diff --git a/.gitignore b/.gitignore index 242457c..978802b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-2.6.3.tar.xz +SOURCES/ruby-2.6.7.tar.xz diff --git a/.ruby.metadata b/.ruby.metadata index a2b9708..25bfc62 100644 --- a/.ruby.metadata +++ b/.ruby.metadata @@ -1 +1 @@ -ee231856cee812cfc67440d643f7451857a760c9 SOURCES/ruby-2.6.3.tar.xz +1fd1448125a00cd7b9994637b5e561506de6a6d3 SOURCES/ruby-2.6.7.tar.xz diff --git a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch index 0770723..14da77e 100644 --- a/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch +++ b/SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch @@ -39,7 +39,7 @@ diff --git a/configure.ac b/configure.ac index 028ef7ca3e..cdeff87871 100644 --- a/configure.ac +++ b/configure.ac -@@ -3855,6 +3855,13 @@ AC_SUBST(rubyarchhdrdir)dnl +@@ -3872,6 +3872,13 @@ AC_SUBST(rubyarchhdrdir)dnl AC_SUBST(sitearchhdrdir)dnl AC_SUBST(vendorarchhdrdir)dnl diff --git a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 116bb66..d5ecc34 100644 --- a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 11fc237552..b77e88fc37 100644 --- a/configure.ac +++ b/configure.ac -@@ -3085,6 +3085,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3102,6 +3102,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index bfb197f..f7f364f 100644 --- a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index 999e2d6d5d..11fc237552 100644 --- a/configure.ac +++ b/configure.ac -@@ -3710,7 +3710,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -3727,7 +3727,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/SOURCES/ruby-2.1.0-always-use-i386.patch b/SOURCES/ruby-2.1.0-always-use-i386.patch index d63752a..cde4302 100644 --- a/SOURCES/ruby-2.1.0-always-use-i386.patch +++ b/SOURCES/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index b77e88fc37..6bba453e3c 100644 --- a/configure.ac +++ b/configure.ac -@@ -3774,6 +3774,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -3791,6 +3791,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch index c4893da..d9b6915 100644 --- a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch +++ b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 6bba453e3c..028ef7ca3e 100644 --- a/configure.ac +++ b/configure.ac -@@ -3746,6 +3746,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -3763,6 +3763,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 6bba453e3c..028ef7ca3e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -3770,6 +3774,7 @@ AC_SUBST(sitearchdir)dnl +@@ -3787,6 +3787,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl @@ -64,18 +64,18 @@ index 79c003e..34f2382 100644 % R = {} % R["ruby_version"] = '"RUBY_LIB_VERSION"' diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb -index b47b6e1..0b99408 100755 +index d8987af..1efbd33 100755 --- a/tool/rbinstall.rb +++ b/tool/rbinstall.rb -@@ -334,6 +334,7 @@ def CONFIG.[](name, mandatory = false) - sitearchlibdir = CONFIG["sitearchdir"] - vendorlibdir = CONFIG["vendorlibdir"] - vendorarchlibdir = CONFIG["vendorarchdir"] +@@ -338,6 +338,7 @@ if CONFIG["vendordir"] + vendorlibdir = CONFIG["vendorlibdir"] + vendorarchlibdir = CONFIG["vendorarchdir"] + end +rubygemsdir = CONFIG["rubygemsdir"] mandir = CONFIG["mandir", true] docdir = CONFIG["docdir", true] enable_shared = CONFIG["ENABLE_SHARED"] == 'yes' -@@ -560,7 +561,16 @@ def stub +@@ -564,7 +565,16 @@ end install?(:local, :comm, :lib) do prepare "library scripts", rubylibdir noinst = %w[*.txt *.rdoc *.gemspec] diff --git a/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch b/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch index 7118a32..e8107d7 100644 --- a/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch +++ b/SOURCES/ruby-2.2.3-Generate-preludes-using-miniruby.patch @@ -11,7 +11,7 @@ diff --git a/common.mk b/common.mk index 168dc52..20c218a 100644 --- a/common.mk +++ b/common.mk -@@ -1052,9 +1052,9 @@ $(MINIPRELUDE_C): $(COMPILE_PRELUDE) +@@ -1053,9 +1053,9 @@ $(MINIPRELUDE_C): $(COMPILE_PRELUDE) $(srcdir)/template/prelude.c.tmpl $(PRELUDE_C): $(COMPILE_PRELUDE) \ diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch index a74fb74..e46915c 100644 --- a/SOURCES/ruby-2.3.0-ruby_version.patch +++ b/SOURCES/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 8ea969412f..a00f2b6776 100644 --- a/configure.ac +++ b/configure.ac -@@ -3661,9 +3661,6 @@ AS_CASE(["$target_os"], +@@ -3678,9 +3678,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 8ea969412f..a00f2b6776 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -3686,56 +3683,62 @@ AC_ARG_WITH(ridir, +@@ -3703,56 +3703,62 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -120,7 +120,7 @@ index 8ea969412f..a00f2b6776 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -3752,6 +3755,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -3769,6 +3769,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl @@ -171,7 +171,7 @@ diff --git a/tool/rbinstall.rb b/tool/rbinstall.rb index d4c110e..d39c9a6 100755 --- a/tool/rbinstall.rb +++ b/tool/rbinstall.rb -@@ -424,7 +424,7 @@ def CONFIG.[](name, mandatory = false) +@@ -428,7 +428,7 @@ def CONFIG.[](name, mandatory = false) install?(:doc, :rdoc) do if $rdocdir diff --git a/SOURCES/ruby-2.6.0-use-larger-keys-for-SSL-tests.patch b/SOURCES/ruby-2.6.0-use-larger-keys-for-SSL-tests.patch deleted file mode 100644 index 6bb8466..0000000 --- a/SOURCES/ruby-2.6.0-use-larger-keys-for-SSL-tests.patch +++ /dev/null @@ -1,486 +0,0 @@ -From b0bcb19cb4f95d260c5993df0aaa3667522fb99d Mon Sep 17 00:00:00 2001 -From: Kazuki Yamaguchi -Date: Thu, 16 Aug 2018 20:54:47 +0900 -Subject: [PATCH 1/2] test/openssl/test_pair: fix deadlock in - test_connect_accept_nonblock - -Call IO.select with a timeout value and limit the number of retries to -prevent stacking forever. - -Reference: https://github.com/ruby/openssl/issues/214 ---- - test/openssl/test_pair.rb | 51 +++++++++++++++++---------------------- - 1 file changed, 22 insertions(+), 29 deletions(-) - -diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb -index ea5f0dcf..eac3655e 100644 ---- a/test/openssl/test_pair.rb -+++ b/test/openssl/test_pair.rb -@@ -442,7 +442,7 @@ def test_connect_accept_nonblock_no_exception - end - - def test_connect_accept_nonblock -- ctx = OpenSSL::SSL::SSLContext.new() -+ ctx = OpenSSL::SSL::SSLContext.new - ctx.cert = @svr_cert - ctx.key = @svr_key - ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") } -@@ -451,45 +451,38 @@ def test_connect_accept_nonblock - - th = Thread.new { - s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx) -- s2.sync_close = true -- begin -+ 5.times { -+ begin -+ break s2.accept_nonblock -+ rescue IO::WaitReadable -+ IO.select([s2], nil, nil, 1) -+ rescue IO::WaitWritable -+ IO.select(nil, [s2], nil, 1) -+ end - sleep 0.2 -- s2.accept_nonblock -+ } -+ } -+ -+ s1 = OpenSSL::SSL::SSLSocket.new(sock1) -+ 5.times { -+ begin -+ break s1.connect_nonblock - rescue IO::WaitReadable -- IO.select([s2]) -- retry -+ IO.select([s1], nil, nil, 1) - rescue IO::WaitWritable -- IO.select(nil, [s2]) -- retry -+ IO.select(nil, [s1], nil, 1) - end -- s2 -- } -- -- sleep 0.1 -- ctx = OpenSSL::SSL::SSLContext.new() -- s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx) -- begin - sleep 0.2 -- s1.connect_nonblock -- rescue IO::WaitReadable -- IO.select([s1]) -- retry -- rescue IO::WaitWritable -- IO.select(nil, [s1]) -- retry -- end -- s1.sync_close = true -+ } - - s2 = th.value - - s1.print "a\ndef" - assert_equal("a\n", s2.gets) - ensure -- th.join if th -- s1.close if s1 && !s1.closed? -- s2.close if s2 && !s2.closed? -- sock1.close if sock1 && !sock1.closed? -- sock2.close if sock2 && !sock2.closed? -+ sock1&.close -+ sock2&.close -+ th&.join - end - end - - -From 5ba99ad7ae1267ed964f53906530579299f3fcc6 Mon Sep 17 00:00:00 2001 -From: Kazuki Yamaguchi -Date: Thu, 16 Aug 2018 20:04:13 +0900 -Subject: [PATCH 2/2] test: use larger keys for SSL tests - -Some systems enforce a system-wide policy to restrict key sizes used in -SSL/TLS. Use larger ones if possible so that the test suite runs -successfully. - -New PEM files test/openssl/fixtures/pkey/{dh-1,rsa-1,rsa-2,rsa-3}.pem are added -to the tree, and SSL tests now use them instead of the fixed-size keys. - -Reference: https://github.com/ruby/openssl/issues/215 ---- - test/openssl/fixtures/pkey/dh-1.pem | 13 +++++++ - test/openssl/fixtures/pkey/rsa-1.pem | 51 ++++++++++++++++++++++++++++ - test/openssl/fixtures/pkey/rsa-2.pem | 51 ++++++++++++++++++++++++++++ - test/openssl/fixtures/pkey/rsa-3.pem | 51 ++++++++++++++++++++++++++++ - test/openssl/test_pair.rb | 8 ++--- - test/openssl/test_pkey_dh.rb | 8 ++--- - test/openssl/test_ssl.rb | 11 +++--- - test/openssl/utils.rb | 14 ++++---- - 8 files changed, 186 insertions(+), 21 deletions(-) - create mode 100644 test/openssl/fixtures/pkey/dh-1.pem - create mode 100644 test/openssl/fixtures/pkey/rsa-1.pem - create mode 100644 test/openssl/fixtures/pkey/rsa-2.pem - create mode 100644 test/openssl/fixtures/pkey/rsa-3.pem - -diff --git a/test/openssl/fixtures/pkey/dh-1.pem b/test/openssl/fixtures/pkey/dh-1.pem -new file mode 100644 -index 00000000..3340a6a1 ---- /dev/null -+++ b/test/openssl/fixtures/pkey/dh-1.pem -@@ -0,0 +1,13 @@ -+-----BEGIN DH PARAMETERS----- -+MIICCAKCAgEAvRzXYxY6L2DjeYmm1eowtMDu1it3j+VwFr6s6PRWzc1apMtztr9G -+xZ2mYndUAJLgNLO3n2fUDCYVMB6ZkcekW8Siocof3xWiMA6wqZ6uw0dsE3q7ZX+6 -+TLjgSjaXeGvjutvuEwVrFeaUi83bMgfXN8ToxIQVprIF35sYFt6fpbFATKfW7qqi -+P1pQkjmCskU4tztaWvlLh0qg85wuQGnpJaQT3gS30378i0IGbA0EBvJcSpTHYbLa -+nsdI9bfN/ZVgeolVMNMU9/n8R8vRhNPcHuciFwaqS656q+HavCIyxw/LfjSwwFvR -+TngCn0wytRErkzFIXnRKckh8/BpI4S+0+l1NkOwG4WJ55KJ/9OOdZW5o/QCp2bDi -+E0JN1EP/gkSom/prq8JR/yEqtsy99uc5nUxPmzv0IgdcFHZEfiQU7iRggEbx7qfQ -+Ve55XksmmJInmpCy1bSabAEgIKp8Ckt5KLYZ0RgTXUhcEpsxEo6cuAwoSJT5o4Rp -+yG3xow2ozPcqZkvb+d2CHj1sc54w9BVFAjVANEKmRil/9WKz14bu3wxEhOPqC54n -+QojjLcoXSoT66ZUOQnYxTSiLtzoKGPy8cAVPbkBrXz2u2sj5gcvr1JjoGjdHm9/3 -+qnqC8fsTz8UndKNIQC337o4K0833bQMzRGl1/qjbAPit2B7E3b6xTZMCAQI= -+-----END DH PARAMETERS----- -diff --git a/test/openssl/fixtures/pkey/rsa-1.pem b/test/openssl/fixtures/pkey/rsa-1.pem -new file mode 100644 -index 00000000..bd5a624f ---- /dev/null -+++ b/test/openssl/fixtures/pkey/rsa-1.pem -@@ -0,0 +1,51 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIJJwIBAAKCAgEArIEJUYZrXhMfUXXdl2gLcXrRB4ciWNEeXt5UVLG0nPhygZwJ -+xis8tOrjXOJEpUXUsfgF35pQiJLD4T9/Vp3zLFtMOOQjOR3AxjIelbH9KPyGFEr9 -+TcPtsJ24zhcG7RbwOGXR4iIcDaTx+bCLSAd7BjG3XHQtyeepGGRZkGyGUvXjPorH -+XP+dQjQnMd09wv0GMZSqQ06PedUUKQ4PJRfMCP+mwjFP+rB3NZuThF0CsNmpoixg -+GdoQ591Yrf5rf2Bs848JrYdqJlKlBL6rTFf2glHiC+mE5YRny7RZtv/qIkyUNotV -+ce1cE0GFrRmCpw9bqulDDcgKjFkhihTg4Voq0UYdJ6Alg7Ur4JerKTfyCaRGF27V -+fh/g2A2/6Vu8xKYYwTAwLn+Tvkx9OTVZ1t15wM7Ma8hHowNoO0g/lWkeltgHLMji -+rmeuIYQ20BQmdx2RRgWKl57D0wO/N0HIR+Bm4vcBoNPgMlk9g5WHA6idHR8TLxOr -+dMMmTiWfefB0/FzGXBv7DuuzHN3+urdCvG1QIMFQ06kHXhr4rC28KbWIxg+PJGM8 -+oGNEGtGWAOvi4Ov+BVsIdbD5Sfyb4nY3L9qqPl6TxRxMWTKsYCYx11jC8civCzOu -+yL1z+wgIICJ6iGzrfYf6C2BiNV3BC1YCtp2XsG+AooIxCwjL2CP/54MuRnUCAwEA -+AQKCAgAP4+8M0HoRd2d6JIZeDRqIwIyCygLy9Yh7qrVP+/KsRwKdR9dqps73x29c -+Pgeexdj67+Lynw9uFT7v/95mBzTAUESsNO+9sizw1OsWVQgB/4kGU4YT5Ml/bHf6 -+nApqSqOkPlTgJM46v4f+vTGHWBEQGAJRBO62250q/wt1D1osSDQ/rZ8BxRYiZBV8 -+NWocDRzF8nDgtFrpGSS7R21DuHZ2Gb6twscgS6MfkA49sieuTM6gfr/3gavu/+fM -+V1Rlrmc65GE61++CSjijQEEdTjkJ9isBd+hjEBhTnnBpOBfEQxOgFqOvU/MYXv/G -+W0Q6yWJjUwt3OIcoOImrY5L3j0vERneA1Alweqsbws3fXXMjA+jhLxlJqjPvSAKc -+POi7xu7QCJjSSLAzHSDPdmGmfzlrbdWS1h0mrC5YZYOyToLajfnmAlXNNrytnePg -+JV9/1136ZFrJyEi1JVN3kyrC+1iVd1E+lWK0U1UQ6/25tJvKFc1I+xToaUbK10UN -+ycXib7p2Zsc/+ZMlPRgCxWmpIHmKhnwbO7vtRunnnc6wzhvlQQNHWlIvkyQukV50 -+6k/bzWw0M6A98B4oCICIcxcpS3njDlHyL7NlkCD+/OfZp6X3RZF/m4grmA2doebz -+glsaNMyGHFrpHkHq19Y63Y4jtBdW/XuBv06Cnr4r3BXdjEzzwQKCAQEA5bj737Nk -+ZLA0UgzVVvY67MTserTOECIt4i37nULjRQwsSFiz0AWFOBwUCBJ5N2qDEelbf0Fa -+t4VzrphryEgzLz/95ZXi+oxw1liqCHi8iHeU2wSclDtx2jKv2q7bFvFSaH4CKC4N -+zBJNfP92kdXuAjXkbK/jWwr64fLNh/2KFWUAmrYmtGfnOjjyL+yZhPxBatztE58q -+/T61pkvP9NiLfrr7Xq8fnzrwqGERhXKueyoK6ig9ZJPZ2VTykMUUvNYJJ7OYQZru -+EYA3zkuEZifqmjgF57Bgg7dkkIh285TzH3CNf3MCMTmjlWVyHjlyeSPYgISB9Mys -+VKKQth+SvYcChQKCAQEAwDyCcolA7+bQBfECs6GXi7RYy2YSlx562S5vhjSlY9Ko -+WiwVJWviF7uSBdZRnGUKoPv4K4LV34o2lJpSSTi5Xgp7FH986VdGePe3p4hcXSIZ -+NtsKImLVLnEjrmkZExfQl7p0MkcU/LheCf/eEZVp0Z84O54WCs6GRm9wHYIUyrag -+9FREqqxTRVNhQQ2EDVGq1slREdwB+aygE76axK/qosk0RaoLzGZiMn4Sb8bpJxXO -+mee+ftq5bayVltfR0DhC8eHkcPPFeQMll1g+ML7HbINwHTr01ONm3cFUO4zOLBOO -+ws/+vtNfiv6S/lO1RQSRoiApbENBLdSc3V8Cy70PMQKCAQBOcZN4uP5gL5c+KWm0 -+T1KhxUDnSdRPyAwY/xC7i7qlullovvlv4GK0XUot03kXBkUJmcEHvF5o6qYtCZlM -+g/MOgHCHtF4Upl5lo1M0n13pz8PB4lpBd+cR1lscdrcTp4Y3bkf4RnmppNpXA7kO -+ZZnnoVWGE620ShSPkWTDuj0rvxisu+SNmClqRUXWPZnSwnzoK9a86443efF3fs3d -+UxCXTuxFUdGfgvXo2XStOBMCtcGSYflM3fv27b4C13mUXhY0O2yTgn8m9LyZsknc -+xGalENpbWmwqrjYl8KOF2+gFZV68FZ67Bm6otkJ4ta80VJw6joT9/eIe6IA34KIw -+G+ktAoIBAFRuPxzvC4ZSaasyX21l25mQbC9pdWDKEkqxCmp3VOyy6R4xnlgBOhwS -+VeAacV2vQyvRfv4dSLIVkkNSRDHEqCWVlNk75TDXFCytIAyE54xAHbLqIVlY7yim -+qHVB07F/FC6PxdkPPziAAU2DA5XVedSHibslg6jbbD4jU6qiJ1+hNrAZEs+jQC+C -+n4Ri20y+Qbp0URb2+icemnARlwgr+3HjzQGL3gK4NQjYNmDBjEWOXl9aWWB90FNL -+KahGwfAhxcVW4W56opCzwR7nsujV4eDXGba83itidRuQfd5pyWOyc1E86TYGwD/b -+79OkEElv6Ea8uXTDVS075GmWATRapQECggEAd9ZAbyT+KouTfi2e6yLOosxSZfns -+eF06QAJi5n9GOtdfK5fqdmHJqJI7wbubCnd0oxPeL71lRjrOAMXufaQRdZtfXSMn -+B1TljteNrh1en5xF451rCPR/Y6tNKBvIKnhy1waO27/vA+ovXrm17iR9rRuGZ29i -+IurlKA6z/96UdrSdpqITTCyTjSOBYg34f49ueGjlpL4+8HJq2wor4Cb1Sbv8ErqA -+bsQ/Jz+KIGUiuFCfNa6d6McPRXIrGgzpprXgfimkV3nj49QyrnuCF/Pc4psGgIaN -+l3EiGXzRt/55K7DQVadtbcjo9zREac8QnDD6dS/gOfJ82L7frQfMpNWgQA== -+-----END RSA PRIVATE KEY----- -diff --git a/test/openssl/fixtures/pkey/rsa-2.pem b/test/openssl/fixtures/pkey/rsa-2.pem -new file mode 100644 -index 00000000..e4fd4f43 ---- /dev/null -+++ b/test/openssl/fixtures/pkey/rsa-2.pem -@@ -0,0 +1,51 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIJKAIBAAKCAgEA1HUbx825tG7+/ulC5DpDogzXqM2/KmeCwGXZY4XjiWa+Zj7b -+ECkZwQh7zxFUsPixGqQKJSyFwCogdaPzYTRNtqKKaw/IWS0um1PTn4C4/9atbIsf -+HVKu/fWg4VrZL+ixFIZxa8Z6pvTB2omMcx+uEzbXPsO01i1pHf7MaWBxUDGFyC9P -+lASJBfFZAf2Ar1H99OTS4SP+gxM9Kk5tcc22r8uFiqqbhJmQNSDApdHvT1zSZxAc -+T1BFEZqfmR0B0UegPyJc/9hW0dYpB9JjR29UaZRSta3LUMpqltoOF5bzaKVgMuBm -+Qy79xJ71LjGp8bKhgRaWXyPsDzAC0MQlOW6En0v8LK8fntivJEvw9PNOMcZ8oMTn -+no0NeVt32HiQJW8LIVo7dOLVFtguSBMWUVe8mdKbuIIULD6JlSYke9Ob6andUhzO -+U79m/aRWs2yjD6o5QAktjFBARdPgcpTdWfppc8xpJUkQgRmVhINoIMT9W6Wl898E -+P4aPx6mRV/k05ellN3zRgd9tx5dyNuj3RBaNmR47cAVvGYRQgtH9bQYs6jtf0oer -+A5yIYEKspNRlZZJKKrQdLflQFOEwjQJyZnTk7Mp0y21wOuEGgZBexew55/hUJDC2 -+mQ8CqjV4ki/Mm3z6Cw3jXIMNBJkH7oveBGSX0S9bF8A/73oOCU3W/LkORxECAwEA -+AQKCAgBLK7RMmYmfQbaPUtEMF2FesNSNMV72DfHBSUgFYpYDQ4sSeiLgMOqf1fSY -+azVf+F4RYwED7iDUwRMDDKNMPUlR2WjIQKlOhCH9a0dxJAZQ3xA1W3QC2AJ6cLIf -+ihlWTip5bKgszekPsYH1ZL2A7jCVM84ssuoE7cRHjKOelTUCfsMq9TJe2MvyglZP -+0fX6EjSctWm3pxiiH+iAU4d9wJ9my8fQLFUiMYNIiPIguYrGtbzsIlMh7PDDLcZS -+UmUWOxWDwRDOpSjyzadu0Q23dLiVMpmhFoDdcQENptFdn1c4K2tCFQuZscKwEt4F -+HiVXEzD5j5hcyUT4irA0VXImQ+hAH3oSDmn7wyHvyOg0bDZpUZXEHXb83Vvo54/d -+Fb4AOUva1dwhjci8CTEMxCENMy/CLilRv46AeHbOX8KMPM7BnRSJPptvTTh/qB9C -+HI5hxfkO+EOYnu0kUlxhJfrqG86H4IS+zA8HWiSEGxQteMjUQfgJoBzJ94YChpzo -+ePpKSpjxxl1PNNWKxWM3yUvlKmI2lNl6YNC8JpF2wVg4VvYkG7iVjleeRg21ay89 -+NCVMF98n3MI5jdzfDKACnuYxg7sw+gjMy8PSoFvQ5pvHuBBOpa8tho6vk7bLJixT -+QY5uXMNQaO6OwpkBssKpnuXhIJzDhO48nSjJ5nUEuadPH1nGwQKCAQEA7twrUIMi -+Vqze/X6VyfEBnX+n3ZyQHLGqUv/ww1ZOOHmSW5ceC4GxHa8EPDjoh9NEjYffwGq9 -+bfQh9Gntjk5gFipT/SfPrIhbPt59HthUqVvOGgSErCmn0vhsa0+ROpVi4K2WHS7O -+7SEwnoCWd6p1omon2olVY0ODlMH4neCx/ZuKV8SRMREubABlL8/MLp37AkgKarTY -+tewd0lpaZMvsjOhr1zVCGUUBxy87Fc7OKAcoQY8//0r8VMH7Jlga7F2PKVPzqRKf -+tjeW5jMAuRxTqtEdIeclJZwvUMxvb23BbBE+mtvKpXv69TB3DK8T1YIkhW2CidZW -+lad4MESC+QFNbQKCAQEA47PtULM/0ZFdE+PDDHOa2kJ2arm94sVIqF2168ZLXR69 -+NkvCWfjkUPDeejINCx7XQgk0d/+5BCvrJpcM7lE4XfnYVNtPpct1el6eTfaOcPU8 -+wAMsnq5n9Mxt02U+XRPtEqGk+lt0KLPDDSG88Z7jPmfftigLyPH6i/ZJyRUETlGk -+rGnWSx/LFUxQU5aBa2jUCjKOKa+OOk2jGg50A5Cmk26v9sA/ksOHisMjfdIpZc9P -+r4R0IteDDD5awlkWTF++5u1GpgU2yav4uan0wzY8OWYFzVyceA6+wffEcoplLm82 -+CPd/qJOB5HHkjoM+CJgfumFxlNtdowKvKNUxpoQNtQKCAQEAh3ugofFPp+Q0M4r6 -+gWnPZbuDxsLIR05K8vszYEjy4zup1YO4ygQNJ24fM91/n5Mo/jJEqwqgWd6w58ax -+tRclj00BCMXtGMrbHqTqSXWhR9LH66AGdPTHuXWpYZDnKliTlic/z1u+iWhbAHyl -+XEj2omIeKunc4gnod5cyYrKRouz3omLfi/pX33C19FGkWgjH2HpuViowBbhhDfCr -+9yJoEWC/0njl/hlTMdzLYcpEyxWMMuuC/FZXG+hPgWdWFh3XVzTEL3Fd3+hWEkp5 -+rYWwu2ITaSiHvHaDrAvZZVXW8WoynXnvzr+tECgmTq57zI4eEwSTl4VY5VfxZ0dl -+FsIzXQKCAQBC07GYd6MJPGJWzgeWhe8yk0Lxu6WRAll6oFYd5kqD/9uELePSSAup -+/actsbbGRrziMpVlinWgVctjvf0bjFbArezhqqPLgtTtnwtS0kOnvzGfIM9dms4D -+uGObISGWa5yuVSZ4G5MRxwA9wGMVfo4u6Iltin868FmZ7iRlkXd8DNYJi95KmgAe -+NhF1FrzQ6ykf/QpgDZfuYI63vPorea6JonieMHn39s622OJ3sNBZguheGL+E4j8h -+vsMgOskijQ8X8xdC7lDQC1qqEsk06ZvvNJQLW1zIl3tArhjHjPp5EEaJhym+Ldx3 -+UT3E3Zu9JfhZ2PNevqrShp0lnLw/pI3pAoIBAAUMz5Lj6V9ftsl1pTa8WDFeBJW0 -+Wa5AT1BZg/ip2uq2NLPnA5JWcD+v682fRSvIj1pU0DRi6VsXlzhs+1q3+sgqiXGz -+u2ArFylh8TvC1gXUctXKZz/M3Rqr6aSNoejUGLmvHre+ja/k6Zwmu6ePtB7dL50d -+6+xMTYquS4gLbrbSLcEu3iBAAnvRLreXK4KguPxaBdICB7v7epdpAKe3Z7hp/sst -+eJj1+6KRdlcmt8fh5MPkBBXa6I/9XGmX5UEo7q4wAxeM9nuFWY3watz/EO9LiO6P -+LmqUSWL65m4cX0VZPvhYEsHppKi1eoWGlHqS4Af5+aIXi2alu2iljQFeA+Q= -+-----END RSA PRIVATE KEY----- -diff --git a/test/openssl/fixtures/pkey/rsa-3.pem b/test/openssl/fixtures/pkey/rsa-3.pem -new file mode 100644 -index 00000000..6c9c9ced ---- /dev/null -+++ b/test/openssl/fixtures/pkey/rsa-3.pem -@@ -0,0 +1,51 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIJKAIBAAKCAgEAzn+YCcOh7BIRzrb7TEuhQLD545+/Fx/zCYO3l+y/8ogUxMTg -+LG5HrcXlX3JP796ie90/GHIf8/lwczVhP1jk/keYjkwoTYDt477R7KRcJPyGqHRr -+qLp7AnZxtz3JLNboTgO3bAYzlvtsSKU/R3oehBbGHzEWCP2UEYj/Kky0zpcjkhZU -+jiErr9ARPq8+dOGqBf+CE2NLKYC1bu8hZe9AddvvN2SvfMN6uhJtEGZO1k8tScwf -+AyvPJ1Po/6z08pzMAgfBUCE95waAVeYJWIOlnNB4eEievzlXdPB9vEt8OOwtWfQX -+V8xyMsoKeAW05s413E0eTYx1aulFXdWwG2mWEBRtNzKF1iBudlg1a3x1zThWi1pY -+jW5vROvoWZMCbl9bYQ/LxOCVqDoUl86+NPEGeuESMzm5NvOQA2e0Ty5wphnt9M19 -+Wcc8neBhb6iCGqYzxWNvUYXZWUv1+/MrPHKyJuv7MSivwtctfp8SacUGxkd6T+u6 -+V6ntHf3qtN/5pAmni6nzUTgjC65MS0LEhi/RTzwafkIfifeJH7/LqFtjrursuwua -++p9lkACck/J5TpzaAfLroFQuepP8qgeq1cpD5Iii56IJ+FPSnkvesHuRUmZIkhtR -+VVsVqMaNPv/Uzc02bOaRXWP4auUY91mDKx/FDmORa9YCDQxMkKke05SWQ90CAwEA -+AQKCAgA0+B/c6VTgxGXS+7cMhB3yBTOkgva2jNh/6Uyv6Of345ZIPyQt4X/7gFbt -+G9qLcjWFxmQH9kZiA+snclrmr/vVijIE1l5EOz1KfUlGBYcpaal1DqALIQKqyA01 -+buDq4pmmYWesiw6yvP2yyMipohav1VOu7p1zYvCXaufhRtneYICcWaQI7VNSfvHd -+fYBs5PIDJd6M8Jx4Ie7obOjJSAzl7qu3LtmhDFev4Ugeu8+fQ6IfWv/dhWBW+zw6 -+UXhnv3bJUonw7wX8+/rxjdd54BMcXZF5cU9fR+s6MPJf2ZEc3OBpQaa3O9dTVeZH -+kVctGVpRj2qlg9EewoWro0PQVE5Mjah+mdFhPAHWoGl1xht6xJmg0uHYxMCzbUSz -+7NSS3knR0qieFvsp5ESY72i7DnQsbhbn6mTuYdVtm9bphxifAWCP3jFdft/bjtSF -+4yuPI7Qga+3m0B8QhtbWhEzPVon6NyiY7qfa6qllp0opEbw2hE22uGFFNJo2mpPa -+pe9VwARtD0IyfeklE7KrBEwV8NjTaAipZTZODw0w/dt4K3dOiePDl3pPWjmERpVg -+Lkw7XSCMtu5X87I1BbfOYbQhOXksPY+W9Asf6ETBeIZ8bD6Iypuk2ssool1lukqv -+yq1Y8gbR9B2x91ftYwXgzqBSvd8PFNsaXWLD3nrai2G1vb81lQKCAQEA6W02eZcN -+7wJfkqNokcuqhc5OKXH14gVIRV+KocG6f3vg88wrCg5J2GqNhBFuwVrafJjRenm6 -+C8zWdneeyrl6cztgbaySw7kXnqFdTBiuOT8bhiG5NTPjDQ109EucaTbZU9KUXk6k -+ChPlr4G6IPrONpvi/9BvDDZLZkwR6uIg1kFWBy9kZaxFUEIug02hrbkTpPtnEUrO -+r3nG0QL/D0vf+bm4YHIVRMH2O2ZTTWexMw9XlfCe1+WjbJ+PS35QRCRDcRdWHXDb -+HnIFIAajtH5LtaJLgWUYq3B25WkQYtbHmFkm94sp/G4trb8JIJGzVO8cj9t6KeAT -+LG+tk8OqplqsYwKCAQEA4ne81KXx8VNwsKVFqwmiDIoi1q3beNa2hoXdzAMrnYdj -+iLxbfCVgrKPav9hdfXPBncHaNlGsd2G5W1a1UsOr128lTdfBsgm1RVPhVMKvo3fl -+yUnWajtAR1q3tVEUhuFlbJ/RHEtxJaGrzudYCPWQiYhydpDgSckbxD8PuElEgFBX -+O91vnWZEjMsxrABWiZNBxmtBUEv+fjUU/9USYzO4sN79UeD1+ZuBxPFwscsRcjLr -+bPgZWOwiywH6UmQ+DJTzeu0wJ6jgPoy/pgEujsbPDz1wNos6NhA/RQv31QeX33/B -+7/F5XKNmbJ2AFb/B+xTaTQPg0pjT5Exm+HrNU5OivwKCAQEAsLLVi9FG4OiBBHXi -+UItFuChljoYPxVqOTMV4Id6OmLZjoOmqouASElsGaTTxDDkEL1FXMUk4Bnq21dLT -+R06EXPpTknISX0qbkJ9CCrqcGAWnhi+9DYMLmvPW1p7t9c9pUESVv5X0IxTQx7yB -+8zkoJLp4aYGUrj/jb7qhzZYDmWy3/JRpgXWYupp+rzJy8xiowDj22mYwczDRyaJl -+BWVAVL+7zHZPl07kYC6jXHLj9mzktkIBXBkfTriyNkmV5R82VkN+Eqc9l5xkOMwN -+3DHGieYjFf47YHuv5RVVLBy91puWHckgrU+SEHYOKLNidybSDivsHArdOMQJN1Pk -+uCznVQKCAQAYY7DQbfa6eLQAMixomSb8lrvdxueGAgmyPyR93jGKS5Rqm2521ket -+EBB07MZUxmyposDvbKhYSwv9TD9G5I/TKcMouP3BQM5m4vu3dygXQMhcfzk6Q5tO -+k/SI8Gx3gjq8EhIhK/bJiLnKFJwkit3AEhPRtRSSnbgB0JDO1gUslHpwlg55MxRa -+3V9CGN84/cTtq4tjLGwCB5F1Y+sRB/byBXHeqY2UDi1Rmnb6jtYYKGe2WpnQO84b -+cuEUknskO75lFLpE6ykLU3koVaQ/+CVAjOtS1He2btWBiCJurNysU0P9pVHeqjJT -+rDqpHPe1JK/F74783zyir5+/Tuph/9pdAoIBAANPdFRQkJVH8K6iuhxQk6vFqiYB -+MUxpIVeLonD0p9TgMdezVNESht/AIutc0+5wabM45XuDWFRTuonvcE8lckv2Ux3a -+AvSsamjuesxw2YmkEtzZouVqDU0+oxppQJiwBG3MiaHX9F5IfnK6YmQ6xPwZ6MXi -+9feq1jR4KOc1ZrHtRMNgjnBWEFWroGe3FHgV7O133hpMSshRFmwcbE0nAaDr82U9 -+sl8dclDjEKBxaqjAeNajOr+BU0w0AAwWXL7dt/ctG2QClcj9wqbEfsXnOR10h4AI -+rqkcvQrOLbTwcrOD/6R1rQfQXtEHKf1maThxosootAQZXdf6jxU3oonx3tU= -+-----END RSA PRIVATE KEY----- -diff --git a/test/openssl/test_pair.rb b/test/openssl/test_pair.rb -index eac3655e..8d6ca1e9 100644 ---- a/test/openssl/test_pair.rb -+++ b/test/openssl/test_pair.rb -@@ -10,7 +10,7 @@ def setup - ee_exts = [ - ["keyUsage", "keyEncipherment,digitalSignature", true], - ] -- @svr_key = OpenSSL::TestUtils::Fixtures.pkey("rsa1024") -+ @svr_key = OpenSSL::TestUtils::Fixtures.pkey("rsa-1") - @svr_cert = issue_cert(svr_dn, @svr_key, 1, ee_exts, nil, nil) - end - -@@ -23,7 +23,7 @@ def ssl_pair - sctx = OpenSSL::SSL::SSLContext.new - sctx.cert = @svr_cert - sctx.key = @svr_key -- sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") } -+ sctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") } - sctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION - ssls = OpenSSL::SSL::SSLServer.new(tcps, sctx) - ns = ssls.accept -@@ -397,7 +397,7 @@ def test_connect_accept_nonblock_no_exception - ctx2 = OpenSSL::SSL::SSLContext.new - ctx2.cert = @svr_cert - ctx2.key = @svr_key -- ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") } -+ ctx2.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") } - - sock1, sock2 = tcp_pair - -@@ -445,7 +445,7 @@ def test_connect_accept_nonblock - ctx = OpenSSL::SSL::SSLContext.new - ctx.cert = @svr_cert - ctx.key = @svr_key -- ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey_dh("dh1024") } -+ ctx.tmp_dh_callback = proc { OpenSSL::TestUtils::Fixtures.pkey("dh-1") } - - sock1, sock2 = tcp_pair - -diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb -index fb713813..79bf9bb7 100644 ---- a/test/openssl/test_pkey_dh.rb -+++ b/test/openssl/test_pkey_dh.rb -@@ -19,7 +19,7 @@ def test_new_break - end - - def test_DHparams -- dh1024 = Fixtures.pkey_dh("dh1024") -+ dh1024 = Fixtures.pkey("dh1024") - asn1 = OpenSSL::ASN1::Sequence([ - OpenSSL::ASN1::Integer(dh1024.p), - OpenSSL::ASN1::Integer(dh1024.g) -@@ -42,7 +42,7 @@ def test_DHparams - end - - def test_public_key -- dh = Fixtures.pkey_dh("dh1024") -+ dh = Fixtures.pkey("dh1024") - public_key = dh.public_key - assert_no_key(public_key) #implies public_key.public? is false! - assert_equal(dh.to_der, public_key.to_der) -@@ -50,14 +50,14 @@ def test_public_key - end - - def test_generate_key -- dh = Fixtures.pkey_dh("dh1024").public_key # creates a copy -+ dh = Fixtures.pkey("dh1024").public_key # creates a copy - assert_no_key(dh) - dh.generate_key! - assert_key(dh) - end - - def test_key_exchange -- dh = Fixtures.pkey_dh("dh1024") -+ dh = Fixtures.pkey("dh1024") - dh2 = dh.public_key - dh.generate_key! - dh2.generate_key! -diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb -index 408c7d82..2633f7c4 100644 ---- a/test/openssl/test_ssl.rb -+++ b/test/openssl/test_ssl.rb -@@ -712,7 +712,7 @@ def socketpair - - def test_tlsext_hostname - fooctx = OpenSSL::SSL::SSLContext.new -- fooctx.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } -+ fooctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } - fooctx.cert = @cli_cert - fooctx.key = @cli_key - -@@ -764,7 +764,7 @@ def test_servername_cb_raises_an_exception_on_unknown_objects - ctx2 = OpenSSL::SSL::SSLContext.new - ctx2.cert = @svr_cert - ctx2.key = @svr_key -- ctx2.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } -+ ctx2.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } - ctx2.servername_cb = lambda { |args| Object.new } - - sock1, sock2 = socketpair -@@ -1144,7 +1144,7 @@ def test_alpn_protocol_selection_cancel - ctx1 = OpenSSL::SSL::SSLContext.new - ctx1.cert = @svr_cert - ctx1.key = @svr_key -- ctx1.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } -+ ctx1.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } - ctx1.alpn_select_cb = -> (protocols) { nil } - ssl1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1) - -@@ -1386,20 +1386,21 @@ def test_fallback_scsv - def test_dh_callback - pend "TLS 1.2 is not supported" unless tls12_supported? - -+ dh = Fixtures.pkey("dh-1") - called = false - ctx_proc = -> ctx { - ctx.ssl_version = :TLSv1_2 - ctx.ciphers = "DH:!NULL" - ctx.tmp_dh_callback = ->(*args) { - called = true -- Fixtures.pkey_dh("dh1024") -+ dh - } - } - start_server(ctx_proc: ctx_proc) do |port| - server_connect(port) { |ssl| - assert called, "dh callback should be called" - if ssl.respond_to?(:tmp_key) -- assert_equal Fixtures.pkey_dh("dh1024").to_der, ssl.tmp_key.to_der -+ assert_equal dh.to_der, ssl.tmp_key.to_der - end - } - end -diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb -index b7ddd891..fe626ade 100644 ---- a/test/openssl/utils.rb -+++ b/test/openssl/utils.rb -@@ -42,10 +42,8 @@ module Fixtures - - def pkey(name) - OpenSSL::PKey.read(read_file("pkey", name)) -- end -- -- def pkey_dh(name) -- # DH parameters can be read by OpenSSL::PKey.read atm -+ rescue OpenSSL::PKey::PKeyError -+ # TODO: DH parameters can be read by OpenSSL::PKey.read atm - OpenSSL::PKey::DH.new(read_file("pkey", name)) - end - -@@ -157,9 +155,9 @@ class OpenSSL::SSLTestCase < OpenSSL::TestCase - - def setup - super -- @ca_key = Fixtures.pkey("rsa2048") -- @svr_key = Fixtures.pkey("rsa1024") -- @cli_key = Fixtures.pkey("rsa2048") -+ @ca_key = Fixtures.pkey("rsa-1") -+ @svr_key = Fixtures.pkey("rsa-2") -+ @cli_key = Fixtures.pkey("rsa-3") - @ca = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=CA") - @svr = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost") - @cli = OpenSSL::X509::Name.parse("/DC=org/DC=ruby-lang/CN=localhost") -@@ -200,7 +198,7 @@ def start_server(verify_mode: OpenSSL::SSL::VERIFY_NONE, start_immediately: true - ctx.cert_store = store - ctx.cert = @svr_cert - ctx.key = @svr_key -- ctx.tmp_dh_callback = proc { Fixtures.pkey_dh("dh1024") } -+ ctx.tmp_dh_callback = proc { Fixtures.pkey("dh-1") } - ctx.verify_mode = verify_mode - ctx_proc.call(ctx) if ctx_proc - diff --git a/SOURCES/ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch b/SOURCES/ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch new file mode 100644 index 0000000..99b0430 --- /dev/null +++ b/SOURCES/ruby-3.0.0-Convert-ip-addresses-to-canonical-form.patch @@ -0,0 +1,26 @@ +From 2becb920e431110c4afc4fa069b051c5940c2096 Mon Sep 17 00:00:00 2001 +From: Jeremy Evans +Date: Fri, 29 May 2020 14:13:30 -0700 +Subject: [PATCH] Convert ip addresses to canonical form in + Resolv::DNS::Requester::UnconnectedUDP#sender + +Otherwise, if the IP address given is not in canonical form, it +won't match, and Resolv will ignore it. + +Fixes [Bug #16439] +--- + lib/resolv.rb | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/resolv.rb b/lib/resolv.rb +index e7b45e785a85..d78531e174fd 100644 +--- a/lib/resolv.rb ++++ b/lib/resolv.rb +@@ -762,6 +762,7 @@ def recv_reply(readable_socks) + end + + def sender(msg, data, host, port=Port) ++ host = Addrinfo.ip(host).ip_address + lazy_initialize + sock = @socks_hash[host.index(':') ? "::" : "0.0.0.0"] + return nil if !sock diff --git a/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch b/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch new file mode 100644 index 0000000..948f79d --- /dev/null +++ b/SOURCES/rubygem-bundler-2.1.0-dont-use-insecure-temporary-directory-as-home-directory.patch @@ -0,0 +1,157 @@ +From 65cfebb041c454c246aaf32a177b0243915a9998 Mon Sep 17 00:00:00 2001 +From: fatkodima +Date: Fri, 1 Nov 2019 23:06:10 +0200 +Subject: [PATCH] Don't use insecure temporary directory as home directory + +--- + lib/bundler.rb | 29 +++++++++++--------------- + spec/bundler/bundler_spec.rb | 38 +++++++++-------------------------- + spec/bundler/settings_spec.rb | 2 +- + 3 files changed, 22 insertions(+), 47 deletions(-) + +diff --git a/lib/bundler.rb b/lib/bundler.rb +index 2ada6fe7891..b184f7e69c6 100644 +--- a/lib/bundler.rb ++++ b/lib/bundler.rb +@@ -170,8 +170,7 @@ def user_home + end + + if warning +- Kernel.send(:require, "etc") +- user_home = tmp_home_path(Etc.getlogin, warning) ++ user_home = tmp_home_path(warning) + Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n" + user_home + else +@@ -180,21 +180,6 @@ def user_home + end + end + +- def tmp_home_path(login, warning) +- login ||= "unknown" +- Kernel.send(:require, "tmpdir") +- path = Pathname.new(Dir.tmpdir).join("bundler", "home") +- SharedHelpers.filesystem_access(path) do |tmp_home_path| +- unless tmp_home_path.exist? +- tmp_home_path.mkpath +- tmp_home_path.chmod(0o777) +- end +- tmp_home_path.join(login).tap(&:mkpath) +- end +- rescue RuntimeError => e +- raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}") +- end +- + def user_bundle_path(dir = "home") + env_var, fallback = case dir + when "home" +@@ -555,6 +555,17 @@ def configure_gem_home + Bundler.rubygems.clear_paths + end + ++ def tmp_home_path(warning) ++ Kernel.send(:require, "tmpdir") ++ SharedHelpers.filesystem_access(Dir.tmpdir) do ++ path = Bundler.tmp ++ at_exit { Bundler.rm_rf(path) } ++ path ++ end ++ rescue RuntimeError => e ++ raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}") ++ end ++ + # @param env [Hash] + def with_env(env) + backup = ENV.to_hash +diff --git a/spec/bundler/bundler/bundler_spec.rb b/spec/bundler/bundler/bundler_spec.rb +index 74cf7ae05d3..247838600bf 100644 +--- a/spec/bundler/bundler/bundler_spec.rb ++++ b/spec/bundler/bundler/bundler_spec.rb +@@ -232,16 +232,13 @@ + path = "/home/oggy" + allow(Bundler.rubygems).to receive(:user_home).and_return(path) + allow(File).to receive(:directory?).with(path).and_return false +- allow(Etc).to receive(:getlogin).and_return("USER") +- allow(Dir).to receive(:tmpdir).and_return("/TMP") +- allow(FileTest).to receive(:exist?).with("/TMP/bundler/home").and_return(true) +- expect(FileUtils).to receive(:mkpath).with("/TMP/bundler/home/USER") ++ allow(Bundler).to receive(:tmp).and_return(Pathname.new("/tmp/trulyrandom")) + message = </dev/null)" test "$(ls -A %{buildroot}%{ruby_libdir}/bundler/ssl_certs/ 2>/dev/null)" \ @@ -777,7 +786,7 @@ rm -f %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/.gitignore %check %if 0%{?with_hardening_test} # Check Ruby hardening. -checksec -f libruby.so.%{ruby_version} | \ +checksec --file=libruby.so.%{ruby_version} | \ grep "Full RELRO.*Canary found.*NX enabled.*DSO.*No RPATH.*No RUNPATH.*Yes.*\d*.*\d*.*libruby.so.%{ruby_version}" %endif @@ -850,6 +859,14 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/test_segv_\(setproctitle\|test\|loaded_featur # which fails on Koji. # https://bugs.ruby-lang.org/issues/14175 sed -i '/def test_mdns_each_address$/,/^ end$/ s/^/#/' test/resolv/test_mdns.rb +# Disable Timeouting test_queue_with_trap +# https://github.com/ruby/ruby/pull/3101/ +sed -i '/^ def test_queue_with_trap$/,/^ end$/ s/^/#/g' \ + test/ruby/test_thread_queue.rb +# Disable "File.utime allows Time instances in the far future to set +# mtime and atime". +# https://bugs.ruby-lang.org/issues/16410 +MSPECOPTS="$MSPECOPTS -P 'File.utime allows Time instances in the far future to set mtime and atime'" # RHEL8 is using stronger crypto policies then Fedora ATM and upstream does # not support them yet. Disable the RHEL8 configuration for the moment. @@ -1072,7 +1089,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \ %{gem_dir}/specifications/default/mutex_m-0.1.0.gemspec %{gem_dir}/specifications/default/ostruct-0.1.0.gemspec %{gem_dir}/specifications/default/prime-0.1.0.gemspec -%{gem_dir}/specifications/default/rexml-3.1.9.gemspec +%{gem_dir}/specifications/default/rexml-3.1.9.1.gemspec %{gem_dir}/specifications/default/rss-0.2.7.gemspec %{gem_dir}/specifications/default/scanf-1.0.0.gemspec %{gem_dir}/specifications/default/sdbm-1.0.0.gemspec @@ -1082,7 +1099,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \ %{gem_dir}/specifications/default/sync-0.5.0.gemspec %{gem_dir}/specifications/default/thwait-0.1.0.gemspec %{gem_dir}/specifications/default/tracer-0.1.0.gemspec -%{gem_dir}/specifications/default/webrick-1.4.2.gemspec +%{gem_dir}/specifications/default/webrick-1.4.4.gemspec %{gem_dir}/specifications/default/zlib-1.0.0.gemspec %files -n rubygems-devel @@ -1200,6 +1217,16 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \ %{_mandir}/man5/gemfile.5* %changelog +* Wed Apr 14 2021 Jarek Prokop - 2.6.7-107 +- Upgrade to Ruby 2.6.7. + Resolves: rhbz#1952627 +- Resolv::DNS: timeouts if multiple IPv6 name servers are given an address + containing leading zero + Resolves: rhbz#1954968 +- Fix: Rubygem-bundler: Don't use insecure tmp directory as home + allows for execution of malicious code. + Resolves: rhbz#1954969 + * Thu Jul 04 2019 Jun Aruga - 2.6.3-106 - Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64. Resolves: rhbz#1727832