Fix OpenSSL ASN1 assertions, they are invalid without seconds.

Fix test failures in ASN1 decoding, where time format is passed without seconds. That is invalid with current OpenSSL. Fixes failures: ``` 2) Error: OpenSSL::TestASN1#test_generalizedtime: OpenSSL::ASN1::ASN1Error: generalizedtime is too short /builddir/build/BUILD/ruby-3.0.7/test/openssl/test_asn1.rb:701:in `decode' /builddir/build/BUILD/ruby-3.0.7/test/openssl/test_asn1.rb:701:in `decode_test' /builddir/build/BUILD/ruby-3.0.7/test/openssl/test_asn1.rb:436:in `test_generalizedtime' 3) Error: OpenSSL::TestASN1#test_utctime: OpenSSL::ASN1::ASN1Error: utctime is too short /builddir/build/BUILD/ruby-3.0.7/test/openssl/test_asn1.rb:701:in `decode' /builddir/build/BUILD/ruby-3.0.7/test/openssl/test_asn1.rb:701:in `decode_test' /builddir/build/BUILD/ruby-3.0.7/test/openssl/test_asn1.rb:409:in `test_utctime' ``` See: https://github.com/ruby/openssl/pull/728 Source: 2e826d5715 Related: RHEL-86130
2025-05-13 11:59:04 +02:00 · 2025-05-13 11:59:04 +02:00 · 30901750d9
commit 30901750d9
parent ee7b09f20b
2 changed files with 66 additions and 0 deletions
--- a/ruby.spec
+++ b/ruby.spec
@ -342,6 +342,9 @@ Patch77: rubygem-cgi-0.3.5.1-Fix-ReDoS-in-CGI-CVE-2025-27220.patch
 # Only CSR version 1 (encoded as 0) is allowed by PKIX standards
 # https://github.com/ruby/openssl/pull/747
 Patch78: rubygem-openssl-3.3.0-Only-CSR-version-1-encoded-as-0-is-allowed-by-PKIX.patch
+# Remove the assertions of the time string format without second.
+# https://github.com/ruby/openssl/pull/728
+Patch79: rubygem-openssl-3.3.0-test_asn1.rb-Remove-the-assertions-of-the-time.patch

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@ -823,6 +826,7 @@ rm -rf ext/fiddle/libffi*
 %patch76 -p1
 %patch77 -p1
 %patch78 -p1
+%patch79 -p1

 # Instead of adjusting patch's directory, use the following form where
 # we first enter the correct directory, this allows more general application
--- a/rubygem-openssl-3.3.0-test_asn1.rb-Remove-the-assertions-of-the-time.patch
+++ b/rubygem-openssl-3.3.0-test_asn1.rb-Remove-the-assertions-of-the-time.patch
@ -0,0 +1,62 @@
+From 561b56fcb552654e7c9449959f49fbc014798a58 Mon Sep 17 00:00:00 2001
+From: Jun Aruga <jaruga@redhat.com>
+Date: Tue, 12 Mar 2024 14:39:05 +0100
+Subject: [PATCH] test_asn1.rb: Remove the assertions of the time string format
+ without second.
+
+This commit fixes the following errors in the tests.
+Because the OpenSSL project changed the code to make the time string format
+without second invalid. So, we drop the assertions.
+
+```
+1) Error: test_generalizedtime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: generalizedtime is too short
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:433:in `test_generalizedtime'
+     430:       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
+     431:     # LibreSSL 3.6.0 requires the seconds element
+     432:     return if libressl?
+  => 433:     decode_test B(%w{ 18 0D }) + "201612081934Z".b,
+     434:       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
+     435:     # not implemented
+     436:     # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
+
+2) Error: test_utctime(OpenSSL::TestASN1): OpenSSL::ASN1::ASN1Error: utctime is too short
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:698:in `decode_test'
+/home/runner/work/ruby-openssl/ruby-openssl/test/openssl/test_asn1.rb:411:in `test_utctime'
+     408:     end
+     409:     # Seconds is omitted. LibreSSL 3.6.0 requires it
+     410:     return if libressl?
+  => 411:     decode_test B(%w{ 17 0B }) + "1609082343Z".b,
+     412:       OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
+     413:     # not implemented
+     414:     # decode_test B(%w{ 17 11 }) + "500908234339+0930".b,
+```
+---
+ test/openssl/test_asn1.rb | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
+index af069cad6e..b5cf1adfd8 100644
+--- a/test/openssl/test_asn1.rb
+++ b/test/openssl/test_asn1.rb
+@@ -405,9 +405,6 @@ def test_set
+   def test_utctime
+     encode_decode_test B(%w{ 17 0D }) + "160908234339Z".b,
+       OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 39))
+-    # Seconds is omitted
+-    decode_test B(%w{ 17 0B }) + "1609082343Z".b,
+-      OpenSSL::ASN1::UTCTime.new(Time.utc(2016, 9, 8, 23, 43, 0))
+     begin
+       # possible range of UTCTime is 1969-2068 currently
+       encode_decode_test B(%w{ 17 0D }) + "690908234339Z".b,
+@@ -433,8 +430,6 @@ def test_generalizedtime
+       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 29))
+     encode_decode_test B(%w{ 18 0F }) + "99990908234339Z".b,
+       OpenSSL::ASN1::GeneralizedTime.new(Time.utc(9999, 9, 8, 23, 43, 39))
+-    decode_test B(%w{ 18 0D }) + "201612081934Z".b,
+-      OpenSSL::ASN1::GeneralizedTime.new(Time.utc(2016, 12, 8, 19, 34, 0))
+     # not implemented
+     # decode_test B(%w{ 18 13 }) + "20161208193439+0930".b,
+     #   OpenSSL::ASN1::GeneralizedTime.new(Time.new(2016, 12, 8, 19, 34, 39, "+09:30"))