Fri Feb 20 12:32:26 2009 UTC ()
Apply patch from Ruby's repository, revision 22440.
It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always
return false when verify was failed in OpenSSL's correspondence library.
(It might be possible security risk for using OCPS.
Fix small PLIST improvement, too.
Bump PKGREVISION.
(taca)
diff -r1.48 -r1.49 pkgsrc/lang/ruby18-base/Makefile
diff -r1.7 -r1.8 pkgsrc/lang/ruby18-base/PLIST.common_end
diff -r1.34 -r1.35 pkgsrc/lang/ruby18-base/distinfo
diff -r0 -r1.2 pkgsrc/lang/ruby18-base/patches/patch-dj
--- pkgsrc/lang/ruby18-base/Attic/Makefile 2008/09/15 03:30:22 1.48
+++ pkgsrc/lang/ruby18-base/Attic/Makefile 2009/02/20 12:32:26 1.49
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.48 2008/09/15 03:30:22 taca Exp $
+# $NetBSD: Makefile,v 1.49 2009/02/20 12:32:26 taca Exp $
#
DISTNAME= ${RUBY_DISTNAME}
PKGNAME= ${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
-PKGREVISION= 2
+PKGREVISION= 3
CATEGORIES= lang ruby
MASTER_SITES= ${MASTER_SITE_RUBY}
#PKGREVISION=
--- pkgsrc/lang/ruby18-base/Attic/PLIST.common_end 2008/06/19 14:35:37 1.7
+++ pkgsrc/lang/ruby18-base/Attic/PLIST.common_end 2009/02/20 12:32:26 1.8
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST.common_end,v 1.7 2008/06/19 14:35:37 taca Exp $
+@comment $NetBSD: PLIST.common_end,v 1.8 2009/02/20 12:32:26 taca Exp $
@dirrm ${RUBY_LIB}/bigdecimal
@dirrm ${RUBY_LIB}/cgi/session
@dirrm ${RUBY_LIB}/cgi
@@ -100,4 +100,4 @@
@dirrm ${RUBY_EG}
@dirrm ${RUBY_SITERIDIR}
@dirrm ${RUBY_BASERIDIR}
-@dirrm ${RUBY_RIDIR}
+@unexec ${RMDIR} %D/${RUBY_RIDIR} 2>/dev/null || ${TRUE}
--- pkgsrc/lang/ruby18-base/Attic/distinfo 2008/09/14 05:17:18 1.34
+++ pkgsrc/lang/ruby18-base/Attic/distinfo 2009/02/20 12:32:26 1.35
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2008/09/14 05:17:18 taca Exp $
+$NetBSD: distinfo,v 1.35 2009/02/20 12:32:26 taca Exp $
SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
@@ -8,3 +8,4 @@
SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e
SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c
+SHA1 (patch-dj) = a325fcec8d90b8d550d0e4e858d60dd91b4d23c6
$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
Online Certificate Status Protocol's verify method fix from Ruby's
repository: revision 22440.
--- ext/openssl/ossl_ocsp.c.orig 2007-06-09 00:02:04.000000000 +0900
+++ ext/openssl/ossl_ocsp.c
@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
static VALUE
ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
{
- VALUE certs, store, flags;
+ VALUE certs, store, flags, result;
OCSP_BASICRESP *bs;
STACK_OF(X509) *x509s;
X509_STORE *x509st;
- int flg, result;
+ int flg;
rb_scan_args(argc, argv, "21", &certs, &store, &flags);
x509st = GetX509StorePtr(store);
flg = NIL_P(flags) ? 0 : INT2NUM(flags);
x509s = ossl_x509_ary2sk(certs);
GetOCSPBasicRes(self, bs);
- result = OCSP_basic_verify(bs, x509s, x509st, flg);
+ result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
sk_X509_pop_free(x509s, X509_free);
if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
- return result ? Qtrue : Qfalse;
+ return result;
}
/*