pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/lang/ruby18-base Add patches against Ruby 1.8.6-p111. ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/ee90c20d4502
branches: trunk
changeset: 533786:ee90c20d4502
user: taca <taca%pkgsrc.org@localhost>
date: Sun Sep 30 04:08:15 2007 +0000
description:
Add patches against Ruby 1.8.6-p111. Since 1.8.6-p111 dosen't
officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.
This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.
Bump PKGREVISION.
diffstat:
lang/ruby18-base/Makefile | 3 ++-
lang/ruby18-base/distinfo | 6 +++++-
lang/ruby18-base/patches/patch-ag | 13 +++++++++++++
lang/ruby18-base/patches/patch-ai | 22 ++++++++++++++++++++++
lang/ruby18-base/patches/patch-dh | 37 +++++++++++++++++++++++++++++++++++++
lang/ruby18-base/patches/patch-di | 29 +++++++++++++++++++++++++++++
6 files changed, 108 insertions(+), 2 deletions(-)
diffs (148 lines):
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Sat Sep 29 21:46:33 2007 +0000
+++ b/lang/ruby18-base/Makefile Sun Sep 30 04:08:15 2007 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.36 2007/09/09 14:17:13 taca Exp $
+# $NetBSD: Makefile,v 1.37 2007/09/30 04:08:15 taca Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
+PKGREVISION= 1
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Sat Sep 29 21:46:33 2007 +0000
+++ b/lang/ruby18-base/distinfo Sun Sep 30 04:08:15 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2007/09/24 21:58:27 taca Exp $
+$NetBSD: distinfo,v 1.22 2007/09/30 04:08:15 taca Exp $
SHA1 (ruby-1.8.6-p110.tar.bz2) = b9c980dabd6c99f3663d463a586b18f2637c9e5b
RMD160 (ruby-1.8.6-p110.tar.bz2) = 7acff85e7604ec8cb14590967a147dd953079dd6
@@ -6,3 +6,7 @@
SHA1 (patch-aa) = eb218253249d7fc8fe32c5d1ad00f355714861f9
SHA1 (patch-ab) = 973e36950d5b497c7283b928153e9f0ae9fe023e
SHA1 (patch-ac) = b84bc931ab3dd7fe619cca846a300673fa71f48e
+SHA1 (patch-ag) = 1db7fdb83e17a979556a4a9f7fd709dc124d1da0
+SHA1 (patch-ai) = 006cb39e417ee5d939af85482e81f441682b688d
+SHA1 (patch-dh) = 8d8dfbc070433259acc24e18314ad6d76ac4900c
+SHA1 (patch-di) = 28e8e44c9ec47ec8ed11ad06e00e8acab4809968
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ag Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ag,v 1.3 2007/09/30 04:08:16 taca Exp $
+
+--- ext/openssl/lib/openssl/ssl.rb.orig 2007-02-13 08:01:19.000000000 +0900
++++ ext/openssl/lib/openssl/ssl.rb
+@@ -88,7 +88,7 @@ module OpenSSL
+ end
+ }
+ end
+- raise SSLError, "hostname not match"
++ raise SSLError, "hostname was not match with the server certificate"
+ end
+ end
+
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-ai
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ai Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ai,v 1.1 2007/09/30 04:08:16 taca Exp $
+
+--- ChangeLog.orig 2007-09-23 09:01:50.000000000 +0900
++++ ChangeLog
+@@ -1,3 +1,17 @@
++Sun Sep 23 21:57:25 2007 GOTOU Yuuzou <gotoyuzo%notwork.org@localhost>
++
++ * lib/net/http.rb: an SSL verification (the server hostname should
++ be matched with its certificate's commonName) is added.
++ this verification can be skipped by
++ "Net::HTTP#enable_post_connection_check=(false)".
++ suggested by Chris Clark <cclark at isecpartners.com>
++
++ * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
++ perform SSL post connection check.
++
++ * ext/openssl/lib/openssl/ssl.c
++ (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
++
+ Sun Sep 23 07:49:49 2007 Nobuyoshi Nakada <nobu%ruby-lang.org@localhost>
+
+ * eval.c, intern.h, ext/thread/thread.c: should not free queue while
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-dh
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-dh Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-dh,v 1.1 2007/09/30 04:08:17 taca Exp $
+
+--- lib/net/http.rb.orig 2007-02-13 08:01:19.000000000 +0900
++++ lib/net/http.rb
+@@ -470,6 +470,7 @@ module Net #:nodoc:
+ @debug_output = nil
+ @use_ssl = false
+ @ssl_context = nil
++ @enable_post_connection_check = true
+ end
+
+ def inspect
+@@ -526,6 +527,9 @@ module Net #:nodoc:
+ false # redefined in net/https
+ end
+
++ # specify enabling SSL server certificate and hostname checking.
++ attr_accessor :enable_post_connection_check
++
+ # Opens TCP connection and HTTP session.
+ #
+ # When this method is called with block, gives a HTTP object
+@@ -584,6 +588,14 @@ module Net #:nodoc:
+ HTTPResponse.read_new(@socket).value
+ end
+ s.connect
++ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
++ begin
++ s.post_connection_check(@address)
++ rescue OpenSSL::SSL::SSLError => ex
++ raise ex if @enable_post_connection_check
++ warn ex.message
++ end
++ end
+ end
+ on_connect
+ end
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-di
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-di Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-di,v 1.1 2007/09/30 04:08:17 taca Exp $
+
+--- lib/open-uri.rb.orig 2007-02-13 08:01:19.000000000 +0900
++++ lib/open-uri.rb
+@@ -229,6 +229,7 @@ module OpenURI
+ if target.class == URI::HTTPS
+ require 'net/https'
+ http.use_ssl = true
++ http.enable_post_connection_check = true
+ http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ store = OpenSSL::X509::Store.new
+ store.set_default_paths
+@@ -240,16 +241,6 @@ module OpenURI
+
+ resp = nil
+ http.start {
+- if target.class == URI::HTTPS
+- # xxx: information hiding violation
+- sock = http.instance_variable_get(:@socket)
+- if sock.respond_to?(:io)
+- sock = sock.io # 1.9
+- else
+- sock = sock.instance_variable_get(:@socket) # 1.8
+- end
+- sock.post_connection_check(target_host)
+- end
+ req = Net::HTTP::Get.new(request_uri, header)
+ if options.include? :http_basic_authentication
+ user, pass = options[:http_basic_authentication]
Home |
Main Index |
Thread Index |
Old Index