ruby-changes:30509
From: nagachika <ko1@a...>
Date: Sat, 17 Aug 2013 00:37:13 +0900 (JST)
Subject: [ruby-changes:30509] nagachika:r42588 (ruby_2_0_0): merge revision(s) 42429: [Backport #8750]
nagachika 2013-08-17 00:37:07 +0900 (Sat, 17 Aug 2013) New Revision: 42588 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=42588 Log: merge revision(s) 42429: [Backport #8750] * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073. Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] Modified directories: branches/ruby_2_0_0/ Modified files: branches/ruby_2_0_0/ChangeLog branches/ruby_2_0_0/test/openssl/test_ssl.rb branches/ruby_2_0_0/version.h Index: ruby_2_0_0/ChangeLog =================================================================== --- ruby_2_0_0/ChangeLog (revision 42587) +++ ruby_2_0_0/ChangeLog (revision 42588) @@ -1,3 +1,8 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/ChangeLog#L1 +Sat Aug 17 00:36:24 2013 Charlie Somerville <charliesome@r...> + + * test/openssl/test_ssl.rb: Fix test for CVE-2013-4073. + Patch by Antonio Terceiro. [Bug #8750] [ruby-core:56437] + Sat Aug 17 00:32:17 2013 CHIKANAGA Tomoyuki <nagachika@r...> * lib/rubygems: update to RubyGems 2.0.6. the patch by drbrain. Index: ruby_2_0_0/version.h =================================================================== --- ruby_2_0_0/version.h (revision 42587) +++ ruby_2_0_0/version.h (revision 42588) @@ -1,6 +1,6 @@ https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/version.h#L1 #define RUBY_VERSION "2.0.0" #define RUBY_RELEASE_DATE "2013-08-17" -#define RUBY_PATCHLEVEL 292 +#define RUBY_PATCHLEVEL 293 #define RUBY_RELEASE_YEAR 2013 #define RUBY_RELEASE_MONTH 8 Index: ruby_2_0_0/test/openssl/test_ssl.rb =================================================================== --- ruby_2_0_0/test/openssl/test_ssl.rb (revision 42587) +++ ruby_2_0_0/test/openssl/test_ssl.rb (revision 42588) @@ -341,7 +341,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/openssl/test_ssl.rb#L341 [true, false].each do |criticality| cert = create_null_byte_SAN_certificate(criticality) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com')) - assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, 'www.example.com\0.evil.com')) + assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, "www.example.com\0.evil.com")) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.255')) assert_equal(true, OpenSSL::SSL.verify_certificate_identity(cert, '192.168.7.1')) assert_equal(false, OpenSSL::SSL.verify_certificate_identity(cert, '13::17')) @@ -358,7 +358,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTes https://github.com/ruby/ruby/blob/trunk/ruby_2_0_0/test/openssl/test_ssl.rb#L358 ext_asn1 = OpenSSL::ASN1.decode(ext.to_der) san_list_der = ext_asn1.value.reduce(nil) { |memo,val| val.tag == 4 ? val.value : memo } san_list_asn1 = OpenSSL::ASN1.decode(san_list_der) - san_list_asn1.value[0].value = 'www.example.com\0.evil.com' + san_list_asn1.value[0].value = "www.example.com\0.evil.com" pos = critical ? 2 : 1 ext_asn1.value[pos].value = san_list_asn1.to_der real_ext = OpenSSL::X509::Extension.new ext_asn1 Property changes on: ruby_2_0_0 ___________________________________________________________________ Modified: svn:mergeinfo Merged /trunk:r42429 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/