lib/puppet/util/monkey_patches.rb in puppet-2.7.20 vs lib/puppet/util/monkey_patches.rb in puppet-2.7.21
- old
+ new
@@ -32,10 +32,25 @@
ZAML.dump(self)
end
end
}
+if defined?(YAML::ENGINE) and YAML::ENGINE.yamler == 'psych'
+ def Psych.safely_load(str)
+ result = Psych.parse(str)
+ if invalid_node = result.find { |node| node.tag =~ /!map:(.*)/ || node.tag =~ /!ruby\/hash:(.*)/ }
+ raise ArgumentError, "Illegal YAML mapping found with tag #{invalid_node.tag}; please use !ruby/object:#{$1} instead"
+ else
+ result.to_ruby
+ end
+ end
+else
+ def YAML.safely_load(str)
+ self.load(str)
+ end
+end
+
def YAML.dump(*args)
ZAML.dump(*args)
end
#
@@ -237,7 +252,50 @@
end
module_function :mv
alias move mv
module_function :move
+ end
+end
+
+# (#19151) Reject all SSLv2 ciphers and handshakes
+require 'openssl'
+class OpenSSL::SSL::SSLContext
+ if match = /^1\.8\.(\d+)/.match(RUBY_VERSION)
+ older_than_187 = match[1].to_i < 7
+ else
+ older_than_187 = false
+ end
+
+ alias __original_initialize initialize
+ private :__original_initialize
+
+ if older_than_187
+ def initialize(*args)
+ __original_initialize(*args)
+ if bitmask = self.options
+ self.options = bitmask | OpenSSL::SSL::OP_NO_SSLv2
+ else
+ self.options = OpenSSL::SSL::OP_NO_SSLv2
+ end
+ # These are the default ciphers in recent MRI versions. See
+ # https://github.com/ruby/ruby/blob/v1_9_3_392/ext/openssl/lib/openssl/ssl-internal.rb#L26
+ self.ciphers = "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW"
+ end
+ else
+ if DEFAULT_PARAMS[:options]
+ DEFAULT_PARAMS[:options] |= OpenSSL::SSL::OP_NO_SSLv2
+ else
+ DEFAULT_PARAMS[:options] = OpenSSL::SSL::OP_NO_SSLv2
+ end
+ DEFAULT_PARAMS[:ciphers] << ':!SSLv2'
+
+ def initialize(*args)
+ __original_initialize(*args)
+ params = {
+ :options => DEFAULT_PARAMS[:options],
+ :ciphers => DEFAULT_PARAMS[:ciphers],
+ }
+ set_params(params)
+ end
end
end