wok-current diff ruby/stuff/openssl-1.0.patch @ rev 25659

Update expat CVE-2023-52425,CVE-2023-52426, patch libxml2 CVE-2024-25062
author Stanislas Leduc <shann@slitaz.org>
date Sun Feb 18 10:03:28 2024 +0000 (10 months ago)
parents
children
line diff
     1.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.2 +++ b/ruby/stuff/openssl-1.0.patch	Sun Feb 18 10:03:28 2024 +0000
     1.3 @@ -0,0 +1,176 @@
     1.4 +diff -Nura ruby-1.9.1-p378.orig/ext/openssl/ossl.c ruby-1.9.1-p378/ext/openssl/ossl.c
     1.5 +--- ruby-1.9.1-p378.orig/ext/openssl/ossl.c	2009-01-15 16:39:30.000000000 +0100
     1.6 ++++ ruby-1.9.1-p378/ext/openssl/ossl.c	2010-04-01 07:41:19.397603813 +0200
     1.7 +@@ -92,7 +92,7 @@
     1.8 + 
     1.9 + #define OSSL_IMPL_SK2ARY(name, type)	        \
    1.10 + VALUE						\
    1.11 +-ossl_##name##_sk2ary(STACK *sk)			\
    1.12 ++ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
    1.13 + {						\
    1.14 +     type *t;					\
    1.15 +     int i, num;					\
    1.16 +@@ -102,7 +102,7 @@
    1.17 + 	OSSL_Debug("empty sk!");		\
    1.18 + 	return Qnil;				\
    1.19 +     }						\
    1.20 +-    num = sk_num(sk);				\
    1.21 ++    num = sk_##type##_num(sk);			\
    1.22 +     if (num < 0) {				\
    1.23 + 	OSSL_Debug("items in sk < -1???");	\
    1.24 + 	return rb_ary_new();			\
    1.25 +@@ -110,7 +110,7 @@
    1.26 +     ary = rb_ary_new2(num);			\
    1.27 + 						\
    1.28 +     for (i=0; i<num; i++) {			\
    1.29 +-	t = (type *)sk_value(sk, i);		\
    1.30 ++	t = sk_##type##_value(sk, i);		\
    1.31 + 	rb_ary_push(ary, ossl_##name##_new(t));	\
    1.32 +     }						\
    1.33 +     return ary;					\
    1.34 +diff -Nura ruby-1.9.1-p378.orig/ext/openssl/ossl_pkcs7.c ruby-1.9.1-p378/ext/openssl/ossl_pkcs7.c
    1.35 +--- ruby-1.9.1-p378.orig/ext/openssl/ossl_pkcs7.c	2008-07-22 17:34:23.000000000 +0200
    1.36 ++++ ruby-1.9.1-p378/ext/openssl/ossl_pkcs7.c	2010-04-01 07:41:19.415105324 +0200
    1.37 +@@ -572,12 +572,11 @@
    1.38 +     return self;
    1.39 + }
    1.40 + 
    1.41 +-static STACK *
    1.42 +-pkcs7_get_certs_or_crls(VALUE self, int want_certs)
    1.43 ++static STACK_OF(X509) *
    1.44 ++pkcs7_get_certs(VALUE self)
    1.45 + {
    1.46 +     PKCS7 *pkcs7;
    1.47 +     STACK_OF(X509) *certs;
    1.48 +-    STACK_OF(X509_CRL) *crls;
    1.49 +     int i;
    1.50 + 
    1.51 +     GetPKCS7(self, pkcs7);
    1.52 +@@ -585,17 +584,38 @@
    1.53 +     switch(i){
    1.54 +     case NID_pkcs7_signed:
    1.55 +         certs = pkcs7->d.sign->cert;
    1.56 +-        crls = pkcs7->d.sign->crl;
    1.57 +         break;
    1.58 +     case NID_pkcs7_signedAndEnveloped:
    1.59 +         certs = pkcs7->d.signed_and_enveloped->cert;
    1.60 ++        break;
    1.61 ++    default:
    1.62 ++        certs = NULL;
    1.63 ++    }
    1.64 ++
    1.65 ++    return certs;
    1.66 ++}
    1.67 ++
    1.68 ++static STACK_OF(X509_CRL) *
    1.69 ++pkcs7_get_crls(VALUE self)
    1.70 ++{
    1.71 ++    PKCS7 *pkcs7;
    1.72 ++    STACK_OF(X509_CRL) *crls;
    1.73 ++    int i;
    1.74 ++
    1.75 ++    GetPKCS7(self, pkcs7);
    1.76 ++    i = OBJ_obj2nid(pkcs7->type);
    1.77 ++    switch(i){
    1.78 ++    case NID_pkcs7_signed:
    1.79 ++        crls = pkcs7->d.sign->crl;
    1.80 ++        break;
    1.81 ++    case NID_pkcs7_signedAndEnveloped:
    1.82 +         crls = pkcs7->d.signed_and_enveloped->crl;
    1.83 +         break;
    1.84 +     default:
    1.85 +-        certs = crls = NULL;
    1.86 ++        crls = NULL;
    1.87 +     }
    1.88 + 
    1.89 +-    return want_certs ? certs : crls;
    1.90 ++    return crls;
    1.91 + }
    1.92 + 
    1.93 + static VALUE
    1.94 +@@ -610,7 +630,7 @@
    1.95 +     STACK_OF(X509) *certs;
    1.96 +     X509 *cert;
    1.97 + 
    1.98 +-    certs = pkcs7_get_certs_or_crls(self, 1);
    1.99 ++    certs = pkcs7_get_certs(self);
   1.100 +     while((cert = sk_X509_pop(certs))) X509_free(cert);
   1.101 +     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self);
   1.102 + 
   1.103 +@@ -620,7 +640,7 @@
   1.104 + static VALUE
   1.105 + ossl_pkcs7_get_certificates(VALUE self)
   1.106 + {
   1.107 +-    return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1));
   1.108 ++    return ossl_x509_sk2ary(pkcs7_get_certs(self));
   1.109 + }
   1.110 + 
   1.111 + static VALUE
   1.112 +@@ -650,7 +670,7 @@
   1.113 +     STACK_OF(X509_CRL) *crls;
   1.114 +     X509_CRL *crl;
   1.115 + 
   1.116 +-    crls = pkcs7_get_certs_or_crls(self, 0);
   1.117 ++    crls = pkcs7_get_crls(self);
   1.118 +     while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl);
   1.119 +     rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self);
   1.120 + 
   1.121 +@@ -660,7 +680,7 @@
   1.122 + static VALUE
   1.123 + ossl_pkcs7_get_crls(VALUE self)
   1.124 + {
   1.125 +-    return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0));
   1.126 ++    return ossl_x509crl_sk2ary(pkcs7_get_crls(self));
   1.127 + }
   1.128 + 
   1.129 + static VALUE
   1.130 +diff -Nura ruby-1.9.1-p378.orig/ext/openssl/ossl_ssl.c ruby-1.9.1-p378/ext/openssl/ossl_ssl.c
   1.131 +--- ruby-1.9.1-p378.orig/ext/openssl/ossl_ssl.c	2009-04-19 15:32:18.000000000 +0200
   1.132 ++++ ruby-1.9.1-p378/ext/openssl/ossl_ssl.c	2010-04-01 07:41:19.450937427 +0200
   1.133 +@@ -88,12 +88,18 @@
   1.134 + 
   1.135 + ID ID_callback_state;
   1.136 + 
   1.137 ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L
   1.138 ++#define OSSL_MORE_CONST const
   1.139 ++#define STACK _STACK
   1.140 ++#else
   1.141 ++#define OSSL_MORE_CONST
   1.142 ++#endif
   1.143 + /*
   1.144 +  * SSLContext class
   1.145 +  */
   1.146 + struct {
   1.147 +     const char *name;
   1.148 +-    SSL_METHOD *(*func)(void);
   1.149 ++    OSSL_MORE_CONST SSL_METHOD *(*func)(void);
   1.150 + } ossl_ssl_method_tab[] = {
   1.151 + #define OSSL_SSL_METHOD_ENTRY(name) { #name, name##_method }
   1.152 +     OSSL_SSL_METHOD_ENTRY(TLSv1),
   1.153 +@@ -142,7 +148,7 @@
   1.154 + static VALUE
   1.155 + ossl_sslctx_set_ssl_version(VALUE self, VALUE ssl_method)
   1.156 + {
   1.157 +-    SSL_METHOD *method = NULL;
   1.158 ++    OSSL_MORE_CONST SSL_METHOD *method = NULL;
   1.159 +     const char *s;
   1.160 +     int i;
   1.161 + 
   1.162 +@@ -585,7 +591,7 @@
   1.163 + }
   1.164 + 
   1.165 + static VALUE
   1.166 +-ossl_ssl_cipher_to_ary(SSL_CIPHER *cipher)
   1.167 ++ossl_ssl_cipher_to_ary(OSSL_MORE_CONST SSL_CIPHER *cipher)
   1.168 + {
   1.169 +     VALUE ary;
   1.170 +     int bits, alg_bits;
   1.171 +@@ -1213,7 +1219,7 @@
   1.172 + ossl_ssl_get_cipher(VALUE self)
   1.173 + {
   1.174 +     SSL *ssl;
   1.175 +-    SSL_CIPHER *cipher;
   1.176 ++    OSSL_MORE_CONST SSL_CIPHER *cipher;
   1.177 + 
   1.178 +     Data_Get_Struct(self, SSL, ssl);
   1.179 +     if (!ssl) {