From: Ashish Sharma <[email protected]> Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
Signed-off-by: Ashish Sharma <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> --- .../ruby/ruby/CVE-2024-27282.patch | 28 +++++++++++++++++++ meta/recipes-devtools/ruby/ruby_3.2.2.bb | 1 + 2 files changed, 29 insertions(+) create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch new file mode 100644 index 0000000000..dde7979278 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-27282.patch @@ -0,0 +1,28 @@ +From 989a2355808a63fc45367785c82ffd46d18c900a Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA <[email protected]> +Date: Fri, 12 Apr 2024 15:01:47 +1000 +Subject: [PATCH] Fix Use-After-Free issue for Regexp + +Co-authored-by: Isaac Peka <[email protected]> + +Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a] +CVE: CVE-2024-27282 +Signed-off-by: Ashish Sharma <[email protected]> + + regexec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/regexec.c b/regexec.c +index 73694ab14a0b0a..140691ad42489f 100644 +--- a/regexec.c ++++ b/regexec.c +@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end, + CASE(OP_MEMORY_END_PUSH_REC) MOP_IN(OP_MEMORY_END_PUSH_REC); + GET_MEMNUM_INC(mem, p); + STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */ +- STACK_PUSH_MEM_END(mem, s); + mem_start_stk[mem] = GET_STACK_INDEX(stkp); ++ STACK_PUSH_MEM_END(mem, s); + MOP_OUT; + JUMP; + diff --git a/meta/recipes-devtools/ruby/ruby_3.2.2.bb b/meta/recipes-devtools/ruby/ruby_3.2.2.bb index 5c2b07e5e4..f1aff315b7 100644 --- a/meta/recipes-devtools/ruby/ruby_3.2.2.bb +++ b/meta/recipes-devtools/ruby/ruby_3.2.2.bb @@ -34,6 +34,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://CVE-2023-36617_1.patch \ file://CVE-2023-36617_2.patch \ file://CVE-2024-27281.patch \ + file://CVE-2024-27282.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"; -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203589): https://lists.openembedded.org/g/openembedded-core/message/203589 Mute This Topic: https://lists.openembedded.org/mt/108018425/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
