Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mruby for openSUSE:Factory checked in at 2021-12-16 21:19:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mruby (Old) and /work/SRC/openSUSE:Factory/.mruby.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mruby" Thu Dec 16 21:19:46 2021 rev:2 rq:940902 version:3.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mruby/mruby.changes 2021-05-17 18:45:16.436633982 +0200 +++ /work/SRC/openSUSE:Factory/.mruby.new.2520/mruby.changes 2021-12-16 21:20:59.470559570 +0100 @@ -1,0 +2,5 @@ +Thu Dec 16 11:30:22 UTC 2021 - Ferdinand Thiessen <[email protected]> + +- Added CVE-2021-4110.patch from upstream, fixes boo#1193796 / CVE-2021-4110 + +------------------------------------------------------------------- New: ---- CVE-2021-4110.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mruby.spec ++++++ --- /var/tmp/diff_new_pack.tRN2yo/_old 2021-12-16 21:20:59.842559712 +0100 +++ /var/tmp/diff_new_pack.tRN2yo/_new 2021-12-16 21:20:59.842559712 +0100 @@ -17,6 +17,7 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # + %global _lto_cflags %{_lto_cflags} -ffat-lto-objects Name: mruby @@ -26,7 +27,9 @@ License: MIT Group: Development/Languages/Ruby URL: https://github.com/mruby/mruby/ -Source: %{URL}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz +# PATCH-FIX-UPSTREAM CVE-2021-4110.patch -- https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34 +Patch0: CVE-2021-4110.patch BuildRequires: bison BuildRequires: cmake BuildRequires: pkgconfig @@ -71,7 +74,7 @@ of) the ISO standard. %prep -%setup -q +%autosetup -p1 # Currently broken sed -i 's|conf.enable_debug|# conf.enable_debug|' build_config/host-shared.rb ++++++ CVE-2021-4110.patch ++++++ diff -Nur mruby-3.0.0/include/mruby/proc.h new/include/mruby/proc.h --- mruby-3.0.0/include/mruby/proc.h 2021-03-05 09:07:35.000000000 +0100 +++ new/include/mruby/proc.h 2021-12-16 13:05:19.456367294 +0100 @@ -90,7 +90,7 @@ struct RProc *mrb_closure_new(mrb_state*, const mrb_irep*); MRB_API struct RProc *mrb_proc_new_cfunc(mrb_state*, mrb_func_t); MRB_API struct RProc *mrb_closure_new_cfunc(mrb_state *mrb, mrb_func_t func, int nlocals); -void mrb_proc_copy(struct RProc *a, struct RProc *b); +void mrb_proc_copy(mrb_state *mrb, struct RProc *a, struct RProc *b); mrb_int mrb_proc_arity(const struct RProc *p); /* following functions are defined in mruby-proc-ext so please include it when using */ diff -Nur mruby-3.0.0/src/class.c new/src/class.c --- mruby-3.0.0/src/class.c 2021-03-05 09:07:35.000000000 +0100 +++ new/src/class.c 2021-12-16 13:07:55.280492289 +0100 @@ -2511,7 +2511,7 @@ mrb_raise(mrb, E_ARGUMENT_ERROR, "no block given"); } p = (struct RProc*)mrb_obj_alloc(mrb, MRB_TT_PROC, mrb->proc_class); - mrb_proc_copy(p, mrb_proc_ptr(blk)); + mrb_proc_copy(mrb, p, mrb_proc_ptr(blk)); p->flags |= MRB_PROC_STRICT; MRB_METHOD_FROM_PROC(m, p); mrb_define_method_raw(mrb, c, mid, m); diff -Nur mruby-3.0.0/src/proc.c new/src/proc.c --- mruby-3.0.0/src/proc.c 2021-03-05 09:07:35.000000000 +0100 +++ new/src/proc.c 2021-12-16 13:07:17.312462000 +0100 @@ -184,7 +184,7 @@ } void -mrb_proc_copy(struct RProc *a, struct RProc *b) +mrb_proc_copy(mrb_state *mrb, struct RProc *a, struct RProc *b) { if (a->body.irep) { /* already initialized proc */ @@ -192,10 +192,10 @@ } a->flags = b->flags; a->body = b->body; + a->upper = b->upper; if (!MRB_PROC_CFUNC_P(a) && a->body.irep) { - mrb_irep_incref(NULL, (mrb_irep*)a->body.irep); + mrb_irep_incref(mrb, (mrb_irep*)a->body.irep); } - a->upper = b->upper; a->e.env = b->e.env; /* a->e.target_class = a->e.target_class; */ } @@ -210,7 +210,7 @@ /* Calling Proc.new without a block is not implemented yet */ mrb_get_args(mrb, "&!", &blk); p = (struct RProc *)mrb_obj_alloc(mrb, MRB_TT_PROC, mrb_class_ptr(proc_class)); - mrb_proc_copy(p, mrb_proc_ptr(blk)); + mrb_proc_copy(mrb, p, mrb_proc_ptr(blk)); proc = mrb_obj_value(p); mrb_funcall_with_block(mrb, proc, MRB_SYM(initialize), 0, NULL, proc); if (!MRB_PROC_STRICT_P(p) && @@ -228,7 +228,7 @@ if (!mrb_proc_p(proc)) { mrb_raise(mrb, E_ARGUMENT_ERROR, "not a proc"); } - mrb_proc_copy(mrb_proc_ptr(self), mrb_proc_ptr(proc)); + mrb_proc_copy(mrb, mrb_proc_ptr(self), mrb_proc_ptr(proc)); return self; } @@ -264,7 +264,7 @@ p = mrb_proc_ptr(blk); if (!MRB_PROC_STRICT_P(p)) { struct RProc *p2 = (struct RProc*)mrb_obj_alloc(mrb, MRB_TT_PROC, p->c); - mrb_proc_copy(p2, p); + mrb_proc_copy(mrb, p2, p); p2->flags |= MRB_PROC_STRICT; return mrb_obj_value(p2); }
