From ff90d9b257af126c445825822e8ae06ea3f36253 Mon Sep 17 00:00:00 2001
From: jasper <jasper@openbsd.org>
Date: Wed, 25 May 2011 18:20:43 +0000
Subject: [PATCH] Security fix for CVE-2011-0188 Ruby BigDecimal Integer
 Truncation Vulnerability

Fix from upstream svn. Only 64-bit hosts are affected.

ok jeremy@ (MAINTAINER)
---
 lang/ruby/1.8/Makefile                        |  4 +++-
 .../patches/patch-ext_bigdecimal_bigdecimal_c | 19 +++++++++++++++++++
 lang/ruby/1.9/Makefile                        |  4 +++-
 .../patches/patch-ext_bigdecimal_bigdecimal_c | 19 +++++++++++++++++++
 4 files changed, 44 insertions(+), 2 deletions(-)
 create mode 100644 lang/ruby/1.8/patches/patch-ext_bigdecimal_bigdecimal_c
 create mode 100644 lang/ruby/1.9/patches/patch-ext_bigdecimal_bigdecimal_c

diff --git a/lang/ruby/1.8/Makefile b/lang/ruby/1.8/Makefile
index 1fea1147781..1d0df950b9f 100644
--- a/lang/ruby/1.8/Makefile
+++ b/lang/ruby/1.8/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.11 2011/03/07 18:57:38 jeremy Exp $
+# $OpenBSD: Makefile,v 1.12 2011/05/25 18:20:43 jasper Exp $
 
 COMMENT-main=		object oriented script language with threads
 COMMENT-iconv=		libiconv interface for ruby
@@ -14,6 +14,8 @@ PKGNAME-iconv=		ruby-iconv-${VERSION}.${PATCHLEVEL}
 PKGNAME-gdbm=		ruby-gdbm-${VERSION}.${PATCHLEVEL}
 PKGNAME-tk=		ruby-tk-${VERSION}.${PATCHLEVEL}
 
+REVISION-main=		0
+
 PKGSPEC-main=		ruby->=1.8,<1.9
 
 CONFIGURE_ARGS=		--program-suffix=18 \
diff --git a/lang/ruby/1.8/patches/patch-ext_bigdecimal_bigdecimal_c b/lang/ruby/1.8/patches/patch-ext_bigdecimal_bigdecimal_c
new file mode 100644
index 00000000000..815cf3880d5
--- /dev/null
+++ b/lang/ruby/1.8/patches/patch-ext_bigdecimal_bigdecimal_c
@@ -0,0 +1,19 @@
+$OpenBSD: patch-ext_bigdecimal_bigdecimal_c,v 1.1 2011/05/25 18:20:43 jasper Exp $
+
+Security fix for CVE-2011-0188
+Ruby BigDecimal Integer Truncation Vulnerability
+
+Fix from upstream svn:
+http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
+
+--- ext/bigdecimal/bigdecimal.c.orig	Wed May 25 19:46:25 2011
++++ ext/bigdecimal/bigdecimal.c	Wed May 25 19:47:42 2011
+@@ -2032,7 +2032,7 @@ static int gnAlloc=0; /* Memory allocation counter */
+ VP_EXPORT void *
+ VpMemAlloc(U_LONG mb)
+ {
+-    void *p = xmalloc((unsigned int)mb);
++    void *p = xmalloc(mb);
+     if(!p) {
+         VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
+     }
diff --git a/lang/ruby/1.9/Makefile b/lang/ruby/1.9/Makefile
index 7153da74085..eda458a77b0 100644
--- a/lang/ruby/1.9/Makefile
+++ b/lang/ruby/1.9/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.12 2011/03/07 18:59:18 jeremy Exp $
+# $OpenBSD: Makefile,v 1.13 2011/05/25 18:20:43 jasper Exp $
 
 COMMENT-main =		object oriented script language with threads
 COMMENT-gdbm =		gdbm interface for Ruby
@@ -15,6 +15,8 @@ PKGNAME-gdbm =		ruby-gdbm-${VERSION}.${PATCHLEVEL}
 PKGNAME-dbm =		ruby-dbm-${VERSION}.${PATCHLEVEL}
 PKGNAME-tk =		ruby-tk-${VERSION}.${PATCHLEVEL}
 
+REVISION-main = 	0
+
 PKGSPEC-main =		ruby->=1.9,<1.10
 
 CONFIGURE_ARGS =	--program-suffix=19 \
diff --git a/lang/ruby/1.9/patches/patch-ext_bigdecimal_bigdecimal_c b/lang/ruby/1.9/patches/patch-ext_bigdecimal_bigdecimal_c
new file mode 100644
index 00000000000..3989fb03432
--- /dev/null
+++ b/lang/ruby/1.9/patches/patch-ext_bigdecimal_bigdecimal_c
@@ -0,0 +1,19 @@
+$OpenBSD: patch-ext_bigdecimal_bigdecimal_c,v 1.1 2011/05/25 18:20:43 jasper Exp $
+
+Security fix for CVE-2011-0188
+Ruby BigDecimal Integer Truncation Vulnerability
+
+Fix from upstream svn:
+http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
+
+--- ext/bigdecimal/bigdecimal.c.orig	Sat May  8 04:07:43 2010
++++ ext/bigdecimal/bigdecimal.c	Wed May 25 19:50:01 2011
+@@ -2123,7 +2123,7 @@ static int gnAlloc=0; /* Memory allocation counter */
+ VP_EXPORT void *
+ VpMemAlloc(U_LONG mb)
+ {
+-    void *p = xmalloc((unsigned int)mb);
++    void *p = xmalloc(mb);
+     if(!p) {
+         VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
+     }