diff --git a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index 826d5f5..acd58b9 100644 --- a/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3470,6 +3470,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3473,6 +3473,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index fb9b618..996486a 100644 --- a/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4309,7 +4309,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4312,7 +4312,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/ruby-2.1.0-always-use-i386.patch b/ruby-2.1.0-always-use-i386.patch index a64b812..38eba5e 100644 --- a/ruby-2.1.0-always-use-i386.patch +++ b/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4373,6 +4373,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4376,6 +4376,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/ruby-2.1.0-custom-rubygems-location.patch b/ruby-2.1.0-custom-rubygems-location.patch index 91e53a1..98dd7ac 100644 --- a/ruby-2.1.0-custom-rubygems-location.patch +++ b/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4345,6 +4345,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4348,6 +4348,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4369,6 +4373,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4372,6 +4376,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/ruby-2.3.0-ruby_version.patch b/ruby-2.3.0-ruby_version.patch index c921c36..6ba802e 100644 --- a/ruby-2.3.0-ruby_version.patch +++ b/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -4259,9 +4259,6 @@ AS_CASE(["$target_os"], +@@ -4262,9 +4262,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4284,57 +4281,63 @@ AC_ARG_WITH(ridir, +@@ -4287,57 +4284,63 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -122,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4351,6 +4354,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4354,6 +4357,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl diff --git a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch index 9baaf27..23a6db8 100644 --- a/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch +++ b/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch @@ -13,7 +13,7 @@ diff --git a/hash.c b/hash.c index 78e9d9a2d6..f6525ba4a5 100644 --- a/hash.c +++ b/hash.c -@@ -4377,16 +4377,13 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4385,16 +4385,13 @@ rb_hash_compare_by_id(VALUE hash) if (hash_iterating_p(hash)) { rb_raise(rb_eRuntimeError, "compare_by_identity during iteration"); } @@ -33,7 +33,7 @@ index 78e9d9a2d6..f6525ba4a5 100644 // Slow path: Need to rehash the members of `self` into a new // `tmp` table using the new `identhash` compare/hash functions. tmp = hash_alloc(0); -@@ -4394,10 +4391,8 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4402,10 +4399,8 @@ rb_hash_compare_by_id(VALUE hash) identtable = RHASH_ST_TABLE(tmp); rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); @@ -60,7 +60,7 @@ diff --git a/hash.c b/hash.c index f6525ba4a5..cf83675c70 100644 --- a/hash.c +++ b/hash.c -@@ -4380,22 +4380,15 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4388,22 +4388,15 @@ rb_hash_compare_by_id(VALUE hash) ar_force_convert_table(hash, __FILE__, __LINE__); HASH_ASSERT(RHASH_ST_TABLE_P(hash)); diff --git a/ruby-3.4.0-Fix-pointer-incompatiblity.patch b/ruby-3.4.0-Fix-pointer-incompatiblity.patch new file mode 100644 index 0000000..2bd7a53 --- /dev/null +++ b/ruby-3.4.0-Fix-pointer-incompatiblity.patch @@ -0,0 +1,24 @@ +From 055613fd868a8c94e43893f8c58a00cdd2a81f6d Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Fri, 22 Mar 2024 18:18:35 +0900 +Subject: [PATCH] Fix pointer incompatiblity + +Since the subsecond part is discarded, WIDEVAL to VALUE conversion is +needed. +--- + time.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/time.c b/time.c +index 6179b081c02fc9..3304b2f4f4856a 100644 +--- a/time.c ++++ b/time.c +@@ -2342,7 +2342,7 @@ zone_timelocal(VALUE zone, VALUE time) + struct time_object *tobj = RTYPEDDATA_GET_DATA(time); + wideval_t t, s; + +- split_second(tobj->timew, &t, &s); ++ wdivmod(tobj->timew, WINT2FIXWV(TIME_SCALE), &t, &s); + tm = tm_from_time(rb_cTimeTM, time); + utc = rb_check_funcall(zone, id_local_to_utc, 1, &tm); + if (UNDEF_P(utc)) return 0; diff --git a/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch b/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch deleted file mode 100644 index b509cb4..0000000 --- a/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch +++ /dev/null @@ -1,241 +0,0 @@ -From c3655b89e7c06555a2e0bf13affb8a63a49f4296 Mon Sep 17 00:00:00 2001 -From: Jarek Prokop -Date: Fri, 26 Jan 2024 11:19:48 +0100 -Subject: [PATCH] Revert "Set AI_ADDRCONFIG when making getaddrinfo(3) calls - for outgoing conns (#7295)" - -This reverts commit d2ba8ea54a4089959afdeecdd963e3c4ff391748. - -The purpose of the commit is to workaround a GLIBC bug [0] still present -in older Ubuntu [1]. C8S/RHEL 8 has the fix for some time [2] and the -Ruby workaround is causing problems for us [3]. Therefore we can -revert it for EL8, EL9, and Fedora distros. - -[0] https://sourceware.org/bugzilla/show_bug.cgi?id=26600 -[1] https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961697 -[2] https://bugzilla.redhat.com/show_bug.cgi?id=1868106 -[3] https://bugs.ruby-lang.org/issues/20208 ---- - ext/socket/extconf.rb | 2 - - ext/socket/ipsocket.c | 11 +-- - test/socket/test_tcp.rb | 164 ---------------------------------------- - 3 files changed, 2 insertions(+), 175 deletions(-) - -diff --git a/ext/socket/extconf.rb b/ext/socket/extconf.rb -index 544bed5298..1ca52da366 100644 ---- a/ext/socket/extconf.rb -+++ b/ext/socket/extconf.rb -@@ -607,8 +607,6 @@ def %(s) s || self end - EOS - end - -- have_const('AI_ADDRCONFIG', headers) -- - case with_config("lookup-order-hack", "UNSPEC") - when "INET" - $defs << "-DLOOKUP_ORDER_HACK_INET" -diff --git a/ext/socket/ipsocket.c b/ext/socket/ipsocket.c -index 0a693655b4..0c13620258 100644 ---- a/ext/socket/ipsocket.c -+++ b/ext/socket/ipsocket.c -@@ -54,22 +54,15 @@ init_inetsock_internal(VALUE v) - VALUE connect_timeout = arg->connect_timeout; - struct timeval tv_storage; - struct timeval *tv = NULL; -- int remote_addrinfo_hints = 0; - - if (!NIL_P(connect_timeout)) { - tv_storage = rb_time_interval(connect_timeout); - tv = &tv_storage; - } - -- if (type == INET_SERVER) { -- remote_addrinfo_hints |= AI_PASSIVE; -- } --#ifdef HAVE_CONST_AI_ADDRCONFIG -- remote_addrinfo_hints |= AI_ADDRCONFIG; --#endif -- - arg->remote.res = rsock_addrinfo(arg->remote.host, arg->remote.serv, -- family, SOCK_STREAM, remote_addrinfo_hints); -+ family, SOCK_STREAM, -+ (type == INET_SERVER) ? AI_PASSIVE : 0); - - - /* -diff --git a/test/socket/test_tcp.rb b/test/socket/test_tcp.rb -index 35d361f060..7f9dc53cae 100644 ---- a/test/socket/test_tcp.rb -+++ b/test/socket/test_tcp.rb -@@ -140,168 +140,4 @@ def test_accept_multithread - server_threads.each(&:join) - end - end -- -- def test_ai_addrconfig -- # This test verifies that we pass AI_ADDRCONFIG to the DNS resolver when making -- # an outgoing connection. -- # The verification of this is unfortunately incredibly convoluted. We perform the -- # test by setting up a fake DNS server to receive queries. Then, we construct -- # an environment which has only IPv4 addresses and uses that fake DNS server. We -- # then attempt to make an outgoing TCP connection. Finally, we verify that we -- # only received A and not AAAA queries on our fake resolver. -- # This test can only possibly work on Linux, and only when run as root. If either -- # of these conditions aren't met, the test will be skipped. -- -- # The construction of our IPv6-free environment must happen in a child process, -- # which we can put in its own network & mount namespaces. -- -- omit "This test is disabled. It is retained to show the original intent of [ruby-core:110870]" -- -- IO.popen("-") do |test_io| -- if test_io.nil? -- begin -- # Child program -- require 'fiddle' -- require 'resolv' -- require 'open3' -- -- libc = Fiddle.dlopen(nil) -- begin -- unshare = Fiddle::Function.new(libc['unshare'], [Fiddle::TYPE_INT], Fiddle::TYPE_INT) -- rescue Fiddle::DLError -- # Test can't run because we don't have unshare(2) in libc -- # This will be the case on not-linux, and also on very old glibc versions (or -- # possibly other libc's that don't expose this syscall wrapper) -- $stdout.write(Marshal.dump({result: :skip, reason: "unshare(2) or mount(2) not in libc"})) -- exit -- end -- -- # Move our test process into a new network & mount namespace. -- # This environment will be configured to be IPv6 free and point DNS resolution -- # at a fake DNS server. -- # (n.b. these flags are CLONE_NEWNS | CLONE_NEWNET) -- ret = unshare.call(0x00020000 | 0x40000000) -- errno = Fiddle.last_error -- if ret == -1 && errno == Errno::EPERM::Errno -- # Test can't run because we're not root. -- $stdout.write(Marshal.dump({result: :skip, reason: "insufficient permissions to unshare namespaces"})) -- exit -- elsif ret == -1 && (errno == Errno::ENOSYS::Errno || errno == Errno::EINVAL::Errno) -- # No unshare(2) in the kernel (or kernel too old to know about this namespace type) -- $stdout.write(Marshal.dump({result: :skip, reason: "errno #{errno} calling unshare(2)"})) -- exit -- elsif ret == -1 -- # Unexpected failure -- raise "errno #{errno} calling unshare(2)" -- end -- -- # Set up our fake DNS environment. Clean out /etc/hosts... -- fake_hosts_file = Tempfile.new('ruby_test_hosts') -- fake_hosts_file.write <<~HOSTS -- 127.0.0.1 localhost -- ::1 localhost -- HOSTS -- fake_hosts_file.flush -- -- # Have /etc/resolv.conf point to 127.0.0.1... -- fake_resolv_conf = Tempfile.new('ruby_test_resolv') -- fake_resolv_conf.write <<~RESOLV -- nameserver 127.0.0.1 -- RESOLV -- fake_resolv_conf.flush -- -- # Also stub out /etc/nsswitch.conf; glibc can have other resolver modules -- # (like systemd-resolved) configured in there other than just using dns, -- # so rewrite it to remove any `hosts:` lines and add one which just uses -- # dns. -- real_nsswitch_conf = File.read('/etc/nsswitch.conf') rescue "" -- fake_nsswitch_conf = Tempfile.new('ruby_test_nsswitch') -- real_nsswitch_conf.lines.reject { _1 =~ /^\s*hosts:/ }.each do |ln| -- fake_nsswitch_conf.puts ln -- end -- fake_nsswitch_conf.puts "hosts: files myhostname dns" -- fake_nsswitch_conf.flush -- -- # This is needed to make sure our bind-mounds aren't visible outside this process. -- system 'mount', '--make-rprivate', '/', exception: true -- # Bind-mount the fake files over the top of the real files. -- system 'mount', '--bind', '--make-private', fake_hosts_file.path, '/etc/hosts', exception: true -- system 'mount', '--bind', '--make-private', fake_resolv_conf.path, '/etc/resolv.conf', exception: true -- system 'mount', '--bind', '--make-private', fake_nsswitch_conf.path, '/etc/nsswitch.conf', exception: true -- -- # Create a dummy interface with only an IPv4 address -- system 'ip', 'link', 'add', 'dummy0', 'type', 'dummy', exception: true -- system 'ip', 'addr', 'add', '192.168.1.2/24', 'dev', 'dummy0', exception: true -- system 'ip', 'link', 'set', 'dummy0', 'up', exception: true -- system 'ip', 'link', 'set', 'lo', 'up', exception: true -- -- # Disable IPv6 on this interface (this is needed to disable the link-local -- # IPv6 address) -- File.open('/proc/sys/net/ipv6/conf/dummy0/disable_ipv6', 'w') do |f| -- f.puts "1" -- end -- -- # Create a fake DNS server which will receive the DNS queries triggered by TCPSocket.new -- fake_dns_server_socket = UDPSocket.new -- fake_dns_server_socket.bind('127.0.0.1', 53) -- received_dns_queries = [] -- fake_dns_server_thread = Thread.new do -- Socket.udp_server_loop_on([fake_dns_server_socket]) do |msg, msg_src| -- request = Resolv::DNS::Message.decode(msg) -- received_dns_queries << request -- response = request.dup.tap do |r| -- r.qr = 0 -- r.rcode = 3 # NXDOMAIN -- end -- msg_src.reply response.encode -- end -- end -- -- # Make a request which will hit our fake DNS swerver - this needs to be in _another_ -- # process because glibc will cache resolver info across the fork otherwise. -- load_path_args = $LOAD_PATH.flat_map { ['-I', _1] } -- Open3.capture3('/proc/self/exe', *load_path_args, '-rsocket', '-e', <<~RUBY) -- TCPSocket.open('www.example.com', 4444) -- RUBY -- -- fake_dns_server_thread.kill -- fake_dns_server_thread.join -- -- have_aaaa_qs = received_dns_queries.any? do |query| -- query.question.any? do |question| -- question[1] == Resolv::DNS::Resource::IN::AAAA -- end -- end -- -- have_a_q = received_dns_queries.any? do |query| -- query.question.any? do |question| -- question[0].to_s == "www.example.com" -- end -- end -- -- if have_aaaa_qs -- $stdout.write(Marshal.dump({result: :fail, reason: "got AAAA queries, expected none"})) -- elsif !have_a_q -- $stdout.write(Marshal.dump({result: :fail, reason: "got no A query for example.com"})) -- else -- $stdout.write(Marshal.dump({result: :success})) -- end -- rescue => ex -- $stdout.write(Marshal.dump({result: :fail, reason: ex.full_message})) -- ensure -- # Make sure the child process does not transfer control back into the test runner. -- exit! -- end -- else -- test_result = Marshal.load(test_io.read) -- -- case test_result[:result] -- when :skip -- omit test_result[:reason] -- when :fail -- fail test_result[:reason] -- end -- end -- end -- end - end if defined?(TCPSocket) --- -2.43.0 - diff --git a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch index 9ab7078..de93143 100644 --- a/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch +++ b/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch @@ -1,39 +1,7 @@ -From 8af8f327457738620d2c85bd65db8cc5594585db Mon Sep 17 00:00:00 2001 -From: Yuta Saito -Date: Wed, 27 Dec 2023 06:22:45 +0000 -Subject: [PATCH 1/2] [Bug #20085] Use consistent default options for - `-mbranch-protection` - -We need to use the same options for both C compiler and assembler -when `-mbranch-protection` is guessed by configure. Otherwise, -`coroutine/arm64/Context.{h,S}` will use incompatible PAC strategies. ---- - configure.ac | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/configure.ac b/configure.ac -index 9286946fc1..18b4247991 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -830,7 +830,10 @@ AS_IF([test "$GCC" = yes], [ - AS_FOR(option, opt, [-mbranch-protection=pac-ret -msign-return-address=all], [ - RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) - AS_IF([test "x$branch_protection" = xyes], [ -+ # C compiler and assembler must be consistent for -mbranch-protection -+ # since they both check `__ARM_FEATURE_PAC_DEFAULT` definition. - RUBY_APPEND_OPTION(XCFLAGS, option) -+ RUBY_APPEND_OPTION(ASFLAGS, option) - break - ]) - ]) --- -2.43.0 - - -From 80281e14e411e8e5fe4955effbb2c650a2f52667 Mon Sep 17 00:00:00 2001 +From db4ba95bf12f9303e38a9a78979cd363cb9a19fb Mon Sep 17 00:00:00 2001 From: Jarek Prokop Date: Fri, 12 Jan 2024 18:33:34 +0100 -Subject: [PATCH 2/2] aarch64: Prepend -mbranch-protection=standard option when +Subject: [PATCH] aarch64: Prepend -mbranch-protection=standard option when checking branch protection. Related Upstream issue: https://bugs.ruby-lang.org/issues/20154 @@ -54,6 +22,3 @@ index 18b4247991..5ea8ada8f7 100644 RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) AS_IF([test "x$branch_protection" = xyes], [ # C compiler and assembler must be consistent for -mbranch-protection --- -2.43.0 - diff --git a/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch b/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch deleted file mode 100644 index 34a18e0..0000000 --- a/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch +++ /dev/null @@ -1,256 +0,0 @@ -From d3933fc753187a055a4904af82f5f3794c88c416 Mon Sep 17 00:00:00 2001 -From: Sorah Fukumori -Date: Mon, 1 Jan 2024 20:45:54 +0900 -Subject: [PATCH] [ruby/net-http] Renew test certificates - -The private key is replaced with a public known test key published at -[RFC 9500]. - -Also lifetime has been extended to 10 years from 4 years. - -[RFC 9500]: https://www.rfc-editor.org/rfc/rfc9500.html - -https://github.com/ruby/net-http/commit/4ab6c4a500 ---- - test/net/fixtures/Makefile | 6 +-- - test/net/fixtures/cacert.pem | 44 ++++++++-------- - test/net/fixtures/server.crt | 99 +++++++----------------------------- - test/net/fixtures/server.key | 55 ++++++++++---------- - 4 files changed, 71 insertions(+), 133 deletions(-) - -diff --git a/test/net/fixtures/Makefile b/test/net/fixtures/Makefile -index b2bc9c7368ee2..88c232e3b6c16 100644 ---- a/test/net/fixtures/Makefile -+++ b/test/net/fixtures/Makefile -@@ -5,11 +5,11 @@ regen_certs: - make server.crt - - cacert.pem: server.key -- openssl req -new -x509 -days 1825 -key server.key -out cacert.pem -text -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" -+ openssl req -new -x509 -days 3650 -key server.key -out cacert.pem -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" - - server.csr: -- openssl req -new -key server.key -out server.csr -text -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" -+ openssl req -new -key server.key -out server.csr -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" - - server.crt: server.csr cacert.pem -- openssl x509 -days 1825 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -text -out server.crt -+ openssl x509 -days 3650 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -out server.crt - rm server.csr -diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem -index f623bd62ed375..24c83f1c65225 100644 ---- a/test/net/fixtures/cacert.pem -+++ b/test/net/fixtures/cacert.pem -@@ -1,24 +1,24 @@ - -----BEGIN CERTIFICATE----- --MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD --VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx --FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex --JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy --MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM --B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv --cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz --ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB --CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV --SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI --3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d --BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L --2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R --WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9 --I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw --DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA --of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q --aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS --2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee --uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s --K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+ --mA== -+MIID+zCCAuOgAwIBAgIUGMvHl3EhtKPKcgc3NQSAYfFuC+8wDQYJKoZIhvcNAQEL -+BQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRQwEgYDVQQHDAtN -+YXR6LWUgY2l0eTEXMBUGA1UECgwOUnVieSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1 -+YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAcnVieS1sYW5nLm9y -+ZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEyMjkxMTQ3MjNaMIGMMQswCQYDVQQGEwJK -+UDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkxFzAVBgNV -+BAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0ExJTAjBgkq -+hkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqGSIb3DQEB -+AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI -++1GSqyi1bFBgsRjM0THllIdMbKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0f -+qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0 -+yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe -+NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1 -+JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjUzBRMB0GA1Ud -+DgQWBBSJGVleDvFp9cu9R+E0/OKYzGkwkTAfBgNVHSMEGDAWgBSJGVleDvFp9cu9 -+R+E0/OKYzGkwkTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl -+8GLB8skAWlkSw/FwbUmEV3zyqu+p7PNP5YIYoZs0D74e7yVulGQ6PKMZH5hrZmHo -+orFSQU+VUUirG8nDGj7Rzce8WeWBxsaDGC8CE2dq6nC6LuUwtbdMnBrH0LRWAz48 -+jGFF3jHtVz8VsGfoZTZCjukWqNXvU6hETT9GsfU+PZqbqcTVRPH52+XgYayKdIbD -+r97RM4X3+aXBHcUW0b76eyyi65RR/Xtvn8ioZt2AdX7T2tZzJyXJN3Hupp77s6Ui -+AZR35SToHCZeTZD12YBvLBdaTPLZN7O/Q/aAO9ZiJaZ7SbFOjz813B2hxXab4Fob -+2uJX6eMWTVxYK5D4M9lm - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt -index 5ca78a6d146a0..5d2923795dabc 100644 ---- a/test/net/fixtures/server.crt -+++ b/test/net/fixtures/server.crt -@@ -1,82 +1,21 @@ --Certificate: -- Data: -- Version: 3 (0x2) -- Serial Number: 2 (0x2) -- Signature Algorithm: sha256WithRSAEncryption -- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org -- Validity -- Not Before: Jan 2 03:27:13 2019 GMT -- Not After : Jan 1 03:27:13 2024 GMT -- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost -- Subject Public Key Info: -- Public Key Algorithm: rsaEncryption -- Public-Key: (2048 bit) -- Modulus: -- 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07: -- 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48: -- e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57: -- 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67: -- cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1: -- 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7: -- bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc: -- 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1: -- 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9: -- 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19: -- 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04: -- 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3: -- 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4: -- de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d: -- 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc: -- e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d: -- 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10: -- 4f:41 -- Exponent: 65537 (0x10001) -- X509v3 extensions: -- X509v3 Basic Constraints: -- CA:FALSE -- Netscape Comment: -- OpenSSL Generated Certificate -- X509v3 Subject Key Identifier: -- ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36 -- X509v3 Authority Key Identifier: -- keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 -- -- Signature Algorithm: sha256WithRSAEncryption -- 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c: -- ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35: -- 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51: -- fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a: -- 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a: -- 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15: -- 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64: -- 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62: -- d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab: -- 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d: -- 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2: -- 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff: -- 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf: -- da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69: -- fd:be:bd:6e - -----BEGIN CERTIFICATE----- --MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx --EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK --DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI --hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX --DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx --FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ --BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB --AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ --zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj --VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ --wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r --sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d --dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC --AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o --wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N --+J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ --y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW --EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL --Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1 --oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j --28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u -+MIIDYTCCAkkCAQAwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD -+VQQIDAdTaGltYW5lMRQwEgYDVQQHDAtNYXR6LWUgY2l0eTEXMBUGA1UECgwOUnVi -+eSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ -+ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEy -+MjkxMTQ3MjNaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRcwFQYD -+VQQKDA5SdWJ5IENvcmUgVGVhbTESMBAGA1UECwwJUnVieSBUZXN0MRIwEAYDVQQD -+DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ -+Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ -+tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA -+aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a -+a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj -+702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G -+9zKyqGtGAWXAj1MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACtGNdj5TEtnJBYp -+M+LhBeU3oNteldfycEm993gJp6ghWZFg23oX8fVmyEeJr/3Ca9bAgDqg0t9a0npN -+oWKEY6wVKqcHgu3gSvThF5c9KhGbeDDmlTSVVNQmXWX0K2d4lS2cwZHH8mCm2mrY -+PDqlEkSc7k4qSiqigdS8i80Yk+lDXWsm8CjsiC93qaRM7DnS0WPQR0c16S95oM6G -+VklFKUSDAuFjw9aVWA/nahOucjn0w5fVW6lyIlkBslC1ChlaDgJmvhz+Ol3iMsE0 -+kAmFNu2KKPVrpMWaBID49QwQTDyhetNLaVVFM88iUdA9JDoVMEuP1mm39JqyzHTu -+uBrdP4Q= - -----END CERTIFICATE----- -diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key -index 7f2380e71e637..6a83d5bcf4a52 100644 ---- a/test/net/fixtures/server.key -+++ b/test/net/fixtures/server.key -@@ -1,28 +1,27 @@ -------BEGIN PRIVATE KEY----- --MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN --XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU --Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC --6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE --cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ --n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u --/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ --DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho --LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX --QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej --hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ --1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt --liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd --U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc --pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC --A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1 --ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs --oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD --gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ --xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn --kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ --uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ --y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ --g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8 --wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7 --2whRF0FEjKA8ehrNhAq+VFfFNw== -------END PRIVATE KEY----- -+-----BEGIN RSA PRIVATE KEY----- -+MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso -+tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE -+89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU -+l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s -+B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59 -+3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+ -+dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI -+FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J -+aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2 -+BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx -+IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/ -+fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u -+pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT -+Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl -+u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD -+fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X -+Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE -+k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo -+qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS -+CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ -+XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw -+AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r -+UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0 -+2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5 -+7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3 -+-----END RSA PRIVATE KEY----- diff --git a/ruby.spec b/ruby.spec index cb24fee..7af0c98 100644 --- a/ruby.spec +++ b/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 0 +%global teeny_version 1 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -27,7 +27,7 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.3 +%global rubygems_version 3.5.9 %global rubygems_molinillo_version 0.8.0 %global rubygems_net_http_version 0.4.0 %global rubygems_net_protocol_version 0.2.2 @@ -35,9 +35,10 @@ %global rubygems_resolv_version 0.3.0 %global rubygems_timeout_version 0.4.1 %global rubygems_tsort_version 0.2.0 +%global rubygems_uri_version 0.13.0 # Default gems. -%global bundler_version 2.5.3 +%global bundler_version 2.5.9 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 %global bundler_net_http_persistent_version 4.0.2 @@ -71,7 +72,7 @@ %global ipaddr_version 1.2.6 %global logger_version 1.6.0 %global mutex_m_version 0.2.0 -%global net_http_version 0.4.0 +%global net_http_version 0.4.1 %global net_protocol_version 0.2.2 %global nkf_version 0.1.3 %global observer_version 0.1.2 @@ -117,14 +118,14 @@ %global irb_version 1.11.0 %global json_version 2.7.1 %global psych_version 5.1.2 -%global rdoc_version 6.6.2 +%global rdoc_version 6.6.3.1 # Bundled gems. %global debug_version 1.9.1 -%global net_ftp_version 0.3.3 -%global net_imap_version 0.4.9 +%global net_ftp_version 0.3.4 +%global net_imap_version 0.4.9.1 %global net_pop_version 0.1.2 -%global net_smtp_version 0.4.0 +%global net_smtp_version 0.4.0.1 %global matrix_version 0.4.2 %global minitest_version 5.20.0 %global power_assert_version 2.0.3 @@ -137,6 +138,9 @@ %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 +# Bundled nkf version +%global bundled_nkf_version 2.1.5 + %global tapset_libdir %(echo %{_libdir} | sed 's/64//')* %if 0%{?fedora} >= 19 @@ -163,14 +167,49 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 1%{?dist} -# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c +Release: 2%{?dist} +# Licenses, which are likely not included in binary RPMs: +# Apache-2.0: +# benchmark/gc/redblack.rb +# But this file might be BSD-2-Clause licensed after all: +# https://bugs.ruby-lang.org/issues/20420 +# GPL-1.0-or-later: ext/win32/lib/win32/sspi.rb +# GPL-1.0-or-later OR Artistic-1.0-Perl: win32/win32.c, include/ruby/win32.h, +# ext/win32ole/win32ole.c +# +# !!! Problematic licenses: +# LicenseRef-scancode-unicode-mappings: ext/json/generator/generator.c +# https://bugs.ruby-lang.org/issues/11844#note-19 +# https://github.com/flori/json/issues/277 +# https://github.com/flori/json/pull/567 +# +# Licenses under review: +# .bundle/gems/net-imap-0.4.9/LICENSE.txt +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 +# +# Approved license without SPDX identifier: +# ext/pty/pty.c +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/503 +# +# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c, addr2line.c:2652 +# CC0: ccan/{build_assert/build_assert.h,check_type/check_type.h, +# container_of/container_of.h,str/str.h} +# Allowed based on 'grandfather clause': +# https://gitlab.com/fedora/legal/fedora-license-data/-/blob/7d9720b2cfd8ccb98d1975312942d99588a0da7c/data/CC0-1.0.toml#L11-14 +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/499 +# dtoa: missing/dtoa.c +# GPL-3.0-or-later WITH Bison-exception-2.2: parse.{c,h}, ext/ripper/ripper.c +# HPND-Markus-Kuhn: missing/langinfo.c # ISC: missing/strl{cat,cpy}.c -# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ... -# MIT and CCO: ccan/* -# zlib: ext/digest/md5/md5.*, ext/nkf/nkf-utf8/nkf.c +# LicenseRef-Fedora-Public-Domain: include/ruby/st.h, strftime.c, missing/*, ... +# https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/145 +# MIT: ccan/list/list.h +# Ruby OR BSD-2-Clause OR GPL-1.0-or-later: lib/net/protocol.rb # Unicode-DFS-2015: some of enc/trans/**/*.src -License: (Ruby OR BSD-2-Clause) AND BSD-3-Clause AND ISC AND Public Domain AND MIT and CC0 AND zlib AND Unicode-DFS-2015 +# There is also license review ticket here: +# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/500 +# zlib: ext/digest/md5/md5.*, ext/nkf/nkf-utf8/nkf.c +License: (Ruby OR BSD-2-Clause) AND (Ruby OR BSD-2-Clause OR GPL-1.0-or-later) AND BSD-3-Clause AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND CC0 AND zlib AND Unicode-DFS-2015 AND HPND-Markus-Kuhn URL: https://www.ruby-lang.org/ Source0: https://cache.ruby-lang.org/pub/%{name}/%{major_minor_version}/%{ruby_archive}.tar.xz Source1: operating_system.rb @@ -231,26 +270,13 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Revert patches causing segfaults in alexandria package. # https://bugs.ruby-lang.org/issues/20079 Patch10: ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch -# Fix net-http test errors due to expired certificate -# https://github.com/ruby/ruby/commit/d3933fc753187a055a4904af82f5f3794c88c416 -# https://bugs.ruby-lang.org/issues/20106 -Patch11: ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch # Armv8.3+ capable CPUs might segfault with incorrect compilation options. # See related upstream report: https://bugs.ruby-lang.org/issues/20085 # https://bugs.ruby-lang.org/issues/20154 Patch12: ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch -# Revert adding AI_ADDRCONFIG flag to getaddrinfo(3) calls. -# It is causing problems when network is in certain, valid, configuration. -# When loopback interface is IPv6 capable, but no regular network interface -# is IPv6 capable, in some situations (such as in TestNetHTTPLocalBind) -# this might result in creating IPv4 socket and then binding it -# to IPv6 family connection. -# That is incorrect behavior and such operation will result in -# Errno::EAFNOSUPPORT exception. -# The point of the upstream change is to workaround a glibc bug -# that is not present for us. Therefore we can safely revert the change. -# https://bugs.ruby-lang.org/issues/20208 -Patch13: ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch +# Fix build issue on i686 due to "incompatible pointer type" error. +# https://bugs.ruby-lang.org/issues/20447 +Patch13: ruby-3.4.0-Fix-pointer-incompatiblity.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -328,6 +354,11 @@ Provides: bundled(ccan-check_type) Provides: bundled(ccan-container_of) Provides: bundled(ccan-list) +# https://github.com/nurse/nkf +# Please note that nkf going to be promoted to bundled gem in Ruby 3.4: +# https://github.com/ruby/ruby/commit/2e3a7f70ae71650be6ea38a483f66ce17ca5eb1d +Provides: bundled(nkf) = %{bundled_nkf_version} + # StdLib default gems. Provides: bundled(rubygem-did_you_mean) = %{did_you_mean_version} Provides: bundled(rubygem-openssl) = %{openssl_version} @@ -350,7 +381,8 @@ Version: %{rubygems_version} # lib/rubygems/timeout/ # lib/rubygems/tsort/ # MIT: lib/rubygems/resolver/molinillo -License: (Ruby OR MIT) AND BSD-2-Clause AND (BSD-2-Clause OR Ruby) AND MIT +# Ruby OR BSD-2-Clause OR GPL-1.0-or-later: lib/net/protocol.rb +License: (Ruby OR MIT) AND BSD-2-Clause AND (BSD-2-Clause OR Ruby) AND (Ruby OR BSD-2-Clause OR GPL-1.0-or-later) AND MIT Requires: ruby(release) Recommends: rubygem(bundler) >= %{bundler_version} Recommends: rubygem(rdoc) >= %{rdoc_version} @@ -461,7 +493,8 @@ This package contains documentation for %{name}. %package -n rubygem-bigdecimal Summary: BigDecimal provides arbitrary-precision floating point decimal arithmetic Version: %{bigdecimal_version} -License: Ruby OR BSD-2-Clause +# dtoa: missing/dtoa.c +License: (Ruby OR BSD-2-Clause) AND dtoa Provides: bundled(rubygem-bigdecimal) = %{bigdecimal_version} %description -n rubygem-bigdecimal @@ -716,7 +749,6 @@ analysis result in RBS format, a standard type description format for Ruby %patch -P 6 -p1 %patch -P 9 -p1 %patch -P 10 -p1 -%patch -P 11 -p1 %patch -P 12 -p1 %patch -P 13 -p1 @@ -933,16 +965,16 @@ checksec --file=%{_vpath_builddir}/libruby.so.%{ruby_version} | \ # Molinillo. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Resolver; end; end; \ - require 'rubygems/resolver/molinillo/lib/molinillo/gem_metadata'; \ + require 'rubygems/vendor/molinillo/lib/molinillo/gem_metadata'; \ puts '%%{rubygems_molinillo_version}: %{rubygems_molinillo_version}'; \ - puts %Q[Gem::Resolver::Molinillo::VERSION: #{Gem::Resolver::Molinillo::VERSION}]; \ - exit 1 if Gem::Resolver::Molinillo::VERSION != '%{rubygems_molinillo_version}'; \ + puts %Q[Gem::Molinillo::VERSION: #{Gem::Molinillo::VERSION}]; \ + exit 1 if Gem::Molinillo::VERSION != '%{rubygems_molinillo_version}'; \ \"" # Net::HTTP. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Net; end; end; \ - require 'rubygems/net-http/lib/net/http'; \ + require 'rubygems/vendor/net-http/lib/net/http'; \ puts '%%{rubygems_net_http_version}: %{rubygems_net_http_version}'; \ puts %Q[Gem::Net::HTTP::VERSION: #{Gem::Net::HTTP::VERSION}]; \ exit 1 if Gem::Net::HTTP::VERSION != '%{rubygems_net_http_version}'; \ @@ -951,7 +983,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Net::Protocol. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Net; end; end; \ - require 'rubygems/net-protocol/lib/net/protocol'; \ + require 'rubygems/vendor/net-protocol/lib/net/protocol'; \ puts '%%{rubygems_net_protocol_version}: %{rubygems_net_protocol_version}'; \ puts %Q[Gem::Net::Protocol::VERSION: #{Gem::Net::Protocol::VERSION}]; \ exit 1 if Gem::Net::Protocol::VERSION != '%{rubygems_net_protocol_version}'; \ @@ -960,7 +992,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # OptParse. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/optparse/lib/optparse'; \ + require 'rubygems/vendor/optparse/lib/optparse'; \ puts '%%{rubygems_optparse_version}: %{rubygems_optparse_version}'; \ puts %Q[Gem::OptionParser::Version: #{Gem::OptionParser::Version}]; \ exit 1 if Gem::OptionParser::Version != '%{rubygems_optparse_version}'; \ @@ -969,7 +1001,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Resolv. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/resolv/lib/resolv'; \ + require 'rubygems/vendor/resolv/lib/resolv'; \ puts '%%{rubygems_resolv_version}: %{rubygems_resolv_version}'; \ puts %Q[Gem::Resolv::VERSION: #{Gem::Resolv::VERSION}]; \ exit 1 if Gem::Resolv::VERSION != '%{rubygems_resolv_version}'; \ @@ -978,7 +1010,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Timeout. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/timeout/lib/timeout'; \ + require 'rubygems/vendor/timeout/lib/timeout'; \ puts '%%{rubygems_timeout_version}: %{rubygems_timeout_version}'; \ puts %Q[Gem::Timeout::VERSION: #{Gem::Timeout::VERSION}]; \ exit 1 if Gem::Timeout::VERSION != '%{rubygems_timeout_version}'; \ @@ -987,12 +1019,21 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # TSort make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/tsort/lib/tsort'; \ + require 'rubygems/vendor/tsort/lib/tsort'; \ puts '%%{rubygems_tsort_version}: %{rubygems_tsort_version}'; \ puts %Q[Gem::TSort::VERSION: #{Gem::TSort::VERSION}]; \ exit 1 if Gem::TSort::VERSION != '%{rubygems_tsort_version}'; \ \"" +# URI. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + module Gem; end; \ + require 'rubygems/vendor/uri/lib/uri/version'; \ + puts '%%{rubygems_uri_version}: %{rubygems_uri_version}'; \ + puts %Q[Gem::URI::VERSION: #{Gem::URI::VERSION}]; \ + exit 1 if Gem::URI::VERSION != '%{rubygems_uri_version}'; \ +\"" + # Check Bundler bundled dependencies versions. # connection_pool. @@ -1059,6 +1100,16 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Bundler::URI::VERSION != '%{bundler_uri_version}'; \ \"" +# Check bundled libraries versions. + +# Nkf. +make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ + require 'nkf'; \ + puts '%%{bundled_nkf_version}: %{bundled_nkf_version}'; \ + puts %Q[NKF::NKF_VERSION: #{NKF::NKF_VERSION}]; \ + exit 1 if NKF::NKF_VERSION != '%{bundled_nkf_version}'; \ +\"" + # test_debug(TestRubyOptions) fails due to LoadError reported in debug mode, # when abrt.rb cannot be required (seems to be easier way then customizing @@ -1673,6 +1724,19 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog +* Mon May 20 2024 Jarek Prokop - 3.3.1-2 +- Upgrade to Ruby 3.3.1. + Resolves: RHEL-37446 +- Fix buffer overread vulnerability in StringIO. + (CVE-2024-27280) + Resolves: RHEL-37448 +- Fix RCE vulnerability with .rdoc_options in RDoc. + (CVE-2024-27281) + Resolves: RHEL-37449 +- Fix Arbitrary memory address read vulnerability with Regex search. + (CVE-2024-27282) + Resolves: RHEL-37447 + * Thu Jan 18 2024 Jarek Prokop - 3.3.0-1 - Upgrade to Ruby 3.3.0. Resolves: RHEL-17090 diff --git a/sources b/sources index 10a3d0b..f475c60 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (ruby-3.3.0.tar.xz) = 7959c5753bfa0bfc4d6d74060869aabbe9815c1c97930659da11b917ee0803ddbbd80e869e00c48b8694b4ba48709c3b6493fd045568e36e902616c35ababf01 +SHA512 (ruby-3.3.1.tar.xz) = c58e9be9b5ab48191fbf7d67e13f0ec42ee71ed338170e0f7b246708e9cfc617ce65098f5ce7ab32d4305e785642d3e44253462104d5b9c4abcb1a4113f48347