Fri Feb 20 12:32:26 2009 UTC ()
Apply patch from Ruby's repository, revision 22440.
It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always
return false when verify was failed in OpenSSL's correspondence library.
(It might be possible security risk for using OCPS.
Fix small PLIST improvement, too.
Bump PKGREVISION.
(taca)
diff -r1.48 -r1.49 pkgsrc/lang/ruby18-base/Makefile
diff -r1.7 -r1.8 pkgsrc/lang/ruby18-base/PLIST.common_end
diff -r1.34 -r1.35 pkgsrc/lang/ruby18-base/distinfo
diff -r0 -r1.2 pkgsrc/lang/ruby18-base/patches/patch-dj
--- pkgsrc/lang/ruby18-base/Attic/Makefile 2008/09/15 03:30:22 1.48
+++ pkgsrc/lang/ruby18-base/Attic/Makefile 2009/02/20 12:32:26 1.49
| @@ -1,19 +1,19 @@ | | | @@ -1,19 +1,19 @@ |
| 1 | # $NetBSD: Makefile,v 1.48 2008/09/15 03:30:22 taca Exp $ | | 1 | # $NetBSD: Makefile,v 1.49 2009/02/20 12:32:26 taca Exp $ |
| 2 | # | | 2 | # |
| 3 | | | 3 | |
| 4 | DISTNAME= ${RUBY_DISTNAME} | | 4 | DISTNAME= ${RUBY_DISTNAME} |
| 5 | PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX} | | 5 | PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX} |
| 6 | PKGREVISION= 2 | | 6 | PKGREVISION= 3 |
| 7 | CATEGORIES= lang ruby | | 7 | CATEGORIES= lang ruby |
| 8 | MASTER_SITES= ${MASTER_SITE_RUBY} | | 8 | MASTER_SITES= ${MASTER_SITE_RUBY} |
| 9 | #PKGREVISION= | | 9 | #PKGREVISION= |
| 10 | | | 10 | |
| 11 | MAINTAINER= taca@NetBSD.org | | 11 | MAINTAINER= taca@NetBSD.org |
| 12 | HOMEPAGE= ${RUBY_HOMEPAGE} | | 12 | HOMEPAGE= ${RUBY_HOMEPAGE} |
| 13 | COMMENT= Ruby 1.8 based release minimum package | | 13 | COMMENT= Ruby 1.8 based release minimum package |
| 14 | | | 14 | |
| 15 | RUBY_VERSION= ${RUBY18_VERSION} | | 15 | RUBY_VERSION= ${RUBY18_VERSION} |
| 16 | | | 16 | |
| 17 | CONFLICTS= ${RUBY_PKGPREFIX}-dbm-[0-9]* \ | | 17 | CONFLICTS= ${RUBY_PKGPREFIX}-dbm-[0-9]* \ |
| 18 | ${RUBY_PKGPREFIX}-digest-[0-9]* \ | | 18 | ${RUBY_PKGPREFIX}-digest-[0-9]* \ |
| 19 | ${RUBY_PKGPREFIX}-iconv-[0-9]* \ | | 19 | ${RUBY_PKGPREFIX}-iconv-[0-9]* \ |
--- pkgsrc/lang/ruby18-base/Attic/PLIST.common_end 2008/06/19 14:35:37 1.7
+++ pkgsrc/lang/ruby18-base/Attic/PLIST.common_end 2009/02/20 12:32:26 1.8
| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | @comment $NetBSD: PLIST.common_end,v 1.7 2008/06/19 14:35:37 taca Exp $ | | 1 | @comment $NetBSD: PLIST.common_end,v 1.8 2009/02/20 12:32:26 taca Exp $ |
| 2 | @dirrm ${RUBY_LIB}/bigdecimal | | 2 | @dirrm ${RUBY_LIB}/bigdecimal |
| 3 | @dirrm ${RUBY_LIB}/cgi/session | | 3 | @dirrm ${RUBY_LIB}/cgi/session |
| 4 | @dirrm ${RUBY_LIB}/cgi | | 4 | @dirrm ${RUBY_LIB}/cgi |
| 5 | @dirrm ${RUBY_LIB}/date | | 5 | @dirrm ${RUBY_LIB}/date |
| 6 | @dirrm ${RUBY_LIB}/digest | | 6 | @dirrm ${RUBY_LIB}/digest |
| 7 | @dirrm ${RUBY_LIB}/dl | | 7 | @dirrm ${RUBY_LIB}/dl |
| 8 | @dirrm ${RUBY_LIB}/drb | | 8 | @dirrm ${RUBY_LIB}/drb |
| 9 | @dirrm ${RUBY_ARCHLIB}/digest | | 9 | @dirrm ${RUBY_ARCHLIB}/digest |
| 10 | ${PLIST.io}@dirrm ${RUBY_ARCHLIB}/io | | 10 | ${PLIST.io}@dirrm ${RUBY_ARCHLIB}/io |
| 11 | @dirrm ${RUBY_ARCHLIB}/racc | | 11 | @dirrm ${RUBY_ARCHLIB}/racc |
| 12 | @dirrm ${RUBY_ARCHLIB} | | 12 | @dirrm ${RUBY_ARCHLIB} |
| 13 | @dirrm ${RUBY_VENDORARCHLIB} | | 13 | @dirrm ${RUBY_VENDORARCHLIB} |
| 14 | @dirrm ${RUBY_VENDORLIB} | | 14 | @dirrm ${RUBY_VENDORLIB} |
| @@ -90,14 +90,14 @@ ${PLIST.io}@dirrm ${RUBY_LIB}/io | | | @@ -90,14 +90,14 @@ ${PLIST.io}@dirrm ${RUBY_LIB}/io |
| 90 | @dirrm ${RUBY_EG}/dl | | 90 | @dirrm ${RUBY_EG}/dl |
| 91 | @dirrm ${RUBY_EG}/drb | | 91 | @dirrm ${RUBY_EG}/drb |
| 92 | @dirrm ${RUBY_EG}/erb | | 92 | @dirrm ${RUBY_EG}/erb |
| 93 | @dirrm ${RUBY_EG}/logger | | 93 | @dirrm ${RUBY_EG}/logger |
| 94 | @dirrm ${RUBY_EG}/openssl | | 94 | @dirrm ${RUBY_EG}/openssl |
| 95 | @dirrm ${RUBY_EG}/optparse | | 95 | @dirrm ${RUBY_EG}/optparse |
| 96 | @dirrm ${RUBY_EG}/pty | | 96 | @dirrm ${RUBY_EG}/pty |
| 97 | @dirrm ${RUBY_EG}/rss | | 97 | @dirrm ${RUBY_EG}/rss |
| 98 | @dirrm ${RUBY_EG}/testunit | | 98 | @dirrm ${RUBY_EG}/testunit |
| 99 | @dirrm ${RUBY_EG}/webrick | | 99 | @dirrm ${RUBY_EG}/webrick |
| 100 | @dirrm ${RUBY_EG} | | 100 | @dirrm ${RUBY_EG} |
| 101 | @dirrm ${RUBY_SITERIDIR} | | 101 | @dirrm ${RUBY_SITERIDIR} |
| 102 | @dirrm ${RUBY_BASERIDIR} | | 102 | @dirrm ${RUBY_BASERIDIR} |
| 103 | @dirrm ${RUBY_RIDIR} | | 103 | @unexec ${RMDIR} %D/${RUBY_RIDIR} 2>/dev/null || ${TRUE} |
--- pkgsrc/lang/ruby18-base/Attic/distinfo 2008/09/14 05:17:18 1.34
+++ pkgsrc/lang/ruby18-base/Attic/distinfo 2009/02/20 12:32:26 1.35
| @@ -1,10 +1,11 @@ | | | @@ -1,10 +1,11 @@ |
| 1 | $NetBSD: distinfo,v 1.34 2008/09/14 05:17:18 taca Exp $ | | 1 | $NetBSD: distinfo,v 1.35 2009/02/20 12:32:26 taca Exp $ |
| 2 | | | 2 | |
| 3 | SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7 | | 3 | SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7 |
| 4 | RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b | | 4 | RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b |
| 5 | Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes | | 5 | Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes |
| 6 | SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994 | | 6 | SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994 |
| 7 | SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7 | | 7 | SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7 |
| 8 | SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b | | 8 | SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b |
| 9 | SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e | | 9 | SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e |
| 10 | SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c | | 10 | SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c |
| | | 11 | SHA1 (patch-dj) = a325fcec8d90b8d550d0e4e858d60dd91b4d23c6 |
$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
Online Certificate Status Protocol's verify method fix from Ruby's
repository: revision 22440.
--- ext/openssl/ossl_ocsp.c.orig 2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_ocsp.c
@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
static VALUE
ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
{
- VALUE certs, store, flags;
+ VALUE certs, store, flags, result;
OCSP_BASICRESP *bs;
STACK_OF(X509) *x509s;
X509_STORE *x509st;
- int flg, result;
+ int flg;
rb_scan_args(argc, argv, "21", &certs, &store, &flags);
x509st = GetX509StorePtr(store);
flg = NIL_P(flags) ? 0 : INT2NUM(flags);
x509s = ossl_x509_ary2sk(certs);
GetOCSPBasicRes(self, bs);
- result = OCSP_basic_verify(bs, x509s, x509st, flg);
+ result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
- return result ? Qtrue : Qfalse;
+ return result;
}
/*