diff options
author | taca <taca@pkgsrc.org> | 2012-02-16 16:36:07 +0000 |
---|---|---|
committer | taca <taca@pkgsrc.org> | 2012-02-16 16:36:07 +0000 |
commit | 48a2d9372e7095f15ee6ad8f191934cf5fa50c20 (patch) | |
tree | 51eb308f08263f55f02bf1564a1ad9f3cba92b53 /lang | |
parent | 5184ce61ac59252c45adb56d57ac3fcf5d4a52c4 (diff) | |
download | pkgsrc-48a2d9372e7095f15ee6ad8f191934cf5fa50c20.tar.gz |
Update ruby18-base package to 1.8.7-pl357 (Ruby 1.8.7 patchlevel 357).
Wed Feb 8 14:06:59 2012 Hiroshi Nakamura <nahi@ruby-lang.org>
* ext/openssl/ossl_ssl.c: Add SSL constants and allow to unset SSL
option to prevent BEAST attack. See [Bug #5353].
In OpenSSL, OP_DONT_INSERT_EMPTY_FRAGMENTS is used to prevent
TLS-CBC-IV vulunerability described at
http://www.openssl.org/~bodo/tls-cbc.txt
It's known issue of TLSv1/SSLv3 but it attracts lots of attention
these days as BEAST attack. (CVE-2011-3389)
Until now ossl sets OP_ALL at SSLContext allocation and call
SSL_CTX_set_options at connection. SSL_CTX_set_options updates the
value by using |= so bits set by OP_ALL cannot be unset afterwards.
This commit changes to call SSL_CTX_set_options only 1 time for each
SSLContext. It sets the specified value if SSLContext#options= are
called and sets OP_ALL if not.
To help users to unset bits in OP_ALL, this commit also adds several
constant to SSL such as
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS. These constants were
not exposed in Ruby because there's no way to unset bits in OP_ALL
before.
Following is an example to enable 0/n split for BEAST prevention.
ctx.options = OP_ALL & ~OP_DONT_INSERT_EMPTY_FRAGMENTS
* test/openssl/test_ssl.rb: Test above option exists.
Diffstat (limited to 'lang')
-rw-r--r-- | lang/ruby/rubyversion.mk | 4 | ||||
-rw-r--r-- | lang/ruby18-base/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/lang/ruby/rubyversion.mk b/lang/ruby/rubyversion.mk index 5ece7d0d4c2..75c54706f75 100644 --- a/lang/ruby/rubyversion.mk +++ b/lang/ruby/rubyversion.mk @@ -1,4 +1,4 @@ -# $NetBSD: rubyversion.mk,v 1.71 2012/02/04 09:43:32 taca Exp $ +# $NetBSD: rubyversion.mk,v 1.72 2012/02/16 16:36:07 taca Exp $ # # This file determines which Ruby version is used as a dependency for @@ -203,7 +203,7 @@ RUBY19_VERSION= 1.9.2 RUBY193_VERSION= 1.9.3 # patch -RUBY18_PATCHLEVEL= pl357 +RUBY18_PATCHLEVEL= pl358 RUBY19_PATCHLEVEL= pl290 RUBY193_PATCHLEVEL= p0 diff --git a/lang/ruby18-base/distinfo b/lang/ruby18-base/distinfo index 90117ca6f0c..dac5ea50556 100644 --- a/lang/ruby18-base/distinfo +++ b/lang/ruby18-base/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.51 2011/12/28 16:40:06 taca Exp $ +$NetBSD: distinfo,v 1.52 2012/02/16 16:36:08 taca Exp $ -SHA1 (ruby-1.8.7-p357.tar.bz2) = ba5ec0ab663976f00fb405be6cfef546bcf0e4e9 -RMD160 (ruby-1.8.7-p357.tar.bz2) = 9034fb641f0260aed590856cd9400f186a3dd56a -Size (ruby-1.8.7-p357.tar.bz2) = 4208157 bytes +SHA1 (ruby-1.8.7-p358.tar.bz2) = 2b78dc421cfbca81ef1375a1c3da9f0f70c548fa +RMD160 (ruby-1.8.7-p358.tar.bz2) = 7196a000d39e4cd24e7911839c828642d54377bd +Size (ruby-1.8.7-p358.tar.bz2) = 4209883 bytes SHA1 (patch-aa) = 4c1572b5a1eb65e89a98c60540433a69cb96dd23 SHA1 (patch-ab) = b56b6c2ba182414492c803d36433730602e0a591 SHA1 (patch-ac) = 0119134d778bb85c58ef5bfe30d337dc76ed47e0 |