From 182ef239b35763f7dab819c2880d179990ed59bd Mon Sep 17 00:00:00 2001
From: bernd <bernd@openbsd.org>
Date: Thu, 2 Nov 2006 12:46:13 +0000
Subject: [PATCH] Security fix for CVE-2006-5467 from ruby CVS.

More info:
http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
http://www.securityfocus.com/bid/20777/info

ok msf@
---
 lang/ruby/Makefile                 |  4 ++--
 lang/ruby/patches/patch-lib_cgi_rb | 18 ++++++++++++++++++
 2 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 lang/ruby/patches/patch-lib_cgi_rb

diff --git a/lang/ruby/Makefile b/lang/ruby/Makefile
index fded470baaf..e3fcf24b5c4 100644
--- a/lang/ruby/Makefile
+++ b/lang/ruby/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.46 2006/10/26 18:15:24 bernd Exp $
+# $OpenBSD: Makefile,v 1.47 2006/11/02 12:46:13 bernd Exp $
 
 SHARED_ONLY=		Yes
 
@@ -10,7 +10,7 @@ COMMENT-tk=		"tk interface for ruby"
 VERSION=		1.8.5
 DISTNAME=		ruby-${VERSION}
 SHARED_LIBS=		ruby 1.85
-PKGNAME=		${DISTNAME}p0
+PKGNAME=		${DISTNAME}p1
 PKGNAME-iconv=		ruby-iconv-${VERSION}p2
 PKGNAME-gdbm=		ruby-gdbm-${VERSION}p2
 PKGNAME-tk=		ruby-tk-${VERSION}p2
diff --git a/lang/ruby/patches/patch-lib_cgi_rb b/lang/ruby/patches/patch-lib_cgi_rb
new file mode 100644
index 00000000000..726360a694b
--- /dev/null
+++ b/lang/ruby/patches/patch-lib_cgi_rb
@@ -0,0 +1,18 @@
+$OpenBSD: patch-lib_cgi_rb,v 1.1 2006/11/02 12:46:13 bernd Exp $
+
+Security fix for CVE-2006-5467 from ruby CVS. Should be fixed in >1.8.5.
+
+http://rubyforge.org/pipermail/mongrel-users/2006-October/001946.html
+http://www.securityfocus.com/bid/20777/info
+
+--- lib/cgi.rb.orig	Tue Oct 31 11:56:58 2006
++++ lib/cgi.rb	Tue Oct 31 11:59:48 2006
+@@ -1018,7 +1018,7 @@ class CGI
+               else
+                 stdinput.read(content_length)
+               end
+-          if c.nil?
++          if c.nil? || c.empty?
+             raise EOFError, "bad content body"
+           end
+           buf.concat(c)