diff options
Diffstat (limited to 'meta')
5 files changed, 170 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch new file mode 100644 index 0000000000..0f2a4307cc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9226.patch | |||
@@ -0,0 +1,41 @@ | |||
1 | From b4bf968ad52afe14e60a2dc8a95d3555c543353a Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Thu, 18 May 2017 17:05:27 +0900 | ||
4 | Subject: [PATCH] fix #55 : check too big code point value for single byte | ||
5 | value in next_state_val() | ||
6 | |||
7 | --- | ||
8 | regparse.c | 3 +++ | ||
9 | 1 file changed, 3 insertions(+) | ||
10 | |||
11 | --- end of original header | ||
12 | |||
13 | CVE: CVE-2017-9226 | ||
14 | |||
15 | Add check for octal number bigger than 255. | ||
16 | |||
17 | Upstream-Status: Pending | ||
18 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
19 | |||
20 | |||
21 | --- ruby-2.4.1.orig/regparse.c | ||
22 | +++ ruby-2.4.1/regparse.c | ||
23 | @@ -3644,7 +3644,7 @@ fetch_token(OnigToken* tok, UChar** src, | ||
24 | if (IS_SYNTAX_OP(syn, ONIG_SYN_OP_ESC_OCTAL3)) { | ||
25 | prev = p; | ||
26 | num = scan_unsigned_octal_number(&p, end, (c == '0' ? 2:3), enc); | ||
27 | - if (num < 0) return ONIGERR_TOO_BIG_NUMBER; | ||
28 | + if (num < 0 || 0xff < num) return ONIGERR_TOO_BIG_NUMBER; | ||
29 | if (p == prev) { /* can't read nothing. */ | ||
30 | num = 0; /* but, it's not error */ | ||
31 | } | ||
32 | @@ -4450,6 +4450,9 @@ next_state_val(CClassNode* cc, CClassNod | ||
33 | switch (*state) { | ||
34 | case CCS_VALUE: | ||
35 | if (*type == CCV_SB) { | ||
36 | + if (*vs > 0xff) | ||
37 | + return ONIGERR_INVALID_CODE_POINT_VALUE; | ||
38 | + | ||
39 | BITSET_SET_BIT_CHKDUP(cc->bs, (int )(*vs)); | ||
40 | if (IS_NOT_NULL(asc_cc)) | ||
41 | BITSET_SET_BIT(asc_cc->bs, (int )(*vs)); | ||
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch new file mode 100644 index 0000000000..85e7ccb369 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9227.patch | |||
@@ -0,0 +1,32 @@ | |||
1 | From 9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Tue, 23 May 2017 16:15:35 +0900 | ||
4 | Subject: [PATCH] fix #58 : access to invalid address by reg->dmin value | ||
5 | |||
6 | --- | ||
7 | regexec.c | 2 ++ | ||
8 | 1 file changed, 2 insertions(+) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9227 | ||
13 | |||
14 | Upstream-Status: Inappropriate [not author] | ||
15 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
16 | |||
17 | diff --git a/regexec.c b/regexec.c | ||
18 | index d4e577d..2fa0f3d 100644 | ||
19 | --- a/regexec.c | ||
20 | +++ b/regexec.c | ||
21 | @@ -3154,6 +3154,8 @@ forward_search_range(regex_t* reg, const UChar* str, const UChar* end, UChar* s, | ||
22 | } | ||
23 | else { | ||
24 | UChar *q = p + reg->dmin; | ||
25 | + | ||
26 | + if (q >= end) return 0; /* fail */ | ||
27 | while (p < q) p += enclen(reg->enc, p, end); | ||
28 | } | ||
29 | } | ||
30 | -- | ||
31 | 1.7.9.5 | ||
32 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch new file mode 100644 index 0000000000..d8bfba486c --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9228.patch | |||
@@ -0,0 +1,34 @@ | |||
1 | From 3b63d12038c8d8fc278e81c942fa9bec7c704c8b Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Wed, 24 May 2017 13:43:25 +0900 | ||
4 | Subject: [PATCH] fix #60 : invalid state(CCS_VALUE) in parse_char_class() | ||
5 | |||
6 | --- | ||
7 | regparse.c | 4 +++- | ||
8 | 1 file changed, 3 insertions(+), 1 deletion(-) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9228 | ||
13 | |||
14 | Upstream-Status: Inappropriate [not author] | ||
15 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
16 | |||
17 | diff --git a/regparse.c b/regparse.c | ||
18 | index 69875fa..1988747 100644 | ||
19 | --- a/regparse.c | ||
20 | +++ b/regparse.c | ||
21 | @@ -4081,7 +4081,9 @@ next_state_class(CClassNode* cc, OnigCodePoint* vs, enum CCVALTYPE* type, | ||
22 | } | ||
23 | } | ||
24 | |||
25 | - *state = CCS_VALUE; | ||
26 | + if (*state != CCS_START) | ||
27 | + *state = CCS_VALUE; | ||
28 | + | ||
29 | *type = CCV_CLASS; | ||
30 | return 0; | ||
31 | } | ||
32 | -- | ||
33 | 1.7.9.5 | ||
34 | |||
diff --git a/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch new file mode 100644 index 0000000000..6e765bf6dc --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/ruby-CVE-2017-9229.patch | |||
@@ -0,0 +1,59 @@ | |||
1 | From b690371bbf97794b4a1d3f295d4fb9a8b05d402d Mon Sep 17 00:00:00 2001 | ||
2 | From: "K.Kosako" <kosako@sofnec.co.jp> | ||
3 | Date: Wed, 24 May 2017 10:27:04 +0900 | ||
4 | Subject: [PATCH] fix #59 : access to invalid address by reg->dmax value | ||
5 | |||
6 | --- | ||
7 | regexec.c | 27 +++++++++++++++++---------- | ||
8 | 1 file changed, 17 insertions(+), 10 deletions(-) | ||
9 | |||
10 | --- end of original header | ||
11 | |||
12 | CVE: CVE-2017-9229 | ||
13 | |||
14 | Upstream-Status: Inappropriate [not author] | ||
15 | Signed-off-by: Joe Slater <joe.slater@windriver.com> | ||
16 | |||
17 | diff --git a/regexec.c b/regexec.c | ||
18 | index 49bcc50..c0626ef 100644 | ||
19 | --- a/regexec.c | ||
20 | +++ b/regexec.c | ||
21 | @@ -3756,18 +3756,25 @@ forward_search_range(regex_t* reg, const | ||
22 | } | ||
23 | else { | ||
24 | if (reg->dmax != ONIG_INFINITE_DISTANCE) { | ||
25 | - *low = p - reg->dmax; | ||
26 | - if (*low > s) { | ||
27 | - *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, | ||
28 | - *low, end, (const UChar** )low_prev); | ||
29 | - if (low_prev && IS_NULL(*low_prev)) | ||
30 | - *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
31 | - (pprev ? pprev : s), *low, end); | ||
32 | + if (p - str < reg->dmax) { | ||
33 | + *low = (UChar* )str; | ||
34 | + if (low_prev) | ||
35 | + *low_prev = onigenc_get_prev_char_head(reg->enc, str, *low, end); | ||
36 | } | ||
37 | else { | ||
38 | - if (low_prev) | ||
39 | - *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
40 | - (pprev ? pprev : str), *low, end); | ||
41 | + *low = p - reg->dmax; | ||
42 | + if (*low > s) { | ||
43 | + *low = onigenc_get_right_adjust_char_head_with_prev(reg->enc, s, | ||
44 | + *low, end, (const UChar** )low_prev); | ||
45 | + if (low_prev && IS_NULL(*low_prev)) | ||
46 | + *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
47 | + (pprev ? pprev : s), *low, end); | ||
48 | + } | ||
49 | + else { | ||
50 | + if (low_prev) | ||
51 | + *low_prev = onigenc_get_prev_char_head(reg->enc, | ||
52 | + (pprev ? pprev : str), *low, end); | ||
53 | + } | ||
54 | } | ||
55 | } | ||
56 | } | ||
57 | -- | ||
58 | 1.7.9.5 | ||
59 | |||
diff --git a/meta/recipes-devtools/ruby/ruby_2.4.1.bb b/meta/recipes-devtools/ruby/ruby_2.4.1.bb index 77e17f199b..4443146b57 100644 --- a/meta/recipes-devtools/ruby/ruby_2.4.1.bb +++ b/meta/recipes-devtools/ruby/ruby_2.4.1.bb | |||
@@ -2,6 +2,10 @@ require ruby.inc | |||
2 | 2 | ||
3 | SRC_URI += " \ | 3 | SRC_URI += " \ |
4 | file://ruby-CVE-2017-9224.patch \ | 4 | file://ruby-CVE-2017-9224.patch \ |
5 | file://ruby-CVE-2017-9226.patch \ | ||
6 | file://ruby-CVE-2017-9227.patch \ | ||
7 | file://ruby-CVE-2017-9228.patch \ | ||
8 | file://ruby-CVE-2017-9229.patch \ | ||
5 | " | 9 | " |
6 | 10 | ||
7 | SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" | 11 | SRC_URI[md5sum] = "782bca562e474dd25956dd0017d92677" |