Merge branch 'maint'

* maint:
  Ruby/OpenSSL 2.1.2
  Ruby/OpenSSL 2.0.9
  needs openssl/opensslv.h
  x509name: fix OpenSSL::X509::Name#{cmp,<=>}

6 files changed, 49 insertions, 8 deletions

diff --git a/History.md b/History.md
index e2399f4c..db505001 100644
--- a/History.md
+++ b/History.md
@@ -1,3 +1,15 @@
+Version 2.1.2
+=============
+
+Merged changes in 2.0.9.
+
+
+Version 2.1.1
+=============
+
+Merged changes in 2.0.8.
+
+
 Version 2.1.0
 =============
 
@@ -55,6 +67,29 @@ Notable changes
   [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
 
 
+Version 2.0.9
+=============
+
+Security fixes
+--------------
+
+* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
+  objects. CVE-2018-16395 is assigned for this issue.
+  https://hackerone.com/reports/387250
+
+Bug fixes
+---------
+
+* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
+  interrupted.
+  [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
+  [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
+* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
+  called against an empty instance.
+  [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
+  [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
+
+
 Version 2.0.8
 =============
 
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index cefa295a..4f218562 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -114,7 +114,7 @@ engines.each { |name|
   OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 
-if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER")
+if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
   $defs.push("-DNOCRYPT")
 end
 
diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h
index a4dbf327..c162f8c2 100644
--- a/ext/openssl/ossl_version.h
+++ b/ext/openssl/ossl_version.h
@@ -10,6 +10,6 @@
 #if !defined(_OSSL_VERSION_H_)
 #define _OSSL_VERSION_H_
 
-#define OSSL_VERSION "2.1.1"
+#define OSSL_VERSION "2.1.2"
 
 #endif /* _OSSL_VERSION_H_ */
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index 5869d633..0053f2e3 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 
     result = ossl_x509name_cmp0(self, other);
     if (result < 0) return INT2FIX(-1);
-    if (result > 1) return INT2FIX(1);
+    if (result > 0) return INT2FIX(1);
 
     return INT2FIX(0);
 }
diff --git a/openssl.gemspec b/openssl.gemspec
index 68a87a28..7c17cd54 100644
--- a/openssl.gemspec
+++ b/openssl.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "openssl"
-  spec.version       = "2.1.1"
+  spec.version       = "2.1.2"
   spec.authors       = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"]
   spec.email         = ["ruby-core@ruby-lang.org"]
   spec.summary       = %q{OpenSSL provides SSL, TLS and general purpose cryptography.}
diff --git a/test/test_x509name.rb b/test/test_x509name.rb
index aca2d36f..e31b5e29 100644
--- a/test/test_x509name.rb
+++ b/test/test_x509name.rb
@@ -405,10 +405,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
   end
 
   def test_spaceship
-    n1 = OpenSSL::X509::Name.parse_rfc2253 'CN=a'
-    n2 = OpenSSL::X509::Name.parse_rfc2253 'CN=b'
-
-    assert_equal(-1, n1 <=> n2)
+    n1 = OpenSSL::X509::Name.new([["CN", "a"]])
+    n2 = OpenSSL::X509::Name.new([["CN", "a"]])
+    n3 = OpenSSL::X509::Name.new([["CN", "ab"]])
+
+    assert_equal 0, n1 <=> n2
+    assert_equal -1, n1 <=> n3
+    assert_equal 0, n2 <=> n1
+    assert_equal -1, n2 <=> n3
+    assert_equal 1, n3 <=> n1
+    assert_equal 1, n3 <=> n2
   end
 
   def name_hash(name)