diff options
| author | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-07 01:36:47 +0900 |
|---|---|---|
| committer | Kazuki Yamaguchi <k@rhe.jp> | 2016-04-07 01:36:47 +0900 |
| commit | de06b35e47f0977244e6eeb8a2eb167320157394 (patch) | |
| tree | 34af6fb3036fd62d8ac813fa3d2499914d08bc59 | |
| parent | b42d3e56e62572cb7fbf8b060648a81ed0c79be5 (diff) | |
| download | poe-de06b35e47f0977244e6eeb8a2eb167320157394.tar.gz | |
rakefile: パッチを自分で管理することにした。まだ途中だけど Ruby 1.8.0 以降ならコンパイルできる
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | Rakefile | 35 | ||||
| -rw-r--r-- | config.json | 88 | ||||
| -rw-r--r-- | patches/ruby/r16422-New-OpenSSL.patch | 243 | ||||
| -rw-r--r-- | patches/ruby/r26781-OpenSSL10.patch | 201 | ||||
| -rw-r--r-- | patches/ruby/r31346-r31528-SSLv2.patch | 45 | ||||
| -rw-r--r-- | patches/ruby/r41808-EC2M.patch | 26 | ||||
| -rw-r--r-- | patches/ruby/r51722-SSLv3.patch | 59 | ||||
| -rw-r--r-- | patches/ruby/r8532-X509_STORE_CTX-flags.patch | 45 | ||||
| -rw-r--r-- | patches/ruby/tcltklib-Tcl_GetStringResult.patch | 174 |
10 files changed, 900 insertions, 18 deletions
@@ -1,4 +1,4 @@ .*.sw* data -ruby +/ruby target @@ -35,6 +35,17 @@ end load_config +RUBY_PATCHES = { + ruby: { + /^(1.8.[01])/ => ["tcltklib-Tcl_GetStringResult"], + /^(1.8.[0-2])/ => ["r8532-X509_STORE_CTX-flags"], + /^(1.8.[0-6])/ => ["r16422-New-OpenSSL"], + /^(1.8|1.9.1)/ => ["r26781-OpenSSL10"], + /^(1.8|1.9|2.0|2.1|2.2)/ => ["r31346-r31528-SSLv2", "r51722-SSLv3"], + /^(1.8.7|1.9|2.[012])/ => ["r41808-EC2M"], + } +} + namespace :compiler do RUBY_MIRROR = "https://cache.ruby-lang.org/pub/ruby" desc "Install a ruby" @@ -63,23 +74,13 @@ namespace :compiler do system("curl -o archive.tar.gz #{Shellwords.escape(url)}") or raise("failed to download") system("tar xf archive.tar.gz") or raise("failed to extract") FileUtils.chdir(archive_dir) { - to_be_applied = [] - patch_ccnames = ["ruby/#{version.split("-").join("/")}", "ruby/#{version.split("-")[0]}", "ruby"] - patch_ccnames.each { |patch_ccname| - rvm_patchsets_path = File.expand_path("../vendor/rvm/patchsets/#{patch_ccname}/default", __FILE__) - if File.exist?(rvm_patchsets_path) - patches = File.read(rvm_patchsets_path).lines.map(&:chomp) - puts "RVM patchset found (#{patch_ccname})... #{patches.join(" ")}" - to_be_applied += patches - end - } - to_be_applied.uniq.each { |patch| - patch_path = patch_ccnames - .flat_map { |pp| ["patch", "diff"].map { |ext| File.expand_path("../vendor/rvm/patches/#{pp}/#{patch}.#{ext}", __FILE__) } } - .find(&File.method(:exist?)) - puts "applying... #{patch}" - patch_path and system("patch -R -N -p1 --dry-run <#{patch_path} || patch -N -p1 <#{patch_path}") or - raise("failed to apply patch") + RUBY_PATCHES[:ruby].each { |regexp, patch_names| + next if regexp !~ version + patch_names.each { |name| + puts "applying patch #{name}..." + system("patch -N -p1 <#{File.expand_path("../patches/ruby/#{name}.patch", __FILE__)}") or + puts("patching failed: #{name}, ignoring") + } } retriable { system("./configure --prefix=#{prefix} --enable-shared --disable-install-doc") or raise("failed to configure") diff --git a/config.json b/config.json index d64a06d..aa5a45c 100644 --- a/config.json +++ b/config.json @@ -115,6 +115,30 @@ "{}" ] }, + "ruby-1.9.3-p0": { + "version": "ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.9.2-p0": { + "version": "ruby 1.9.2p0 (2010-08-18 revision 29036) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.9.1-p0": { + "version": "ruby 1.9.1p0 (2009-01-30 revision 21907) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, "ruby-1.8.7-p358": { "version": "ruby 1.8.7 (2012-02-08 patchlevel 358) [x86_64-linux]", "version_command": "/opt/bin/ruby -v", @@ -123,6 +147,14 @@ "{}" ] }, + "ruby-1.8.7": { + "version": "ruby 1.8.7 (2008-05-31 patchlevel 0) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, "ruby-1.8.6-p420": { "version": "ruby 1.8.6 (2010-09-02 patchlevel 420) [x86_64-linux]", "version_command": "/opt/bin/ruby -v", @@ -130,6 +162,62 @@ "/opt/bin/ruby", "{}" ] + }, + "ruby-1.8.6": { + "version": "ruby 1.8.6 (2007-03-13 patchlevel 0) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.8.5": { + "version": "ruby 1.8.5 (2006-08-25) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.8.4": { + "version": "ruby 1.8.4 (2005-12-24) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.8.3": { + "version": "ruby 1.8.3 (2005-09-21) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.8.2": { + "version": "ruby 1.8.2 (2004-12-25) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.8.1": { + "version": "ruby 1.8.1 (2003-12-25) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] + }, + "ruby-1.8.0": { + "version": "ruby 1.8.0 (2003-08-04) [x86_64-linux]", + "version_command": "/opt/bin/ruby -v", + "commandline": [ + "/opt/bin/ruby", + "{}" + ] } }, "php": { diff --git a/patches/ruby/r16422-New-OpenSSL.patch b/patches/ruby/r16422-New-OpenSSL.patch new file mode 100644 index 0000000..969ce83 --- /dev/null +++ b/patches/ruby/r16422-New-OpenSSL.patch @@ -0,0 +1,243 @@ +diff --git a/ext/openssl/openssl_missing.c b/ext/openssl/openssl_missing.c +index f77731e..724f36b 100644 +--- a/ext/openssl/openssl_missing.c ++++ b/ext/openssl/openssl_missing.c +@@ -22,17 +22,15 @@ + #include "openssl_missing.h" + + #if !defined(HAVE_HMAC_CTX_COPY) +-int ++void + HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in) + { +- if (!out || !in) return 0; ++ if (!out || !in) return; + memcpy(out, in, sizeof(HMAC_CTX)); + +- if (!EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx) +- || !EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx) +- || !EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx)) +- return 0; +- return 1; ++ EVP_MD_CTX_copy(&out->md_ctx, &in->md_ctx); ++ EVP_MD_CTX_copy(&out->i_ctx, &in->i_ctx); ++ EVP_MD_CTX_copy(&out->o_ctx, &in->o_ctx); + } + #endif /* HAVE_HMAC_CTX_COPY */ + #endif /* NO_HMAC */ +diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h +for Ruby 1.8.1 or older +--- a/ext/openssl/openssl_missing.h ++++ b/ext/openssl/openssl_missing.h +@@ -56,12 +56,33 @@ + (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) + #endif + +-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); +-void *X509_STORE_get_ex_data(X509_STORE *str, int idx); +-int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); ++#if !defined(HAVE_EVP_MD_CTX_INIT) ++void HMAC_CTX_init(HMAC_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_HMAC_CTX_COPY) ++void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); ++#endif ++ ++#if !defined(HAVE_HMAC_CTX_CLEANUP) ++void HMAC_CTX_cleanup(HMAC_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_CREATE) + EVP_MD_CTX *EVP_MD_CTX_create(void); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_INIT) ++void EVP_MD_CTX_init(EVP_MD_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_CLEANUP) + int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_DESTROY) + void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); ++#endif + + #if !defined(EVP_CIPHER_name) + # define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) +@@ -83,17 +104,54 @@ + # define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) + #endif + ++#if !defined(HAVE_X509_STORE_SET_EX_DATA) ++void *X509_STORE_get_ex_data(X509_STORE *str, int idx); ++int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); ++#endif ++ ++#if !defined(HAVE_X509_CRL_SET_VERSION) + int X509_CRL_set_version(X509_CRL *x, long version); ++#endif ++ ++#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); ++#endif ++ ++#if !defined(HAVE_X509_CRL_SORT) + int X509_CRL_sort(X509_CRL *c); ++#endif ++ ++#if !defined(HAVE_X509_CRL_ADD0_REVOKED) + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); ++#endif ++ ++#if !defined(HAVE_BN_MOD_SQR) + int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_BN_MOD_ADD) + int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_BN_MOD_SUB) + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_BN_RAND_RANGE) + int BN_rand_range(BIGNUM *r, BIGNUM *range); ++#endif ++ ++#if !defined(HAVE_BN_PSEUDO_RAND_RANGE) + int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range); ++#endif ++ ++#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) + char *CONF_get1_default_config_file(void); ++#endif ++ ++#if !defined(HAVE_PEM_DEF_CALLBACK) + int PEM_def_callback(char *buf, int num, int w, void *key); ++#endif + + #if defined(__cplusplus) + } +diff --git a/ext/openssl/openssl_missing.h b/ext/openssl/openssl_missing.h +index e8c75ca..3450b81 100644 +--- a/ext/openssl/openssl_missing.h ++++ b/ext/openssl/openssl_missing.h +@@ -56,14 +56,33 @@ extern "C" { + (char *(*)())d2i_PKCS7_RECIP_INFO, (char *)ri) + #endif + ++#if !defined(HAVE_EVP_MD_CTX_INIT) + void HMAC_CTX_init(HMAC_CTX *ctx); +-int HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); ++#endif ++ ++#if !defined(HAVE_HMAC_CTX_COPY) ++void HMAC_CTX_copy(HMAC_CTX *out, HMAC_CTX *in); ++#endif ++ ++#if !defined(HAVE_HMAC_CTX_CLEANUP) + void HMAC_CTX_cleanup(HMAC_CTX *ctx); ++#endif + ++#if !defined(HAVE_EVP_MD_CTX_CREATE) + EVP_MD_CTX *EVP_MD_CTX_create(void); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_INIT) + void EVP_MD_CTX_init(EVP_MD_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_CLEANUP) + int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_EVP_MD_CTX_DESTROY) + void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); ++#endif + + #if !defined(HAVE_EVP_CIPHER_CTX_COPY) + int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); +@@ -107,19 +126,54 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, EVP_CIPHER_CTX *in); + #define OPENSSL_cleanse(p, l) memset(p, 0, l) + #endif + ++#if !defined(HAVE_X509_STORE_SET_EX_DATA) + void *X509_STORE_get_ex_data(X509_STORE *str, int idx); + int X509_STORE_set_ex_data(X509_STORE *str, int idx, void *data); ++#endif ++ ++#if !defined(HAVE_X509_CRL_SET_VERSION) + int X509_CRL_set_version(X509_CRL *x, long version); ++#endif ++ ++#if !defined(HAVE_X509_CRL_SET_ISSUER_NAME) + int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); ++#endif ++ ++#if !defined(HAVE_X509_CRL_SORT) + int X509_CRL_sort(X509_CRL *c); ++#endif ++ ++#if !defined(HAVE_X509_CRL_ADD0_REVOKED) + int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); ++#endif ++ ++#if !defined(HAVE_BN_MOD_SQR) + int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_BN_MOD_ADD) + int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_BN_MOD_SUB) + int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); ++#endif ++ ++#if !defined(HAVE_BN_RAND_RANGE) + int BN_rand_range(BIGNUM *r, BIGNUM *range); ++#endif ++ ++#if !defined(HAVE_BN_PSEUDO_RAND_RANGE) + int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range); ++#endif ++ ++#if !defined(HAVE_CONF_GET1_DEFAULT_CONFIG_FILE) + char *CONF_get1_default_config_file(void); ++#endif ++ ++#if !defined(HAVE_PEM_DEF_CALLBACK) + int PEM_def_callback(char *buf, int num, int w, void *key); ++#endif + + #if defined(__cplusplus) + } +diff --git a/ext/openssl/ossl_hmac.c b/ext/openssl/ossl_hmac.c +index ba85f52..ef77d6c 100644 +--- a/ext/openssl/ossl_hmac.c ++++ b/ext/openssl/ossl_hmac.c +@@ -87,9 +87,7 @@ ossl_hmac_copy(VALUE self, VALUE other) + GetHMAC(self, ctx1); + SafeGetHMAC(other, ctx2); + +- if (!HMAC_CTX_copy(ctx1, ctx2)) { +- ossl_raise(eHMACError, NULL); +- } ++ HMAC_CTX_copy(ctx1, ctx2); + return self; + } + +@@ -115,9 +113,7 @@ hmac_final(HMAC_CTX *ctx, char **buf, int *buf_len) + { + HMAC_CTX final; + +- if (!HMAC_CTX_copy(&final, ctx)) { +- ossl_raise(eHMACError, NULL); +- } ++ HMAC_CTX_copy(&final, ctx); + if (!(*buf = OPENSSL_malloc(HMAC_size(&final)))) { + HMAC_CTX_cleanup(&final); + OSSL_Debug("Allocating %d mem", HMAC_size(&final)); diff --git a/patches/ruby/r26781-OpenSSL10.patch b/patches/ruby/r26781-OpenSSL10.patch new file mode 100644 index 0000000..9484c37 --- /dev/null +++ b/patches/ruby/r26781-OpenSSL10.patch @@ -0,0 +1,201 @@ +diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c +index d4a2dc1..85ba654 100644 +--- a/ext/openssl/ossl.c ++++ b/ext/openssl/ossl.c +@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary) + + #define OSSL_IMPL_SK2ARY(name, type) \ + VALUE \ +-ossl_##name##_sk2ary(STACK *sk) \ ++ossl_##name##_sk2ary(STACK_OF(type) *sk) \ + { \ + type *t; \ + int i, num; \ +@@ -102,7 +102,7 @@ ossl_##name##_sk2ary(STACK *sk) \ + OSSL_Debug("empty sk!"); \ + return Qnil; \ + } \ +- num = sk_num(sk); \ ++ num = sk_##type##_num(sk); \ + if (num < 0) { \ + OSSL_Debug("items in sk < -1???"); \ + return rb_ary_new(); \ +@@ -110,7 +110,7 @@ ossl_##name##_sk2ary(STACK *sk) \ + ary = rb_ary_new2(num); \ + \ + for (i=0; i<num; i++) { \ +- t = (type *)sk_value(sk, i); \ ++ t = sk_##type##_value(sk, i); \ + rb_ary_push(ary, ossl_##name##_new(t)); \ + } \ + return ary; \ +diff --git a/ext/openssl/ossl.h b/ext/openssl/ossl.h +index 9ac1525..4bb18d5 100644 +--- a/ext/openssl/ossl.h ++++ b/ext/openssl/ossl.h +@@ -104,6 +104,13 @@ extern VALUE eOSSLError; + } while (0) + + /* ++ * Compatibility ++ */ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#define STACK _STACK ++#endif ++ ++/* + * String to HEXString conversion + */ + int string2hex(const unsigned char *, int, char **, int *); +diff --git a/ext/openssl/ossl_pkcs7.c b/ext/openssl/ossl_pkcs7.c +index fe1ef7c..b0cc656 100644 +--- a/ext/openssl/ossl_pkcs7.c ++++ b/ext/openssl/ossl_pkcs7.c +@@ -572,12 +572,11 @@ ossl_pkcs7_add_certificate(VALUE self, VALUE cert) + return self; + } + +-static STACK * +-pkcs7_get_certs_or_crls(VALUE self, int want_certs) ++static STACK_OF(X509) * ++pkcs7_get_certs(VALUE self) + { + PKCS7 *pkcs7; + STACK_OF(X509) *certs; +- STACK_OF(X509_CRL) *crls; + int i; + + GetPKCS7(self, pkcs7); +@@ -585,17 +584,38 @@ pkcs7_get_certs_or_crls(VALUE self, int want_certs) + switch(i){ + case NID_pkcs7_signed: + certs = pkcs7->d.sign->cert; +- crls = pkcs7->d.sign->crl; + break; + case NID_pkcs7_signedAndEnveloped: + certs = pkcs7->d.signed_and_enveloped->cert; ++ break; ++ default: ++ certs = NULL; ++ } ++ ++ return certs; ++} ++ ++static STACK_OF(X509_CRL) * ++pkcs7_get_crls(VALUE self) ++{ ++ PKCS7 *pkcs7; ++ STACK_OF(X509_CRL) *crls; ++ int i; ++ ++ GetPKCS7(self, pkcs7); ++ i = OBJ_obj2nid(pkcs7->type); ++ switch(i){ ++ case NID_pkcs7_signed: ++ crls = pkcs7->d.sign->crl; ++ break; ++ case NID_pkcs7_signedAndEnveloped: + crls = pkcs7->d.signed_and_enveloped->crl; + break; + default: +- certs = crls = NULL; ++ crls = NULL; + } + +- return want_certs ? certs : crls; ++ return crls; + } + + static VALUE +@@ -610,7 +630,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary) + STACK_OF(X509) *certs; + X509 *cert; + +- certs = pkcs7_get_certs_or_crls(self, 1); ++ certs = pkcs7_get_certs(self); + while((cert = sk_X509_pop(certs))) X509_free(cert); + rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_certs_i, self); + +@@ -620,7 +640,7 @@ ossl_pkcs7_set_certificates(VALUE self, VALUE ary) + static VALUE + ossl_pkcs7_get_certificates(VALUE self) + { +- return ossl_x509_sk2ary(pkcs7_get_certs_or_crls(self, 1)); ++ return ossl_x509_sk2ary(pkcs7_get_certs(self)); + } + + static VALUE +@@ -650,7 +670,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary) + STACK_OF(X509_CRL) *crls; + X509_CRL *crl; + +- crls = pkcs7_get_certs_or_crls(self, 0); ++ crls = pkcs7_get_crls(self); + while((crl = sk_X509_CRL_pop(crls))) X509_CRL_free(crl); + rb_block_call(ary, rb_intern("each"), 0, 0, ossl_pkcs7_set_crls_i, self); + +@@ -660,7 +680,7 @@ ossl_pkcs7_set_crls(VALUE self, VALUE ary) + static VALUE + ossl_pkcs7_get_crls(VALUE self) + { +- return ossl_x509crl_sk2ary(pkcs7_get_certs_or_crls(self, 0)); ++ return ossl_x509crl_sk2ary(pkcs7_get_crls(self)); + } + + static VALUE +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index 97c5583..fe6e74f 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -1403,10 +1403,10 @@ ossl_ssl_get_peer_cert_chain(VALUE self) + } + chain = SSL_get_peer_cert_chain(ssl); + if(!chain) return Qnil; +- num = sk_num(chain); ++ num = sk_X509_num(chain); + ary = rb_ary_new2(num); + for (i = 0; i < num; i++){ +- cert = (X509*)sk_value(chain, i); ++ cert = sk_X509_value(chain, i); + rb_ary_push(ary, ossl_x509_new(cert)); + } + +diff --git a/ext/openssl/ossl_x509attr.c b/ext/openssl/ossl_x509attr.c +index 1f817cd..2a4c481 100644 +--- a/ext/openssl/ossl_x509attr.c ++++ b/ext/openssl/ossl_x509attr.c +@@ -218,8 +218,9 @@ ossl_x509attr_get_value(VALUE self) + ossl_str_adjust(str, p); + } + else{ +- length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, NULL, +- i2d_ASN1_TYPE, V_ASN1_SET, V_ASN1_UNIVERSAL, 0); ++ length = i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, ++ (unsigned char **) NULL, i2d_ASN1_TYPE, ++ V_ASN1_SET, V_ASN1_UNIVERSAL, 0); + str = rb_str_new(0, length); + p = (unsigned char *)RSTRING_PTR(str); + i2d_ASN1_SET_OF_ASN1_TYPE(attr->value.set, &p, +diff --git a/ext/openssl/ossl_x509crl.c b/ext/openssl/ossl_x509crl.c +index 1be9640..818fdba 100644 +--- a/ext/openssl/ossl_x509crl.c ++++ b/ext/openssl/ossl_x509crl.c +@@ -264,7 +264,7 @@ ossl_x509crl_get_revoked(VALUE self) + VALUE ary, revoked; + + GetX509CRL(self, crl); +- num = sk_X509_CRL_num(X509_CRL_get_REVOKED(crl)); ++ num = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); + if (num < 0) { + OSSL_Debug("num < 0???"); + return rb_ary_new(); +@@ -272,7 +272,7 @@ ossl_x509crl_get_revoked(VALUE self) + ary = rb_ary_new2(num); + for(i=0; i<num; i++) { + /* NO DUP - don't free! */ +- rev = (X509_REVOKED *)sk_X509_CRL_value(X509_CRL_get_REVOKED(crl), i); ++ rev = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); + revoked = ossl_x509revoked_new(rev); + rb_ary_push(ary, revoked); + } diff --git a/patches/ruby/r31346-r31528-SSLv2.patch b/patches/ruby/r31346-r31528-SSLv2.patch new file mode 100644 index 0000000..6185bca --- /dev/null +++ b/patches/ruby/r31346-r31528-SSLv2.patch @@ -0,0 +1,45 @@ +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index b1f2d88..1bd5a07 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -100,6 +100,9 @@ + have_func("OBJ_NAME_do_all_sorted") + have_func("SSL_SESSION_get_id") + have_func("OPENSSL_cleanse") ++have_func("SSLv2_method") ++have_func("SSLv2_server_method") ++have_func("SSLv2_client_method") + if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") + $defs.push("-DHAVE_VA_ARGS_MACRO") + end +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index b1f2d88..1bd5a07 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -100,6 +100,9 @@ + have_func("SSL_SESSION_get_id") + have_func("SSL_SESSION_cmp") + have_func("OPENSSL_cleanse") ++have_func("SSLv2_method") ++have_func("SSLv2_server_method") ++have_func("SSLv2_client_method") + unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h']) + have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME") + end +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index d8951fb..d750e95 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -107,9 +107,12 @@ struct { + OSSL_SSL_METHOD_ENTRY(TLSv1), + OSSL_SSL_METHOD_ENTRY(TLSv1_server), + OSSL_SSL_METHOD_ENTRY(TLSv1_client), ++#if defined(HAVE_SSLV2_METHOD) && defined(HAVE_SSLV2_SERVER_METHOD) && \ ++ defined(HAVE_SSLV2_CLIENT_METHOD) + OSSL_SSL_METHOD_ENTRY(SSLv2), + OSSL_SSL_METHOD_ENTRY(SSLv2_server), + OSSL_SSL_METHOD_ENTRY(SSLv2_client), ++#endif + OSSL_SSL_METHOD_ENTRY(SSLv3), + OSSL_SSL_METHOD_ENTRY(SSLv3_server), + OSSL_SSL_METHOD_ENTRY(SSLv3_client), diff --git a/patches/ruby/r41808-EC2M.patch b/patches/ruby/r41808-EC2M.patch new file mode 100644 index 0000000..957e989 --- /dev/null +++ b/patches/ruby/r41808-EC2M.patch @@ -0,0 +1,26 @@ +diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c +index 9d7607e..5e419bd 100644 +--- a/ext/openssl/ossl_pkey_ec.c ++++ b/ext/openssl/ossl_pkey_ec.c +@@ -762,8 +762,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) + method = EC_GFp_mont_method(); + } else if (id == s_GFp_nist) { + method = EC_GFp_nist_method(); ++#if !defined(OPENSSL_NO_EC2M) + } else if (id == s_GF2m_simple) { + method = EC_GF2m_simple_method(); ++#endif + } + + if (method) { +@@ -817,8 +819,10 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self) + + if (id == s_GFp) { + new_curve = EC_GROUP_new_curve_GFp; ++#if !defined(OPENSSL_NO_EC2M) + } else if (id == s_GF2m) { + new_curve = EC_GROUP_new_curve_GF2m; ++#endif + } else { + ossl_raise(rb_eArgError, "unknown symbol, must be :GFp or :GF2m"); + } diff --git a/patches/ruby/r51722-SSLv3.patch b/patches/ruby/r51722-SSLv3.patch new file mode 100644 index 0000000..c5d70be --- /dev/null +++ b/patches/ruby/r51722-SSLv3.patch @@ -0,0 +1,59 @@ +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index 8c04cb5..132d803 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -104,6 +104,9 @@ + have_func("SSLv2_method") + have_func("SSLv2_server_method") + have_func("SSLv2_client_method") ++have_func("SSLv3_method") ++have_func("SSLv3_server_method") ++have_func("SSLv3_client_method") + if try_compile("#define FOO(a, ...) foo(a, ##__VA_ARGS__)\n int x(){FOO(1);FOO(1,2);FOO(1,2,3);}\n") + $defs.push("-DHAVE_VA_ARGS_MACRO") + end +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index 8c04cb5..132d803 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -104,6 +104,9 @@ + have_func("SSLv2_method") + have_func("SSLv2_server_method") + have_func("SSLv2_client_method") ++have_func("SSLv3_method") ++have_func("SSLv3_server_method") ++have_func("SSLv3_client_method") + unless have_func("SSL_set_tlsext_host_name", ['openssl/ssl.h']) + have_macro("SSL_set_tlsext_host_name", ['openssl/ssl.h']) && $defs.push("-DHAVE_SSL_SET_TLSEXT_HOST_NAME") + end +diff --git a/ext/openssl/extconf.rb b/ext/openssl/extconf.rb +index 8c04cb5..132d803 100644 +--- a/ext/openssl/extconf.rb ++++ b/ext/openssl/extconf.rb +@@ -104,6 +104,9 @@ + have_func("SSLv2_method") + have_func("SSLv2_server_method") + have_func("SSLv2_client_method") ++have_func("SSLv3_method") ++have_func("SSLv3_server_method") ++have_func("SSLv3_client_method") + have_func("TLSv1_1_method") + have_func("TLSv1_1_server_method") + have_func("TLSv1_1_client_method") +diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c +index f7cb7f0..47111f6 100644 +--- a/ext/openssl/ossl_ssl.c ++++ b/ext/openssl/ossl_ssl.c +@@ -109,9 +109,12 @@ static const struct { + OSSL_SSL_METHOD_ENTRY(SSLv2_server), + OSSL_SSL_METHOD_ENTRY(SSLv2_client), + #endif ++#if defined(HAVE_SSLV3_METHOD) && defined(HAVE_SSLV3_SERVER_METHOD) && \ ++ defined(HAVE_SSLV3_CLIENT_METHOD) + OSSL_SSL_METHOD_ENTRY(SSLv3), + OSSL_SSL_METHOD_ENTRY(SSLv3_server), + OSSL_SSL_METHOD_ENTRY(SSLv3_client), ++#endif + OSSL_SSL_METHOD_ENTRY(SSLv23), + OSSL_SSL_METHOD_ENTRY(SSLv23_server), + OSSL_SSL_METHOD_ENTRY(SSLv23_client), diff --git a/patches/ruby/r8532-X509_STORE_CTX-flags.patch b/patches/ruby/r8532-X509_STORE_CTX-flags.patch new file mode 100644 index 0000000..d02e853 --- /dev/null +++ b/patches/ruby/r8532-X509_STORE_CTX-flags.patch @@ -0,0 +1,45 @@ +diff --git a/ext/openssl/ossl_x509store.c b/ext/openssl/ossl_x509store.c +index b08f90c..5dba733 100644 +--- a/ext/openssl/ossl_x509store.c ++++ b/ext/openssl/ossl_x509store.c +@@ -358,7 +358,7 @@ static VALUE ossl_x509stctx_set_time(VALUE, VALUE); + static VALUE + ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) + { +- VALUE store, cert, chain; ++ VALUE store, cert, chain, t; + X509_STORE_CTX *ctx; + X509_STORE *x509st; + X509 *x509 = NULL; +@@ -380,7 +380,8 @@ ossl_x509stctx_initialize(int argc, VALUE *argv, VALUE self) + ossl_x509stctx_set_purpose(self, rb_iv_get(store, "@purpose")); + ossl_x509stctx_set_trust(self, rb_iv_get(store, "@trust")); + #endif +- ossl_x509stctx_set_time(self, rb_iv_get(store, "@time")); ++ if (!NIL_P(t = rb_iv_get(store, "@time"))) ++ ossl_x509stctx_set_time(self, t); + rb_iv_set(self, "@verify_callback", rb_iv_get(store, "@verify_callback")); + rb_iv_set(self, "@cert", cert); + +@@ -546,17 +547,11 @@ static VALUE + ossl_x509stctx_set_time(VALUE self, VALUE time) + { + X509_STORE_CTX *store; ++ long t; + +- if(NIL_P(time)) { +- GetX509StCtx(self, store); +- store->flags &= ~X509_V_FLAG_USE_CHECK_TIME; +- } +- else { +- long t = NUM2LONG(rb_Integer(time)); +- +- GetX509StCtx(self, store); +- X509_STORE_CTX_set_time(store, 0, t); +- } ++ t = NUM2LONG(rb_Integer(time)); ++ GetX509StCtx(self, store); ++ X509_STORE_CTX_set_time(store, 0, t); + + return time; + } diff --git a/patches/ruby/tcltklib-Tcl_GetStringResult.patch b/patches/ruby/tcltklib-Tcl_GetStringResult.patch new file mode 100644 index 0000000..74611a9 --- /dev/null +++ b/patches/ruby/tcltklib-Tcl_GetStringResult.patch @@ -0,0 +1,174 @@ +diff --git a/ext/tcltklib/tcltklib.c b/ext/tcltklib/tcltklib.c +for Ruby 1.8.0 +--- a/ext/tcltklib/tcltklib.c ++++ b/ext/tcltklib/tcltklib.c +@@ -533,12 +533,12 @@ + if (Tcl_IsSafe(ptr->ip)) { + DUMP1("Tk_SafeInit"); + if (Tk_SafeInit(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + } else { + DUMP1("Tk_Init"); + if (Tk_Init(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + } + #else +@@ -667,7 +667,7 @@ + /* from Tcl_AppInit() */ + DUMP1("Tcl_Init"); + if (Tcl_Init(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + + /* set variables */ +@@ -689,7 +689,7 @@ + /* from Tcl_AppInit() */ + DUMP1("Tk_Init"); + if (Tk_Init(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + DUMP1("Tcl_StaticPackage(\"Tk\")"); + #if TCL_MAJOR_VERSION >= 8 +@@ -756,7 +756,7 @@ + struct tcltkip *ptr = get_ip(self); + + if (Tcl_MakeSafe(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + + return self; +@@ -819,13 +819,13 @@ + DUMP2("Tcl_Eval(%s)", buf); + ptr->return_value = Tcl_Eval(ptr->ip, buf); + if (ptr->return_value == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + DUMP2("(TCL_Eval result) %d", ptr->return_value); + + /* pass back the result (as string) */ + /* return(rb_str_new2(ptr->ip->result)); */ +- return(rb_tainted_str_new2(ptr->ip->result)); ++ return(rb_tainted_str_new2(Tcl_GetStringResult(ptr->ip))); + } + + static VALUE +@@ -1021,12 +1021,12 @@ + /* exception on mainloop */ + if (ptr->return_value == TCL_ERROR) { + if (event_loop_abort_on_exc > 0 && !Tcl_InterpDeleted(ptr->ip)) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } else { + if (event_loop_abort_on_exc < 0) { +- rb_warning("%s (ignore)", ptr->ip->result); ++ rb_warning("%s (ignore)", Tcl_GetStringResult(ptr->ip)); + } else { +- rb_warn("%s (ignore)", ptr->ip->result); ++ rb_warn("%s (ignore)", Tcl_GetStringResult(ptr->ip)); + } + Tcl_ResetResult(ptr->ip); + return rb_tainted_str_new2(""); +@@ -1035,7 +1035,7 @@ + + /* pass back the result (as string) */ + /* return rb_str_new2(ptr->ip->result); */ +- return rb_tainted_str_new2(ptr->ip->result); ++ return rb_tainted_str_new2(Tcl_GetStringResult(ptr->ip)); + } + + VALUE +diff --git a/ext/tcltklib/tcltklib.c b/ext/tcltklib/tcltklib.c +for Ruby 1.8.1 +--- a/ext/tcltklib/tcltklib.c ++++ b/ext/tcltklib/tcltklib.c +@@ -1540,7 +1540,7 @@ + /* from Tcl_AppInit() */ + DUMP1("Tcl_Init"); + if (Tcl_Init(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + + /* set variables */ +@@ -1568,7 +1568,7 @@ + if (with_tk) { + DUMP1("Tk_Init"); + if (Tk_Init(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + DUMP1("Tcl_StaticPackage(\"Tk\")"); + #if TCL_MAJOR_VERSION >= 8 +@@ -1681,7 +1681,7 @@ + struct tcltkip *ptr = get_ip(self); + + if (Tcl_MakeSafe(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + + return self; +@@ -1745,13 +1745,13 @@ + DUMP2("Tcl_Eval(%s)", buf); + ptr->return_value = Tcl_Eval(ptr->ip, buf); + if (ptr->return_value == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + DUMP2("(TCL_Eval result) %d", ptr->return_value); + + /* pass back the result (as string) */ + /* return(rb_str_new2(ptr->ip->result)); */ +- return(rb_tainted_str_new2(ptr->ip->result)); ++ return(rb_tainted_str_new2(Tcl_GetStringResult(ptr->ip))); + } + + static VALUE +@@ -1894,12 +1894,12 @@ + if (Tcl_IsSafe(ptr->ip)) { + DUMP1("Tk_SafeInit"); + if (Tk_SafeInit(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + } else { + DUMP1("Tk_Init"); + if (Tk_Init(ptr->ip) == TCL_ERROR) { +- rb_raise(rb_eRuntimeError, "%s", ptr->ip->result); ++ rb_raise(rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } + } + #else +@@ -2138,12 +2138,12 @@ + if (ptr->return_value == TCL_ERROR) { + if (event_loop_abort_on_exc > 0 && !Tcl_InterpDeleted(ptr->ip)) { + /*rb_ip_raise(obj, rb_eRuntimeError, "%s", ptr->ip->result);*/ +- return create_ip_exc(obj, rb_eRuntimeError, "%s", ptr->ip->result); ++ return create_ip_exc(obj, rb_eRuntimeError, "%s", Tcl_GetStringResult(ptr->ip)); + } else { + if (event_loop_abort_on_exc < 0) { +- rb_warning("%s (ignore)", ptr->ip->result); ++ rb_warning("%s (ignore)", Tcl_GetStringResult(ptr->ip)); + } else { +- rb_warn("%s (ignore)", ptr->ip->result); ++ rb_warn("%s (ignore)", Tcl_GetStringResult(ptr->ip)); + } + Tcl_ResetResult(ptr->ip); + return rb_tainted_str_new2(""); +@@ -2152,7 +2152,7 @@ + + /* pass back the result (as string) */ + /* return rb_str_new2(ptr->ip->result); */ +- return rb_tainted_str_new2(ptr->ip->result); ++ return rb_tainted_str_new2(Tcl_GetStringResult(ptr->ip)); + } + + VALUE |