head 1.6; access; symbols pkgsrc-2017Q1:1.5.0.54 pkgsrc-2017Q1-base:1.5 pkgsrc-2016Q4:1.5.0.52 pkgsrc-2016Q4-base:1.5 pkgsrc-2016Q3:1.5.0.50 pkgsrc-2016Q3-base:1.5 pkgsrc-2016Q2:1.5.0.48 pkgsrc-2016Q2-base:1.5 pkgsrc-2016Q1:1.5.0.46 pkgsrc-2016Q1-base:1.5 pkgsrc-2015Q4:1.5.0.44 pkgsrc-2015Q4-base:1.5 pkgsrc-2015Q3:1.5.0.42 pkgsrc-2015Q3-base:1.5 pkgsrc-2015Q2:1.5.0.40 pkgsrc-2015Q2-base:1.5 pkgsrc-2015Q1:1.5.0.38 pkgsrc-2015Q1-base:1.5 pkgsrc-2014Q4:1.5.0.36 pkgsrc-2014Q4-base:1.5 pkgsrc-2014Q3:1.5.0.34 pkgsrc-2014Q3-base:1.5 pkgsrc-2014Q2:1.5.0.32 pkgsrc-2014Q2-base:1.5 pkgsrc-2014Q1:1.5.0.30 pkgsrc-2014Q1-base:1.5 pkgsrc-2013Q4:1.5.0.28 pkgsrc-2013Q4-base:1.5 pkgsrc-2013Q3:1.5.0.26 pkgsrc-2013Q3-base:1.5 pkgsrc-2013Q2:1.5.0.24 pkgsrc-2013Q2-base:1.5 pkgsrc-2013Q1:1.5.0.22 pkgsrc-2013Q1-base:1.5 pkgsrc-2012Q4:1.5.0.20 pkgsrc-2012Q4-base:1.5 pkgsrc-2012Q3:1.5.0.18 pkgsrc-2012Q3-base:1.5 pkgsrc-2012Q2:1.5.0.16 pkgsrc-2012Q2-base:1.5 pkgsrc-2012Q1:1.5.0.14 pkgsrc-2012Q1-base:1.5 pkgsrc-2011Q4:1.5.0.12 pkgsrc-2011Q4-base:1.5 pkgsrc-2011Q3:1.5.0.10 pkgsrc-2011Q3-base:1.5 pkgsrc-2011Q2:1.5.0.8 pkgsrc-2011Q2-base:1.5 pkgsrc-2011Q1:1.5.0.6 pkgsrc-2011Q1-base:1.5 pkgsrc-2010Q4:1.5.0.4 pkgsrc-2010Q4-base:1.5 pkgsrc-2010Q3:1.5.0.2 pkgsrc-2010Q3-base:1.5 pkgsrc-2010Q2:1.4.0.8 pkgsrc-2010Q2-base:1.4 pkgsrc-2010Q1:1.4.0.6 pkgsrc-2010Q1-base:1.4 pkgsrc-2009Q4:1.4.0.4 pkgsrc-2009Q4-base:1.4 pkgsrc-2009Q3:1.4.0.2 pkgsrc-2009Q3-base:1.4 pkgsrc-2009Q1:1.2.0.2 pkgsrc-2009Q1-base:1.2 pkgsrc-2008Q4:1.1.0.10 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.8 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.6 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.4 pkgsrc-2008Q2-base:1.1 pkgsrc-2008Q1:1.1.0.2; locks; strict; comment @# @; 1.6 date 2017.04.22.18.23.55; author taca; state dead; branches; next 1.5; commitid tDoWtAVFTjPkJyOz; 1.5 date 2010.09.10.03.29.00; author taca; state Exp; branches; next 1.4; 1.4 date 2009.08.11.14.26.58; author taca; state Exp; branches; next 1.3; 1.3 date 2009.04.16.17.11.12; author taca; state dead; branches; next 1.2; 1.2 date 2009.02.20.12.32.26; author taca; state Exp; branches 1.2.2.1; next 1.1; 1.1 date 2008.07.10.13.00.01; author tron; state dead; branches 1.1.2.1; next ; 1.2.2.1 date 2009.05.01.12.42.02; author tron; state dead; branches; next ; 1.1.2.1 date 2008.07.10.13.00.01; author tron; state Exp; branches; next ; desc @@ 1.6 log @Remove ruby18 which is EOL almost 4 years ago. @ text @$NetBSD: patch-dj,v 1.5 2010/09/10 03:29:00 taca Exp $ * r18172: suppress warnings. * r18943: (ossl_ocspreq_initialize): fix for initialization of r18168. * r18975: (ossl_ocspres_initialize): fix for initialization of r18168. --- ext/openssl/ossl_ocsp.c.orig 2010-05-24 23:58:49.000000000 +0000 +++ ext/openssl/ossl_ocsp.c @@@@ -103,15 +103,17 @@@@ static VALUE ossl_ocspreq_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; - unsigned char *p; + const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ + OCSP_REQUEST *req = DATA_PTR(self), *x; arg = ossl_to_der_if_possible(arg); StringValue(arg); p = (unsigned char*)RSTRING_PTR(arg); - if(!d2i_OCSP_REQUEST((OCSP_REQUEST**)&DATA_PTR(self), &p, - RSTRING_LEN(arg))){ + x = d2i_OCSP_REQUEST(&req, &p, RSTRING_LEN(arg)); + DATA_PTR(self) = req; + if(!x){ ossl_raise(eOCSPError, "cannot load DER encoded request"); } } @@@@ -134,7 +136,7 @@@@ ossl_ocspreq_add_nonce(int argc, VALUE * else{ StringValue(val); GetOCSPReq(self, req); - ret = OCSP_request_add1_nonce(req, RSTRING_PTR(val), RSTRING_LEN(val)); + ret = OCSP_request_add1_nonce(req, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val)); } if(!ret) ossl_raise(eOCSPError, NULL); @@@@ -265,7 +267,7 @@@@ ossl_ocspreq_to_der(VALUE self) if((len = i2d_OCSP_REQUEST(req, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_OCSP_REQUEST(req, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); @@@@ -310,15 +312,17 @@@@ static VALUE ossl_ocspres_initialize(int argc, VALUE *argv, VALUE self) { VALUE arg; - unsigned char *p; + const unsigned char *p; rb_scan_args(argc, argv, "01", &arg); if(!NIL_P(arg)){ + OCSP_RESPONSE *res = DATA_PTR(self), *x; arg = ossl_to_der_if_possible(arg); StringValue(arg); - p = RSTRING_PTR(arg); - if(!d2i_OCSP_RESPONSE((OCSP_RESPONSE**)&DATA_PTR(self), &p, - RSTRING_LEN(arg))){ + p = (unsigned char *)RSTRING_PTR(arg); + x = d2i_OCSP_RESPONSE(&res, &p, RSTRING_LEN(arg)); + DATA_PTR(self) = res; + if(!x){ ossl_raise(eOCSPError, "cannot load DER encoded response"); } } @@@@ -377,7 +381,7 @@@@ ossl_ocspres_to_der(VALUE self) if((len = i2d_OCSP_RESPONSE(res, NULL)) <= 0) ossl_raise(eOCSPError, NULL); str = rb_str_new(0, len); - p = RSTRING_PTR(str); + p = (unsigned char *)RSTRING_PTR(str); if(i2d_OCSP_RESPONSE(res, &p) <= 0) ossl_raise(eOCSPError, NULL); ossl_str_adjust(str, p); @@@@ -436,7 +440,7 @@@@ ossl_ocspbres_add_nonce(int argc, VALUE else{ StringValue(val); GetOCSPBasicRes(self, bs); - ret = OCSP_basic_add1_nonce(bs, RSTRING_PTR(val), RSTRING_LEN(val)); + ret = OCSP_basic_add1_nonce(bs, (unsigned char *)RSTRING_PTR(val), RSTRING_LEN(val)); } if(!ret) ossl_raise(eOCSPError, NULL); @ 1.5 log @Update ruby18-base to 1.8.7.302 (Ruby 1.8.7 patchlevel 302). Since many changes from previous release, please refer http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-8-7-p302-is-released/. Note: Since all security updates are already in previous package, This update dosen't include any securify fix. @ text @d1 1 a1 1 $NetBSD: patch-dj,v 1.4 2009/08/11 14:26:58 taca Exp $ @ 1.4 log @ * Make Ruby's OpenSSL library compatible with OpenSSL 1.0.0 and later, focusing to PR pkg/41829. * Add comments to patches. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 3 a5 1 * Constify. d7 1 a7 1 --- ext/openssl/ossl_ocsp.c.orig 2009-03-09 20:59:27.000000000 +0900 d9 1 a9 1 @@@@ -103,7 +103,7 @@@@ static VALUE d18 31 a48 1 @@@@ -310,7 +310,7 @@@@ static VALUE d57 31 @ 1.3 log @Update ruby18-base-1.8.7.160 (1.8.7-p160). This release is counterpart of 1.8.6-p368, so many bugs are fixed since the latest 1.8.7. Check the ChangeLog for more details. Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447. @ text @d1 1 a1 1 $NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $ d3 1 a3 2 Online Certificate Status Protocol's verify method fix from Ruby's repository: revision 22440. d5 1 a5 1 --- ext/openssl/ossl_ocsp.c.orig 2007-06-09 00:02:04.000000000 +0900 d7 2 a8 3 @@@@ -589,22 +589,22 @@@@ ossl_ocspbres_sign(int argc, VALUE *argv static VALUE ossl_ocspbres_verify(int argc, VALUE *argv, VALUE self) d10 3 a12 7 - VALUE certs, store, flags; + VALUE certs, store, flags, result; OCSP_BASICRESP *bs; STACK_OF(X509) *x509s; X509_STORE *x509st; - int flg, result; + int flg; d14 8 a21 13 rb_scan_args(argc, argv, "21", &certs, &store, &flags); x509st = GetX509StorePtr(store); flg = NIL_P(flags) ? 0 : INT2NUM(flags); x509s = ossl_x509_ary2sk(certs); GetOCSPBasicRes(self, bs); - result = OCSP_basic_verify(bs, x509s, x509st, flg); + result = OCSP_basic_verify(bs, x509s, x509st, flg) > 0 ? Qtrue : Qfalse; sk_X509_pop_free(x509s, X509_free); if(!result) rb_warn("%s", ERR_error_string(ERR_peek_error(), NULL)); - return result ? Qtrue : Qfalse; + return result; } d23 2 a24 1 /* @ 1.2 log @Apply patch from Ruby's repository, revision 22440. It fixes OCPS(Online Certificate Status Protocol) verify method wasn't always return false when verify was failed in OpenSSL's correspondence library. (It might be possible security risk for using OCPS. Fix small PLIST improvement, too. Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ @ 1.2.2.1 log @Pullup ticket #2752 - requested by taca ruby18-base: security update ruby18-curses: security update ruby18-tk: security update Revisions pulled up: - lang/ruby/rubyversion.mk 1.45 - lang/ruby18-base/Makefile 1.50 - lang/ruby18-base/distinfo 1.36 - lang/ruby18-base/patches/patch-dg delete - lang/ruby18-base/patches/patch-dh delete - lang/ruby18-base/patches/patch-dj delete - devel/ruby-curses/distinfo 1.18 - x11/ruby-tk/distinfo 1.21 --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:10:17 UTC 2009 Modified Files: pkgsrc/lang/ruby: rubyversion.mk Log Message: Bump Ruby 1.8.7's patch level to 160. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:11:12 UTC 2009 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Removed Files: pkgsrc/lang/ruby18-base/patches: patch-dg patch-dh patch-dj Log Message: Update ruby18-base-1.8.7.160 (1.8.7-p160). This release is counterpart of 1.8.6-p368, so many bugs are fixed since the latest 1.8.7. Check the ChangeLog for more details. Especialy, including workarounds for CVE-2007-1558 and CVE-2008-1447. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:12:18 UTC 2009 Modified Files: pkgsrc/devel/ruby-curses: distinfo Log Message: Update distinfo refelecting update to Ruby 1.8.7-p160. --- Module Name: pkgsrc Committed By: taca Date: Thu Apr 16 17:12:42 UTC 2009 Modified Files: pkgsrc/x11/ruby-tk: distinfo Log Message: Update distinfo refelecting update to Ruby 1.8.7-p160. @ text @d1 1 a1 1 $NetBSD: patch-dj,v 1.2 2009/02/20 12:32:26 taca Exp $ @ 1.1 log @file patch-dj was initially added on branch pkgsrc-2008Q1. @ text @d1 34 @ 1.1.2.1 log @Pullup ticket #2443 - requested by taca Security patch for ruby18-base Revisions pulled up: - lang/ruby18-base/Makefile 1.45 via patch - lang/ruby18-base/distinfo 1.31 via patch - lang/ruby18-base/patches/patch-ad 1.9 via patch --- Module Name: pkgsrc Committed By: tonnerre Date: Thu Jul 3 21:06:10 UTC 2008 Modified Files: pkgsrc/lang/ruby18-base: Makefile distinfo Added Files: pkgsrc/lang/ruby18-base/patches: patch-ad Log Message: Add a patch to fix the integer overflow in rb_ary_fill() in Ruby 1.8 which can be exploited to cause a denial of service through memory exhaustion. (SN-2008-02) @ text @a0 20 $NetBSD$ Avoid memory size integer overflow memory exhaustion DoS in filling arrays (SN-2008-02). --- array.c.orig 2008-06-20 15:53:16.000000000 +0900 +++ array.c @@@@ -2272,10 +2272,10 @@@@ rb_ary_fill(argc, argv, ary) break; } rb_ary_modify(ary); - end = beg + len; - if (end < 0) { + if (beg >= ARY_MAX_SIZE || len > ARY_MAX_SIZE - beg) { rb_raise(rb_eArgError, "argument too big"); } + end = beg + len; if (end > RARRAY(ary)->len) { if (end >= RARRAY(ary)->aux.capa) { REALLOC_N(RARRAY(ary)->ptr, VALUE, end); @