pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/lang/ruby18-base Add patches against Ruby 1.8.6-p111. ...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/ee90c20d4502
branches:  trunk
changeset: 533786:ee90c20d4502
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun Sep 30 04:08:15 2007 +0000

description:
Add patches against Ruby 1.8.6-p111.  Since 1.8.6-p111 dosen't
officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.

This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.

Bump PKGREVISION.

diffstat:

 lang/ruby18-base/Makefile         |   3 ++-
 lang/ruby18-base/distinfo         |   6 +++++-
 lang/ruby18-base/patches/patch-ag |  13 +++++++++++++
 lang/ruby18-base/patches/patch-ai |  22 ++++++++++++++++++++++
 lang/ruby18-base/patches/patch-dh |  37 +++++++++++++++++++++++++++++++++++++
 lang/ruby18-base/patches/patch-di |  29 +++++++++++++++++++++++++++++
 6 files changed, 108 insertions(+), 2 deletions(-)

diffs (148 lines):

diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/Makefile
--- a/lang/ruby18-base/Makefile Sat Sep 29 21:46:33 2007 +0000
+++ b/lang/ruby18-base/Makefile Sun Sep 30 04:08:15 2007 +0000
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.36 2007/09/09 14:17:13 taca Exp $
+# $NetBSD: Makefile,v 1.37 2007/09/30 04:08:15 taca Exp $
 #
 
 DISTNAME=      ${RUBY_DISTNAME}
 PKGNAME=       ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
+PKGREVISION=   1
 CATEGORIES=    lang ruby
 MASTER_SITES=  ${MASTER_SITE_RUBY}
 
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/distinfo
--- a/lang/ruby18-base/distinfo Sat Sep 29 21:46:33 2007 +0000
+++ b/lang/ruby18-base/distinfo Sun Sep 30 04:08:15 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2007/09/24 21:58:27 taca Exp $
+$NetBSD: distinfo,v 1.22 2007/09/30 04:08:15 taca Exp $
 
 SHA1 (ruby-1.8.6-p110.tar.bz2) = b9c980dabd6c99f3663d463a586b18f2637c9e5b
 RMD160 (ruby-1.8.6-p110.tar.bz2) = 7acff85e7604ec8cb14590967a147dd953079dd6
@@ -6,3 +6,7 @@
 SHA1 (patch-aa) = eb218253249d7fc8fe32c5d1ad00f355714861f9
 SHA1 (patch-ab) = 973e36950d5b497c7283b928153e9f0ae9fe023e
 SHA1 (patch-ac) = b84bc931ab3dd7fe619cca846a300673fa71f48e
+SHA1 (patch-ag) = 1db7fdb83e17a979556a4a9f7fd709dc124d1da0
+SHA1 (patch-ai) = 006cb39e417ee5d939af85482e81f441682b688d
+SHA1 (patch-dh) = 8d8dfbc070433259acc24e18314ad6d76ac4900c
+SHA1 (patch-di) = 28e8e44c9ec47ec8ed11ad06e00e8acab4809968
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ag Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ag,v 1.3 2007/09/30 04:08:16 taca Exp $
+
+--- ext/openssl/lib/openssl/ssl.rb.orig        2007-02-13 08:01:19.000000000 +0900
++++ ext/openssl/lib/openssl/ssl.rb
+@@ -88,7 +88,7 @@ module OpenSSL
+             end
+           }
+         end
+-        raise SSLError, "hostname not match"
++        raise SSLError, "hostname was not match with the server certificate"
+       end
+     end
+ 
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-ai
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-ai Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,22 @@
+$NetBSD: patch-ai,v 1.1 2007/09/30 04:08:16 taca Exp $
+
+--- ChangeLog.orig     2007-09-23 09:01:50.000000000 +0900
++++ ChangeLog
+@@ -1,3 +1,17 @@
++Sun Sep 23 21:57:25 2007  GOTOU Yuuzou  <gotoyuzo%notwork.org@localhost>  
++
++      * lib/net/http.rb: an SSL verification (the server hostname should
++        be matched with its certificate's commonName) is added.
++        this verification can be skipped by
++        "Net::HTTP#enable_post_connection_check=(false)".
++        suggested by Chris Clark <cclark at isecpartners.com>
++
++      * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
++        perform SSL post connection check.
++
++      * ext/openssl/lib/openssl/ssl.c
++      (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
++
+ Sun Sep 23 07:49:49 2007  Nobuyoshi Nakada  <nobu%ruby-lang.org@localhost>
+ 
+       * eval.c, intern.h, ext/thread/thread.c: should not free queue while
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-dh
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-dh Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-dh,v 1.1 2007/09/30 04:08:17 taca Exp $
+
+--- lib/net/http.rb.orig       2007-02-13 08:01:19.000000000 +0900
++++ lib/net/http.rb
+@@ -470,6 +470,7 @@ module Net   #:nodoc:
+       @debug_output = nil
+       @use_ssl = false
+       @ssl_context = nil
++      @enable_post_connection_check = true
+     end
+ 
+     def inspect
+@@ -526,6 +527,9 @@ module Net   #:nodoc:
+       false   # redefined in net/https
+     end
+ 
++    # specify enabling SSL server certificate and hostname checking.
++    attr_accessor :enable_post_connection_check
++
+     # Opens TCP connection and HTTP session.
+     # 
+     # When this method is called with block, gives a HTTP object
+@@ -584,6 +588,14 @@ module Net   #:nodoc:
+           HTTPResponse.read_new(@socket).value
+         end
+         s.connect
++        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
++          begin
++            s.post_connection_check(@address)
++          rescue OpenSSL::SSL::SSLError => ex
++            raise ex if @enable_post_connection_check
++            warn ex.message
++          end
++        end
+       end
+       on_connect
+     end
diff -r df1c1f243659 -r ee90c20d4502 lang/ruby18-base/patches/patch-di
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/lang/ruby18-base/patches/patch-di Sun Sep 30 04:08:15 2007 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-di,v 1.1 2007/09/30 04:08:17 taca Exp $
+
+--- lib/open-uri.rb.orig       2007-02-13 08:01:19.000000000 +0900
++++ lib/open-uri.rb
+@@ -229,6 +229,7 @@ module OpenURI
+     if target.class == URI::HTTPS
+       require 'net/https'
+       http.use_ssl = true
++      http.enable_post_connection_check = true
+       http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+       store = OpenSSL::X509::Store.new
+       store.set_default_paths
+@@ -240,16 +241,6 @@ module OpenURI
+ 
+     resp = nil
+     http.start {
+-      if target.class == URI::HTTPS
+-        # xxx: information hiding violation
+-        sock = http.instance_variable_get(:@socket)
+-        if sock.respond_to?(:io)
+-          sock = sock.io # 1.9
+-        else
+-          sock = sock.instance_variable_get(:@socket) # 1.8
+-        end
+-        sock.post_connection_check(target_host)
+-      end
+       req = Net::HTTP::Get.new(request_uri, header)
+       if options.include? :http_basic_authentication
+         user, pass = options[:http_basic_authentication]



Home | Main Index | Thread Index | Old Index