Merge branch 'maint-2.0' into maint

rhenium · rhenium · commit 1c8eb3065fe0 · 2018-10-17T17:33:17.000+09:00
* maint-2.0:
  Ruby/OpenSSL 2.0.9
  needs openssl/opensslv.h
  x509name: fix OpenSSL::X509::Name#{cmp,&lt;=&gt;}
diff --git a/History.md b/History.md
@@ -55,6 +55,29 @@ Notable changes
   [[GitHub #177]](https://github.com/ruby/openssl/pull/177)
 
 
+Version 2.0.9
+=============
+
+Security fixes
+--------------
+
+* OpenSSL::X509::Name#<=> could incorrectly return 0 (= equal) for non-equal
+  objects. CVE-2018-16395 is assigned for this issue.
+  https://hackerone.com/reports/387250
+
+Bug fixes
+---------
+
+* Fixed OpenSSL::PKey::*.{new,generate} immediately aborting if the thread is
+  interrupted.
+  [[Bug #14882]](https://bugs.ruby-lang.org/issues/14882)
+  [[GitHub #205]](https://github.com/ruby/openssl/pull/205)
+* Fixed OpenSSL::X509::Name#to_s failing with OpenSSL::X509::NameError if
+  called against an empty instance.
+  [[GitHub #200]](https://github.com/ruby/openssl/issues/200)
+  [[GitHub #211]](https://github.com/ruby/openssl/pull/211)
+
+
 Version 2.0.8
 =============
 
diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb
@@ -114,7 +114,7 @@ def find_openssl_library
   OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")
 }
 
-if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER")
+if ($mswin || $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")
   $defs.push("-DNOCRYPT")
 end
 
diff --git a/ext/openssl/ossl_x509name.c b/ext/openssl/ossl_x509name.c
@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)
 
     result = ossl_x509name_cmp0(self, other);
     if (result < 0) return INT2FIX(-1);
-    if (result > 1) return INT2FIX(1);
+    if (result > 0) return INT2FIX(1);
 
     return INT2FIX(0);
 }
diff --git a/test/test_x509name.rb b/test/test_x509name.rb
@@ -405,10 +405,16 @@ def test_equals2
   end
 
   def test_spaceship
-    n1 = OpenSSL::X509::Name.parse_rfc2253 'CN=a'
-    n2 = OpenSSL::X509::Name.parse_rfc2253 'CN=b'
-
-    assert_equal(-1, n1 <=> n2)
+    n1 = OpenSSL::X509::Name.new([["CN", "a"]])
+    n2 = OpenSSL::X509::Name.new([["CN", "a"]])
+    n3 = OpenSSL::X509::Name.new([["CN", "ab"]])
+
+    assert_equal 0, n1 <=> n2
+    assert_equal -1, n1 <=> n3
+    assert_equal 0, n2 <=> n1
+    assert_equal -1, n2 <=> n3
+    assert_equal 1, n3 <=> n1
+    assert_equal 1, n3 <=> n2
   end
 
   def name_hash(name)

Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ def find_openssl_library`
`114`	`114`	`OpenSSL.check_func_or_macro("ENGINE_load_#{name}", "openssl/engine.h")`
`115`	`115`	`}`
`116`	`116`
`117`		`-if ($mswin \|\| $mingw) && have_macro("LIBRESSL_VERSION_NUMBER")`
	`117`	`+if ($mswin \|\| $mingw) && have_macro("LIBRESSL_VERSION_NUMBER", "openssl/opensslv.h")`
`118`	`118`	`$defs.push("-DNOCRYPT")`
`119`	`119`	`end`
`120`	`120`
Original file line number	Diff line number	Diff line change
`@@ -400,7 +400,7 @@ ossl_x509name_cmp(VALUE self, VALUE other)`
`400`	`400`
`401`	`401`	`result = ossl_x509name_cmp0(self, other);`
`402`	`402`	`if (result < 0) return INT2FIX(-1);`
`403`		`- if (result > 1) return INT2FIX(1);`
	`403`	`+ if (result > 0) return INT2FIX(1);`
`404`	`404`
`405`	`405`	`return INT2FIX(0);`
`406`	`406`	`}`