From ca9335f385f2a71e41ccf7f591a44fdd24ada9dd Mon Sep 17 00:00:00 2001 From: Mamoru Tasaka Date: Tue, 18 May 2010 17:42:34 +0000 Subject: [PATCH] - Retry for bug 559158, Simplify the OpenSSL::Digest class pull more change commits from ruby_1_8 branch --- ...igest-once-revert-for-simplify-patch.patch | 15 ++ ruby-1.8.6-rexml-CVE-2008-3790.patch | 149 ---------- ruby-1.8.6-simplify-openssl-digest.patch | 254 +++++++++++++----- ruby.spec | 25 +- 4 files changed, 225 insertions(+), 218 deletions(-) create mode 100644 ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch delete mode 100644 ruby-1.8.6-rexml-CVE-2008-3790.patch diff --git a/ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch b/ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch new file mode 100644 index 0000000..336254a --- /dev/null +++ b/ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch @@ -0,0 +1,15 @@ +Index: ruby_1_8_6/ext/openssl/ossl_digest.c +=================================================================== +--- ruby_1_8_6/ext/openssl/ossl_digest.c (revision 12042) ++++ ruby_1_8_6/ext/openssl/ossl_digest.c (revision 12043) +@@ -264,6 +264,10 @@ + void + Init_ossl_digest() + { ++#if 0 /* let rdoc know about mOSSL */ ++ mOSSL = rb_define_module("OpenSSL"); ++#endif ++ + mDigest = rb_define_module_under(mOSSL, "Digest"); + + eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError); diff --git a/ruby-1.8.6-rexml-CVE-2008-3790.patch b/ruby-1.8.6-rexml-CVE-2008-3790.patch deleted file mode 100644 index a0788b2..0000000 --- a/ruby-1.8.6-rexml-CVE-2008-3790.patch +++ /dev/null @@ -1,149 +0,0 @@ -Fri Nov 7 02:08:04 2008 Shugo Maeda - - * lib/rexml/entity.rb (unnormalized): do not call - document.record_entity_expansion if document is nil. - see . - Thanks, Naohisa Goto. backported from trunk. - - * test/rexml/test_document.rb: ditto. - -Sat Sep 13 11:05:38 2008 Shugo Maeda - - * lib/rexml/document.rb: limit entity expansion. Thanks, Luka - Treiber, Mitja Kolsek, and Michael Koziarski. backported from - trunk r19033, r19317, r19318. - - * lib/rexml/entity.rb: ditto. - - * test/rexml/test_document.rb: ditto. - -Index: ruby_1_8/lib/rexml/document.rb -=================================================================== ---- ruby_1_8/lib/rexml/document.rb (revision 19319) -+++ ruby_1_8/lib/rexml/document.rb (revision 19320) -@@ -32,6 +32,7 @@ - # @param context if supplied, contains the context of the document; - # this should be a Hash. - def initialize( source = nil, context = {} ) -+ @entity_expansion_count = 0 - super() - @context = context - return if source.nil? -@@ -200,6 +201,27 @@ - Parsers::StreamParser.new( source, listener ).parse - end - -+ @@entity_expansion_limit = 10_000 -+ -+ # Set the entity expansion limit. By defualt the limit is set to 10000. -+ def Document::entity_expansion_limit=( val ) -+ @@entity_expansion_limit = val -+ end -+ -+ # Get the entity expansion limit. By defualt the limit is set to 10000. -+ def Document::entity_expansion_limit -+ return @@entity_expansion_limit -+ end -+ -+ attr_reader :entity_expansion_count -+ -+ def record_entity_expansion -+ @entity_expansion_count += 1 -+ if @entity_expansion_count > @@entity_expansion_limit -+ raise "number of entity expansions exceeded, processing aborted." -+ end -+ end -+ - private - def build( source ) - Parsers::TreeParser.new( source, self ).parse -Index: ruby_1_8/lib/rexml/entity.rb -=================================================================== ---- ruby_1_8/lib/rexml/entity.rb (revision 19319) -+++ ruby_1_8/lib/rexml/entity.rb (revision 20121) -@@ -73,6 +73,7 @@ - # all entities -- both %ent; and &ent; entities. This differs from - # +value()+ in that +value+ only replaces %ent; entities. - def unnormalized -+ document.record_entity_expansion unless document.nil? - v = value() - return nil if v.nil? - @unnormalized = Text::unnormalize(v, parent) -=================================================================== ---- ruby_1_8/test/rexml/test_document.rb (revision 0) -+++ ruby_1_8/test/rexml/test_document.rb (revision 20121) -@@ -0,0 +1,66 @@ -+require "rexml/document" -+require "test/unit" -+ -+class REXML::TestDocument < Test::Unit::TestCase -+ def test_new -+ doc = REXML::Document.new(< -+Hello world! -+EOF -+ assert_equal("Hello world!", doc.root.children.first.value) -+ end -+ -+ XML_WITH_NESTED_ENTITY = < -+ -+ -+ -+ -+ -+ -+ -+]> -+ -+&a; -+ -+EOF -+ -+ XML_WITH_4_ENTITY_EXPANSION = < -+ -+ -+]> -+ -+&a; -+&a2; -+< -+ -+EOF -+ -+ def test_entity_expansion_limit -+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) -+ assert_raise(RuntimeError) do -+ doc.root.children.first.value -+ end -+ REXML::Document.entity_expansion_limit = 100 -+ assert_equal(100, REXML::Document.entity_expansion_limit) -+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY) -+ assert_raise(RuntimeError) do -+ doc.root.children.first.value -+ end -+ assert_equal(101, doc.entity_expansion_count) -+ -+ REXML::Document.entity_expansion_limit = 4 -+ doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) -+ assert_equal("\na\na a\n<\n", doc.root.children.first.value) -+ REXML::Document.entity_expansion_limit = 3 -+ doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION) -+ assert_raise(RuntimeError) do -+ doc.root.children.first.value -+ end -+ ensure -+ REXML::Document.entity_expansion_limit = 10000 -+ end -+end - -Property changes on: ruby_1_8/test/rexml/test_document.rb -___________________________________________________________________ -Added: svn:keywords - + Author Id Revision -Added: svn:eol-style - + LF - diff --git a/ruby-1.8.6-simplify-openssl-digest.patch b/ruby-1.8.6-simplify-openssl-digest.patch index 2636538..21d5ae1 100644 --- a/ruby-1.8.6-simplify-openssl-digest.patch +++ b/ruby-1.8.6-simplify-openssl-digest.patch @@ -1,7 +1,25 @@ -diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb -index b3e4484..4810f01 100644 ---- a/ext/openssl/lib/openssl/digest.rb -+++ b/ext/openssl/lib/openssl/digest.rb +Mon Feb 25 17:30:29 2008 Technorama Ltd. + * ext/openssl/digest.c ext/openssl/lib/openssl/digest.rb: + Commit patch #9280 from Akinori MUSHA. + Simplify the OpenSSL::Digest class and make use of the + existing Digest framework. + Enhance performance. + +Thu Apr 5 14:58:49 2007 Technorama Ltd. + * ext/openssl/ossl_pkcs5.c: New module. + + * ext/openssl/ossl_{cipher,digest,pkcs7,pkcs12}.c: + Remove redundant module namespace. + + * ext/openssl/lib/openssl/{cipher,digest}.rb + Add backwards compatibile classes for rearranged classes. + + * ext/openssl/ossl_{pkcs7,pkcs12}.c: Add documentation. + +Index: ruby_1_8/ext/openssl/lib/openssl/digest.rb +=================================================================== +--- ruby_1_8/ext/openssl/lib/openssl/digest.rb (revision 11708) ++++ ruby_1_8/ext/openssl/lib/openssl/digest.rb (revision 15600) @@ -19,13 +19,17 @@ #require 'openssl' @@ -21,7 +39,7 @@ index b3e4484..4810f01 100644 alg.each{|name| klass = Class.new(Digest){ define_method(:initialize){|*data| -@@ -44,6 +48,14 @@ module OpenSSL +@@ -44,6 +48,14 @@ const_set(name, klass) } @@ -36,20 +54,46 @@ index b3e4484..4810f01 100644 end # Digest end # OpenSSL -diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c -index 4096b09..b0308f0 100644 ---- a/ext/openssl/ossl_digest.c -+++ b/ext/openssl/ossl_digest.c -@@ -40,7 +40,7 @@ GetDigestPtr(VALUE obj) +Index: ruby_1_8/ext/openssl/ossl_digest.c +=================================================================== +--- ruby_1_8/ext/openssl/ossl_digest.c (revision 11708) ++++ ruby_1_8/ext/openssl/ossl_digest.c (revision 15600) +@@ -24,7 +24,6 @@ + /* + * Classes + */ +-VALUE mDigest; + VALUE cDigest; + VALUE eDigestError; - SafeGetDigest(obj, ctx); +@@ -36,11 +35,23 @@ + const EVP_MD * + GetDigestPtr(VALUE obj) + { +- EVP_MD_CTX *ctx; ++ const EVP_MD *md; + +- SafeGetDigest(obj, ctx); ++ if (TYPE(obj) == T_STRING) { ++ const char *name = STR2CSTR(obj); - return EVP_MD_CTX_md(ctx); /*== ctx->digest*/ -+ return EVP_MD_CTX_md(ctx); ++ md = EVP_get_digestbyname(name); ++ if (!md) ++ ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name); ++ } else { ++ EVP_MD_CTX *ctx; ++ ++ SafeGetDigest(obj, ctx); ++ ++ md = EVP_MD_CTX_md(ctx); ++ } ++ ++ return md; } VALUE -@@ -51,7 +51,6 @@ ossl_digest_new(const EVP_MD *md) +@@ -51,7 +62,6 @@ ret = ossl_digest_alloc(cDigest); GetDigest(ret, ctx); @@ -57,7 +101,7 @@ index 4096b09..b0308f0 100644 EVP_DigestInit_ex(ctx, md, NULL); return ret; -@@ -69,9 +68,8 @@ ossl_digest_alloc(VALUE klass) +@@ -69,14 +79,18 @@ ctx = EVP_MD_CTX_create(); if (ctx == NULL) ossl_raise(rb_eRuntimeError, "EVP_MD_CTX_create() failed"); @@ -68,7 +112,17 @@ index 4096b09..b0308f0 100644 return obj; } -@@ -86,14 +84,9 @@ ossl_digest_initialize(int argc, VALUE *argv, VALUE self) + VALUE ossl_digest_update(VALUE, VALUE); + ++/* ++ * call-seq: ++ * Digest.new(string) -> digest ++ * ++ */ + static VALUE + ossl_digest_initialize(int argc, VALUE *argv, VALUE self) + { +@@ -86,14 +100,9 @@ VALUE type, data; rb_scan_args(argc, argv, "11", &type, &data); @@ -85,7 +139,37 @@ index 4096b09..b0308f0 100644 GetDigest(self, ctx); EVP_DigestInit_ex(ctx, md, NULL); -@@ -141,75 +134,25 @@ ossl_digest_update(VALUE self, VALUE data) +@@ -118,6 +127,11 @@ + return self; + } + ++/* ++ * call-seq: ++ * digest.reset -> self ++ * ++ */ + static VALUE + ossl_digest_reset(VALUE self) + { +@@ -129,6 +143,11 @@ + return self; + } + ++/* ++ * call-seq: ++ * digest.update(string) -> aString ++ * ++ */ + VALUE + ossl_digest_update(VALUE self, VALUE data) + { +@@ -136,126 +155,77 @@ + + StringValue(data); + GetDigest(self, ctx); +- EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len); ++ EVP_DigestUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)); + return self; } @@ -105,10 +189,16 @@ index 4096b09..b0308f0 100644 - EVP_MD_CTX_cleanup(&final); -} - --static VALUE ++/* ++ * call-seq: ++ * digest.finish -> aString ++ * ++ */ + static VALUE -ossl_digest_digest(VALUE self) --{ -- EVP_MD_CTX *ctx; ++ossl_digest_finish(int argc, VALUE *argv, VALUE self) + { + EVP_MD_CTX *ctx; - char *buf; - int buf_len; - VALUE digest; @@ -119,16 +209,15 @@ index 4096b09..b0308f0 100644 - - return digest; -} -- - static VALUE ++ VALUE str; + +-static VALUE -ossl_digest_hexdigest(VALUE self) -+ossl_digest_finish(int argc, VALUE *argv, VALUE self) - { - EVP_MD_CTX *ctx; +-{ +- EVP_MD_CTX *ctx; - char *buf, *hexbuf; - int buf_len; - VALUE hexdigest; -+ VALUE str; + rb_scan_args(argc, argv, "01", &str); GetDigest(self, ctx); @@ -136,6 +225,7 @@ index 4096b09..b0308f0 100644 - if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) { - OPENSSL_free(buf); - ossl_raise(eDigestError, "Memory alloc error"); ++ + if (NIL_P(str)) { + str = rb_str_new(NULL, EVP_MD_CTX_size(ctx)); + } else { @@ -147,67 +237,112 @@ index 4096b09..b0308f0 100644 - return hexdigest; -} -- ++ EVP_DigestFinal_ex(ctx, RSTRING_PTR(str), NULL); + -static VALUE -ossl_digest_s_digest(VALUE klass, VALUE str, VALUE data) -{ - VALUE obj = rb_class_new_instance(1, &str, klass); -+ EVP_DigestFinal_ex(ctx, RSTRING_PTR(str), NULL); - -- ossl_digest_update(obj, data); -+ return str; - -- return ossl_digest_digest(obj); --} - --static VALUE +- ossl_digest_update(obj, data); +- +- return ossl_digest_digest(obj); ++ return str; + } + ++/* ++ * call-seq: ++ * digest.name -> string ++ * ++ */ + static VALUE -ossl_digest_s_hexdigest(VALUE klass, VALUE str, VALUE data) --{ ++ossl_digest_name(VALUE self) + { - VALUE obj = rb_class_new_instance(1, &str, klass); - - ossl_digest_update(obj, data); - - return ossl_digest_hexdigest(obj); +-} +- +-static VALUE +-ossl_digest_equal(VALUE self, VALUE other) +-{ + EVP_MD_CTX *ctx; +- VALUE str1, str2; + +- if (rb_obj_is_kind_of(other, cDigest) == Qtrue) { +- str2 = ossl_digest_digest(other); +- } else { +- StringValue(other); +- str2 = other; +- } + GetDigest(self, ctx); +- if (RSTRING(str2)->len == EVP_MD_CTX_size(ctx)) { +- str1 = ossl_digest_digest(self); +- } else { +- str1 = ossl_digest_hexdigest(self); +- } +- if (RSTRING(str1)->len == RSTRING(str2)->len +- && rb_str_cmp(str1, str2) == 0) { +- return Qtrue; +- } + +- return Qfalse; ++ return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); + } + ++/* ++ * call-seq: ++ * digest.digest_size -> integer ++ * ++ * Returns the output size of the digest. ++ */ + static VALUE +-ossl_digest_name(VALUE self) ++ossl_digest_size(VALUE self) + { + EVP_MD_CTX *ctx; + + GetDigest(self, ctx); + +- return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx))); ++ return INT2NUM(EVP_MD_CTX_size(ctx)); } static VALUE -@@ -258,41 +201,44 @@ ossl_digest_size(VALUE self) - return INT2NUM(EVP_MD_CTX_size(ctx)); +-ossl_digest_size(VALUE self) ++ossl_digest_block_length(VALUE self) + { + EVP_MD_CTX *ctx; + + GetDigest(self, ctx); + +- return INT2NUM(EVP_MD_CTX_size(ctx)); ++ return INT2NUM(EVP_MD_CTX_block_size(ctx)); } -+static VALUE -+ossl_digest_block_length(VALUE self) -+{ -+ EVP_MD_CTX *ctx; -+ -+ GetDigest(self, ctx); -+ -+ return INT2NUM(EVP_MD_CTX_block_size(ctx)); -+} -+ -+ /* - * INIT - */ +@@ -264,31 +234,26 @@ void Init_ossl_digest() { +- mDigest = rb_define_module_under(mOSSL, "Digest"); + rb_require("openssl"); + rb_require("digest"); + - #if 0 /* let rdoc know about mOSSL */ - mOSSL = rb_define_module("OpenSSL"); - #endif - -- mDigest = rb_define_module_under(mOSSL, "Digest"); -- ++#if 0 /* let rdoc know about mOSSL */ ++ mOSSL = rb_define_module("OpenSSL"); ++#endif ++ ++ cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class")); ++ eDigestError = rb_define_class_under(cDigest, "DigestError", eOSSLError); + - eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError); - - cDigest = rb_define_class_under(mDigest, "Digest", rb_cObject); - -+ cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class")); -+ eDigestError = rb_define_class_under(cDigest, "DigestError", eOSSLError); -+ rb_define_alloc_func(cDigest, ossl_digest_alloc); - rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 2); - rb_define_singleton_method(cDigest, "hexdigest", ossl_digest_s_hexdigest, 2); @@ -236,4 +371,3 @@ index 4096b09..b0308f0 100644 rb_define_method(cDigest, "name", ossl_digest_name, 0); - rb_define_method(cDigest, "size", ossl_digest_size, 0); } -+ diff --git a/ruby.spec b/ruby.spec index d374e40..38e16cd 100644 --- a/ruby.spec +++ b/ruby.spec @@ -18,7 +18,7 @@ Name: ruby Version: %{rubyver}%{?dotpatchlevel} -Release: 4%{?dist} +Release: 5%{?dist} License: Ruby or GPLv2 URL: http://www.ruby-lang.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -57,7 +57,8 @@ Patch23: ruby-multilib.patch # Needed in 1.8.6-p287, no longer needed in 1.8.6-p368? #Patch25: ruby-1.8.6.111-gcc43.patch # ruby_1_8 branch rev 19320, 20121, bug 460134 -Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch +# Included in 1.8.6 p368 +#Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch # Patch27, 28 could not be found in the upstream VCS # Need checking?? Patch27: ruby-1.8.6-p287-CVE-2008-5189.patch @@ -75,9 +76,8 @@ Patch32: ruby-1.8head-irb-save-history.patch # bug 428384, Fedora specific, however needed for Fedora's static # archive policy Patch33: ruby-1.8.6-p383-mkmf-use-shared.patch -# Testing (bug 559158) -# Patch34 disabled for now as this breaks rubygem-actionpack rake test, -# need investigating +# bug 559158, Simplify the OpenSSL::Digest class +# Applying Patch34 needs reversing Patch39 part Patch34: ruby-1.8.6-simplify-openssl-digest.patch # bug 580993, patch from ruby_1_8_7 branch Patch35: ruby_1_8_7-gc-open4_096segv.patch @@ -93,6 +93,8 @@ Patch37: ruby-1.8.x-ext_tk-flatten-level-revert.patch # From ruby_1_8 branch: bz 530407 # bz 530407 reproducible with 1.8.7p174, not with 1.8.7p249 Patch38: ruby-1.8.x-null-class-must-be-Qnil.patch +# Once revert this patch to apply Patch34 cleanly +Patch39: ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch Summary: An interpreter of object-oriented scripting language Group: Development/Languages @@ -232,8 +234,8 @@ pushd %{name}-%{arcver} %patch22 -p1 %patch23 -p1 %endif -#%patch25 -p1 -#%patch26 -p1 +#%%patch25 -p1 +#%%patch26 -p1 %patch27 -p0 %patch28 -p1 %patch29 -p1 @@ -241,8 +243,9 @@ pushd %{name}-%{arcver} %patch31 -p1 %patch32 -p0 %patch33 -p1 -# Once kill patch34 due to build failure on actionpack -#%%patch34 -p1 +# To apply patch34, patch39 part must once be reverted +%patch39 -p1 -R +%patch34 -p1 %patch35 -p1 %patch36 -p1 %patch37 -p1 @@ -637,6 +640,10 @@ rm -rf $RPM_BUILD_ROOT %{_emacs_sitestartdir}/ruby-mode-init.el %changelog +* Wed May 19 2010 Mamoru Tasaka - 1.8.6.399-5 +- Retry for bug 559158, Simplify the OpenSSL::Digest class + pull more change commits from ruby_1_8 branch + * Mon May 17 2010 Mamoru Tasaka - 1.8.6.399-4 - Patch36 (ruby-1.8.x-RHASH_SIZE-rb_hash_lookup-def.patch) also backport rb_hash_lookup definition (bug 592936)