aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKazuki Yamaguchi <k@rhe.jp>2018-10-18 01:20:44 +0900
committerKazuki Yamaguchi <k@rhe.jp>2018-10-18 01:20:44 +0900
commit959b1d77da6bac0269e63364087897c5659f8027 (patch)
treeddc7c71e943b032c2b4dfbae6c493df78730aff5
parent62436385306c7f3d97351b9108d1e571a847287b (diff)
parent08e12dd9302c1fd517c642bdd7d274e64b354c53 (diff)
downloadruby-openssl-959b1d77da6bac0269e63364087897c5659f8027.tar.gz
Merge branch 'maint'
* maint: Ruby/OpenSSL 2.1.2 Ruby/OpenSSL 2.0.9 needs openssl/opensslv.h x509name: fix OpenSSL::X509::Name#{cmp,<=>}
-rw-r--r--History.md35
-rw-r--r--ext/openssl/extconf.rb2
-rw-r--r--ext/openssl/ossl_version.h2
-rw-r--r--ext/openssl/ossl_x509name.c2
-rw-r--r--openssl.gemspec2
-rw-r--r--test/test_x509name.rb14
6 files changed, 49 insertions, 8 deletions
diff --git a/History.md b/History.md
index e2399f4c..db505001 100644
--- a/History.md
+++ b/History.md
@@ -1,3 +1,15 @@
+Version 2.1.2
+=============
+
+Merged changes in 2.0.9.
+
+
+Version 2.1.1
+=============
+
+Merged changes in 2.0.8.
+
+
Version 2.1.0
=============
@@ -55,6 +67,29 @@ Notable changes
[[GitHub #177]](https://github.com/ruby/openssl/pull/177)
+Version 2.0.9
+=============
+
+Security fixes
+--------------
+
+* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
+ objects. CVE-2018-16395 is assigned for this issue.
+ https://hackerone.com/reports/387250
+
+Bug fixes
+---------
+
+* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
+ interrupted.
+ [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
+ [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
+* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
+ called against an empty instance.
+ [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
+ [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
+
+
Version 2.0.8
=============
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
index cefa295a..4f218562 100644
--- a/ext/openssl/extconf.rb
+++ b/ext/openssl/extconf.rb
@@ -114,7 +114,7 @@ engines.each { |name|
OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
}
-if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER")
+if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
$defs.push("-DNOCRYPT")
end
diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h
index a4dbf327..c162f8c2 100644
--- a/ext/openssl/ossl_version.h
+++ b/ext/openssl/ossl_version.h
@@ -10,6 +10,6 @@
#if !defined(_OSSL_VERSION_H_)
#define _OSSL_VERSION_H_
-#define OSSL_VERSION "2.1.1"
+#define OSSL_VERSION "2.1.2"
#endif /* _OSSL_VERSION_H_ */
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
index 5869d633..0053f2e3 100644
--- a/ext/openssl/ossl_x509name.c
+++ b/ext/openssl/ossl_x509name.c
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
result = ossl_x509name_cmp0(self, other);
if (result < 0) return INT2FIX(-1);
- if (result > 1) return INT2FIX(1);
+ if (result > 0) return INT2FIX(1);
return INT2FIX(0);
}
diff --git a/openssl.gemspec b/openssl.gemspec
index 68a87a28..7c17cd54 100644
--- a/openssl.gemspec
+++ b/openssl.gemspec
@@ -1,6 +1,6 @@
Gem::Specification.new do |spec|
spec.name = "openssl"
- spec.version = "2.1.1"
+ spec.version = "2.1.2"
spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"]
spec.email = ["ruby-core@ruby-lang.org"]
spec.summary = %q{OpenSSL provides SSL, TLS and general purpose cryptography.}
diff --git a/test/test_x509name.rb b/test/test_x509name.rb
index aca2d36f..e31b5e29 100644
--- a/test/test_x509name.rb
+++ b/test/test_x509name.rb
@@ -405,10 +405,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase
end
def test_spaceship
- n1 = OpenSSL::X509::Name.parse_rfc2253 'CN=a'
- n2 = OpenSSL::X509::Name.parse_rfc2253 'CN=b'
-
- assert_equal(-1, n1 <=> n2)
+ n1 = OpenSSL::X509::Name.new([["CN", "a"]])
+ n2 = OpenSSL::X509::Name.new([["CN", "a"]])
+ n3 = OpenSSL::X509::Name.new([["CN", "ab"]])
+
+ assert_equal 0, n1 <=> n2
+ assert_equal -1, n1 <=> n3
+ assert_equal 0, n2 <=> n1
+ assert_equal -1, n2 <=> n3
+ assert_equal 1, n3 <=> n1
+ assert_equal 1, n3 <=> n2
end
def name_hash(name)