Bug#829650: jessie-pu: package ruby-eventmachine/1.0.3-6+deb8u1

[Adam D. Barratt]

Control: tags -1 + pending

On Tue, 2016-07-12 at 21:50 +0100, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Tue, 2016-07-05 at 04:40 +0200, Balint Reczey wrote:
> > The Security Team suggested fixing the TEMP-0678512-2E167C [1] security
> > issue through a point release.
> > 
> > The issue is a remotely triggerable crash due to stack overflow.
> 
> Please go ahead.

Uploaded and flagged for acceptance.

Regards,

Adam

Bug#829650: jessie-pu: package ruby-eventmachine/1.0.3-6+deb8u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Tue, 2016-07-05 at 04:40 +0200, Balint Reczey wrote:
> The Security Team suggested fixing the TEMP-0678512-2E167C [1] security
> issue through a point release.
> 
> The issue is a remotely triggerable crash due to stack overflow.

Please go ahead.

Regards,

Adam

Bug#829650: jessie-pu: package ruby-eventmachine/1.0.3-6+deb8u1

[Balint Reczey]

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu

Dear Release Team,

The Security Team suggested fixing the TEMP-0678512-2E167C [1] security
issue through a point release.

The issue is a remotely triggerable crash due to stack overflow.

Please see the debdiff attached.

The fix for Wheezy which is very similar was discussed [2] on the Wheezy
LTS list.

Cheers,
Balint

[1] https://security-tracker.debian.org/tracker/TEMP-0678512-2E167C
[2] https://lists.debian.org/debian-lts/2016/06/msg00141.html
diff -Nru ruby-eventmachine-1.0.3/debian/changelog ruby-eventmachine-1.0.3/debian/changelog
--- ruby-eventmachine-1.0.3/debian/changelog	2014-04-07 00:34:46.0 +0200
+++ ruby-eventmachine-1.0.3/debian/changelog	2016-07-04 22:00:03.0 +0200
@@ -1,3 +1,12 @@
+ruby-eventmachine (1.0.3-6+deb8u1) stable; urgency=medium
+
+  * Team upload
+  * Fix remotely triggerable crash due to FD handling
+(Closes: #678512, #696015)
+  * Fix memory leak caused when fixing crash
+
+ -- Balint Reczey   Mon, 04 Jul 2016 21:48:06 +0200
+
 ruby-eventmachine (1.0.3-6) unstable; urgency=low
 
   * Bump gem2deb build dependency to 0.7.5~
diff -Nru ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch
--- ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch	1970-01-01 01:00:00.0 +0100
+++ ruby-eventmachine-1.0.3/debian/patches/0001-use-ruby-select-api-with-expandable-fd-sets.patch	2016-07-04 22:00:03.0 +0200
@@ -0,0 +1,217 @@
+From eab3baaba75c8c9e549aea54d3b356ab287a57b0 Mon Sep 17 00:00:00 2001
+From: Patrick Reynolds 
+Date: Tue, 11 Mar 2014 16:01:25 -0500
+Subject: [PATCH 1/3] use ruby select api with expandable fd sets
+
+Conflicts:
+	ext/em.h
+---
+ ext/em.cpp | 54 +-
+ ext/em.h   | 10 +-
+ tests/test_many_fds.rb | 22 
+ 3 files changed, 54 insertions(+), 32 deletions(-)
+ create mode 100644 tests/test_many_fds.rb
+
+diff --git a/ext/em.cpp b/ext/em.cpp
+index 670da31..6a3a2ef 100644
+--- a/ext/em.cpp
 b/ext/em.cpp
+@@ -524,12 +524,12 @@ void EventMachine_t::_RunEpollOnce()
+ 	#ifdef HAVE_RB_WAIT_FOR_SINGLE_FD
+ 	if ((ret = rb_wait_for_single_fd(epfd, RB_WAITFD_IN|RB_WAITFD_PRI, )) < 1) {
+ 	#else
+-	fd_set fdreads;
++	rb_fdset_t fdreads;
+ 
+-	FD_ZERO();
+-	FD_SET(epfd, );
++	rb_fd_init();
++	rb_fd_set(epfd, );
+ 
+-	if ((ret = rb_thread_select(epfd + 1, , NULL, NULL, )) < 1) {
++	if ((ret = rb_thread_fd_select(epfd + 1, , NULL, NULL, )) < 1) {
+ 	#endif
+ 		if (ret == -1) {
+ 			assert(errno != EINVAL);
+@@ -601,12 +601,12 @@ void EventMachine_t::_RunKqueueOnce()
+ 	#ifdef HAVE_RB_WAIT_FOR_SINGLE_FD
+ 	if ((ret = rb_wait_for_single_fd(kqfd, RB_WAITFD_IN|RB_WAITFD_PRI, )) < 1) {
+ 	#else
+-	fd_set fdreads;
++	rb_fdset_t fdreads;
+ 
+-	FD_ZERO();
+-	FD_SET(kqfd, );
++	rb_fd_init();
++	rb_fd_set(kqfd, );
+ 
+-	if ((ret = rb_thread_select(kqfd + 1, , NULL, NULL, )) < 1) {
++	if ((ret = rb_thread_fd_select(kqfd + 1, , NULL, NULL, )) < 1) {
+ 	#endif
+ 		if (ret == -1) {
+ 			assert(errno != EINVAL);
+@@ -792,9 +792,9 @@ SelectData_t::SelectData_t
+ SelectData_t::SelectData_t()
+ {
+ 	maxsocket = 0;
+-	FD_ZERO ();
+-	FD_ZERO ();
+-	FD_ZERO ();
++	rb_fd_init ();
++	rb_fd_init ();
++	rb_fd_init ();
+ }
+ 
+ 
+@@ -807,7 +807,7 @@ _SelectDataSelect
+ static VALUE _SelectDataSelect (void *v)
+ {
+ 	SelectData_t *sd = (SelectData_t*)v;
+-	sd->nSockets = select (sd->maxsocket+1, &(sd->fdreads), &(sd->fdwrites), &(sd->fderrors), &(sd->tv));
++	sd->nSockets = rb_fd_select (sd->maxsocket+1, &(sd->fdreads), &(sd->fdwrites), &(sd->fderrors), &(sd->tv));
+ 	return Qnil;
+ }
+ #endif
+@@ -848,9 +848,9 @@ void EventMachine_t::_RunSelectOnce()
+ 
+ 	SelectData_t SelectData;
+ 	/*
+-	fd_set fdreads, fdwrites;
+-	FD_ZERO ();
+-	FD_ZERO ();
++	rb_fdset_t fdreads, fdwrites;
++	rb_fd_init ();
++	rb_fd_init ();
+ 
+ 	int maxsocket = 0;
+ 	*/
+@@ -860,7 +860,7 @@ void EventMachine_t::_RunSelectOnce()
+ 	// running on localhost with a randomly-chosen port. (*Puke*)
+ 	// Windows has a version of the Unix pipe() library function, but it doesn't
+ 	// give you back descriptors that are selectable.
+-	FD_SET (LoopBreakerReader, &(SelectData.fdreads));
++	rb_fd_set (LoopBreakerReader, &(SelectData.fdreads));
+ 	if (SelectData.maxsocket < LoopBreakerReader)
+ 		SelectData.maxsocket = LoopBreakerReader;
+ 
+@@ -875,15 +875,15 @@ void EventMachine_t::_RunSelectOnce()
+ 		assert (sd != INVALID_SOCKET);
+ 
+ 		if (ed->SelectForRead())
+-			FD_SET (sd, &(SelectData.fdreads));
++			rb_fd_set (sd, &(SelectData.fdreads));
+ 		if (ed->SelectForWrite())
+-			FD_SET (sd, &(SelectData.fdwrites));
++			rb_fd_set (sd, &(SelectData.fdwrites));
+ 
+