lang/ruby32: Add upstream patches to fix recent vulnerabilities
PR: 263357 Approved by: sunpoet (ruby@) Security: f22144d7-bad1-11ec-9cfe-0800270512f4 Security: 06ed6a49-bad4-11ec-9cfe-0800270512f4
This commit is contained in:
Yasuhiro Kimura
parent
a34c2f347e
commit
3d90d93bd5
@ -162,7 +162,7 @@ RUBY31= "" # PLIST_SUB helpers
|
||||
# Ruby 3.2
|
||||
#
|
||||
RUBY_DISTVERSION= 3.2.0-preview1
|
||||
RUBY_PORTREVISION= 0
|
||||
RUBY_PORTREVISION= 1
|
||||
RUBY_PORTEPOCH= 1
|
||||
RUBY32= "" # PLIST_SUB helpers
|
||||
|
||||
|
||||
66
lang/ruby32/files/patch-CVE-2022-28738
Normal file
66
lang/ruby32/files/patch-CVE-2022-28738
Normal file
@ -0,0 +1,66 @@
|
||||
From cf2bbcfff2985c116552967c7c4522f4630f2d18 Mon Sep 17 00:00:00 2001
|
||||
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||
Date: Fri, 11 Jun 2021 00:06:43 +0900
|
||||
Subject: [PATCH 1/2] Just free compiled pattern if no space is used
|
||||
|
||||
https://hackerone.com/reports/1220911
|
||||
---
|
||||
regcomp.c | 14 ++++++++------
|
||||
test/ruby/test_regexp.rb | 9 +++++++++
|
||||
2 files changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git regcomp.c regcomp.c
|
||||
index 3e65c9d2e3..94640639d8 100644
|
||||
--- regcomp.c
|
||||
+++ regcomp.c
|
||||
@@ -142,8 +142,13 @@ bitset_on_num(BitSetRef bs)
|
||||
static void
|
||||
onig_reg_resize(regex_t *reg)
|
||||
{
|
||||
- resize:
|
||||
- if (reg->alloc > reg->used) {
|
||||
+ do {
|
||||
+ if (!reg->used) {
|
||||
+ xfree(reg->p);
|
||||
+ reg->alloc = 0;
|
||||
+ reg->p = 0;
|
||||
+ }
|
||||
+ else if (reg->alloc > reg->used) {
|
||||
unsigned char *new_ptr = xrealloc(reg->p, reg->used);
|
||||
// Skip the right size optimization if memory allocation fails
|
||||
if (new_ptr) {
|
||||
@@ -151,10 +156,7 @@ onig_reg_resize(regex_t *reg)
|
||||
reg->p = new_ptr;
|
||||
}
|
||||
}
|
||||
- if (reg->chain) {
|
||||
- reg = reg->chain;
|
||||
- goto resize;
|
||||
- }
|
||||
+ } while ((reg = reg->chain) != 0);
|
||||
}
|
||||
|
||||
extern int
|
||||
diff --git test/ruby/test_regexp.rb test/ruby/test_regexp.rb
|
||||
index 4be6d7bec7..84687c5380 100644
|
||||
--- test/ruby/test_regexp.rb
|
||||
+++ test/ruby/test_regexp.rb
|
||||
@@ -1431,6 +1431,15 @@ def test_bug18631
|
||||
assert_kind_of MatchData, /(?<x>a)(?<x>aa)\k<x>/.match("aaaab")
|
||||
end
|
||||
|
||||
+ def test_invalid_group
|
||||
+ assert_separately([], "#{<<-"begin;"}\n#{<<-'end;'}")
|
||||
+ begin;
|
||||
+ assert_raise_with_message(RegexpError, /invalid conditional pattern/) do
|
||||
+ Regexp.new("((?(1)x|x|)x)+")
|
||||
+ end
|
||||
+ end;
|
||||
+ end
|
||||
+
|
||||
# This assertion is for porting x2() tests in testpy.py of Onigmo.
|
||||
def assert_match_at(re, str, positions, msg = nil)
|
||||
re = Regexp.new(re) unless re.is_a?(Regexp)
|
||||
--
|
||||
2.35.2
|
||||
|
||||
64
lang/ruby32/files/patch-CVE-2022-28739
Normal file
64
lang/ruby32/files/patch-CVE-2022-28739
Normal file
@ -0,0 +1,64 @@
|
||||
From d0a822eec524522d81ffc7da2bb1baf906b0318a Mon Sep 17 00:00:00 2001
|
||||
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
|
||||
Date: Thu, 1 Jul 2021 06:39:17 +0900
|
||||
Subject: [PATCH 2/2] Fix dtoa buffer overrun
|
||||
|
||||
https://hackerone.com/reports/1248108
|
||||
---
|
||||
missing/dtoa.c | 3 ++-
|
||||
test/ruby/test_float.rb | 18 ++++++++++++++++++
|
||||
2 files changed, 20 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git missing/dtoa.c missing/dtoa.c
|
||||
index a940eabd91..b7a8302875 100644
|
||||
--- missing/dtoa.c
|
||||
+++ missing/dtoa.c
|
||||
@@ -1552,6 +1552,7 @@ break2:
|
||||
if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0;
|
||||
if (*s == '0') {
|
||||
while (*++s == '0');
|
||||
+ if (!*s) goto ret;
|
||||
s1 = strchr(hexdigit, *s);
|
||||
}
|
||||
if (s1 != NULL) {
|
||||
@@ -1574,7 +1575,7 @@ break2:
|
||||
for (; *s && (s1 = strchr(hexdigit, *s)); ++s) {
|
||||
adj += aadj * ((s1 - hexdigit) & 15);
|
||||
if ((aadj /= 16) == 0.0) {
|
||||
- while (strchr(hexdigit, *++s));
|
||||
+ while (*++s && strchr(hexdigit, *s));
|
||||
break;
|
||||
}
|
||||
}
|
||||
diff --git test/ruby/test_float.rb test/ruby/test_float.rb
|
||||
index 4be2cfeeda..57a46fce92 100644
|
||||
--- test/ruby/test_float.rb
|
||||
+++ test/ruby/test_float.rb
|
||||
@@ -171,6 +171,24 @@ def test_strtod
|
||||
assert_raise(ArgumentError, n += z + "A") {Float(n)}
|
||||
assert_raise(ArgumentError, n += z + ".0") {Float(n)}
|
||||
end
|
||||
+
|
||||
+ x = nil
|
||||
+ 2000.times do
|
||||
+ x = Float("0x"+"0"*30)
|
||||
+ break unless x == 0.0
|
||||
+ end
|
||||
+ assert_equal(0.0, x, ->{"%a" % x})
|
||||
+ x = nil
|
||||
+ 2000.times do
|
||||
+ begin
|
||||
+ x = Float("0x1."+"0"*270)
|
||||
+ rescue ArgumentError => e
|
||||
+ raise unless /"0x1\.0{270}"/ =~ e.message
|
||||
+ else
|
||||
+ break
|
||||
+ end
|
||||
+ end
|
||||
+ assert_nil(x, ->{"%a" % x})
|
||||
end
|
||||
|
||||
def test_divmod
|
||||
--
|
||||
2.35.2
|
||||
|
||||
Loading…
Reference in New Issue
Block a user