ruby.git/ext/openssl, branch ruby_2_7 The Ruby Programming Language Merge openssl-2.1.4 2022-11-24T11:06:00+00:00 Kazuki Yamaguchi k@rhe.jp 2022-09-08T14:02:44+00:00 9308e32aa64b3d7da909356c6a225dcc55857bcf The changes can be found at: https://github.com/ruby/openssl/compare/v2.1.3...v2.1.4 
The changes can be found at:

  https://github.com/ruby/openssl/compare/v2.1.3...v2.1.4
openssl: import v2.1.3 2021-11-24T07:45:46+00:00 Kazuki Yamaguchi k@rhe.jp 2021-09-28T06:55:12+00:00 e0b323632f5ea07e2646a2ec0b72f56093348265 Bring the local copy of ruby/openssl in sync with the upstream gem release v2.1.3. The commits happened in the upstream repository can be found at: https://github.com/ruby/openssl/compare/v2.1.2...v2.1.3 Note that many of these have already been applied to ruby.git and don't appear in the file changes of this commit. 
Bring the local copy of ruby/openssl in sync with the upstream gem
release v2.1.3. The commits happened in the upstream repository can be
found at:

	https://github.com/ruby/openssl/compare/v2.1.2...v2.1.3

Note that many of these have already been applied to ruby.git and don't
appear in the file changes of this commit.
OpenSSL 1.1.1 introduces a new '.include' directive. Update our config 2020-07-11T07:10:41+00:00 nagachika nagachika@ruby-lang.org 2020-07-11T07:10:41+00:00 b4c893a62c71ac28795f8fcefb375131833afd0c parser to support that. As mentioned in the referenced GitHub issue, we should use the OpenSSL API instead of implementing the parsing logic ourselves, but it will need backwards-incompatible changes which we can't backport to stable versions. So continue to use the Ruby implementation for now. References: https://github.com/ruby/openssl/issues/208 https://github.com/ruby/openssl/pull/216 The original patch was written by Kazuki Yamaguchi <k@rhe.jp> and the patch for ruby_2_7 branch was prepared by Vít Ondruch. 
parser to support that.

As mentioned in the referenced GitHub issue, we should use the OpenSSL
API instead of implementing the parsing logic ourselves, but it will
need backwards-incompatible changes which we can't backport to stable
versions. So continue to use the Ruby implementation for now.

References:
  https://github.com/ruby/openssl/issues/208
  https://github.com/ruby/openssl/pull/216

The original patch was written by Kazuki Yamaguchi <k@rhe.jp> and
the patch for ruby_2_7 branch was prepared by Vít Ondruch.
ext/openssl/extconf.rb: check with -Werror=deprecated-declarations 2019-12-05T09:23:01+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2019-12-05T07:18:22+00:00 c3abbc1b2f52015dc839fd96545380dbc11c77a9 This reverts commit 0d7d8b2989e1738dd902d354cc41186899e6b71e, but restore `$warnflags` without the flag, to get rid of using deprecated functions. 
This reverts commit 0d7d8b2989e1738dd902d354cc41186899e6b71e,
but restore `$warnflags` without the flag, to get rid of using
deprecated functions.
ext/openssl/extconf.rb: do not use -Werror=deprecated-declarations 2019-12-05T05:45:45+00:00 Yusuke Endoh mame@ruby-lang.org 2019-12-05T05:41:38+00:00 0d7d8b2989e1738dd902d354cc41186899e6b71e It fails to build on Solaris: ``` ossl_cipher.c: 関数 ‘ossl_cipher_init’ 内: ossl_cipher.c:228:2: エラー: ‘EVP_md5’ is deprecated [-Werror=deprecated-declarations] 228 | EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv, | ^~~~~~~~~~~~~~ In file included from /usr/include/openssl/x509.h:73, from /usr/include/openssl/x509v3.h:63, from ossl.h:23, from ossl_cipher.c:10: /usr/include/openssl/evp.h:732:26: 備考: ここで宣言されています 732 | DEPRECATED const EVP_MD *EVP_md5(void); | ^~~~~~~ ``` I agree that `-Werror=` is a good habit, but adding it by default is too aggressive. 
It fails to build on Solaris:

```
ossl_cipher.c: 関数 ‘ossl_cipher_init’ 内:
ossl_cipher.c:228:2: エラー: ‘EVP_md5’ is deprecated [-Werror=deprecated-declarations]
  228 |  EVP_BytesToKey(EVP_CIPHER_CTX_cipher(ctx), EVP_md5(), iv,
      |  ^~~~~~~~~~~~~~
In file included from /usr/include/openssl/x509.h:73,
                 from /usr/include/openssl/x509v3.h:63,
                 from ossl.h:23,
                 from ossl_cipher.c:10:
/usr/include/openssl/evp.h:732:26: 備考: ここで宣言されています
  732 | DEPRECATED const EVP_MD *EVP_md5(void);
      |                          ^~~~~~~
```

I agree that `-Werror=` is a good habit, but adding it by default is too
aggressive.
[ruby/openssl] Remove taint support 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-10-18T19:28:44+00:00 afbd8f384a54b934debe6e48cfc299fb2c7669e9 Ruby 2.7 deprecates taint and it no longer has an effect. The lack of taint support should not cause a problem in previous Ruby versions. 
Ruby 2.7 deprecates taint and it no longer has an effect.
The lack of taint support should not cause a problem in
previous Ruby versions.
Deprecate taint/trust and related methods, and make the methods no-ops 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-09-25T03:59:12+00:00 ffd0820ab317542f8780aac475da590a4bdbc7a8 This removes the related tests, and puts the related specs behind version guards. This affects all code in lib, including some libraries that may want to support older versions of Ruby. 
This removes the related tests, and puts the related specs behind
version guards.  This affects all code in lib, including some
libraries that may want to support older versions of Ruby.
Warn on access/modify of $SAFE, and remove effects of modifying $SAFE 2019-11-17T23:00:25+00:00 Jeremy Evans code@jeremyevans.net 2019-09-21T02:06:22+00:00 c5c05460ac20abcbc0ed686eb4acf06da7a39a79 This removes the security features added by $SAFE = 1, and warns for access or modification of $SAFE from Ruby-level, as well as warning when calling all public C functions related to $SAFE. This modifies some internal functions that took a safe level argument to no longer take the argument. rb_require_safe now warns, rb_require_string has been added as a version that takes a VALUE and does not warn. One public C function that still takes a safe level argument and that this doesn't warn for is rb_eval_cmd. We may want to consider adding an alternative method that does not take a safe level argument, and warn for rb_eval_cmd. 
This removes the security features added by $SAFE = 1, and warns for access
or modification of $SAFE from Ruby-level, as well as warning when calling
all public C functions related to $SAFE.

This modifies some internal functions that took a safe level argument
to no longer take the argument.

rb_require_safe now warns, rb_require_string has been added as a
version that takes a VALUE and does not warn.

One public C function that still takes a safe level argument and that
this doesn't warn for is rb_eval_cmd.  We may want to consider
adding an alternative method that does not take a safe level argument,
and warn for rb_eval_cmd.
Prefer rb_gc_register_mark_object 2019-10-10T10:59:21+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2019-10-10T10:38:37+00:00 9c0cd5c569ba22bc68d1a77ad6580a275cd99639 * ext/openssl/ossl_asn1.c (Init_ossl_asn1): prefer `rb_gc_register_mark_object`, which is better for constant objects, over `rb_gc_register_address` for global/static variables which can be re-assigned at runtime. [Bug #16196] 
* ext/openssl/ossl_asn1.c (Init_ossl_asn1): prefer
  `rb_gc_register_mark_object`, which is better for constant
  objects, over `rb_gc_register_address` for global/static
  variables which can be re-assigned at runtime.  [Bug #16196]
Guard static variable first 2019-10-10T07:25:28+00:00 Nobuyoshi Nakada nobu@ruby-lang.org 2019-10-10T07:08:39+00:00 203b7fa1ae8cc40d41c38d684f70b3fea7fae813 * ext/openssl/ossl_asn1.c (Init_ossl_asn1): register the static variable to grab an internal object, before creating the object. otherwise the just-created object could get collected during the global variable list allocation. [Bug #16196] 
* ext/openssl/ossl_asn1.c (Init_ossl_asn1): register the static
  variable to grab an internal object, before creating the object.
  otherwise the just-created object could get collected during the
  global variable list allocation.  [Bug #16196]