diff --git a/.ruby.metadata b/.ruby.metadata index 2762ff2..6a41a3d 100644 --- a/.ruby.metadata +++ b/.ruby.metadata @@ -1 +1 @@ -9d3e5758c87a2c8016aec246f278b7551f8cb675 SOURCES/ruby-2.0.0-p247.tar.bz2 +0be863f1c39d7764c52cbb79ca06105743e27c42 SOURCES/ruby-2.0.0-p353.tar.bz2 diff --git a/SOURCES/ruby-2.0.0-p195-Fix-build-against-OpenSSL-with-enabled-ECC-curves.patch b/SOURCES/ruby-2.0.0-p195-Fix-build-against-OpenSSL-with-enabled-ECC-curves.patch deleted file mode 100644 index 461b787..0000000 --- a/SOURCES/ruby-2.0.0-p195-Fix-build-against-OpenSSL-with-enabled-ECC-curves.patch +++ /dev/null @@ -1,85 +0,0 @@ -From 5617aafa2d44d0a4bc811830e225463abd01b2b2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Tue, 21 May 2013 10:01:33 +0200 -Subject: [PATCH] Fix build against OpenSSL with enabled ECC curves. - ---- - ext/openssl/ossl_pkey_ec.c | 4 ++++ - test/openssl/test_pkey_ec.rb | 26 +++++++++++++------------- - 2 files changed, 17 insertions(+), 13 deletions(-) - -diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c -index 8e6d88f..29e28ca 100644 ---- a/ext/openssl/ossl_pkey_ec.c -+++ b/ext/openssl/ossl_pkey_ec.c -@@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) - method = EC_GFp_mont_method(); - } else if (id == s_GFp_nist) { - method = EC_GFp_nist_method(); -+#if !defined(OPENSSL_NO_EC2M) - } else if (id == s_GF2m_simple) { - method = EC_GF2m_simple_method(); -+#endif - } - - if (method) { -@@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) - - if (id == s_GFp) { - new_curve = EC_GROUP_new_curve_GFp; -+#if !defined(OPENSSL_NO_EC2M) - } else if (id == s_GF2m) { - new_curve = EC_GROUP_new_curve_GF2m; -+#endif - } else { - ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m"); - } -diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb -index f151335..56f3ff7 100644 ---- a/test/openssl/test_pkey_ec.rb -+++ b/test/openssl/test_pkey_ec.rb -@@ -7,28 +7,28 @@ class OpenSSL::TestEC < Test::Unit::TestCase - @data1 = 'foo' - @data2 = 'bar' * 1000 # data too long for DSA sig - -- @group1 = OpenSSL::PKey::EC::Group.new('secp112r1') -- @group2 = OpenSSL::PKey::EC::Group.new('sect163k1') -- @group3 = OpenSSL::PKey::EC::Group.new('prime256v1') -+ @groups = [] -+ @keys = [] - -- @key1 = OpenSSL::PKey::EC.new -- @key1.group = @group1 -- @key1.generate_key -+ OpenSSL::PKey::EC.builtin_curves.each do |curve, comment| -+ group = OpenSSL::PKey::EC::Group.new(curve) - -- @key2 = OpenSSL::PKey::EC.new(@group2.curve_name) -- @key2.generate_key -+ key = OpenSSL::PKey::EC.new(group) -+ key.generate_key - -- @key3 = OpenSSL::PKey::EC.new(@group3) -- @key3.generate_key -- -- @groups = [@group1, @group2, @group3] -- @keys = [@key1, @key2, @key3] -+ @groups << group -+ @keys << key -+ end - end - - def compare_keys(k1, k2) - assert_equal(k1.to_pem, k2.to_pem) - end - -+ def test_builtin_curves -+ assert(!OpenSSL::PKey::EC.builtin_curves.empty?) -+ end -+ - def test_curve_names - @groups.each_with_index do |group, idx| - key = @keys[idx] --- -1.8.2.1 - diff --git a/SOURCES/ruby-2.0.0-p313-CVE-2013-4287-algorithmic-complexity-vulnerability.patch b/SOURCES/ruby-2.0.0-p313-CVE-2013-4287-algorithmic-complexity-vulnerability.patch deleted file mode 100644 index e5d2f28..0000000 --- a/SOURCES/ruby-2.0.0-p313-CVE-2013-4287-algorithmic-complexity-vulnerability.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b3571b55971e92458cba6c13177bae7a9d9b6ffd Mon Sep 17 00:00:00 2001 -From: nagachika -Date: Fri, 13 Sep 2013 15:02:01 +0000 -Subject: [PATCH] * lib/rubygems: Update to RubyGems to 2.0.8. - [ruby-core:57155] [Backport #8900] the patch is provided by drbrain (Eric - Hodel). this update contains a security fix for CVE-2013-4287. - -git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_0_0@42937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e ---- - lib/rubygems.rb | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/lib/rubygems/version.rb b/lib/rubygems/version.rb -index e983751..bbf04f5 100644 ---- a/lib/rubygems/version.rb -+++ b/lib/rubygems/version.rb -@@ -147,7 +147,7 @@ class Gem::Version - - # FIX: These are only used once, in .correct?. Do they deserve to be - # constants? -- VERSION_PATTERN = '[0-9]+(\.[0-9a-zA-Z]+)*' # :nodoc: -+ VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: - ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: - - ## --- -1.8.4 - diff --git a/SOURCES/ruby-2.0.0-p318-CVE-2013-4636-algorithmic-complexity-vulnerability.patch b/SOURCES/ruby-2.0.0-p318-CVE-2013-4636-algorithmic-complexity-vulnerability.patch deleted file mode 100644 index e67783d..0000000 --- a/SOURCES/ruby-2.0.0-p318-CVE-2013-4636-algorithmic-complexity-vulnerability.patch +++ /dev/null @@ -1,73 +0,0 @@ -Index: lib/rubygems/version.rb -=================================================================== ---- lib/rubygems/version.rb (revision 43039) -+++ lib/rubygems/version.rb (working copy) -@@ -148,7 +148,7 @@ class Gem::Version - # FIX: These are only used once, in .correct?. Do they deserve to be - # constants? - VERSION_PATTERN = '[0-9]+(?>\.[0-9a-zA-Z]+)*' # :nodoc: -- ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})*\s*\z/ # :nodoc: -+ ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/ # :nodoc: - - ## - # A string representation of this Version. -Index: test/rubygems/test_gem_requirement.rb -=================================================================== ---- test/rubygems/test_gem_requirement.rb (revision 43039) -+++ test/rubygems/test_gem_requirement.rb (working copy) -@@ -47,18 +47,20 @@ class TestGemRequirement < Gem::TestCase - end - - def test_parse_bad -- e = assert_raises Gem::Requirement::BadRequirementError do -- Gem::Requirement.parse nil -- end -- -- assert_equal 'Illformed requirement [nil]', e.message -+ [ -+ nil, -+ '', -+ '! 1', -+ '= junk', -+ '1..2', -+ ].each do |bad| -+ e = assert_raises Gem::Requirement::BadRequirementError do -+ Gem::Requirement.parse bad -+ end - -- e = assert_raises Gem::Requirement::BadRequirementError do -- Gem::Requirement.parse "" -+ assert_equal "Illformed requirement [#{bad.inspect}]", e.message - end - -- assert_equal 'Illformed requirement [""]', e.message -- - assert_equal Gem::Requirement::BadRequirementError.superclass, ArgumentError - end - -Index: test/rubygems/test_gem_version.rb -=================================================================== ---- test/rubygems/test_gem_version.rb (revision 43039) -+++ test/rubygems/test_gem_version.rb (working copy) -@@ -67,12 +67,18 @@ class TestGemVersion < Gem::TestCase - end - - def test_initialize_bad -- ["junk", "1.0\n2.0"].each do |bad| -- e = assert_raises ArgumentError do -+ %W[ -+ junk -+ 1.0\n2.0 -+ 1..2 -+ 1.2\ 3.4 -+ 1-2-3 -+ ].each do |bad| -+ e = assert_raises ArgumentError, bad do - Gem::Version.new bad - end - -- assert_equal "Malformed version number string #{bad}", e.message -+ assert_equal "Malformed version number string #{bad}", e.message, bad - end - end - diff --git a/SOURCES/ruby-2.1.0-test_aes_gcm_wrong_tag-Dont-use-String-succ.patch b/SOURCES/ruby-2.1.0-test_aes_gcm_wrong_tag-Dont-use-String-succ.patch new file mode 100644 index 0000000..aa1ec41 --- /dev/null +++ b/SOURCES/ruby-2.1.0-test_aes_gcm_wrong_tag-Dont-use-String-succ.patch @@ -0,0 +1,51 @@ +From e4f8f8907c8d04c54acf7791947295f8d9abf959 Mon Sep 17 00:00:00 2001 +From: akr +Date: Thu, 14 Nov 2013 10:58:15 +0000 +Subject: [PATCH] * test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't + use String#succ because it can make modified (wrong) auth_tag longer than + 16 bytes. The longer auth_tag makes that EVP_CIPHER_CTX_ctrl (and + internally aes_gcm_ctrl) fail. [ruby-core:55143] [Bug #8439] reported by + Vit Ondruch. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@43676 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 8 ++++++++ + test/openssl/test_cipher.rb | 3 ++- + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 04f7867..c6beb5a 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -24,6 +24,14 @@ + time to invocation of signal handler from 0.01 sec to 0.2 sec. + RubyCI report error on mswin. reported by @unak + ++Thu Nov 14 19:53:00 2013 Tanaka Akira ++ ++ * test/openssl/test_cipher.rb (test_aes_gcm_wrong_tag): Don't use ++ String#succ because it can make modified (wrong) auth_tag longer ++ than 16 bytes. The longer auth_tag makes that ++ EVP_CIPHER_CTX_ctrl (and internally aes_gcm_ctrl) fail. ++ [ruby-core:55143] [Bug #8439] reported by Vit Ondruch. ++ + Wed Nov 13 11:57:01 2013 CHIKANAGA Tomoyuki + + * lib/rubygems: Update to RubyGems 2.0.14. [ruby-core:58300] +diff --git a/test/openssl/test_cipher.rb b/test/openssl/test_cipher.rb +index 088dbc1..156fa2a 100644 +--- a/test/openssl/test_cipher.rb ++++ b/test/openssl/test_cipher.rb +@@ -187,7 +187,8 @@ def test_aes_gcm_wrong_tag + tag = cipher.auth_tag + + decipher = new_decryptor('aes-128-gcm', key, iv) +- decipher.auth_tag = tag[0..-2] << tag[-1].succ ++ tag.setbyte(-1, (tag.getbyte(-1) + 1) & 0xff) ++ decipher.auth_tag = tag + decipher.auth_data = "aad" + + assert_raise OpenSSL::Cipher::CipherError do +-- +1.8.5.1 + diff --git a/SOURCES/ruby-2.1.1-fix-test-failures-due-to-expired-certs.patch b/SOURCES/ruby-2.1.1-fix-test-failures-due-to-expired-certs.patch new file mode 100644 index 0000000..783484b --- /dev/null +++ b/SOURCES/ruby-2.1.1-fix-test-failures-due-to-expired-certs.patch @@ -0,0 +1,259 @@ +From 5ac7c395c19426a9a92f0a918b03e0f493af6e2c Mon Sep 17 00:00:00 2001 +From: tmm1 +Date: Fri, 3 Jan 2014 01:46:55 +0000 +Subject: [PATCH] test/net/imap/test_imap.rb: fix test failures due to expired + certs + +* test/net/imap/cacert.pem: generate new CA cert, since the last one + expired. [Bug #9341] [ruby-core:59459] +* test/net/imap/server.crt: new server cert signed with updated CA. +* test/net/imap/Makefile: add `make regen_certs` to automate this + process. + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@44488 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + ChangeLog | 8 +++++ + test/net/imap/Makefile | 15 +++++++++ + test/net/imap/cacert.pem | 84 ++++++++++++++++++++++++++---------------------- + test/net/imap/server.crt | 65 +++++++++++++++---------------------- + 4 files changed, 94 insertions(+), 78 deletions(-) + create mode 100644 test/net/imap/Makefile + +diff --git a/ChangeLog b/ChangeLog +index a4f20cd..d6a7148 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,11 @@ ++Fri Jan 3 10:43:57 2014 Aman Gupta ++ ++ * test/net/imap/cacert.pem: generate new CA cert, since the last one ++ expired. [Bug #9341] [ruby-core:59459] ++ * test/net/imap/server.crt: new server cert signed with updated CA. ++ * test/net/imap/Makefile: add `make regen_certs` to automate this ++ process. ++ + Fri Nov 22 13:18:28 2013 Nobuyoshi Nakada + + * util.c (ruby_strtod): BigMath requires more precision. +diff --git a/test/net/imap/Makefile b/test/net/imap/Makefile +new file mode 100644 +index 0000000..b2bc9c7 +--- /dev/null ++++ b/test/net/imap/Makefile +@@ -0,0 +1,15 @@ ++all: ++ ++regen_certs: ++ touch server.key ++ make server.crt ++ ++cacert.pem: server.key ++ openssl req -new -x509 -days 1825 -key server.key -out cacert.pem -text -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" ++ ++server.csr: ++ openssl req -new -key server.key -out server.csr -text -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" ++ ++server.crt: server.csr cacert.pem ++ openssl x509 -days 1825 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -text -out server.crt ++ rm server.csr +diff --git a/test/net/imap/cacert.pem b/test/net/imap/cacert.pem +index bd7e68a..7073387 100644 +--- a/test/net/imap/cacert.pem ++++ b/test/net/imap/cacert.pem +@@ -2,59 +2,65 @@ Certificate: + Data: + Version: 3 (0x2) + Serial Number: +- 9f:dc:f7:94:98:05:43:4c ++ b9:90:a2:bf:62:69:17:9c + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org + Validity +- Not Before: Dec 23 10:21:33 2010 GMT +- Not After : Jan 1 10:21:33 2014 GMT ++ Not Before: Jan 3 01:34:17 2014 GMT ++ Not After : Jan 2 01:34:17 2019 GMT + Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) +- Modulus: +- 00:ce:be:2c:9f:47:ba:db:9c:9c:5b:f0:38:3b:f3: +- 74:20:37:76:23:9f:84:1c:81:90:b4:3e:00:20:34: +- 98:7e:81:69:50:a1:c3:65:96:ea:fa:00:da:8c:cc: +- 53:3f:ba:3c:d0:50:7a:5a:b4:6b:ac:d3:2e:18:ca: +- 2a:69:b3:6a:6f:38:c2:32:a8:06:b6:0a:30:a9:ee: +- 03:38:e9:05:a5:19:23:54:a8:3c:b9:08:ad:2b:72: +- 23:df:93:22:c4:46:a8:ea:f1:a6:e9:30:4a:3f:83: +- 39:e9:62:8e:8b:a3:5e:67:89:1d:7c:75:de:05:aa: +- 58:b1:b7:79:7c:10:80:6d:87 ++ RSA Public Key: (1024 bit) ++ Modulus (1024 bit): ++ 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6: ++ bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be: ++ 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13: ++ 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5: ++ b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40: ++ 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d: ++ a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89: ++ af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6: ++ d0:fc:d6:eb:fc:06:82:10:fb + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: +- 41:C9:49:37:B1:FA:61:E3:BA:D7:19:3D:D9:DA:8C:B9:82:C9:B4:6A ++ E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 + X509v3 Authority Key Identifier: +- keyid:41:C9:49:37:B1:FA:61:E3:BA:D7:19:3D:D9:DA:8C:B9:82:C9:B4:6A ++ keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 ++ DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org ++ serial:B9:90:A2:BF:62:69:17:9C + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption +- 86:00:33:b9:dd:ff:5f:83:59:5f:c3:29:3c:d7:11:db:10:b3: +- d7:d1:70:fb:0a:c6:74:85:c6:ea:e1:15:c4:92:f8:0e:11:cc: +- ff:a6:3c:31:c2:2c:66:d8:fe:63:93:9f:b0:97:e6:f5:bc:5c: +- 80:68:96:5d:eb:77:b9:23:dd:68:a7:49:03:ff:22:48:55:f1: +- 39:7c:20:21:ff:64:52:e1:f6:cf:3c:b3:4d:2c:5c:03:62:ea: +- c5:49:99:07:fa:8d:ff:7b:c2:75:0c:ca:24:b5:0b:f5:b7:57: +- 3a:10:f0:8a:bb:9a:e8:92:4d:d5:6f:c2:a2:29:36:61:78:a4: +- dc:7b ++ 8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95: ++ f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8: ++ 61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56: ++ d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a: ++ 08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e: ++ 84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e: ++ 35:03:ea:0a:65:5a:33:38:c6:cc:81:46:c0:bc:36:86:96:39: ++ 10:7d + -----BEGIN CERTIFICATE----- +-MIIC6DCCAlGgAwIBAgIJAJ/c95SYBUNMMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD +-VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex +-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTAxMjIz +-MTAyMTMzWhcNMTQwMTAxMTAyMTMzWjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM +-B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv +-cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz ++MIIDjTCCAvagAwIBAgIJALmQor9iaRecMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD ++VQQGEwJKUDEQMA4GA1UECBMHU2hpbWFuZTEUMBIGA1UEBxMLTWF0ei1lIGNpdHkx ++FzAVBgNVBAoTDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDEwxSdWJ5IFRlc3QgQ0Ex ++JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTQwMTAz ++MDEzNDE3WhcNMTkwMTAyMDEzNDE3WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT ++B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv ++cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz + ZWN1cml0eUBydWJ5LWxhbmcub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB +-gQDOviyfR7rbnJxb8Dg783QgN3Yjn4QcgZC0PgAgNJh+gWlQocNllur6ANqMzFM/ +-ujzQUHpatGus0y4Yyipps2pvOMIyqAa2CjCp7gM46QWlGSNUqDy5CK0rciPfkyLE +-Rqjq8abpMEo/gznpYo6Lo15niR18dd4Fqlixt3l8EIBthwIDAQABo1AwTjAdBgNV +-HQ4EFgQUQclJN7H6YeO61xk92dqMuYLJtGowHwYDVR0jBBgwFoAUQclJN7H6YeO6 +-1xk92dqMuYLJtGowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCGADO5 +-3f9fg1lfwyk81xHbELPX0XD7CsZ0hcbq4RXEkvgOEcz/pjwxwixm2P5jk5+wl+b1 +-vFyAaJZd63e5I91op0kD/yJIVfE5fCAh/2RS4fbPPLNNLFwDYurFSZkH+o3/e8J1 +-DMoktQv1t1c6EPCKu5rokk3Vb8KiKTZheKTcew== ++gQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv70BpBrLJE51+ ++66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl9Ny7XaVBYOep ++dLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQABo4H0MIHxMB0G ++A1UdDgQWBBToflisE3sDIo2erzILhImAgAwewjCBwQYDVR0jBIG5MIG2gBToflis ++E3sDIo2erzILhImAgAwewqGBkqSBjzCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT ++B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv ++cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz ++ZWN1cml0eUBydWJ5LWxhbmcub3JnggkAuZCiv2JpF5wwDAYDVR0TBAUwAwEB/zAN ++BgkqhkiG9w0BAQUFAAOBgQCPdwZOMXIS7mgJcCfUMYXvEJX5DytmYwg3iG63m0A+ ++GHczhuhharc8y8em1tWSah9W0J9cMlbTN1L+DiDCeg3+LTyB2rh/TWoIAdm+eqIV ++vqbOSWSQjJrKbi6ESB2UGVaURqolm2jCgGC/yy41A+oKZVozOMbMgUbAvDaGljkQ ++fQ== + -----END CERTIFICATE----- +diff --git a/test/net/imap/server.crt b/test/net/imap/server.crt +index d848b26..fa4f994 100644 +--- a/test/net/imap/server.crt ++++ b/test/net/imap/server.crt +@@ -1,17 +1,17 @@ + Certificate: + Data: +- Version: 3 (0x2) ++ Version: 1 (0x0) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org + Validity +- Not Before: Dec 23 10:23:52 2010 GMT +- Not After : Jan 1 10:23:52 2014 GMT ++ Not Before: Jan 3 01:34:17 2014 GMT ++ Not After : Jan 2 01:34:17 2019 GMT + Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption +- Public-Key: (1024 bit) +- Modulus: ++ RSA Public Key: (1024 bit) ++ Modulus (1024 bit): + 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6: + bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be: + 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13: +@@ -22,40 +22,27 @@ Certificate: + af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6: + d0:fc:d6:eb:fc:06:82:10:fb + Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 +- X509v3 Authority Key Identifier: +- keyid:41:C9:49:37:B1:FA:61:E3:BA:D7:19:3D:D9:DA:8C:B9:82:C9:B4:6A +- + Signature Algorithm: sha1WithRSAEncryption +- ae:ee:cd:fe:c9:af:48:0b:50:37:ac:6a:f6:68:90:9b:67:df: +- 6f:2d:17:c9:3c:a5:da:ad:39:dc:2a:5b:07:88:26:38:19:30: +- d6:95:cf:10:69:c7:92:14:83:be:f1:b5:8e:6f:d9:91:51:c5: +- 63:ae:1c:89:ac:27:bf:4f:2a:8f:4e:0c:57:42:0a:c9:8e:0c: +- f4:f3:02:f7:ea:44:b6:e4:47:05:af:4e:74:e4:87:87:d9:c8: +- 76:ed:ab:32:7c:f0:31:34:10:14:bc:a6:37:cd:d7:dc:33:da: +- 82:d3:d4:9b:e9:d5:cd:38:cc:fa:81:5f:4e:fd:5f:53:05:5d: +- 76:f9 ++ 85:f5:d3:05:8b:8c:f4:43:1c:88:f2:8f:b2:f2:93:77:b7:3d: ++ 95:c6:a0:34:bc:33:6a:d8:85:5f:3e:86:08:10:c5:5c:c1:76: ++ a3:53:3c:dc:38:98:23:97:e7:da:21:ac:e8:4d:3c:96:70:29: ++ ff:ff:1e:4a:9a:17:2b:db:04:62:b9:ef:ab:ea:a7:a5:e8:7c: ++ b1:d5:ed:30:a8:6c:78:de:51:7e:e3:8a:c2:a4:64:a8:63:a2: ++ bc:fd:43:9c:f3:55:7d:54:c9:6a:d8:53:1c:4b:6b:03:aa:b6: ++ 19:e6:a4:4f:47:00:96:c5:42:59:85:4e:c3:4e:cd:41:82:53: ++ 10:f8 + -----BEGIN CERTIFICATE----- +-MIIC3jCCAkegAwIBAgIBADANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSlAx +-EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK +-DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI +-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTEwMTIyMzEwMjM1MloX +-DTE0MDEwMTEwMjM1MlowYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ +-BgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA23XQ +-Rd6x379xoA6wpea89Byd5SVnZMV7y/Gvxr6aqup+D8wFr+9AaQayyROdfuuiBuLq +-fQfHx5nH+9W462N3YisYEsNTWND1x0AMAdEmgjQWCePcZfTcu12lQWDnqXS610y2 +-o5zFjImvy+ifBf7q/mQkv+ft4/bQ/Nbr/AaCEPsCAwEAAaN7MHkwCQYDVR0TBAIw +-ADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUw +-HQYDVR0OBBYEFOh+WKwTewMijZ6vMguEiYCADB7CMB8GA1UdIwQYMBaAFEHJSTex +-+mHjutcZPdnajLmCybRqMA0GCSqGSIb3DQEBBQUAA4GBAK7uzf7Jr0gLUDesavZo +-kJtn328tF8k8pdqtOdwqWweIJjgZMNaVzxBpx5IUg77xtY5v2ZFRxWOuHImsJ79P +-Ko9ODFdCCsmODPTzAvfqRLbkRwWvTnTkh4fZyHbtqzJ88DE0EBS8pjfN19wz2oLT +-1Jvp1c04zPqBX079X1MFXXb5 ++MIICXDCCAcUCAQAwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD ++VQQIEwdTaGltYW5lMRQwEgYDVQQHEwtNYXR6LWUgY2l0eTEXMBUGA1UEChMOUnVi ++eSBDb3JlIFRlYW0xFTATBgNVBAMTDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ ++ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0xNDAxMDMwMTM0MTdaFw0xOTAx ++MDIwMTM0MTdaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdTaGltYW5lMRcwFQYD ++VQQKEw5SdWJ5IENvcmUgVGVhbTESMBAGA1UECxMJUnVieSBUZXN0MRIwEAYDVQQD ++Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANt10EXesd+/ ++caAOsKXmvPQcneUlZ2TFe8vxr8a+mqrqfg/MBa/vQGkGsskTnX7rogbi6n0Hx8eZ ++x/vVuOtjd2IrGBLDU1jQ9cdADAHRJoI0Fgnj3GX03LtdpUFg56l0utdMtqOcxYyJ ++r8vonwX+6v5kJL/n7eP20PzW6/wGghD7AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA ++hfXTBYuM9EMciPKPsvKTd7c9lcagNLwzatiFXz6GCBDFXMF2o1M83DiYI5fn2iGs ++6E08lnAp//8eSpoXK9sEYrnvq+qnpeh8sdXtMKhseN5RfuOKwqRkqGOivP1DnPNV ++fVTJathTHEtrA6q2GeakT0cAlsVCWYVOw07NQYJTEPg= + -----END CERTIFICATE----- +-- +1.8.5.1 + diff --git a/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch b/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch index 607e028..98013a7 100644 --- a/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch +++ b/SOURCES/rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.patch @@ -44,7 +44,7 @@ diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_inst index dffa8df..841f26a 100644 --- a/lib/rubygems/dependency_installer.rb +++ b/lib/rubygems/dependency_installer.rb -@@ -57,17 +57,14 @@ class Gem::DependencyInstaller +@@ -57,16 +57,14 @@ class Gem::DependencyInstaller # :build_args:: See Gem::Installer::new def initialize(options = {}) @@ -54,7 +54,6 @@ index dffa8df..841f26a 100644 - # HACK shouldn't change the global settings, needed for -i behavior - # maybe move to the install command? See also github #442 - Gem::Specification.dirs = @install_dir -- Gem.ensure_gem_subdirectories @install_dir + Gem.ensure_gem_subdirectories options[:install_dir] end diff --git a/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch b/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch index e443a46..365dc7b 100644 --- a/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch +++ b/SOURCES/rubygems-2.0.0-Fixes-for-empty-ruby-version.patch @@ -1,7 +1,7 @@ From c9b2eff36728266052ccfff54d3ac0a0624fd0f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=20Ondruch?= Date: Thu, 14 Feb 2013 11:50:41 +0100 -Subject: [PATCH 1/2] Use File.join insteado of manual path creation. +Subject: [PATCH] Use File.join insteado of manual path creation. This prevents issues, when File.join in #new_default_spec removes superfluous slashes while they are kept in expected paths. E.g. the test @@ -32,50 +32,3 @@ index 60df53f..35c9631 100644 -- 1.8.1.2 - -From b022cef7b2e6c2d138388a6c2db02cca8c408cc6 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?V=C3=ADt=20Ondruch?= -Date: Thu, 14 Feb 2013 13:35:20 +0100 -Subject: [PATCH 2/2] Do not add last slash to Gem.user_dir if ruby_version - string is empty. - ---- - lib/rubygems/defaults.rb | 4 +++- - test/rubygems/test_gem.rb | 6 ++++-- - 2 files changed, 7 insertions(+), 3 deletions(-) - -diff --git a/lib/rubygems/defaults.rb b/lib/rubygems/defaults.rb -index ea84e5c..05c35bb 100644 ---- a/lib/rubygems/defaults.rb -+++ b/lib/rubygems/defaults.rb -@@ -54,7 +54,9 @@ module Gem - # Path for gems in the user's home directory - - def self.user_dir -- File.join Gem.user_home, '.gem', ruby_engine, ConfigMap[:ruby_version] -+ parts = [Gem.user_home, '.gem', ruby_engine] -+ parts << ConfigMap[:ruby_version] unless ConfigMap[:ruby_version].empty? -+ File.join parts - end - - ## -diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb -index bf77009..9ee78f7 100644 ---- a/test/rubygems/test_gem.rb -+++ b/test/rubygems/test_gem.rb -@@ -1198,8 +1198,10 @@ class TestGem < Gem::TestCase - end - - def test_self_user_dir -- assert_equal File.join(@userhome, '.gem', Gem.ruby_engine, -- Gem::ConfigMap[:ruby_version]), Gem.user_dir -+ parts = [@userhome, '.gem', Gem.ruby_engine] -+ parts << Gem::ConfigMap[:ruby_version] unless Gem::ConfigMap[:ruby_version].empty? -+ -+ assert_equal File.join(parts), Gem.user_dir - end - - def test_self_user_home --- -1.8.1.2 - diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 8cae4f8..7846857 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -1,7 +1,7 @@ %global major_version 2 %global minor_version 0 %global teeny_version 0 -%global patch_level 247 +%global patch_level 353 %global major_minor_version %{major_version}.%{minor_version} @@ -26,10 +26,10 @@ %endif -%global release 16 +%global release 20 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} -%global rubygems_version 2.0.3 +%global rubygems_version 2.0.14 # The RubyGems library has to stay out of Ruby directory three, since the # RubyGems should be share by all Ruby implementations. @@ -139,11 +139,6 @@ Patch13: rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.pat # This prevents issues, when ruby configuration specifies --with-ruby-version=''. # https://github.com/rubygems/rubygems/pull/455 Patch14: rubygems-2.0.0-Fixes-for-empty-ruby-version.patch -# Although this does not directly affects Fedora ATM, it might be issue when -# rebuilding package on different platform (RHEL7). Please keep the patch until -# it is resolved in upstream. -# https://bugs.ruby-lang.org/issues/8384 -Patch15: ruby-2.0.0-p195-Fix-build-against-OpenSSL-with-enabled-ECC-curves.patch # Adds aarch64 support. # http://bugs.ruby-lang.org/issues/8331 # https://bugzilla.redhat.com/show_bug.cgi?id=926463 @@ -160,16 +155,12 @@ Patch18: ruby-2.0.0-p247-Revert-mkmf.rb-prefix-install_dirs-only-with-DESTDIR.pa # Fixes multilib conlicts of .gemspec files. # https://bugs.ruby-lang.org/issues/8623 Patch19: ruby-2.0.0-p247-Make-stable-Gem-Specification.files-in-default-.gems.patch - -# Version regex algorithmic complexity vulnerability -# CVE-2013-4287 -# http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=42937 -Patch100: ruby-2.0.0-p313-CVE-2013-4287-algorithmic-complexity-vulnerability.patch -# Version regex algorithmic complexity vulnerability (CVE for incomplete -# fix for CVE-2013-4287) -# CVE-2013-4363 -# http://bugs.ruby-lang.org/issues/8950 -Patch101: ruby-2.0.0-p318-CVE-2013-4636-algorithmic-complexity-vulnerability.patch +# Backport regenerated certificates for IMAP tests. +# http://bugs.ruby-lang.org/issues/9341 +Patch20: ruby-2.1.1-fix-test-failures-due-to-expired-certs.patch +# Fix test_aes_gcm_wrong_tag(OpenSSL::TestCipher) random test failures. +# https://bugs.ruby-lang.org/issues/8439 +Patch21: ruby-2.1.0-test_aes_gcm_wrong_tag-Dont-use-String-succ.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: ruby(rubygems) >= %{rubygems_version} @@ -434,14 +425,12 @@ Tcl/Tk interface for the object-oriented scripting language Ruby. %patch12 -p1 %patch13 -p1 %patch14 -p1 -%patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 - -%patch100 -p1 -%patch101 +%patch20 -p1 +%patch21 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -609,7 +598,9 @@ DISABLE_TESTS="-x test_dl2.rb $DISABLE_TESTS" # the test suite). touch abrt.rb -make check TESTS="-v $DISABLE_TESTS" +# Allow MD5 in OpenSSL. +# https://bugs.ruby-lang.org/issues/9154 +OPENSSL_ENABLE_MD5_VERIFY=1 make check TESTS="-v $DISABLE_TESTS" %post libs -p /sbin/ldconfig @@ -903,6 +894,28 @@ make check TESTS="-v $DISABLE_TESTS" %{ruby_libdir}/tkextlib %changelog +* Fri Jan 24 2014 Daniel Mach - 2.0.0.353-20 +- Mass rebuild 2014-01-24 + +* Tue Jan 07 2014 Vít Ondruch - 2.0.0.353-19 +- Update to Ruby 2.0.0-p353. + - Resolves: rhbz#1033923 +- Allow MD5 in OpenSSL for tests. + +* Fri Jan 03 2014 Vít Ondruch - 2.0.0.247-18 +- Fix FTBFS due to expired certificate for IMAP test case. +- Fix test_aes_gcm_wrong_tag random failures. + - Resolves: rhbz#1048899 + +* Fri Dec 27 2013 Daniel Mach - 2.0.0.247-18 +- Mass rebuild 2013-12-27 + +* Mon Nov 25 2013 Vít Ondruch - 2.0.0.247-17 +- Heap overflow in floating point parsing (CVE-2013-4164). + * ruby-2.0.0-p353-CVE-2013-4164-ignore-too-long-fraction-part.patch + - Resolves: rhbz#1033503 +- Allow MD5 in OpenSSL tests. + * Wed Sep 25 2013 Vít Ondruch - 2.0.0.247-16 - Fix version regex algorithmic complexity vulnerability (CVE for incomplete fix for CVE-2013-4287) (CVE-2013-4363).