Apply patch from Ruby's repository, revision 22440.

It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always
return false when verify was failed in OpenSSL's correspondence library.
(It might be possible security risk for using OCPS.

Fix small PLIST improvement, too.

Bump PKGREVISION.

4 files changed, 40 insertions, 5 deletions

diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile
index e48c79aa5fe..164e5eb4181 100644
--- a/lang/ruby18-base/Makefile
+++ b/lang/ruby18-base/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.48 2008/09/15 03:30:22 taca Exp $
+# $NetBSD: Makefile,v 1.49 2009/02/20 12:32:26 taca Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
-PKGREVISION=	2
+PKGREVISION=	3
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 #PKGREVISION=
diff --git a/lang/ruby18-base/PLIST.common_end b/lang/ruby18-base/PLIST.common_end
index 59e7254a7e4..07b1887f623 100644
--- a/lang/ruby18-base/PLIST.common_end
+++ b/lang/ruby18-base/PLIST.common_end
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST.common_end,v 1.7 2008/06/19 14:35:37 taca Exp $
+@comment $NetBSD: PLIST.common_end,v 1.8 2009/02/20 12:32:26 taca Exp $
 @dirrm ${RUBY_LIB}/bigdecimal
 @dirrm ${RUBY_LIB}/cgi/session
 @dirrm ${RUBY_LIB}/cgi
@@ -100,4 +100,4 @@ ${PLIST.io}@dirrm ${RUBY_LIB}/io
 @dirrm ${RUBY_EG}
 @dirrm ${RUBY_SITERIDIR}
 @dirrm ${RUBY_BASERIDIR}
-@dirrm ${RUBY_RIDIR}
+@unexec ${RMDIR} %D/${RUBY_RIDIR} 2>/dev/null || ${TRUE}
diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo
index 74ff8c4247a..d5ff86fde13 100644
--- a/lang/ruby18-base/distinfo
+++ b/lang/ruby18-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.34 2008/09/14 05:17:18 taca Exp $
+$NetBSD: distinfo,v 1.35 2009/02/20 12:32:26 taca Exp $
 
 SHA1 (ruby-1.8.7-p72.tar.bz2) = 462e990a724580e4dfeeac5a271b93f6cfcbf5c7
 RMD160 (ruby-1.8.7-p72.tar.bz2) = 07bf0d6987ba111aed988093c569fb66ba54891b
@@ -8,3 +8,4 @@ SHA1 (patch-ab) = 239872c5faf95c05d2a94fe5f40af5b8541423c7
 SHA1 (patch-ac) = eb4dd068729ba2a2c7d4d659f6bcdb1410227f3b
 SHA1 (patch-dg) = 6c92da2111af7dd09d9cc28d1d82612ead14283e
 SHA1 (patch-dh) = ac637345ee171892b551f34d0deb65f238060c7c
+SHA1 (patch-dj) = a325fcec8d90b8d550d0e4e858d60dd91b4d23c6
diff --git a/lang/ruby18-base/patches/patch-dj b/lang/ruby18-base/patches/patch-dj
new file mode 100644
index 00000000000..3b3cf7a1fc9
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-dj
@@ -0,0 +1,34 @@
+$NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $
+
+Online Certificate Status Protocol's verify method fix from Ruby's
+repository: revision 22440.
+
+--- ext/openssl/ossl_ocsp.c.orig	2007-06-09 00:02:04.000000000 +0900
++++ ext/openssl/ossl_ocsp.c
+@@ -589,22 +589,22 @@ ossl_ocspbres_sign(int argc, VALUE *argv
+ static VALUE
+ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
+ {
+-    VALUE certs, store, flags;
++    VALUE certs, store, flags, result;
+     OCSP_BASICRESP *bs;
+     STACK_OF(X509) *x509s;
+     X509_STORE *x509st;
+-    int flg, result;
++    int flg;
+ 
+     rb_scan_args(argc, argv, "21", &certs, &store, &flags);
+     x509st = GetX509StorePtr(store);
+     flg = NIL_P(flags) ? 0 : INT2NUM(flags);
+     x509s = ossl_x509_ary2sk(certs);
+     GetOCSPBasicRes(self, bs);
+-    result = OCSP_basic_verify(bs, x509s, x509st, flg);
++    result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
+     sk_X509_pop_free(x509s, X509_free);
+     if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
+ 
+-    return result ? Qtrue : Qfalse;
++    return result;
+ }
+ 
+ /*