git: 3d90d93bd56e - main - lang/ruby32: Add upstream patches to fix recent vulnerabilities
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 17 Apr 2022 04:08:51 UTC
The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=3d90d93bd56ee79ea165afecd38fd9fec6674d26 commit 3d90d93bd56ee79ea165afecd38fd9fec6674d26 Author: Yasuhiro Kimura <yasu@FreeBSD.org> AuthorDate: 2022-04-17 02:18:12 +0000 Commit: Yasuhiro Kimura <yasu@FreeBSD.org> CommitDate: 2022-04-17 04:07:45 +0000 lang/ruby32: Add upstream patches to fix recent vulnerabilities PR: 263357 Approved by: sunpoet (ruby@) Security: f22144d7-bad1-11ec-9cfe-0800270512f4 Security: 06ed6a49-bad4-11ec-9cfe-0800270512f4 --- Mk/bsd.ruby.mk | 2 +- lang/ruby32/files/patch-CVE-2022-28738 | 66 ++++++++++++++++++++++++++++++++++ lang/ruby32/files/patch-CVE-2022-28739 | 64 +++++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+), 1 deletion(-) diff --git a/Mk/bsd.ruby.mk b/Mk/bsd.ruby.mk index 5471244b4838..1e9286ced1b8 100644 --- a/Mk/bsd.ruby.mk +++ b/Mk/bsd.ruby.mk @@ -162,7 +162,7 @@ RUBY31= "" # PLIST_SUB helpers # Ruby 3.2 # RUBY_DISTVERSION= 3.2.0-preview1 -RUBY_PORTREVISION= 0 +RUBY_PORTREVISION= 1 RUBY_PORTEPOCH= 1 RUBY32= "" # PLIST_SUB helpers diff --git a/lang/ruby32/files/patch-CVE-2022-28738 b/lang/ruby32/files/patch-CVE-2022-28738 new file mode 100644 index 000000000000..79cd2f40b47b --- /dev/null +++ b/lang/ruby32/files/patch-CVE-2022-28738 @@ -0,0 +1,66 @@ +From cf2bbcfff2985c116552967c7c4522f4630f2d18 Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada <nobu@ruby-lang.org> +Date: Fri, 11 Jun 2021 00:06:43 +0900 +Subject: [PATCH 1/2] Just free compiled pattern if no space is used + +https://hackerone.com/reports/1220911 +--- + regcomp.c | 14 ++++++++------ + test/ruby/test_regexp.rb | 9 +++++++++ + 2 files changed, 17 insertions(+), 6 deletions(-) + +diff --git regcomp.c regcomp.c +index 3e65c9d2e3..94640639d8 100644 +--- regcomp.c ++++ regcomp.c +@@ -142,8 +142,13 @@ bitset_on_num(BitSetRef bs) + static void + onig_reg_resize(regex_t *reg) + { +- resize: +- if (reg->alloc > reg->used) { ++ do { ++ if (!reg->used) { ++ xfree(reg->p); ++ reg->alloc = 0; ++ reg->p = 0; ++ } ++ else if (reg->alloc > reg->used) { + unsigned char *new_ptr = xrealloc(reg->p, reg->used); + // Skip the right size optimization if memory allocation fails + if (new_ptr) { +@@ -151,10 +156,7 @@ onig_reg_resize(regex_t *reg) + reg->p = new_ptr; + } + } +- if (reg->chain) { +- reg = reg->chain; +- goto resize; +- } ++ } while ((reg = reg->chain) != 0); + } + + extern int +diff --git test/ruby/test_regexp.rb test/ruby/test_regexp.rb +index 4be6d7bec7..84687c5380 100644 +--- test/ruby/test_regexp.rb ++++ test/ruby/test_regexp.rb +@@ -1431,6 +1431,15 @@ def test_bug18631 + assert_kind_of MatchData, /(?<x>a)(?<x>aa)\k<x>/.match("aaaab") + end + ++ def test_invalid_group ++ assert_separately([], "#{<<-"begin;"}\n#{<<-'end;'}") ++ begin; ++ assert_raise_with_message(RegexpError, /invalid conditional pattern/) do ++ Regexp.new("((?(1)x|x|)x)+") ++ end ++ end; ++ end ++ + # This assertion is for porting x2() tests in testpy.py of Onigmo. + def assert_match_at(re, str, positions, msg = nil) + re = Regexp.new(re) unless re.is_a?(Regexp) +-- +2.35.2 + diff --git a/lang/ruby32/files/patch-CVE-2022-28739 b/lang/ruby32/files/patch-CVE-2022-28739 new file mode 100644 index 000000000000..8de3fa8b434b --- /dev/null +++ b/lang/ruby32/files/patch-CVE-2022-28739 @@ -0,0 +1,64 @@ +From d0a822eec524522d81ffc7da2bb1baf906b0318a Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada <nobu@ruby-lang.org> +Date: Thu, 1 Jul 2021 06:39:17 +0900 +Subject: [PATCH 2/2] Fix dtoa buffer overrun + +https://hackerone.com/reports/1248108 +--- + missing/dtoa.c | 3 ++- + test/ruby/test_float.rb | 18 ++++++++++++++++++ + 2 files changed, 20 insertions(+), 1 deletion(-) + +diff --git missing/dtoa.c missing/dtoa.c +index a940eabd91..b7a8302875 100644 +--- missing/dtoa.c ++++ missing/dtoa.c +@@ -1552,6 +1552,7 @@ break2: + if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0; + if (*s == '0') { + while (*++s == '0'); ++ if (!*s) goto ret; + s1 = strchr(hexdigit, *s); + } + if (s1 != NULL) { +@@ -1574,7 +1575,7 @@ break2: + for (; *s && (s1 = strchr(hexdigit, *s)); ++s) { + adj += aadj * ((s1 - hexdigit) & 15); + if ((aadj /= 16) == 0.0) { +- while (strchr(hexdigit, *++s)); ++ while (*++s && strchr(hexdigit, *s)); + break; + } + } +diff --git test/ruby/test_float.rb test/ruby/test_float.rb +index 4be2cfeeda..57a46fce92 100644 +--- test/ruby/test_float.rb ++++ test/ruby/test_float.rb +@@ -171,6 +171,24 @@ def test_strtod + assert_raise(ArgumentError, n += z + "A") {Float(n)} + assert_raise(ArgumentError, n += z + ".0") {Float(n)} + end ++ ++ x = nil ++ 2000.times do ++ x = Float("0x"+"0"*30) ++ break unless x == 0.0 ++ end ++ assert_equal(0.0, x, ->{"%a" % x}) ++ x = nil ++ 2000.times do ++ begin ++ x = Float("0x1."+"0"*270) ++ rescue ArgumentError => e ++ raise unless /"0x1\.0{270}"/ =~ e.message ++ else ++ break ++ end ++ end ++ assert_nil(x, ->{"%a" % x}) + end + + def test_divmod +-- +2.35.2 +