Upgrade to Ruby 3.1.7.
Fix DoS vulnerability in REXML. (CVE-2024-39908) Fix DoS vulnerability in REXML. (CVE-2024-43398) Resolves: RHEL-55408 Resolves: RHEL-57051 Resolves: RHEL-56002
This commit is contained in:
Jarek Prokop
parent
bfbeb31c75
commit
0cac7598cf
@ -1,128 +0,0 @@
|
||||
From beb0358d90ad77e59cf5d13cc2469de94fe06331 Mon Sep 17 00:00:00 2001
|
||||
From: Sutou Kouhei <kou@clear-code.com>
|
||||
Date: Thu, 15 Sep 2022 07:08:20 +0900
|
||||
Subject: [PATCH] merge revision(s) a4ad6bd9aac564e93219284c912b26a72f9e82fc:
|
||||
|
||||
[ruby/fiddle] closure: free resources when an exception is raised in
|
||||
Closure.new
|
||||
|
||||
GitHub: GH-102
|
||||
|
||||
https://github.com/ruby/fiddle/commit/81a8a56239
|
||||
---
|
||||
ext/fiddle/closure.c | 56 ++++++++++++++++++++++++++++++++++++++++------------
|
||||
1 file changed, 43 insertions(+), 13 deletions(-)
|
||||
---
|
||||
ext/fiddle/closure.c | 56 ++++++++++++++++++++++++++++++++++----------
|
||||
1 file changed, 43 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/ext/fiddle/closure.c b/ext/fiddle/closure.c
|
||||
index 27f448a24f..c08ec5940d 100644
|
||||
--- a/ext/fiddle/closure.c
|
||||
+++ b/ext/fiddle/closure.c
|
||||
@@ -224,9 +224,16 @@ allocate(VALUE klass)
|
||||
return i;
|
||||
}
|
||||
|
||||
+typedef struct {
|
||||
+ VALUE self;
|
||||
+ int argc;
|
||||
+ VALUE *argv;
|
||||
+} initialize_data;
|
||||
+
|
||||
static VALUE
|
||||
-initialize(int rbargc, VALUE argv[], VALUE self)
|
||||
+initialize_body(VALUE user_data)
|
||||
{
|
||||
+ initialize_data *data = (initialize_data *)user_data;
|
||||
VALUE ret;
|
||||
VALUE args;
|
||||
VALUE normalized_args;
|
||||
@@ -237,14 +244,14 @@ initialize(int rbargc, VALUE argv[], VALUE self)
|
||||
ffi_status result;
|
||||
int i, argc;
|
||||
|
||||
- if (2 == rb_scan_args(rbargc, argv, "21", &ret, &args, &abi))
|
||||
- abi = INT2NUM(FFI_DEFAULT_ABI);
|
||||
+ if (2 == rb_scan_args(data->argc, data->argv, "21", &ret, &args, &abi))
|
||||
+ abi = INT2NUM(FFI_DEFAULT_ABI);
|
||||
|
||||
Check_Type(args, T_ARRAY);
|
||||
|
||||
argc = RARRAY_LENINT(args);
|
||||
|
||||
- TypedData_Get_Struct(self, fiddle_closure, &closure_data_type, cl);
|
||||
+ TypedData_Get_Struct(data->self, fiddle_closure, &closure_data_type, cl);
|
||||
|
||||
cl->argv = (ffi_type **)xcalloc(argc + 1, sizeof(ffi_type *));
|
||||
|
||||
@@ -257,8 +264,8 @@ initialize(int rbargc, VALUE argv[], VALUE self)
|
||||
cl->argv[argc] = NULL;
|
||||
|
||||
ret = rb_fiddle_type_ensure(ret);
|
||||
- rb_iv_set(self, "@ctype", ret);
|
||||
- rb_iv_set(self, "@args", normalized_args);
|
||||
+ rb_iv_set(data->self, "@ctype", ret);
|
||||
+ rb_iv_set(data->self, "@args", normalized_args);
|
||||
|
||||
cif = &cl->cif;
|
||||
pcl = cl->pcl;
|
||||
@@ -269,25 +276,48 @@ initialize(int rbargc, VALUE argv[], VALUE self)
|
||||
rb_fiddle_int_to_ffi_type(NUM2INT(ret)),
|
||||
cl->argv);
|
||||
|
||||
- if (FFI_OK != result)
|
||||
- rb_raise(rb_eRuntimeError, "error prepping CIF %d", result);
|
||||
+ if (FFI_OK != result) {
|
||||
+ rb_raise(rb_eRuntimeError, "error prepping CIF %d", result);
|
||||
+ }
|
||||
|
||||
#if USE_FFI_CLOSURE_ALLOC
|
||||
result = ffi_prep_closure_loc(pcl, cif, callback,
|
||||
- (void *)self, cl->code);
|
||||
+ (void *)(data->self), cl->code);
|
||||
#else
|
||||
result = ffi_prep_closure(pcl, cif, callback, (void *)(data->self));
|
||||
cl->code = (void *)pcl;
|
||||
i = mprotect(pcl, sizeof(*pcl), PROT_READ | PROT_EXEC);
|
||||
if (i) {
|
||||
- rb_sys_fail("mprotect");
|
||||
+ rb_sys_fail("mprotect");
|
||||
}
|
||||
#endif
|
||||
|
||||
- if (FFI_OK != result)
|
||||
- rb_raise(rb_eRuntimeError, "error prepping closure %d", result);
|
||||
+ if (FFI_OK != result) {
|
||||
+ rb_raise(rb_eRuntimeError, "error prepping closure %d", result);
|
||||
+ }
|
||||
+
|
||||
+ return data->self;
|
||||
+}
|
||||
|
||||
- return self;
|
||||
+static VALUE
|
||||
+initialize_rescue(VALUE user_data, VALUE exception)
|
||||
+{
|
||||
+ initialize_data *data = (initialize_data *)user_data;
|
||||
+ dealloc(RTYPEDDATA_DATA(data->self));
|
||||
+ RTYPEDDATA_DATA(data->self) = NULL;
|
||||
+ rb_exc_raise(exception);
|
||||
+ return data->self;
|
||||
+}
|
||||
+
|
||||
+static VALUE
|
||||
+initialize(int argc, VALUE *argv, VALUE self)
|
||||
+{
|
||||
+ initialize_data data;
|
||||
+ data.self = self;
|
||||
+ data.argc = argc;
|
||||
+ data.argv = argv;
|
||||
+ return rb_rescue(initialize_body, (VALUE)&data,
|
||||
+ initialize_rescue, (VALUE)&data);
|
||||
}
|
||||
|
||||
static VALUE
|
||||
--
|
||||
2.44.0
|
||||
|
||||
49
ruby.spec
49
ruby.spec
@ -1,6 +1,6 @@
|
||||
%global major_version 3
|
||||
%global minor_version 1
|
||||
%global teeny_version 5
|
||||
%global teeny_version 7
|
||||
%global major_minor_version %{major_version}.%{minor_version}
|
||||
|
||||
%global ruby_version %{major_minor_version}.%{teeny_version}
|
||||
@ -22,7 +22,7 @@
|
||||
%endif
|
||||
|
||||
|
||||
%global release 144
|
||||
%global release 145
|
||||
%{!?release_string:%define release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
|
||||
|
||||
# The RubyGems library has to stay out of Ruby directory tree, since the
|
||||
@ -64,8 +64,8 @@
|
||||
%global power_assert_version 2.0.1
|
||||
%global rake_version 13.0.6
|
||||
%global test_unit_version 3.5.3
|
||||
%global rexml_version 3.2.5
|
||||
%global rss_version 0.2.9
|
||||
%global rexml_version 3.3.9
|
||||
%global rss_version 0.3.1
|
||||
%global net_ftp_version 0.1.4
|
||||
%global net_imap_version 0.2.4
|
||||
%global net_pop_version 0.1.1
|
||||
@ -191,13 +191,6 @@ Patch28: ruby-irb-1.4.1-set-rdoc-soft-dep.patch
|
||||
# https://github.com/ruby/ruby/commit/bffadcd6d46ccfccade79ce0efb60ced8eac4483
|
||||
# https://bugs.ruby-lang.org/issues/19529#note-7
|
||||
Patch29: ruby-3.1.4-Skip-test_compaction_bug_19529-if-compaction-unsupported.patch
|
||||
# Fix fiddle build with libffi versions 3.1 or older.
|
||||
# https://github.com/ruby/ruby/pull/10696
|
||||
# https://bugs.ruby-lang.org/issues/20451
|
||||
Patch30: ruby-fiddle-1.1.1-closure-free-resources.patch
|
||||
# Tests not included, this Ruby release does not include REXML tests.
|
||||
# https://github.com/ruby/rexml/commit/ce59f2eb1aeb371fe1643414f06618dbe031979f
|
||||
Patch31: rubygem-rexml-3.3.9-Fix-ReDoS-CVE-2024-49761.patch
|
||||
|
||||
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
Suggests: rubypick
|
||||
@ -660,14 +653,6 @@ rm -rf ext/fiddle/libffi*
|
||||
%patch27 -p1
|
||||
%patch28 -p1
|
||||
%patch29 -p1
|
||||
%patch30 -p1
|
||||
|
||||
# Instead of adjusting patch's directory, use the following form where
|
||||
# we first enter the correct directory, this allows more general application
|
||||
# accross ruby versions, since we can make use of the %rexml_version macro.
|
||||
pushd ".bundle/gems/rexml-%{rexml_version}/"
|
||||
%patch31 -p1
|
||||
popd
|
||||
|
||||
# Provide an example of usage of the tapset:
|
||||
cp -a %{SOURCE3} .
|
||||
@ -836,6 +821,17 @@ find %{buildroot}%{gem_dir}/extensions/*-%{_target_os}/%{major_minor_version}.*/
|
||||
find %{buildroot}%{gem_dir}/gems/*/ext -maxdepth 0 -exec rm -rf '{}' +
|
||||
find %{buildroot}%{gem_dir}/gems/*/lib -name \*.so -delete
|
||||
|
||||
# Bundled gems with extensions leave behind an exts.mk that gets installed
|
||||
# into their final directory. The file is not needed nor expected after build.
|
||||
# Follow the state of other gems that also create exts.mk but do not install
|
||||
# them. Therefore delete the files.
|
||||
# Otherwise rpmbuild will complain with the following:
|
||||
# Fixes:
|
||||
# error: Installed (but unpackaged) file(s) found:
|
||||
# /usr/share/gems/gems/debug-1.6.3/exts.mk
|
||||
# /usr/share/gems/gems/rbs-2.7.0/exts.mk
|
||||
find %{buildroot}%{gem_dir}/gems -name 'exts.mk' -exec rm '{}' \;
|
||||
|
||||
# Move man pages into proper location
|
||||
mkdir -p %{buildroot}%{_mandir}/man{1,5}
|
||||
mv %{buildroot}%{gem_dir}/gems/rake-%{rake_version}/doc/rake.1 %{buildroot}%{_mandir}/man1
|
||||
@ -1256,7 +1252,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/"
|
||||
%{gem_dir}/specifications/default/abbrev-0.1.0.gemspec
|
||||
%{gem_dir}/specifications/default/base64-0.1.1.gemspec
|
||||
%{gem_dir}/specifications/default/benchmark-0.2.0.gemspec
|
||||
%{gem_dir}/specifications/default/cgi-0.3.6.gemspec
|
||||
%{gem_dir}/specifications/default/cgi-0.3.7.gemspec
|
||||
%{gem_dir}/specifications/default/csv-3.2.5.gemspec
|
||||
%{gem_dir}/specifications/default/date-3.2.2.gemspec
|
||||
%{gem_dir}/specifications/default/delegate-0.2.0.gemspec
|
||||
@ -1312,7 +1308,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/"
|
||||
%{gem_dir}/specifications/default/tmpdir-0.1.2.gemspec
|
||||
%{gem_dir}/specifications/default/tsort-0.1.0.gemspec
|
||||
%{gem_dir}/specifications/default/un-0.2.0.gemspec
|
||||
%{gem_dir}/specifications/default/uri-0.12.2.gemspec
|
||||
%{gem_dir}/specifications/default/uri-0.12.4.gemspec
|
||||
%{gem_dir}/specifications/default/weakref-0.1.1.gemspec
|
||||
#%%{gem_dir}/specifications/default/win32ole-1.8.8.gemspec
|
||||
%{gem_dir}/specifications/default/yaml-0.2.0.gemspec
|
||||
@ -1531,10 +1527,7 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/"
|
||||
%doc %{gem_dir}/gems/rss-%{rss_version}/NEWS.md
|
||||
%{gem_dir}/gems/rss-%{rss_version}/lib
|
||||
%{gem_dir}/specifications/rss-%{rss_version}.gemspec
|
||||
%doc %{gem_dir}/gems/rss-%{rss_version}/Gemfile
|
||||
%doc %{gem_dir}/gems/rss-%{rss_version}/README.md
|
||||
%doc %{gem_dir}/gems/rss-%{rss_version}/Rakefile
|
||||
%doc %{gem_dir}/gems/rss-%{rss_version}/test
|
||||
|
||||
%files -n rubygem-typeprof
|
||||
%dir %{gem_dir}/gems/typeprof-%{typeprof_version}
|
||||
@ -1552,6 +1545,14 @@ DISABLE_TESTS="$DISABLE_TESTS -n !/TestBundledCA/"
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Mar 27 2025 Jarek Prokop <jprokop@redhat.com> - 3.1.7-145
|
||||
- Upgrade to Ruby 3.1.7.
|
||||
Resolves: RHEL-55408
|
||||
- Fix DoS vulnerability in REXML. (CVE-2024-39908)
|
||||
Resolves: RHEL-57051
|
||||
- Fix DoS vulnerability in REXML. (CVE-2024-43398)
|
||||
Resolves: RHEL-56002
|
||||
|
||||
* Tue Nov 26 2024 Jarek Prokop <jprokop@redhat.com> - 3.1.5-144
|
||||
- Fix REXML ReDoS vulnerability. (CVE-2024-49761)
|
||||
Resolves: RHEL-68520
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From ce59f2eb1aeb371fe1643414f06618dbe031979f Mon Sep 17 00:00:00 2001
|
||||
From: Sutou Kouhei <kou@clear-code.com>
|
||||
Date: Thu, 24 Oct 2024 14:45:31 +0900
|
||||
Subject: [PATCH] parser: fix a bug that �x...; is accepted as a character
|
||||
reference
|
||||
|
||||
---
|
||||
lib/rexml/parsers/baseparser.rb | 10 +++++++---
|
||||
test/parse/test_character_reference.rb | 6 ++++++
|
||||
2 files changed, 13 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/lib/rexml/parsers/baseparser.rb b/lib/rexml/parsers/baseparser.rb
|
||||
index 7bd8adf..b4547ba 100644
|
||||
--- a/lib/rexml/parsers/baseparser.rb
|
||||
+++ b/lib/rexml/parsers/baseparser.rb
|
||||
@@ -469,8 +469,12 @@ def unnormalize( string, entities=nil, filter=nil )
|
||||
return rv if matches.size == 0
|
||||
- rv.gsub!( /�*((?:\d+)|(?:x[a-fA-F0-9]+));/ ) {
|
||||
+ rv.gsub!( /&#((?:\d+)|(?:x[a-fA-F0-9]+));/ ) {
|
||||
m=$1
|
||||
- m = "0#{m}" if m[0] == ?x
|
||||
- [Integer(m)].pack('U*')
|
||||
+ if m.start_with?("x")
|
||||
+ code_point = Integer(m[1..-1], 16)
|
||||
+ else
|
||||
+ code_point = Integer(m, 10)
|
||||
+ end
|
||||
+ [code_point].pack('U*')
|
||||
}
|
||||
matches.collect!{|x|x[0]}.compact!
|
||||
if matches.size > 0
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (ruby-3.1.5.tar.xz) = a9883f4d074825bb1f54ef3429a9a71341274bd2de1aa8ea32bce19b6b9c1bac5e5dc4c34a92b8e7caa73ba71d7ed7c546a6fec6f1fd3d8986974dce214f6d49
|
||||
SHA512 (ruby-3.1.7.tar.xz) = 44e013f6e8d159a49125d24eaf02f58e02997fcd7bd4f4370250248c2d3264fb45183e33797638a7d9a2907fb48fe1b46f5f45514d60a800f96bce2c10baca82
|
||||
|
||||
Loading…
Reference in New Issue
Block a user