during_SSL_handshake
end
def test_min_version
- http = Net::HTTP.new("127.0.0.1", config("port"))
+ http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.min_version = :TLS1
- http.verify_callback = Proc.new do |preverify_ok, store_ctx|
- true
- end
- ex = assert_raise(OpenSSL::SSL::SSLError){
- http.request_get("/") {|res| }
+ http.cert_store = TEST_STORE
+ http.request_get("/") {|res|
+ assert_equal($test_net_http_data, res.body)
}
- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
end
def test_max_version

62
ruby-CVE-2018-16395.patch
View File

@ -1,62 +0,0 @@
From cbe558bbcc1f20573fd2667f210a44eb83dec241 Mon Sep 17 00:00:00 2001
From: shenyining <shenyining@huawei.com>
Date: Thu, 21 Mar 2019 19:42:01 +0800
Subject: [PATCH] fix CVE-2018-16395
patch url:
https://github.com/ruby/ruby/commit/93bc10272734cbbb9197470ca629cc4ea019f6f0
https://hackerone.com/reports/387250
CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-16395
https://www.ruby-lang.org/en/news/2018/10/17/openssl-x509-name-equality-check-does-not-work-correctly-cve-2018-16395/
Signed-off-by: shenyining <shenyining@huawei.com>
---
ext/openssl/ossl_x509name.c | 2 +-
test/openssl/test_x509name.rb | 14 ++++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index c900bcb..15e4bb0 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
result = ossl_x509name_cmp0(self, other);
if (result < 0) return INT2FIX(-1);
- if (result > 1) return INT2FIX(1);
+ if (result > 0) return INT2FIX(1);
return INT2FIX(0);
}
diff --git a/test/openssl/test_x509name.rb b/test/openssl/test_x509name.rb
index 2d92e64..ae8a8fb 100644
--- a/test/openssl/test_x509name.rb
+++ b/test/openssl/test_x509name.rb
@@ -426,10 +426,24 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
name0 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]])
name1 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-lang.org"]])
name2 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "baz.ruby-lang.org"]])
+ name3 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bar.ruby-langg.org"]])
+ name4 = OpenSSL::X509::Name.new([["DC", "org"], ["DC", "ruby-lang"], ["CN", "bbz.ruby-lang.org"]])
assert_equal true, name0 == name1
assert_equal true, name0.eql?(name1)
+ assert_equal true, name1 == name0
+ assert_equal true, name1.eql?(name0)
assert_equal false, name0 == name2
assert_equal false, name0.eql?(name2)
+ assert_equal false, name2 == name0
+ assert_equal false, name2.eql?(name0)
+ assert_equal false, name0 == name3
+ assert_equal false, name0.eql?(name3)
+ assert_equal false, name3 == name0
+ assert_equal false, name3.eql?(name0)
+ assert_equal false, name0 == name4
+ assert_equal false, name0.eql?(name4)
+ assert_equal false, name4 == name0
+ assert_equal false, name4.eql?(name0)
end
def test_dup
--
1.8.3.1

103
ruby-CVE-2018-16396.patch
View File

@ -1,103 +0,0 @@
From 24dc9891be7e97ca351c58bce00c488f5ba7b398 Mon Sep 17 00:00:00 2001
From: shenyining <shenyining@huawei.com>
Date: Thu, 21 Mar 2019 20:11:44 +0800
Subject: [PATCH] fix CVE-2018-16396
patch url:
https://github.com/ruby/ruby/commit/4989bad4387ee2e9a7309d51840bc0705a248460
CVE:
https://nvd.nist.gov/vuln/detail/CVE-2018-16396
https://www.ruby-lang.org/en/news/2018/10/17/not-propagated-taint-flag-in-some-formats-of-pack-cve-2018-16396/
Signed-off-by: shenyining <shenyining@huawei.com>
---
pack.c | 7 +++++++
test/ruby/test_pack.rb | 16 ++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/pack.c b/pack.c
index 11d26bd..50f3dce 100644
--- a/pack.c
+++ b/pack.c
@@ -749,6 +749,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
StringValue(from);
ptr = RSTRING_PTR(from);
plen = RSTRING_LEN(from);
+ OBJ_INFECT(res, from);
if (len == 0 && type == 'm') {
encodes(res, ptr, plen, type, 0);
@@ -776,6 +777,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
case 'M': /* quoted-printable encoded string */
from = rb_obj_as_string(NEXTFROM);
+ OBJ_INFECT(res, from);
if (len <= 1)
len = 72;
qpencode(res, from, len);
@@ -801,6 +803,7 @@ pack_pack(int argc, VALUE *argv, VALUE ary)
}
else {
t = StringValuePtr(from);
+ OBJ_INFECT(res, from);
rb_obj_taint(from);
}
if (!associates) {
@@ -1184,6 +1187,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 8;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 7) bits >>= 1;
@@ -1205,6 +1209,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 8;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 7) bits <<= 1;
@@ -1226,6 +1231,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 2;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 1)
@@ -1249,6 +1255,7 @@ pack_unpack_internal(VALUE str, VALUE fmt, int mode)
len = (send - s) * 2;
bits = 0;
bitstr = rb_usascii_str_new(0, len);
+ OBJ_INFECT(bitstr, str);
t = RSTRING_PTR(bitstr);
for (i=0; i<len; i++) {
if (i & 1)
diff --git a/test/ruby/test_pack.rb b/test/ruby/test_pack.rb
index a872bf3..aec4189 100644
--- a/test/ruby/test_pack.rb
+++ b/test/ruby/test_pack.rb
@@ -860,4 +860,20 @@ EXPECTED
assert_equal "hogefuga", "aG9nZWZ1Z2E=".unpack1("m")
assert_equal "01000001", "A".unpack1("B*")
end
+
+ def test_pack_infection
+ tainted_array_string = ["123456"]
+ tainted_array_string.first.taint
+ ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm', 'P', 'p'].each do |f|
+ assert_predicate(tainted_array_string.pack(f), :tainted?)
+ end
+ end
+
+ def test_unpack_infection
+ tainted_string = "123456"
+ tainted_string.taint
+ ['a', 'A', 'Z', 'B', 'b', 'H', 'h', 'u', 'M', 'm'].each do |f|
+ assert_predicate(tainted_string.unpack(f).first, :tainted?)
+ end
+ end
end
--
1.8.3.1

59
ruby.spec
View File

@ -1,11 +1,11 @@
Name: ruby Name: ruby
Version: 2.5.1 Version: 2.5.8
Release: 107 Release: 1
Summary: Object-oriented scripting language interpreter Summary: Object-oriented scripting language interpreter
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
URL: http://ruby-lang.org/ URL: https://www.ruby-lang.org/en/
Source0: http://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.1.tar.xz Source0: http://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.8.tar.xz
Source1: operating_system.rb Source1: operating_system.rb
Source2: libruby.stp Source2: libruby.stp
Source3: ruby-exercise.stp Source3: ruby-exercise.stp
@ -32,26 +32,11 @@ Patch0007: ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
Patch0008: ruby-2.2.3-Generate-preludes-using-miniruby.patch Patch0008: ruby-2.2.3-Generate-preludes-using-miniruby.patch
Patch0009: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch Patch0009: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch
Patch0010: ruby-2.5.0-Add-Gem.operating_system_defaults.patch Patch0010: ruby-2.5.0-Add-Gem.operating_system_defaults.patch
Patch0011: ruby-2.5.1-TestTimeTZ-test-failures-Kiritimati-and-Lisbon.patch Patch0011: ruby-2.6.0-library-options-to-MAINLIBS.patch
Patch0012: ruby-2.6.0-library-options-to-MAINLIBS.patch Patch0012: ruby-2.5.1-Avoid-need-of-C++-compiler-to-pass-the-test-suite.patch
Patch0013: ruby-2.5.1-Avoid-need-of-C++-compiler-to-pass-the-test-suite.patch Patch6000: CVE-2019-19204.patch
Patch0014: ruby-2.5.1-Test-fixes-for-OpenSSL-1.1.1.patch Patch6001: CVE-2019-19246.patch
Patch0015: ruby-2.6.0-fix-test-failure-with-TLS-1.3.patch Patch6002: CVE-2019-16163.patch
Patch0016: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch
Patch6000: ruby-CVE-2018-16395.patch
Patch6001: ruby-CVE-2018-16396.patch
Patch6002: ruby-2.6.0-Try-to-update-cert.patch
Patch6003: CVE-2019-8322-8323-8324-8325.patch
Patch6004: CVE-2019-15845.patch
Patch6005: CVE-2019-16201.patch
Patch6006: CVE-2019-16254.patch
Patch6007: CVE-2019-16255.patch
Patch6008: CVE-2019-19204.patch
Patch6009: CVE-2019-19246.patch
Patch6010: CVE-2019-16163.patch
Patch6011: CVE-2020-10933.patch
Patch6012: CVE-2020-10663.patch
Provides: %{name}-libs = %{version}-%{release} Provides: %{name}-libs = %{version}-%{release}
Obsoletes: %{name}-libs < %{version}-%{release} Obsoletes: %{name}-libs < %{version}-%{release}
@ -267,7 +252,7 @@ BuildArch: noarch
This package is a lightweight protocol which can enable remote procedure calls over HTTP. This package is a lightweight protocol which can enable remote procedure calls over HTTP.
%prep %prep
%autosetup -n ruby-2.5.1 -p1 %autosetup -n ruby-2.5.8 -p1
rm -rf ext/psych/yaml rm -rf ext/psych/yaml
rm -rf ext/fiddle/libffi* rm -rf ext/fiddle/libffi*
@ -321,7 +306,7 @@ install -d %{buildroot}%{_exec_prefix}/lib{,64}/gems/%{name}
install -d %{buildroot}%{gem_dir}/gems/rdoc-6.0.1/lib install -d %{buildroot}%{gem_dir}/gems/rdoc-6.0.1/lib
mv %{buildroot}%{ruby_libdir}/rdoc* %{buildroot}%{gem_dir}/gems/rdoc-6.0.1/lib mv %{buildroot}%{ruby_libdir}/rdoc* %{buildroot}%{gem_dir}/gems/rdoc-6.0.1/lib
mv %{buildroot}%{gem_dir}/specifications/default/rdoc-6.0.1.gemspec %{buildroot}%{gem_dir}/specifications mv %{buildroot}%{gem_dir}/specifications/default/rdoc-6.0.1.1.gemspec %{buildroot}%{gem_dir}/specifications
install -d %{buildroot}%{gem_dir}/gems/bigdecimal-1.3.4/lib install -d %{buildroot}%{gem_dir}/gems/bigdecimal-1.3.4/lib
install -d %{buildroot}%{_libdir}/gems/%{name}/bigdecimal-1.3.4 install -d %{buildroot}%{_libdir}/gems/%{name}/bigdecimal-1.3.4
@ -352,7 +337,7 @@ install -d %{buildroot}%{gem_dir}/gems/openssl-2.1.0/lib
install -d %{buildroot}%{_libdir}/gems/%{name}/openssl-2.1.0 install -d %{buildroot}%{_libdir}/gems/%{name}/openssl-2.1.0
mv %{buildroot}%{ruby_libdir}/openssl* %{buildroot}%{gem_dir}/gems/openssl-2.1.0/lib mv %{buildroot}%{ruby_libdir}/openssl* %{buildroot}%{gem_dir}/gems/openssl-2.1.0/lib
mv %{buildroot}%{ruby_libarchdir}/openssl.so %{buildroot}%{_libdir}/gems/%{name}/openssl-2.1.0/ mv %{buildroot}%{ruby_libarchdir}/openssl.so %{buildroot}%{_libdir}/gems/%{name}/openssl-2.1.0/
mv %{buildroot}%{gem_dir}/specifications/default/openssl-2.1.0.gemspec %{buildroot}%{gem_dir}/specifications #mv %{buildroot}%{gem_dir}/specifications/default/openssl-2.1.0.gemspec %{buildroot}%{gem_dir}/specifications
install -d %{buildroot}%{ruby_libdir}/openssl install -d %{buildroot}%{ruby_libdir}/openssl
find %{buildroot}%{gem_dir}/gems/openssl-2.1.0/lib/openssl -maxdepth 1 -type f -exec \ find %{buildroot}%{gem_dir}/gems/openssl-2.1.0/lib/openssl -maxdepth 1 -type f -exec \
@ -375,7 +360,7 @@ find %{buildroot}%{gem_dir}/extensions/*-%{_target_os}/2.5.1/* -maxdepth 0 \
sed -i '/^end$/ i\ sed -i '/^end$/ i\
s.extensions = ["json/ext/parser.so", "json/ext/generator.so"]' %{buildroot}%{gem_dir}/specifications/json-2.1.0.gemspec s.extensions = ["json/ext/parser.so", "json/ext/generator.so"]' %{buildroot}%{gem_dir}/specifications/json-2.1.0.gemspec
mv %{buildroot}%{gem_dir}/gems/rake-12.3.0/doc/rake.1 %{buildroot}%{_mandir}/man1 mv %{buildroot}%{gem_dir}/gems/rake-12.3.3/doc/rake.1 %{buildroot}%{_mandir}/man1
install -d %{buildroot}%{_datadir}/systemtap/tapset install -d %{buildroot}%{_datadir}/systemtap/tapset
sed -e "s|@LIBRARY_PATH@|%(echo %{_libdir} | sed 's/64//')*/libruby.so.2.5|" \ sed -e "s|@LIBRARY_PATH@|%(echo %{_libdir} | sed 's/64//')*/libruby.so.2.5|" \
@ -396,7 +381,7 @@ sed -i 's/^/%lang(ja) /' .ruby-doc.ja
%check %check
[ "`make runruby TESTRUN_SCRIPT='bin/gem -v' | tail -1`" == '2.7.6' ] [ "`make runruby TESTRUN_SCRIPT='bin/gem -v' | tail -1`" == '2.7.6.2' ]
[ "`make runruby TESTRUN_SCRIPT=\"-e \\\" module Gem; module Resolver; end; end; \ [ "`make runruby TESTRUN_SCRIPT=\"-e \\\" module Gem; module Resolver; end; end; \
require 'rubygems/resolver/molinillo/lib/molinillo/gem_metadata'; \ require 'rubygems/resolver/molinillo/lib/molinillo/gem_metadata'; \
@ -497,8 +482,8 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%files -n rubygem-rake %files -n rubygem-rake
%{_bindir}/rake %{_bindir}/rake
%{gem_dir}/gems/rake-12.3.0 %{gem_dir}/gems/rake-12.3.3
%{gem_dir}/specifications/rake-12.3.0.gemspec %{gem_dir}/specifications/rake-12.3.3.gemspec
%files irb %files irb
%{_bindir}/irb %{_bindir}/irb
@ -506,8 +491,8 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%files -n rubygem-rdoc %files -n rubygem-rdoc
%{_bindir}/{rdoc,ri} %{_bindir}/{rdoc,ri}
%{gem_dir}/gems/rdoc-6.0.1 %{gem_dir}/gems/rdoc-6.0.1*
%{gem_dir}/specifications/rdoc-6.0.1.gemspec %{gem_dir}/specifications/rdoc-6.0.1.1.gemspec
%files help -f .ruby-doc.en -f .ruby-doc.ja %files help -f .ruby-doc.en -f .ruby-doc.ja
%doc README.md ChangeLog ruby-exercise.stp %doc README.md ChangeLog ruby-exercise.stp
@ -555,7 +540,7 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%{ruby_libarchdir}/openssl.so %{ruby_libarchdir}/openssl.so
%{_libdir}/gems/%{name}/openssl-2.1.0 %{_libdir}/gems/%{name}/openssl-2.1.0
%{gem_dir}/gems/openssl-2.1.0 %{gem_dir}/gems/openssl-2.1.0
%{gem_dir}/specifications/openssl-2.1.0.gemspec #%{gem_dir}/specifications/openssl-2.1.0.gemspec
%files -n rubygem-power_assert %files -n rubygem-power_assert
%{gem_dir}/gems/power_assert-1.1.1 %{gem_dir}/gems/power_assert-1.1.1
@ -589,6 +574,12 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%exclude %{gem_dir}/gems/xmlrpc-0.3.0/.* %exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
%changelog %changelog
* Mon Jul 27 2020 shixuantong <shixuantong@huawei.com> - 2.5.8-1
- Type:NA
- ID:NA
- SUG:NA
- DESC:update to 2.5.8
*Wed Jul 08 2020 zhangjiapeng <zhangjiapeng9@huawei.com> - 2.5.1-107 *Wed Jul 08 2020 zhangjiapeng <zhangjiapeng9@huawei.com> - 2.5.1-107
- Type:N/A - Type:N/A
- ID:N/A - ID:N/A