packages/ruby
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-27282

Browse Source 
(cherry picked from commit 33df3bedc7822dcfb9aa8ea3cd13e5796828a7dc)
This commit is contained in:
zhoupengcheng 2024-05-06 17:22:19 +08:00 committed by openeuler-sync-bot
parent 66496a658b
commit 41245c9994
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
backport-CVE-2024-27282.patch Normal file
View File

@ -0,0 +1,31 @@
From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Fri, 12 Apr 2024 15:01:47 +1000
Subject: [PATCH] Fix Use-After-Free issue for Regexp
Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
Reference:https://github.com/ruby/rdoc/commit/989a2355808a63fc45367785c82ffd46d18c900a
Conflict:NA
---
regexec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/regexec.c b/regexec.c
index 73694ab14a..140691ad42 100644
--- a/regexec.c
+++ b/regexec.c
@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
CASE(OP_MEMORY_END_PUSH_REC) MOP_IN(OP_MEMORY_END_PUSH_REC);
GET_MEMNUM_INC(mem, p);
STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
- STACK_PUSH_MEM_END(mem, s);
mem_start_stk[mem] = GET_STACK_INDEX(stkp);
+ STACK_PUSH_MEM_END(mem, s);
MOP_OUT;
JUMP;
--
2.33.0

6
ruby.spec
View File

@ -33,7 +33,7 @@
Name: ruby Name: ruby
Version: %{ruby_version} Version: %{ruby_version}
Release: 132 Release: 133
Summary: Object-oriented scripting language interpreter Summary: Object-oriented scripting language interpreter
License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
URL: https://www.ruby-lang.org/en/ URL: https://www.ruby-lang.org/en/
@ -192,6 +192,7 @@ Patch6020: backport-CVE-2024-27280.patch
Patch6021: backport-0001-CVE-2024-27281.patch Patch6021: backport-0001-CVE-2024-27281.patch
Patch6022: backport-0002-CVE-2024-27281.patch Patch6022: backport-0002-CVE-2024-27281.patch
Patch6023: backport-0003-CVE-2024-27281.patch Patch6023: backport-0003-CVE-2024-27281.patch
Patch6024: backport-CVE-2024-27282.patch
Provides: %{name}-libs = %{version}-%{release} Provides: %{name}-libs = %{version}-%{release}
Obsoletes: %{name}-libs < %{version}-%{release} Obsoletes: %{name}-libs < %{version}-%{release}
@ -1190,6 +1191,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
%doc %{gem_dir}/gems/typeprof-%{typeprof_version}/testbed %doc %{gem_dir}/gems/typeprof-%{typeprof_version}/testbed
%changelog %changelog
* Mon May 6 2024 zhoupengcheng11 <zhoupengcheng11@huawei.com> - 3.0.3-133
- fix CVE-2024-27282
* Tue Mar 26 2024 shixuantong <shixuantong1@huawei.com> - 3.0.3-132 * Tue Mar 26 2024 shixuantong <shixuantong1@huawei.com> - 3.0.3-132
- fix CVE-2024-27280 and CVE-2024-27281 - fix CVE-2024-27280 and CVE-2024-27281