diff options
author | Kazuki Yamaguchi <k@rhe.jp> | 2018-10-18 01:20:44 +0900 |
---|---|---|
committer | Kazuki Yamaguchi <k@rhe.jp> | 2018-10-18 01:20:44 +0900 |
commit | 959b1d77da6bac0269e63364087897c5659f8027 (patch) | |
tree | ddc7c71e943b032c2b4dfbae6c493df78730aff5 | |
parent | 62436385306c7f3d97351b9108d1e571a847287b (diff) | |
parent | 08e12dd9302c1fd517c642bdd7d274e64b354c53 (diff) | |
download | ruby-openssl-959b1d77da6bac0269e63364087897c5659f8027.tar.gz |
Merge branch 'maint'
* maint:
Ruby/OpenSSL 2.1.2
Ruby/OpenSSL 2.0.9
needs openssl/opensslv.h
x509name: fix OpenSSL::X509::Name#{cmp,<=>}
-rw-r--r-- | History.md | 35 | ||||
-rw-r--r-- | ext/openssl/extconf.rb | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_version.h | 2 | ||||
-rw-r--r-- | ext/openssl/ossl_x509name.c | 2 | ||||
-rw-r--r-- | openssl.gemspec | 2 | ||||
-rw-r--r-- | test/test_x509name.rb | 14 |
6 files changed, 49 insertions, 8 deletions
@@ -1,3 +1,15 @@ +Version 2.1.2 +============= + +Merged changes in 2.0.9. + + +Version 2.1.1 +============= + +Merged changes in 2.0.8. + + Version 2.1.0 ============= @@ -55,6 +67,29 @@ Notable changes [[GitHub #177]](https://github.com/ruby/openssl/pull/177) +Version 2.0.9 +============= + +Security fixes +-------------- + +* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal + objects. CVE-2018-16395 is assigned for this issue. + https://hackerone.com/reports/387250 + +Bug fixes +--------- + +* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is + interrupted. + [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882) + [[GitHub #205]](https://github.com/ruby/openssl/pull/205) +* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if + called against an empty instance. + [[GitHub #200]](https://github.com/ruby/openssl/issues/200) + [[GitHub #211]](https://github.com/ruby/openssl/pull/211) + + Version 2.0.8 ============= diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb index cefa295a..4f218562 100644 --- a/ext/openssl/extconf.rb +++ b/ext/openssl/extconf.rb @@ -114,7 +114,7 @@ engines.each { |name| OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h") } -if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER") +if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h") $defs.push("-DNOCRYPT") end diff --git a/ext/openssl/ossl_version.h b/ext/openssl/ossl_version.h index a4dbf327..c162f8c2 100644 --- a/ext/openssl/ossl_version.h +++ b/ext/openssl/ossl_version.h @@ -10,6 +10,6 @@ #if !defined(_OSSL_VERSION_H_) #define _OSSL_VERSION_H_ -#define OSSL_VERSION "2.1.1" +#define OSSL_VERSION "2.1.2" #endif /* _OSSL_VERSION_H_ */ diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c index 5869d633..0053f2e3 100644 --- a/ext/openssl/ossl_x509name.c +++ b/ext/openssl/ossl_x509name.c @@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other) result = ossl_x509name_cmp0(self, other); if (result < 0) return INT2FIX(-1); - if (result > 1) return INT2FIX(1); + if (result > 0) return INT2FIX(1); return INT2FIX(0); } diff --git a/openssl.gemspec b/openssl.gemspec index 68a87a28..7c17cd54 100644 --- a/openssl.gemspec +++ b/openssl.gemspec @@ -1,6 +1,6 @@ Gem::Specification.new do |spec| spec.name = "openssl" - spec.version = "2.1.1" + spec.version = "2.1.2" spec.authors = ["Martin Bosslet", "SHIBATA Hiroshi", "Zachary Scott", "Kazuki Yamaguchi"] spec.email = ["ruby-core@ruby-lang.org"] spec.summary = %q{OpenSSL provides SSL, TLS and general purpose cryptography.} diff --git a/test/test_x509name.rb b/test/test_x509name.rb index aca2d36f..e31b5e29 100644 --- a/test/test_x509name.rb +++ b/test/test_x509name.rb @@ -405,10 +405,16 @@ class OpenSSL::TestX509Name < OpenSSL::TestCase end def test_spaceship - n1 = OpenSSL::X509::Name.parse_rfc2253 'CN=a' - n2 = OpenSSL::X509::Name.parse_rfc2253 'CN=b' - - assert_equal(-1, n1 <=> n2) + n1 = OpenSSL::X509::Name.new([["CN", "a"]]) + n2 = OpenSSL::X509::Name.new([["CN", "a"]]) + n3 = OpenSSL::X509::Name.new([["CN", "ab"]]) + + assert_equal 0, n1 <=> n2 + assert_equal -1, n1 <=> n3 + assert_equal 0, n2 <=> n1 + assert_equal -1, n2 <=> n3 + assert_equal 1, n3 <=> n1 + assert_equal 1, n3 <=> n2 end def name_hash(name) |