From: Yogita Urade <yogita.ur...@windriver.com> ruby: RCE vulnerability with .rdoc_options in RDoc
References: https://github.com/ruby/ruby/pull/10316 https://security-tracker.debian.org/tracker/CVE-2024-27281 Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- .../ruby/ruby/CVE-2024-27281.patch | 97 +++++++++++++++++++ meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 + 2 files changed, 98 insertions(+) create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch new file mode 100644 index 0000000000..6f4b35a786 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27281.patch @@ -0,0 +1,97 @@ +From da7a0c7553ef7250ca665a3fecdc01dbaacbb43d Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada <n...@ruby-lang.org> +Date: Mon, 15 Apr 2024 11:40:00 +0000 +Subject: [PATCH] Filter marshaled objets + +CVE: CVE-2024-27281 +Upstream-Status: Backport [https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d] + +Signed-off-by: Yogita Urade <yogita.ur...@windriver.com> +--- + lib/rdoc/store.rb | 45 ++++++++++++++++++++++++++------------------- + 1 file changed, 26 insertions(+), 19 deletions(-) + +diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb +index 5ba671c..c793e49 100644 +--- a/lib/rdoc/store.rb ++++ b/lib/rdoc/store.rb +@@ -556,9 +556,7 @@ class RDoc::Store + def load_cache + #orig_enc = @encoding + +- File.open cache_path, 'rb' do |io| +- @cache = Marshal.load io.read +- end ++ @cache = marshal_load(cache_path) + + load_enc = @cache[:encoding] + +@@ -615,9 +613,7 @@ class RDoc::Store + def load_class_data klass_name + file = class_file klass_name + +- File.open file, 'rb' do |io| +- Marshal.load io.read +- end ++ marshal_load(file) + rescue Errno::ENOENT => e + error = MissingFileError.new(self, file, klass_name) + error.set_backtrace e.backtrace +@@ -630,14 +626,10 @@ class RDoc::Store + def load_method klass_name, method_name + file = method_file klass_name, method_name + +- File.open file, 'rb' do |io| +- obj = Marshal.load io.read +- obj.store = self +- obj.parent = +- find_class_or_module(klass_name) || load_class(klass_name) unless +- obj.parent +- obj +- end ++ obj = marshal_load(file) ++ obj.store = self ++ obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name) ++ obj + rescue Errno::ENOENT => e + error = MissingFileError.new(self, file, klass_name + method_name) + error.set_backtrace e.backtrace +@@ -650,11 +642,9 @@ class RDoc::Store + def load_page page_name + file = page_file page_name + +- File.open file, 'rb' do |io| +- obj = Marshal.load io.read +- obj.store = self +- obj +- end ++ obj = marshal_load(file) ++ obj.store = self ++ obj + rescue Errno::ENOENT => e + error = MissingFileError.new(self, file, page_name) + error.set_backtrace e.backtrace +@@ -976,4 +966,21 @@ class RDoc::Store + @unique_modules + end + ++ private ++ def marshal_load(file) ++ File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)} ++ end ++ ++ MarshalFilter = proc do |obj| ++ case obj ++ when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text ++ else ++ unless obj.class.name.start_with?("RDoc::") ++ raise TypeError, "not permitted class: #{obj.class.name}" ++ end ++ end ++ obj ++ end ++ private_constant :MarshalFilter ++ + end +-- +2.35.5 diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 228a2204db..2ad3c9e207 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -33,6 +33,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://CVE-2023-28755.patch \ file://CVE-2023-36617_1.patch \ file://CVE-2023-36617_2.patch \ + file://CVE-2024-27281.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"; -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#198479): https://lists.openembedded.org/g/openembedded-core/message/198479 Mute This Topic: https://lists.openembedded.org/mt/105585671/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
