diff --git a/.gitignore b/.gitignore index 46f636e..162477a 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-2.5.3.tar.xz +SOURCES/ruby-2.5.5.tar.xz diff --git a/.ruby.metadata b/.ruby.metadata index b055517..eb0720e 100644 --- a/.ruby.metadata +++ b/.ruby.metadata @@ -1 +1 @@ -5acbdea1ced1e36684268e1cb6f8a4e7669bce77 SOURCES/ruby-2.5.3.tar.xz +85cee62e47f0707808ff3d7cb68b6cd075a65509 SOURCES/ruby-2.5.5.tar.xz diff --git a/SOURCES/macros.rubygems b/SOURCES/macros.rubygems index d2e8514..f821ba7 100644 --- a/SOURCES/macros.rubygems +++ b/SOURCES/macros.rubygems @@ -60,7 +60,7 @@ gem install \\\ # %gemspec_add_dep(g:s:d) \ read -d '' gemspec_add_dep_script << 'EOR' || : \ - gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \ + gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \ \ name = '%{-g*}' \ requirements = %{*}%{!?1:nil} \ @@ -97,7 +97,7 @@ unset -v gemspec_add_dep_script \ # %gemspec_remove_dep(g:s:d) \ read -d '' gemspec_remove_dep_script << 'EOR' || : \ - gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \ + gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \ \ name = '%{-g*}' \ requirements = %{*}%{!?1:nil} \ @@ -144,7 +144,7 @@ unset -v gemspec_remove_dep_script \ # %gemspec_add_file(s:tr) \ read -d '' gemspec_add_file_script << 'EOR' || : \ - gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \ + gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \ \ abort("gemspec_add_file: Use only one '-t' or '-r' at a time.") if "%{?-t}%{?-r}" == "-t-r" \ \ @@ -177,7 +177,7 @@ unset -v gemspec_add_file_script \ # %gemspec_remove_file(s:tr) \ read -d '' gemspec_remove_file_script << 'EOR' || : \ - gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \ + gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \ \ abort("gemspec_remove_file: Use only one '-t' or '-r' at a time.") if "%{?-t}%{?-r}" == "-t-r" \ \ diff --git a/SOURCES/operating_system.rb b/SOURCES/operating_system.rb index 0d4b1f0..d95b303 100644 --- a/SOURCES/operating_system.rb +++ b/SOURCES/operating_system.rb @@ -119,6 +119,7 @@ module Gem def default_path path = default_dirs.collect {|location, paths| paths[:gem_dir]} path.unshift Gem.user_dir if File.exist? Gem.user_home + path end def default_ext_dir_for base_dir diff --git a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch index 47bf9bc..68e4abc 100644 --- a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch +++ b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch @@ -39,7 +39,7 @@ diff --git a/configure.ac b/configure.ac index 028ef7ca3e..cdeff87871 100644 --- a/configure.ac +++ b/configure.ac -@@ -4396,6 +4396,13 @@ AC_SUBST(rubyarchhdrdir)dnl +@@ -4397,6 +4397,13 @@ AC_SUBST(rubyarchhdrdir)dnl AC_SUBST(sitearchhdrdir)dnl AC_SUBST(vendorarchhdrdir)dnl diff --git a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 36ec460..555b6b5 100644 --- a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 11fc237552..b77e88fc37 100644 --- a/configure.ac +++ b/configure.ac -@@ -3641,6 +3641,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3642,6 +3642,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index d0cffab..20539fd 100644 --- a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index 999e2d6d5d..11fc237552 100644 --- a/configure.ac +++ b/configure.ac -@@ -4251,7 +4251,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4252,7 +4252,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/SOURCES/ruby-2.1.0-always-use-i386.patch b/SOURCES/ruby-2.1.0-always-use-i386.patch index 555ad45..5d45fac 100644 --- a/SOURCES/ruby-2.1.0-always-use-i386.patch +++ b/SOURCES/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index b77e88fc37..6bba453e3c 100644 --- a/configure.ac +++ b/configure.ac -@@ -4315,6 +4315,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4316,6 +4316,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch index cc45741..4b54560 100644 --- a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch +++ b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 6bba453e3c..028ef7ca3e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4287,6 +4287,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4288,6 +4288,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 6bba453e3c..028ef7ca3e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4311,6 +4315,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4312,6 +4316,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch index 8f57319..30370e1 100644 --- a/SOURCES/ruby-2.3.0-ruby_version.patch +++ b/SOURCES/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 8ea969412f..a00f2b6776 100644 --- a/configure.ac +++ b/configure.ac -@@ -4202,9 +4202,6 @@ AS_CASE(["$target_os"], +@@ -4203,9 +4203,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 8ea969412f..a00f2b6776 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4227,56 +4224,62 @@ AC_ARG_WITH(ridir, +@@ -4228,56 +4225,62 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -120,7 +120,7 @@ index 8ea969412f..a00f2b6776 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4293,6 +4296,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4294,6 +4297,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl @@ -245,7 +245,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index 0428bea..b6e090e 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1156,7 +1156,8 @@ def test_self_use_paths +@@ -1191,7 +1191,8 @@ def test_self_use_paths def test_self_user_dir parts = [@userhome, '.gem', Gem.ruby_engine] @@ -255,7 +255,7 @@ index 0428bea..b6e090e 100644 assert_equal File.join(parts), Gem.user_dir end -@@ -1283,7 +1284,7 @@ def test_self_user_home_user_drive_and_path +@@ -1318,7 +1319,7 @@ def test_self_user_home_user_drive_and_path def test_self_vendor_dir expected = File.join RbConfig::CONFIG['vendordir'], 'gems', diff --git a/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch b/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch index 6838701..7ac0e41 100644 --- a/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch +++ b/SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch @@ -64,7 +64,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb index 3225a05c6b..62b80c4945 100644 --- a/test/rubygems/test_gem.rb +++ b/test/rubygems/test_gem.rb -@@ -1802,6 +1802,13 @@ def test_use_gemdeps_specific +@@ -1837,6 +1837,13 @@ def test_use_gemdeps_specific ENV['RUBYGEMS_GEMDEPS'] = rubygems_gemdeps end diff --git a/SOURCES/ruby-2.5.4-fix-malicious-gem-to-lead-to-arbitrary-code-execution.patch b/SOURCES/ruby-2.5.4-fix-malicious-gem-to-lead-to-arbitrary-code-execution.patch deleted file mode 100644 index ca63318..0000000 --- a/SOURCES/ruby-2.5.4-fix-malicious-gem-to-lead-to-arbitrary-code-execution.patch +++ /dev/null @@ -1,168 +0,0 @@ -diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb -index ee5fedeb64..a3f9571cf3 100644 ---- a/lib/rubygems/installer.rb -+++ b/lib/rubygems/installer.rb -@@ -707,9 +707,26 @@ def verify_gem_home(unpack = false) # :nodoc: - unpack or File.writable?(gem_home) - end - -- def verify_spec_name -- return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN -- raise Gem::InstallError, "#{spec} has an invalid name" -+ def verify_spec -+ unless spec.name =~ Gem::Specification::VALID_NAME_PATTERN -+ raise Gem::InstallError, "#{spec} has an invalid name" -+ end -+ -+ if spec.raw_require_paths.any?{|path| path =~ /\R/ } -+ raise Gem::InstallError, "#{spec} has an invalid require_paths" -+ end -+ -+ if spec.extensions.any?{|ext| ext =~ /\R/ } -+ raise Gem::InstallError, "#{spec} has an invalid extensions" -+ end -+ -+ if spec.specification_version.to_s =~ /\R/ -+ raise Gem::InstallError, "#{spec} has an invalid specification_version" -+ end -+ -+ if spec.dependencies.any? {|dep| dep.type =~ /\R/ || dep.name =~ /\R/ } -+ raise Gem::InstallError, "#{spec} has an invalid dependencies" -+ end - end - - ## -@@ -836,9 +853,11 @@ def dir - def pre_install_checks - verify_gem_home options[:unpack] - -- ensure_loadable_spec -+ # The name and require_paths must be verified first, since it could contain -+ # ruby code that would be eval'ed in #ensure_loadable_spec -+ verify_spec - -- verify_spec_name -+ ensure_loadable_spec - - if options[:install_as_default] - Gem.ensure_default_gem_subdirectories gem_home -diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb -index 93b0482407..7f414d495d 100644 ---- a/test/rubygems/test_gem_installer.rb -+++ b/test/rubygems/test_gem_installer.rb -@@ -1474,6 +1474,112 @@ def spec.validate; end - end - end - -+ def test_pre_install_checks_malicious_name_before_eval -+ spec = util_spec "malicious\n::Object.const_set(:FROM_EVAL, true)#", '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate(*args); end -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal "# has an invalid name", e.message -+ end -+ refute defined?(::Object::FROM_EVAL) -+ end -+ -+ def test_pre_install_checks_malicious_require_paths_before_eval -+ spec = util_spec "malicious", '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate(*args); end -+ spec.require_paths = ["malicious\n``"] -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal "# has an invalid require_paths", e.message -+ end -+ end -+ -+ def test_pre_install_checks_malicious_extensions_before_eval -+ spec = util_spec "malicious", '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate(*args); end -+ spec.extensions = ["malicious\n``"] -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal "# has an invalid extensions", e.message -+ end -+ end -+ -+ def test_pre_install_checks_malicious_specification_version_before_eval -+ spec = util_spec "malicious", '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate(*args); end -+ spec.specification_version = "malicious\n``" -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal "# has an invalid specification_version", e.message -+ end -+ end -+ -+ def test_pre_install_checks_malicious_dependencies_before_eval -+ spec = util_spec "malicious", '1' -+ def spec.full_name # so the spec is buildable -+ "malicious-1" -+ end -+ def spec.validate(*args); end -+ spec.add_dependency "b\nfoo", '> 5' -+ -+ util_build_gem spec -+ -+ gem = File.join(@gemhome, 'cache', spec.file_name) -+ -+ use_ui @ui do -+ @installer = Gem::Installer.at gem -+ @installer.ignore_dependencies = true -+ e = assert_raises Gem::InstallError do -+ @installer.pre_install_checks -+ end -+ assert_equal "# has an invalid dependencies", e.message -+ end -+ end -+ - def test_shebang - util_make_exec @spec, "#!/usr/bin/ruby" - --- -2.21.0 - diff --git a/SOURCES/ruby-2.6.0-Fix-issues-detected-by-code-analysis-tool.patch b/SOURCES/ruby-2.6.0-Fix-issues-detected-by-code-analysis-tool.patch new file mode 100644 index 0000000..00e1b4d --- /dev/null +++ b/SOURCES/ruby-2.6.0-Fix-issues-detected-by-code-analysis-tool.patch @@ -0,0 +1,78 @@ +From 893949167bdb911c7db9fd59de85f288c09741e1 Mon Sep 17 00:00:00 2001 +From: nobu +Date: Sat, 15 Sep 2018 09:59:14 +0000 +Subject: [PATCH] Fix issues detected by code analysis tool (mainly Coverity). + +* Fix leaked storage in addr2line.c. +* Fix for "top_root" leaking the resource. + +[Fix GH-1956] + +From: Jun Aruga + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + addr2line.c | 8 ++++++-- + regcomp.c | 3 +++ + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/addr2line.c b/addr2line.c +index 2c422cc1697a..b266e44d5d4b 100644 +--- a/addr2line.c ++++ b/addr2line.c +@@ -593,11 +593,12 @@ fill_lines(int num_traces, void **traces, int check_debuglink, + h = dlopen(NULL, RTLD_NOW|RTLD_LOCAL); + if (!h) continue; + s = dlsym(h, strtab + sym->st_name); +- if (!s) continue; +- if (dladdr(s, &info)) { ++ if (s && dladdr(s, &info)) { + dladdr_fbase = (uintptr_t)info.dli_fbase; ++ dlclose(h); + break; + } ++ dlclose(h); + } + if (ehdr->e_type == ET_EXEC) { + obj->base_addr = 0; +@@ -655,6 +656,9 @@ fill_lines(int num_traces, void **traces, int check_debuglink, + finish: + return dladdr_fbase; + fail: ++ if (file != NULL) { ++ munmap(file, (size_t)filesize); ++ } + return (uintptr_t)-1; + } + +diff --git a/regcomp.c b/regcomp.c +index 0f6bee60d576..df7f73bac501 100644 +--- a/regcomp.c ++++ b/regcomp.c +@@ -3596,6 +3596,7 @@ expand_case_fold_string(Node* node, regex_t* reg) + if (n == 0 || varlen == 0) { + if (IS_NULL(snode)) { + if (IS_NULL(root) && IS_NOT_NULL(prev_node)) { ++ onig_node_free(top_root); + top_root = root = onig_node_list_add(NULL_NODE, prev_node); + if (IS_NULL(root)) { + onig_node_free(prev_node); +@@ -3627,6 +3628,7 @@ expand_case_fold_string(Node* node, regex_t* reg) + } + } + if (IS_NULL(root) && IS_NOT_NULL(prev_node)) { ++ onig_node_free(top_root); + top_root = root = onig_node_list_add(NULL_NODE, prev_node); + if (IS_NULL(root)) { + onig_node_free(prev_node); +@@ -3677,6 +3679,7 @@ expand_case_fold_string(Node* node, regex_t* reg) + if (r != 0) goto mem_err; + + if (IS_NOT_NULL(prev_node) && IS_NULL(root)) { ++ onig_node_free(top_root); + top_root = root = onig_node_list_add(NULL_NODE, prev_node); + if (IS_NULL(root)) { + onig_node_free(srem); +-- +2.21.0 + diff --git a/SOURCES/ruby-2.6.0-Try-to-update-cert.patch b/SOURCES/ruby-2.6.0-Try-to-update-cert.patch deleted file mode 100644 index 013688d..0000000 --- a/SOURCES/ruby-2.6.0-Try-to-update-cert.patch +++ /dev/null @@ -1,502 +0,0 @@ -From f234e6c3d3170f37508e214cdaef78d4b2584e5a Mon Sep 17 00:00:00 2001 -From: kazu -Date: Wed, 2 Jan 2019 03:08:20 +0000 -Subject: [PATCH 1/2] Try to update cert - -git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e ---- - test/net/fixtures/cacert.pem | 86 +++++++------------------- - test/net/fixtures/server.crt | 113 +++++++++++++++++++++++------------ - test/net/fixtures/server.key | 43 ++++++++----- - 3 files changed, 124 insertions(+), 118 deletions(-) - -diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem -index 7073387877..f623bd62ed 100644 ---- a/test/net/fixtures/cacert.pem -+++ b/test/net/fixtures/cacert.pem -@@ -1,66 +1,24 @@ --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: -- b9:90:a2:bf:62:69:17:9c -- Signature Algorithm: sha1WithRSAEncryption -- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org -- Validity -- Not Before: Jan 3 01:34:17 2014 GMT -- Not After : Jan 2 01:34:17 2019 GMT -- Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- RSA Public Key: (1024 bit) -- Modulus (1024 bit): -- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6: -- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be: -- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13: -- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5: -- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40: -- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d: -- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89: -- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6: -- d0:fc:d6:eb:fc:06:82:10:fb -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- X509v3 Subject Key Identifier: -- E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 -- X509v3 Authority Key Identifier: -- keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2 -- DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org -- serial:B9:90:A2:BF:62:69:17:9C -- -- X509v3 Basic Constraints: -- CA:TRUE -- Signature Algorithm: sha1WithRSAEncryption -- 8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95: -- f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8: -- 61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56: -- d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a: -- 08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e: -- 84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e: -- 35:03:ea:0a:65:5a:33:38:c6:cc:81:46:c0:bc:36:86:96:39: -- 10:7d - -----BEGIN CERTIFICATE----- --MIIDjTCCAvagAwIBAgIJALmQor9iaRecMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD --VQQGEwJKUDEQMA4GA1UECBMHU2hpbWFuZTEUMBIGA1UEBxMLTWF0ei1lIGNpdHkx --FzAVBgNVBAoTDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDEwxSdWJ5IFRlc3QgQ0Ex --JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTQwMTAz --MDEzNDE3WhcNMTkwMTAyMDEzNDE3WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT --B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv --cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz --ZWN1cml0eUBydWJ5LWxhbmcub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB --gQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv70BpBrLJE51+ --66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl9Ny7XaVBYOep --dLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQABo4H0MIHxMB0G --A1UdDgQWBBToflisE3sDIo2erzILhImAgAwewjCBwQYDVR0jBIG5MIG2gBToflis --E3sDIo2erzILhImAgAwewqGBkqSBjzCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT --B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv --cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz --ZWN1cml0eUBydWJ5LWxhbmcub3JnggkAuZCiv2JpF5wwDAYDVR0TBAUwAwEB/zAN --BgkqhkiG9w0BAQUFAAOBgQCPdwZOMXIS7mgJcCfUMYXvEJX5DytmYwg3iG63m0A+ --GHczhuhharc8y8em1tWSah9W0J9cMlbTN1L+DiDCeg3+LTyB2rh/TWoIAdm+eqIV --vqbOSWSQjJrKbi6ESB2UGVaURqolm2jCgGC/yy41A+oKZVozOMbMgUbAvDaGljkQ --fQ== -+MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD -+VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx -+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex -+JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy -+MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM -+B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv -+cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz -+ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB -+CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV -+SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI -+3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d -+BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L -+2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R -+WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9 -+I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw -+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA -+of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q -+aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS -+2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee -+uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s -+K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+ -+mA== - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt -index fa4f99493a..817ecc222c 100644 ---- a/test/net/fixtures/server.crt -+++ b/test/net/fixtures/server.crt -@@ -1,48 +1,83 @@ - Certificate: - Data: -- Version: 1 (0x0) -- Serial Number: 0 (0x0) -- Signature Algorithm: sha1WithRSAEncryption -+ Version: 3 (0x2) -+ Serial Number: 1 (0x1) -+ Signature Algorithm: sha256WithRSAEncryption - Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org - Validity -- Not Before: Jan 3 01:34:17 2014 GMT -- Not After : Jan 2 01:34:17 2019 GMT -- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost -+ Not Before: Jan 2 03:06:53 2019 GMT -+ Not After : Jan 1 03:06:53 2024 GMT -+ Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org - Subject Public Key Info: - Public Key Algorithm: rsaEncryption -- RSA Public Key: (1024 bit) -- Modulus (1024 bit): -- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6: -- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be: -- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13: -- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5: -- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40: -- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d: -- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89: -- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6: -- d0:fc:d6:eb:fc:06:82:10:fb -+ Public-Key: (2048 bit) -+ Modulus: -+ 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86: -+ c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68: -+ 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87: -+ e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71: -+ 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be: -+ c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3: -+ 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd: -+ 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57: -+ d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc: -+ 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84: -+ 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0: -+ 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f: -+ 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1: -+ dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd: -+ fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e: -+ 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de: -+ ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82: -+ 96:a9 - Exponent: 65537 (0x10001) -- Signature Algorithm: sha1WithRSAEncryption -- 85:f5:d3:05:8b:8c:f4:43:1c:88:f2:8f:b2:f2:93:77:b7:3d: -- 95:c6:a0:34:bc:33:6a:d8:85:5f:3e:86:08:10:c5:5c:c1:76: -- a3:53:3c:dc:38:98:23:97:e7:da:21:ac:e8:4d:3c:96:70:29: -- ff:ff:1e:4a:9a:17:2b:db:04:62:b9:ef:ab:ea:a7:a5:e8:7c: -- b1:d5:ed:30:a8:6c:78:de:51:7e:e3:8a:c2:a4:64:a8:63:a2: -- bc:fd:43:9c:f3:55:7d:54:c9:6a:d8:53:1c:4b:6b:03:aa:b6: -- 19:e6:a4:4f:47:00:96:c5:42:59:85:4e:c3:4e:cd:41:82:53: -- 10:f8 -+ X509v3 extensions: -+ X509v3 Basic Constraints: -+ CA:FALSE -+ Netscape Comment: -+ OpenSSL Generated Certificate -+ X509v3 Subject Key Identifier: -+ F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43 -+ X509v3 Authority Key Identifier: -+ keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 -+ -+ Signature Algorithm: sha256WithRSAEncryption -+ 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19: -+ 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4: -+ 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42: -+ 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7: -+ fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea: -+ 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75: -+ 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45: -+ ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87: -+ 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06: -+ 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d: -+ bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27: -+ f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07: -+ fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5: -+ 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87: -+ 9d:64:28:ce - -----BEGIN CERTIFICATE----- --MIICXDCCAcUCAQAwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD --VQQIEwdTaGltYW5lMRQwEgYDVQQHEwtNYXR6LWUgY2l0eTEXMBUGA1UEChMOUnVi --eSBDb3JlIFRlYW0xFTATBgNVBAMTDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ --ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0xNDAxMDMwMTM0MTdaFw0xOTAx --MDIwMTM0MTdaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdTaGltYW5lMRcwFQYD --VQQKEw5SdWJ5IENvcmUgVGVhbTESMBAGA1UECxMJUnVieSBUZXN0MRIwEAYDVQQD --Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANt10EXesd+/ --caAOsKXmvPQcneUlZ2TFe8vxr8a+mqrqfg/MBa/vQGkGsskTnX7rogbi6n0Hx8eZ --x/vVuOtjd2IrGBLDU1jQ9cdADAHRJoI0Fgnj3GX03LtdpUFg56l0utdMtqOcxYyJ --r8vonwX+6v5kJL/n7eP20PzW6/wGghD7AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA --hfXTBYuM9EMciPKPsvKTd7c9lcagNLwzatiFXz6GCBDFXMF2o1M83DiYI5fn2iGs --6E08lnAp//8eSpoXK9sEYrnvq+qnpeh8sdXtMKhseN5RfuOKwqRkqGOivP1DnPNV --fVTJathTHEtrA6q2GeakT0cAlsVCWYVOw07NQYJTEPg= -+MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx -+EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK -+DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI -+hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX -+DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx -+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex -+JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG -+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m -+u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W -+vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI -+Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT -+Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI -+BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5 -+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl -+cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME -+GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK -+Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx -+DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2 -+Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN -+/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS -+SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm -+gJGByxo9tY6HnWQozg== - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key -index 7c57546ece..1e73232728 100644 ---- a/test/net/fixtures/server.key -+++ b/test/net/fixtures/server.key -@@ -1,15 +1,28 @@ -------BEGIN RSA PRIVATE KEY----- --MIICXQIBAAKBgQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv --70BpBrLJE51+66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl --9Ny7XaVBYOepdLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQAB --AoGAGtYHR+P5gFDaxiXFuCPFC1zMeg7e29XCU6gURIteQnQ2QhxCvcbV64HkLu51 --HeYWhB0Pa4aeCWxmpgb2e+JH4MEoIjeJSGyZQeqwkQLgWJDdvkgWx5am58QzA60I --ipkZ9QHcPffSs5RiGx4yfr58KqAmwFphGCY8W7v4LqaENdECQQD9H5VTW9g4gj1c --j3uNYvSI/D7a9P7gfI+ziczuwMm5xsBx3D/t5TAr3SJKNne3sl1E6ZERCUbzxf+C --k58EiHx1AkEA3fRLGqDOq7EcQhbjTcA/v/t5MwlGEUsS9+XrqOWn50YuoIwRZJ3v --qHRQzfQfFNklGtfBvwQ4md3irXjMeGVprwJBAMEAuwiDiHuV+xm/ofKtmE13IKot --ksYy1BOOp/8IawhHXueyi+BmF/PqOkIiA+jCjNGF0oIN89beizPSQbbgJx0CQG/K --qL1bu1ys0y/SeWBi8XkP/0aeaCUzq/UiYCTsrzoEll2UzvnftqMhGsXxLGqCyHaR --r2s3hA6zvIVlL4+AfM8CQQClq+WDrC5VKciLYakZNWJjV1m+H2Ut/0fXdUjKHajE --FWLcsrOhADf6bkTb71GwPxnKRkkRmud5upP0ZYYTqM4X -------END RSA PRIVATE KEY----- -+-----BEGIN PRIVATE KEY----- -+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k -+339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu -+cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l -+//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT -+XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP -+CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym -+WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM -+BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9 -+fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j -+hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T -+uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q -+8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB -+s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z -+AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl -+lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x -+u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm -+gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr -+45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN -+W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM -+spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3 -+bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW -+uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox -+kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+ -+XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE -+bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml -+uCiVeqoPl+JIg4m8Tz76XWo= -+-----END PRIVATE KEY----- --- -2.20.1 - - -From 1e0b49a293d3792826c67b7e05c5fcbd09c9ea6e Mon Sep 17 00:00:00 2001 -From: kazu -Date: Wed, 2 Jan 2019 03:29:01 +0000 -Subject: [PATCH 2/2] Try to update cert (2nd try) - -git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e ---- - test/net/fixtures/server.crt | 115 +++++++++++++++++------------------ - test/net/fixtures/server.key | 52 ++++++++-------- - 2 files changed, 83 insertions(+), 84 deletions(-) - -diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt -index 817ecc222c..5ca78a6d14 100644 ---- a/test/net/fixtures/server.crt -+++ b/test/net/fixtures/server.crt -@@ -1,35 +1,35 @@ - Certificate: - Data: - Version: 3 (0x2) -- Serial Number: 1 (0x1) -+ Serial Number: 2 (0x2) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org - Validity -- Not Before: Jan 2 03:06:53 2019 GMT -- Not After : Jan 1 03:06:53 2024 GMT -- Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org -+ Not Before: Jan 2 03:27:13 2019 GMT -+ Not After : Jan 1 03:27:13 2024 GMT -+ Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: -- 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86: -- c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68: -- 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87: -- e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71: -- 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be: -- c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3: -- 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd: -- 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57: -- d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc: -- 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84: -- 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0: -- 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f: -- 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1: -- dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd: -- fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e: -- 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de: -- ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82: -- 96:a9 -+ 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07: -+ 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48: -+ e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57: -+ 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67: -+ cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1: -+ 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7: -+ bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc: -+ 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1: -+ 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9: -+ 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19: -+ 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04: -+ 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3: -+ 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4: -+ de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d: -+ 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc: -+ e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d: -+ 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10: -+ 4f:41 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: -@@ -37,47 +37,46 @@ Certificate: - Netscape Comment: - OpenSSL Generated Certificate - X509v3 Subject Key Identifier: -- F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43 -+ ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36 - X509v3 Authority Key Identifier: - keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 - - Signature Algorithm: sha256WithRSAEncryption -- 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19: -- 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4: -- 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42: -- 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7: -- fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea: -- 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75: -- 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45: -- ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87: -- 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06: -- 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d: -- bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27: -- f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07: -- fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5: -- 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87: -- 9d:64:28:ce -+ 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c: -+ ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35: -+ 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51: -+ fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a: -+ 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a: -+ 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15: -+ 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64: -+ 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62: -+ d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab: -+ 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d: -+ 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2: -+ 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff: -+ 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf: -+ da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69: -+ fd:be:bd:6e - -----BEGIN CERTIFICATE----- --MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx -+MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx - EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK - DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI --hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX --DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx --FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex --JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG --SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m --u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W --vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI --Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT --Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI --BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5 --MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl --cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME --GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK --Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx --DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2 --Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN --/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS --SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm --gJGByxo9tY6HnWQozg== -+hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX -+DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx -+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ -+BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -+AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ -+zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj -+VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ -+wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r -+sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d -+dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC -+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o -+wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N -++J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ -+y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW -+EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL -+Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1 -+oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j -+28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key -index 1e73232728..7f2380e71e 100644 ---- a/test/net/fixtures/server.key -+++ b/test/net/fixtures/server.key -@@ -1,28 +1,28 @@ - -----BEGIN PRIVATE KEY----- --MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k --339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu --cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l --//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT --XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP --CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym --WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM --BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9 --fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j --hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T --uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q --8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB --s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z --AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl --lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x --u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm --gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr --45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN --W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM --spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3 --bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW --uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox --kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+ --XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE --bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml --uCiVeqoPl+JIg4m8Tz76XWo= -+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN -+XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU -+Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC -+6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE -+cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ -+n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u -+/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ -+DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho -+LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX -+QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej -+hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ -+1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt -+liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd -+U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc -+pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC -+A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1 -+ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs -+oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD -+gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ -+xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn -+kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ -+uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ -+y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ -+g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8 -+wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7 -+2whRF0FEjKA8ehrNhAq+VFfFNw== - -----END PRIVATE KEY----- --- -2.20.1 - diff --git a/SOURCES/ruby-2.6.0-Update-for-tzdata-2018f.patch b/SOURCES/ruby-2.6.0-Update-for-tzdata-2018f.patch deleted file mode 100644 index edc58b6..0000000 --- a/SOURCES/ruby-2.6.0-Update-for-tzdata-2018f.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e71ca6cdcf108e6a2fa47ec9fadefe7554717908 Mon Sep 17 00:00:00 2001 -From: nobu -Date: Fri, 26 Oct 2018 01:47:09 +0000 -Subject: [PATCH] Update for tzdata-2018f - -git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65365 b2dd03c8-39d4-4d8f-98ff-823fe69b080e ---- - test/ruby/test_time_tz.rb | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb -index 2da4fd8d9ce4..328fde48fc34 100644 ---- a/test/ruby/test_time_tz.rb -+++ b/test/ruby/test_time_tz.rb -@@ -86,7 +86,9 @@ def group_by(e, &block) - has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon") - CORRECT_TOKYO_DST_1951 = with_tz("Asia/Tokyo") { - if Time.local(1951, 5, 6, 12, 0, 0).dst? # noon, DST -- Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata -+ if Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata -+ Time.local(1951, 9, 8, 23, 0, 0).dst? ? "2018f" : "2018e" -+ end - end - } - CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") { -@@ -347,12 +349,16 @@ def self.gen_zdump_test(data) - Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000 - Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800 - End -- gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' : <<'End' -+ gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End' - Asia/Tokyo Sat May 5 14:59:59 1951 UTC = Sat May 5 23:59:59 1951 JST isdst=0 gmtoff=32400 - Asia/Tokyo Sat May 5 15:00:00 1951 UTC = Sun May 6 01:00:00 1951 JDT isdst=1 gmtoff=36000 -+End - Asia/Tokyo Sat Sep 8 13:59:59 1951 UTC = Sat Sep 8 23:59:59 1951 JDT isdst=1 gmtoff=36000 - Asia/Tokyo Sat Sep 8 14:00:00 1951 UTC = Sat Sep 8 23:00:00 1951 JST isdst=0 gmtoff=32400 --End -+2018e -+Asia/Tokyo Sat Sep 8 14:59:59 1951 UTC = Sun Sep 9 00:59:59 1951 JDT isdst=1 gmtoff=36000 -+Asia/Tokyo Sat Sep 8 15:00:00 1951 UTC = Sun Sep 9 00:00:00 1951 JST isdst=0 gmtoff=32400 -+2018f - Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400 - Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000 - Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000 diff --git a/SOURCES/ruby-2.6.0-library-options-to-MAINLIBS.patch b/SOURCES/ruby-2.6.0-library-options-to-MAINLIBS.patch index 199798d..5299c6f 100644 --- a/SOURCES/ruby-2.6.0-library-options-to-MAINLIBS.patch +++ b/SOURCES/ruby-2.6.0-library-options-to-MAINLIBS.patch @@ -27,7 +27,7 @@ index aebbae1969a5..733a0c992fd7 100644 AC_DEFUN([RUBY_RM_RECURSIVE], [ m4_version_prereq([2.70], [-1], [ -@@ -2938,13 +2939,11 @@ AS_IF([test x"$enable_pthread" = xyes], [ +@@ -2939,13 +2940,11 @@ AS_IF([test x"$enable_pthread" = xyes], [ AC_DEFINE(_THREAD_SAFE) AC_DEFINE(HAVE_LIBPTHREAD) AC_CHECK_HEADERS(pthread_np.h, [], [], [@%:@include ]) @@ -46,7 +46,7 @@ index aebbae1969a5..733a0c992fd7 100644 ], [ AC_MSG_WARN("Don't know how to find pthread library on your system -- thread support disabled") ]) -@@ -3623,7 +3622,7 @@ LIBRUBY_A='lib$(RUBY_SO_NAME)-static.a' +@@ -3624,7 +3623,7 @@ LIBRUBY_A='lib$(RUBY_SO_NAME)-static.a' LIBRUBY='$(LIBRUBY_A)' LIBRUBYARG_STATIC='-l$(RUBY_SO_NAME)-static' LIBRUBYARG='$(LIBRUBYARG_STATIC)' @@ -55,7 +55,7 @@ index aebbae1969a5..733a0c992fd7 100644 AS_CASE(["$target_os"], [cygwin*|mingw*|haiku*|darwin*], [ -@@ -3689,9 +3688,6 @@ AS_CASE("$enable_shared", [yes], [ +@@ -3690,9 +3689,6 @@ AS_CASE("$enable_shared", [yes], [ LIBRUBY_RELATIVE=no test -z "$CCDLFLAGS" || CFLAGS="$CFLAGS $CCDLFLAGS" ENABLE_SHARED=yes @@ -65,7 +65,7 @@ index aebbae1969a5..733a0c992fd7 100644 # libdir can be overridden in config.site file (on OpenSUSE at least). libdir_basename=lib -@@ -3726,7 +3722,6 @@ AS_CASE("$enable_shared", [yes], [ +@@ -3727,7 +3723,6 @@ AS_CASE("$enable_shared", [yes], [ ]) ], [freebsd*|dragonfly*], [ @@ -73,7 +73,7 @@ index aebbae1969a5..733a0c992fd7 100644 LIBRUBY_SO='lib$(RUBY_SO_NAME).$(SOEXT).$(MAJOR)$(MINOR)' LIBRUBY_SONAME='$(LIBRUBY_SO)' AS_IF([test "$rb_cv_binary_elf" != "yes" ], [ -@@ -3735,7 +3730,6 @@ AS_CASE("$enable_shared", [yes], [ +@@ -3736,7 +3731,6 @@ AS_CASE("$enable_shared", [yes], [ ]) ], [netbsd*], [ @@ -81,7 +81,7 @@ index aebbae1969a5..733a0c992fd7 100644 LIBRUBY_SONAME='lib$(RUBY_SO_NAME).$(SOEXT).$(MAJOR)$(MINOR)' LIBRUBY_SO="${LIBRUBY_SONAME}"'.$(TEENY)' RUBY_APPEND_OPTIONS(LIBRUBY_DLDFLAGS, ['-Wl,-soname,$(LIBRUBY_SONAME)' "$LDFLAGS_OPTDIR"]) -@@ -3746,11 +3740,9 @@ AS_CASE("$enable_shared", [yes], [ +@@ -3747,11 +3741,9 @@ AS_CASE("$enable_shared", [yes], [ ]) ], [openbsd*|mirbsd*], [ @@ -93,7 +93,7 @@ index aebbae1969a5..733a0c992fd7 100644 LIBRUBY_SO='lib$(RUBY_SO_NAME).$(SOEXT).$(MAJOR)' LIBRUBY_SONAME='lib$(RUBY_SO_NAME).$(SOEXT).$(RUBY_PROGRAM_VERSION)' LIBRUBY_ALIASES='$(LIBRUBY_SONAME) lib$(RUBY_SO_NAME).$(SOEXT)' -@@ -3768,7 +3760,7 @@ AS_CASE("$enable_shared", [yes], [ +@@ -3769,7 +3761,7 @@ AS_CASE("$enable_shared", [yes], [ [aix*], [ RUBY_APPEND_OPTIONS(LIBRUBY_DLDFLAGS, ["${linker_flag}-bnoentry" "$XLDFLAGS" "$LDFLAGS_OPTDIR"]) LIBRUBYARG_SHARED='-L${libdir} -l${RUBY_SO_NAME}' @@ -102,7 +102,7 @@ index aebbae1969a5..733a0c992fd7 100644 ], [darwin*], [ LIBRUBY_LDSHARED='$(CC) -dynamiclib' -@@ -3788,7 +3780,6 @@ AS_CASE("$enable_shared", [yes], [ +@@ -3789,7 +3781,6 @@ AS_CASE("$enable_shared", [yes], [ LIBRUBY_SO='lib$(RUBY_SO_NAME).$(SOEXT)' LIBRUBY_SONAME='lib$(RUBY_BASE_NAME).$(RUBY_API_VERSION).$(SOEXT)' LIBRUBY_ALIASES='$(LIBRUBY_SONAME) lib$(RUBY_INSTALL_NAME).$(SOEXT)' @@ -110,7 +110,7 @@ index aebbae1969a5..733a0c992fd7 100644 ], [interix*], [ LIBRUBYARG_SHARED='-L. -L${libdir} -l$(RUBY_SO_NAME)' -@@ -4031,7 +4022,6 @@ AS_CASE(["$target_os"], +@@ -4032,7 +4023,6 @@ AS_CASE(["$target_os"], ]) LIBRUBY_ALIASES='' FIRSTMAKEFILE=GNUmakefile:cygwin/GNUmakefile.in @@ -118,7 +118,7 @@ index aebbae1969a5..733a0c992fd7 100644 AS_IF([test x"$enable_shared" = xyes], [ LIBRUBY='lib$(RUBY_SO_NAME).dll.a' ], [ -@@ -4131,6 +4121,13 @@ AS_IF([test "${universal_binary-no}" = yes ], [ +@@ -4132,6 +4122,13 @@ AS_IF([test "${universal_binary-no}" = yes ], [ [rb_cv_architecture_available=yes], [rb_cv_architecture_available=no])) ]) diff --git a/SOURCES/ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch b/SOURCES/ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch deleted file mode 100644 index b81800e..0000000 --- a/SOURCES/ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch +++ /dev/null @@ -1,157 +0,0 @@ -From 1dfc377ae3b174b043d3f0ed36de57b0296b34d0 Mon Sep 17 00:00:00 2001 -From: rhe -Date: Wed, 8 Aug 2018 14:13:55 +0000 -Subject: [PATCH] net/http, net/ftp: fix session resumption with TLS 1.3 - -When TLS 1.3 is in use, the session ticket may not have been sent yet -even though a handshake has finished. Also, the ticket could change if -multiple session ticket messages are sent by the server. Use -SSLContext#session_new_cb instead of calling SSLSocket#session -immediately after a handshake. This way also works with earlier protocol -versions. - -git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e ---- - lib/net/ftp.rb | 5 ++++- - lib/net/http.rb | 7 +++++-- - test/net/http/test_https.rb | 35 ++++++++++------------------------- - 3 files changed, 19 insertions(+), 28 deletions(-) - -diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb -index c3ee47ef4d36..9902f9dc657a 100644 ---- a/lib/net/ftp.rb -+++ b/lib/net/ftp.rb -@@ -230,6 +230,10 @@ def initialize(host = nil, user_or_options = {}, passwd = nil, acct = nil) - if defined?(VerifyCallbackProc) - @ssl_context.verify_callback = VerifyCallbackProc - end -+ @ssl_context.session_cache_mode = -+ OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT | -+ OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE -+ @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess } - @ssl_session = nil - if options[:private_data_connection].nil? - @private_data_connection = true -@@ -349,7 +353,6 @@ def start_tls_session(sock) - if @ssl_context.verify_mode != VERIFY_NONE - ssl_sock.post_connection_check(@host) - end -- @ssl_session = ssl_sock.session - return ssl_sock - end - private :start_tls_session -diff --git a/lib/net/http.rb b/lib/net/http.rb -index 281b15cedff0..683a884f5dbe 100644 ---- a/lib/net/http.rb -+++ b/lib/net/http.rb -@@ -969,6 +969,10 @@ def connect - end - @ssl_context = OpenSSL::SSL::SSLContext.new - @ssl_context.set_params(ssl_parameters) -+ @ssl_context.session_cache_mode = -+ OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT | -+ OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE -+ @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess } - D "starting SSL for #{conn_address}:#{conn_port}..." - s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context) - s.sync_close = true -@@ -976,13 +980,12 @@ def connect - s.hostname = @address if s.respond_to? :hostname= - if @ssl_session and - Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout -- s.session = @ssl_session if @ssl_session -+ s.session = @ssl_session - end - ssl_socket_connect(s, @open_timeout) - if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE - s.post_connection_check(@address) - end -- @ssl_session = s.session - D "SSL established" - end - @socket = BufferedIO.new(s, read_timeout: @read_timeout, -diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb -index 8004d5c5f29f..a5182a1fe9db 100644 ---- a/test/net/http/test_https.rb -+++ b/test/net/http/test_https.rb -@@ -71,20 +71,11 @@ def test_session_reuse - http.get("/") - http.finish - -- http.start -- http.get("/") -- http.finish # three times due to possible bug in OpenSSL 0.9.8 -- -- sid = http.instance_variable_get(:@ssl_session).id -- - http.start - http.get("/") - - socket = http.instance_variable_get(:@socket).io -- -- assert socket.session_reused? -- -- assert_equal sid, http.instance_variable_get(:@ssl_session).id -+ assert_equal true, socket.session_reused? - - http.finish - rescue SystemCallError -@@ -101,16 +92,12 @@ def test_session_reuse_but_expire - http.get("/") - http.finish - -- sid = http.instance_variable_get(:@ssl_session).id -- - http.start - http.get("/") - - socket = http.instance_variable_get(:@socket).io - assert_equal false, socket.session_reused? - -- assert_not_equal sid, http.instance_variable_get(:@ssl_session).id -- - http.finish - rescue SystemCallError - skip $! -@@ -160,15 +147,16 @@ def test_certificate_verify_failure - end - - def test_identity_verify_failure -+ # the certificate's subject has CN=localhost - http = Net::HTTP.new("127.0.0.1", config("port")) - http.use_ssl = true -- http.verify_callback = Proc.new do |preverify_ok, store_ctx| -- true -- end -+ http.cert_store = TEST_STORE -+ @log_tester = lambda {|_| } - ex = assert_raise(OpenSSL::SSL::SSLError){ - http.request_get("/") {|res| } - } -- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message) -+ re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/ -+ assert_match(re_msg, ex.message) - end - - def test_timeout_during_SSL_handshake -@@ -193,16 +181,13 @@ def test_timeout_during_SSL_handshake - end - - def test_min_version -- http = Net::HTTP.new("127.0.0.1", config("port")) -+ http = Net::HTTP.new("localhost", config("port")) - http.use_ssl = true - http.min_version = :TLS1 -- http.verify_callback = Proc.new do |preverify_ok, store_ctx| -- true -- end -- ex = assert_raise(OpenSSL::SSL::SSLError){ -- http.request_get("/") {|res| } -+ http.cert_store = TEST_STORE -+ http.request_get("/") {|res| -+ assert_equal($test_net_http_data, res.body) - } -- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message) - end - - def test_max_version diff --git a/SOURCES/ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch b/SOURCES/ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch new file mode 100644 index 0000000..041f327 --- /dev/null +++ b/SOURCES/ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch @@ -0,0 +1,214 @@ +From 091459248d3ce814e10d50cc4421f0c0454ef61f Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Sun, 30 Apr 2017 22:47:40 +0200 +Subject: [PATCH 1/4] created.rid: use SOURCE_DATE_EPOCH + +use SOURCE_DATE_EPOCH instead of current time in created.rid top line +to enable reproducible builds of ruby docs + +See https://reproducible-builds.org/ for why this is good +and https://reproducible-builds.org/specs/source-date-epoch/ +for the definition of this variable. +--- + lib/rdoc/rdoc.rb | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb +index 68775c8be1..a2711fbbd1 100644 +--- a/lib/rdoc/rdoc.rb ++++ b/lib/rdoc/rdoc.rb +@@ -232,6 +232,9 @@ def store= store + + def update_output_dir(op_dir, time, last = {}) + return if @options.dry_run or not @options.update_output_dir ++ unless ENV['SOURCE_DATE_EPOCH'].nil? ++ time = Time.at(ENV['SOURCE_DATE_EPOCH'].to_i).gmtime ++ end + + open output_flag_file(op_dir), "w" do |f| + f.puts time.rfc2822 +-- +2.21.0 + +From 73a935e9fa63b056ea0be69c0c923afdfb4d88da Mon Sep 17 00:00:00 2001 +From: "Bernhard M. Wiedemann" +Date: Thu, 14 Dec 2017 10:54:54 +0100 +Subject: [PATCH 2/4] Do not store current timestamps in gz headers + +to enable reproducible builds of rdoc + +Normally, 0 would be the preferred value to indicate "no date" +but that value is handled differently in Zlib::GzipWriter +to put in the current time +--- + lib/rdoc/generator/json_index.rb | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb +index e4cfe967c6..a059a5d4d0 100644 +--- a/lib/rdoc/generator/json_index.rb ++++ b/lib/rdoc/generator/json_index.rb +@@ -175,7 +175,7 @@ def generate_gzipped + debug_msg "Writing gzipped search index to %s" % outfile + + Zlib::GzipWriter.open(outfile) do |gz| +- gz.mtime = File.mtime(search_index_file) ++ gz.mtime = 1 # make output reproducible + gz.orig_name = search_index_file.basename.to_s + gz.write search_index + gz.close +@@ -193,7 +193,7 @@ def generate_gzipped + debug_msg "Writing gzipped file to %s" % outfile + + Zlib::GzipWriter.open(outfile) do |gz| +- gz.mtime = File.mtime(dest) ++ gz.mtime = 1 # make output reproducible + gz.orig_name = dest.basename.to_s + gz.write data + gz.close +-- +2.21.0 + +From 1b34b337b72918e83c3b952eed6998ad47974960 Mon Sep 17 00:00:00 2001 +From: aycabta +Date: Sat, 27 Jan 2018 14:37:42 +0900 +Subject: [PATCH 3/4] Improve reproducible builds for .js and .js.gz files + +The mtime for search_index.js.gz should be updated because it's +generated dynamically. So uses SOURCE_DATE_EPOCH after +RDoc::Generator::JsonIndex#generate creates index file. + +FileUtils.install in RDoc::Generator::JsonIndex#generate with :preserve +option because the mtime value is based on original .js file. +--- + lib/rdoc/generator/json_index.rb | 9 +++++--- + test/rdoc/test_rdoc_generator_json_index.rb | 25 ++++++++++++++++++++- + 2 files changed, 30 insertions(+), 4 deletions(-) + +diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb +index a059a5d4d0..3a1000033d 100644 +--- a/lib/rdoc/generator/json_index.rb ++++ b/lib/rdoc/generator/json_index.rb +@@ -147,12 +147,15 @@ def generate + + JSON.dump data, io, 0 + end ++ unless ENV['SOURCE_DATE_EPOCH'].nil? ++ index_file.utime index_file.atime, Time.at(ENV['SOURCE_DATE_EPOCH'].to_i).gmtime ++ end + + Dir.chdir @template_dir do + Dir['**/*.js'].each do |source| + dest = File.join out_dir, source + +- FileUtils.install source, dest, :mode => 0644, :verbose => $DEBUG_RDOC ++ FileUtils.install source, dest, :mode => 0644, :preserve => true, :verbose => $DEBUG_RDOC + end + end + end +@@ -175,7 +178,7 @@ def generate_gzipped + debug_msg "Writing gzipped search index to %s" % outfile + + Zlib::GzipWriter.open(outfile) do |gz| +- gz.mtime = 1 # make output reproducible ++ gz.mtime = File.mtime(search_index_file) + gz.orig_name = search_index_file.basename.to_s + gz.write search_index + gz.close +@@ -193,7 +196,7 @@ def generate_gzipped + debug_msg "Writing gzipped file to %s" % outfile + + Zlib::GzipWriter.open(outfile) do |gz| +- gz.mtime = 1 # make output reproducible ++ gz.mtime = File.mtime(dest) + gz.orig_name = dest.basename.to_s + gz.write data + gz.close +diff --git a/test/rdoc/test_rdoc_generator_json_index.rb b/test/rdoc/test_rdoc_generator_json_index.rb +index 6cb5463d29..65e7f087cc 100644 +--- a/test/rdoc/test_rdoc_generator_json_index.rb ++++ b/test/rdoc/test_rdoc_generator_json_index.rb +@@ -8,7 +8,7 @@ class TestRDocGeneratorJsonIndex < RDoc::TestCase + def setup + super + +- @tmpdir = File.join Dir.tmpdir, "test_rdoc_generator_darkfish_#{$$}" ++ @tmpdir = Dir.mktmpdir "test_rdoc_generator_darkfish_#{$$}_" + FileUtils.mkdir_p @tmpdir + + @options = RDoc::Options.new +@@ -89,12 +89,21 @@ def test_file_dir + end + + def test_generate ++ now = Time.now + @g.generate + + assert_file 'js/searcher.js' + assert_file 'js/navigation.js' + assert_file 'js/search_index.js' + ++ orig_file = Pathname(File.join @pwd, 'lib/rdoc/generator/template/json_index/js/navigation.js') ++ generated_file = Pathname(File.join @tmpdir, 'js/navigation.js') ++ assert_equal orig_file.mtime, generated_file.mtime ++ assert generated_file.mtime < now, '.js files should be the same timestamp' ++ ++ generated_search_index = Pathname(File.join @tmpdir, 'js/search_index.js') ++ assert generated_search_index.mtime > (now - 1), 'search_index.js should be generated timestamp' ++ + json = File.read 'js/search_index.js' + + json =~ /\Avar search_data = / +@@ -137,6 +146,20 @@ def test_generate + assert_equal expected, index + end + ++ def test_generate_search_index_with_reproducible_builds ++ backup_epoch = ENV['SOURCE_DATE_EPOCH'] ++ ruby_birthday = Time.parse 'Wed, 24 Feb 1993 21:00:00 +0900' ++ ENV['SOURCE_DATE_EPOCH'] = ruby_birthday.to_i.to_s ++ ++ @g.generate ++ ++ assert_file 'js/search_index.js' ++ generated_search_index = Pathname(File.join @tmpdir, 'js/search_index.js') ++ assert_equal ruby_birthday, generated_search_index.mtime ++ ++ ENV['SOURCE_DATE_EPOCH'] = backup_epoch ++ end ++ + def test_generate_gzipped + begin + require 'zlib' +-- +2.21.0 + +From 74c1e201f2146e7175e74d6fc0b9386c2e95210f Mon Sep 17 00:00:00 2001 +From: aycabta +Date: Sat, 27 Jan 2018 17:54:31 +0900 +Subject: [PATCH 4/4] Use dirty hack on JRuby for MiniTest 4 + +--- + test/rdoc/test_rdoc_generator_json_index.rb | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/test/rdoc/test_rdoc_generator_json_index.rb b/test/rdoc/test_rdoc_generator_json_index.rb +index 65e7f087cc..714d496195 100644 +--- a/test/rdoc/test_rdoc_generator_json_index.rb ++++ b/test/rdoc/test_rdoc_generator_json_index.rb +@@ -98,7 +98,11 @@ def test_generate + + orig_file = Pathname(File.join @pwd, 'lib/rdoc/generator/template/json_index/js/navigation.js') + generated_file = Pathname(File.join @tmpdir, 'js/navigation.js') +- assert_equal orig_file.mtime, generated_file.mtime ++ ++ # This is dirty hack on JRuby for MiniTest 4 ++ assert orig_file.mtime.inspect == generated_file.mtime.inspect, ++ '.js files should be tha same timestamp of original' ++ + assert generated_file.mtime < now, '.js files should be the same timestamp' + + generated_search_index = Pathname(File.join @tmpdir, 'js/search_index.js') +-- +2.21.0 + diff --git a/SOURCES/ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch b/SOURCES/ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch new file mode 100644 index 0000000..c54f1e4 --- /dev/null +++ b/SOURCES/ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch @@ -0,0 +1,61 @@ +diff --git a/ext/fiddle/closure.c b/ext/fiddle/closure.c +index 1a80b2b..b997e23 100644 +--- a/ext/fiddle/closure.c ++++ b/ext/fiddle/closure.c +@@ -13,25 +13,11 @@ typedef struct { + ffi_type **argv; + } fiddle_closure; + +-#if defined(USE_FFI_CLOSURE_ALLOC) +-#elif defined(__OpenBSD__) || defined(__APPLE__) || defined(__linux__) +-# define USE_FFI_CLOSURE_ALLOC 0 +-#elif defined(RUBY_LIBFFI_MODVERSION) && RUBY_LIBFFI_MODVERSION < 3000005 && \ +- (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_AMD64)) +-# define USE_FFI_CLOSURE_ALLOC 0 +-#else +-# define USE_FFI_CLOSURE_ALLOC 1 +-#endif +- + static void + dealloc(void * ptr) + { + fiddle_closure * cls = (fiddle_closure *)ptr; +-#if USE_FFI_CLOSURE_ALLOC + ffi_closure_free(cls->pcl); +-#else +- munmap(cls->pcl, sizeof(*cls->pcl)); +-#endif + if (cls->argv) xfree(cls->argv); + xfree(cls); + } +@@ -205,12 +191,7 @@ allocate(VALUE klass) + VALUE i = TypedData_Make_Struct(klass, fiddle_closure, + &closure_data_type, closure); + +-#if USE_FFI_CLOSURE_ALLOC + closure->pcl = ffi_closure_alloc(sizeof(ffi_closure), &closure->code); +-#else +- closure->pcl = mmap(NULL, sizeof(ffi_closure), PROT_READ | PROT_WRITE, +- MAP_ANON | MAP_PRIVATE, -1, 0); +-#endif + + return i; + } +@@ -257,17 +238,8 @@ initialize(int rbargc, VALUE argv[], VALUE self) + if (FFI_OK != result) + rb_raise(rb_eRuntimeError, "error prepping CIF %d", result); + +-#if USE_FFI_CLOSURE_ALLOC + result = ffi_prep_closure_loc(pcl, cif, callback, + (void *)self, cl->code); +-#else +- result = ffi_prep_closure(pcl, cif, callback, (void *)self); +- cl->code = (void *)pcl; +- i = mprotect(pcl, sizeof(*pcl), PROT_READ | PROT_EXEC); +- if (i) { +- rb_sys_fail("mprotect"); +- } +-#endif + + if (FFI_OK != result) + rb_raise(rb_eRuntimeError, "error prepping closure %d", result); diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 5b20cf4..135722c 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -1,6 +1,6 @@ %global major_version 2 %global minor_version 5 -%global teeny_version 3 +%global teeny_version 5 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -21,15 +21,16 @@ %endif -%global release 104 +%global release 105 + %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} -# The RubyGems library has to stay out of Ruby directory three, since the +# The RubyGems library has to stay out of Ruby directory tree, since the # RubyGems should be share by all Ruby implementations. %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 2.7.6 +%global rubygems_version 2.7.6.2 %global molinillo_version 0.5.7 # TODO: The IRB has strange versioning. Keep the Ruby's versioning ATM. @@ -147,21 +148,12 @@ Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch # Properly harden package using -fstack-protector-strong. # https://bugs.ruby-lang.org/issues/15053 Patch24: ruby-2.6.0-configure-fstack-protector-strong.patch -# Fix Tokyo TZ tests. -# https://github.com/ruby/ruby/commit/e71ca6cdcf108e6a2fa47ec9fadefe7554717908 -Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch -# Refresh expired certificates. -# https://bugs.ruby-lang.org/issues/15502 -# https://github.com/ruby/ruby/commit/6f9b40ea53d8f3fb2a5b1c7ac55c207d42c77ef4 -Patch11: ruby-2.6.0-Try-to-update-cert.patch -# CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution -# https://bugzilla.redhat.com/show_bug.cgi?id=1692520 -# https://github.com/rubygems/rubygems/commit/8e61a52f49c9530706cd73d2f1edc10f097e591f -Patch26: ruby-2.5.4-fix-malicious-gem-to-lead-to-arbitrary-code-execution.patch - -# Fix some OpenSSL 1.1.1 test failures. -# https://github.com/ruby/ruby/commit/1dfc377ae3b174b043d3f0ed36de57b0296b34d0 -Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch +# Fix CovScan issues. +# https://bugzilla.redhat.com/show_bug.cgi?id=1628592 +# https://bugs.ruby-lang.org/issues/15116 +# https://github.com/ruby/ruby/commit/893949167bdb911c7db9fd59de85f288c09741e1 +Patch25: ruby-2.6.0-Fix-issues-detected-by-code-analysis-tool.patch + # Add support for .include directive used by OpenSSL config files. # https://github.com/ruby/openssl/pull/216 Patch22: ruby-2.6.0-config-support-include-directive.patch @@ -169,6 +161,19 @@ Patch22: ruby-2.6.0-config-support-include-directive.patch # https://github.com/ruby/openssl/pull/217 Patch23: ruby-2.6.0-use-larger-keys-for-SSL-tests.patch +# Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64. +# https://bugzilla.redhat.com/show_bug.cgi?id=1727832 +# https://bugzilla.redhat.com/show_bug.cgi?id=1721569 +# https://github.com/ruby/fiddle/pull/20 +Patch26: ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch +# Fix rdoc gzipped javascript pages are not the same across multilib. +# https://github.com/ruby/ruby/commit/98c7058bf7b3eab91c62a77cb10b09f6c8ed368e +# https://github.com/ruby/rdoc/commit/524a8ffc7efbc10b09234f7ac3f81d30a3f9f65c +# https://github.com/ruby/rdoc/commit/2df261bb8a9336438508bba94e22e0f968f88983 +# https://github.com/ruby/rdoc/commit/8e1916b89ef1d50930c2c863119ddb6ce6c796ed +# https://github.com/ruby/rdoc/commit/5a8dc7ce883b24539918c75a460a740943c46970 +Patch27: ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch + Requires: %{name}-libs%{?_isa} = %{version}-%{release} Suggests: rubypick Recommends: ruby(rubygems) >= %{rubygems_version} @@ -193,6 +198,7 @@ BuildRequires: procps %{?with_hardening_test:BuildRequires: %{_bindir}/checksec} BuildRequires: multilib-rpm-config BuildRequires: gcc +BuildRequires: zlib-devel # This package provides %%{_bindir}/ruby-mri therefore it is marked by this # virtual provide. It can be installed as dependency of rubypick. @@ -550,16 +556,24 @@ rm -rf ext/fiddle/libffi* %patch7 -p1 %patch9 -p1 %patch10 -p1 -%patch11 -p1 %patch15 -p1 %patch16 -p1 -%patch19 -p1 + +# Preserve rdoc's js file timestamp modified by patch command +# for reproducible build. It is used as generated js.gz file's metadata. +# https://bugzilla.redhat.com/show_bug.cgi?id=1719647 +# https://github.com/junaruga/rdoc/blob/v6.0.2/lib/rdoc/generator/json_index.rb#L199 +# https://github.com/rpm-software-management/rpm/issues/788 +ORIG_EPOCH=$(stat --printf='%y' lib/rdoc/generator/template/json_index/js/navigation.js) %patch20 -p1 +touch -d "${ORIG_EPOCH}" lib/rdoc/generator/template/json_index/js/navigation.js + %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 # Provide an example of usage of the tapset: cp -a %{SOURCE3} . @@ -719,12 +733,14 @@ sed -i '/^end$/ i\ # Move man pages into proper location mv %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/doc/rake.1 %{buildroot}%{_mandir}/man1 +%if %{with systemtap} # Install a tapset and fix up the path to the library. mkdir -p %{buildroot}%{tapset_dir} sed -e "s|@LIBRARY_PATH@|%{tapset_libdir}/libruby.so.%{major_minor_version}|" \ %{SOURCE2} > %{buildroot}%{tapset_dir}/libruby.so.%{major_minor_version}.stp # Escape '*/' in comment. sed -i -r "s|( \*.*\*)\/(.*)|\1\\\/\2|" %{buildroot}%{tapset_dir}/libruby.so.%{major_minor_version}.stp +%endif # Prepare -doc subpackage file lists. find doc -maxdepth 1 -type f ! -name '.*' ! -name '*.ja*' > .ruby-doc.en @@ -963,7 +979,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \ %{ruby_libarchdir}/syslog.so %{ruby_libarchdir}/zlib.so -%{tapset_root} +%{?with_systemtap:%{tapset_root}} %files -n rubygems %{_bindir}/gem @@ -1033,7 +1049,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \ %files doc -f .ruby-doc.en -f .ruby-doc.ja %doc README.md %doc ChangeLog -%doc ruby-exercise.stp +%{?with_systemtap:%doc ruby-exercise.stp} %{_datadir}/ri %files -n rubygem-bigdecimal @@ -1110,9 +1126,25 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \ %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec %changelog -* Tue May 07 2019 Jun Aruga - 2.5.3-104 -- Prohibit arbitrary code execution when installing a malicious gem. - Resolves: CVE-2019-8324 +* Thu Jul 04 2019 Jun Aruga - 2.5.5-105 +- Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64. + Resolves: rhbz#1727832 +- Properly support %%prerelease in %%gemspec_ macros. + Related: rhbz#1688758 +- Fix rdoc gzipped javascript pages are not the same across multilib. + Resolves: rhbz#1719647 + +* Wed Apr 17 2019 Vít Ondruch - 2.5.5-104 +- Update to Ruby 2.5.5. + * Remove Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch; subsumed + * Remove Patch11: ruby-2.6.0-Try-to-update-cert.patch; subsumed + * Remove Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with + -TLS-1.3.patch; subsumed + Resolves: rhbz#1688758 +- Don't ship .stp files when SystemTap support is disabled. + Related: rhbz#1657915 +- Fix CovScan issues. + Resolves: rhbz#1628592 * Fri Jan 11 2019 Jun Aruga - 2.5.3-103 - Refresh expired certificates to fix FTBFS.