ruby: Backport fix for CVE-2024-27282

Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a] (From OE-Core rev: 1103182ac9ae5139a5c3d7381007f61c1f7d91a6) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Ashish Sharma <asharma@mvista.com> 2024-08-16 08:56:16 +0530
committer: Steve Sakoman <steve@sakoman.com> 2024-08-26 05:18:43 -0700
commit: 641a256474e235e2dcbdcc6a434fb0822a107908 (patch)
tree: bd15c4bbbdab5a3ee5ebbb1d039d7cebfb724a9a /meta/recipes-devtools/ruby
parent: 5bfb7594c47dfe8bc809a7347e5f2e4df2412fa0 (diff)
download: poky-641a256474e235e2dcbdcc6a434fb0822a107908.tar.gz
2 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
new file mode 100644
index 0000000000..dde7979278
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
@@ -0,0 +1,28 @@
+From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Fri, 12 Apr 2024 15:01:47 +1000
+Subject: [PATCH] Fix Use-After-Free issue for Regexp
+Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
+Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
+CVE: CVE-2024-27282
+Signed-off-by: Ashish Sharma <asharma@mvista.com>
+ regexec.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/regexec.c b/regexec.c
+index 73694ab14a0b0a..140691ad42489f 100644
+--- a/regexec.c
+++ b/regexec.c
+@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+     CASE(OP_MEMORY_END_PUSH_REC)  MOP_IN(OP_MEMORY_END_PUSH_REC);
+       GET_MEMNUM_INC(mem, p);
+       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
+-      STACK_PUSH_MEM_END(mem, s);
+       mem_start_stk[mem] = GET_STACK_INDEX(stkp);
+      STACK_PUSH_MEM_END(mem, s);
+       MOP_OUT;
+       JUMP;
+ 
diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
index 5c2b07e5e4..f1aff315b7 100644
--- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
           file://CVE-2023-36617_1.patch \
           file://CVE-2023-36617_2.patch \
           file://CVE-2024-27281.patch \
+           file://CVE-2024-27282.patch \
           "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
author	Ashish Sharma <asharma@mvista.com>	2024-08-16 08:56:16 +0530
committer	Steve Sakoman <steve@sakoman.com>	2024-08-26 05:18:43 -0700
commit	641a256474e235e2dcbdcc6a434fb0822a107908 (patch)
tree	bd15c4bbbdab5a3ee5ebbb1d039d7cebfb724a9a /meta/recipes-devtools/ruby
parent	5bfb7594c47dfe8bc809a7347e5f2e4df2412fa0 (diff)
download	poky-641a256474e235e2dcbdcc6a434fb0822a107908.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch new file mode 100644 index 0000000000..dde7979278 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch
@@ -0,0 +1,28 @@
		1	From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001
		2	From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
		3	Date: Fri, 12 Apr 2024 15:01:47 +1000
		4	Subject: [PATCH] Fix Use-After-Free issue for Regexp
		5
		6	Co-authored-by: Isaac Peka <7493006+isaac-peka@users.noreply.github.com>
		7
		8	Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
		9	CVE: CVE-2024-27282
		10	Signed-off-by: Ashish Sharma <asharma@mvista.com>
		11
		12	regexec.c \| 2 +-
		13	1 file changed, 1 insertion(+), 1 deletion(-)
		14
		15	diff --git a/regexec.c b/regexec.c
		16	index 73694ab14a0b0a..140691ad42489f 100644
		17	--- a/regexec.c
		18	+++ b/regexec.c
		19	@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
		20	CASE(OP_MEMORY_END_PUSH_REC) MOP_IN(OP_MEMORY_END_PUSH_REC);
		21	GET_MEMNUM_INC(mem, p);
		22	STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
		23	- STACK_PUSH_MEM_END(mem, s);
		24	mem_start_stk[mem] = GET_STACK_INDEX(stkp);
		25	+ STACK_PUSH_MEM_END(mem, s);
		26	MOP_OUT;
		27	JUMP;
		28


diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb index 5c2b07e5e4..f1aff315b7 100644 --- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb +++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb
@@ -34,6 +34,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
34	file://CVE-2023-36617_1.patch \	34	file://CVE-2023-36617_1.patch \
35	file://CVE-2023-36617_2.patch \	35	file://CVE-2023-36617_2.patch \
36	file://CVE-2024-27281.patch \	36	file://CVE-2024-27281.patch \
		37	file://CVE-2024-27282.patch \
37	"	38	"
38	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"	39	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
39		40