rpms/ruby
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import ruby-2.5.5-105.module+el8.1.0+3656+f80bfa1d

Browse Source
This commit is contained in:
CentOS Sources 2019-11-05 14:40:50 -05:00 committed by Andrew Lukoshko
parent d9ae0772ec
commit 16b59d08fa
20 changed files with 439 additions and 924 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/ruby-2.5.3.tar.xz
SOURCES/ruby-2.5.5.tar.xz

2
.ruby.metadata
View File

@ -1 +1 @@
5acbdea1ced1e36684268e1cb6f8a4e7669bce77 SOURCES/ruby-2.5.3.tar.xz
85cee62e47f0707808ff3d7cb68b6cd075a65509 SOURCES/ruby-2.5.5.tar.xz

8
SOURCES/macros.rubygems
View File

@ -60,7 +60,7 @@ gem install \\\
#
%gemspec_add_dep(g:s:d) \
read -d '' gemspec_add_dep_script << 'EOR' || : \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \
\
name = '%{-g*}' \
requirements = %{*}%{!?1:nil} \
@ -97,7 +97,7 @@ unset -v gemspec_add_dep_script \
#
%gemspec_remove_dep(g:s:d) \
read -d '' gemspec_remove_dep_script << 'EOR' || : \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \
\
name = '%{-g*}' \
requirements = %{*}%{!?1:nil} \
@ -144,7 +144,7 @@ unset -v gemspec_remove_dep_script \
#
%gemspec_add_file(s:tr) \
read -d '' gemspec_add_file_script << 'EOR' || : \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \
\
abort("gemspec_add_file: Use only one '-t' or '-r' at a time.") if "%{?-t}%{?-r}" == "-t-r" \
\
@ -177,7 +177,7 @@ unset -v gemspec_add_file_script \
#
%gemspec_remove_file(s:tr) \
read -d '' gemspec_remove_file_script << 'EOR' || : \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}.gemspec}' \
gemspec_file = '%{-s*}%{!?-s:%{_builddir}/%{gem_name}-%{version}%{?prerelease}.gemspec}' \
\
abort("gemspec_remove_file: Use only one '-t' or '-r' at a time.") if "%{?-t}%{?-r}" == "-t-r" \
\

1
SOURCES/operating_system.rb
View File

@ -119,6 +119,7 @@ module Gem
def default_path
path = default_dirs.collect {|location, paths| paths[:gem_dir]}
path.unshift Gem.user_dir if File.exist? Gem.user_home
path
end
def default_ext_dir_for base_dir

2
SOURCES/ruby-2.1.0-Allow-to-specify-additional-preludes-by-configuratio.patch
View File

@ -39,7 +39,7 @@ diff --git a/configure.ac b/configure.ac
index 028ef7ca3e..cdeff87871 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4396,6 +4396,13 @@ AC_SUBST(rubyarchhdrdir)dnl
@@ -4397,6 +4397,13 @@ AC_SUBST(rubyarchhdrdir)dnl
AC_SUBST(sitearchhdrdir)dnl
AC_SUBST(vendorarchhdrdir)dnl

2
SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch
View File

@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
index 11fc237552..b77e88fc37 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3641,6 +3641,11 @@ AS_IF([test ${multiarch+set}], [
@@ -3642,6 +3642,11 @@ AS_IF([test ${multiarch+set}], [
])
archlibdir='${libdir}/${arch}'

2
SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch
View File

@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac
index 999e2d6d5d..11fc237552 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4251,7 +4251,8 @@ AS_CASE(["$ruby_version_dir_name"],
@@ -4252,7 +4252,8 @@ AS_CASE(["$ruby_version_dir_name"],
ruby_version_dir=/'${ruby_version_dir_name}'
if test -z "${ruby_version_dir_name}"; then

2
SOURCES/ruby-2.1.0-always-use-i386.patch
View File

@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac
index b77e88fc37..6bba453e3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4315,6 +4315,8 @@ AC_SUBST(vendorarchdir)dnl
@@ -4316,6 +4316,8 @@ AC_SUBST(vendorarchdir)dnl
AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl
AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl

4
SOURCES/ruby-2.1.0-custom-rubygems-location.patch
View File

@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac
index 6bba453e3c..028ef7ca3e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4287,6 +4287,10 @@ AC_ARG_WITH(vendorarchdir,
@@ -4288,6 +4288,10 @@ AC_ARG_WITH(vendorarchdir,
[vendorarchdir=$withval],
[vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}])
@ -26,7 +26,7 @@ index 6bba453e3c..028ef7ca3e 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
RUBY_EXEC_PREFIX=''
@@ -4311,6 +4315,7 @@ AC_SUBST(sitearchdir)dnl
@@ -4312,6 +4316,7 @@ AC_SUBST(sitearchdir)dnl
AC_SUBST(vendordir)dnl
AC_SUBST(vendorlibdir)dnl
AC_SUBST(vendorarchdir)dnl

10
SOURCES/ruby-2.3.0-ruby_version.patch
View File

@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac
index 8ea969412f..a00f2b6776 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4202,9 +4202,6 @@ AS_CASE(["$target_os"],
@@ -4203,9 +4203,6 @@ AS_CASE(["$target_os"],
rubyw_install_name='$(RUBYW_INSTALL_NAME)'
])
@ -30,7 +30,7 @@ index 8ea969412f..a00f2b6776 100644
rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'}
AC_ARG_WITH(rubyarchprefix,
AS_HELP_STRING([--with-rubyarchprefix=DIR],
@@ -4227,56 +4224,62 @@ AC_ARG_WITH(ridir,
@@ -4228,56 +4225,62 @@ AC_ARG_WITH(ridir,
AC_SUBST(ridir)
AC_SUBST(RI_BASE_NAME)
@ -120,7 +120,7 @@ index 8ea969412f..a00f2b6776 100644
AS_IF([test "${LOAD_RELATIVE+set}"], [
AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE)
@@ -4293,6 +4296,7 @@ AC_SUBST(sitearchincludedir)dnl
@@ -4294,6 +4297,7 @@ AC_SUBST(sitearchincludedir)dnl
AC_SUBST(arch)dnl
AC_SUBST(sitearch)dnl
AC_SUBST(ruby_version)dnl
@ -245,7 +245,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb
index 0428bea..b6e090e 100644
--- a/test/rubygems/test_gem.rb
+++ b/test/rubygems/test_gem.rb
@@ -1156,7 +1156,8 @@ def test_self_use_paths
@@ -1191,7 +1191,8 @@ def test_self_use_paths
def test_self_user_dir
parts = [@userhome, '.gem', Gem.ruby_engine]
@ -255,7 +255,7 @@ index 0428bea..b6e090e 100644
assert_equal File.join(parts), Gem.user_dir
end
@@ -1283,7 +1284,7 @@ def test_self_user_home_user_drive_and_path
@@ -1318,7 +1319,7 @@ def test_self_user_home_user_drive_and_path
def test_self_vendor_dir
expected =
File.join RbConfig::CONFIG['vendordir'], 'gems',

2
SOURCES/ruby-2.5.0-Add-Gem.operating_system_defaults.patch
View File

@ -64,7 +64,7 @@ diff --git a/test/rubygems/test_gem.rb b/test/rubygems/test_gem.rb
index 3225a05c6b..62b80c4945 100644
--- a/test/rubygems/test_gem.rb
+++ b/test/rubygems/test_gem.rb
@@ -1802,6 +1802,13 @@ def test_use_gemdeps_specific
@@ -1837,6 +1837,13 @@ def test_use_gemdeps_specific
ENV['RUBYGEMS_GEMDEPS'] = rubygems_gemdeps
end

168
SOURCES/ruby-2.5.4-fix-malicious-gem-to-lead-to-arbitrary-code-execution.patch
View File

@ -1,168 +0,0 @@
diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb
index ee5fedeb64..a3f9571cf3 100644
--- a/lib/rubygems/installer.rb
+++ b/lib/rubygems/installer.rb
@@ -707,9 +707,26 @@ def verify_gem_home(unpack = false) # :nodoc:
unpack or File.writable?(gem_home)
end
- def verify_spec_name
- return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
- raise Gem::InstallError, "#{spec} has an invalid name"
+ def verify_spec
+ unless spec.name =~ Gem::Specification::VALID_NAME_PATTERN
+ raise Gem::InstallError, "#{spec} has an invalid name"
+ end
+
+ if spec.raw_require_paths.any?{|path| path =~ /\R/ }
+ raise Gem::InstallError, "#{spec} has an invalid require_paths"
+ end
+
+ if spec.extensions.any?{|ext| ext =~ /\R/ }
+ raise Gem::InstallError, "#{spec} has an invalid extensions"
+ end
+
+ if spec.specification_version.to_s =~ /\R/
+ raise Gem::InstallError, "#{spec} has an invalid specification_version"
+ end
+
+ if spec.dependencies.any? {|dep| dep.type =~ /\R/ || dep.name =~ /\R/ }
+ raise Gem::InstallError, "#{spec} has an invalid dependencies"
+ end
end
##
@@ -836,9 +853,11 @@ def dir
def pre_install_checks
verify_gem_home options[:unpack]
- ensure_loadable_spec
+ # The name and require_paths must be verified first, since it could contain
+ # ruby code that would be eval'ed in #ensure_loadable_spec
+ verify_spec
- verify_spec_name
+ ensure_loadable_spec
if options[:install_as_default]
Gem.ensure_default_gem_subdirectories gem_home
diff --git a/test/rubygems/test_gem_installer.rb b/test/rubygems/test_gem_installer.rb
index 93b0482407..7f414d495d 100644
--- a/test/rubygems/test_gem_installer.rb
+++ b/test/rubygems/test_gem_installer.rb
@@ -1474,6 +1474,112 @@ def spec.validate; end
end
end
+ def test_pre_install_checks_malicious_name_before_eval
+ spec = util_spec "malicious\n::Object.const_set(:FROM_EVAL, true)#", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+
+ util_build_gem spec
+
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious\n::Object.const_set(:FROM_EVAL, true)# version=1> has an invalid name", e.message
+ end
+ refute defined?(::Object::FROM_EVAL)
+ end
+
+ def test_pre_install_checks_malicious_require_paths_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.require_paths = ["malicious\n``"]
+
+ util_build_gem spec
+
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid require_paths", e.message
+ end
+ end
+
+ def test_pre_install_checks_malicious_extensions_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.extensions = ["malicious\n``"]
+
+ util_build_gem spec
+
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid extensions", e.message
+ end
+ end
+
+ def test_pre_install_checks_malicious_specification_version_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.specification_version = "malicious\n``"
+
+ util_build_gem spec
+
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid specification_version", e.message
+ end
+ end
+
+ def test_pre_install_checks_malicious_dependencies_before_eval
+ spec = util_spec "malicious", '1'
+ def spec.full_name # so the spec is buildable
+ "malicious-1"
+ end
+ def spec.validate(*args); end
+ spec.add_dependency "b\nfoo", '> 5'
+
+ util_build_gem spec
+
+ gem = File.join(@gemhome, 'cache', spec.file_name)
+
+ use_ui @ui do
+ @installer = Gem::Installer.at gem
+ @installer.ignore_dependencies = true
+ e = assert_raises Gem::InstallError do
+ @installer.pre_install_checks
+ end
+ assert_equal "#<Gem::Specification name=malicious version=1> has an invalid dependencies", e.message
+ end
+ end
+
def test_shebang
util_make_exec @spec, "#!/usr/bin/ruby"
--
2.21.0

78
SOURCES/ruby-2.6.0-Fix-issues-detected-by-code-analysis-tool.patch Normal file
View File

@ -0,0 +1,78 @@
From 893949167bdb911c7db9fd59de85f288c09741e1 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Sat, 15 Sep 2018 09:59:14 +0000
Subject: [PATCH] Fix issues detected by code analysis tool (mainly Coverity).
* Fix leaked storage in addr2line.c.
* Fix for "top_root" leaking the resource.
[Fix GH-1956]
From: Jun Aruga <jaruga@redhat.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64750 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
addr2line.c | 8 ++++++--
regcomp.c | 3 +++
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/addr2line.c b/addr2line.c
index 2c422cc1697a..b266e44d5d4b 100644
--- a/addr2line.c
+++ b/addr2line.c
@@ -593,11 +593,12 @@ fill_lines(int num_traces, void **traces, int check_debuglink,
h = dlopen(NULL, RTLD_NOW|RTLD_LOCAL);
if (!h) continue;
s = dlsym(h, strtab + sym->st_name);
- if (!s) continue;
- if (dladdr(s, &info)) {
+ if (s && dladdr(s, &info)) {
dladdr_fbase = (uintptr_t)info.dli_fbase;
+ dlclose(h);
break;
}
+ dlclose(h);
}
if (ehdr->e_type == ET_EXEC) {
obj->base_addr = 0;
@@ -655,6 +656,9 @@ fill_lines(int num_traces, void **traces, int check_debuglink,
finish:
return dladdr_fbase;
fail:
+ if (file != NULL) {
+ munmap(file, (size_t)filesize);
+ }
return (uintptr_t)-1;
}
diff --git a/regcomp.c b/regcomp.c
index 0f6bee60d576..df7f73bac501 100644
--- a/regcomp.c
+++ b/regcomp.c
@@ -3596,6 +3596,7 @@ expand_case_fold_string(Node* node, regex_t* reg)
if (n == 0 || varlen == 0) {
if (IS_NULL(snode)) {
if (IS_NULL(root) && IS_NOT_NULL(prev_node)) {
+ onig_node_free(top_root);
top_root = root = onig_node_list_add(NULL_NODE, prev_node);
if (IS_NULL(root)) {
onig_node_free(prev_node);
@@ -3627,6 +3628,7 @@ expand_case_fold_string(Node* node, regex_t* reg)
}
}
if (IS_NULL(root) && IS_NOT_NULL(prev_node)) {
+ onig_node_free(top_root);
top_root = root = onig_node_list_add(NULL_NODE, prev_node);
if (IS_NULL(root)) {
onig_node_free(prev_node);
@@ -3677,6 +3679,7 @@ expand_case_fold_string(Node* node, regex_t* reg)
if (r != 0) goto mem_err;
if (IS_NOT_NULL(prev_node) && IS_NULL(root)) {
+ onig_node_free(top_root);
top_root = root = onig_node_list_add(NULL_NODE, prev_node);
if (IS_NULL(root)) {
onig_node_free(srem);
--
2.21.0

502
SOURCES/ruby-2.6.0-Try-to-update-cert.patch
View File

@ -1,502 +0,0 @@
From f234e6c3d3170f37508e214cdaef78d4b2584e5a Mon Sep 17 00:00:00 2001
From: kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 2 Jan 2019 03:08:20 +0000
Subject: [PATCH 1/2] Try to update cert
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66685 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/net/fixtures/cacert.pem | 86 +++++++-------------------
test/net/fixtures/server.crt | 113 +++++++++++++++++++++++------------
test/net/fixtures/server.key | 43 ++++++++-----
3 files changed, 124 insertions(+), 118 deletions(-)
diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem
index 7073387877..f623bd62ed 100644
--- a/test/net/fixtures/cacert.pem
+++ b/test/net/fixtures/cacert.pem
@@ -1,66 +1,24 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- b9:90:a2:bf:62:69:17:9c
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- Validity
- Not Before: Jan 3 01:34:17 2014 GMT
- Not After : Jan 2 01:34:17 2019 GMT
- Subject: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6:
- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be:
- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13:
- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5:
- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40:
- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d:
- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89:
- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6:
- d0:fc:d6:eb:fc:06:82:10:fb
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
- X509v3 Authority Key Identifier:
- keyid:E8:7E:58:AC:13:7B:03:22:8D:9E:AF:32:0B:84:89:80:80:0C:1E:C2
- DirName:/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org
- serial:B9:90:A2:BF:62:69:17:9C
-
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: sha1WithRSAEncryption
- 8f:77:06:4e:31:72:12:ee:68:09:70:27:d4:31:85:ef:10:95:
- f9:0f:2b:66:63:08:37:88:6e:b7:9b:40:3e:18:77:33:86:e8:
- 61:6a:b7:3c:cb:c7:a6:d6:d5:92:6a:1f:56:d0:9f:5c:32:56:
- d3:37:52:fe:0e:20:c2:7a:0d:fe:2d:3c:81:da:b8:7f:4d:6a:
- 08:01:d9:be:7a:a2:15:be:a6:ce:49:64:90:8c:9a:ca:6e:2e:
- 84:48:1d:94:19:56:94:46:aa:25:9b:68:c2:80:60:bf:cb:2e:
- 35:03:ea:0a:65:5a:33:38:c6:cc:81:46:c0:bc:36:86:96:39:
- 10:7d
-----BEGIN CERTIFICATE-----
-MIIDjTCCAvagAwIBAgIJALmQor9iaRecMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYD
-VQQGEwJKUDEQMA4GA1UECBMHU2hpbWFuZTEUMBIGA1UEBxMLTWF0ei1lIGNpdHkx
-FzAVBgNVBAoTDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDEwxSdWJ5IFRlc3QgQ0Ex
-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTQwMTAz
-MDEzNDE3WhcNMTkwMTAyMDEzNDE3WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT
-B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv
-cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
-ZWN1cml0eUBydWJ5LWxhbmcub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
-gQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv70BpBrLJE51+
-66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl9Ny7XaVBYOep
-dLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQABo4H0MIHxMB0G
-A1UdDgQWBBToflisE3sDIo2erzILhImAgAwewjCBwQYDVR0jBIG5MIG2gBToflis
-E3sDIo2erzILhImAgAwewqGBkqSBjzCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgT
-B1NoaW1hbmUxFDASBgNVBAcTC01hdHotZSBjaXR5MRcwFQYDVQQKEw5SdWJ5IENv
-cmUgVGVhbTEVMBMGA1UEAxMMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
-ZWN1cml0eUBydWJ5LWxhbmcub3JnggkAuZCiv2JpF5wwDAYDVR0TBAUwAwEB/zAN
-BgkqhkiG9w0BAQUFAAOBgQCPdwZOMXIS7mgJcCfUMYXvEJX5DytmYwg3iG63m0A+
-GHczhuhharc8y8em1tWSah9W0J9cMlbTN1L+DiDCeg3+LTyB2rh/TWoIAdm+eqIV
-vqbOSWSQjJrKbi6ESB2UGVaURqolm2jCgGC/yy41A+oKZVozOMbMgUbAvDaGljkQ
-fQ==
+MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD
+VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx
+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
+JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy
+MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM
+B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv
+cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz
+ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV
+SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI
+3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d
+BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L
+2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R
+WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9
+I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA
+of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q
+aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS
+2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee
+uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s
+K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+
+mA==
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt
index fa4f99493a..817ecc222c 100644
--- a/test/net/fixtures/server.crt
+++ b/test/net/fixtures/server.crt
@@ -1,48 +1,83 @@
Certificate:
Data:
- Version: 1 (0x0)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
Validity
- Not Before: Jan 3 01:34:17 2014 GMT
- Not After : Jan 2 01:34:17 2019 GMT
- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost
+ Not Before: Jan 2 03:06:53 2019 GMT
+ Not After : Jan 1 03:06:53 2024 GMT
+ Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
- RSA Public Key: (1024 bit)
- Modulus (1024 bit):
- 00:db:75:d0:45:de:b1:df:bf:71:a0:0e:b0:a5:e6:
- bc:f4:1c:9d:e5:25:67:64:c5:7b:cb:f1:af:c6:be:
- 9a:aa:ea:7e:0f:cc:05:af:ef:40:69:06:b2:c9:13:
- 9d:7e:eb:a2:06:e2:ea:7d:07:c7:c7:99:c7:fb:d5:
- b8:eb:63:77:62:2b:18:12:c3:53:58:d0:f5:c7:40:
- 0c:01:d1:26:82:34:16:09:e3:dc:65:f4:dc:bb:5d:
- a5:41:60:e7:a9:74:ba:d7:4c:b6:a3:9c:c5:8c:89:
- af:cb:e8:9f:05:fe:ea:fe:64:24:bf:e7:ed:e3:f6:
- d0:fc:d6:eb:fc:06:82:10:fb
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86:
+ c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68:
+ 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87:
+ e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71:
+ 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be:
+ c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3:
+ 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd:
+ 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57:
+ d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc:
+ 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84:
+ 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0:
+ 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f:
+ 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1:
+ dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd:
+ fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e:
+ 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de:
+ ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82:
+ 96:a9
Exponent: 65537 (0x10001)
- Signature Algorithm: sha1WithRSAEncryption
- 85:f5:d3:05:8b:8c:f4:43:1c:88:f2:8f:b2:f2:93:77:b7:3d:
- 95:c6:a0:34:bc:33:6a:d8:85:5f:3e:86:08:10:c5:5c:c1:76:
- a3:53:3c:dc:38:98:23:97:e7:da:21:ac:e8:4d:3c:96:70:29:
- ff:ff:1e:4a:9a:17:2b:db:04:62:b9:ef:ab:ea:a7:a5:e8:7c:
- b1:d5:ed:30:a8:6c:78:de:51:7e:e3:8a:c2:a4:64:a8:63:a2:
- bc:fd:43:9c:f3:55:7d:54:c9:6a:d8:53:1c:4b:6b:03:aa:b6:
- 19:e6:a4:4f:47:00:96:c5:42:59:85:4e:c3:4e:cd:41:82:53:
- 10:f8
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43
+ X509v3 Authority Key Identifier:
+ keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19:
+ 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4:
+ 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42:
+ 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7:
+ fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea:
+ 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75:
+ 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45:
+ ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87:
+ 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06:
+ 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d:
+ bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27:
+ f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07:
+ fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5:
+ 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87:
+ 9d:64:28:ce
-----BEGIN CERTIFICATE-----
-MIICXDCCAcUCAQAwDQYJKoZIhvcNAQEFBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD
-VQQIEwdTaGltYW5lMRQwEgYDVQQHEwtNYXR6LWUgY2l0eTEXMBUGA1UEChMOUnVi
-eSBDb3JlIFRlYW0xFTATBgNVBAMTDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ
-ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0xNDAxMDMwMTM0MTdaFw0xOTAx
-MDIwMTM0MTdaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIEwdTaGltYW5lMRcwFQYD
-VQQKEw5SdWJ5IENvcmUgVGVhbTESMBAGA1UECxMJUnVieSBUZXN0MRIwEAYDVQQD
-Ewlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANt10EXesd+/
-caAOsKXmvPQcneUlZ2TFe8vxr8a+mqrqfg/MBa/vQGkGsskTnX7rogbi6n0Hx8eZ
-x/vVuOtjd2IrGBLDU1jQ9cdADAHRJoI0Fgnj3GX03LtdpUFg56l0utdMtqOcxYyJ
-r8vonwX+6v5kJL/n7eP20PzW6/wGghD7AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA
-hfXTBYuM9EMciPKPsvKTd7c9lcagNLwzatiFXz6GCBDFXMF2o1M83DiYI5fn2iGs
-6E08lnAp//8eSpoXK9sEYrnvq+qnpeh8sdXtMKhseN5RfuOKwqRkqGOivP1DnPNV
-fVTJathTHEtrA6q2GeakT0cAlsVCWYVOw07NQYJTEPg=
+MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
+EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK
+DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI
+hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX
+DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
+JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m
+u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W
+vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI
+Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT
+Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI
+BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5
+MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
+cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME
+GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK
+Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx
+DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2
+Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN
+/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS
+SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm
+gJGByxo9tY6HnWQozg==
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key
index 7c57546ece..1e73232728 100644
--- a/test/net/fixtures/server.key
+++ b/test/net/fixtures/server.key
@@ -1,15 +1,28 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDbddBF3rHfv3GgDrCl5rz0HJ3lJWdkxXvL8a/Gvpqq6n4PzAWv
-70BpBrLJE51+66IG4up9B8fHmcf71bjrY3diKxgSw1NY0PXHQAwB0SaCNBYJ49xl
-9Ny7XaVBYOepdLrXTLajnMWMia/L6J8F/ur+ZCS/5+3j9tD81uv8BoIQ+wIDAQAB
-AoGAGtYHR+P5gFDaxiXFuCPFC1zMeg7e29XCU6gURIteQnQ2QhxCvcbV64HkLu51
-HeYWhB0Pa4aeCWxmpgb2e+JH4MEoIjeJSGyZQeqwkQLgWJDdvkgWx5am58QzA60I
-ipkZ9QHcPffSs5RiGx4yfr58KqAmwFphGCY8W7v4LqaENdECQQD9H5VTW9g4gj1c
-j3uNYvSI/D7a9P7gfI+ziczuwMm5xsBx3D/t5TAr3SJKNne3sl1E6ZERCUbzxf+C
-k58EiHx1AkEA3fRLGqDOq7EcQhbjTcA/v/t5MwlGEUsS9+XrqOWn50YuoIwRZJ3v
-qHRQzfQfFNklGtfBvwQ4md3irXjMeGVprwJBAMEAuwiDiHuV+xm/ofKtmE13IKot
-ksYy1BOOp/8IawhHXueyi+BmF/PqOkIiA+jCjNGF0oIN89beizPSQbbgJx0CQG/K
-qL1bu1ys0y/SeWBi8XkP/0aeaCUzq/UiYCTsrzoEll2UzvnftqMhGsXxLGqCyHaR
-r2s3hA6zvIVlL4+AfM8CQQClq+WDrC5VKciLYakZNWJjV1m+H2Ut/0fXdUjKHajE
-FWLcsrOhADf6bkTb71GwPxnKRkkRmud5upP0ZYYTqM4X
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k
+339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu
+cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l
+//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT
+XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP
+CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym
+WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM
+BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9
+fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j
+hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T
+uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q
+8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB
+s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z
+AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl
+lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x
+u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm
+gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr
+45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN
+W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM
+spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3
+bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW
+uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox
+kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+
+XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE
+bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml
+uCiVeqoPl+JIg4m8Tz76XWo=
+-----END PRIVATE KEY-----
--
2.20.1
From 1e0b49a293d3792826c67b7e05c5fcbd09c9ea6e Mon Sep 17 00:00:00 2001
From: kazu <kazu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 2 Jan 2019 03:29:01 +0000
Subject: [PATCH 2/2] Try to update cert (2nd try)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66686 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/net/fixtures/server.crt | 115 +++++++++++++++++------------------
test/net/fixtures/server.key | 52 ++++++++--------
2 files changed, 83 insertions(+), 84 deletions(-)
diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt
index 817ecc222c..5ca78a6d14 100644
--- a/test/net/fixtures/server.crt
+++ b/test/net/fixtures/server.crt
@@ -1,35 +1,35 @@
Certificate:
Data:
Version: 3 (0x2)
- Serial Number: 1 (0x1)
+ Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
Validity
- Not Before: Jan 2 03:06:53 2019 GMT
- Not After : Jan 1 03:06:53 2024 GMT
- Subject: C=JP, ST=Shimane, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org
+ Not Before: Jan 2 03:27:13 2019 GMT
+ Not After : Jan 1 03:27:13 2024 GMT
+ Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
- 00:c1:a9:64:ef:d3:f2:e1:1a:7f:24:df:7f:65:86:
- c1:98:55:16:83:91:16:5b:63:6e:26:bb:c0:73:68:
- 7b:f7:00:ba:37:db:7f:a9:5c:c8:98:aa:43:96:87:
- e1:a0:63:69:0c:d8:22:90:f5:56:22:b1:57:6e:71:
- 3b:30:04:d0:64:4d:38:33:a0:ea:c1:16:3d:16:be:
- c0:49:4c:f0:14:15:af:09:95:da:bf:c7:23:34:c3:
- 7d:af:b7:70:b3:6d:1b:de:21:93:c0:7c:6c:0e:fd:
- 0e:e5:ff:f3:80:51:0c:df:80:7c:40:46:c9:ca:57:
- d4:88:02:0f:f0:1e:14:18:f1:98:0f:c6:42:1d:cc:
- 90:29:71:1b:af:4a:22:e0:e7:86:fc:dd:d3:d8:84:
- 0e:5e:f0:9b:93:5f:0a:9a:1d:f8:f5:f3:e7:c7:b0:
- 7a:0e:25:20:13:02:1a:22:c2:d9:e0:7f:4f:a1:7f:
- 72:f6:e6:e1:14:7c:c5:93:7f:a6:96:3b:ab:d8:f1:
- dc:2b:01:d6:e5:fe:5c:cf:08:db:06:e9:fd:7d:bd:
- fe:2c:f4:8a:7b:9f:15:88:05:2e:f7:ba:c9:86:7e:
- 14:50:f4:96:a1:84:17:5d:f7:8b:0a:7a:14:2c:de:
- ca:00:74:f8:23:32:9d:66:af:1c:a6:58:1a:de:82:
- 96:a9
+ 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07:
+ 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48:
+ e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57:
+ 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67:
+ cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1:
+ 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7:
+ bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc:
+ 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1:
+ 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9:
+ 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19:
+ 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04:
+ 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3:
+ 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4:
+ de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d:
+ 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc:
+ e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d:
+ 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10:
+ 4f:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
@@ -37,47 +37,46 @@ Certificate:
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
- F2:C9:35:05:31:EF:08:EE:EF:B0:FE:1A:72:C2:9E:70:E3:E3:EC:43
+ ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36
X509v3 Authority Key Identifier:
keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53
Signature Algorithm: sha256WithRSAEncryption
- 02:e7:0a:22:7c:5e:d9:92:d2:b9:fb:4a:bf:75:3f:00:e6:19:
- 3e:90:a5:9d:38:41:82:4c:6f:b9:f3:f2:58:a1:91:7f:4a:d4:
- 28:38:9c:7c:4d:6c:2f:2f:95:f5:55:55:25:a1:71:0c:05:42:
- 08:a3:a6:ab:e3:04:47:9a:42:24:8f:b2:ba:50:55:af:b8:d7:
- fc:1a:13:92:5d:75:7d:e1:4d:87:5e:57:82:c5:5f:d6:b8:ea:
- 86:4e:05:b0:7f:07:27:a5:36:1f:1e:54:f1:32:35:7f:9c:75:
- 26:6a:21:75:37:32:bb:89:01:78:97:cc:d3:de:3a:e8:ce:45:
- ed:12:24:2e:a8:25:73:b3:cd:70:47:b8:81:f9:06:aa:8d:87:
- 2f:a9:cd:fe:79:40:cc:c9:47:3d:2f:82:c2:82:bf:5d:8a:06:
- 5b:a9:90:d3:b0:a7:fc:f3:1a:fb:0e:cb:8f:d8:f2:4e:f4:8d:
- bb:4b:d5:2d:20:c0:6e:d5:08:2b:81:32:c4:e0:d2:4b:31:27:
- f1:55:96:0e:d4:b9:92:02:71:98:69:e5:73:cc:52:45:a0:07:
- fb:28:9e:b0:fc:b1:58:42:5a:08:4a:30:49:e5:f1:a5:c8:d5:
- 8a:67:f0:ed:9e:3f:1b:71:a6:80:91:81:cb:1a:3d:b5:8e:87:
- 9d:64:28:ce
+ 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c:
+ ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35:
+ 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51:
+ fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a:
+ 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a:
+ 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15:
+ 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64:
+ 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62:
+ d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab:
+ 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d:
+ 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2:
+ 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff:
+ 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf:
+ da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69:
+ fd:be:bd:6e
-----BEGIN CERTIFICATE-----
-MIID+TCCAuGgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
+MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx
EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK
DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI
-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMDY1M1oX
-DTI0MDEwMTAzMDY1M1owdjELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex
-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBqWTv0/LhGn8k339lhsGYVRaDkRZbY24m
-u8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVducTswBNBkTTgzoOrBFj0W
-vsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l//OAUQzfgHxARsnKV9SI
-Ag/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuTXwqaHfj18+fHsHoOJSAT
-Ahoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzPCNsG6f19vf4s9Ip7nxWI
-BS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxymWBregpapAgMBAAGjezB5
-MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENl
-cnRpZmljYXRlMB0GA1UdDgQWBBTyyTUFMe8I7u+w/hpywp5w4+PsQzAfBgNVHSME
-GDAWgBT20SIp1T0j116tDJzmdY+dzfidUzANBgkqhkiG9w0BAQsFAAOCAQEAAucK
-Inxe2ZLSuftKv3U/AOYZPpClnThBgkxvufPyWKGRf0rUKDicfE1sLy+V9VVVJaFx
-DAVCCKOmq+MER5pCJI+yulBVr7jX/BoTkl11feFNh15XgsVf1rjqhk4FsH8HJ6U2
-Hx5U8TI1f5x1JmohdTcyu4kBeJfM09466M5F7RIkLqglc7PNcEe4gfkGqo2HL6nN
-/nlAzMlHPS+CwoK/XYoGW6mQ07Cn/PMa+w7Lj9jyTvSNu0vVLSDAbtUIK4EyxODS
-SzEn8VWWDtS5kgJxmGnlc8xSRaAH+yiesPyxWEJaCEowSeXxpcjVimfw7Z4/G3Gm
-gJGByxo9tY6HnWQozg==
+hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX
+DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx
+FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ
+zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj
+VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ
+wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r
+sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d
+dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o
+wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N
++J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ
+y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW
+EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL
+Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1
+oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j
+28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u
-----END CERTIFICATE-----
diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key
index 1e73232728..7f2380e71e 100644
--- a/test/net/fixtures/server.key
+++ b/test/net/fixtures/server.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBqWTv0/LhGn8k
-339lhsGYVRaDkRZbY24mu8BzaHv3ALo323+pXMiYqkOWh+GgY2kM2CKQ9VYisVdu
-cTswBNBkTTgzoOrBFj0WvsBJTPAUFa8Jldq/xyM0w32vt3CzbRveIZPAfGwO/Q7l
-//OAUQzfgHxARsnKV9SIAg/wHhQY8ZgPxkIdzJApcRuvSiLg54b83dPYhA5e8JuT
-XwqaHfj18+fHsHoOJSATAhoiwtngf0+hf3L25uEUfMWTf6aWO6vY8dwrAdbl/lzP
-CNsG6f19vf4s9Ip7nxWIBS73usmGfhRQ9JahhBdd94sKehQs3soAdPgjMp1mrxym
-WBregpapAgMBAAECggEAYQJ20oBMcSBxwknGqlfnkGRHI97A4UScgACa9fTH7EJM
-BgEJIRCeV4Mq2jP0/P/vNoTqQ8zxue02C9fiuzoeHbBkz8/y6Ig4T7V74vwMYzM9
-fEK50klxxFONGUF9zhOA2zPcrJZnFtcC6InfM07mcOsO0q/jE14N05ec3j5i+N7j
-hDHsHjS3hUiSEGra/U6TRGA26imDUZR5S3h3WMuFmpQgAg0STHc2inYjS9iVhn+T
-uAV2igYR89MOTcH1ZVoxjeYXwhqjWT6Kbw4Er4TWTVzwGf9ktv04EjZjhgUAqw7Q
-8Sc7Olt2q2tA7hQqdgJVgNMaszHqpKAECbAfuxuDtQKBgQD/r0zI9ZcTDQOgezaB
-s9UGbT5O5LruxLc/ExHRL7gpU7UsF/cc3Hp9zmDrzuUsq+UZlGewNnPBLHzaEq1z
-AZD9aa85umzXxcLzyg9ZnvN4kHLKIXhnnTEiShHtpRbqfybBKM7J+iQxXIYUf5tl
-lHTfEqG2/nTt4E50dhniIbIaAwKBgQDB5oS3LGXSn6zAWyUsAJaSeS8/3/O4Vz+x
-u8tZrICSFWBodwg46eHR9I379eayKhMGCsaAWx4ybWJWWEb/nM+fBGxBSnxb9jmm
-gHu93BQjK3sWS8qAGTwO5ehLEy0QRcCc+wb0lyo9hfh1grJioESVsiB9SXrxp8dr
-45JvxCCC4wKBgDGSKQ7lHm8hHMzmVoD6/pgKYgQlsGBOX0CpT9EAsXHBuuRbmRtN
-W6o8cuoE6MWqZfZ5oUi2peaT23jkGiCr8xJOhRxqGmQTAWMGj8dOW+HKD5dEufVM
-spP1TFiIo1K/aCIW6VCbYJz5VT1wKA6fo7EECbpSxxS/YjaOFyKSaddFAoGBAKk3
-bdcVrf70TqTIZlZSZRWLIMsTvPTBX9rSUxL9Um8qrKo+RzS0F9lNHaQn457UzSlW
-uglGe8HyaAGGpN9qkF7sUzVftcvjxEgklNkKeaB/z7mThzPn0dwGlIUARTGQThox
-kM5gJgLvKfgTiW49A93ISEZOnDbM/2KOhjt35A+VAoGAYsNAMBwjubVo0v1vqry+
-XG6VvPpgVjMiDQCsTEEcBqgRRuf6R5zndIhIvwmTNiUkGkE3w/vG0uCjtB82/kwE
-bzVheR0vZDN7s52OYRz4j0ddtYCqGSkvkWuEQfQFZUDTyLodwVQAT5aR+mcr4Qml
-uCiVeqoPl+JIg4m8Tz76XWo=
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN
+XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU
+Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC
+6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE
+cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ
+n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u
+/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ
+DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho
+LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX
+QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej
+hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ
+1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt
+liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd
+U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc
+pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC
+A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1
+ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs
+oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD
+gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ
+xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn
+kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ
+uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ
+y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ
+g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8
+wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7
+2whRF0FEjKA8ehrNhAq+VFfFNw==
-----END PRIVATE KEY-----
--
2.20.1

44
SOURCES/ruby-2.6.0-Update-for-tzdata-2018f.patch
View File

@ -1,44 +0,0 @@
From e71ca6cdcf108e6a2fa47ec9fadefe7554717908 Mon Sep 17 00:00:00 2001
From: nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 26 Oct 2018 01:47:09 +0000
Subject: [PATCH] Update for tzdata-2018f
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65365 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
test/ruby/test_time_tz.rb | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/test/ruby/test_time_tz.rb b/test/ruby/test_time_tz.rb
index 2da4fd8d9ce4..328fde48fc34 100644
--- a/test/ruby/test_time_tz.rb
+++ b/test/ruby/test_time_tz.rb
@@ -86,7 +86,9 @@ def group_by(e, &block)
has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon")
CORRECT_TOKYO_DST_1951 = with_tz("Asia/Tokyo") {
if Time.local(1951, 5, 6, 12, 0, 0).dst? # noon, DST
- Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata
+ if Time.local(1951, 5, 6, 1, 0, 0).dst? # DST with fixed tzdata
+ Time.local(1951, 9, 8, 23, 0, 0).dst? ? "2018f" : "2018e"
+ end
end
}
CORRECT_KIRITIMATI_SKIP_1994 = with_tz("Pacific/Kiritimati") {
@@ -347,12 +349,16 @@ def self.gen_zdump_test(data)
Asia/Singapore Thu Dec 31 16:29:59 1981 UTC = Thu Dec 31 23:59:59 1981 SGT isdst=0 gmtoff=27000
Asia/Singapore Thu Dec 31 16:30:00 1981 UTC = Fri Jan 1 00:30:00 1982 SGT isdst=0 gmtoff=28800
End
- gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' : <<'End'
+ gen_zdump_test CORRECT_TOKYO_DST_1951 ? <<'End' + (CORRECT_TOKYO_DST_1951 < "2018f" ? <<'2018e' : <<'2018f') : <<'End'
Asia/Tokyo Sat May 5 14:59:59 1951 UTC = Sat May 5 23:59:59 1951 JST isdst=0 gmtoff=32400
Asia/Tokyo Sat May 5 15:00:00 1951 UTC = Sun May 6 01:00:00 1951 JDT isdst=1 gmtoff=36000
+End
Asia/Tokyo Sat Sep 8 13:59:59 1951 UTC = Sat Sep 8 23:59:59 1951 JDT isdst=1 gmtoff=36000
Asia/Tokyo Sat Sep 8 14:00:00 1951 UTC = Sat Sep 8 23:00:00 1951 JST isdst=0 gmtoff=32400
-End
+2018e
+Asia/Tokyo Sat Sep 8 14:59:59 1951 UTC = Sun Sep 9 00:59:59 1951 JDT isdst=1 gmtoff=36000
+Asia/Tokyo Sat Sep 8 15:00:00 1951 UTC = Sun Sep 9 00:00:00 1951 JST isdst=0 gmtoff=32400
+2018f
Asia/Tokyo Sat May 5 16:59:59 1951 UTC = Sun May 6 01:59:59 1951 JST isdst=0 gmtoff=32400
Asia/Tokyo Sat May 5 17:00:00 1951 UTC = Sun May 6 03:00:00 1951 JDT isdst=1 gmtoff=36000
Asia/Tokyo Fri Sep 7 15:59:59 1951 UTC = Sat Sep 8 01:59:59 1951 JDT isdst=1 gmtoff=36000

20
SOURCES/ruby-2.6.0-library-options-to-MAINLIBS.patch
View File

@ -27,7 +27,7 @@ index aebbae1969a5..733a0c992fd7 100644
AC_DEFUN([RUBY_RM_RECURSIVE], [
m4_version_prereq([2.70], [-1], [
@@ -2938,13 +2939,11 @@ AS_IF([test x"$enable_pthread" = xyes], [
@@ -2939,13 +2940,11 @@ AS_IF([test x"$enable_pthread" = xyes], [
AC_DEFINE(_THREAD_SAFE)
AC_DEFINE(HAVE_LIBPTHREAD)
AC_CHECK_HEADERS(pthread_np.h, [], [], [@%:@include <pthread.h>])
@ -46,7 +46,7 @@ index aebbae1969a5..733a0c992fd7 100644
], [
AC_MSG_WARN("Don't know how to find pthread library on your system -- thread support disabled")
])
@@ -3623,7 +3622,7 @@ LIBRUBY_A='lib$(RUBY_SO_NAME)-static.a'
@@ -3624,7 +3623,7 @@ LIBRUBY_A='lib$(RUBY_SO_NAME)-static.a'
LIBRUBY='$(LIBRUBY_A)'
LIBRUBYARG_STATIC='-l$(RUBY_SO_NAME)-static'
LIBRUBYARG='$(LIBRUBYARG_STATIC)'
@ -55,7 +55,7 @@ index aebbae1969a5..733a0c992fd7 100644
AS_CASE(["$target_os"],
[cygwin*|mingw*|haiku*|darwin*], [
@@ -3689,9 +3688,6 @@ AS_CASE("$enable_shared", [yes], [
@@ -3690,9 +3689,6 @@ AS_CASE("$enable_shared", [yes], [
LIBRUBY_RELATIVE=no
test -z "$CCDLFLAGS" || CFLAGS="$CFLAGS $CCDLFLAGS"
ENABLE_SHARED=yes
@ -65,7 +65,7 @@ index aebbae1969a5..733a0c992fd7 100644
# libdir can be overridden in config.site file (on OpenSUSE at least).
libdir_basename=lib
@@ -3726,7 +3722,6 @@ AS_CASE("$enable_shared", [yes], [
@@ -3727,7 +3723,6 @@ AS_CASE("$enable_shared", [yes], [
])
],
[freebsd*|dragonfly*], [
@ -73,7 +73,7 @@ index aebbae1969a5..733a0c992fd7 100644
LIBRUBY_SO='lib$(RUBY_SO_NAME).$(SOEXT).$(MAJOR)$(MINOR)'
LIBRUBY_SONAME='$(LIBRUBY_SO)'
AS_IF([test "$rb_cv_binary_elf" != "yes" ], [
@@ -3735,7 +3730,6 @@ AS_CASE("$enable_shared", [yes], [
@@ -3736,7 +3731,6 @@ AS_CASE("$enable_shared", [yes], [
])
],
[netbsd*], [
@ -81,7 +81,7 @@ index aebbae1969a5..733a0c992fd7 100644
LIBRUBY_SONAME='lib$(RUBY_SO_NAME).$(SOEXT).$(MAJOR)$(MINOR)'
LIBRUBY_SO="${LIBRUBY_SONAME}"'.$(TEENY)'
RUBY_APPEND_OPTIONS(LIBRUBY_DLDFLAGS, ['-Wl,-soname,$(LIBRUBY_SONAME)' "$LDFLAGS_OPTDIR"])
@@ -3746,11 +3740,9 @@ AS_CASE("$enable_shared", [yes], [
@@ -3747,11 +3741,9 @@ AS_CASE("$enable_shared", [yes], [
])
],
[openbsd*|mirbsd*], [
@ -93,7 +93,7 @@ index aebbae1969a5..733a0c992fd7 100644
LIBRUBY_SO='lib$(RUBY_SO_NAME).$(SOEXT).$(MAJOR)'
LIBRUBY_SONAME='lib$(RUBY_SO_NAME).$(SOEXT).$(RUBY_PROGRAM_VERSION)'
LIBRUBY_ALIASES='$(LIBRUBY_SONAME) lib$(RUBY_SO_NAME).$(SOEXT)'
@@ -3768,7 +3760,7 @@ AS_CASE("$enable_shared", [yes], [
@@ -3769,7 +3761,7 @@ AS_CASE("$enable_shared", [yes], [
[aix*], [
RUBY_APPEND_OPTIONS(LIBRUBY_DLDFLAGS, ["${linker_flag}-bnoentry" "$XLDFLAGS" "$LDFLAGS_OPTDIR"])
LIBRUBYARG_SHARED='-L${libdir} -l${RUBY_SO_NAME}'
@ -102,7 +102,7 @@ index aebbae1969a5..733a0c992fd7 100644
],
[darwin*], [
LIBRUBY_LDSHARED='$(CC) -dynamiclib'
@@ -3788,7 +3780,6 @@ AS_CASE("$enable_shared", [yes], [
@@ -3789,7 +3781,6 @@ AS_CASE("$enable_shared", [yes], [
LIBRUBY_SO='lib$(RUBY_SO_NAME).$(SOEXT)'
LIBRUBY_SONAME='lib$(RUBY_BASE_NAME).$(RUBY_API_VERSION).$(SOEXT)'
LIBRUBY_ALIASES='$(LIBRUBY_SONAME) lib$(RUBY_INSTALL_NAME).$(SOEXT)'
@ -110,7 +110,7 @@ index aebbae1969a5..733a0c992fd7 100644
],
[interix*], [
LIBRUBYARG_SHARED='-L. -L${libdir} -l$(RUBY_SO_NAME)'
@@ -4031,7 +4022,6 @@ AS_CASE(["$target_os"],
@@ -4032,7 +4023,6 @@ AS_CASE(["$target_os"],
])
LIBRUBY_ALIASES=''
FIRSTMAKEFILE=GNUmakefile:cygwin/GNUmakefile.in
@ -118,7 +118,7 @@ index aebbae1969a5..733a0c992fd7 100644
AS_IF([test x"$enable_shared" = xyes], [
LIBRUBY='lib$(RUBY_SO_NAME).dll.a'
], [
@@ -4131,6 +4121,13 @@ AS_IF([test "${universal_binary-no}" = yes ], [
@@ -4132,6 +4122,13 @@ AS_IF([test "${universal_binary-no}" = yes ], [
[rb_cv_architecture_available=yes], [rb_cv_architecture_available=no]))
])

157
SOURCES/ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch
View File

@ -1,157 +0,0 @@
From 1dfc377ae3b174b043d3f0ed36de57b0296b34d0 Mon Sep 17 00:00:00 2001
From: rhe <rhe@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed, 8 Aug 2018 14:13:55 +0000
Subject: [PATCH] net/http, net/ftp: fix session resumption with TLS 1.3
When TLS 1.3 is in use, the session ticket may not have been sent yet
even though a handshake has finished. Also, the ticket could change if
multiple session ticket messages are sent by the server. Use
SSLContext#session_new_cb instead of calling SSLSocket#session
immediately after a handshake. This way also works with earlier protocol
versions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
lib/net/ftp.rb | 5 ++++-
lib/net/http.rb | 7 +++++--
test/net/http/test_https.rb | 35 ++++++++++-------------------------
3 files changed, 19 insertions(+), 28 deletions(-)
diff --git a/lib/net/ftp.rb b/lib/net/ftp.rb
index c3ee47ef4d36..9902f9dc657a 100644
--- a/lib/net/ftp.rb
+++ b/lib/net/ftp.rb
@@ -230,6 +230,10 @@ def initialize(host = nil, user_or_options = {}, passwd = nil, acct = nil)
if defined?(VerifyCallbackProc)
@ssl_context.verify_callback = VerifyCallbackProc
end
+ @ssl_context.session_cache_mode =
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+ @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
@ssl_session = nil
if options[:private_data_connection].nil?
@private_data_connection = true
@@ -349,7 +353,6 @@ def start_tls_session(sock)
if @ssl_context.verify_mode != VERIFY_NONE
ssl_sock.post_connection_check(@host)
end
- @ssl_session = ssl_sock.session
return ssl_sock
end
private :start_tls_session
diff --git a/lib/net/http.rb b/lib/net/http.rb
index 281b15cedff0..683a884f5dbe 100644
--- a/lib/net/http.rb
+++ b/lib/net/http.rb
@@ -969,6 +969,10 @@ def connect
end
@ssl_context = OpenSSL::SSL::SSLContext.new
@ssl_context.set_params(ssl_parameters)
+ @ssl_context.session_cache_mode =
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_CLIENT |
+ OpenSSL::SSL::SSLContext::SESSION_CACHE_NO_INTERNAL_STORE
+ @ssl_context.session_new_cb = proc {|sock, sess| @ssl_session = sess }
D "starting SSL for #{conn_address}:#{conn_port}..."
s = OpenSSL::SSL::SSLSocket.new(s, @ssl_context)
s.sync_close = true
@@ -976,13 +980,12 @@ def connect
s.hostname = @address if s.respond_to? :hostname=
if @ssl_session and
Process.clock_gettime(Process::CLOCK_REALTIME) < @ssl_session.time.to_f + @ssl_session.timeout
- s.session = @ssl_session if @ssl_session
+ s.session = @ssl_session
end
ssl_socket_connect(s, @open_timeout)
if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
s.post_connection_check(@address)
end
- @ssl_session = s.session
D "SSL established"
end
@socket = BufferedIO.new(s, read_timeout: @read_timeout,
diff --git a/test/net/http/test_https.rb b/test/net/http/test_https.rb
index 8004d5c5f29f..a5182a1fe9db 100644
--- a/test/net/http/test_https.rb
+++ b/test/net/http/test_https.rb
@@ -71,20 +71,11 @@ def test_session_reuse
http.get("/")
http.finish
- http.start
- http.get("/")
- http.finish # three times due to possible bug in OpenSSL 0.9.8
-
- sid = http.instance_variable_get(:@ssl_session).id
-
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
-
- assert socket.session_reused?
-
- assert_equal sid, http.instance_variable_get(:@ssl_session).id
+ assert_equal true, socket.session_reused?
http.finish
rescue SystemCallError
@@ -101,16 +92,12 @@ def test_session_reuse_but_expire
http.get("/")
http.finish
- sid = http.instance_variable_get(:@ssl_session).id
-
http.start
http.get("/")
socket = http.instance_variable_get(:@socket).io
assert_equal false, socket.session_reused?
- assert_not_equal sid, http.instance_variable_get(:@ssl_session).id
-
http.finish
rescue SystemCallError
skip $!
@@ -160,15 +147,16 @@ def test_certificate_verify_failure
end
def test_identity_verify_failure
+ # the certificate's subject has CN=localhost
http = Net::HTTP.new("127.0.0.1", config("port"))
http.use_ssl = true
- http.verify_callback = Proc.new do |preverify_ok, store_ctx|
- true
- end
+ http.cert_store = TEST_STORE
+ @log_tester = lambda {|_| }
ex = assert_raise(OpenSSL::SSL::SSLError){
http.request_get("/") {|res| }
}
- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
+ re_msg = /certificate verify failed|hostname \"127.0.0.1\" does not match/
+ assert_match(re_msg, ex.message)
end
def test_timeout_during_SSL_handshake
@@ -193,16 +181,13 @@ def test_timeout_during_SSL_handshake
end
def test_min_version
- http = Net::HTTP.new("127.0.0.1", config("port"))
+ http = Net::HTTP.new("localhost", config("port"))
http.use_ssl = true
http.min_version = :TLS1
- http.verify_callback = Proc.new do |preverify_ok, store_ctx|
- true
- end
- ex = assert_raise(OpenSSL::SSL::SSLError){
- http.request_get("/") {|res| }
+ http.cert_store = TEST_STORE
+ http.request_get("/") {|res|
+ assert_equal($test_net_http_data, res.body)
}
- assert_match(/hostname \"127.0.0.1\" does not match/, ex.message)
end
def test_max_version

214
SOURCES/ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch Normal file
View File

@ -0,0 +1,214 @@
From 091459248d3ce814e10d50cc4421f0c0454ef61f Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Sun, 30 Apr 2017 22:47:40 +0200
Subject: [PATCH 1/4] created.rid: use SOURCE_DATE_EPOCH
use SOURCE_DATE_EPOCH instead of current time in created.rid top line
to enable reproducible builds of ruby docs
See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.
---
lib/rdoc/rdoc.rb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
index 68775c8be1..a2711fbbd1 100644
--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
@@ -232,6 +232,9 @@ def store= store
def update_output_dir(op_dir, time, last = {})
return if @options.dry_run or not @options.update_output_dir
+ unless ENV['SOURCE_DATE_EPOCH'].nil?
+ time = Time.at(ENV['SOURCE_DATE_EPOCH'].to_i).gmtime
+ end
open output_flag_file(op_dir), "w" do |f|
f.puts time.rfc2822
--
2.21.0
From 73a935e9fa63b056ea0be69c0c923afdfb4d88da Mon Sep 17 00:00:00 2001
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
Date: Thu, 14 Dec 2017 10:54:54 +0100
Subject: [PATCH 2/4] Do not store current timestamps in gz headers
to enable reproducible builds of rdoc
Normally, 0 would be the preferred value to indicate "no date"
but that value is handled differently in Zlib::GzipWriter
to put in the current time
---
lib/rdoc/generator/json_index.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb
index e4cfe967c6..a059a5d4d0 100644
--- a/lib/rdoc/generator/json_index.rb
+++ b/lib/rdoc/generator/json_index.rb
@@ -175,7 +175,7 @@ def generate_gzipped
debug_msg "Writing gzipped search index to %s" % outfile
Zlib::GzipWriter.open(outfile) do |gz|
- gz.mtime = File.mtime(search_index_file)
+ gz.mtime = 1 # make output reproducible
gz.orig_name = search_index_file.basename.to_s
gz.write search_index
gz.close
@@ -193,7 +193,7 @@ def generate_gzipped
debug_msg "Writing gzipped file to %s" % outfile
Zlib::GzipWriter.open(outfile) do |gz|
- gz.mtime = File.mtime(dest)
+ gz.mtime = 1 # make output reproducible
gz.orig_name = dest.basename.to_s
gz.write data
gz.close
--
2.21.0
From 1b34b337b72918e83c3b952eed6998ad47974960 Mon Sep 17 00:00:00 2001
From: aycabta <aycabta@gmail.com>
Date: Sat, 27 Jan 2018 14:37:42 +0900
Subject: [PATCH 3/4] Improve reproducible builds for .js and .js.gz files
The mtime for search_index.js.gz should be updated because it's
generated dynamically. So uses SOURCE_DATE_EPOCH after
RDoc::Generator::JsonIndex#generate creates index file.
FileUtils.install in RDoc::Generator::JsonIndex#generate with :preserve
option because the mtime value is based on original .js file.
---
lib/rdoc/generator/json_index.rb | 9 +++++---
test/rdoc/test_rdoc_generator_json_index.rb | 25 ++++++++++++++++++++-
2 files changed, 30 insertions(+), 4 deletions(-)
diff --git a/lib/rdoc/generator/json_index.rb b/lib/rdoc/generator/json_index.rb
index a059a5d4d0..3a1000033d 100644
--- a/lib/rdoc/generator/json_index.rb
+++ b/lib/rdoc/generator/json_index.rb
@@ -147,12 +147,15 @@ def generate
JSON.dump data, io, 0
end
+ unless ENV['SOURCE_DATE_EPOCH'].nil?
+ index_file.utime index_file.atime, Time.at(ENV['SOURCE_DATE_EPOCH'].to_i).gmtime
+ end
Dir.chdir @template_dir do
Dir['**/*.js'].each do |source|
dest = File.join out_dir, source
- FileUtils.install source, dest, :mode => 0644, :verbose => $DEBUG_RDOC
+ FileUtils.install source, dest, :mode => 0644, :preserve => true, :verbose => $DEBUG_RDOC
end
end
end
@@ -175,7 +178,7 @@ def generate_gzipped
debug_msg "Writing gzipped search index to %s" % outfile
Zlib::GzipWriter.open(outfile) do |gz|
- gz.mtime = 1 # make output reproducible
+ gz.mtime = File.mtime(search_index_file)
gz.orig_name = search_index_file.basename.to_s
gz.write search_index
gz.close
@@ -193,7 +196,7 @@ def generate_gzipped
debug_msg "Writing gzipped file to %s" % outfile
Zlib::GzipWriter.open(outfile) do |gz|
- gz.mtime = 1 # make output reproducible
+ gz.mtime = File.mtime(dest)
gz.orig_name = dest.basename.to_s
gz.write data
gz.close
diff --git a/test/rdoc/test_rdoc_generator_json_index.rb b/test/rdoc/test_rdoc_generator_json_index.rb
index 6cb5463d29..65e7f087cc 100644
--- a/test/rdoc/test_rdoc_generator_json_index.rb
+++ b/test/rdoc/test_rdoc_generator_json_index.rb
@@ -8,7 +8,7 @@ class TestRDocGeneratorJsonIndex < RDoc::TestCase
def setup
super
- @tmpdir = File.join Dir.tmpdir, "test_rdoc_generator_darkfish_#{$$}"
+ @tmpdir = Dir.mktmpdir "test_rdoc_generator_darkfish_#{$$}_"
FileUtils.mkdir_p @tmpdir
@options = RDoc::Options.new
@@ -89,12 +89,21 @@ def test_file_dir
end
def test_generate
+ now = Time.now
@g.generate
assert_file 'js/searcher.js'
assert_file 'js/navigation.js'
assert_file 'js/search_index.js'
+ orig_file = Pathname(File.join @pwd, 'lib/rdoc/generator/template/json_index/js/navigation.js')
+ generated_file = Pathname(File.join @tmpdir, 'js/navigation.js')
+ assert_equal orig_file.mtime, generated_file.mtime
+ assert generated_file.mtime < now, '.js files should be the same timestamp'
+
+ generated_search_index = Pathname(File.join @tmpdir, 'js/search_index.js')
+ assert generated_search_index.mtime > (now - 1), 'search_index.js should be generated timestamp'
+
json = File.read 'js/search_index.js'
json =~ /\Avar search_data = /
@@ -137,6 +146,20 @@ def test_generate
assert_equal expected, index
end
+ def test_generate_search_index_with_reproducible_builds
+ backup_epoch = ENV['SOURCE_DATE_EPOCH']
+ ruby_birthday = Time.parse 'Wed, 24 Feb 1993 21:00:00 +0900'
+ ENV['SOURCE_DATE_EPOCH'] = ruby_birthday.to_i.to_s
+
+ @g.generate
+
+ assert_file 'js/search_index.js'
+ generated_search_index = Pathname(File.join @tmpdir, 'js/search_index.js')
+ assert_equal ruby_birthday, generated_search_index.mtime
+
+ ENV['SOURCE_DATE_EPOCH'] = backup_epoch
+ end
+
def test_generate_gzipped
begin
require 'zlib'
--
2.21.0
From 74c1e201f2146e7175e74d6fc0b9386c2e95210f Mon Sep 17 00:00:00 2001
From: aycabta <aycabta@gmail.com>
Date: Sat, 27 Jan 2018 17:54:31 +0900
Subject: [PATCH 4/4] Use dirty hack on JRuby for MiniTest 4
---
test/rdoc/test_rdoc_generator_json_index.rb | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/test/rdoc/test_rdoc_generator_json_index.rb b/test/rdoc/test_rdoc_generator_json_index.rb
index 65e7f087cc..714d496195 100644
--- a/test/rdoc/test_rdoc_generator_json_index.rb
+++ b/test/rdoc/test_rdoc_generator_json_index.rb
@@ -98,7 +98,11 @@ def test_generate
orig_file = Pathname(File.join @pwd, 'lib/rdoc/generator/template/json_index/js/navigation.js')
generated_file = Pathname(File.join @tmpdir, 'js/navigation.js')
- assert_equal orig_file.mtime, generated_file.mtime
+
+ # This is dirty hack on JRuby for MiniTest 4
+ assert orig_file.mtime.inspect == generated_file.mtime.inspect,
+ '.js files should be tha same timestamp of original'
+
assert generated_file.mtime < now, '.js files should be the same timestamp'
generated_search_index = Pathname(File.join @tmpdir, 'js/search_index.js')
--
2.21.0

61
SOURCES/ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch Normal file
View File

@ -0,0 +1,61 @@
diff --git a/ext/fiddle/closure.c b/ext/fiddle/closure.c
index 1a80b2b..b997e23 100644
--- a/ext/fiddle/closure.c
+++ b/ext/fiddle/closure.c
@@ -13,25 +13,11 @@ typedef struct {
ffi_type **argv;
} fiddle_closure;
-#if defined(USE_FFI_CLOSURE_ALLOC)
-#elif defined(__OpenBSD__) || defined(__APPLE__) || defined(__linux__)
-# define USE_FFI_CLOSURE_ALLOC 0
-#elif defined(RUBY_LIBFFI_MODVERSION) && RUBY_LIBFFI_MODVERSION < 3000005 && \
- (defined(__i386__) || defined(__x86_64__) || defined(_M_IX86) || defined(_M_AMD64))
-# define USE_FFI_CLOSURE_ALLOC 0
-#else
-# define USE_FFI_CLOSURE_ALLOC 1
-#endif
-
static void
dealloc(void * ptr)
{
fiddle_closure * cls = (fiddle_closure *)ptr;
-#if USE_FFI_CLOSURE_ALLOC
ffi_closure_free(cls->pcl);
-#else
- munmap(cls->pcl, sizeof(*cls->pcl));
-#endif
if (cls->argv) xfree(cls->argv);
xfree(cls);
}
@@ -205,12 +191,7 @@ allocate(VALUE klass)
VALUE i = TypedData_Make_Struct(klass, fiddle_closure,
&closure_data_type, closure);
-#if USE_FFI_CLOSURE_ALLOC
closure->pcl = ffi_closure_alloc(sizeof(ffi_closure), &closure->code);
-#else
- closure->pcl = mmap(NULL, sizeof(ffi_closure), PROT_READ | PROT_WRITE,
- MAP_ANON | MAP_PRIVATE, -1, 0);
-#endif
return i;
}
@@ -257,17 +238,8 @@ initialize(int rbargc, VALUE argv[], VALUE self)
if (FFI_OK != result)
rb_raise(rb_eRuntimeError, "error prepping CIF %d", result);
-#if USE_FFI_CLOSURE_ALLOC
result = ffi_prep_closure_loc(pcl, cif, callback,
(void *)self, cl->code);
-#else
- result = ffi_prep_closure(pcl, cif, callback, (void *)self);
- cl->code = (void *)pcl;
- i = mprotect(pcl, sizeof(*pcl), PROT_READ | PROT_EXEC);
- if (i) {
- rb_sys_fail("mprotect");
- }
-#endif
if (FFI_OK != result)
rb_raise(rb_eRuntimeError, "error prepping closure %d", result);

82
SPECS/ruby.spec
View File

@ -1,6 +1,6 @@
%global major_version 2
%global minor_version 5
%global teeny_version 3
%global teeny_version 5
%global major_minor_version %{major_version}.%{minor_version}
%global ruby_version %{major_minor_version}.%{teeny_version}
@ -21,15 +21,16 @@
%endif
%global release 104
%global release 105
%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
# The RubyGems library has to stay out of Ruby directory three, since the
# The RubyGems library has to stay out of Ruby directory tree, since the
# RubyGems should be share by all Ruby implementations.
%global rubygems_dir %{_datadir}/rubygems
# Bundled libraries versions
%global rubygems_version 2.7.6
%global rubygems_version 2.7.6.2
%global molinillo_version 0.5.7
# TODO: The IRB has strange versioning. Keep the Ruby's versioning ATM.
@ -147,21 +148,12 @@ Patch20: ruby-2.6.0-rdoc-6.0.1-fix-template-typo.patch
# Properly harden package using -fstack-protector-strong.
# https://bugs.ruby-lang.org/issues/15053
Patch24: ruby-2.6.0-configure-fstack-protector-strong.patch
# Fix Tokyo TZ tests.
# https://github.com/ruby/ruby/commit/e71ca6cdcf108e6a2fa47ec9fadefe7554717908
Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch
# Refresh expired certificates.
# https://bugs.ruby-lang.org/issues/15502
# https://github.com/ruby/ruby/commit/6f9b40ea53d8f3fb2a5b1c7ac55c207d42c77ef4
Patch11: ruby-2.6.0-Try-to-update-cert.patch
# CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
# https://bugzilla.redhat.com/show_bug.cgi?id=1692520
# https://github.com/rubygems/rubygems/commit/8e61a52f49c9530706cd73d2f1edc10f097e591f
Patch26: ruby-2.5.4-fix-malicious-gem-to-lead-to-arbitrary-code-execution.patch
# Fix CovScan issues.
# https://bugzilla.redhat.com/show_bug.cgi?id=1628592
# https://bugs.ruby-lang.org/issues/15116
# https://github.com/ruby/ruby/commit/893949167bdb911c7db9fd59de85f288c09741e1
Patch25: ruby-2.6.0-Fix-issues-detected-by-code-analysis-tool.patch
# Fix some OpenSSL 1.1.1 test failures.
# https://github.com/ruby/ruby/commit/1dfc377ae3b174b043d3f0ed36de57b0296b34d0
Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with-TLS-1.3.patch
# Add support for .include directive used by OpenSSL config files.
# https://github.com/ruby/openssl/pull/216
Patch22: ruby-2.6.0-config-support-include-directive.patch
@ -169,6 +161,19 @@ Patch22: ruby-2.6.0-config-support-include-directive.patch
# https://github.com/ruby/openssl/pull/217
Patch23: ruby-2.6.0-use-larger-keys-for-SSL-tests.patch
# Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64.
# https://bugzilla.redhat.com/show_bug.cgi?id=1727832
# https://bugzilla.redhat.com/show_bug.cgi?id=1721569
# https://github.com/ruby/fiddle/pull/20
Patch26: ruby-2.6.3-fiddle-1.0.0-ffi-closure-alloc-default.patch
# Fix rdoc gzipped javascript pages are not the same across multilib.
# https://github.com/ruby/ruby/commit/98c7058bf7b3eab91c62a77cb10b09f6c8ed368e
# https://github.com/ruby/rdoc/commit/524a8ffc7efbc10b09234f7ac3f81d30a3f9f65c
# https://github.com/ruby/rdoc/commit/2df261bb8a9336438508bba94e22e0f968f88983
# https://github.com/ruby/rdoc/commit/8e1916b89ef1d50930c2c863119ddb6ce6c796ed
# https://github.com/ruby/rdoc/commit/5a8dc7ce883b24539918c75a460a740943c46970
Patch27: ruby-2.6.0-rdoc-6.0.2-fix-different-js-gz-pages-across-multilib.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Suggests: rubypick
Recommends: ruby(rubygems) >= %{rubygems_version}
@ -193,6 +198,7 @@ BuildRequires: procps
%{?with_hardening_test:BuildRequires: %{_bindir}/checksec}
BuildRequires: multilib-rpm-config
BuildRequires: gcc
BuildRequires: zlib-devel
# This package provides %%{_bindir}/ruby-mri therefore it is marked by this
# virtual provide. It can be installed as dependency of rubypick.
@ -550,16 +556,24 @@ rm -rf ext/fiddle/libffi*
%patch7 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch15 -p1
%patch16 -p1
%patch19 -p1
# Preserve rdoc's js file timestamp modified by patch command
# for reproducible build. It is used as generated js.gz file's metadata.
# https://bugzilla.redhat.com/show_bug.cgi?id=1719647
# https://github.com/junaruga/rdoc/blob/v6.0.2/lib/rdoc/generator/json_index.rb#L199
# https://github.com/rpm-software-management/rpm/issues/788
ORIG_EPOCH=$(stat --printf='%y' lib/rdoc/generator/template/json_index/js/navigation.js)
%patch20 -p1
touch -d "${ORIG_EPOCH}" lib/rdoc/generator/template/json_index/js/navigation.js
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
# Provide an example of usage of the tapset:
cp -a %{SOURCE3} .
@ -719,12 +733,14 @@ sed -i '/^end$/ i\
# Move man pages into proper location
mv %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/doc/rake.1 %{buildroot}%{_mandir}/man1
%if %{with systemtap}
# Install a tapset and fix up the path to the library.
mkdir -p %{buildroot}%{tapset_dir}
sed -e "s|@LIBRARY_PATH@|%{tapset_libdir}/libruby.so.%{major_minor_version}|" \
%{SOURCE2} > %{buildroot}%{tapset_dir}/libruby.so.%{major_minor_version}.stp
# Escape '*/' in comment.
sed -i -r "s|( \*.*\*)\/(.*)|\1\\\/\2|" %{buildroot}%{tapset_dir}/libruby.so.%{major_minor_version}.stp
%endif
# Prepare -doc subpackage file lists.
find doc -maxdepth 1 -type f ! -name '.*' ! -name '*.ja*' > .ruby-doc.en
@ -963,7 +979,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
%{ruby_libarchdir}/syslog.so
%{ruby_libarchdir}/zlib.so
%{tapset_root}
%{?with_systemtap:%{tapset_root}}
%files -n rubygems
%{_bindir}/gem
@ -1033,7 +1049,7 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
%files doc -f .ruby-doc.en -f .ruby-doc.ja
%doc README.md
%doc ChangeLog
%doc ruby-exercise.stp
%{?with_systemtap:%doc ruby-exercise.stp}
%{_datadir}/ri
%files -n rubygem-bigdecimal
@ -1110,9 +1126,25 @@ OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file OPENSSL_CONF='' \
%{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
%changelog
* Tue May 07 2019 Jun Aruga <jaruga@redhat.com> - 2.5.3-104
- Prohibit arbitrary code execution when installing a malicious gem.
Resolves: CVE-2019-8324
* Thu Jul 04 2019 Jun Aruga <jaruga@redhat.com> - 2.5.5-105
- Use ffi_closure_alloc to avoid segmentation fault by libffi on aarch64.
Resolves: rhbz#1727832
- Properly support %%prerelease in %%gemspec_ macros.
Related: rhbz#1688758
- Fix rdoc gzipped javascript pages are not the same across multilib.
Resolves: rhbz#1719647
* Wed Apr 17 2019 Vít Ondruch <vondruch@redhat.com> - 2.5.5-104
- Update to Ruby 2.5.5.
* Remove Patch25: ruby-2.6.0-Update-for-tzdata-2018f.patch; subsumed
* Remove Patch11: ruby-2.6.0-Try-to-update-cert.patch; subsumed
* Remove Patch19: ruby-2.6.0-net-http-net-ftp-fix-session-resumption-with
-TLS-1.3.patch; subsumed
Resolves: rhbz#1688758
- Don't ship .stp files when SystemTap support is disabled.
Related: rhbz#1657915
- Fix CovScan issues.
Resolves: rhbz#1628592
* Fri Jan 11 2019 Jun Aruga <jaruga@redhat.com> - 2.5.3-103
- Refresh expired certificates to fix FTBFS.