From d1ae1a49911da2308bf110018aac94b83c9fdb56 Mon Sep 17 00:00:00 2001
From: "Markus M. May" <mmay@javafreedom.org>
Date: Tue, 24 Nov 2009 23:00:08 +0100
Subject: [PATCH] Add patch, so that Redmine can run :-)

---
 rails/0001-ruby-1.9-friendly-secure_compare.patch | 39 +++++++++++++++++++++++
 rails/PKGBUILD                                    | 10 +++++-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 rails/0001-ruby-1.9-friendly-secure_compare.patch

diff --git a/rails/0001-ruby-1.9-friendly-secure_compare.patch b/rails/0001-ruby-1.9-friendly-secure_compare.patch
new file mode 100644
index 0000000..f46b7b0
--- /dev/null
+++ b/rails/0001-ruby-1.9-friendly-secure_compare.patch
@@ -0,0 +1,39 @@
+--- activesupport/lib/active_support/message_verifier.rb
++++ activesupport/lib/active_support/message_verifier.rb
+@@ -40,14 +40,27 @@ module ActiveSupport
+     private
+       # constant-time comparison algorithm to prevent timing attacks
+       def secure_compare(a, b)
+-        if a.length == b.length
+-          result = 0
+-          for i in 0..(a.length - 1)
+-            result |= a[i] ^ b[i]
++        if a.respond_to?(:bytesize)
++          # > 1.8.6 friendly version
++          if a.bytesize == b.bytesize
++            result = 0
++            j = b.each_byte
++            a.each_byte { |i| result |= i ^ j.next }
++            result == 0
++          else
++            false
+           end
+-          result == 0
+         else
+-          false
++          # <= 1.8.6 friendly version
++          if a.size == b.size
++            result = 0
++            for i in 0..(a.length - 1)
++              result |= a[i] ^ b[i]
++            end
++            result == 0
++          else
++            false
++          end
+         end
+       end
+ 
+-- 
+1.6.0.4
+
diff --git a/rails/PKGBUILD b/rails/PKGBUILD
index e9ad890..19134d9 100644
--- a/rails/PKGBUILD
+++ b/rails/PKGBUILD
@@ -1,4 +1,4 @@
-# Maintainer: Markus M. May <mmay@javafreedom.org>
+# Contributor: Markus M. May <mmay@javafreedom.org>
 # Contributor: Niel Drummond <niel.drummond@grumpytoad.org>
 pkgname=rails
 pkgver=2.3.4
@@ -19,6 +19,7 @@ source=(
 	"http://rubyforge.org/frs/download.php/55681/rack-1.0.0.gem"
 	"http://rubyforge.org/frs/download.php/63167/${pkgname}-${pkgver}.gem"
 	"rails_wrapper.diff.gz"
+    "0001-ruby-1.9-friendly-secure_compare.patch"
 	"gem_dependency_workaround.diff.gz"
 )
 
@@ -30,6 +31,7 @@ md5sums=('ee059377acd0536645e6a06a96f1ffcc'
          '014e29fa0aad84dd0fb4fc9707be7b8a'
          '4e3cf205580b7839584570c8be674314'
          '83cded3017ccccbcd651b475ed2c0f99'
+         'b70594735ab594603171ea134576f524'
          '9513fcc08a2e67cde4415ed316db4ff2')
 
 _dependencies=(
@@ -80,8 +82,14 @@ build() {
 	msg "Applying gem dependency workaround."
 	cat "${startdir}/src/gem_dependency_workaround.diff" | patch -Nsp0
 
+    # apply patch for secure compare
+
 	# correct gem naming convention.
 	cd ${startdir}/pkg/usr/share/rails
 	mv rails railties
 
+    # apply patch https://rails.lighthouseapp.com/projects/8994/tickets/3144/
+    msg "Applying 1.9 friendly secure compare patch."
+    cd ${startdir}/pkg/usr/share/rails
+    patch -p0 < ${startdir}/src/0001-ruby-1.9-friendly-secure_compare.patch
 }
-- 
2.11.4.GIT