packages/rubygem-activesupport
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!44 [sync] PR-43: fix CVE-2022-23633

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @jxy_git 
Signed-off-by: @jxy_git
This commit is contained in:
openeuler-ci-bot 2024-06-25 09:07:37 +00:00 committed by Gitee
commit 5de64d1601
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 96 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
CVE-2022-23633.patch Normal file
View File

@ -0,0 +1,79 @@
From d1267768e9f57ebcf86ff7f011aca7fb08e733eb Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron@rubyonrails.org>
Date: Fri, 11 Feb 2022 11:23:01 -0800
Subject: [PATCH] Fix reloader to work with new Executor signature
This is a follow up to [CVE-2022-23633].
---
lib/active_support/reloader.rb | 2 +-
lib/active_support/execution_wrapper.rb | 29 ++++++++++---------
2 file changed, 11 insertion(+), 10 deletion(-)
diff --git a/lib/active_support/reloader.rb b/lib/active_support/reloader.rb
index 2f81cd4..e751866 100644
--- a/lib/active_support/reloader.rb
+++ b/lib/active_support/reloader.rb
@@ -58,7 +58,7 @@ module ActiveSupport
prepare!
end
- def self.run! # :nodoc:
+ def self.run!(reset: false) # :nodoc:
if check!
super
else
diff --git a/lib/active_support/execution_wrapper.rb b/lib/active_support/execution_wrapper.rb
index ca810db584..07c4f435db 100644
--- a/lib/active_support/execution_wrapper.rb
+++ b/lib/active_support/execution_wrapper.rb
@@ -63,18 +63,21 @@ def self.register_hook(hook, outer: false)
# after the work has been performed.
#
# Where possible, prefer +wrap+.
- def self.run!
- if active?
- Null
+ def self.run!(reset: false)
+ if reset
+ lost_instance = active.delete(Thread.current)
+ lost_instance&.complete!
else
- new.tap do |instance|
- success = nil
- begin
- instance.run!
- success = true
- ensure
- instance.complete! unless success
- end
+ return Null if active?
+ end
+
+ new.tap do |instance|
+ success = nil
+ begin
+ instance.run!
+ success = true
+ ensure
+ instance.complete! unless success
end
end
end
@@ -103,11 +106,11 @@ def self.inherited(other) # :nodoc:
self.active = Concurrent::Hash.new
def self.active? # :nodoc:
- @active[Thread.current]
+ @active.key?(Thread.current)
end
def run! # :nodoc:
- self.class.active[Thread.current] = true
+ self.class.active[Thread.current] = self
run_callbacks(:run)
end
--
2.43.0

22
rubygem-activesupport.spec
View File

@ -2,7 +2,7 @@
Name: rubygem-%{gem_name} Name: rubygem-%{gem_name}
Epoch: 1 Epoch: 1
Version: 6.1.4.1 Version: 6.1.4.1
Release: 5 Release: 7
Summary: A support libraries and Ruby core extensions extracted from the Rails framework Summary: A support libraries and Ruby core extensions extracted from the Rails framework
License: MIT License: MIT
URL: http://rubyonrails.org URL: http://rubyonrails.org
@ -13,6 +13,9 @@ Patch0: Add-support-dalli-3.2.2.patch
Patch1: CVE-2023-22796.patch Patch1: CVE-2023-22796.patch
Patch2: CVE-2023-38037.patch Patch2: CVE-2023-38037.patch
Patch3: CVE-2023-38037-test.patch Patch3: CVE-2023-38037-test.patch
# https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb
# https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545
Patch3000: CVE-2022-23633.patch
Requires: rubygem(bigdecimal) rubygem(json) Requires: rubygem(bigdecimal) rubygem(json)
BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder) BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder)
BuildRequires: rubygem(concurrent-ruby) rubygem(connection_pool) rubygem(dalli) BuildRequires: rubygem(concurrent-ruby) rubygem(connection_pool) rubygem(dalli)
@ -39,7 +42,7 @@ pushd %{_builddir}/test
popd popd
%patch1 -p2 %patch1 -p2
%patch2 -p2 %patch2 -p2
%patch3000 -p1
%build %build
gem build ../%{gem_name}-%{version}.gemspec gem build ../%{gem_name}-%{version}.gemspec
@ -87,11 +90,20 @@ popd
%doc %{gem_instdir}/README.rdoc %doc %{gem_instdir}/README.rdoc
%changelog %changelog
* Mon Sep 11 2023 wangkai <13474090681@163.com> - 1:6.1.4.1-5 * Tue Jun 25 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:6.1.4.1-7
- Type:CVES
- ID:CVE-2022-23633
- SUG:NA
- DESC:fix CVE-2022-23633
* Mon Sep 11 2023 wangkai <13474090681@163.com> - 1:6.1.4.1-6
- Fix CVE-2023-38037 - Fix CVE-2023-38037
* Thu Mar 30 2023 caodongxia <caodongxia@h-partners.com> - 1:6.1.4.1-4 * Fri Mar 10 2023 caodongxia <caodongxia@h-partners.com> - 1:6.1.4.1-5
- Fix the self-compilation problem and start memcached as the root user - Rectify the failure to start memcached as the root user
* Thu Mar 9 2023 caodongxia <caodongxia@h-partners.com> - 1:6.1.4.1-4
- Fix the self-compilation problem
* Tue Feb 21 2023 wushaozheng <wushaozheng@ncti-gba.cn> - 1:6.1.4.1-3 * Tue Feb 21 2023 wushaozheng <wushaozheng@ncti-gba.cn> - 1:6.1.4.1-3
- fix CVE-2023-22796 - fix CVE-2023-22796