rpms/ruby
7
0
Fork 0
Code Issues Pull Requests Releases Activity

OpenSSL 1.1.0f-3 disables some weak ciphers.

Browse Source 
Adjust the package to pass the tests suite.
This commit is contained in:
Vít Ondruch 2017-07-20 16:41:16 +02:00
parent 5c42276905
commit fde2a68e73
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
ruby-2.5.0-allow-3DES-cipher-suites-in-test_sslctx_set_params.patch Normal file
View File

@ -0,0 +1,26 @@
From 261353a42d0dc0e7bf73e5a8fb8ecffd04249d42 Mon Sep 17 00:00:00 2001
From: Kazuki Yamaguchi <k@rhe.jp>
Date: Tue, 27 Jun 2017 14:31:09 +0900
Subject: [PATCH] test/test_ssl: allow 3DES cipher suites in
test_sslctx_set_params
Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT.
Fixes: https://github.com/ruby/openssl/issues/127
---
test/test_ssl.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
index 19066566..b3efe95a 100644
--- a/test/openssl/test_ssl.rb
+++ b/test/openssl/test_ssl.rb
@@ -350,7 +350,7 @@ def test_sslctx_set_params
assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode
ciphers_names = ctx.ciphers.collect{|v, _, _, _| v }
assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled"
- assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled"
+ assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled"
assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) # >= 1.0.0
assert_equal OpenSSL::SSL::OP_NO_COMPRESSION,

11
ruby.spec
View File

@ -21,7 +21,7 @@
%endif %endif
%global release 79 %global release 80
%{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}} %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
# The RubyGems library has to stay out of Ruby directory three, since the # The RubyGems library has to stay out of Ruby directory three, since the
@ -128,6 +128,10 @@ Patch7: ruby-2.2.3-Generate-preludes-using-miniruby.patch
# hardening features of glibc (rhbz#1361037). # hardening features of glibc (rhbz#1361037).
# https://bugs.ruby-lang.org/issues/12666 # https://bugs.ruby-lang.org/issues/12666
Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch
# Fix OpenSSL::TestSSL#test_sslctx_set_params failures due to recent changes in
# OpenSSL.
# https://github.com/ruby/openssl/issues/127
Patch10: ruby-2.5.0-allow-3DES-cipher-suites-in-test_sslctx_set_params.patch
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Suggests: rubypick Suggests: rubypick
@ -507,6 +511,7 @@ rm -rf ext/fiddle/libffi*
%patch6 -p1 %patch6 -p1
%patch7 -p1 %patch7 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1
# Provide an example of usage of the tapset: # Provide an example of usage of the tapset:
cp -a %{SOURCE3} . cp -a %{SOURCE3} .
@ -1021,6 +1026,10 @@ make check TESTS="-v $DISABLE_TESTS"
%{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
%changelog %changelog
* Thu Jul 20 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.1-80
- OpenSSL 1.1.0f-3 disables some weak ciphers. Adjust the package to pass
the tests suite.
* Mon Apr 03 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.1-79 * Mon Apr 03 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.1-79
- Update to Ruby 2.4.1. - Update to Ruby 2.4.1.