Security fix for CVE-2006-5467 from ruby CVS.

More info: http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html http://www.securityfocus.com/bid/20777/info ok msf@
2006-11-02 12:46:13 +00:00 · 2006-11-02 12:46:13 +00:00 · 182ef239b3
commit 182ef239b3
parent 14eaba9d24
2 changed files with 20 additions and 2 deletions
--- a/lang/ruby/Makefile
+++ b/lang/ruby/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.46 2006/10/26 18:15:24 bernd Exp $
+# $OpenBSD: Makefile,v 1.47 2006/11/02 12:46:13 bernd Exp $

 SHARED_ONLY=		Yes

@ -10,7 +10,7 @@ COMMENT-tk=		"tk interface for ruby"
 VERSION=		1.8.5
 DISTNAME=		ruby-${VERSION}
 SHARED_LIBS=		ruby 1.85
-PKGNAME=		${DISTNAME}p0
+PKGNAME=		${DISTNAME}p1
 PKGNAME-iconv=		ruby-iconv-${VERSION}p2
 PKGNAME-gdbm=		ruby-gdbm-${VERSION}p2
 PKGNAME-tk=		ruby-tk-${VERSION}p2
--- a/lang/ruby/patches/patch-lib_cgi_rb
+++ b/lang/ruby/patches/patch-lib_cgi_rb
@ -0,0 +1,18 @@
+$OpenBSD: patch-lib_cgi_rb,v 1.1 2006/11/02 12:46:13 bernd Exp $
+
+Security fix for CVE-2006-5467 from ruby CVS. Should be fixed in >1.8.5.
+
+http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
+http://www.securityfocus.com/bid/20777/info
+
+--- lib/cgi.rb.orig	Tue Oct 31 11:56:58 2006
+++ lib/cgi.rb	Tue Oct 31 11:59:48 2006
+@@ -1018,7 +1018,7 @@ class CGI
+               else
+                 stdinput.read(content_length)
+               end
+-          if c.nil?
+          if c.nil? || c.empty?
+             raise EOFError, "bad content body"
+           end
+           buf.concat(c)