pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/lang

Module Name:    pkgsrc
Committed By:   taca
Date:           Thu Feb 16 16:36:08 UTC 2012

Modified Files:
        pkgsrc/lang/ruby18-base: distinfo

Log Message:
Update ruby18-base package to 1.8.7-pl357 (Ruby 1.8.7 patchlevel 357).

Wed Feb  8 14:06:59 2012  Hiroshi Nakamura  <>

        * ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
          option to prevent BEAST attack. See [Bug #5353].

          In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
          TLS-CBC-IV vulunerability described at

          It's known issue of TLSv1/SSLv3 but it attracts lots of attention
          these days as BEAST attack. (CVE-2011-3389)

          Until now ossl sets OP_ALL at SSLContext allocation and call
          SSL_CTX_set_options at connection.  SSL_CTX_set_options updates the
          value by using |= so bits set by OP_ALL cannot be unset afterwards.

          This commit changes to call SSL_CTX_set_options only 1 time for each
          SSLContext. It sets the specified value if SSLContext#options= are
          called and sets OP_ALL if not.

          To help users to unset bits in OP_ALL, this commit also adds several
          constant to SSL such as
          OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.  These constants were
          not exposed in Ruby because there's no way to unset bits in OP_ALL

          Following is an example to enable 0/n split for BEAST prevention.

            ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS

        * test/openssl/test_ssl.rb: Test above option exists.

To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 pkgsrc/lang/ruby/
cvs rdiff -u -r1.51 -r1.52 pkgsrc/lang/ruby18-base/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index