packages/jruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2023-28756

Browse Source
This commit is contained in:
wk333 2024-01-26 10:46:14 +08:00
parent 8c91455848
commit f1a6f42267
2 changed files with 66 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
CVE-2023-28756.patch Normal file
View File

@ -0,0 +1,61 @@
From 957bb7cb81995f26c671afce0ee50a5c660e540e Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Wed, 29 Mar 2023 13:28:25 +0900
Subject: Merge Time-0.2.2
Origin: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e
---
lib/ruby/1.8/time.rb | 4 ++--
lib/ruby/1.9/time.rb | 4 ++--
lib/ruby/2.0/time.rb | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/lib/ruby/1.8/time.rb b/lib/ruby/1.8/time.rb
index a37a067..a9ef487 100644
--- a/lib/ruby/1.8/time.rb
+++ b/lib/ruby/1.8/time.rb
@@ -265,8 +265,8 @@ class Time
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+
(\d{2,})\s+
(\d{2})\s*
- :\s*(\d{2})\s*
- (?::\s*(\d{2}))?\s+
+ :\s*(\d{2})
+ (?:\s*:\s*(\d\d))?\s+
([+-]\d{4}|
UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date
# Since RFC 2822 permit comments, the regexp has no right anchor.
diff --git a/lib/ruby/1.9/time.rb b/lib/ruby/1.9/time.rb
index 40b28d9..4379be2 100644
--- a/lib/ruby/1.9/time.rb
+++ b/lib/ruby/1.9/time.rb
@@ -320,8 +320,8 @@ class Time
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+
(\d{2,})\s+
(\d{2})\s*
- :\s*(\d{2})\s*
- (?::\s*(\d{2}))?\s+
+ :\s*(\d{2})
+ (?:\s*:\s*(\d\d))?\s+
([+-]\d{4}|
UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date
# Since RFC 2822 permit comments, the regexp has no right anchor.
diff --git a/lib/ruby/2.0/time.rb b/lib/ruby/2.0/time.rb
index 12c2b30..3430410 100644
--- a/lib/ruby/2.0/time.rb
+++ b/lib/ruby/2.0/time.rb
@@ -429,8 +429,8 @@ class Time
(Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec)\s+
(\d{2,})\s+
(\d{2})\s*
- :\s*(\d{2})\s*
- (?::\s*(\d{2}))?\s+
+ :\s*(\d{2})
+ (?:\s*:\s*(\d\d))?\s+
([+-]\d{4}|
UT|GMT|EST|EDT|CST|CDT|MST|MDT|PST|PDT|[A-IK-Z])/ix =~ date
# Since RFC 2822 permit comments, the regexp has no right anchor.
--
2.33.0

6
jruby.spec
View File

@ -3,7 +3,7 @@
%global rubygems_dir %{_datadir}/rubygems %global rubygems_dir %{_datadir}/rubygems
Name: jruby Name: jruby
Version: 1.7.22 Version: 1.7.22
Release: 3 Release: 4
Summary: Pure Java implementation of the Ruby interpreter Summary: Pure Java implementation of the Ruby interpreter
License: (CPL or GPLv2+ or LGPLv2+) and BSD and (GPLv2 or Ruby) and (BSD or Ruby) License: (CPL or GPLv2+ or LGPLv2+) and BSD and (GPLv2 or Ruby) and (BSD or Ruby)
URL: http://jruby.org URL: http://jruby.org
@ -13,6 +13,7 @@ Patch1: jruby-include-unbundled-jansi.patch
Patch2: jruby-remove-rubygems-dirs-definition.patch Patch2: jruby-remove-rubygems-dirs-definition.patch
Patch3: jruby-snakeyaml-1.16.patch Patch3: jruby-snakeyaml-1.16.patch
Patch4: jruby-snakeyaml-1.20.patch Patch4: jruby-snakeyaml-1.20.patch
Patch5: CVE-2023-28756.patch
BuildRequires: maven-local mvn(bsf:bsf) mvn(com.github.jnr:jffi) BuildRequires: maven-local mvn(bsf:bsf) mvn(com.github.jnr:jffi)
BuildRequires: mvn(com.github.jnr:jffi::native:) mvn(com.github.jnr:jnr-constants) BuildRequires: mvn(com.github.jnr:jffi::native:) mvn(com.github.jnr:jnr-constants)
BuildRequires: mvn(com.github.jnr:jnr-enxio) mvn(com.github.jnr:jnr-ffi) BuildRequires: mvn(com.github.jnr:jnr-enxio) mvn(com.github.jnr:jnr-ffi)
@ -136,6 +137,9 @@ EOF
%doc COPYING LICENSE.RUBY LEGAL %doc COPYING LICENSE.RUBY LEGAL
%changelog %changelog
* Fri Jan 26 2024 wangkai <13474090681@163.com> - 1.7.22-4
- Fix CVE-2023-28756
* Fri May 19 2023 Ge Wang <wang__ge@126.com> - 1.7.22-3 * Fri May 19 2023 Ge Wang <wang__ge@126.com> - 1.7.22-3
- Add install dependency base64coder - Add install dependency base64coder