- Update Ruby 1.9 to 1.9.3p385. This fixes a security issue in rdoc (CVE-2013-0256)

- Also add the patch for the security issue in the bundled json (CVE-2013-0269)
- Fix an issue with the .pc file by patching configure [1]

Reported by:	avg [1]
Security:	forthcoming

Mk/bsd.ruby.mk

@@ -196,7 +196,7 @@ RUBY19=			"@comment "
 RUBY_RELVERSION=	1.9.3
 RUBY_PORTREVISION=	0
 RUBY_PORTEPOCH=		1
-RUBY_PATCHLEVEL=	327
+RUBY_PATCHLEVEL=	385
 
 RUBY_VERSION?=		${RUBY_RELVERSION}.${RUBY_PATCHLEVEL}
 RUBY_DISTVERSION?=	${RUBY_RELVERSION}-p${RUBY_PATCHLEVEL}

lang/ruby19/distinfo

@@ -1,2 +1,2 @@
-SHA256 (ruby/ruby-1.9.3-p327.tar.bz2) = d989465242f9b11a8a3aa8cbd2c75a9b3a8c0ec2f14a087a0c7b51abf164e488
-SIZE (ruby/ruby-1.9.3-p327.tar.bz2) = 9975835
+SHA256 (ruby/ruby-1.9.3-p385.tar.bz2) = f991ee50414dc795696bad0fc5c7b0b94d93b9b38fed943326d20ce4e9dda42b
+SIZE (ruby/ruby-1.9.3-p385.tar.bz2) = 10021486

lang/ruby19/files/patch-configure.in

@@ -1,6 +1,6 @@
---- configure.in.orig	2012-02-15 19:26:09.000000000 -0500
-+++ configure.in	2012-02-16 22:28:27.617422641 -0500
-@@ -1118,11 +1118,11 @@
+--- configure.in.orig	2013-02-11 14:33:14.000000000 +0000
++++ configure.in	2013-02-11 14:30:13.000000000 +0000
+@@ -1129,11 +1129,11 @@
  [superux*], [	ac_cv_func_setitimer=no
  		],
  [	LIBS="-lm $LIBS"])
@@ -17,7 +17,7 @@
  if test "${enable_win95}" = maybe; then
      AC_HAVE_LIBRARY(unicows, [enable_win95=yes], [enable_win95=no])
  fi
-@@ -1815,7 +1815,7 @@
+@@ -1828,7 +1828,7 @@
  fi
  
  if test x"$enable_pthread" = xyes; then
@@ -26,7 +26,7 @@
  	AC_CHECK_LIB($pthread_lib, pthread_kill,
  		     rb_with_pthread=yes, rb_with_pthread=no)
  	if test "$rb_with_pthread" = "yes"; then break; fi
-@@ -1823,6 +1823,7 @@
+@@ -1836,6 +1836,7 @@
      if test x"$rb_with_pthread" = xyes; then
  	AC_DEFINE(_REENTRANT)
  	AC_DEFINE(_THREAD_SAFE)
@@ -34,3 +34,19 @@
  	AC_DEFINE(HAVE_LIBPTHREAD)
  	AC_CHECK_HEADERS(pthread_np.h, [], [], [@%:@include <pthread.h>])
  	AS_CASE([$pthread_lib],
+@@ -2080,7 +2081,6 @@
+ 			: ${LDSHARED='$(CC) -shared'}
+ 			if test "$rb_cv_binary_elf" = yes; then
+ 			    LDFLAGS="$LDFLAGS -rdynamic"
+-			    DLDFLAGS="$DLDFLAGS "'-Wl,-soname,$(.TARGET)'
+ 			else
+ 			  test "$GCC" = yes && test "$rb_cv_prog_gnu_ld" = yes || LDSHARED="ld -Bshareable"
+ 			fi
+@@ -2385,6 +2385,7 @@
+     [freebsd*|dragonfly*], [
+ 	SOLIBS='$(LIBS)'
+ 	LIBRUBY_SO='lib$(RUBY_SO_NAME).so.$(MAJOR)$(MINOR)'
++	LIBRUBY_DLDFLAGS='-Wl,-soname,$(LIBRUBY_SO)'
+ 	if test "$rb_cv_binary_elf" != "yes" ; then
+ 	    LIBRUBY_SO="$LIBRUBY_SO.\$(TEENY)"
+ 	    LIBRUBY_ALIASES=''

lang/ruby19/files/patch-json

@@ -0,0 +1,172 @@
+--- ext/json/parser/parser.c.orig
++++ ext/json/parser/parser.c
+@@ -1671,7 +1671,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
+             if (option_given_p(opts, tmp)) {
+                 json->create_additions = RTEST(rb_hash_aref(opts, tmp));
+             } else {
+-                json->create_additions = 1;
++                json->create_additions = 0;
+             }
+             tmp = ID2SYM(i_create_id);
+             if (option_given_p(opts, tmp)) {
+@@ -1718,7 +1718,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
+ }
+ 
+ 
+-#line 1719 "parser.c"
++#line 1722 "parser.c"
+ static const int JSON_start = 1;
+ static const int JSON_first_final = 10;
+ static const int JSON_error = 0;
+@@ -1726,7 +1726,7 @@ static const int JSON_error = 0;
+ static const int JSON_en_main = 1;
+ 
+ 
+-#line 726 "parser.rl"
++#line 729 "parser.rl"
+ 
+ 
+ static VALUE cParser_parse_strict(VALUE self)
+@@ -1737,16 +1737,16 @@ static VALUE cParser_parse_strict(VALUE self)
+     GET_PARSER;
+ 
+ 
+-#line 1738 "parser.c"
++#line 1741 "parser.c"
+ 	{
+ 	cs = JSON_start;
+ 	}
+ 
+-#line 736 "parser.rl"
++#line 739 "parser.rl"
+     p = json->source;
+     pe = p + json->len;
+ 
+-#line 1747 "parser.c"
++#line 1750 "parser.c"
+ 	{
+ 	if ( p == pe )
+ 		goto _test_eof;
+@@ -1802,7 +1802,7 @@ case 5:
+ 		goto st1;
+ 	goto st5;
+ tr3:
+-#line 715 "parser.rl"
++#line 718 "parser.rl"
+ 	{
+         char *np;
+         json->current_nesting = 1;
+@@ -1811,7 +1811,7 @@ tr3:
+     }
+ 	goto st10;
+ tr4:
+-#line 708 "parser.rl"
++#line 711 "parser.rl"
+ 	{
+         char *np;
+         json->current_nesting = 1;
+@@ -1823,7 +1823,7 @@ st10:
+ 	if ( ++p == pe )
+ 		goto _test_eof10;
+ case 10:
+-#line 1824 "parser.c"
++#line 1827 "parser.c"
+ 	switch( (*p) ) {
+ 		case 13: goto st10;
+ 		case 32: goto st10;
+@@ -1880,7 +1880,7 @@ case 9:
+ 	_out: {}
+ 	}
+ 
+-#line 739 "parser.rl"
++#line 742 "parser.rl"
+ 
+     if (cs >= JSON_first_final && p == pe) {
+         return result;
+@@ -1892,7 +1892,7 @@ case 9:
+ 
+ 
+ 
+-#line 1893 "parser.c"
++#line 1896 "parser.c"
+ static const int JSON_quirks_mode_start = 1;
+ static const int JSON_quirks_mode_first_final = 10;
+ static const int JSON_quirks_mode_error = 0;
+@@ -1900,7 +1900,7 @@ static const int JSON_quirks_mode_error = 0;
+ static const int JSON_quirks_mode_en_main = 1;
+ 
+ 
+-#line 764 "parser.rl"
++#line 767 "parser.rl"
+ 
+ 
+ static VALUE cParser_parse_quirks_mode(VALUE self)
+@@ -1911,16 +1911,16 @@ static VALUE cParser_parse_quirks_mode(VALUE self)
+     GET_PARSER;
+ 
+ 
+-#line 1912 "parser.c"
++#line 1915 "parser.c"
+ 	{
+ 	cs = JSON_quirks_mode_start;
+ 	}
+ 
+-#line 774 "parser.rl"
++#line 777 "parser.rl"
+     p = json->source;
+     pe = p + json->len;
+ 
+-#line 1921 "parser.c"
++#line 1924 "parser.c"
+ 	{
+ 	if ( p == pe )
+ 		goto _test_eof;
+@@ -1954,7 +1954,7 @@ st0:
+ cs = 0;
+ 	goto _out;
+ tr2:
+-#line 756 "parser.rl"
++#line 759 "parser.rl"
+ 	{
+         char *np = JSON_parse_value(json, p, pe, &result);
+         if (np == NULL) { p--; {p++; cs = 10; goto _out;} } else {p = (( np))-1;}
+@@ -1964,7 +1964,7 @@ st10:
+ 	if ( ++p == pe )
+ 		goto _test_eof10;
+ case 10:
+-#line 1965 "parser.c"
++#line 1968 "parser.c"
+ 	switch( (*p) ) {
+ 		case 13: goto st10;
+ 		case 32: goto st10;
+@@ -2053,7 +2053,7 @@ case 9:
+ 	_out: {}
+ 	}
+ 
+-#line 777 "parser.rl"
++#line 780 "parser.rl"
+ 
+     if (cs >= JSON_quirks_mode_first_final && p == pe) {
+         return result;
+--- ext/json/parser/parser.rl.orig
++++ ext/json/parser/parser.rl
+@@ -602,6 +602,9 @@ static VALUE convert_encoding(VALUE source)
+  *   defaults to true.
+  * * *object_class*: Defaults to Hash
+  * * *array_class*: Defaults to Array
++ * * *quirks_mode*: Enables quirks_mode for parser, that is for example
++ *   parsing single JSON values instead of documents is possible.
++ *
+  */
+ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
+ {
+@@ -652,7 +655,7 @@ static VALUE cParser_initialize(int argc, VALUE *argv, VALUE self)
+             if (option_given_p(opts, tmp)) {
+                 json->create_additions = RTEST(rb_hash_aref(opts, tmp));
+             } else {
+-                json->create_additions = 1;
++                json->create_additions = 0;
+             }
+             tmp = ID2SYM(i_create_id);
+             if (option_given_p(opts, tmp)) {
+

lang/ruby19/files/patch-tool_mkconfig.rb

@@ -1,12 +1,12 @@
---- tool/mkconfig.rb.orig	2010-10-04 00:53:53.000000000 -0700
-+++ tool/mkconfig.rb	2010-10-04 00:55:18.000000000 -0700
-@@ -136,7 +136,8 @@
+--- tool/mkconfig.rb.orig	2013-01-15 07:03:47.000000000 +0000
++++ tool/mkconfig.rb	2013-02-12 03:29:09.829833511 +0000
+@@ -148,7 +148,8 @@
  
  drive = File::PATH_SEPARATOR == ';'
  
--prefix = "/lib/ruby/#{version}/#{arch}"
+-prefix = "/#{v_runtime[:libdir] || 'lib'}/ruby/#{version}/#{arch}"
 +major, minor, *rest = RUBY_VERSION.split('.')
 +prefix = "/lib/ruby/#{major}.#{minor}/#{arch}"
  print "  TOPDIR = File.dirname(__FILE__).chomp!(#{prefix.dump})\n"
  print "  DESTDIR = ", (drive ? "TOPDIR && TOPDIR[/\\A[a-z]:/i] || " : ""), "'' unless defined? DESTDIR\n"
- print "  CONFIG = {}\n"
+ print <<'ARCH' if universal