diff --git a/.gitignore b/.gitignore index 2e95d4c..6a673bb 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ruby-3.3.1.tar.xz +SOURCES/ruby-3.3.0.tar.xz diff --git a/.ruby.metadata b/.ruby.metadata index 4457806..24d7b2e 100644 --- a/.ruby.metadata +++ b/.ruby.metadata @@ -1 +1 @@ -88ef585faece4ed76f4330bce52903664d4fbfe0 SOURCES/ruby-3.3.1.tar.xz +c8f68e1b0a114b90460a0b44165a3b2f540fa5b6 SOURCES/ruby-3.3.0.tar.xz diff --git a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch index acd58b9..826d5f5 100644 --- a/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch +++ b/SOURCES/ruby-2.1.0-Enable-configuration-of-archlibdir.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index d261ea57b5..3c13076b82 100644 --- a/configure.ac +++ b/configure.ac -@@ -3473,6 +3473,11 @@ AS_IF([test ${multiarch+set}], [ +@@ -3470,6 +3470,11 @@ AS_IF([test ${multiarch+set}], [ ]) archlibdir='${libdir}/${arch}' diff --git a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch index 996486a..fb9b618 100644 --- a/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch +++ b/SOURCES/ruby-2.1.0-Prevent-duplicated-paths-when-empty-version-string-i.patch @@ -14,7 +14,7 @@ diff --git a/configure.ac b/configure.ac index c42436c23d..d261ea57b5 100644 --- a/configure.ac +++ b/configure.ac -@@ -4312,7 +4312,8 @@ AS_CASE(["$ruby_version_dir_name"], +@@ -4309,7 +4309,8 @@ AS_CASE(["$ruby_version_dir_name"], ruby_version_dir=/'${ruby_version_dir_name}' if test -z "${ruby_version_dir_name}"; then diff --git a/SOURCES/ruby-2.1.0-always-use-i386.patch b/SOURCES/ruby-2.1.0-always-use-i386.patch index 38eba5e..a64b812 100644 --- a/SOURCES/ruby-2.1.0-always-use-i386.patch +++ b/SOURCES/ruby-2.1.0-always-use-i386.patch @@ -11,7 +11,7 @@ diff --git a/configure.ac b/configure.ac index 3c13076b82..93af30321d 100644 --- a/configure.ac +++ b/configure.ac -@@ -4376,6 +4376,8 @@ AC_SUBST(vendorarchdir)dnl +@@ -4373,6 +4373,8 @@ AC_SUBST(vendorarchdir)dnl AC_SUBST(CONFIGURE, "`echo $0 | sed 's|.*/||'`")dnl AC_SUBST(configure_args, "`echo "${ac_configure_args}" | sed 's/\\$/$$/g'`")dnl diff --git a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch index 98dd7ac..91e53a1 100644 --- a/SOURCES/ruby-2.1.0-custom-rubygems-location.patch +++ b/SOURCES/ruby-2.1.0-custom-rubygems-location.patch @@ -15,7 +15,7 @@ diff --git a/configure.ac b/configure.ac index 93af30321d..bc13397e0e 100644 --- a/configure.ac +++ b/configure.ac -@@ -4348,6 +4348,10 @@ AC_ARG_WITH(vendorarchdir, +@@ -4345,6 +4345,10 @@ AC_ARG_WITH(vendorarchdir, [vendorarchdir=$withval], [vendorarchdir=${multiarch+'${rubysitearchprefix}/vendor_ruby'${ruby_version_dir}}${multiarch-'${vendorlibdir}/${sitearch}'}]) @@ -26,7 +26,7 @@ index 93af30321d..bc13397e0e 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) RUBY_EXEC_PREFIX='' -@@ -4372,6 +4376,7 @@ AC_SUBST(sitearchdir)dnl +@@ -4369,6 +4373,7 @@ AC_SUBST(sitearchdir)dnl AC_SUBST(vendordir)dnl AC_SUBST(vendorlibdir)dnl AC_SUBST(vendorarchdir)dnl diff --git a/SOURCES/ruby-2.3.0-ruby_version.patch b/SOURCES/ruby-2.3.0-ruby_version.patch index 6ba802e..c921c36 100644 --- a/SOURCES/ruby-2.3.0-ruby_version.patch +++ b/SOURCES/ruby-2.3.0-ruby_version.patch @@ -20,7 +20,7 @@ diff --git a/configure.ac b/configure.ac index 80b137e380..63cd3b4f8b 100644 --- a/configure.ac +++ b/configure.ac -@@ -4262,9 +4262,6 @@ AS_CASE(["$target_os"], +@@ -4259,9 +4259,6 @@ AS_CASE(["$target_os"], rubyw_install_name='$(RUBYW_INSTALL_NAME)' ]) @@ -30,7 +30,7 @@ index 80b137e380..63cd3b4f8b 100644 rubyarchprefix=${multiarch+'${archlibdir}/${RUBY_BASE_NAME}'}${multiarch-'${rubylibprefix}/${arch}'} AC_ARG_WITH(rubyarchprefix, AS_HELP_STRING([--with-rubyarchprefix=DIR], -@@ -4287,57 +4284,63 @@ AC_ARG_WITH(ridir, +@@ -4284,57 +4281,63 @@ AC_ARG_WITH(ridir, AC_SUBST(ridir) AC_SUBST(RI_BASE_NAME) @@ -122,7 +122,7 @@ index 80b137e380..63cd3b4f8b 100644 AS_IF([test "${LOAD_RELATIVE+set}"], [ AC_DEFINE_UNQUOTED(LOAD_RELATIVE, $LOAD_RELATIVE) -@@ -4354,6 +4357,7 @@ AC_SUBST(sitearchincludedir)dnl +@@ -4351,6 +4354,7 @@ AC_SUBST(sitearchincludedir)dnl AC_SUBST(arch)dnl AC_SUBST(sitearch)dnl AC_SUBST(ruby_version)dnl diff --git a/SOURCES/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch b/SOURCES/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch index 23a6db8..9baaf27 100644 --- a/SOURCES/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch +++ b/SOURCES/ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch @@ -13,7 +13,7 @@ diff --git a/hash.c b/hash.c index 78e9d9a2d6..f6525ba4a5 100644 --- a/hash.c +++ b/hash.c -@@ -4385,16 +4385,13 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4377,16 +4377,13 @@ rb_hash_compare_by_id(VALUE hash) if (hash_iterating_p(hash)) { rb_raise(rb_eRuntimeError, "compare_by_identity during iteration"); } @@ -33,7 +33,7 @@ index 78e9d9a2d6..f6525ba4a5 100644 // Slow path: Need to rehash the members of `self` into a new // `tmp` table using the new `identhash` compare/hash functions. tmp = hash_alloc(0); -@@ -4402,10 +4399,8 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4394,10 +4391,8 @@ rb_hash_compare_by_id(VALUE hash) identtable = RHASH_ST_TABLE(tmp); rb_hash_foreach(hash, rb_hash_rehash_i, (VALUE)tmp); @@ -60,7 +60,7 @@ diff --git a/hash.c b/hash.c index f6525ba4a5..cf83675c70 100644 --- a/hash.c +++ b/hash.c -@@ -4388,22 +4388,15 @@ rb_hash_compare_by_id(VALUE hash) +@@ -4380,22 +4380,15 @@ rb_hash_compare_by_id(VALUE hash) ar_force_convert_table(hash, __FILE__, __LINE__); HASH_ASSERT(RHASH_ST_TABLE_P(hash)); diff --git a/SOURCES/ruby-3.4.0-Fix-pointer-incompatiblity.patch b/SOURCES/ruby-3.4.0-Fix-pointer-incompatiblity.patch deleted file mode 100644 index 2bd7a53..0000000 --- a/SOURCES/ruby-3.4.0-Fix-pointer-incompatiblity.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 055613fd868a8c94e43893f8c58a00cdd2a81f6d Mon Sep 17 00:00:00 2001 -From: Nobuyoshi Nakada -Date: Fri, 22 Mar 2024 18:18:35 +0900 -Subject: [PATCH] Fix pointer incompatiblity - -Since the subsecond part is discarded, WIDEVAL to VALUE conversion is -needed. ---- - time.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/time.c b/time.c -index 6179b081c02fc9..3304b2f4f4856a 100644 ---- a/time.c -+++ b/time.c -@@ -2342,7 +2342,7 @@ zone_timelocal(VALUE zone, VALUE time) - struct time_object *tobj = RTYPEDDATA_GET_DATA(time); - wideval_t t, s; - -- split_second(tobj->timew, &t, &s); -+ wdivmod(tobj->timew, WINT2FIXWV(TIME_SCALE), &t, &s); - tm = tm_from_time(rb_cTimeTM, time); - utc = rb_check_funcall(zone, id_local_to_utc, 1, &tm); - if (UNDEF_P(utc)) return 0; diff --git a/SOURCES/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch b/SOURCES/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch new file mode 100644 index 0000000..b509cb4 --- /dev/null +++ b/SOURCES/ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch @@ -0,0 +1,241 @@ +From c3655b89e7c06555a2e0bf13affb8a63a49f4296 Mon Sep 17 00:00:00 2001 +From: Jarek Prokop +Date: Fri, 26 Jan 2024 11:19:48 +0100 +Subject: [PATCH] Revert "Set AI_ADDRCONFIG when making getaddrinfo(3) calls + for outgoing conns (#7295)" + +This reverts commit d2ba8ea54a4089959afdeecdd963e3c4ff391748. + +The purpose of the commit is to workaround a GLIBC bug [0] still present +in older Ubuntu [1]. C8S/RHEL 8 has the fix for some time [2] and the +Ruby workaround is causing problems for us [3]. Therefore we can +revert it for EL8, EL9, and Fedora distros. + +[0] https://sourceware.org/bugzilla/show_bug.cgi?id=26600 +[1] https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1961697 +[2] https://bugzilla.redhat.com/show_bug.cgi?id=1868106 +[3] https://bugs.ruby-lang.org/issues/20208 +--- + ext/socket/extconf.rb | 2 - + ext/socket/ipsocket.c | 11 +-- + test/socket/test_tcp.rb | 164 ---------------------------------------- + 3 files changed, 2 insertions(+), 175 deletions(-) + +diff --git a/ext/socket/extconf.rb b/ext/socket/extconf.rb +index 544bed5298..1ca52da366 100644 +--- a/ext/socket/extconf.rb ++++ b/ext/socket/extconf.rb +@@ -607,8 +607,6 @@ def %(s) s || self end + EOS + end + +- have_const('AI_ADDRCONFIG', headers) +- + case with_config("lookup-order-hack", "UNSPEC") + when "INET" + $defs << "-DLOOKUP_ORDER_HACK_INET" +diff --git a/ext/socket/ipsocket.c b/ext/socket/ipsocket.c +index 0a693655b4..0c13620258 100644 +--- a/ext/socket/ipsocket.c ++++ b/ext/socket/ipsocket.c +@@ -54,22 +54,15 @@ init_inetsock_internal(VALUE v) + VALUE connect_timeout = arg->connect_timeout; + struct timeval tv_storage; + struct timeval *tv = NULL; +- int remote_addrinfo_hints = 0; + + if (!NIL_P(connect_timeout)) { + tv_storage = rb_time_interval(connect_timeout); + tv = &tv_storage; + } + +- if (type == INET_SERVER) { +- remote_addrinfo_hints |= AI_PASSIVE; +- } +-#ifdef HAVE_CONST_AI_ADDRCONFIG +- remote_addrinfo_hints |= AI_ADDRCONFIG; +-#endif +- + arg->remote.res = rsock_addrinfo(arg->remote.host, arg->remote.serv, +- family, SOCK_STREAM, remote_addrinfo_hints); ++ family, SOCK_STREAM, ++ (type == INET_SERVER) ? AI_PASSIVE : 0); + + + /* +diff --git a/test/socket/test_tcp.rb b/test/socket/test_tcp.rb +index 35d361f060..7f9dc53cae 100644 +--- a/test/socket/test_tcp.rb ++++ b/test/socket/test_tcp.rb +@@ -140,168 +140,4 @@ def test_accept_multithread + server_threads.each(&:join) + end + end +- +- def test_ai_addrconfig +- # This test verifies that we pass AI_ADDRCONFIG to the DNS resolver when making +- # an outgoing connection. +- # The verification of this is unfortunately incredibly convoluted. We perform the +- # test by setting up a fake DNS server to receive queries. Then, we construct +- # an environment which has only IPv4 addresses and uses that fake DNS server. We +- # then attempt to make an outgoing TCP connection. Finally, we verify that we +- # only received A and not AAAA queries on our fake resolver. +- # This test can only possibly work on Linux, and only when run as root. If either +- # of these conditions aren't met, the test will be skipped. +- +- # The construction of our IPv6-free environment must happen in a child process, +- # which we can put in its own network & mount namespaces. +- +- omit "This test is disabled. It is retained to show the original intent of [ruby-core:110870]" +- +- IO.popen("-") do |test_io| +- if test_io.nil? +- begin +- # Child program +- require 'fiddle' +- require 'resolv' +- require 'open3' +- +- libc = Fiddle.dlopen(nil) +- begin +- unshare = Fiddle::Function.new(libc['unshare'], [Fiddle::TYPE_INT], Fiddle::TYPE_INT) +- rescue Fiddle::DLError +- # Test can't run because we don't have unshare(2) in libc +- # This will be the case on not-linux, and also on very old glibc versions (or +- # possibly other libc's that don't expose this syscall wrapper) +- $stdout.write(Marshal.dump({result: :skip, reason: "unshare(2) or mount(2) not in libc"})) +- exit +- end +- +- # Move our test process into a new network & mount namespace. +- # This environment will be configured to be IPv6 free and point DNS resolution +- # at a fake DNS server. +- # (n.b. these flags are CLONE_NEWNS | CLONE_NEWNET) +- ret = unshare.call(0x00020000 | 0x40000000) +- errno = Fiddle.last_error +- if ret == -1 && errno == Errno::EPERM::Errno +- # Test can't run because we're not root. +- $stdout.write(Marshal.dump({result: :skip, reason: "insufficient permissions to unshare namespaces"})) +- exit +- elsif ret == -1 && (errno == Errno::ENOSYS::Errno || errno == Errno::EINVAL::Errno) +- # No unshare(2) in the kernel (or kernel too old to know about this namespace type) +- $stdout.write(Marshal.dump({result: :skip, reason: "errno #{errno} calling unshare(2)"})) +- exit +- elsif ret == -1 +- # Unexpected failure +- raise "errno #{errno} calling unshare(2)" +- end +- +- # Set up our fake DNS environment. Clean out /etc/hosts... +- fake_hosts_file = Tempfile.new('ruby_test_hosts') +- fake_hosts_file.write <<~HOSTS +- 127.0.0.1 localhost +- ::1 localhost +- HOSTS +- fake_hosts_file.flush +- +- # Have /etc/resolv.conf point to 127.0.0.1... +- fake_resolv_conf = Tempfile.new('ruby_test_resolv') +- fake_resolv_conf.write <<~RESOLV +- nameserver 127.0.0.1 +- RESOLV +- fake_resolv_conf.flush +- +- # Also stub out /etc/nsswitch.conf; glibc can have other resolver modules +- # (like systemd-resolved) configured in there other than just using dns, +- # so rewrite it to remove any `hosts:` lines and add one which just uses +- # dns. +- real_nsswitch_conf = File.read('/etc/nsswitch.conf') rescue "" +- fake_nsswitch_conf = Tempfile.new('ruby_test_nsswitch') +- real_nsswitch_conf.lines.reject { _1 =~ /^\s*hosts:/ }.each do |ln| +- fake_nsswitch_conf.puts ln +- end +- fake_nsswitch_conf.puts "hosts: files myhostname dns" +- fake_nsswitch_conf.flush +- +- # This is needed to make sure our bind-mounds aren't visible outside this process. +- system 'mount', '--make-rprivate', '/', exception: true +- # Bind-mount the fake files over the top of the real files. +- system 'mount', '--bind', '--make-private', fake_hosts_file.path, '/etc/hosts', exception: true +- system 'mount', '--bind', '--make-private', fake_resolv_conf.path, '/etc/resolv.conf', exception: true +- system 'mount', '--bind', '--make-private', fake_nsswitch_conf.path, '/etc/nsswitch.conf', exception: true +- +- # Create a dummy interface with only an IPv4 address +- system 'ip', 'link', 'add', 'dummy0', 'type', 'dummy', exception: true +- system 'ip', 'addr', 'add', '192.168.1.2/24', 'dev', 'dummy0', exception: true +- system 'ip', 'link', 'set', 'dummy0', 'up', exception: true +- system 'ip', 'link', 'set', 'lo', 'up', exception: true +- +- # Disable IPv6 on this interface (this is needed to disable the link-local +- # IPv6 address) +- File.open('/proc/sys/net/ipv6/conf/dummy0/disable_ipv6', 'w') do |f| +- f.puts "1" +- end +- +- # Create a fake DNS server which will receive the DNS queries triggered by TCPSocket.new +- fake_dns_server_socket = UDPSocket.new +- fake_dns_server_socket.bind('127.0.0.1', 53) +- received_dns_queries = [] +- fake_dns_server_thread = Thread.new do +- Socket.udp_server_loop_on([fake_dns_server_socket]) do |msg, msg_src| +- request = Resolv::DNS::Message.decode(msg) +- received_dns_queries << request +- response = request.dup.tap do |r| +- r.qr = 0 +- r.rcode = 3 # NXDOMAIN +- end +- msg_src.reply response.encode +- end +- end +- +- # Make a request which will hit our fake DNS swerver - this needs to be in _another_ +- # process because glibc will cache resolver info across the fork otherwise. +- load_path_args = $LOAD_PATH.flat_map { ['-I', _1] } +- Open3.capture3('/proc/self/exe', *load_path_args, '-rsocket', '-e', <<~RUBY) +- TCPSocket.open('www.example.com', 4444) +- RUBY +- +- fake_dns_server_thread.kill +- fake_dns_server_thread.join +- +- have_aaaa_qs = received_dns_queries.any? do |query| +- query.question.any? do |question| +- question[1] == Resolv::DNS::Resource::IN::AAAA +- end +- end +- +- have_a_q = received_dns_queries.any? do |query| +- query.question.any? do |question| +- question[0].to_s == "www.example.com" +- end +- end +- +- if have_aaaa_qs +- $stdout.write(Marshal.dump({result: :fail, reason: "got AAAA queries, expected none"})) +- elsif !have_a_q +- $stdout.write(Marshal.dump({result: :fail, reason: "got no A query for example.com"})) +- else +- $stdout.write(Marshal.dump({result: :success})) +- end +- rescue => ex +- $stdout.write(Marshal.dump({result: :fail, reason: ex.full_message})) +- ensure +- # Make sure the child process does not transfer control back into the test runner. +- exit! +- end +- else +- test_result = Marshal.load(test_io.read) +- +- case test_result[:result] +- when :skip +- omit test_result[:reason] +- when :fail +- fail test_result[:reason] +- end +- end +- end +- end + end if defined?(TCPSocket) +-- +2.43.0 + diff --git a/SOURCES/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch b/SOURCES/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch index de93143..9ab7078 100644 --- a/SOURCES/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch +++ b/SOURCES/ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch @@ -1,7 +1,39 @@ -From db4ba95bf12f9303e38a9a78979cd363cb9a19fb Mon Sep 17 00:00:00 2001 +From 8af8f327457738620d2c85bd65db8cc5594585db Mon Sep 17 00:00:00 2001 +From: Yuta Saito +Date: Wed, 27 Dec 2023 06:22:45 +0000 +Subject: [PATCH 1/2] [Bug #20085] Use consistent default options for + `-mbranch-protection` + +We need to use the same options for both C compiler and assembler +when `-mbranch-protection` is guessed by configure. Otherwise, +`coroutine/arm64/Context.{h,S}` will use incompatible PAC strategies. +--- + configure.ac | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 9286946fc1..18b4247991 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -830,7 +830,10 @@ AS_IF([test "$GCC" = yes], [ + AS_FOR(option, opt, [-mbranch-protection=pac-ret -msign-return-address=all], [ + RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) + AS_IF([test "x$branch_protection" = xyes], [ ++ # C compiler and assembler must be consistent for -mbranch-protection ++ # since they both check `__ARM_FEATURE_PAC_DEFAULT` definition. + RUBY_APPEND_OPTION(XCFLAGS, option) ++ RUBY_APPEND_OPTION(ASFLAGS, option) + break + ]) + ]) +-- +2.43.0 + + +From 80281e14e411e8e5fe4955effbb2c650a2f52667 Mon Sep 17 00:00:00 2001 From: Jarek Prokop Date: Fri, 12 Jan 2024 18:33:34 +0100 -Subject: [PATCH] aarch64: Prepend -mbranch-protection=standard option when +Subject: [PATCH 2/2] aarch64: Prepend -mbranch-protection=standard option when checking branch protection. Related Upstream issue: https://bugs.ruby-lang.org/issues/20154 @@ -22,3 +54,6 @@ index 18b4247991..5ea8ada8f7 100644 RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no]) AS_IF([test "x$branch_protection" = xyes], [ # C compiler and assembler must be consistent for -mbranch-protection +-- +2.43.0 + diff --git a/SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch b/SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch new file mode 100644 index 0000000..34a18e0 --- /dev/null +++ b/SOURCES/ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch @@ -0,0 +1,256 @@ +From d3933fc753187a055a4904af82f5f3794c88c416 Mon Sep 17 00:00:00 2001 +From: Sorah Fukumori +Date: Mon, 1 Jan 2024 20:45:54 +0900 +Subject: [PATCH] [ruby/net-http] Renew test certificates + +The private key is replaced with a public known test key published at +[RFC 9500]. + +Also lifetime has been extended to 10 years from 4 years. + +[RFC 9500]: https://www.rfc-editor.org/rfc/rfc9500.html + +https://github.com/ruby/net-http/commit/4ab6c4a500 +--- + test/net/fixtures/Makefile | 6 +-- + test/net/fixtures/cacert.pem | 44 ++++++++-------- + test/net/fixtures/server.crt | 99 +++++++----------------------------- + test/net/fixtures/server.key | 55 ++++++++++---------- + 4 files changed, 71 insertions(+), 133 deletions(-) + +diff --git a/test/net/fixtures/Makefile b/test/net/fixtures/Makefile +index b2bc9c7368ee2..88c232e3b6c16 100644 +--- a/test/net/fixtures/Makefile ++++ b/test/net/fixtures/Makefile +@@ -5,11 +5,11 @@ regen_certs: + make server.crt + + cacert.pem: server.key +- openssl req -new -x509 -days 1825 -key server.key -out cacert.pem -text -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" ++ openssl req -new -x509 -days 3650 -key server.key -out cacert.pem -subj "/C=JP/ST=Shimane/L=Matz-e city/O=Ruby Core Team/CN=Ruby Test CA/emailAddress=security@ruby-lang.org" + + server.csr: +- openssl req -new -key server.key -out server.csr -text -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" ++ openssl req -new -key server.key -out server.csr -subj "/C=JP/ST=Shimane/O=Ruby Core Team/OU=Ruby Test/CN=localhost" + + server.crt: server.csr cacert.pem +- openssl x509 -days 1825 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -text -out server.crt ++ openssl x509 -days 3650 -CA cacert.pem -CAkey server.key -set_serial 00 -in server.csr -req -out server.crt + rm server.csr +diff --git a/test/net/fixtures/cacert.pem b/test/net/fixtures/cacert.pem +index f623bd62ed375..24c83f1c65225 100644 +--- a/test/net/fixtures/cacert.pem ++++ b/test/net/fixtures/cacert.pem +@@ -1,24 +1,24 @@ + -----BEGIN CERTIFICATE----- +-MIID7TCCAtWgAwIBAgIJAIltvxrFAuSnMA0GCSqGSIb3DQEBCwUAMIGMMQswCQYD +-VQQGEwJKUDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0Ex +-JTAjBgkqhkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwHhcNMTkwMTAy +-MDI1ODI4WhcNMjQwMTAxMDI1ODI4WjCBjDELMAkGA1UEBhMCSlAxEDAOBgNVBAgM +-B1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQKDA5SdWJ5IENv +-cmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZIhvcNAQkBFhZz +-ZWN1cml0eUBydWJ5LWxhbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +-CgKCAQEAznlbjRVhz1NlutHVrhcGnK8W0qug2ujKXv1njSC4U6nJF6py7I9EeehV +-SaKePyv+I9z3K1LnfUHOtUbdwdKC77yN66A6q2aqzu5q09/NSykcZGOIF0GuItYI +-3nvW3IqBddff2ffsyR+9pBjfb5AIPP08WowF9q4s1eGULwZc4w2B8PFhtxYANd7d +-BvGLXFlcufv9tDtzyRi4t7eqxCRJkZQIZNZ6DHHIJrNxejOILfHLarI12yk8VK6L +-2LG4WgGqyeePiRyd1o1MbuiAFYqAwpXNUbRKg5NaZGwBHZk8UZ+uFKt1QMBURO5R +-WFy1c349jbWszTqFyL4Lnbg9HhAowQIDAQABo1AwTjAdBgNVHQ4EFgQU9tEiKdU9 +-I9derQyc5nWPnc34nVMwHwYDVR0jBBgwFoAU9tEiKdU9I9derQyc5nWPnc34nVMw +-DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAxj7F/u3C3fgq24N7hGRA +-of7ClFQxGmo/IGT0AISzW3HiVYiFaikKhbO1NwD9aBpD8Zwe62sCqMh8jGV/b0+q +-aOORnWYNy2R6r9FkASAglmdF6xn3bhgGD5ls4pCvcG9FynGnGc24g6MrjFNrBYUS +-2iIZsg36i0IJswo/Dy6HLphCms2BMCD3DeWtfjePUiTmQHJo6HsQIKP/u4N4Fvee +-uMBInei2M4VU74fLXbmKl1F9AEX7JDP3BKSZG19Ch5pnUo4uXM1uNTGsi07P4Y0s +-K44+SKBC0bYEFbDK0eQWMrX3kIhkPxyIWhxdq9/NqPYjShuSEAhA6CSpmRg0pqc+ +-mA== ++MIID+zCCAuOgAwIBAgIUGMvHl3EhtKPKcgc3NQSAYfFuC+8wDQYJKoZIhvcNAQEL ++BQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRQwEgYDVQQHDAtN ++YXR6LWUgY2l0eTEXMBUGA1UECgwOUnVieSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1 ++YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJARYWc2VjdXJpdHlAcnVieS1sYW5nLm9y ++ZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEyMjkxMTQ3MjNaMIGMMQswCQYDVQQGEwJK ++UDEQMA4GA1UECAwHU2hpbWFuZTEUMBIGA1UEBwwLTWF0ei1lIGNpdHkxFzAVBgNV ++BAoMDlJ1YnkgQ29yZSBUZWFtMRUwEwYDVQQDDAxSdWJ5IFRlc3QgQ0ExJTAjBgkq ++hkiG9w0BCQEWFnNlY3VyaXR5QHJ1YnktbGFuZy5vcmcwggEiMA0GCSqGSIb3DQEB ++AQUAA4IBDwAwggEKAoIBAQCw+egZQ6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI +++1GSqyi1bFBgsRjM0THllIdMbKmJtWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0f ++qXmG8UTz0VTWdlAXXmhUs6lSADvAaIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0 ++yg+801SXzoFTTa+UGIRLE66jH51aa5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIe ++NWMF32wHqIOOPvQcWV3M5D2vxJEj702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1 ++JNPc/n3dVUm+fM6NoDXPoLP7j55G9zKyqGtGAWXAj1MTAgMBAAGjUzBRMB0GA1Ud ++DgQWBBSJGVleDvFp9cu9R+E0/OKYzGkwkTAfBgNVHSMEGDAWgBSJGVleDvFp9cu9 ++R+E0/OKYzGkwkTAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBl ++8GLB8skAWlkSw/FwbUmEV3zyqu+p7PNP5YIYoZs0D74e7yVulGQ6PKMZH5hrZmHo ++orFSQU+VUUirG8nDGj7Rzce8WeWBxsaDGC8CE2dq6nC6LuUwtbdMnBrH0LRWAz48 ++jGFF3jHtVz8VsGfoZTZCjukWqNXvU6hETT9GsfU+PZqbqcTVRPH52+XgYayKdIbD ++r97RM4X3+aXBHcUW0b76eyyi65RR/Xtvn8ioZt2AdX7T2tZzJyXJN3Hupp77s6Ui ++AZR35SToHCZeTZD12YBvLBdaTPLZN7O/Q/aAO9ZiJaZ7SbFOjz813B2hxXab4Fob ++2uJX6eMWTVxYK5D4M9lm + -----END CERTIFICATE----- +diff --git a/test/net/fixtures/server.crt b/test/net/fixtures/server.crt +index 5ca78a6d146a0..5d2923795dabc 100644 +--- a/test/net/fixtures/server.crt ++++ b/test/net/fixtures/server.crt +@@ -1,82 +1,21 @@ +-Certificate: +- Data: +- Version: 3 (0x2) +- Serial Number: 2 (0x2) +- Signature Algorithm: sha256WithRSAEncryption +- Issuer: C=JP, ST=Shimane, L=Matz-e city, O=Ruby Core Team, CN=Ruby Test CA/emailAddress=security@ruby-lang.org +- Validity +- Not Before: Jan 2 03:27:13 2019 GMT +- Not After : Jan 1 03:27:13 2024 GMT +- Subject: C=JP, ST=Shimane, O=Ruby Core Team, OU=Ruby Test, CN=localhost +- Subject Public Key Info: +- Public Key Algorithm: rsaEncryption +- Public-Key: (2048 bit) +- Modulus: +- 00:e8:da:9c:01:2e:2b:10:ec:49:cd:5e:07:13:07: +- 9c:70:9e:c6:74:bc:13:c2:e1:6f:c6:82:fd:e3:48: +- e0:2c:a5:68:c7:9e:42:de:60:54:65:e6:6a:14:57: +- 7a:30:d0:cc:b5:b6:d9:c3:d2:df:c9:25:97:54:67: +- cf:f6:be:5e:cb:8b:ee:03:c5:e1:e2:f9:e7:f7:d1: +- 0c:47:f0:b8:da:33:5a:ad:41:ad:e7:b5:a2:7b:b7: +- bf:30:da:60:f8:e3:54:a2:bc:3a:fd:1b:74:d9:dc: +- 74:42:e9:29:be:df:ac:b4:4f:eb:32:f4:06:f1:e1: +- 8c:4b:a8:8b:fb:29:e7:b1:bf:1d:01:ee:73:0f:f9: +- 40:dc:d5:15:79:d9:c6:73:d0:c0:dd:cb:e4:da:19: +- 47:80:c6:14:04:72:fd:9a:7c:8f:11:82:76:49:04: +- 79:cc:f2:5c:31:22:95:13:3e:5d:40:a6:4d:e0:a3: +- 02:26:7d:52:3b:bb:ed:65:a1:0f:ed:6b:b0:3c:d4: +- de:61:15:5e:d3:dd:68:09:9f:4a:57:a5:c2:a9:6d: +- 86:92:c5:f4:a4:d4:b7:13:3b:52:63:24:05:e2:cc: +- e3:8a:3c:d4:35:34:2b:10:bb:58:72:e7:e1:8d:1d: +- 74:8c:61:16:20:3d:d0:1c:4e:8f:6e:fd:fe:64:10: +- 4f:41 +- Exponent: 65537 (0x10001) +- X509v3 extensions: +- X509v3 Basic Constraints: +- CA:FALSE +- Netscape Comment: +- OpenSSL Generated Certificate +- X509v3 Subject Key Identifier: +- ED:28:C2:7E:AB:4B:C8:E8:FE:55:6D:66:95:31:1C:2D:60:F9:02:36 +- X509v3 Authority Key Identifier: +- keyid:F6:D1:22:29:D5:3D:23:D7:5E:AD:0C:9C:E6:75:8F:9D:CD:F8:9D:53 +- +- Signature Algorithm: sha256WithRSAEncryption +- 1d:b8:c5:8b:72:41:20:65:ad:27:6f:15:63:06:26:12:8d:9c: +- ad:ca:f4:db:97:b4:90:cb:ff:35:94:bb:2a:a7:a1:ab:1e:35: +- 2d:a5:3f:c9:24:b0:1a:58:89:75:3e:81:0a:2c:4f:98:f9:51: +- fb:c0:a3:09:d0:0a:9b:e7:a2:b7:c3:60:40:c8:f4:6d:b2:6a: +- 56:12:17:4c:00:24:31:df:9c:60:ae:b1:68:54:a9:e6:b5:4a: +- 04:e6:92:05:86:d9:5a:dc:96:30:a5:58:de:14:99:0f:e5:15: +- 89:3e:9b:eb:80:e3:bd:83:c3:ea:33:35:4b:3e:2f:d3:0d:64: +- 93:67:7f:8d:f5:3f:0c:27:bc:37:5a:cc:d6:47:16:af:5a:62: +- d2:da:51:f8:74:06:6b:24:ad:28:68:08:98:37:7d:ed:0e:ab: +- 1e:82:61:05:d0:ba:75:a0:ab:21:b0:9a:fd:2b:54:86:1d:0d: +- 1f:c2:d4:77:1f:72:26:5e:ad:8a:9f:09:36:6d:44:be:74:c2: +- 5a:3e:ff:5c:9d:75:d6:38:7b:c5:39:f9:44:6e:a1:d1:8e:ff: +- 63:db:c4:bb:c6:91:92:ca:5c:60:9b:1d:eb:0a:de:08:ee:bf: +- da:76:03:65:62:29:8b:f8:7f:c7:86:73:1e:f6:1f:2d:89:69: +- fd:be:bd:6e + -----BEGIN CERTIFICATE----- +-MIID4zCCAsugAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMCSlAx +-EDAOBgNVBAgMB1NoaW1hbmUxFDASBgNVBAcMC01hdHotZSBjaXR5MRcwFQYDVQQK +-DA5SdWJ5IENvcmUgVGVhbTEVMBMGA1UEAwwMUnVieSBUZXN0IENBMSUwIwYJKoZI +-hvcNAQkBFhZzZWN1cml0eUBydWJ5LWxhbmcub3JnMB4XDTE5MDEwMjAzMjcxM1oX +-DTI0MDEwMTAzMjcxM1owYDELMAkGA1UEBhMCSlAxEDAOBgNVBAgMB1NoaW1hbmUx +-FzAVBgNVBAoMDlJ1YnkgQ29yZSBUZWFtMRIwEAYDVQQLDAlSdWJ5IFRlc3QxEjAQ +-BgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +-AOjanAEuKxDsSc1eBxMHnHCexnS8E8Lhb8aC/eNI4CylaMeeQt5gVGXmahRXejDQ +-zLW22cPS38kll1Rnz/a+XsuL7gPF4eL55/fRDEfwuNozWq1Bree1onu3vzDaYPjj +-VKK8Ov0bdNncdELpKb7frLRP6zL0BvHhjEuoi/sp57G/HQHucw/5QNzVFXnZxnPQ +-wN3L5NoZR4DGFARy/Zp8jxGCdkkEeczyXDEilRM+XUCmTeCjAiZ9Uju77WWhD+1r +-sDzU3mEVXtPdaAmfSlelwqlthpLF9KTUtxM7UmMkBeLM44o81DU0KxC7WHLn4Y0d +-dIxhFiA90BxOj279/mQQT0ECAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhC +-AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFO0o +-wn6rS8jo/lVtZpUxHC1g+QI2MB8GA1UdIwQYMBaAFPbRIinVPSPXXq0MnOZ1j53N +-+J1TMA0GCSqGSIb3DQEBCwUAA4IBAQAduMWLckEgZa0nbxVjBiYSjZytyvTbl7SQ +-y/81lLsqp6GrHjUtpT/JJLAaWIl1PoEKLE+Y+VH7wKMJ0Aqb56K3w2BAyPRtsmpW +-EhdMACQx35xgrrFoVKnmtUoE5pIFhtla3JYwpVjeFJkP5RWJPpvrgOO9g8PqMzVL +-Pi/TDWSTZ3+N9T8MJ7w3WszWRxavWmLS2lH4dAZrJK0oaAiYN33tDqsegmEF0Lp1 +-oKshsJr9K1SGHQ0fwtR3H3ImXq2Knwk2bUS+dMJaPv9cnXXWOHvFOflEbqHRjv9j +-28S7xpGSylxgmx3rCt4I7r/adgNlYimL+H/HhnMe9h8tiWn9vr1u ++MIIDYTCCAkkCAQAwDQYJKoZIhvcNAQELBQAwgYwxCzAJBgNVBAYTAkpQMRAwDgYD ++VQQIDAdTaGltYW5lMRQwEgYDVQQHDAtNYXR6LWUgY2l0eTEXMBUGA1UECgwOUnVi ++eSBDb3JlIFRlYW0xFTATBgNVBAMMDFJ1YnkgVGVzdCBDQTElMCMGCSqGSIb3DQEJ ++ARYWc2VjdXJpdHlAcnVieS1sYW5nLm9yZzAeFw0yNDAxMDExMTQ3MjNaFw0zMzEy ++MjkxMTQ3MjNaMGAxCzAJBgNVBAYTAkpQMRAwDgYDVQQIDAdTaGltYW5lMRcwFQYD ++VQQKDA5SdWJ5IENvcmUgVGVhbTESMBAGA1UECwwJUnVieSBUZXN0MRIwEAYDVQQD ++DAlsb2NhbGhvc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw+egZ ++Q6eumJKq3hfKfED4dE/tL4FI5sjqont9ABVI+1GSqyi1bFBgsRjM0THllIdMbKmJ ++tWwnKW8J+5OgNN8y6Xxv8JmM/Y5vQt2lis0fqXmG8UTz0VTWdlAXXmhUs6lSADvA ++aIe4RVrCsZ97L3ZQTryY7JRVcbB4khUN3Gp0yg+801SXzoFTTa+UGIRLE66jH51a ++a5VXu99hnv1OiH8tQrjdi8mH6uG/icq4XuIeNWMF32wHqIOOPvQcWV3M5D2vxJEj ++702Ku6k9OQXkAo17qRSEonWW4HtLbtmS8He1JNPc/n3dVUm+fM6NoDXPoLP7j55G ++9zKyqGtGAWXAj1MTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBACtGNdj5TEtnJBYp ++M+LhBeU3oNteldfycEm993gJp6ghWZFg23oX8fVmyEeJr/3Ca9bAgDqg0t9a0npN ++oWKEY6wVKqcHgu3gSvThF5c9KhGbeDDmlTSVVNQmXWX0K2d4lS2cwZHH8mCm2mrY ++PDqlEkSc7k4qSiqigdS8i80Yk+lDXWsm8CjsiC93qaRM7DnS0WPQR0c16S95oM6G ++VklFKUSDAuFjw9aVWA/nahOucjn0w5fVW6lyIlkBslC1ChlaDgJmvhz+Ol3iMsE0 ++kAmFNu2KKPVrpMWaBID49QwQTDyhetNLaVVFM88iUdA9JDoVMEuP1mm39JqyzHTu ++uBrdP4Q= + -----END CERTIFICATE----- +diff --git a/test/net/fixtures/server.key b/test/net/fixtures/server.key +index 7f2380e71e637..6a83d5bcf4a52 100644 +--- a/test/net/fixtures/server.key ++++ b/test/net/fixtures/server.key +@@ -1,28 +1,27 @@ +------BEGIN PRIVATE KEY----- +-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDo2pwBLisQ7EnN +-XgcTB5xwnsZ0vBPC4W/Ggv3jSOAspWjHnkLeYFRl5moUV3ow0My1ttnD0t/JJZdU +-Z8/2vl7Li+4DxeHi+ef30QxH8LjaM1qtQa3ntaJ7t78w2mD441SivDr9G3TZ3HRC +-6Sm+36y0T+sy9Abx4YxLqIv7Keexvx0B7nMP+UDc1RV52cZz0MDdy+TaGUeAxhQE +-cv2afI8RgnZJBHnM8lwxIpUTPl1Apk3gowImfVI7u+1loQ/ta7A81N5hFV7T3WgJ +-n0pXpcKpbYaSxfSk1LcTO1JjJAXizOOKPNQ1NCsQu1hy5+GNHXSMYRYgPdAcTo9u +-/f5kEE9BAgMBAAECggEBAOHkwhc7DLh8IhTDNSW26oMu5OP2WU1jmiYAigDmf+OQ +-DBgrZj+JQBci8qINQxL8XLukSZn5hvQCLc7Kbyu1/wyEEUFDxSGGwwzclodr9kho +-LX2LDASPZrOSzD2+fPi2wTKmXKuS6Uc44OjQfZkYMNkz9r4Vkm8xGgOD3VipjIYX +-QXlhhdqkXZcNABsihCV52GKkDFSVm8jv95YJc5xhoYCy/3a4/qPdF0aT2R7oYUej +-hKrxVDskyooe8Zg/JTydZNV5GQEDmW01/K3r6XGT26oPi1AqMU1gtv/jkW56CRQQ +-1got8smnqM+AV7Slf9R6DauIPdQJ2S8wsr/o8ISBsOECgYEA9YrqEP2gAYSGFXRt +-liw0WI2Ant8BqXS6yvq1jLo/qWhLw/ph4Di73OQ2mpycVTpgfGr2wFPQR1XJ+0Fd +-U+Ir/C3Q7FK4VIGHK7B0zNvZr5tEjlFfeRezo2JMVw5YWeSagIFcSwK+KqCTH9qc +-pw/Eb8nB/4XNcpTZu7Fg0Wc+ooUCgYEA8sVaicn1Wxkpb45a4qfrA6wOr5xdJ4cC +-A5qs7vjX2OdPIQOmoQhdI7bCWFXZzF33wA4YCws6j5wRaySLIJqdms8Gl9QnODy1 +-ZlA5gwKToBC/jqPmWAXSKb8EH7cHilaxU9OKnQ7CfwlGLHqjMtjrhR7KHlt3CVRs +-oRmvsjZVXI0CgYAmPedslAO6mMhFSSfULrhMXmV82OCqYrrA6EEkVNGbcdnzAOkD +-gfKIWabDd8bFY10po4Mguy0CHzNhBXIioWQWV5BlbhC1YKMLw+S9DzSdLAKGY9gJ +-xQ4+UQ3wtRQ/k+IYR413RUsW2oFvgZ3KSyNeAb9MK6uuv84VdG/OzVSs/QKBgQDn +-kap//l2EbObiWyaERunckdVcW0lcN+KK75J/TGwPoOwQsLvTpPe65kxRGGrtDsEQ +-uCDk/+v3KkZPLgdrrTAih9FhJ+PVN8tMcb+6IM4SA4fFFr/UPJEwct0LJ3oQ0grJ +-y+HPWFHb/Uurh7t99/4H98uR02sjQh1wOeEmm78mzQKBgQDm+LzGH0se6CXQ6cdZ +-g1JRZeXkDEsrW3hfAsW62xJQmXcWxBoblP9OamMY+A06rM5og3JbDk5Zm6JsOaA8 +-wS2gw4ilp46jors4eQey8ux7kB9LzdBoDBBElnsbjLO8oBNZlVcYXg+6BOl/CUi7 +-2whRF0FEjKA8ehrNhAq+VFfFNw== +------END PRIVATE KEY----- ++-----BEGIN RSA PRIVATE KEY----- ++MIIEowIBAAKCAQEAsPnoGUOnrpiSqt4XynxA+HRP7S+BSObI6qJ7fQAVSPtRkqso ++tWxQYLEYzNEx5ZSHTGypibVsJylvCfuToDTfMul8b/CZjP2Ob0LdpYrNH6l5hvFE ++89FU1nZQF15oVLOpUgA7wGiHuEVawrGfey92UE68mOyUVXGweJIVDdxqdMoPvNNU ++l86BU02vlBiESxOuox+dWmuVV7vfYZ79Toh/LUK43YvJh+rhv4nKuF7iHjVjBd9s ++B6iDjj70HFldzOQ9r8SRI+9NirupPTkF5AKNe6kUhKJ1luB7S27ZkvB3tSTT3P59 ++3VVJvnzOjaA1z6Cz+4+eRvcysqhrRgFlwI9TEwIDAQABAoIBAEEYiyDP29vCzx/+ ++dS3LqnI5BjUuJhXUnc6AWX/PCgVAO+8A+gZRgvct7PtZb0sM6P9ZcLrweomlGezI ++FrL0/6xQaa8bBr/ve/a8155OgcjFo6fZEw3Dz7ra5fbSiPmu4/b/kvrg+Br1l77J ++aun6uUAs1f5B9wW+vbR7tzbT/mxaUeDiBzKpe15GwcvbJtdIVMa2YErtRjc1/5B2 ++BGVXyvlJv0SIlcIEMsHgnAFOp1ZgQ08aDzvilLq8XVMOahAhP1O2A3X8hKdXPyrx ++IVWE9bS9ptTo+eF6eNl+d7htpKGEZHUxinoQpWEBTv+iOoHsVunkEJ3vjLP3lyI/ ++fY0NQ1ECgYEA3RBXAjgvIys2gfU3keImF8e/TprLge1I2vbWmV2j6rZCg5r/AS0u ++pii5CvJ5/T5vfJPNgPBy8B/yRDs+6PJO1GmnlhOkG9JAIPkv0RBZvR0PMBtbp6nT ++Y3yo1lwamBVBfY6rc0sLTzosZh2aGoLzrHNMQFMGaauORzBFpY5lU50CgYEAzPHl ++u5DI6Xgep1vr8QvCUuEesCOgJg8Yh1UqVoY/SmQh6MYAv1I9bLGwrb3WW/7kqIoD ++fj0aQV5buVZI2loMomtU9KY5SFIsPV+JuUpy7/+VE01ZQM5FdY8wiYCQiVZYju9X ++Wz5LxMNoz+gT7pwlLCsC4N+R8aoBk404aF1gum8CgYAJ7VTq7Zj4TFV7Soa/T1eE ++k9y8a+kdoYk3BASpCHJ29M5R2KEA7YV9wrBklHTz8VzSTFTbKHEQ5W5csAhoL5Fo ++qoHzFFi3Qx7MHESQb9qHyolHEMNx6QdsHUn7rlEnaTTyrXh3ifQtD6C0yTmFXUIS ++CW9wKApOrnyKJ9nI0HcuZQKBgQCMtoV6e9VGX4AEfpuHvAAnMYQFgeBiYTkBKltQ ++XwozhH63uMMomUmtSG87Sz1TmrXadjAhy8gsG6I0pWaN7QgBuFnzQ/HOkwTm+qKw ++AsrZt4zeXNwsH7QXHEJCFnCmqw9QzEoZTrNtHJHpNboBuVnYcoueZEJrP8OnUG3r ++UjmopwKBgAqB2KYYMUqAOvYcBnEfLDmyZv9BTVNHbR2lKkMYqv5LlvDaBxVfilE0 ++2riO4p6BaAdvzXjKeRrGNEKoHNBpOSfYCOM16NjL8hIZB1CaV3WbT5oY+jp7Mzd5 ++7d56RZOE+ERK2uz/7JX9VSsM/LbH9pJibd4e8mikDS9ntciqOH/3 ++-----END RSA PRIVATE KEY----- diff --git a/SPECS/ruby.spec b/SPECS/ruby.spec index 7af0c98..cb24fee 100644 --- a/SPECS/ruby.spec +++ b/SPECS/ruby.spec @@ -1,6 +1,6 @@ %global major_version 3 %global minor_version 3 -%global teeny_version 1 +%global teeny_version 0 %global major_minor_version %{major_version}.%{minor_version} %global ruby_version %{major_minor_version}.%{teeny_version} @@ -27,7 +27,7 @@ %global rubygems_dir %{_datadir}/rubygems # Bundled libraries versions -%global rubygems_version 3.5.9 +%global rubygems_version 3.5.3 %global rubygems_molinillo_version 0.8.0 %global rubygems_net_http_version 0.4.0 %global rubygems_net_protocol_version 0.2.2 @@ -35,10 +35,9 @@ %global rubygems_resolv_version 0.3.0 %global rubygems_timeout_version 0.4.1 %global rubygems_tsort_version 0.2.0 -%global rubygems_uri_version 0.13.0 # Default gems. -%global bundler_version 2.5.9 +%global bundler_version 2.5.3 %global bundler_connection_pool_version 2.4.1 %global bundler_fileutils_version 1.7.2 %global bundler_net_http_persistent_version 4.0.2 @@ -72,7 +71,7 @@ %global ipaddr_version 1.2.6 %global logger_version 1.6.0 %global mutex_m_version 0.2.0 -%global net_http_version 0.4.1 +%global net_http_version 0.4.0 %global net_protocol_version 0.2.2 %global nkf_version 0.1.3 %global observer_version 0.1.2 @@ -118,14 +117,14 @@ %global irb_version 1.11.0 %global json_version 2.7.1 %global psych_version 5.1.2 -%global rdoc_version 6.6.3.1 +%global rdoc_version 6.6.2 # Bundled gems. %global debug_version 1.9.1 -%global net_ftp_version 0.3.4 -%global net_imap_version 0.4.9.1 +%global net_ftp_version 0.3.3 +%global net_imap_version 0.4.9 %global net_pop_version 0.1.2 -%global net_smtp_version 0.4.0.1 +%global net_smtp_version 0.4.0 %global matrix_version 0.4.2 %global minitest_version 5.20.0 %global power_assert_version 2.0.3 @@ -138,9 +137,6 @@ %global test_unit_version 3.6.1 %global typeprof_version 0.21.9 -# Bundled nkf version -%global bundled_nkf_version 2.1.5 - %global tapset_libdir %(echo %{_libdir} | sed 's/64//')* %if 0%{?fedora} >= 19 @@ -167,49 +163,14 @@ Summary: An interpreter of object-oriented scripting language Name: ruby Version: %{ruby_version}%{?development_release} -Release: 2%{?dist} -# Licenses, which are likely not included in binary RPMs: -# Apache-2.0: -# benchmark/gc/redblack.rb -# But this file might be BSD-2-Clause licensed after all: -# https://bugs.ruby-lang.org/issues/20420 -# GPL-1.0-or-later: ext/win32/lib/win32/sspi.rb -# GPL-1.0-or-later OR Artistic-1.0-Perl: win32/win32.c, include/ruby/win32.h, -# ext/win32ole/win32ole.c -# -# !!! Problematic licenses: -# LicenseRef-scancode-unicode-mappings: ext/json/generator/generator.c -# https://bugs.ruby-lang.org/issues/11844#note-19 -# https://github.com/flori/json/issues/277 -# https://github.com/flori/json/pull/567 -# -# Licenses under review: -# .bundle/gems/net-imap-0.4.9/LICENSE.txt -# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/506 -# -# Approved license without SPDX identifier: -# ext/pty/pty.c -# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/503 -# -# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c, addr2line.c:2652 -# CC0: ccan/{build_assert/build_assert.h,check_type/check_type.h, -# container_of/container_of.h,str/str.h} -# Allowed based on 'grandfather clause': -# https://gitlab.com/fedora/legal/fedora-license-data/-/blob/7d9720b2cfd8ccb98d1975312942d99588a0da7c/data/CC0-1.0.toml#L11-14 -# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/499 -# dtoa: missing/dtoa.c -# GPL-3.0-or-later WITH Bison-exception-2.2: parse.{c,h}, ext/ripper/ripper.c -# HPND-Markus-Kuhn: missing/langinfo.c +Release: 1%{?dist} +# BSD-3-Clause: missing/{crypt,mt19937,setproctitle}.c # ISC: missing/strl{cat,cpy}.c -# LicenseRef-Fedora-Public-Domain: include/ruby/st.h, strftime.c, missing/*, ... -# https://gitlab.com/fedora/legal/fedora-license-data/-/merge_requests/145 -# MIT: ccan/list/list.h -# Ruby OR BSD-2-Clause OR GPL-1.0-or-later: lib/net/protocol.rb -# Unicode-DFS-2015: some of enc/trans/**/*.src -# There is also license review ticket here: -# https://gitlab.com/fedora/legal/fedora-license-data/-/issues/500 +# Public Domain for example for: include/ruby/st.h, strftime.c, missing/*, ... +# MIT and CCO: ccan/* # zlib: ext/digest/md5/md5.*, ext/nkf/nkf-utf8/nkf.c -License: (Ruby OR BSD-2-Clause) AND (Ruby OR BSD-2-Clause OR GPL-1.0-or-later) AND BSD-3-Clause AND (GPL-3.0-or-later WITH Bison-exception-2.2) AND ISC AND LicenseRef-Fedora-Public-Domain AND MIT AND CC0 AND zlib AND Unicode-DFS-2015 AND HPND-Markus-Kuhn +# Unicode-DFS-2015: some of enc/trans/**/*.src +License: (Ruby OR BSD-2-Clause) AND BSD-3-Clause AND ISC AND Public Domain AND MIT and CC0 AND zlib AND Unicode-DFS-2015 URL: https://www.ruby-lang.org/ Source0: https://cache.ruby-lang.org/pub/%{name}/%{major_minor_version}/%{ruby_archive}.tar.xz Source1: operating_system.rb @@ -270,13 +231,26 @@ Patch9: ruby-3.3.0-Disable-syntax-suggest-test-case.patch # Revert patches causing segfaults in alexandria package. # https://bugs.ruby-lang.org/issues/20079 Patch10: ruby-3.3.0-Revert-Optimize-allocations-in-Hash-compare_by_identity.patch +# Fix net-http test errors due to expired certificate +# https://github.com/ruby/ruby/commit/d3933fc753187a055a4904af82f5f3794c88c416 +# https://bugs.ruby-lang.org/issues/20106 +Patch11: ruby-3.4.0-ruby-net-http-Renew-test-certificates.patch # Armv8.3+ capable CPUs might segfault with incorrect compilation options. # See related upstream report: https://bugs.ruby-lang.org/issues/20085 # https://bugs.ruby-lang.org/issues/20154 Patch12: ruby-3.4.0-fix-branch-protection-compilation-for-arm.patch -# Fix build issue on i686 due to "incompatible pointer type" error. -# https://bugs.ruby-lang.org/issues/20447 -Patch13: ruby-3.4.0-Fix-pointer-incompatiblity.patch +# Revert adding AI_ADDRCONFIG flag to getaddrinfo(3) calls. +# It is causing problems when network is in certain, valid, configuration. +# When loopback interface is IPv6 capable, but no regular network interface +# is IPv6 capable, in some situations (such as in TestNetHTTPLocalBind) +# this might result in creating IPv4 socket and then binding it +# to IPv6 family connection. +# That is incorrect behavior and such operation will result in +# Errno::EAFNOSUPPORT exception. +# The point of the upstream change is to workaround a glibc bug +# that is not present for us. Therefore we can safely revert the change. +# https://bugs.ruby-lang.org/issues/20208 +Patch13: ruby-3.4.0-Revert-Set-AI_ADDRCONFIG-when-making-getaddrinfo.patch Requires: %{name}-libs%{?_isa} = %{version}-%{release} %{?with_rubypick:Suggests: rubypick} @@ -354,11 +328,6 @@ Provides: bundled(ccan-check_type) Provides: bundled(ccan-container_of) Provides: bundled(ccan-list) -# https://github.com/nurse/nkf -# Please note that nkf going to be promoted to bundled gem in Ruby 3.4: -# https://github.com/ruby/ruby/commit/2e3a7f70ae71650be6ea38a483f66ce17ca5eb1d -Provides: bundled(nkf) = %{bundled_nkf_version} - # StdLib default gems. Provides: bundled(rubygem-did_you_mean) = %{did_you_mean_version} Provides: bundled(rubygem-openssl) = %{openssl_version} @@ -381,8 +350,7 @@ Version: %{rubygems_version} # lib/rubygems/timeout/ # lib/rubygems/tsort/ # MIT: lib/rubygems/resolver/molinillo -# Ruby OR BSD-2-Clause OR GPL-1.0-or-later: lib/net/protocol.rb -License: (Ruby OR MIT) AND BSD-2-Clause AND (BSD-2-Clause OR Ruby) AND (Ruby OR BSD-2-Clause OR GPL-1.0-or-later) AND MIT +License: (Ruby OR MIT) AND BSD-2-Clause AND (BSD-2-Clause OR Ruby) AND MIT Requires: ruby(release) Recommends: rubygem(bundler) >= %{bundler_version} Recommends: rubygem(rdoc) >= %{rdoc_version} @@ -493,8 +461,7 @@ This package contains documentation for %{name}. %package -n rubygem-bigdecimal Summary: BigDecimal provides arbitrary-precision floating point decimal arithmetic Version: %{bigdecimal_version} -# dtoa: missing/dtoa.c -License: (Ruby OR BSD-2-Clause) AND dtoa +License: Ruby OR BSD-2-Clause Provides: bundled(rubygem-bigdecimal) = %{bigdecimal_version} %description -n rubygem-bigdecimal @@ -749,6 +716,7 @@ analysis result in RBS format, a standard type description format for Ruby %patch -P 6 -p1 %patch -P 9 -p1 %patch -P 10 -p1 +%patch -P 11 -p1 %patch -P 12 -p1 %patch -P 13 -p1 @@ -965,16 +933,16 @@ checksec --file=%{_vpath_builddir}/libruby.so.%{ruby_version} | \ # Molinillo. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Resolver; end; end; \ - require 'rubygems/vendor/molinillo/lib/molinillo/gem_metadata'; \ + require 'rubygems/resolver/molinillo/lib/molinillo/gem_metadata'; \ puts '%%{rubygems_molinillo_version}: %{rubygems_molinillo_version}'; \ - puts %Q[Gem::Molinillo::VERSION: #{Gem::Molinillo::VERSION}]; \ - exit 1 if Gem::Molinillo::VERSION != '%{rubygems_molinillo_version}'; \ + puts %Q[Gem::Resolver::Molinillo::VERSION: #{Gem::Resolver::Molinillo::VERSION}]; \ + exit 1 if Gem::Resolver::Molinillo::VERSION != '%{rubygems_molinillo_version}'; \ \"" # Net::HTTP. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Net; end; end; \ - require 'rubygems/vendor/net-http/lib/net/http'; \ + require 'rubygems/net-http/lib/net/http'; \ puts '%%{rubygems_net_http_version}: %{rubygems_net_http_version}'; \ puts %Q[Gem::Net::HTTP::VERSION: #{Gem::Net::HTTP::VERSION}]; \ exit 1 if Gem::Net::HTTP::VERSION != '%{rubygems_net_http_version}'; \ @@ -983,7 +951,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Net::Protocol. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; module Net; end; end; \ - require 'rubygems/vendor/net-protocol/lib/net/protocol'; \ + require 'rubygems/net-protocol/lib/net/protocol'; \ puts '%%{rubygems_net_protocol_version}: %{rubygems_net_protocol_version}'; \ puts %Q[Gem::Net::Protocol::VERSION: #{Gem::Net::Protocol::VERSION}]; \ exit 1 if Gem::Net::Protocol::VERSION != '%{rubygems_net_protocol_version}'; \ @@ -992,7 +960,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # OptParse. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/vendor/optparse/lib/optparse'; \ + require 'rubygems/optparse/lib/optparse'; \ puts '%%{rubygems_optparse_version}: %{rubygems_optparse_version}'; \ puts %Q[Gem::OptionParser::Version: #{Gem::OptionParser::Version}]; \ exit 1 if Gem::OptionParser::Version != '%{rubygems_optparse_version}'; \ @@ -1001,7 +969,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Resolv. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/vendor/resolv/lib/resolv'; \ + require 'rubygems/resolv/lib/resolv'; \ puts '%%{rubygems_resolv_version}: %{rubygems_resolv_version}'; \ puts %Q[Gem::Resolv::VERSION: #{Gem::Resolv::VERSION}]; \ exit 1 if Gem::Resolv::VERSION != '%{rubygems_resolv_version}'; \ @@ -1010,7 +978,7 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # Timeout. make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/vendor/timeout/lib/timeout'; \ + require 'rubygems/timeout/lib/timeout'; \ puts '%%{rubygems_timeout_version}: %{rubygems_timeout_version}'; \ puts %Q[Gem::Timeout::VERSION: #{Gem::Timeout::VERSION}]; \ exit 1 if Gem::Timeout::VERSION != '%{rubygems_timeout_version}'; \ @@ -1019,21 +987,12 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ # TSort make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ module Gem; end; \ - require 'rubygems/vendor/tsort/lib/tsort'; \ + require 'rubygems/tsort/lib/tsort'; \ puts '%%{rubygems_tsort_version}: %{rubygems_tsort_version}'; \ puts %Q[Gem::TSort::VERSION: #{Gem::TSort::VERSION}]; \ exit 1 if Gem::TSort::VERSION != '%{rubygems_tsort_version}'; \ \"" -# URI. -make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ - module Gem; end; \ - require 'rubygems/vendor/uri/lib/uri/version'; \ - puts '%%{rubygems_uri_version}: %{rubygems_uri_version}'; \ - puts %Q[Gem::URI::VERSION: #{Gem::URI::VERSION}]; \ - exit 1 if Gem::URI::VERSION != '%{rubygems_uri_version}'; \ -\"" - # Check Bundler bundled dependencies versions. # connection_pool. @@ -1100,16 +1059,6 @@ make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ exit 1 if Bundler::URI::VERSION != '%{bundler_uri_version}'; \ \"" -# Check bundled libraries versions. - -# Nkf. -make -C %{_vpath_builddir} -s runruby TESTRUN_SCRIPT="-e \" \ - require 'nkf'; \ - puts '%%{bundled_nkf_version}: %{bundled_nkf_version}'; \ - puts %Q[NKF::NKF_VERSION: #{NKF::NKF_VERSION}]; \ - exit 1 if NKF::NKF_VERSION != '%{bundled_nkf_version}'; \ -\"" - # test_debug(TestRubyOptions) fails due to LoadError reported in debug mode, # when abrt.rb cannot be required (seems to be easier way then customizing @@ -1724,19 +1673,6 @@ make -C %{_vpath_builddir} runruby TESTRUN_SCRIPT=" \ %changelog -* Mon May 20 2024 Jarek Prokop - 3.3.1-2 -- Upgrade to Ruby 3.3.1. - Resolves: RHEL-37446 -- Fix buffer overread vulnerability in StringIO. - (CVE-2024-27280) - Resolves: RHEL-37448 -- Fix RCE vulnerability with .rdoc_options in RDoc. - (CVE-2024-27281) - Resolves: RHEL-37449 -- Fix Arbitrary memory address read vulnerability with Regex search. - (CVE-2024-27282) - Resolves: RHEL-37447 - * Thu Jan 18 2024 Jarek Prokop - 3.3.0-1 - Upgrade to Ruby 3.3.0. Resolves: RHEL-17090