Update to Ruby 2.0.0-p353.

- Allow MD5 in OpenSSL for tests.
- Fix heap overflow in floating point parsing (CVE-2013-4164).
This commit is contained in:
Vít Ondruch 2013-11-27 16:07:24 +01:00
parent 3a0654b687
commit eac4c415ba
6 changed files with 14 additions and 145 deletions

1
.gitignore vendored
View File

@ -20,3 +20,4 @@ ruby-rev415a3ef9ab82c65a7abc-ext_tk.tar.gz
/ruby-2.0.0-p0.tar.gz /ruby-2.0.0-p0.tar.gz
/ruby-2.0.0-p195.tar.bz2 /ruby-2.0.0-p195.tar.bz2
/ruby-2.0.0-p247.tar.bz2 /ruby-2.0.0-p247.tar.bz2
/ruby-2.0.0-p353.tar.bz2

View File

@ -1,85 +0,0 @@
From 5617aafa2d44d0a4bc811830e225463abd01b2b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Tue, 21 May 2013 10:01:33 +0200
Subject: [PATCH] Fix build against OpenSSL with enabled ECC curves.
---
ext/openssl/ossl_pkey_ec.c | 4 ++++
test/openssl/test_pkey_ec.rb | 26 +++++++++++++-------------
2 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
index 8e6d88f..29e28ca 100644
--- a/ext/openssl/ossl_pkey_ec.c
+++ b/ext/openssl/ossl_pkey_ec.c
@@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
method = EC_GFp_mont_method();
} else if (id == s_GFp_nist) {
method = EC_GFp_nist_method();
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m_simple) {
method = EC_GF2m_simple_method();
+#endif
}
if (method) {
@@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
if (id == s_GFp) {
new_curve = EC_GROUP_new_curve_GFp;
+#if !defined(OPENSSL_NO_EC2M)
} else if (id == s_GF2m) {
new_curve = EC_GROUP_new_curve_GF2m;
+#endif
} else {
ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m");
}
diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
index f151335..56f3ff7 100644
--- a/test/openssl/test_pkey_ec.rb
+++ b/test/openssl/test_pkey_ec.rb
@@ -7,28 +7,28 @@ class OpenSSL::TestEC < Test::Unit::TestCase
@data1 = 'foo'
@data2 = 'bar' * 1000 # data too long for DSA sig
- @group1 = OpenSSL::PKey::EC::Group.new('secp112r1')
- @group2 = OpenSSL::PKey::EC::Group.new('sect163k1')
- @group3 = OpenSSL::PKey::EC::Group.new('prime256v1')
+ @groups = []
+ @keys = []
- @key1 = OpenSSL::PKey::EC.new
- @key1.group = @group1
- @key1.generate_key
+ OpenSSL::PKey::EC.builtin_curves.each do |curve, comment|
+ group = OpenSSL::PKey::EC::Group.new(curve)
- @key2 = OpenSSL::PKey::EC.new(@group2.curve_name)
- @key2.generate_key
+ key = OpenSSL::PKey::EC.new(group)
+ key.generate_key
- @key3 = OpenSSL::PKey::EC.new(@group3)
- @key3.generate_key
-
- @groups = [@group1, @group2, @group3]
- @keys = [@key1, @key2, @key3]
+ @groups << group
+ @keys << key
+ end
end
def compare_keys(k1, k2)
assert_equal(k1.to_pem, k2.to_pem)
end
+ def test_builtin_curves
+ assert(!OpenSSL::PKey::EC.builtin_curves.empty?)
+ end
+
def test_curve_names
@groups.each_with_index do |group, idx|
key = @keys[idx]
--
1.8.2.1

View File

@ -1,7 +1,7 @@
%global major_version 2 %global major_version 2
%global minor_version 0 %global minor_version 0
%global teeny_version 0 %global teeny_version 0
%global patch_level 247 %global patch_level 353
%global major_minor_version %{major_version}.%{minor_version} %global major_minor_version %{major_version}.%{minor_version}
@ -26,7 +26,7 @@
%endif %endif
%global release 15 %global release 16
%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
%global rubygems_version 2.0.3 %global rubygems_version 2.0.3
@ -139,11 +139,6 @@ Patch13: rubygems-2.0.0-Do-not-modify-global-Specification.dirs-during-insta.pat
# This prevents issues, when ruby configuration specifies --with-ruby-version=''. # This prevents issues, when ruby configuration specifies --with-ruby-version=''.
# https://github.com/rubygems/rubygems/pull/455 # https://github.com/rubygems/rubygems/pull/455
Patch14: rubygems-2.0.0-Fixes-for-empty-ruby-version.patch Patch14: rubygems-2.0.0-Fixes-for-empty-ruby-version.patch
# Although this does not directly affects Fedora ATM, it might be issue when
# rebuilding package on different platform (RHEL7). Please keep the patch until
# it is resolved in upstream.
# https://bugs.ruby-lang.org/issues/8384
Patch15: ruby-2.0.0-p195-Fix-build-against-OpenSSL-with-enabled-ECC-curves.patch
# Adds aarch64 support. # Adds aarch64 support.
# http://bugs.ruby-lang.org/issues/8331 # http://bugs.ruby-lang.org/issues/8331
# https://bugzilla.redhat.com/show_bug.cgi?id=926463 # https://bugzilla.redhat.com/show_bug.cgi?id=926463
@ -424,7 +419,6 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
%patch12 -p1 %patch12 -p1
%patch13 -p1 %patch13 -p1
%patch14 -p1 %patch14 -p1
%patch15 -p1
%patch16 -p1 %patch16 -p1
%patch17 -p1 %patch17 -p1
%patch18 -p1 %patch18 -p1
@ -600,7 +594,9 @@ DISABLE_TESTS="-x test_dl2.rb $DISABLE_TESTS"
# the test suite). # the test suite).
touch abrt.rb touch abrt.rb
make check TESTS="-v $DISABLE_TESTS" # Allow MD5 in OpenSSL.
# https://bugs.ruby-lang.org/issues/9154
OPENSSL_ENABLE_MD5_VERIFY=1 make check TESTS="-v $DISABLE_TESTS"
%post libs -p /sbin/ldconfig %post libs -p /sbin/ldconfig
@ -893,6 +889,11 @@ make check TESTS="-v $DISABLE_TESTS"
%{ruby_libdir}/tkextlib %{ruby_libdir}/tkextlib
%changelog %changelog
* Mon Nov 25 2013 Vít Ondruch <vondruch@redhat.com> - 2.0.0.353-16
- Update to Ruby 2.0.0-p353.
- Allow MD5 in OpenSSL for tests.
- Fix heap overflow in floating point parsing (CVE-2013-4164).
* Tue Jul 30 2013 Vít Ondruch <vondruch@redhat.com> - 2.0.0.247-15 * Tue Jul 30 2013 Vít Ondruch <vondruch@redhat.com> - 2.0.0.247-15
- Move Psych symlinks to vendor dir, to prevent F18 -> F19 upgrade issues - Move Psych symlinks to vendor dir, to prevent F18 -> F19 upgrade issues
(rhbz#988490). (rhbz#988490).

View File

@ -44,7 +44,7 @@ diff --git a/lib/rubygems/dependency_installer.rb b/lib/rubygems/dependency_inst
index dffa8df..841f26a 100644 index dffa8df..841f26a 100644
--- a/lib/rubygems/dependency_installer.rb --- a/lib/rubygems/dependency_installer.rb
+++ b/lib/rubygems/dependency_installer.rb +++ b/lib/rubygems/dependency_installer.rb
@@ -57,17 +57,14 @@ class Gem::DependencyInstaller @@ -57,16 +57,14 @@ class Gem::DependencyInstaller
# :build_args:: See Gem::Installer::new # :build_args:: See Gem::Installer::new
def initialize(options = {}) def initialize(options = {})
@ -54,7 +54,6 @@ index dffa8df..841f26a 100644
- # HACK shouldn't change the global settings, needed for -i behavior - # HACK shouldn't change the global settings, needed for -i behavior
- # maybe move to the install command? See also github #442 - # maybe move to the install command? See also github #442
- Gem::Specification.dirs = @install_dir - Gem::Specification.dirs = @install_dir
- Gem.ensure_gem_subdirectories @install_dir
+ Gem.ensure_gem_subdirectories options[:install_dir] + Gem.ensure_gem_subdirectories options[:install_dir]
end end

View File

@ -1,7 +1,7 @@
From c9b2eff36728266052ccfff54d3ac0a0624fd0f1 Mon Sep 17 00:00:00 2001 From c9b2eff36728266052ccfff54d3ac0a0624fd0f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com> From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Thu, 14 Feb 2013 11:50:41 +0100 Date: Thu, 14 Feb 2013 11:50:41 +0100
Subject: [PATCH 1/2] Use File.join insteado of manual path creation. Subject: [PATCH] Use File.join insteado of manual path creation.
This prevents issues, when File.join in #new_default_spec removes This prevents issues, when File.join in #new_default_spec removes
superfluous slashes while they are kept in expected paths. E.g. the test superfluous slashes while they are kept in expected paths. E.g. the test
@ -32,50 +32,3 @@ index 60df53f..35c9631 100644
-- --
1.8.1.2 1.8.1.2
From b022cef7b2e6c2d138388a6c2db02cca8c408cc6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Thu, 14 Feb 2013 13:35:20 +0100
Subject: [PATCH 2/2] Do not add last slash to Gem.user_dir if ruby_version
string is empty.
---
lib/rubygems/defaults.rb | 4 +++-
test/rubygems/test_gem.rb | 6 ++++--
2 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/lib/rubygems/defaults.rb b/lib/rubygems/defaults.rb
index ea84e5c..05c35bb 100644
--- a/lib/rubygems/defaults.rb
+++ b/lib/rubygems/defaults.rb
@@ -54,7 +54,9 @@ module Gem
# Path for gems in the user's home directory
def self.user_dir
- File.join Gem.user_home, '.gem', ruby_engine, ConfigMap[:ruby_version]
+ parts = [Gem.user_home, '.gem', ruby_engine]
+ parts << ConfigMap[:ruby_version] unless ConfigMap[:ruby_version].empty?
+ File.join parts
end
##
diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb
index bf77009..9ee78f7 100644
--- a/test/rubygems/test_gem.rb
+++ b/test/rubygems/test_gem.rb
@@ -1198,8 +1198,10 @@ class TestGem < Gem::TestCase
end
def test_self_user_dir
- assert_equal File.join(@userhome, '.gem', Gem.ruby_engine,
- Gem::ConfigMap[:ruby_version]), Gem.user_dir
+ parts = [@userhome, '.gem', Gem.ruby_engine]
+ parts << Gem::ConfigMap[:ruby_version] unless Gem::ConfigMap[:ruby_version].empty?
+
+ assert_equal File.join(parts), Gem.user_dir
end
def test_self_user_home
--
1.8.1.2

View File

@ -1 +1 @@
60913f3eec0c4071f44df42600be2604 ruby-2.0.0-p247.tar.bz2 20eb8f067d20f6b76b7e16cce2a85a55 ruby-2.0.0-p353.tar.bz2