[#48729] [ANN] ruby 2.0.0-preview1 released — Yusuke Endoh <mame@...>
Japanese later; 日本語はあとで
10 messages
2012/11/02
[#48977] Re: [ANN] ruby 2.0.0-preview1 released
— V咜 Ondruch <v.ondruch@...>
2012/11/06
Hi,
[#48979] Re: [ANN] ruby 2.0.0-preview1 released
— Yusuke Endoh <mame@...>
2012/11/06
Hello Vit,
[#48982] Re: [ANN] ruby 2.0.0-preview1 released
— V咜 Ondruch <v.ondruch@...>
2012/11/06
2012/11/6 Yusuke Endoh <[email protected]>
[#48745] [ruby-trunk - Bug #7267][Open] Dir.glob on Mac OS X returns unexpected string encodings for unicode file names — "kennygrant (Kenny Grant)" <kennygrant@...>
17 messages
2012/11/02
[#48773] [ruby-trunk - Bug #7269][Open] Refinement doesn't work if using locate after method — "ko1 (Koichi Sasada)" <redmine@...>
12 messages
2012/11/03
[#48806] [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— "headius (Charles Nutter)" <headius@...>
2012/11/03
[#48808] Re: [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— SASADA Koichi <ko1@...>
2012/11/03
(2012/11/03 10:11), headius (Charles Nutter) wrote:
[#48810] Re: [ruby-trunk - Bug #7269] Refinement doesn't work if using locate after method
— SASADA Koichi <ko1@...>
2012/11/03
(2012/11/03 10:36), SASADA Koichi wrote:
[#48774] [ruby-trunk - Feature #4085] Refinements and nested methods — "shugo (Shugo Maeda)" <redmine@...>
3 messages
2012/11/03
[#48819] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
5 messages
2012/11/03
[#48820] [ruby-trunk - Bug #7271][Assigned] Refinement doesn't seem lexical — "ko1 (Koichi Sasada)" <redmine@...>
5 messages
2012/11/03
[#48847] [ruby-trunk - Bug #7274][Open] UnboundMethods should be bindable to any object that is_a?(owner of the UnboundMethod) — "rits (First Last)" <redmine@...>
21 messages
2012/11/04
[#48882] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
3 messages
2012/11/05
[#48964] [Backport93 - Backport #7285][Assigned] some failures on RubyInstaller CI — "usa (Usaku NAKAMURA)" <usa@...>
5 messages
2012/11/06
[#48988] [ruby-trunk - Feature #7292][Open] Enumerable#to_h — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
40 messages
2012/11/06
[#48997] [ruby-trunk - Feature #7297][Open] map_to alias for each_with_object — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
19 messages
2012/11/06
[#49018] [ruby-trunk - Feature #7299][Open] Ruby should not completely ignore blocks. — "marcandre (Marc-Andre Lafortune)" <ruby-core@...>
13 messages
2012/11/07
[#49068] [ruby-trunk - Feature #7299] Ruby should not completely ignore blocks.
— "matz (Yukihiro Matsumoto)" <matz@...>
2012/11/07
[#49078] Re: [ruby-cvs:44714] marcandre:r37544 (ruby_1_9_3): merge revisions r33453, r37542: — "U.Nakamura" <usa@...>
Hello,
4 messages
2012/11/08
[#49119] ID_ALLOCATOR ? — Roger Pack <rogerdpack2@...>
Hello.
10 messages
2012/11/08
[#49173] Re: ID_ALLOCATOR ?
— SASADA Koichi <ko1@...>
2012/11/09
Can I see ruby-prof code?
[#49174] Re: ID_ALLOCATOR ?
— Roger Pack <rogerdpack2@...>
2012/11/09
On Fri, Nov 9, 2012 at 11:14 AM, SASADA Koichi <[email protected]> wrote:
[#49196] [ruby-trunk - Feature #7322][Open] Add a new operator name #>< for bit-wise "exclusive or" — "alexeymuranov (Alexey Muranov)" <redmine@...>
18 messages
2012/11/10
[#49211] [ruby-trunk - Feature #7328][Open] Move ** operator precedence under unary + and - — "boris_stitnicky (Boris Stitnicky)" <boris@...>
20 messages
2012/11/11
[#49256] [ruby-trunk - Feature #7336][Open] Flexiable OPerator Precedence — "trans (Thomas Sawyer)" <transfire@...>
18 messages
2012/11/12
[#49267] [ruby-trunk - Feature #7340][Open] 'each_with' or 'into' alias for 'each_with_object' — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
8 messages
2012/11/12
[#49268] [ruby-trunk - Feature #7341][Open] Enumerable#associate — "nathan.f77 (Nathan Broadbent)" <nathan.f77@...>
8 messages
2012/11/12
[#49282] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations. — "U.Nakamura" <usa@...>
Hello,
5 messages
2012/11/13
[#49284] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations.
— "U.Nakamura" <usa@...>
2012/11/13
Hello,
[#49292] Re: [ruby-cvs:44801] tenderlove:r37631 (trunk): * probes.d: add DTrace probe declarations.
— "NARUSE, Yui" <naruse@...>
2012/11/13
2012/11/13 U.Nakamura <[email protected]>:
[#49298] [ruby-trunk - Feature #7346][Open] object(...) as syntax sugar for object.call(...) — "rosenfeld (Rodrigo Rosenfeld Rosas)" <rr.rosas@...>
7 messages
2012/11/13
[#49320] [ruby-trunk - Feature #4085] Refinements and nested methods — "headius (Charles Nutter)" <headius@...>
3 messages
2012/11/13
[#49328] [ruby-trunk - Bug #7349][Open] Struct#inspect needs more meaningful output — "postmodern (Hal Brodigan)" <postmodern.mod3@...>
6 messages
2012/11/14
[#49340] bugs.ruby-lang.org - 500 error — Luis Lavena <luislavena@...>
Hello,
6 messages
2012/11/14
[#49341] Re: bugs.ruby-lang.org - 500 error
— Joshua Ballanco <jballanc@...>
2012/11/14
I've been unable to access it since morning EET (about 6 hours now).
[#49342] Re: bugs.ruby-lang.org - 500 error
— Zachary Scott <zachary@...>
2012/11/14
It's almost 3am in Japan now, don't forget.
[#49343] Re: bugs.ruby-lang.org - 500 error
— Luis Lavena <luislavena@...>
2012/11/14
On Wed, Nov 14, 2012 at 2:46 PM, Zachary Scott <[email protected]> w=
[#49354] review open pull requests on github — Zachary Scott <zachary@...>
Could we get a review on any open pull requests on github before the
12 messages
2012/11/15
[#49355] Re: review open pull requests on github
— "NARUSE, Yui" <naruse@...>
2012/11/15
2012/11/15 Zachary Scott <[email protected]>:
[#49356] Re: review open pull requests on github
— Zachary Scott <zachary@...>
2012/11/15
Ok, I was hoping one of the maintainers might want to.
[#49382] Re: review open pull requests on github
— Marc-Andre Lafortune <ruby-core-mailing-list@...>
2012/11/15
I could add my eyes to monitor the github issues/pull requests, if only to
[#49387] Re: review open pull requests on github
— Luis Lavena <luislavena@...>
2012/11/15
On Thu, Nov 15, 2012 at 2:11 PM, Marc-Andre Lafortune
[#49388] Re: review open pull requests on github
— Zachary Scott <zachary@...>
2012/11/15
On Thu, Nov 15, 2012 at 1:01 PM, Luis Lavena <[email protected]> wrote:
[#49391] Re: review open pull requests on github
— Marc-Andre Lafortune <ruby-core-mailing-list@...>
2012/11/15
On Thu, Nov 15, 2012 at 1:06 PM, Zachary Scott <[email protected]>
[#49416] make check: missing psych — Ramkumar Ramachandra <artagnon@...>
Hi,
7 messages
2012/11/16
[#49418] Re: make check: missing psych
— Luis Lavena <luislavena@...>
2012/11/16
On Fri, Nov 16, 2012 at 9:58 AM, Ramkumar Ramachandra
[#49419] Re: make check: missing psych
— Ramkumar Ramachandra <artagnon@...>
2012/11/16
Luis Lavena wrote:
[#49463] [ruby-trunk - Feature #7375][Open] embedding libyaml in psych for Ruby 2.0 — "tenderlovemaking (Aaron Patterson)" <aaron@...>
21 messages
2012/11/16
[#49494] [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— "vo.x (Vit Ondruch)" <v.ondruch@...>
2012/11/17
[#49497] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Aaron Patterson <tenderlove@...>
2012/11/17
On Sun, Nov 18, 2012 at 03:05:50AM +0900, vo.x (Vit Ondruch) wrote:
[#49499] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— V咜 Ondruch <v.ondruch@...>
2012/11/17
Dne 17.11.2012 21:19, Aaron Patterson napsal(a):
[#49500] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Benoit Daloze <eregontp@...>
2012/11/17
On 17 November 2012 21:34, V=EDt Ondruch <[email protected]> wrote:
[#49524] Re: [ruby-trunk - Feature #7375] embedding libyaml in psych for Ruby 2.0
— Yusuke Endoh <mame@...>
2012/11/18
Hello,
[#49468] [ruby-trunk - Feature #7378][Open] Adding Pathname#write — "aef (Alexander E. Fischer)" <aef@...>
6 messages
2012/11/17
[#49479] [ruby-trunk - Bug #7379][Open] Unexpected result of Kernel#gets on Windows 8 — "phasis68 (Heesob Park)" <phasis@...>
6 messages
2012/11/17
[#49518] [ruby-trunk - Bug #7383][Open] Use stricter cache check in load.c — "funny_falcon (Yura Sokolov)" <funny.falcon@...>
4 messages
2012/11/18
[#49536] [ruby-trunk - Feature #7388][Open] Object#embed — "zzak (Zachary Scott)" <zachary@...>
7 messages
2012/11/18
[#49543] [ruby-trunk - Feature #7390][Open] Funny Falcon Threads — "zzak (Zachary Scott)" <zachary@...>
4 messages
2012/11/18
[#49558] [ruby-trunk - Bug #7395][Open] Negative numbers can't be primes by definition — "zzak (Zachary Scott)" <zachary@...>
10 messages
2012/11/19
[#49868] How to stop spam from ruby-core — Heesob Park <phasis@...>
Hi,
5 messages
2012/11/22
[#49949] [ruby-trunk - Feature #7426][Assigned] Update Rdoc — "mame (Yusuke Endoh)" <mame@...>
10 messages
2012/11/24
[#50198] [ruby-trunk - Feature #7426] Update Rdoc
— "drbrain (Eric Hodel)" <[email protected]>
2012/11/27
[#50202] Re: [ruby-trunk - Feature #7426] Update Rdoc
— SASADA Koichi <ko1@...>
2012/11/27
(2012/11/27 13:33), drbrain (Eric Hodel) wrote:
[#50203] Re: [ruby-trunk - Feature #7426] Update Rdoc
— Luis Lavena <luislavena@...>
2012/11/27
On Tue, Nov 27, 2012 at 12:57 AM, SASADA Koichi <[email protected]> wrote:
[#50204] Re: [ruby-trunk - Feature #7426] Update Rdoc
— Eric Hodel <[email protected]>
2012/11/27
On Nov 26, 2012, at 10:09 PM, Luis Lavena <[email protected]> wrote:
[#50092] [ruby-trunk - Feature #7434][Open] Allow caller_locations and backtrace_locations to receive negative params — "sam.saffron (Sam Saffron)" <sam.saffron@...>
21 messages
2012/11/25
[#50264] [ruby-trunk - Feature #7457][Open] GC.stat to return "allocated object count" and "freed object count" — "ko1 (Koichi Sasada)" <redmine@...>
5 messages
2012/11/28
[#50306] Towards a better process for changing Ruby — Magnus Holm <judofyr@...>
Hey folks,
11 messages
2012/11/29
[#50317] Re: Towards a better process for changing Ruby
— Yorick Peterse <yorickpeterse@...>
2012/11/29
What I'd like to see is primarily better communication and release
[#50320] Re: Towards a better process for changing Ruby
— Yusuke Endoh <mame@...>
2012/11/29
Hello Magnus,
[#50750] Re: Towards a better process for changing Ruby
— Magnus Holm <judofyr@...>
2012/12/11
Endoh-san,
[#50312] How to stop spam message from redmine.ruby-lang.org — Heesob Park <phasis@...>
HI,
7 messages
2012/11/29
[#50315] Re: How to stop spam message from redmine.ruby-lang.org
— "NARUSE, Yui" <naruse@...>
2012/11/29
Hi,
[#50372] [ruby-trunk - Bug #7476][Open] missing "IP_TRANSPARENT" constant for IP sockets. — "elico (Eliezer Croitoru)" <eliezer@...>
8 messages
2012/11/30
[#52809] [ruby-trunk - Feature #7476] missing "IP_TRANSPARENT" constant for IP sockets.
— "ko1 (Koichi Sasada)" <redmine@...>
2013/02/24
[#53889] Re: [ruby-trunk - Feature #7476] missing "IP_TRANSPARENT" constant for IP sockets.
— Tanaka Akira <akr@...>
2013/04/02
2013/2/24 ko1 (Koichi Sasada) <[email protected]>:
[ruby-core:50330] [ruby-trunk - Bug #5353] TLS v1.0 and less - Attack on CBC mode
From:
"nahi (Hiroshi Nakamura)" <nakahiro@...>
Date:
2012-11-29 14:14:38 UTC
List:
ruby-core #50330
Issue #5353 has been updated by nahi (Hiroshi Nakamura).
Assignee changed from nahi (Hiroshi Nakamura) to MartinBosslet (Martin Bosslet)
=begin
This could be an option:
Index: test/openssl/test_ssl.rb
===================================================================
--- test/openssl/test_ssl.rb (revision 37996)
+++ test/openssl/test_ssl.rb (working copy)
@@ -257,7 +257,7 @@
ctx = OpenSSL::SSL::SSLContext.new
ctx.set_params
assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode)
- assert_equal(OpenSSL::SSL::OP_ALL, ctx.options)
+ assert_equal(OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS, ctx.options)
ciphers = ctx.ciphers
ciphers_versions = ciphers.collect{|_, v, _, _| v }
ciphers_names = ciphers.collect{|v, _, _, _| v }
@@ -397,6 +397,7 @@
end
def test_unset_OP_ALL
+ # Can we safely assume every env has OP_DONT_INSERT_EMPTY_FRAGMENTS?
ctx_proc = Proc.new { |ctx|
ctx.options = OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
}
Index: ext/openssl/lib/openssl/ssl.rb
===================================================================
--- ext/openssl/lib/openssl/ssl.rb (revision 37996)
+++ ext/openssl/lib/openssl/ssl.rb (working copy)
@@ -24,7 +24,9 @@
:ssl_version => "SSLv23",
:verify_mode => OpenSSL::SSL::VERIFY_PEER,
:ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW",
- :options => OpenSSL::SSL::OP_ALL,
+ :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ?
+ OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS :
+ OpenSSL::SSL::OP_ALL,
}
DEFAULT_CERT_STORE = OpenSSL::X509::Store.new
...but it causes connection problem for clients, that normally not affected by BEAST. I'll update WEBrick to disable the bit.
Martin, please close this issue if you're OK. WEBrick thing is a different problem.
=end
----------------------------------------
Bug #5353: TLS v1.0 and less - Attack on CBC mode
https://bugs.ruby-lang.org/issues/5353#change-34151
Author: MartinBosslet (Martin Bosslet)
Status: Assigned
Priority: High
Assignee: MartinBosslet (Martin Bosslet)
Category: ext
Target version: 2.0.0
ruby -v: -
A well-known vulnerability of TLS v1.0 and earlier has recently gained some attention:
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Although this has been known for a long time (http://www.openssl.org/~bodo/tls-cbc.txt),
and a fix for this has been provided, in reality most applications seem to be working with
SSL_OP_ALL
which is a flag that enables some bug workarounds that were considered harmless.
We, too, use this in ossl_sslctx_s_alloc(VALUE klass) in ossl_ssl.c. Unfortunately,
this flag also includes
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
which disables the fix for the "CBC vulnerability". Here is what a comment says
about the flag (OpenSSL 1.0.0d)
/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
* in OpenSSL 0.9.6d. Usually (depending on the application protocol)
* the workaround is not needed. Unfortunately some broken SSL/TLS
* implementations cannot handle it at all, which is why we include
* it in SSL_OP_ALL. */
If I understand http://www.openssl.org/~bodo/tls-cbc.txt correctly, the most
notable implementation that does not play well with these empty fragments
was (is?) IE - I don't know how this has evolved over time, I would have to
research further.
An easy fix for the situation would be to discard SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS,
but this would risk affecting existing installations.
What do you propose? Should we solve this before the 1.9.3 release?
(PS: The actual attack and fix are outlined in
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.61.5887&rep=rep1&type=pdf
The attack to be presented by Thai Duong and Juliano Rizzo at
http://ekoparty.org/cronograma.php (caution: currently the site is victim to the "reddit effect")
is very likely to be based on what was already known and should therefore hopefully
require no further fixes.)
--
http://bugs.ruby-lang.org/