Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Dear Release Team,
The Security Team suggested fixing the TEMP-0678512-2E167C [1] security
issue through a point release.
The issue is a remotely triggerable crash due to stack overflow.
Please see the debdiff attached.
The fix for Wheezy which is very similar was discussed [2] on the Wheezy
LTS list.
Cheers,
Balint
[1] https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C
[2] https://lists.debian.org/debian-lts/2016/06/msg00141.html
diff -Nru ruby-eventmachine-1.0.3/debian/changelog ruby-eventmachine-1.0.3/debian/changelog
--- ruby-eventmachine-1.0.3/debian/changelog 2014-04-07 00:34:46.0 +0200
+++ ruby-eventmachine-1.0.3/debian/changelog 2016-07-04 22:00:03.0 +0200
@@ -1,3 +1,12 @@
+ruby-eventmachine (1.0.3-6+deb8u1) stable; urgency=medium
+
+ * Team upload
+ * Fix remotely triggerable crash due to FD handling
+(Closes: #678512, #696015)
+ * Fix memory leak caused when fixing crash
+
+ -- Balint Reczey Mon, 04 Jul 2016 21:48:06 +0200
+
ruby-eventmachine (1.0.3-6) unstable; urgency=low
* Bump gem2deb build dependency to 0.7.5~
diff -Nru ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch
--- ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch 1970-01-01 01:00:00.0 +0100
+++ ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch 2016-07-04 22:00:03.0 +0200
@@ -0,0 +1,217 @@
+From eab3baaba75c8c9e549aea54d3b356ab287a57b0 Mon Sep 17 00:00:00 2001
+From: Patrick Reynolds
+Date: Tue, 11 Mar 2014 16:01:25 -0500
+Subject: [PATCH 1/3] use ruby select api with expandable fd sets
+
+Conflicts:
+ ext/em.h
+---
+ ext/em.cpp | 54 +-
+ ext/em.h | 10 +-
+ tests/test_many_fds.rb | 22
+ 3 files changed, 54 insertions(+), 32 deletions(-)
+ create mode 100644 tests/test_many_fds.rb
+
+diff --git a/ext/em.cpp b/ext/em.cpp
+index 670da31..6a3a2ef 100644
+--- a/ext/em.cpp
b/ext/em.cpp
+@@ -524,12 +524,12 @@ void EventMachine_t::_RunEpollOnce()
+ #ifdef HAVE_RB_WAIT_FOR_SINGLE_FD
+ if ((ret = rb_wait_for_single_fd(epfd, RB_WAITFD_IN|RB_WAITFD_PRI, )) < 1) {
+ #else
+- fd_set fdreads;
++ rb_fdset_t fdreads;
+
+- FD_ZERO();
+- FD_SET(epfd, );
++ rb_fd_init();
++ rb_fd_set(epfd, );
+
+- if ((ret = rb_thread_select(epfd + 1, , NULL, NULL, )) < 1) {
++ if ((ret = rb_thread_fd_select(epfd + 1, , NULL, NULL, )) < 1) {
+ #endif
+ if (ret == -1) {
+ assert(errno != EINVAL);
+@@ -601,12 +601,12 @@ void EventMachine_t::_RunKqueueOnce()
+ #ifdef HAVE_RB_WAIT_FOR_SINGLE_FD
+ if ((ret = rb_wait_for_single_fd(kqfd, RB_WAITFD_IN|RB_WAITFD_PRI, )) < 1) {
+ #else
+- fd_set fdreads;
++ rb_fdset_t fdreads;
+
+- FD_ZERO();
+- FD_SET(kqfd, );
++ rb_fd_init();
++ rb_fd_set(kqfd, );
+
+- if ((ret = rb_thread_select(kqfd + 1, , NULL, NULL, )) < 1) {
++ if ((ret = rb_thread_fd_select(kqfd + 1, , NULL, NULL, )) < 1) {
+ #endif
+ if (ret == -1) {
+ assert(errno != EINVAL);
+@@ -792,9 +792,9 @@ SelectData_t::SelectData_t
+ SelectData_t::SelectData_t()
+ {
+ maxsocket = 0;
+- FD_ZERO ();
+- FD_ZERO ();
+- FD_ZERO ();
++ rb_fd_init ();
++ rb_fd_init ();
++ rb_fd_init ();
+ }
+
+
+@@ -807,7 +807,7 @@ _SelectDataSelect
+ static VALUE _SelectDataSelect (void *v)
+ {
+ SelectData_t *sd = (SelectData_t*)v;
+- sd->nSockets = select (sd->maxsocket+1, &(sd->fdreads), &(sd->fdwrites), &(sd->fderrors), &(sd->tv));
++ sd->nSockets = rb_fd_select (sd->maxsocket+1, &(sd->fdreads), &(sd->fdwrites), &(sd->fderrors), &(sd->tv));
+ return Qnil;
+ }
+ #endif
+@@ -848,9 +848,9 @@ void EventMachine_t::_RunSelectOnce()
+
+ SelectData_t SelectData;
+ /*
+- fd_set fdreads, fdwrites;
+- FD_ZERO ();
+- FD_ZERO ();
++ rb_fdset_t fdreads, fdwrites;
++ rb_fd_init ();
++ rb_fd_init ();
+
+ int maxsocket = 0;
+ */
+@@ -860,7 +860,7 @@ void EventMachine_t::_RunSelectOnce()
+ // running on localhost with a randomly-chosen port. (*Puke*)
+ // Windows has a version of the Unix pipe() library function, but it doesn't
+ // give you back descriptors that are selectable.
+- FD_SET (LoopBreakerReader, &(SelectData.fdreads));
++ rb_fd_set (LoopBreakerReader, &(SelectData.fdreads));
+ if (SelectData.maxsocket < LoopBreakerReader)
+ SelectData.maxsocket = LoopBreakerReader;
+
+@@ -875,15 +875,15 @@ void EventMachine_t::_RunSelectOnce()
+ assert (sd != INVALID_SOCKET);
+
+ if (ed->SelectForRead())
+- FD_SET (sd, &(SelectData.fdreads));
++ rb_fd_set (sd, &(SelectData.fdreads));
+ if (ed->SelectForWrite())
+- FD_SET (sd, &(SelectData.fdwrites));
++ rb_fd_set (sd, &(SelectData.fdwrites));
+
+