[scarthgap,01/18] ruby: Backport fix for CVE-2024-27282

Message ID	1103182ac9ae5139a5c3d7381007f61c1f7d91a6.1724244509.git.steve@sakoman.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.181, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/18] ruby: Backport fix for CVE-2024-27282 Date: Wed, 21 Aug 2024 05:50:12 -0700 Message-Id: <1103182ac9ae5139a5c3d7381007f61c1f7d91a6.1724244509.git.steve@sakoman.com> In-Reply-To: <cover.1724244509.git.steve@sakoman.com> References: <cover.1724244509.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/18] ruby: Backport fix for CVE-2024-27282 \| expand [scarthgap,01/18] ruby: Backport fix for CVE-2024-27282 [scarthgap,02/18] Tiff: Security fix for CVE-2024-7006 [scarthgap,03/18] go: upgrade 1.22.5 -> 1.22.6 [scarthgap,04/18] llvm: Enable libllvm for native build [scarthgap,05/18] maintainers.inc: add self for unassigned python recipes [scarthgap,06/18] initramfs-framework: fix typos [scarthgap,07/18] os-release: Fix VERSION_CODENAME in case it is empty [scarthgap,08/18] libgfortran.inc: fix nativesdk-libgfortran dependencies [scarthgap,09/18] glibc: fix fortran header file conflict for arm [scarthgap,10/18] gstreamer1.0: disable flaky baseparser tests [scarthgap,11/18] librsvg: don't try to run target code at build time [scarthgap,12/18] populate_sdk_ext.bclass: make sure OECORE_NATIVE_SYSROOT is exported. [scarthgap,13/18] qemuboot: Trigger write_qemuboot_conf task on changes of kernel image realpath [scarthgap,14/18] oeqa/runtime/ssh: add retry logic and sleeps to allow for slower systems [scarthgap,15/18] oeqa/runtime/ssh: In case of failure, show exit code and handle -15 (SIGTERM) [scarthgap,16/18] oeqa/runtime/ssh: check for all errors at the end [scarthgap,17/18] oeqa/selftest/reproducibile: Explicitly list virtual targets [scarthgap,18/18] oeqa/utils/postactions: transfer whole archive over ssh instead of doing individu…

Message ID

1103182ac9ae5139a5c3d7381007f61c1f7d91a6.1724244509.git.steve@sakoman.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 01/18] ruby: Backport fix for CVE-2024-27282
Date: Wed, 21 Aug 2024 05:50:12 -0700
Message-Id: 
 <1103182ac9ae5139a5c3d7381007f61c1f7d91a6.1724244509.git.steve@sakoman.com>
In-Reply-To: <cover.1724244509.git.steve@sakoman.com>
References: <cover.1724244509.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/18] ruby: Backport fix for CVE-2024-27282 | expand

Commit Message

Steve Sakoman Aug. 21, 2024, 12:50 p.m. UTC

From: Ashish Sharma <asharma@mvista.com>

Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]

Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../ruby/ruby/CVE-2024-27282.patch            | 28 +++++++++++++++++++
 meta/recipes-devtools/ruby/ruby_3.2.2.bb      |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
new file mode 100644
index 0000000000..dde7979278
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
@@ -0,0 +1,28 @@ 
+From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 12 Apr 2024 15:01:47 +1000
+Subject: [PATCH] Fix Use-After-Free issue for Regexp
+
+Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
+
+Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
+CVE: CVE-2024-27282
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+
+ regexec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/regexec.c b/regexec.c
+index 73694ab14a0b0a..140691ad42489f 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+     CASE(OP_MEMORY_END_PUSH_REC)  MOP_IN(OP_MEMORY_END_PUSH_REC);
+       GET_MEMNUM_INC(mem, p);
+       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
+-      STACK_PUSH_MEM_END(mem, s);
+       mem_start_stk[mem] = GET_STACK_INDEX(stkp);
++      STACK_PUSH_MEM_END(mem, s);
+       MOP_OUT;
+       JUMP;
+ 
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
index 5c2b07e5e4..f1aff315b7 100644
--- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
@@ -34,6 +34,7 @@  SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
            file://CVE-2023-36617_1.patch \
            file://CVE-2023-36617_2.patch \
            file://CVE-2024-27281.patch \
+           file://CVE-2024-27282.patch \
            "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"

[scarthgap,01/18] ruby: Backport fix for CVE-2024-27282

Commit Message

Patch