ruby/ruby-2.7.0-Initialize-ABRT-hook.patch
Jarek Prokop 9cc2902e69 Upgrade to Ruby 3.3.5.
Fix DoS vulnerability in rexml.
(CVE-2024-39908)
(CVE-2024-41946)
(CVE-2024-43398)

Fix REXML DoS when parsing an XML having many specific characters such as
whitespace character, >] and ]>.
(CVE-2024-41123)

Upgrade by merging Fedora changes up to commit:
b7e197fb88

Exclude:
- Generate RPM dependencies with RPM 4.20 API
  6bed1e3bd5
We don't have new enough RPM.

Resolves: RHEL-59035
Resolves: RHEL-57047
Resolves: RHEL-57059
Resolves: RHEL-57070
Resolves: RHEL-52802
2024-09-17 17:42:49 +02:00

89 lines
2.7 KiB
Diff

From eca084e4079c77c061045df9c21b219175b05228 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
Date: Mon, 6 Jan 2020 13:56:04 +0100
Subject: [PATCH] Initialize ABRT hook.
The ABRT hook used to be initialized by preludes via patches [[1], [2]].
Unfortunately, due to [[3]] and especially since [[4]], this would
require boostrapping [[5]].
To keep the things simple for now, load the ABRT hook via C.
[1]: https://bugs.ruby-lang.org/issues/8566
[2]: https://bugs.ruby-lang.org/issues/15306
[3]: https://bugs.ruby-lang.org/issues/16254
[4]: https://github.com/ruby/ruby/pull/2735
[5]: https://lists.fedoraproject.org/archives/list/ruby-sig@lists.fedoraproject.org/message/LH6L6YJOYQT4Y5ZNOO4SLIPTUWZ5V45Q/
---
abrt.c | 12 ++++++++++++
common.mk | 3 ++-
ruby.c | 4 ++++
spec/ruby/core/kernel/require_spec.rb | 2 ++
4 files changed, 20 insertions(+), 1 deletion(-)
create mode 100644 abrt.c
diff --git a/abrt.c b/abrt.c
new file mode 100644
index 0000000000..74b0bd5c0f
--- /dev/null
+++ b/abrt.c
@@ -0,0 +1,12 @@
+#include "internal.h"
+
+void
+Init_abrt(void)
+{
+ rb_eval_string(
+ " begin\n"
+ " require 'abrt'\n"
+ " rescue LoadError\n"
+ " end\n"
+ );
+}
diff --git a/common.mk b/common.mk
index b2e5b2b6d0..f39f81da5c 100644
--- a/common.mk
+++ b/common.mk
@@ -111,7 +111,8 @@ PRISM_FILES = prism/api_node.$(OBJEXT) \
prism/prism.$(OBJEXT) \
prism_init.$(OBJEXT)
-COMMONOBJS = array.$(OBJEXT) \
+COMMONOBJS = abrt.$(OBJEXT) \
+ array.$(OBJEXT) \
ast.$(OBJEXT) \
bignum.$(OBJEXT) \
class.$(OBJEXT) \
diff --git a/ruby.c b/ruby.c
index 60c57d6259..1eec16f2c8 100644
--- a/ruby.c
+++ b/ruby.c
@@ -1722,10 +1722,14 @@ proc_options(long argc, char **argv, ruby_cmdline_options_t *opt, int envopt)
void Init_builtin_features(void);
+/* abrt.c */
+void Init_abrt(void);
+
static void
ruby_init_prelude(void)
{
Init_builtin_features();
+ Init_abrt();
rb_const_remove(rb_cObject, rb_intern_const("TMP_RUBY_PREFIX"));
}
diff --git a/spec/ruby/core/kernel/require_spec.rb b/spec/ruby/core/kernel/require_spec.rb
index 60c57d6259..1eec16f2c8 100644
--- a/spec/ruby/core/kernel/require_spec.rb
+++ b/spec/ruby/core/kernel/require_spec.rb
@@ -25,6 +25,8 @@
out = ruby_exe("puts $LOADED_FEATURES", options: '--disable-gems --disable-did-you-mean')
features = out.lines.map { |line| File.basename(line.chomp, '.*') }
+ # Ignore ABRT
+ features -= %w[abrt]
# Ignore CRuby internals
features -= %w[encdb transdb windows_1252]
features.reject! { |feature| feature.end_with?('-fake') }