[#48729] [ANN] ruby 2.0.0-preview1 released — Yusuke Endoh <mame@...>
Japanese later; 日本語はあとで
10 messages
2012/11/02
[#48977] Re: [ANN] ruby 2.0.0-preview1 released
— V咜 Ondruch <v.ondruch@...>
2012/11/06
Hi,
[#48979] Re: [ANN] ruby 2.0.0-preview1 released
— Yusuke Endoh <mame@...>
2012/11/06
Hello Vit,
[#48982] Re: [ANN] ruby 2.0.0-preview1 released
— V咜 Ondruch <v.ondruch@...>
2012/11/06
2012/11/6 Yusuke Endoh <mame@tsg.ne.jp>
[#48745] [ruby-trunk - Bug #7267][Open] Dir.glob on Mac OS X returns unexpected string encodings for unicode file names — "kennygrant (Kenny Grant)" <kennygrant@...>
17 messages
2012/11/02
[#48773] [ruby-trunk - Bug #7269][Open] Refinement doesn't work if using locate after method — "ko1 (Koichi Sasada)" <redmine@...>
12 messages
2012/11/03
[#48806] [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— "headius (Charles Nutter)" <headius@...>
2012/11/03
[#48808] Re: [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— SASADA Koichi <ko1@...>
2012/11/03
(2012/11/03 10:11), headius (Charles Nutter) wrote:
[#48810] Re: [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— SASADA Koichi <ko1@...>
2012/11/03
(2012/11/03 10:36), SASADA Koichi wrote:
[#48774] [ruby-trunk - Feature #4085] Refinements and nested methods — "shugo (Shugo Maeda)" <redmine@...>
3 messages
2012/11/03
[#48819] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
5 messages
2012/11/03
[#48820] [ruby-trunk - Bug #7271][Assigned] Refinement doesn't seem lexical — "ko1 (Koichi Sasada)" <redmine@...>
5 messages
2012/11/03
[#48847] [ruby-trunk - Bug #7274][Open] UnboundMethods should be bindable to any object that is_a?(owner of the UnboundMethod) — "rits (First Last)" <redmine@...>
21 messages
2012/11/04
[#48882] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
3 messages
2012/11/05
[#48964] [Backport93 - Backport #7285][Assigned] some failures on RubyInstaller CI — "usa (Usaku NAKAMURA)" <usa@...>
5 messages
2012/11/06
[#48988] [ruby-trunk - Feature #7292][Open] Enumerable#to_h — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
40 messages
2012/11/06
[#48997] [ruby-trunk - Feature #7297][Open] map_to alias for each_with_object — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
19 messages
2012/11/06
[#49018] [ruby-trunk - Feature #7299][Open] Ruby should not completely ignore blocks. — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
13 messages
2012/11/07
[#49068] [ruby-trunk - Feature #7299] Ruby should not completely ignore blocks.
— "matz (Yukihiro Matsumoto)" <matz@...>
2012/11/07
[#49078] Re: [ruby-cvs:44714] marcandre:r37544 (ruby_1_9_3): merge revisions r33453, r37542: — "U.Nakamura" <usa@...>
Hello,
4 messages
2012/11/08
[#49119] ID_ALLOCATOR ? — Roger Pack <rogerdpack2@...>
Hello.
10 messages
2012/11/08
[#49173] Re: ID_ALLOCATOR ?
— SASADA Koichi <ko1@...>
2012/11/09
Can I see ruby-prof code?
[#49174] Re: ID_ALLOCATOR ?
— Roger Pack <rogerdpack2@...>
2012/11/09
On Fri, Nov 9, 2012 at 11:14 AM, SASADA Koichi <ko1@atdot.net> wrote:
[#49196] [ruby-trunk - Feature #7322][Open] Add a new operator name #>< for bit-wise "exclusive or" — "alexeymuranov (Alexey Muranov)" <redmine@...>
18 messages
2012/11/10
[#49211] [ruby-trunk - Feature #7328][Open] Move ** operator precedence under unary + and - — "boris_stitnicky (Boris Stitnicky)" <boris@...>
20 messages
2012/11/11
[#49256] [ruby-trunk - Feature #7336][Open] Flexiable OPerator Precedence — "trans (Thomas Sawyer)" <transfire@...>
18 messages
2012/11/12
[#49267] [ruby-trunk - Feature #7340][Open] 'each_with' or 'into' alias for 'each_with_object' — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
8 messages
2012/11/12
[#49268] [ruby-trunk - Feature #7341][Open] Enumerable#associate — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
8 messages
2012/11/12
[#49282] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations. — "U.Nakamura" <usa@...>
Hello,
5 messages
2012/11/13
[#49284] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations.
— "U.Nakamura" <usa@...>
2012/11/13
Hello,
[#49292] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations.
— "NARUSE, Yui" <naruse@...>
2012/11/13
2012/11/13 U.Nakamura <usa@garbagecollect.jp>:
[#49298] [ruby-trunk - Feature #7346][Open] object(...) as syntax sugar for object.call(...) — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
7 messages
2012/11/13
[#49320] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
3 messages
2012/11/13
[#49328] [ruby-trunk - Bug #7349][Open] Struct#inspect needs more meaningful output — "postmodern (Hal Brodigan)" <postmodern.mod3@...>
6 messages
2012/11/14
[#49340] bugs.ruby-lang.org - 500 error — Luis Lavena <luislavena@...>
Hello,
6 messages
2012/11/14
[#49341] Re: bugs.ruby-lang.org - 500 error
— Joshua Ballanco <jballanc@...>
2012/11/14
I've been unable to access it since morning EET (about 6 hours now).
[#49342] Re: bugs.ruby-lang.org - 500 error
— Zachary Scott <zachary@...>
2012/11/14
It's almost 3am in Japan now, don't forget.
[#49343] Re: bugs.ruby-lang.org - 500 error
— Luis Lavena <luislavena@...>
2012/11/14
On Wed, Nov 14, 2012 at 2:46 PM, Zachary Scott <zachary@zacharyscott.net> wrote:
[#49354] review open pull requests on github — Zachary Scott <zachary@...>
Could we get a review on any open pull requests on github before the
12 messages
2012/11/15
[#49355] Re: review open pull requests on github
— "NARUSE, Yui" <naruse@...>
2012/11/15
2012/11/15 Zachary Scott <zachary@zacharyscott.net>:
[#49356] Re: review open pull requests on github
— Zachary Scott <zachary@...>
2012/11/15
Ok, I was hoping one of the maintainers might want to.
[#49382] Re: review open pull requests on github
— Marc-Andre Lafortune <ruby-core-mailing-list@...>
2012/11/15
I could add my eyes to monitor the github issues/pull requests, if only to
[#49387] Re: review open pull requests on github
— Luis Lavena <luislavena@...>
2012/11/15
On Thu, Nov 15, 2012 at 2:11 PM, Marc-Andre Lafortune
[#49388] Re: review open pull requests on github
— Zachary Scott <zachary@...>
2012/11/15
On Thu, Nov 15, 2012 at 1:01 PM, Luis Lavena <luislavena@gmail.com> wrote:
[#49391] Re: review open pull requests on github
— Marc-Andre Lafortune <ruby-core-mailing-list@...>
2012/11/15
On Thu, Nov 15, 2012 at 1:06 PM, Zachary Scott <zachary@zacharyscott.net>
[#49370] [ruby-trunk - Bug #7358][Open] Wrong fd redirection on fork — "felipec (Felipe Contreras)" <felipe.contreras@...>
6 messages
2012/11/15
[#49416] make check: missing psych — Ramkumar Ramachandra <artagnon@...>
Hi,
7 messages
2012/11/16
[#49418] Re: make check: missing psych
— Luis Lavena <luislavena@...>
2012/11/16
On Fri, Nov 16, 2012 at 9:58 AM, Ramkumar Ramachandra
[#49419] Re: make check: missing psych
— Ramkumar Ramachandra <artagnon@...>
2012/11/16
Luis Lavena wrote:
[#49463] [ruby-trunk - Feature #7375][Open] embedding libyaml in psych for Ruby 2.0 — "tenderlovemaking (Aaron Patterson)" <aaron@...>
21 messages
2012/11/16
[#49494] [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— "vo.x (Vit Ondruch)" <v.ondruch@...>
2012/11/17
[#49497] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Aaron Patterson <tenderlove@...>
2012/11/17
On Sun, Nov 18, 2012 at 03:05:50AM +0900, vo.x (Vit Ondruch) wrote:
[#49499] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— V咜 Ondruch <v.ondruch@...>
2012/11/17
Dne 17.11.2012 21:19, Aaron Patterson napsal(a):
[#49500] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Benoit Daloze <eregontp@...>
2012/11/17
On 17 November 2012 21:34, V咜 Ondruch <v.ondruch@gmail.com> wrote:
[#49524] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Yusuke Endoh <mame@...>
2012/11/18
Hello,
[#49468] [ruby-trunk - Feature #7378][Open] Adding Pathname#write — "aef (Alexander E. Fischer)" <aef@...>
6 messages
2012/11/17
[#49479] [ruby-trunk - Bug #7379][Open] Unexpected result of Kernel#gets on Windows 8 — "phasis68 (Heesob Park)" <phasis@...>
6 messages
2012/11/17
[#49518] [ruby-trunk - Bug #7383][Open] Use stricter cache check in load.c — "funny_falcon (Yura Sokolov)" <funny.falcon@...>
4 messages
2012/11/18
[#49536] [ruby-trunk - Feature #7388][Open] Object#embed — "zzak (Zachary Scott)" <zachary@...>
7 messages
2012/11/18
[#49543] [ruby-trunk - Feature #7390][Open] Funny Falcon Threads — "zzak (Zachary Scott)" <zachary@...>
4 messages
2012/11/18
[#49558] [ruby-trunk - Bug #7395][Open] Negative numbers can't be primes by definition — "zzak (Zachary Scott)" <zachary@...>
10 messages
2012/11/19
[#49868] How to stop spam from ruby-core — Heesob Park <phasis@...>
Hi,
5 messages
2012/11/22
[#49949] [ruby-trunk - Feature #7426][Assigned] Update Rdoc — "mame (Yusuke Endoh)" <mame@...>
10 messages
2012/11/24
[#50198] [ruby-trunk - Feature #7426] Update Rdoc
— "drbrain (Eric Hodel)" <drbrain@...7.net>
2012/11/27
[#50202] Re: [ruby-trunk - Feature #7426] Update Rdoc
— SASADA Koichi <ko1@...>
2012/11/27
(2012/11/27 13:33), drbrain (Eric Hodel) wrote:
[#50203] Re: [ruby-trunk - Feature #7426] Update Rdoc
— Luis Lavena <luislavena@...>
2012/11/27
On Tue, Nov 27, 2012 at 12:57 AM, SASADA Koichi <ko1@atdot.net> wrote:
[#50204] Re: [ruby-trunk - Feature #7426] Update Rdoc
— Eric Hodel <drbrain@...7.net>
2012/11/27
On Nov 26, 2012, at 10:09 PM, Luis Lavena <luislavena@gmail.com> wrote:
[#50092] [ruby-trunk - Feature #7434][Open] Allow caller_locations and backtrace_locations to receive negative params — "sam.saffron (Sam Saffron)" <sam.saffron@...>
21 messages
2012/11/25
[#50264] [ruby-trunk - Feature #7457][Open] GC.stat to return "allocated object count" and "freed object count" — "ko1 (Koichi Sasada)" <redmine@...>
5 messages
2012/11/28
[#50306] Towards a better process for changing Ruby — Magnus Holm <judofyr@...>
Hey folks,
11 messages
2012/11/29
[#50317] Re: Towards a better process for changing Ruby
— Yorick Peterse <yorickpeterse@...>
2012/11/29
What I'd like to see is primarily better communication and release
[#50320] Re: Towards a better process for changing Ruby
— Yusuke Endoh <mame@...>
2012/11/29
Hello Magnus,
[#50750] Re: Towards a better process for changing Ruby
— Magnus Holm <judofyr@...>
2012/12/11
Endoh-san,
[#50312] How to stop spam message from redmine.ruby-lang.org — Heesob Park <phasis@...>
HI,
7 messages
2012/11/29
[#50315] Re: How to stop spam message from redmine.ruby-lang.org
— "NARUSE, Yui" <naruse@...>
2012/11/29
Hi,
[#50372] [ruby-trunk - Bug #7476][Open] missing "IP_TRANSPARENT" constant for IP sockets. — "elico (Eliezer Croitoru)" <eliezer@...>
8 messages
2012/11/30
[#52809] [ruby-trunk - Feature #7476] missing "IP_TRANSPARENT" constant for IP sockets.
— "ko1 (Koichi Sasada)" <redmine@...>
2013/02/24
[#53889] Re: [ruby-trunk - Feature #7476] missing "IP_TRANSPARENT" constant for IP sockets.
— Tanaka Akira <akr@...>
2013/04/02
2013/2/24 ko1 (Koichi Sasada) <redmine@ruby-lang.org>:
[ruby-core:50328] [ruby-trunk - Bug #4408][Third Party's Issue] Net::SSH connections are subject to plaintext recovery due to lack of CTR mode
From:
"nahi (Hiroshi Nakamura)" <nakahiro@...>
Date:
2012-11-29 13:28:05 UTC
List:
ruby-core #50328
Issue #4408 has been updated by nahi (Hiroshi Nakamura). Category set to ext Status changed from Assigned to Third Party's Issue Indeed. Closing this as TPI. Added CTR test at r37994 for making sure we can use CTR. ---------------------------------------- Bug #4408: Net::SSH connections are subject to plaintext recovery due to lack of CTR mode https://bugs.ruby-lang.org/issues/4408#change-34148 Author: micah (micah anderson) Status: Third Party's Issue Priority: Normal Assignee: nahi (Hiroshi Nakamura) Category: ext Target version: 2.0.0 ruby -v: this bug can reproduce at Ruby 1.8, too =begin It is my understanding that due to the current Ruby OpenSSL bindings, only the following ciphers modes are supported in Net:SSH: >> Net::SSH supports the following ciphers: aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-...@lysator.liu.se idea-cbc none I am not talking about the ciphers (aes, des, idea, etc.) here. A quick clarification for those who need it: AES, 3DES etc. are block ciphers, this means that they take a block of cleartext and a key and produce a block of ciphertext (and vice versa), but when you're dealing with streams of information, you have to figure out how to join these blocks together, and there are security tradeoffs in how you do it. So CBC is "cipher block chaining" mode, and CTR is "counter" mode. You will notice that the only block chaining modes supported are only CBC. If you review the following: http://www.kb.cert.org/vuls/id/958563 you will see that this attack can potentially allow an attacker to recover up to 32 bits of plaintext from an arbitrary block of ciphertext from a connection secured using the SSH protocol in the standard configuration. In order to mitigate this vulnerabilty SSH can be setup to use CTR mode rather CBC mode. According to CPNI Vulnerability Advisory SSH: The most straightforward solution is to use CTR mode instead of CBC mode, since this renders SSH resistant to the attack. An RFC already exists to standardise counter mode for use in SSH (RFC 4344). Due to the limited number of cipher modes available, any system wishing to do Net::SSH (eg. capistrano operations) that has picked specific ciphers for local policy reasons that do not include CBC ciphers will result in a mysterious problem due to lack of agreed cipher modes, the only solution is to downgrade the available ciphers presented to those of what Ruby has available. This has come up a number of times on the Capistrano list (e.g. http://www.mail-archive.com/capistrano@googlegroups.com/msg05641.html). It is my understanding that the fix requires tweaking of Ruby's OpenSSL bindings to provide these newer cipher modes. In a sufficiently modern TLS implementation, i'd argue that it's simply going to be more and more incompatible with clients and servers as stricter requirements become standard. =end -- http://bugs.ruby-lang.org/