diff options
author | taca <taca> | 2007-09-30 04:08:15 +0000 |
---|---|---|
committer | taca <taca> | 2007-09-30 04:08:15 +0000 |
commit | 54f5750eae9156c8d7e6e845296d3f0abd08aa50 (patch) | |
tree | 5935832f6e0a1ad12ac75700df13218b077207b3 /lang/ruby18-base/patches | |
parent | 5b2d622be56ed5e024a07884cd5c15b04162ab22 (diff) | |
download | pkgsrc-54f5750eae9156c8d7e6e845296d3f0abd08aa50.tar.gz |
Add patches against Ruby 1.8.6-p111. Since 1.8.6-p111 dosen't
officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.
This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.
Bump PKGREVISION.
Diffstat (limited to 'lang/ruby18-base/patches')
-rw-r--r-- | lang/ruby18-base/patches/patch-ag | 13 | ||||
-rw-r--r-- | lang/ruby18-base/patches/patch-ai | 22 | ||||
-rw-r--r-- | lang/ruby18-base/patches/patch-dh | 37 | ||||
-rw-r--r-- | lang/ruby18-base/patches/patch-di | 29 |
4 files changed, 101 insertions, 0 deletions
diff --git a/lang/ruby18-base/patches/patch-ag b/lang/ruby18-base/patches/patch-ag new file mode 100644 index 00000000000..6083b9eee61 --- /dev/null +++ b/lang/ruby18-base/patches/patch-ag @@ -0,0 +1,13 @@ +$NetBSD: patch-ag,v 1.3 2007/09/30 04:08:16 taca Exp $ + +--- ext/openssl/lib/openssl/ssl.rb.orig 2007-02-13 08:01:19.000000000 +0900 ++++ ext/openssl/lib/openssl/ssl.rb +@@ -88,7 +88,7 @@ module OpenSSL + end + } + end +- raise SSLError, "hostname not match" ++ raise SSLError, "hostname was not match with the server certificate" + end + end + diff --git a/lang/ruby18-base/patches/patch-ai b/lang/ruby18-base/patches/patch-ai new file mode 100644 index 00000000000..9b97d3b0d53 --- /dev/null +++ b/lang/ruby18-base/patches/patch-ai @@ -0,0 +1,22 @@ +$NetBSD: patch-ai,v 1.1 2007/09/30 04:08:16 taca Exp $ + +--- ChangeLog.orig 2007-09-23 09:01:50.000000000 +0900 ++++ ChangeLog +@@ -1,3 +1,17 @@ ++Sun Sep 23 21:57:25 2007 GOTOU Yuuzou <gotoyuzo@notwork.org> ++ ++ * lib/net/http.rb: an SSL verification (the server hostname should ++ be matched with its certificate's commonName) is added. ++ this verification can be skipped by ++ "Net::HTTP#enable_post_connection_check=(false)". ++ suggested by Chris Clark <cclark at isecpartners.com> ++ ++ * lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to ++ perform SSL post connection check. ++ ++ * ext/openssl/lib/openssl/ssl.c ++ (OpenSSL::SSL::SSLSocket#post_connection_check): refine error message. ++ + Sun Sep 23 07:49:49 2007 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * eval.c, intern.h, ext/thread/thread.c: should not free queue while diff --git a/lang/ruby18-base/patches/patch-dh b/lang/ruby18-base/patches/patch-dh new file mode 100644 index 00000000000..9300c8b76f0 --- /dev/null +++ b/lang/ruby18-base/patches/patch-dh @@ -0,0 +1,37 @@ +$NetBSD: patch-dh,v 1.1 2007/09/30 04:08:17 taca Exp $ + +--- lib/net/http.rb.orig 2007-02-13 08:01:19.000000000 +0900 ++++ lib/net/http.rb +@@ -470,6 +470,7 @@ module Net #:nodoc: + @debug_output = nil + @use_ssl = false + @ssl_context = nil ++ @enable_post_connection_check = true + end + + def inspect +@@ -526,6 +527,9 @@ module Net #:nodoc: + false # redefined in net/https + end + ++ # specify enabling SSL server certificate and hostname checking. ++ attr_accessor :enable_post_connection_check ++ + # Opens TCP connection and HTTP session. + # + # When this method is called with block, gives a HTTP object +@@ -584,6 +588,14 @@ module Net #:nodoc: + HTTPResponse.read_new(@socket).value + end + s.connect ++ if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE ++ begin ++ s.post_connection_check(@address) ++ rescue OpenSSL::SSL::SSLError => ex ++ raise ex if @enable_post_connection_check ++ warn ex.message ++ end ++ end + end + on_connect + end diff --git a/lang/ruby18-base/patches/patch-di b/lang/ruby18-base/patches/patch-di new file mode 100644 index 00000000000..fd052258ed5 --- /dev/null +++ b/lang/ruby18-base/patches/patch-di @@ -0,0 +1,29 @@ +$NetBSD: patch-di,v 1.1 2007/09/30 04:08:17 taca Exp $ + +--- lib/open-uri.rb.orig 2007-02-13 08:01:19.000000000 +0900 ++++ lib/open-uri.rb +@@ -229,6 +229,7 @@ module OpenURI + if target.class == URI::HTTPS + require 'net/https' + http.use_ssl = true ++ http.enable_post_connection_check = true + http.verify_mode = OpenSSL::SSL::VERIFY_PEER + store = OpenSSL::X509::Store.new + store.set_default_paths +@@ -240,16 +241,6 @@ module OpenURI + + resp = nil + http.start { +- if target.class == URI::HTTPS +- # xxx: information hiding violation +- sock = http.instance_variable_get(:@socket) +- if sock.respond_to?(:io) +- sock = sock.io # 1.9 +- else +- sock = sock.instance_variable_get(:@socket) # 1.8 +- end +- sock.post_connection_check(target_host) +- end + req = Net::HTTP::Get.new(request_uri, header) + if options.include? :http_basic_authentication + user, pass = options[:http_basic_authentication] |