44e781b1f4
Fix buffer overread vulnerability in StringIO.
(CVE-2024-27280)
Fix RCE vulnerability with .rdoc_options in RDoc.
(CVE-2024-27281)
Fix Arbitrary memory address read vulnerability with Regex search.
(CVE-2024-27282)
Ruby bundled NKF, add appropriate `bundled` provide and test
License review and clarification
Upgrade by merging Fedora changes up to commit:
ff5301a5f3
Resolves: RHEL-37446
Resolves: RHEL-37448
Resolves: RHEL-37449
Resolves: RHEL-37447
25 lines
1.0 KiB
Diff
25 lines
1.0 KiB
Diff
From db4ba95bf12f9303e38a9a78979cd363cb9a19fb Mon Sep 17 00:00:00 2001
|
|
From: Jarek Prokop <jprokop@redhat.com>
|
|
Date: Fri, 12 Jan 2024 18:33:34 +0100
|
|
Subject: [PATCH] aarch64: Prepend -mbranch-protection=standard option when
|
|
checking branch protection.
|
|
|
|
Related Upstream issue: https://bugs.ruby-lang.org/issues/20154
|
|
---
|
|
configure.ac | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 18b4247991..5ea8ada8f7 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -827,7 +827,7 @@ AS_IF([test "$GCC" = yes], [
|
|
|
|
# aarch64 branch protection
|
|
AS_CASE(["$target_cpu"], [aarch64], [
|
|
- AS_FOR(option, opt, [-mbranch-protection=pac-ret -msign-return-address=all], [
|
|
+ AS_FOR(option, opt, [-mbranch-protection=standard -mbranch-protection=pac-ret -msign-return-address=all], [
|
|
RUBY_TRY_CFLAGS(option, [branch_protection=yes], [branch_protection=no])
|
|
AS_IF([test "x$branch_protection" = xyes], [
|
|
# C compiler and assembler must be consistent for -mbranch-protection
|