$OpenBSD: patch-eval_c,v 1.1 2008/07/21 09:40:42 bernd Exp $

Fixes multiple security vulnerabilities.
http://secunia.com/advisories/29794/

Patch against ruby-1.8.6p114 from:
http://blog.phusion.nl/assets/r8ee-security-patch-20080623-2.txt

1.8.6-p229 and 1.8.7-p21 will break rails applications.
and
https://launchpad.net/ubuntu/+source/ruby1.8

--- eval.c.orig	Sun Sep 23 02:01:50 2007
+++ eval.c	Tue Jul  1 20:47:08 2008
@@ -8332,16 +8332,25 @@ proc_clone(self)
  * MISSING: documentation
  */
 
+#define PROC_TSHIFT (FL_USHIFT+1)
+#define PROC_TMASK  (FL_USER1|FL_USER2|FL_USER3)
+#define PROC_TMAX   (PROC_TMASK >> PROC_TSHIFT)
+
+static int proc_get_safe_level(VALUE);
+
 static VALUE
 proc_dup(self)
     VALUE self;
 {
     struct BLOCK *orig, *data;
     VALUE bind;
+    int safe = proc_get_safe_level(self);
 
     Data_Get_Struct(self, struct BLOCK, orig);
     bind = Data_Make_Struct(rb_obj_class(self),struct BLOCK,blk_mark,blk_free,data);
     blk_dup(data, orig);
+    if (safe > PROC_TMAX) safe = PROC_TMAX;
+    FL_SET(bind, (safe << PROC_TSHIFT) & PROC_TMASK);
 
     return bind;
 }
@@ -8402,10 +8411,6 @@ rb_f_binding(self)
 
     return bind;
 }
-
-#define PROC_TSHIFT (FL_USHIFT+1)
-#define PROC_TMASK  (FL_USER1|FL_USER2|FL_USER3)
-#define PROC_TMAX   (PROC_TMASK >> PROC_TSHIFT)
 
 #define SAFE_LEVEL_MAX PROC_TMASK