Update ruby18-base-1.8.7.160 (1.8.7-p160).

This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7.  Check the ChangeLog for more details.

Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.

3 files changed, 0 insertions, 92 deletions

diff --git a/lang/ruby18-base/patches/patch-dg b/lang/ruby18-base/patches/patch-dg
deleted file mode 100644
index c056818b5f2..00000000000
--- a/lang/ruby18-base/patches/patch-dg
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/document.rb.orig	2008-06-06 17:05:24.000000000 +0900
-+++ lib/rexml/document.rb
-@@ -32,6 +32,7 @@ module REXML
- 	  # @param context if supplied, contains the context of the document;
- 	  # this should be a Hash.
- 		def initialize( source = nil, context = {} )
-+      @entity_expansion_count = 0
- 			super()
- 			@context = context
- 			return if source.nil?
-@@ -200,6 +201,27 @@ module REXML
- 			Parsers::StreamParser.new( source, listener ).parse
- 		end
- 
-+    @@entity_expansion_limit = 10_000
-+
-+    # Set the entity expansion limit. By default the limit is set to 10000.
-+    def Document::entity_expansion_limit=( val )
-+      @@entity_expansion_limit = val
-+    end
-+
-+    # Get the entity expansion limit. By default the limit is set to 10000.
-+    def Document::entity_expansion_limit
-+      return @@entity_expansion_limit
-+    end
-+
-+    attr_reader :entity_expansion_count
-+    
-+    def record_entity_expansion
-+      @entity_expansion_count += 1
-+      if @entity_expansion_count > @@entity_expansion_limit
-+        raise "number of entity expansions exceeded, processing aborted."
-+      end
-+    end
-+
- 		private
- 		def build( source )
-       Parsers::TreeParser.new( source, self ).parse
diff --git a/lang/ruby18-base/patches/patch-dh b/lang/ruby18-base/patches/patch-dh
deleted file mode 100644
index 9db6472587f..00000000000
--- a/lang/ruby18-base/patches/patch-dh
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/entity.rb.orig	2008-04-18 16:22:13.000000000 +0900
-+++ lib/rexml/entity.rb
-@@ -73,6 +73,7 @@ module REXML
- 		# all entities -- both %ent; and &ent; entities.  This differs from
- 		# +value()+ in that +value+ only replaces %ent; entities.
- 		def unnormalized
-+                        document.record_entity_expansion
- 			v = value()
- 			return nil if v.nil?
- 			@unnormalized = Text::unnormalize(v, parent)
diff --git a/lang/ruby18-base/patches/patch-dj b/lang/ruby18-base/patches/patch-dj
deleted file mode 100644
index 3b3cf7a1fc9..00000000000
--- a/lang/ruby18-base/patches/patch-dj
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
-
-Online Certificate Status Protocol's verify method fix from Ruby's
-repository: revision 22440.
-
---- ext/openssl/ossl_ocsp.c.orig	2007-06-09 00:02:04.000000000 +0900
-+++ ext/openssl/ossl_ocsp.c
-@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
- static VALUE
- ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
- {
--    VALUE certs, store, flags;
-+    VALUE certs, store, flags, result;
-     OCSP_BASICRESP *bs;
-     STACK_OF(X509) *x509s;
-     X509_STORE *x509st;
--    int flg, result;
-+    int flg;
- 
-     rb_scan_args(argc, argv, "21", &certs, &store, &flags);
-     x509st = GetX509StorePtr(store);
-     flg = NIL_P(flags) ? 0 : INT2NUM(flags);
-     x509s = ossl_x509_ary2sk(certs);
-     GetOCSPBasicRes(self, bs);
--    result = OCSP_basic_verify(bs, x509s, x509st, flg);
-+    result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
-     sk_X509_pop_free(x509s, X509_free);
-     if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
- 
--    return result ? Qtrue : Qfalse;
-+    return result;
- }
- 
- /*