- Update ruby 1.9.1 to p430. This release fixes CVE-2010-0541.

- Fix CVE-2010-0541 in ruby18.  Bump portrevision.
- Fix ruby19 build with openssl 1.1.

3 files changed, 210 insertions, 13 deletions

diff --git a/lang/ruby19/distinfo b/lang/ruby19/distinfo
index ea535b45ff66..b0943c8330cd 100644
--- a/lang/ruby19/distinfo
+++ b/lang/ruby19/distinfo
@@ -1,3 +1,3 @@
-MD5 (ruby/ruby-1.9.1-p376.tar.bz2) = e019ae9c643c5efe91be49e29781fb94
-SHA256 (ruby/ruby-1.9.1-p376.tar.bz2) = 79164e647e23bb7c705195e0075ce6020c30dd5ec4f8c8a12a100fe0eb0d6783
-SIZE (ruby/ruby-1.9.1-p376.tar.bz2) = 7293106
+MD5 (ruby/ruby-1.9.1-p430.tar.bz2) = f855103aebeb3318dccb409319b547a0
+SHA256 (ruby/ruby-1.9.1-p430.tar.bz2) = 8d5cc11d819e476fb651db783f714cc4100922f47447f7acdce87ed769cf9d97
+SIZE (ruby/ruby-1.9.1-p430.tar.bz2) = 7299829
diff --git a/lang/ruby19/files/patch-ssl1.0-compat b/lang/ruby19/files/patch-ssl1.0-compat
new file mode 100644
index 000000000000..d7229d0f06fb
--- /dev/null
+++ b/lang/ruby19/files/patch-ssl1.0-compat
@@ -0,0 +1,207 @@
+commit 76526d091f1caeebf65667b8299eac12d63a36ca
+Author: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
+Date:   Fri Jan 15 21:53:20 2010 +0900
+
+    OpenSSL
+
+diff --git a/ext/openssl/ossl.c ext/openssl/ossl.c
+index d4a2dc1..85ba654 100644
+--- a/ext/openssl/ossl.c
++++ ext/openssl/ossl.c
+@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
+ 
+ #define OSSL_IMPL_SK2ARY(name, type)	        \
+ VALUE						\
+-ossl_##name##_sk2ary(STACK *sk)			\
++ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
+ {						\
+     type *t;					\
+     int i, num;					\
+@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+ 	OSSL_Debug("empty sk!");		\
+ 	return Qnil;				\
+     }						\
+-    num = sk_num(sk);				\
++    num = sk_##type##_num(sk);			\
+     if (num < 0) {				\
+ 	OSSL_Debug("items in sk < -1???");	\
+ 	return rb_ary_new();			\
+@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk)			\
+     ary = rb_ary_new2(num);			\
+ 						\
+     for (i=0; i<num; i++) {			\
+-	t = (type *)sk_value(sk, i);		\
++	t = sk_##type##_value(sk, i);		\
+ 	rb_ary_push(ary, ossl_##name##_new(t));	\
+     }						\
+     return ary;					\
+diff --git a/ext/openssl/ossl.h ext/openssl/ossl.h
+index 9ac1525..4bb18d5 100644
+--- a/ext/openssl/ossl.h
++++ ext/openssl/ossl.h
+@@ -104,6 +104,13 @@ extern VALUE eOSSLError;
+ } while (0)
+ 
+ /*
++ * Compatibility
++ */
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#define STACK _STACK
++#endif
++
++/*
+  * String to HEXString conversion
+  */
+ int string2hex(const unsigned char *, int, char **, int *);
+diff --git a/ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkcs7.c
+index fe1ef7c..b0cc656 100644
+--- a/ext/openssl/ossl_pkcs7.c
++++ ext/openssl/ossl_pkcs7.c
+@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
+     return self;
+ }
+ 
+-static STACK *
+-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
++static STACK_OF(X509) *
++pkcs7_get_certs(VALUE self)
+ {
+     PKCS7 *pkcs7;
+     STACK_OF(X509) *certs;
+-    STACK_OF(X509_CRL) *crls;
+     int i;
+ 
+     GetPKCS7(self, pkcs7);
+@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs)
+     switch(i){
+     case NID_pkcs7_signed:
+         certs = pkcs7->d.sign->cert;
+-        crls = pkcs7->d.sign->crl;
+         break;
+     case NID_pkcs7_signedAndEnveloped:
+         certs = pkcs7->d.signed_and_enveloped->cert;
++        break;
++    default:
++        certs = NULL;
++    }
++
++    return certs;
++}
++
++static STACK_OF(X509_CRL) *
++pkcs7_get_crls(VALUE self)
++{
++    PKCS7 *pkcs7;
++    STACK_OF(X509_CRL) *crls;
++    int i;
++
++    GetPKCS7(self, pkcs7);
++    i = OBJ_obj2nid(pkcs7->type);
++    switch(i){
++    case NID_pkcs7_signed:
++        crls = pkcs7->d.sign->crl;
++        break;
++    case NID_pkcs7_signedAndEnveloped:
+         crls = pkcs7->d.signed_and_enveloped->crl;
+         break;
+     default:
+-        certs = crls = NULL;
++        crls = NULL;
+     }
+ 
+-    return want_certs ? certs : crls;
++    return crls;
+ }
+ 
+ static VALUE
+@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
+     STACK_OF(X509) *certs;
+     X509 *cert;
+ 
+-    certs = pkcs7_get_certs_or_crls(self, 1);
++    certs = pkcs7_get_certs(self);
+     while((cert = sk_X509_pop(certs))) X509_free(cert);
+     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
+ 
+@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
+ static VALUE
+ ossl_pkcs7_get_certificates(VALUE self)
+ {
+-    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
++    return ossl_x509_sk2ary(pkcs7_get_certs(self));
+ }
+ 
+ static VALUE
+@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
+     STACK_OF(X509_CRL) *crls;
+     X509_CRL *crl;
+ 
+-    crls = pkcs7_get_certs_or_crls(self, 0);
++    crls = pkcs7_get_crls(self);
+     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
+     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
+ 
+@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
+ static VALUE
+ ossl_pkcs7_get_crls(VALUE self)
+ {
+-    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
++    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
+ }
+ 
+ static VALUE
+diff --git a/ext/openssl/ossl_ssl.c ext/openssl/ossl_ssl.c
+index 97c5583..fe6e74f 100644
+--- a/ext/openssl/ossl_ssl.c
++++ ext/openssl/ossl_ssl.c
+@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
+     }
+     chain = SSL_get_peer_cert_chain(ssl);
+     if(!chain) return Qnil;
+-    num = sk_num(chain);
++    num = sk_X509_num(chain);
+     ary = rb_ary_new2(num);
+     for (i = 0; i < num; i++){
+-	cert = (X509*)sk_value(chain, i);
++	cert = sk_X509_value(chain, i);
+ 	rb_ary_push(ary, ossl_x509_new(cert));
+     }
+ 
+diff --git a/ext/openssl/ossl_x509attr.c ext/openssl/ossl_x509attr.c
+index 1f817cd..2a4c481 100644
+--- a/ext/openssl/ossl_x509attr.c
++++ ext/openssl/ossl_x509attr.c
+@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self)
+ 	ossl_str_adjust(str, p);
+     }
+     else{
+-	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
+-			i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
++	length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
++			(unsigned char **) NULL, i2d_ASN1_TYPE,
++			V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+ 	str = rb_str_new(0, length);
+ 	p = (unsigned char *)RSTRING_PTR(str);
+ 	i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
+diff --git a/ext/openssl/ossl_x509crl.c ext/openssl/ossl_x509crl.c
+index 1be9640..818fdba 100644
+--- a/ext/openssl/ossl_x509crl.c
++++ ext/openssl/ossl_x509crl.c
+@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     VALUE ary, revoked;
+ 
+     GetX509CRL(self, crl);
+-    num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
++    num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+     if (num < 0) {
+ 	OSSL_Debug("num < 0???");
+ 	return rb_ary_new();
+@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self)
+     ary = rb_ary_new2(num);
+     for(i=0; i<num; i++) {
+ 	/* NO DUP - don't free! */
+-	rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
++	rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+ 	revoked = ossl_x509revoked_new(rev);
+ 	rb_ary_push(ary, revoked);
+     }
diff --git a/lang/ruby19/files/patch-tempfile.rb b/lang/ruby19/files/patch-tempfile.rb
deleted file mode 100644
index 196f01e417d4..000000000000
--- a/lang/ruby19/files/patch-tempfile.rb
+++ /dev/null
@@ -1,10 +0,0 @@
---- lib/tempfile.rb.orig	2009-07-15 21:57:41.000000000 +1000
-+++ lib/tempfile.rb	2009-10-23 21:31:49.159715744 +1100
-@@ -137,7 +137,6 @@
-     # keep this order for thread safeness
-     begin
-       if File.exist?(@tmpname)
--        closed? or close
-         File.unlink(@tmpname)
-       end
-       @@cleanlist.delete(@tmpname)