Add patches against Ruby 1.8.6-p111. Since 1.8.6-p111 dosen't

officially released (SVN's tag only), I decide to keep pkgsrc's Ruby's
version.

This isn't leaf package but fixes security problem reported by
http://www.isecpartners.com/advisories/2007-006-rubyssl.txt.

Bump PKGREVISION.

6 files changed, 108 insertions, 2 deletions

diff --git a/lang/ruby18-base/Makefile b/lang/ruby18-base/Makefile
index a0cca3c02c2..fb700d80753 100644
--- a/lang/ruby18-base/Makefile
+++ b/lang/ruby18-base/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.36 2007/09/09 14:17:13 taca Exp $
+# $NetBSD: Makefile,v 1.37 2007/09/30 04:08:15 taca Exp $
 #
 
 DISTNAME=	${RUBY_DISTNAME}
 PKGNAME=	${RUBY_PKGPREFIX}-base-${RUBY_VERSION_SUFFIX}
+PKGREVISION=	1
 CATEGORIES=	lang ruby
 MASTER_SITES=	${MASTER_SITE_RUBY}
 
diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo
index ca47954ab3e..09dd83635d1 100644
--- a/lang/ruby18-base/distinfo
+++ b/lang/ruby18-base/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2007/09/24 21:58:27 taca Exp $
+$NetBSD: distinfo,v 1.22 2007/09/30 04:08:15 taca Exp $
 
 SHA1 (ruby-1.8.6-p110.tar.bz2) = b9c980dabd6c99f3663d463a586b18f2637c9e5b
 RMD160 (ruby-1.8.6-p110.tar.bz2) = 7acff85e7604ec8cb14590967a147dd953079dd6
@@ -6,3 +6,7 @@ Size (ruby-1.8.6-p110.tar.bz2) = 3918377 bytes
 SHA1 (patch-aa) = eb218253249d7fc8fe32c5d1ad00f355714861f9
 SHA1 (patch-ab) = 973e36950d5b497c7283b928153e9f0ae9fe023e
 SHA1 (patch-ac) = b84bc931ab3dd7fe619cca846a300673fa71f48e
+SHA1 (patch-ag) = 1db7fdb83e17a979556a4a9f7fd709dc124d1da0
+SHA1 (patch-ai) = 006cb39e417ee5d939af85482e81f441682b688d
+SHA1 (patch-dh) = 8d8dfbc070433259acc24e18314ad6d76ac4900c
+SHA1 (patch-di) = 28e8e44c9ec47ec8ed11ad06e00e8acab4809968
diff --git a/lang/ruby18-base/patches/patch-ag b/lang/ruby18-base/patches/patch-ag
new file mode 100644
index 00000000000..6083b9eee61
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-ag
@@ -0,0 +1,13 @@
+$NetBSD: patch-ag,v 1.3 2007/09/30 04:08:16 taca Exp $
+
+--- ext/openssl/lib/openssl/ssl.rb.orig	2007-02-13 08:01:19.000000000 +0900
++++ ext/openssl/lib/openssl/ssl.rb
+@@ -88,7 +88,7 @@ module OpenSSL
+             end
+           }
+         end
+-        raise SSLError, "hostname not match"
++        raise SSLError, "hostname was not match with the server certificate"
+       end
+     end
+ 
diff --git a/lang/ruby18-base/patches/patch-ai b/lang/ruby18-base/patches/patch-ai
new file mode 100644
index 00000000000..9b97d3b0d53
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-ai
@@ -0,0 +1,22 @@
+$NetBSD: patch-ai,v 1.1 2007/09/30 04:08:16 taca Exp $
+
+--- ChangeLog.orig	2007-09-23 09:01:50.000000000 +0900
++++ ChangeLog
+@@ -1,3 +1,17 @@
++Sun Sep 23 21:57:25 2007  GOTOU Yuuzou  <gotoyuzo@notwork.org>  
++
++	* lib/net/http.rb: an SSL verification (the server hostname should
++	  be matched with its certificate's commonName) is added.
++	  this verification can be skipped by
++	  "Net::HTTP#enable_post_connection_check=(false)".
++	  suggested by Chris Clark <cclark at isecpartners.com>
++
++	* lib/net/open-uri.rb: use Net::HTTP#enable_post_connection_check to
++	  perform SSL post connection check.
++
++	* ext/openssl/lib/openssl/ssl.c
++	(OpenSSL::SSL::SSLSocket#post_connection_check): refine error message.
++
+ Sun Sep 23 07:49:49 2007  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+ 
+ 	* eval.c, intern.h, ext/thread/thread.c: should not free queue while
diff --git a/lang/ruby18-base/patches/patch-dh b/lang/ruby18-base/patches/patch-dh
new file mode 100644
index 00000000000..9300c8b76f0
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-dh
@@ -0,0 +1,37 @@
+$NetBSD: patch-dh,v 1.1 2007/09/30 04:08:17 taca Exp $
+
+--- lib/net/http.rb.orig	2007-02-13 08:01:19.000000000 +0900
++++ lib/net/http.rb
+@@ -470,6 +470,7 @@ module Net   #:nodoc:
+       @debug_output = nil
+       @use_ssl = false
+       @ssl_context = nil
++      @enable_post_connection_check = true
+     end
+ 
+     def inspect
+@@ -526,6 +527,9 @@ module Net   #:nodoc:
+       false   # redefined in net/https
+     end
+ 
++    # specify enabling SSL server certificate and hostname checking.
++    attr_accessor :enable_post_connection_check
++
+     # Opens TCP connection and HTTP session.
+     # 
+     # When this method is called with block, gives a HTTP object
+@@ -584,6 +588,14 @@ module Net   #:nodoc:
+           HTTPResponse.read_new(@socket).value
+         end
+         s.connect
++        if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
++          begin
++            s.post_connection_check(@address)
++          rescue OpenSSL::SSL::SSLError => ex
++            raise ex if @enable_post_connection_check
++            warn ex.message
++          end
++        end
+       end
+       on_connect
+     end
diff --git a/lang/ruby18-base/patches/patch-di b/lang/ruby18-base/patches/patch-di
new file mode 100644
index 00000000000..fd052258ed5
--- /dev/null
+++ b/lang/ruby18-base/patches/patch-di
@@ -0,0 +1,29 @@
+$NetBSD: patch-di,v 1.1 2007/09/30 04:08:17 taca Exp $
+
+--- lib/open-uri.rb.orig	2007-02-13 08:01:19.000000000 +0900
++++ lib/open-uri.rb
+@@ -229,6 +229,7 @@ module OpenURI
+     if target.class == URI::HTTPS
+       require 'net/https'
+       http.use_ssl = true
++      http.enable_post_connection_check = true
+       http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+       store = OpenSSL::X509::Store.new
+       store.set_default_paths
+@@ -240,16 +241,6 @@ module OpenURI
+ 
+     resp = nil
+     http.start {
+-      if target.class == URI::HTTPS
+-        # xxx: information hiding violation
+-        sock = http.instance_variable_get(:@socket)
+-        if sock.respond_to?(:io)
+-          sock = sock.io # 1.9
+-        else
+-          sock = sock.instance_variable_get(:@socket) # 1.8
+-        end
+-        sock.post_connection_check(target_host)
+-      end
+       req = Net::HTTP::Get.new(request_uri, header)
+       if options.include? :http_basic_authentication
+         user, pass = options[:http_basic_authentication]