23b8352956
Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Ruby bundled NKF, add appropriate `bundled` provide and test
License review and clarification
Upgrade by merging Fedora changes up to commit:
ff5301a5f3
Resolves: RHEL-33976
Resolves: RHEL-34130
Resolves: RHEL-34122
Resolves: RHEL-33872
25 lines
819 B
Diff
25 lines
819 B
Diff
From 055613fd868a8c94e43893f8c58a00cdd2a81f6d Mon Sep 17 00:00:00 2001
|
|
From: Nobuyoshi Nakada <nobu@ruby-lang.org>
|
|
Date: Fri, 22 Mar 2024 18:18:35 +0900
|
|
Subject: [PATCH] Fix pointer incompatiblity
|
|
|
|
Since the subsecond part is discarded, WIDEVAL to VALUE conversion is
|
|
needed.
|
|
---
|
|
time.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/time.c b/time.c
|
|
index 6179b081c02fc9..3304b2f4f4856a 100644
|
|
--- a/time.c
|
|
+++ b/time.c
|
|
@@ -2342,7 +2342,7 @@ zone_timelocal(VALUE zone, VALUE time)
|
|
struct time_object *tobj = RTYPEDDATA_GET_DATA(time);
|
|
wideval_t t, s;
|
|
|
|
- split_second(tobj->timew, &t, &s);
|
|
+ wdivmod(tobj->timew, WINT2FIXWV(TIME_SCALE), &t, &s);
|
|
tm = tm_from_time(rb_cTimeTM, time);
|
|
utc = rb_check_funcall(zone, id_local_to_utc, 1, &tm);
|
|
if (UNDEF_P(utc)) return 0;
|