[gnome-continuous-yocto/gnomeostree-3.28-rocko: 7249/8267] ruby: fix CVE-2017-9224

From: Emmanuele Bassi <ebassi src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 7249/8267] ruby: fix CVE-2017-9224
Date: Sun, 17 Dec 2017 05:59:00 +0000 (UTC)

commit 391127b00291bddba010813f9e033a31290c3b66
Author: Joe Slater <jslater windriver com>
Date:   Wed Aug 16 14:46:11 2017 -0700

    ruby: fix CVE-2017-9224
    
    Use DATA_ENSURE(1) before access.
    
    (From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f)
    
    Signed-off-by: Joe Slater <jslater windriver com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 .../ruby/ruby/ruby-CVE-2017-9224.patch             |   41 ++++++++++++++++++++
 meta/recipes-devtools/ruby/ruby_2.4.1.bb           |    4 ++
 2 files changed, 45 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch 
b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
new file mode 100644
index 0000000..848139b
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9224.patch
@@ -0,0 +1,41 @@
+From 690313a061f7a4fa614ec5cc8368b4f2284e059b Mon Sep 17 00:00:00 2001
+From: "K.Kosako" <kosako sofnec co jp>
+Date: Tue, 23 May 2017 10:28:58 +0900
+Subject: [PATCH] fix #57 : DATA_ENSURE() check must be before data access
+
+---
+ regexec.c |    5 -----
+ 1 file changed, 5 deletions(-)
+
+--- end of original header
+
+CVE: CVE-2017-9224
+
+Context modified so that patch applies for version 2.4.1.
+
+Upstream-Status: Pending
+Signed-off-by: Joe Slater <joe slater windriver com>
+
+
+diff --git a/regexec.c b/regexec.c
+index 35fef11..d4e577d 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -1473,14 +1473,9 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+       NEXT;
+
+     CASE(OP_EXACT1)  MOP_IN(OP_EXACT1);
+-#if 0
+       DATA_ENSURE(1);
+       if (*p != *s) goto fail;
+       p++; s++;
+-#endif
+-      if (*p != *s++) goto fail;
+-      DATA_ENSURE(0);
+-      p++;
+       MOP_OUT;
+       break;
+ 
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.1.bb
index 1d335f1..77e17f1 100644
--- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.4.1.bb
@@ -1,5 +1,9 @@
 require ruby.inc
 
+SRC_URI += " \
+           file://ruby-CVE-2017-9224.patch \
+           "
+
 SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677"
 SRC_URI[sha256sum] = "a330e10d5cb5e53b3a0078326c5731888bb55e32c4abfeb27d9e7f8e5d000250"

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]