From f5eff08fcad44bc0a53b17aedc009b499a47579d Mon Sep 17 00:00:00 2001
From: Alex Legler <a3li@gentoo.org>
Date: Mon, 23 Feb 2009 14:05:31 +0000
Subject: Revbumps fixing bugs 260006, 230748, 258893 and 234877.
 Package-Manager: portage-2.2_rc23/cvs/Linux x86_64

---
 dev-lang/ruby/files/ruby-mkconfig.patch            | 14 +++++++++
 .../ruby/files/ruby-ossl_ocsp-verification.patch   | 36 ++++++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 dev-lang/ruby/files/ruby-mkconfig.patch
 create mode 100644 dev-lang/ruby/files/ruby-ossl_ocsp-verification.patch

(limited to 'dev-lang/ruby/files')

diff --git a/dev-lang/ruby/files/ruby-mkconfig.patch b/dev-lang/ruby/files/ruby-mkconfig.patch
new file mode 100644
index 000000000000..4426ef90d7ed
--- /dev/null
+++ b/dev-lang/ruby/files/ruby-mkconfig.patch
@@ -0,0 +1,14 @@
+Fix for mkconfig to be able to handle empty continued lines.
+Patch from [ruby-core:20420] via bug 234877.
+
+--- mkconfig.rb.orig	2008-06-08 01:37:10.000000000 +0900
++++ mkconfig.rb	2009-02-12 13:39:02.000000000 +0900
+@@ -54,7 +54,7 @@
+       continued_name = name
+       next
+     end
+-  when /^"(.+)"\s*(\\)?$/
++  when /^"(.*)"\s*(\\)?$/
+     if continued_line
+       continued_line <<  $1
+       unless $2
diff --git a/dev-lang/ruby/files/ruby-ossl_ocsp-verification.patch b/dev-lang/ruby/files/ruby-ossl_ocsp-verification.patch
new file mode 100644
index 000000000000..2155547ae7e3
--- /dev/null
+++ b/dev-lang/ruby/files/ruby-ossl_ocsp-verification.patch
@@ -0,0 +1,36 @@
+Patch for CVE-2009-0642 from [ruby-core:21762] / Redmine: [Bug #1091]
+
+Ruby 1.8 and 1.9 does not properly check the return value from the
+OCSP_basic_verify function, which might allow remote attackers to
+successfully present an invalid X.509 certificate, possibly
+involving a revoked certificate.
+
+--- trunk/ext/openssl/ossl_ocsp.c	2008/08/31 04:45:44	18975
++++ trunk/ext/openssl/ossl_ocsp.c	2009/02/19 06:39:52	22440
+@@ -593,22 +593,22 @@
+ static VALUE
+ ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self)
+ {
+-    VALUE certs, store, flags;
++    VALUE certs, store, flags, result;
+     OCSP_BASICRESP *bs;
+     STACK_OF(X509) *x509s;
+     X509_STORE *x509st;
+-    int flg, result;
++    int flg;
+ 
+     rb_scan_args(argc, argv, "21", &certs, &store, &flags);
+     x509st = GetX509StorePtr(store);
+     flg = NIL_P(flags) ? 0 : INT2NUM(flags);
+     x509s = ossl_x509_ary2sk(certs);
+     GetOCSPBasicRes(self, bs);
+-    result = OCSP_basic_verify(bs, x509s, x509st, flg);
++    result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse;
+     sk_X509_pop_free(x509s, X509_free);
+     if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL));
+ 
+-    return result ? Qtrue : Qfalse;
++    return result;
+ }
+ 
+ /*
-- 
cgit v1.2.3-65-gdbad