rpms/ruby
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Retry for bug 559158, Simplify the OpenSSL::Digest class pull more change

Browse Source 
commits from ruby_1_8 branch
This commit is contained in:
Mamoru Tasaka 2010-05-18 17:42:34 +00:00
parent d5ad16c60d
commit ca9335f385
4 changed files with 225 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch Normal file
View File

@ -0,0 +1,15 @@
Index: ruby_1_8_6/ext/openssl/ossl_digest.c
===================================================================
--- ruby_1_8_6/ext/openssl/ossl_digest.c (revision 12042)
+++ ruby_1_8_6/ext/openssl/ossl_digest.c (revision 12043)
@@ -264,6 +264,10 @@
void
Init_ossl_digest()
{
+#if 0 /* let rdoc know about mOSSL */
+ mOSSL = rb_define_module("OpenSSL");
+#endif
+
mDigest = rb_define_module_under(mOSSL, "Digest");
eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError);

149
ruby-1.8.6-rexml-CVE-2008-3790.patch
View File

@ -1,149 +0,0 @@
Fri Nov 7 02:08:04 2008 Shugo Maeda <shugo@ruby-lang.org>
* lib/rexml/entity.rb (unnormalized): do not call
document.record_entity_expansion if document is nil.
see <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=502535>.
Thanks, Naohisa Goto. backported from trunk.
* test/rexml/test_document.rb: ditto.
Sat Sep 13 11:05:38 2008 Shugo Maeda <shugo@ruby-lang.org>
* lib/rexml/document.rb: limit entity expansion. Thanks, Luka
Treiber, Mitja Kolsek, and Michael Koziarski. backported from
trunk r19033, r19317, r19318.
* lib/rexml/entity.rb: ditto.
* test/rexml/test_document.rb: ditto.
Index: ruby_1_8/lib/rexml/document.rb
===================================================================
--- ruby_1_8/lib/rexml/document.rb (revision 19319)
+++ ruby_1_8/lib/rexml/document.rb (revision 19320)
@@ -32,6 +32,7 @@
# @param context if supplied, contains the context of the document;
# this should be a Hash.
def initialize( source = nil, context = {} )
+ @entity_expansion_count = 0
super()
@context = context
return if source.nil?
@@ -200,6 +201,27 @@
Parsers::StreamParser.new( source, listener ).parse
end
+ @@entity_expansion_limit = 10_000
+
+ # Set the entity expansion limit. By defualt the limit is set to 10000.
+ def Document::entity_expansion_limit=( val )
+ @@entity_expansion_limit = val
+ end
+
+ # Get the entity expansion limit. By defualt the limit is set to 10000.
+ def Document::entity_expansion_limit
+ return @@entity_expansion_limit
+ end
+
+ attr_reader :entity_expansion_count
+
+ def record_entity_expansion
+ @entity_expansion_count += 1
+ if @entity_expansion_count > @@entity_expansion_limit
+ raise "number of entity expansions exceeded, processing aborted."
+ end
+ end
+
private
def build( source )
Parsers::TreeParser.new( source, self ).parse
Index: ruby_1_8/lib/rexml/entity.rb
===================================================================
--- ruby_1_8/lib/rexml/entity.rb (revision 19319)
+++ ruby_1_8/lib/rexml/entity.rb (revision 20121)
@@ -73,6 +73,7 @@
# all entities -- both %ent; and &ent; entities. This differs from
# +value()+ in that +value+ only replaces %ent; entities.
def unnormalized
+ document.record_entity_expansion unless document.nil?
v = value()
return nil if v.nil?
@unnormalized = Text::unnormalize(v, parent)
===================================================================
--- ruby_1_8/test/rexml/test_document.rb (revision 0)
+++ ruby_1_8/test/rexml/test_document.rb (revision 20121)
@@ -0,0 +1,66 @@
+require "rexml/document"
+require "test/unit"
+
+class REXML::TestDocument < Test::Unit::TestCase
+ def test_new
+ doc = REXML::Document.new(<<EOF)
+<?xml version="1.0" encoding="UTF-8"?>
+<message>Hello world!</message>
+EOF
+ assert_equal("Hello world!", doc.root.children.first.value)
+ end
+
+ XML_WITH_NESTED_ENTITY = <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE member [
+ <!ENTITY a "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;">
+ <!ENTITY b "&c;&c;&c;&c;&c;&c;&c;&c;&c;&c;">
+ <!ENTITY c "&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;">
+ <!ENTITY d "&e;&e;&e;&e;&e;&e;&e;&e;&e;&e;">
+ <!ENTITY e "&f;&f;&f;&f;&f;&f;&f;&f;&f;&f;">
+ <!ENTITY f "&g;&g;&g;&g;&g;&g;&g;&g;&g;&g;">
+ <!ENTITY g "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx">
+]>
+<member>
+&a;
+</member>
+EOF
+
+ XML_WITH_4_ENTITY_EXPANSION = <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE member [
+ <!ENTITY a "a">
+ <!ENTITY a2 "&a; &a;">
+]>
+<member>
+&a;
+&a2;
+&lt;
+</member>
+EOF
+
+ def test_entity_expansion_limit
+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY)
+ assert_raise(RuntimeError) do
+ doc.root.children.first.value
+ end
+ REXML::Document.entity_expansion_limit = 100
+ assert_equal(100, REXML::Document.entity_expansion_limit)
+ doc = REXML::Document.new(XML_WITH_NESTED_ENTITY)
+ assert_raise(RuntimeError) do
+ doc.root.children.first.value
+ end
+ assert_equal(101, doc.entity_expansion_count)
+
+ REXML::Document.entity_expansion_limit = 4
+ doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION)
+ assert_equal("\na\na a\n<\n", doc.root.children.first.value)
+ REXML::Document.entity_expansion_limit = 3
+ doc = REXML::Document.new(XML_WITH_4_ENTITY_EXPANSION)
+ assert_raise(RuntimeError) do
+ doc.root.children.first.value
+ end
+ ensure
+ REXML::Document.entity_expansion_limit = 10000
+ end
+end
Property changes on: ruby_1_8/test/rexml/test_document.rb
___________________________________________________________________
Added: svn:keywords
+ Author Id Revision
Added: svn:eol-style
+ LF

252
ruby-1.8.6-simplify-openssl-digest.patch
View File

@ -1,7 +1,25 @@
diff --git a/ext/openssl/lib/openssl/digest.rb b/ext/openssl/lib/openssl/digest.rb
index b3e4484..4810f01 100644
--- a/ext/openssl/lib/openssl/digest.rb
+++ b/ext/openssl/lib/openssl/digest.rb
Mon Feb 25 17:30:29 2008 Technorama Ltd. <oss-ruby@technorama.net>
* ext/openssl/digest.c ext/openssl/lib/openssl/digest.rb:
Commit patch #9280 from Akinori MUSHA.
Simplify the OpenSSL::Digest class and make use of the
existing Digest framework.
Enhance performance.
Thu Apr 5 14:58:49 2007 Technorama Ltd. <oss-ruby@technorama.net>
* ext/openssl/ossl_pkcs5.c: New module.
* ext/openssl/ossl_{cipher,digest,pkcs7,pkcs12}.c:
Remove redundant module namespace.
* ext/openssl/lib/openssl/{cipher,digest}.rb
Add backwards compatibile classes for rearranged classes.
* ext/openssl/ossl_{pkcs7,pkcs12}.c: Add documentation.
Index: ruby_1_8/ext/openssl/lib/openssl/digest.rb
===================================================================
--- ruby_1_8/ext/openssl/lib/openssl/digest.rb (revision 11708)
+++ ruby_1_8/ext/openssl/lib/openssl/digest.rb (revision 15600)
@@ -19,13 +19,17 @@
#require 'openssl'
@ -21,7 +39,7 @@ index b3e4484..4810f01 100644
alg.each{|name|
klass = Class.new(Digest){
define_method(:initialize){|*data|
@@ -44,6 +48,14 @@ module OpenSSL
@@ -44,6 +48,14 @@
const_set(name, klass)
}
@ -36,20 +54,46 @@ index b3e4484..4810f01 100644
end # Digest
end # OpenSSL
diff --git a/ext/openssl/ossl_digest.c b/ext/openssl/ossl_digest.c
index 4096b09..b0308f0 100644
--- a/ext/openssl/ossl_digest.c
+++ b/ext/openssl/ossl_digest.c
@@ -40,7 +40,7 @@ GetDigestPtr(VALUE obj)
Index: ruby_1_8/ext/openssl/ossl_digest.c
===================================================================
--- ruby_1_8/ext/openssl/ossl_digest.c (revision 11708)
+++ ruby_1_8/ext/openssl/ossl_digest.c (revision 15600)
@@ -24,7 +24,6 @@
/*
* Classes
*/
-VALUE mDigest;
VALUE cDigest;
VALUE eDigestError;
SafeGetDigest(obj, ctx);
@@ -36,11 +35,23 @@
const EVP_MD *
GetDigestPtr(VALUE obj)
{
- EVP_MD_CTX *ctx;
+ const EVP_MD *md;
- SafeGetDigest(obj, ctx);
+ if (TYPE(obj) == T_STRING) {
+ const char *name = STR2CSTR(obj);
- return EVP_MD_CTX_md(ctx); /*== ctx->digest*/
+ return EVP_MD_CTX_md(ctx);
+ md = EVP_get_digestbyname(name);
+ if (!md)
+ ossl_raise(rb_eRuntimeError, "Unsupported digest algorithm (%s).", name);
+ } else {
+ EVP_MD_CTX *ctx;
+
+ SafeGetDigest(obj, ctx);
+
+ md = EVP_MD_CTX_md(ctx);
+ }
+
+ return md;
}
VALUE
@@ -51,7 +51,6 @@ ossl_digest_new(const EVP_MD *md)
@@ -51,7 +62,6 @@
ret = ossl_digest_alloc(cDigest);
GetDigest(ret, ctx);
@ -57,7 +101,7 @@ index 4096b09..b0308f0 100644
EVP_DigestInit_ex(ctx, md, NULL);
return ret;
@@ -69,9 +68,8 @@ ossl_digest_alloc(VALUE klass)
@@ -69,14 +79,18 @@
ctx = EVP_MD_CTX_create();
if (ctx == NULL)
ossl_raise(rb_eRuntimeError, "EVP_MD_CTX_create() failed");
@ -68,7 +112,17 @@ index 4096b09..b0308f0 100644
return obj;
}
@@ -86,14 +84,9 @@ ossl_digest_initialize(int argc, VALUE *argv, VALUE self)
VALUE ossl_digest_update(VALUE, VALUE);
+/*
+ * call-seq:
+ * Digest.new(string) -> digest
+ *
+ */
static VALUE
ossl_digest_initialize(int argc, VALUE *argv, VALUE self)
{
@@ -86,14 +100,9 @@
VALUE type, data;
rb_scan_args(argc, argv, "11", &type, &data);
@ -85,7 +139,37 @@ index 4096b09..b0308f0 100644
GetDigest(self, ctx);
EVP_DigestInit_ex(ctx, md, NULL);
@@ -141,75 +134,25 @@ ossl_digest_update(VALUE self, VALUE data)
@@ -118,6 +127,11 @@
return self;
}
+/*
+ * call-seq:
+ * digest.reset -> self
+ *
+ */
static VALUE
ossl_digest_reset(VALUE self)
{
@@ -129,6 +143,11 @@
return self;
}
+/*
+ * call-seq:
+ * digest.update(string) -> aString
+ *
+ */
VALUE
ossl_digest_update(VALUE self, VALUE data)
{
@@ -136,126 +155,77 @@
StringValue(data);
GetDigest(self, ctx);
- EVP_DigestUpdate(ctx, RSTRING(data)->ptr, RSTRING(data)->len);
+ EVP_DigestUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data));
return self;
}
@ -105,10 +189,16 @@ index 4096b09..b0308f0 100644
- EVP_MD_CTX_cleanup(&final);
-}
-
-static VALUE
+/*
+ * call-seq:
+ * digest.finish -> aString
+ *
+ */
static VALUE
-ossl_digest_digest(VALUE self)
-{
- EVP_MD_CTX *ctx;
+ossl_digest_finish(int argc, VALUE *argv, VALUE self)
{
EVP_MD_CTX *ctx;
- char *buf;
- int buf_len;
- VALUE digest;
@ -119,16 +209,15 @@ index 4096b09..b0308f0 100644
-
- return digest;
-}
-
static VALUE
+ VALUE str;
-static VALUE
-ossl_digest_hexdigest(VALUE self)
+ossl_digest_finish(int argc, VALUE *argv, VALUE self)
{
EVP_MD_CTX *ctx;
-{
- EVP_MD_CTX *ctx;
- char *buf, *hexbuf;
- int buf_len;
- VALUE hexdigest;
+ VALUE str;
+ rb_scan_args(argc, argv, "01", &str);
GetDigest(self, ctx);
@ -136,6 +225,7 @@ index 4096b09..b0308f0 100644
- if (string2hex(buf, buf_len, &hexbuf, NULL) != 2 * buf_len) {
- OPENSSL_free(buf);
- ossl_raise(eDigestError, "Memory alloc error");
+
+ if (NIL_P(str)) {
+ str = rb_str_new(NULL, EVP_MD_CTX_size(ctx));
+ } else {
@ -147,67 +237,112 @@ index 4096b09..b0308f0 100644
- return hexdigest;
-}
-
+ EVP_DigestFinal_ex(ctx, RSTRING_PTR(str), NULL);
-static VALUE
-ossl_digest_s_digest(VALUE klass, VALUE str, VALUE data)
-{
- VALUE obj = rb_class_new_instance(1, &str, klass);
+ EVP_DigestFinal_ex(ctx, RSTRING_PTR(str), NULL);
- ossl_digest_update(obj, data);
+ return str;
- return ossl_digest_digest(obj);
-}
-
-static VALUE
- ossl_digest_update(obj, data);
-
- return ossl_digest_digest(obj);
+ return str;
}
+/*
+ * call-seq:
+ * digest.name -> string
+ *
+ */
static VALUE
-ossl_digest_s_hexdigest(VALUE klass, VALUE str, VALUE data)
-{
+ossl_digest_name(VALUE self)
{
- VALUE obj = rb_class_new_instance(1, &str, klass);
-
- ossl_digest_update(obj, data);
-
- return ossl_digest_hexdigest(obj);
-}
-
-static VALUE
-ossl_digest_equal(VALUE self, VALUE other)
-{
EVP_MD_CTX *ctx;
- VALUE str1, str2;
- if (rb_obj_is_kind_of(other, cDigest) == Qtrue) {
- str2 = ossl_digest_digest(other);
- } else {
- StringValue(other);
- str2 = other;
- }
GetDigest(self, ctx);
- if (RSTRING(str2)->len == EVP_MD_CTX_size(ctx)) {
- str1 = ossl_digest_digest(self);
- } else {
- str1 = ossl_digest_hexdigest(self);
- }
- if (RSTRING(str1)->len == RSTRING(str2)->len
- && rb_str_cmp(str1, str2) == 0) {
- return Qtrue;
- }
- return Qfalse;
+ return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx)));
}
+/*
+ * call-seq:
+ * digest.digest_size -> integer
+ *
+ * Returns the output size of the digest.
+ */
static VALUE
-ossl_digest_name(VALUE self)
+ossl_digest_size(VALUE self)
{
EVP_MD_CTX *ctx;
GetDigest(self, ctx);
- return rb_str_new2(EVP_MD_name(EVP_MD_CTX_md(ctx)));
+ return INT2NUM(EVP_MD_CTX_size(ctx));
}
static VALUE
@@ -258,41 +201,44 @@ ossl_digest_size(VALUE self)
return INT2NUM(EVP_MD_CTX_size(ctx));
-ossl_digest_size(VALUE self)
+ossl_digest_block_length(VALUE self)
{
EVP_MD_CTX *ctx;
GetDigest(self, ctx);
- return INT2NUM(EVP_MD_CTX_size(ctx));
+ return INT2NUM(EVP_MD_CTX_block_size(ctx));
}
+static VALUE
+ossl_digest_block_length(VALUE self)
+{
+ EVP_MD_CTX *ctx;
+
+ GetDigest(self, ctx);
+
+ return INT2NUM(EVP_MD_CTX_block_size(ctx));
+}
+
+
/*
* INIT
*/
@@ -264,31 +234,26 @@
void
Init_ossl_digest()
{
- mDigest = rb_define_module_under(mOSSL, "Digest");
+ rb_require("openssl");
+ rb_require("digest");
+
#if 0 /* let rdoc know about mOSSL */
mOSSL = rb_define_module("OpenSSL");
#endif
+#if 0 /* let rdoc know about mOSSL */
+ mOSSL = rb_define_module("OpenSSL");
+#endif
+
+ cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
+ eDigestError = rb_define_class_under(cDigest, "DigestError", eOSSLError);
- mDigest = rb_define_module_under(mOSSL, "Digest");
-
- eDigestError = rb_define_class_under(mDigest, "DigestError", eOSSLError);
-
- cDigest = rb_define_class_under(mDigest, "Digest", rb_cObject);
-
+ cDigest = rb_define_class_under(mOSSL, "Digest", rb_path2class("Digest::Class"));
+ eDigestError = rb_define_class_under(cDigest, "DigestError", eOSSLError);
+
rb_define_alloc_func(cDigest, ossl_digest_alloc);
- rb_define_singleton_method(cDigest, "digest", ossl_digest_s_digest, 2);
- rb_define_singleton_method(cDigest, "hexdigest", ossl_digest_s_hexdigest, 2);
@ -236,4 +371,3 @@ index 4096b09..b0308f0 100644
rb_define_method(cDigest, "name", ossl_digest_name, 0);
- rb_define_method(cDigest, "size", ossl_digest_size, 0);
}
+

25
ruby.spec
View File

@ -18,7 +18,7 @@
Name: ruby
Version: %{rubyver}%{?dotpatchlevel}
Release: 4%{?dist}
Release: 5%{?dist}
License: Ruby or GPLv2
URL: http://www.ruby-lang.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -57,7 +57,8 @@ Patch23: ruby-multilib.patch
# Needed in 1.8.6-p287, no longer needed in 1.8.6-p368?
#Patch25: ruby-1.8.6.111-gcc43.patch
# ruby_1_8 branch rev 19320, 20121, bug 460134
Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch
# Included in 1.8.6 p368
#Patch26: ruby-1.8.6-rexml-CVE-2008-3790.patch
# Patch27, 28 could not be found in the upstream VCS
# Need checking??
Patch27: ruby-1.8.6-p287-CVE-2008-5189.patch
@ -75,9 +76,8 @@ Patch32: ruby-1.8head-irb-save-history.patch
# bug 428384, Fedora specific, however needed for Fedora's static
# archive policy
Patch33: ruby-1.8.6-p383-mkmf-use-shared.patch
# Testing (bug 559158)
# Patch34 disabled for now as this breaks rubygem-actionpack rake test,
# need investigating
# bug 559158, Simplify the OpenSSL::Digest class
# Applying Patch34 needs reversing Patch39 part
Patch34: ruby-1.8.6-simplify-openssl-digest.patch
# bug 580993, patch from ruby_1_8_7 branch
Patch35: ruby_1_8_7-gc-open4_096segv.patch
@ -93,6 +93,8 @@ Patch37: ruby-1.8.x-ext_tk-flatten-level-revert.patch
# From ruby_1_8 branch: bz 530407
# bz 530407 reproducible with 1.8.7p174, not with 1.8.7p249
Patch38: ruby-1.8.x-null-class-must-be-Qnil.patch
# Once revert this patch to apply Patch34 cleanly
Patch39: ruby-1.8.6-openssl-digest-once-revert-for-simplify-patch.patch
Summary: An interpreter of object-oriented scripting language
Group: Development/Languages
@ -232,8 +234,8 @@ pushd %{name}-%{arcver}
%patch22 -p1
%patch23 -p1
%endif
#%patch25 -p1
#%patch26 -p1
#%%patch25 -p1
#%%patch26 -p1
%patch27 -p0
%patch28 -p1
%patch29 -p1
@ -241,8 +243,9 @@ pushd %{name}-%{arcver}
%patch31 -p1
%patch32 -p0
%patch33 -p1
# Once kill patch34 due to build failure on actionpack
#%%patch34 -p1
# To apply patch34, patch39 part must once be reverted
%patch39 -p1 -R
%patch34 -p1
%patch35 -p1
%patch36 -p1
%patch37 -p1
@ -637,6 +640,10 @@ rm -rf $RPM_BUILD_ROOT
%{_emacs_sitestartdir}/ruby-mode-init.el
%changelog
* Wed May 19 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.399-5
- Retry for bug 559158, Simplify the OpenSSL::Digest class
pull more change commits from ruby_1_8 branch
* Mon May 17 2010 Mamoru Tasaka <mtasaka@ioa.s.u-tokyo.ac.jp> - 1.8.6.399-4
- Patch36 (ruby-1.8.x-RHASH_SIZE-rb_hash_lookup-def.patch)
also backport rb_hash_lookup definition (bug 592936)