cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Update ruby 1.9.1 to p430. This release fixes CVE-2010-0541.

Browse Source 
- Fix CVE-2010-0541 in ruby18.  Bump portrevision.
- Fix ruby19 build with openssl 1.1.
This commit is contained in:
Stanislav Sedov 2010-08-18 03:46:00 +00:00
parent 8e6bfd22de
commit 60808d3d09
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=259464
5 changed files with 224 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Mk/bsd.ruby.mk
View File

@ -170,7 +170,7 @@ RUBY?= ${LOCALBASE}/bin/${RUBY_NAME}
# Ruby 1.8
#
RUBY_RELVERSION= 1.8.7
RUBY_PORTREVISION= 2
RUBY_PORTREVISION= 3
RUBY_PORTEPOCH= 1
RUBY_PATCHLEVEL= 248
@ -198,9 +198,9 @@ RUBY19= "@comment "
# Ruby 1.9
#
RUBY_RELVERSION= 1.9.1
RUBY_PORTREVISION= 1
RUBY_PORTREVISION= 0
RUBY_PORTEPOCH= 1
RUBY_PATCHLEVEL= 376
RUBY_PATCHLEVEL= 430
RUBY_VERSION?= ${RUBY_RELVERSION}.${RUBY_PATCHLEVEL}
RUBY_DISTVERSION?= ${RUBY_RELVERSION}-p${RUBY_PATCHLEVEL}

11
lang/ruby18/files/patch-lib_webrick_httpresponse.rb Normal file
View File

@ -0,0 +1,11 @@
--- lib/webrick/httpresponse.rb.orig 2010-08-17 18:54:44.000000000 -0700
+++ lib/webrick/httpresponse.rb 2010-08-17 18:54:58.000000000 -0700
@@ -209,7 +209,7 @@
@keep_alive = false
self.status = HTTPStatus::RC_INTERNAL_SERVER_ERROR
end
- @header['content-type'] = "text/html"
+ @header['content-type'] = "text/html; charset=ISO-8859-1"
if respond_to?(:create_error_page)
create_error_page()

6
lang/ruby19/distinfo
View File

@ -1,3 +1,3 @@
MD5 (ruby/ruby-1.9.1-p376.tar.bz2) = e019ae9c643c5efe91be49e29781fb94
SHA256 (ruby/ruby-1.9.1-p376.tar.bz2) = 79164e647e23bb7c705195e0075ce6020c30dd5ec4f8c8a12a100fe0eb0d6783
SIZE (ruby/ruby-1.9.1-p376.tar.bz2) = 7293106
MD5 (ruby/ruby-1.9.1-p430.tar.bz2) = f855103aebeb3318dccb409319b547a0
SHA256 (ruby/ruby-1.9.1-p430.tar.bz2) = 8d5cc11d819e476fb651db783f714cc4100922f47447f7acdce87ed769cf9d97
SIZE (ruby/ruby-1.9.1-p430.tar.bz2) = 7299829

207
lang/ruby19/files/patch-ssl1.0-compat Normal file
View File

@ -0,0 +1,207 @@
commit 76526d091f1caeebf65667b8299eac12d63a36ca
Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
Date: Fri Jan 15 21:53:20 2010 +0900
OpenSSL
diff --git a/ext/openssl/ossl.c ext/openssl/ossl.c
index d4a2dc1..85ba654 100644
--- a/ext/openssl/ossl.c
+++ ext/openssl/ossl.c
@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
#define OSSL_IMPL_SK2ARY(name, type) \
VALUE \
-ossl_##name##_sk2ary(STACK *sk) \
+ossl_##name##_sk2ary(STACK_OF(type) *sk) \
{ \
type *t; \
int i, num; \
@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \
OSSL_Debug("empty sk!"); \
return Qnil; \
} \
- num = sk_num(sk); \
+ num = sk_##type##_num(sk); \
if (num < 0) { \
OSSL_Debug("items in sk < -1???"); \
return rb_ary_new(); \
@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \
ary = rb_ary_new2(num); \
\
for (i=0; i<num; i++) { \
- t = (type *)sk_value(sk, i); \
+ t = sk_##type##_value(sk, i); \
rb_ary_push(ary, ossl_##name##_new(t)); \
} \
return ary; \
diff --git a/ext/openssl/ossl.h ext/openssl/ossl.h
index 9ac1525..4bb18d5 100644
--- a/ext/openssl/ossl.h
+++ ext/openssl/ossl.h
@@ -104,6 +104,13 @@ extern VALUE eOSSLError;
} while (0)
/*
+ * Compatibility
+ */
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+#define STACK _STACK
+#endif
+
+/*
* String to HEXString conversion
*/
int string2hex(const unsigned char *, int, char **, int *);
diff --git a/ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkcs7.c
index fe1ef7c..b0cc656 100644
--- a/ext/openssl/ossl_pkcs7.c
+++ ext/openssl/ossl_pkcs7.c
@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
return self;
}
-static STACK *
-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
+static STACK_OF(X509) *
+pkcs7_get_certs(VALUE self)
{
PKCS7 *pkcs7;
STACK_OF(X509) *certs;
- STACK_OF(X509_CRL) *crls;
int i;
GetPKCS7(self, pkcs7);
@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs)
switch(i){
case NID_pkcs7_signed:
certs = pkcs7->d.sign->cert;
- crls = pkcs7->d.sign->crl;
break;
case NID_pkcs7_signedAndEnveloped:
certs = pkcs7->d.signed_and_enveloped->cert;
+ break;
+ default:
+ certs = NULL;
+ }
+
+ return certs;
+}
+
+static STACK_OF(X509_CRL) *
+pkcs7_get_crls(VALUE self)
+{
+ PKCS7 *pkcs7;
+ STACK_OF(X509_CRL) *crls;
+ int i;
+
+ GetPKCS7(self, pkcs7);
+ i = OBJ_obj2nid(pkcs7->type);
+ switch(i){
+ case NID_pkcs7_signed:
+ crls = pkcs7->d.sign->crl;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
crls = pkcs7->d.signed_and_enveloped->crl;
break;
default:
- certs = crls = NULL;
+ crls = NULL;
}
- return want_certs ? certs : crls;
+ return crls;
}
static VALUE
@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
STACK_OF(X509) *certs;
X509 *cert;
- certs = pkcs7_get_certs_or_crls(self, 1);
+ certs = pkcs7_get_certs(self);
while((cert = sk_X509_pop(certs))) X509_free(cert);
rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
static VALUE
ossl_pkcs7_get_certificates(VALUE self)
{
- return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
+ return ossl_x509_sk2ary(pkcs7_get_certs(self));
}
static VALUE
@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
STACK_OF(X509_CRL) *crls;
X509_CRL *crl;
- crls = pkcs7_get_certs_or_crls(self, 0);
+ crls = pkcs7_get_crls(self);
while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
static VALUE
ossl_pkcs7_get_crls(VALUE self)
{
- return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
+ return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
}
static VALUE
diff --git a/ext/openssl/ossl_ssl.c ext/openssl/ossl_ssl.c
index 97c5583..fe6e74f 100644
--- a/ext/openssl/ossl_ssl.c
+++ ext/openssl/ossl_ssl.c
@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
}
chain = SSL_get_peer_cert_chain(ssl);
if(!chain) return Qnil;
- num = sk_num(chain);
+ num = sk_X509_num(chain);
ary = rb_ary_new2(num);
for (i = 0; i < num; i++){
- cert = (X509*)sk_value(chain, i);
+ cert = sk_X509_value(chain, i);
rb_ary_push(ary, ossl_x509_new(cert));
}
diff --git a/ext/openssl/ossl_x509attr.c ext/openssl/ossl_x509attr.c
index 1f817cd..2a4c481 100644
--- a/ext/openssl/ossl_x509attr.c
+++ ext/openssl/ossl_x509attr.c
@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self)
ossl_str_adjust(str, p);
}
else{
- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+ length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
+ (unsigned char **) NULL, i2d_ASN1_TYPE,
+ V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
str = rb_str_new(0, length);
p = (unsigned char *)RSTRING_PTR(str);
i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
diff --git a/ext/openssl/ossl_x509crl.c ext/openssl/ossl_x509crl.c
index 1be9640..818fdba 100644
--- a/ext/openssl/ossl_x509crl.c
+++ ext/openssl/ossl_x509crl.c
@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self)
VALUE ary, revoked;
GetX509CRL(self, crl);
- num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
+ num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
if (num < 0) {
OSSL_Debug("num < 0???");
return rb_ary_new();
@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self)
ary = rb_ary_new2(num);
for(i=0; i<num; i++) {
/* NO DUP - don't free! */
- rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
+ rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
revoked = ossl_x509revoked_new(rev);
rb_ary_push(ary, revoked);
}

10
lang/ruby19/files/patch-tempfile.rb
View File

@ -1,10 +0,0 @@
--- lib/tempfile.rb.orig 2009-07-15 21:57:41.000000000 +1000
+++ lib/tempfile.rb 2009-10-23 21:31:49.159715744 +1100
@@ -137,7 +137,6 @@
# keep this order for thread safeness
begin
if File.exist?(@tmpname)
- closed? or close
File.unlink(@tmpname)
end
@@cleanlist.delete(@tmpname)