Security fix for CVE-2011-0188

Ruby BigDecimal Integer Truncation Vulnerability

Fix from upstream svn. Only 64-bit hosts are affected.

ok jeremy@ (MAINTAINER)
This commit is contained in:
jasper 2011-05-25 18:20:43 +00:00
parent 7f28ff4237
commit ff90d9b257
4 changed files with 44 additions and 2 deletions

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.11 2011/03/07 18:57:38 jeremy Exp $ # $OpenBSD: Makefile,v 1.12 2011/05/25 18:20:43 jasper Exp $
COMMENT-main= object oriented script language with threads COMMENT-main= object oriented script language with threads
COMMENT-iconv= libiconv interface for ruby COMMENT-iconv= libiconv interface for ruby
@ -14,6 +14,8 @@ PKGNAME-iconv= ruby-iconv-${VERSION}.${PATCHLEVEL}
PKGNAME-gdbm= ruby-gdbm-${VERSION}.${PATCHLEVEL} PKGNAME-gdbm= ruby-gdbm-${VERSION}.${PATCHLEVEL}
PKGNAME-tk= ruby-tk-${VERSION}.${PATCHLEVEL} PKGNAME-tk= ruby-tk-${VERSION}.${PATCHLEVEL}
REVISION-main= 0
PKGSPEC-main= ruby->=1.8,<1.9 PKGSPEC-main= ruby->=1.8,<1.9
CONFIGURE_ARGS= --program-suffix=18 \ CONFIGURE_ARGS= --program-suffix=18 \

View File

@ -0,0 +1,19 @@
$OpenBSD: patch-ext_bigdecimal_bigdecimal_c,v 1.1 2011/05/25 18:20:43 jasper Exp $
Security fix for CVE-2011-0188
Ruby BigDecimal Integer Truncation Vulnerability
Fix from upstream svn:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
--- ext/bigdecimal/bigdecimal.c.orig Wed May 25 19:46:25 2011
+++ ext/bigdecimal/bigdecimal.c Wed May 25 19:47:42 2011
@@ -2032,7 +2032,7 @@ static int gnAlloc=0; /* Memory allocation counter */
VP_EXPORT void *
VpMemAlloc(U_LONG mb)
{
- void *p = xmalloc((unsigned int)mb);
+ void *p = xmalloc(mb);
if(!p) {
VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
}

View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.12 2011/03/07 18:59:18 jeremy Exp $ # $OpenBSD: Makefile,v 1.13 2011/05/25 18:20:43 jasper Exp $
COMMENT-main = object oriented script language with threads COMMENT-main = object oriented script language with threads
COMMENT-gdbm = gdbm interface for Ruby COMMENT-gdbm = gdbm interface for Ruby
@ -15,6 +15,8 @@ PKGNAME-gdbm = ruby-gdbm-${VERSION}.${PATCHLEVEL}
PKGNAME-dbm = ruby-dbm-${VERSION}.${PATCHLEVEL} PKGNAME-dbm = ruby-dbm-${VERSION}.${PATCHLEVEL}
PKGNAME-tk = ruby-tk-${VERSION}.${PATCHLEVEL} PKGNAME-tk = ruby-tk-${VERSION}.${PATCHLEVEL}
REVISION-main = 0
PKGSPEC-main = ruby->=1.9,<1.10 PKGSPEC-main = ruby->=1.9,<1.10
CONFIGURE_ARGS = --program-suffix=19 \ CONFIGURE_ARGS = --program-suffix=19 \

View File

@ -0,0 +1,19 @@
$OpenBSD: patch-ext_bigdecimal_bigdecimal_c,v 1.1 2011/05/25 18:20:43 jasper Exp $
Security fix for CVE-2011-0188
Ruby BigDecimal Integer Truncation Vulnerability
Fix from upstream svn:
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=30993
--- ext/bigdecimal/bigdecimal.c.orig Sat May 8 04:07:43 2010
+++ ext/bigdecimal/bigdecimal.c Wed May 25 19:50:01 2011
@@ -2123,7 +2123,7 @@ static int gnAlloc=0; /* Memory allocation counter */
VP_EXPORT void *
VpMemAlloc(U_LONG mb)
{
- void *p = xmalloc((unsigned int)mb);
+ void *p = xmalloc(mb);
if(!p) {
VpException(VP_EXCEPTION_MEMORY,"failed to allocate memory",1);
}