diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2018-10-17 17:33:17 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2018-10-17 17:33:17 +0900 |
commit | 1c8eb3065fe0b4555fc99d6f6c56e91f71637483 (patch) | |
tree | 53be8605cb1fe39df9da7ef49ffa387c44e92965 | |
parent | ce4022d4502fa6896db762403213d3267593446d (diff) | |
parent | 1b7e5e49265a88faa30791f8d677ae0a3b4c54f6 (diff) | |
download | ruby-openssl-1c8eb3065fe0b4555fc99d6f6c56e91f71637483.tar.gz |
Merge branch 'maint-2.0' into maint
* maint-2.0:
Ruby/OpenSSL 2.0.9
needs openssl/opensslv.h
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
-rw-r--r-- | History.md | 23 | ||||
-rw-r--r-- | ext/openssl/extconf.rb | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 2 | ||||
-rw-r--r-- | test/test_x509name.rb | 14 |
4 files changed, 35 insertions, 6 deletions
@@ -55,6 +55,29 @@ Notable changes [[GitHub #177]](https://github.com/ruby/openssl/pull/177) +Version 2.0.9 +============= + +Security fixes +-------------- + +* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal + objects. CVE-2018-16395 is assigned for this issue. + https://hackerone.com/reports/387250 + +Bug fixes +--------- + +* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is + interrupted. + [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882) + [[GitHub #205]](https://github.com/ruby/openssl/pull/205) +* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if + called against an empty instance. + [[GitHub #200]](https://github.com/ruby/openssl/issues/200) + [[GitHub #211]](https://github.com/ruby/openssl/pull/211) + + Version 2.0.8 ============= diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index cefa295a..4f218562 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -114,7 +114,7 @@ engines.each { |name| OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } -if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER") +if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") $defs.push("-DNOCRYPT") end diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index 5869d633..0053f2e3 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other) result = ossl_x509name_cmp0(self, other); if (result < 0) return INT2FIX(-1); - if (result > 1) return INT2FIX(1); + if (result > 0) return INT2FIX(1); return INT2FIX(0); } diff --git a/test/test_x509name.rb b/test/test_x509name.rb index aca2d36f..e31b5e29 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -405,10 +405,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase end def test_spaceship - n1 = OpenSSL::X509::Name.parse_rfc2253 'CN=a' - n2 = OpenSSL::X509::Name.parse_rfc2253 'CN=b' - - assert_equal(-1, n1 <=> n2) + n1 = OpenSSL::X509::Name.new([["CN", "a"]]) + n2 = OpenSSL::X509::Name.new([["CN", "a"]]) + n3 = OpenSSL::X509::Name.new([["CN", "ab"]]) + + assert_equal 0, n1 <=> n2 + assert_equal -1, n1 <=> n3 + assert_equal 0, n2 <=> n1 + assert_equal -1, n2 <=> n3 + assert_equal 1, n3 <=> n1 + assert_equal 1, n3 <=> n2 end def name_hash(name) |