From: nagachika00@... Date: 2018-03-19T15:14:40+00:00 Subject: [ruby-core:86200] [Ruby trunk Bug#13935] Backport openssl v2.0.7 Issue #13935 has been updated by nagachika (Tomoyuki Chikanaga). Backport changed from 2.2: UNKNOWN, 2.3: REQUIRED, 2.4: REQUIRED to 2.2: UNKNOWN, 2.3: REQUIRED, 2.4: DONE Update openssl 2.0.6 in ruby_2_4 branch at r62842. I made a mistake in my commit message... ---------------------------------------- Bug #13935: Backport openssl v2.0.7 https://bugs.ruby-lang.org/issues/13935#change-71095 * Author: rhenium (Kazuki Yamaguchi) * Status: Closed * Priority: Normal * Assignee: * Target version: * ruby -v: * Backport: 2.2: UNKNOWN, 2.3: REQUIRED, 2.4: DONE ---------------------------------------- ruby_2_4 maintainer: The attached patch (0001-openssl-import-v2.0.7.patch) updates the bundled openssl gem from v2.0.5 to v2.0.7. It applies on top of current ruby_2_4 (r60626). All changes are already in trunk as part of v2.1.0. https://github.com/ruby/openssl/compare/v2.0.5...v2.0.7 ruby_2_3 maintainer: I think some of the changes in v2.0.6/v2.0.7 are worth backporting to Ruby 2.3 too. Please see the attached patch files (ruby_2_3-*.patch). ---Files-------------------------------- 0001-openssl-import-v2.0.6.patch (144 KB) ruby_2_3-0001-ssl-do-not-call-session_remove_cb-during-GC.patch (1.18 KB) ruby_2_3-0002-ssl-remove-useless-call-to-rb_thread_wait_fd.patch (1.08 KB) ruby_2_3-0003-ssl-prevent-SSLSocket-sysread-from-leaking-uninitial.patch (2.78 KB) ruby_2_3-0004-ossl.c-use-struct-CRYPTO_dynlock_value-for-non-dynam.patch (3.38 KB) ruby_2_3-0005-ossl.c-make-legacy-locking-callbacks-reentrant.patch (1.88 KB) 0001-openssl-import-v2.0.7.patch (155 KB) ruby_2_3-0006-cipher-disallow-setting-AAD-for-non-AEAD-ciphers.patch (1.84 KB) -- https://bugs.ruby-lang.org/ Unsubscribe: