Update ruby18-base-1.8.7.160 (1.8.7-p160).

This release is counterpart of 1.8.6-p368, so many bugs are fixed
since the latest 1.8.7.  Check the ChangeLog for more details.

Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447.

5 files changed, 5 insertions, 101 deletions

diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile
index 164e5eb4181..70ac8b264e9 100644
--- a/lang/ruby18-base/Makefile
+++ b/lang/ruby18-base/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.49 2009/02/20 12:32:26 taca Exp $
+# $NetBSD: Makefile,v 1.50 2009/04/16 17:11:12 taca Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
-PKGREVISION=	3
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 #PKGREVISION=
diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo
index d5ff86fde13..8599d49f653 100644
--- a/lang/ruby18-base/distinfo
+++ b/lang/ruby18-base/distinfo
@@ -1,11 +1,8 @@
-$NetBSD: distinfo,v 1.35 2009/02/20 12:32:26 taca Exp $
+$NetBSD: distinfo,v 1.36 2009/04/16 17:11:12 taca Exp $
 
-SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
-RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
-Size (ruby-1.8.7-p72.tar.bz2) = 4127450 bytes
+SHA1 (ruby-1.8.7-p160.tar.bz2) = 64ed631a819f28d9dd86d2c699e1b0a94d7e5dc9
+RMD160 (ruby-1.8.7-p160.tar.bz2) = 77469c9c4e9303f2ec8ca72a0cbf98b674cb1415
+Size (ruby-1.8.7-p160.tar.bz2) = 4137518 bytes
 SHA1 (patch-aa) = 59f4462dada7e7b00c7a773c8a95454f3dc4f994
 SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7
 SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
-SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e
-SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c
-SHA1 (patch-dj) = a325fcec8d90b8d550d0e4e858d60dd91b4d23c6
diff --git a/lang/ruby18-base/patches/patch-dg b/lang/ruby18-base/patches/patch-dg
deleted file mode 100644
index c056818b5f2..00000000000
--- a/lang/ruby18-base/patches/patch-dg
+++ /dev/null
@@ -1,43 +0,0 @@
-$NetBSD: patch-dg,v 1.5 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/document.rb.orig	2008-06-06 17:05:24.000000000 +0900
-+++ lib/rexml/document.rb
-@@ -32,6 +32,7 @@ module REXML
- 	  # @param context if supplied, contains the context of the document;
- 	  # this should be a Hash.
- 		def initialize( source = nil, context = {} )
-+      @entity_expansion_count = 0
- 			super()
- 			@context = context
- 			return if source.nil?
-@@ -200,6 +201,27 @@ module REXML
- 			Parsers::StreamParser.new( source, listener ).parse
- 		end
- 
-+    @@entity_expansion_limit = 10_000
-+
-+    # Set the entity expansion limit. By default the limit is set to 10000.
-+    def Document::entity_expansion_limit=( val )
-+      @@entity_expansion_limit = val
-+    end
-+
-+    # Get the entity expansion limit. By default the limit is set to 10000.
-+    def Document::entity_expansion_limit
-+      return @@entity_expansion_limit
-+    end
-+
-+    attr_reader :entity_expansion_count
-+    
-+    def record_entity_expansion
-+      @entity_expansion_count += 1
-+      if @entity_expansion_count > @@entity_expansion_limit
-+        raise "number of entity expansions exceeded, processing aborted."
-+      end
-+    end
-+
- 		private
- 		def build( source )
-       Parsers::TreeParser.new( source, self ).parse
diff --git a/lang/ruby18-base/patches/patch-dh b/lang/ruby18-base/patches/patch-dh
deleted file mode 100644
index 9db6472587f..00000000000
--- a/lang/ruby18-base/patches/patch-dh
+++ /dev/null
@@ -1,15 +0,0 @@
-$NetBSD: patch-dh,v 1.3 2008/09/14 05:17:18 taca Exp $
-
-Fix for http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3790.
-(http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/)
-
---- lib/rexml/entity.rb.orig	2008-04-18 16:22:13.000000000 +0900
-+++ lib/rexml/entity.rb
-@@ -73,6 +73,7 @@ module REXML
- 		# all entities -- both %ent; and &ent; entities.  This differs from
- 		# +value()+ in that +value+ only replaces %ent; entities.
- 		def unnormalized
-+                        document.record_entity_expansion
- 			v = value()
- 			return nil if v.nil?
- 			@unnormalized = Text::unnormalize(v, parent)
diff --git a/lang/ruby18-base/patches/patch-dj b/lang/ruby18-base/patches/patch-dj
deleted file mode 100644
index 3b3cf7a1fc9..00000000000
--- a/lang/ruby18-base/patches/patch-dj
+++ /dev/null
@@ -1,34 +0,0 @@
-$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
-
-Online Certificate Status Protocol's verify method fix from Ruby's
-repository: revision 22440.
-
---- ext/openssl/ossl_ocsp.c.orig	2007-06-09 00:02:04.000000000 +0900
-+++ ext/openssl/ossl_ocsp.c
-@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
- static VALUE
- ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
- {
--    VALUE certs, store, flags;
-+    VALUE certs, store, flags, result;
-     OCSP_BASICRESP *bs;
-     STACK_OF(X509) *x509s;
-     X509_STORE *x509st;
--    int flg, result;
-+    int flg;
- 
-     rb_scan_args(argc, argv, "21", &certs, &store, &flags);
-     x509st = GetX509StorePtr(store);
-     flg = NIL_P(flags) ? 0 : INT2NUM(flags);
-     x509s = ossl_x509_ary2sk(certs);
-     GetOCSPBasicRes(self, bs);
--    result = OCSP_basic_verify(bs, x509s, x509st, flg);
-+    result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
-     sk_X509_pop_free(x509s, X509_free);
-     if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
- 
--    return result ? Qtrue : Qfalse;
-+    return result;
- }
- 
- /*