Security fix for CVE-2011-0188

Ruby BigDecimal Integer Truncation Vulnerability Fix from upstream svn. Only 64-bit hosts are affected. ok jeremy@ (MAINTAINER)
2011-05-25 18:20:43 +00:00 · 2011-05-25 18:20:43 +00:00 · ff90d9b257
commit ff90d9b257
parent 7f28ff4237
4 changed files with 44 additions and 2 deletions
--- a/lang/ruby/1.8/Makefile
+++ b/lang/ruby/1.8/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.11 2011/03/07 18:57:38 jeremy Exp $
+# $OpenBSD: Makefile,v 1.12 2011/05/25 18:20:43 jasper Exp $

 COMMENT-main=		object oriented script language with threads
 COMMENT-iconv=		libiconv interface for ruby
@ -14,6 +14,8 @@ PKGNAME-iconv=		ruby-iconv-${VERSION}.${PATCHLEVEL}
 PKGNAME-gdbm=		ruby-gdbm-${VERSION}.${PATCHLEVEL}
 PKGNAME-tk=		ruby-tk-${VERSION}.${PATCHLEVEL}

+REVISION-main=		0
+
 PKGSPEC-main=		ruby->=1.8,<1.9

 CONFIGURE_ARGS=		--program-suffix=18 \
--- a/lang/ruby/1.8/patches/patch-ext_bigdecimal_bigdecimal_c
+++ b/lang/ruby/1.8/patches/patch-ext_bigdecimal_bigdecimal_c
@ -0,0 +1,19 @@
+$OpenBSD: patch-ext_bigdecimal_bigdecimal_c,v 1.1 2011/05/25 18:20:43 jasper Exp $
+
+Security fix for CVE-2011-0188
+Ruby BigDecimal Integer Truncation Vulnerability
+
+Fix from upstream svn:
+http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
+
+--- ext/bigdecimal/bigdecimal.c.orig	Wed May 25 19:46:25 2011
+++ ext/bigdecimal/bigdecimal.c	Wed May 25 19:47:42 2011
+@@ -2032,7 +2032,7 @@ static int gnAlloc=0; /* Memory allocation counter */
+ VP_EXPORT void *
+ VpMemAlloc(U_LONG mb)
+ {
+-    void *p = xmalloc((unsigned int)mb);
+    void *p = xmalloc(mb);
+     if(!p) {
+         VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
+     }
--- a/lang/ruby/1.9/Makefile
+++ b/lang/ruby/1.9/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.12 2011/03/07 18:59:18 jeremy Exp $
+# $OpenBSD: Makefile,v 1.13 2011/05/25 18:20:43 jasper Exp $

 COMMENT-main =		object oriented script language with threads
 COMMENT-gdbm =		gdbm interface for Ruby
@ -15,6 +15,8 @@ PKGNAME-gdbm =		ruby-gdbm-${VERSION}.${PATCHLEVEL}
 PKGNAME-dbm =		ruby-dbm-${VERSION}.${PATCHLEVEL}
 PKGNAME-tk =		ruby-tk-${VERSION}.${PATCHLEVEL}

+REVISION-main = 	0
+
 PKGSPEC-main =		ruby->=1.9,<1.10

 CONFIGURE_ARGS =	--program-suffix=19 \
--- a/lang/ruby/1.9/patches/patch-ext_bigdecimal_bigdecimal_c
+++ b/lang/ruby/1.9/patches/patch-ext_bigdecimal_bigdecimal_c
@ -0,0 +1,19 @@
+$OpenBSD: patch-ext_bigdecimal_bigdecimal_c,v 1.1 2011/05/25 18:20:43 jasper Exp $
+
+Security fix for CVE-2011-0188
+Ruby BigDecimal Integer Truncation Vulnerability
+
+Fix from upstream svn:
+http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
+
+--- ext/bigdecimal/bigdecimal.c.orig	Sat May  8 04:07:43 2010
+++ ext/bigdecimal/bigdecimal.c	Wed May 25 19:50:01 2011
+@@ -2123,7 +2123,7 @@ static int gnAlloc=0; /* Memory allocation counter */
+ VP_EXPORT void *
+ VpMemAlloc(U_LONG mb)
+ {
+-    void *p = xmalloc((unsigned int)mb);
+    void *p = xmalloc(mb);
+     if(!p) {
+         VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
+     }