ports/147111: [PATCH] lang/ruby: support security/openssl
Philip M. Gollucci
pgollucci at p6m7g8.com
Thu May 27 01:20:04 UTC 2010
>Number: 147111
>Category: ports
>Synopsis: [PATCH] lang/ruby: support security/openssl
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu May 27 01:20:03 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Philip M. Gollucci
>Release: FreeBSD 9.0-CURRENT amd64
>Organization:
RideCharge Inc / TaxiMagic
>Environment:
System: FreeBSD frieza.p6m7g8.net 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Mon Apr 26 16:20:00 EDT 2010
>Description:
Shamelessly stolen from lang/ruby18
Added file(s):
- files/patch-openssl_missing.c
- files/patch-openssl_missing.h
- files/patch-ssl1.0-compat
Port maintainer (stas at FreeBSD.org) is cc'd.
Generated with FreeBSD Port Tools 0.99
>How-To-Repeat:
>Fix:
--- ruby-1.9.1.376_1,1.patch begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/lang/ruby19/Makefile,v
retrieving revision 1.6
diff -u -u -r1.6 Makefile
--- Makefile 16 Feb 2010 00:08:17 -0000 1.6
+++ Makefile 26 May 2010 07:28:23 -0000
@@ -25,7 +25,6 @@
CONFIGURE_ARGS= ${RUBY_CONFIGURE_ARGS} \
--enable-shared \
--enable-pthread \
- --with-openssl-include=${OPENSSLINC} \
--with-ruby-version=minor \
--with-sitedir="${PREFIX}/lib/ruby/site_ruby" \
--with-vendordir="${PREFIX}/lib/ruby/vendor_ruby"
Index: files/patch-openssl_missing.c
===================================================================
RCS file: files/patch-openssl_missing.c
diff -N files/patch-openssl_missing.c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-openssl_missing.c 26 May 2010 07:27:46 -0000
@@ -0,0 +1,28 @@
+--- ext/openssl/openssl_missing.c.orig 2008-05-19 05:00:52.000000000 +0200
++++ ext/openssl/openssl_missing.c 2010-04-06 14:20:20.000000000 +0200
+@@ -22,7 +22,7 @@
+ #include "openssl_missing.h"
+
+ #if !defined(HAVE_HMAC_CTX_COPY)
+-void
++int
+ HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in)
+ {
+ if (!out || !in) return;
+@@ -31,6 +31,7 @@
+ EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx);
+ EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx);
+ EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx);
++ return 0;
+ }
+ #endif /* HAVE_HMAC_CTX_COPY */
+ #endif /* NO_HMAC */
+@@ -117,7 +118,7 @@
+ * tested on 0.9.7d.
+ */
+ int
+-EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in)
++EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+ {
+ memcpy(out, in, sizeof(EVP_CIPHER_CTX));
+
Index: files/patch-openssl_missing.h
===================================================================
RCS file: files/patch-openssl_missing.h
diff -N files/patch-openssl_missing.h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-openssl_missing.h 26 May 2010 07:27:46 -0000
@@ -0,0 +1,20 @@
+--- ext/openssl/openssl_missing.h.orig 2008-08-04 06:44:17.000000000 +0200
++++ ext/openssl/openssl_missing.h 2010-04-06 14:00:55.000000000 +0200
+@@ -65,7 +65,7 @@
+ #endif
+
+ #if !defined(HAVE_HMAC_CTX_COPY)
+-void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
++int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in);
+ #endif
+
+ #if !defined(HAVE_HMAC_CTX_CLEANUP)
+@@ -89,7 +89,7 @@
+ #endif
+
+ #if !defined(HAVE_EVP_CIPHER_CTX_COPY)
+-int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in);
++int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+ #endif
+
+ #if !defined(HAVE_EVP_DIGESTINIT_EX)
Index: files/patch-ssl1.0-compat
===================================================================
RCS file: files/patch-ssl1.0-compat
diff -N files/patch-ssl1.0-compat
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ files/patch-ssl1.0-compat 26 May 2010 07:27:51 -0000
@@ -0,0 +1,207 @@
+commit 76526d091f1caeebf65667b8299eac12d63a36ca
+Author: KOSAKI Motohiro <kosaki.motohiro at jp.fujitsu.com>
+Date: Fri Jan 15 21:53:20 2010 +0900
+
+ OpenSSL
+
+diff --git a/ext/openssl/ossl.c ext/openssl/ossl.c
+index d4a2dc1..85ba654 100644
+--- a/ext/openssl/ossl.c
++++ ext/openssl/ossl.c
+@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
+
+ #define OSSL_IMPL_SK2ARY(name, type) \
+ VALUE \
+-ossl_##name##_sk2ary(STACK *sk) \
++ossl_##name##_sk2ary(STACK_OF(type) *sk) \
+ { \
+ type *t; \
+ int i, num; \
+@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \
+ OSSL_Debug("empty sk!"); \
+ return Qnil; \
+ } \
+- num = sk_num(sk); \
++ num = sk_##type##_num(sk); \
+ if (num < 0) { \
+ OSSL_Debug("items in sk < -1???"); \
+ return rb_ary_new(); \
+@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \
+ ary = rb_ary_new2(num); \
+ \
+ for (i=0; i<num; i++) { \
+- t = (type *)sk_value(sk, i); \
++ t = sk_##type##_value(sk, i); \
+ rb_ary_push(ary, ossl_##name##_new(t)); \
+ } \
+ return ary; \
+diff --git a/ext/openssl/ossl.h ext/openssl/ossl.h
+index 9ac1525..4bb18d5 100644
+--- a/ext/openssl/ossl.h
++++ ext/openssl/ossl.h
+@@ -104,6 +104,13 @@ extern VALUE eOSSLError;
+ } while (0)
+
+ /*
++ * Compatibility
++ */
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
++#define STACK _STACK
++#endif
++
++/*
+ * String to HEXString conversion
+ */
+ int string2hex(const unsigned char *, int, char **, int *);
+diff --git a/ext/openssl/ossl_pkcs7.c ext/openssl/ossl_pkcs7.c
+index fe1ef7c..b0cc656 100644
+--- a/ext/openssl/ossl_pkcs7.c
++++ ext/openssl/ossl_pkcs7.c
+@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert)
+ return self;
+ }
+
+-static STACK *
+-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
++static STACK_OF(X509) *
++pkcs7_get_certs(VALUE self)
+ {
+ PKCS7 *pkcs7;
+ STACK_OF(X509) *certs;
+- STACK_OF(X509_CRL) *crls;
+ int i;
+
+ GetPKCS7(self, pkcs7);
+@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs)
+ switch(i){
+ case NID_pkcs7_signed:
+ certs = pkcs7->d.sign->cert;
+- crls = pkcs7->d.sign->crl;
+ break;
+ case NID_pkcs7_signedAndEnveloped:
+ certs = pkcs7->d.signed_and_enveloped->cert;
++ break;
++ default:
++ certs = NULL;
++ }
++
++ return certs;
++}
++
++static STACK_OF(X509_CRL) *
++pkcs7_get_crls(VALUE self)
++{
++ PKCS7 *pkcs7;
++ STACK_OF(X509_CRL) *crls;
++ int i;
++
++ GetPKCS7(self, pkcs7);
++ i = OBJ_obj2nid(pkcs7->type);
++ switch(i){
++ case NID_pkcs7_signed:
++ crls = pkcs7->d.sign->crl;
++ break;
++ case NID_pkcs7_signedAndEnveloped:
+ crls = pkcs7->d.signed_and_enveloped->crl;
+ break;
+ default:
+- certs = crls = NULL;
++ crls = NULL;
+ }
+
+- return want_certs ? certs : crls;
++ return crls;
+ }
+
+ static VALUE
+@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
+ STACK_OF(X509) *certs;
+ X509 *cert;
+
+- certs = pkcs7_get_certs_or_crls(self, 1);
++ certs = pkcs7_get_certs(self);
+ while((cert = sk_X509_pop(certs))) X509_free(cert);
+ rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
+
+@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary)
+ static VALUE
+ ossl_pkcs7_get_certificates(VALUE self)
+ {
+- return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
++ return ossl_x509_sk2ary(pkcs7_get_certs(self));
+ }
+
+ static VALUE
+@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
+ STACK_OF(X509_CRL) *crls;
+ X509_CRL *crl;
+
+- crls = pkcs7_get_certs_or_crls(self, 0);
++ crls = pkcs7_get_crls(self);
+ while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
+ rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
+
+@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary)
+ static VALUE
+ ossl_pkcs7_get_crls(VALUE self)
+ {
+- return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
++ return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
+ }
+
+ static VALUE
+diff --git a/ext/openssl/ossl_ssl.c ext/openssl/ossl_ssl.c
+index 97c5583..fe6e74f 100644
+--- a/ext/openssl/ossl_ssl.c
++++ ext/openssl/ossl_ssl.c
+@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self)
+ }
+ chain = SSL_get_peer_cert_chain(ssl);
+ if(!chain) return Qnil;
+- num = sk_num(chain);
++ num = sk_X509_num(chain);
+ ary = rb_ary_new2(num);
+ for (i = 0; i < num; i++){
+- cert = (X509*)sk_value(chain, i);
++ cert = sk_X509_value(chain, i);
+ rb_ary_push(ary, ossl_x509_new(cert));
+ }
+
+diff --git a/ext/openssl/ossl_x509attr.c ext/openssl/ossl_x509attr.c
+index 1f817cd..2a4c481 100644
+--- a/ext/openssl/ossl_x509attr.c
++++ ext/openssl/ossl_x509attr.c
+@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self)
+ ossl_str_adjust(str, p);
+ }
+ else{
+- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL,
+- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
++ length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set,
++ (unsigned char **) NULL, i2d_ASN1_TYPE,
++ V_ASN1_SET, V_ASN1_UNIVERSAL, 0);
+ str = rb_str_new(0, length);
+ p = (unsigned char *)RSTRING_PTR(str);
+ i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p,
+diff --git a/ext/openssl/ossl_x509crl.c ext/openssl/ossl_x509crl.c
+index 1be9640..818fdba 100644
+--- a/ext/openssl/ossl_x509crl.c
++++ ext/openssl/ossl_x509crl.c
+@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self)
+ VALUE ary, revoked;
+
+ GetX509CRL(self, crl);
+- num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl));
++ num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+ if (num < 0) {
+ OSSL_Debug("num < 0???");
+ return rb_ary_new();
+@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self)
+ ary = rb_ary_new2(num);
+ for(i=0; i<num; i++) {
+ /* NO DUP - don't free! */
+- rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i);
++ rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+ revoked = ossl_x509revoked_new(rev);
+ rb_ary_push(ary, revoked);
+ }
--- ruby-1.9.1.376_1,1.patch ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list