From nobody Sun Apr 17 04:08:51 2022 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id C942111CF83F; Sun, 17 Apr 2022 04:08:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4KgxQD1Bfzz3JhF; Sun, 17 Apr 2022 04:08:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650168532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aG02YPT4+6YggUYoQ9+G6OR5cSQvxtZ19Tm7VKQnBiQ=; b=eN4Mp4mQBp/eID2Zawhcm3LKUmWzcuuua8jWEm7uuUwKrAAov9rT1Y6cAMnQ8zaMsP+o6+ AZ8cpIddeOJ+1c8OEFA4pwjX0DI26+ux8WO3kSIXCztoDx68WcXUf8yhSbhj1oeo8YGI+b 6Y0kEUyfYUrmKu0LrNDtzt6jdbSjK3/lGEFe2hveo4Ai4PX7NsIsRzIOiF1WS4XELl8k+J qMcfI2fuGeqElKWTIqdB3LZBlqDFnHwmnWObL1Wd+gBaO9CcHo3Xh7mAzcBNSGrbvv1lZ9 Xs3uIxPU12GaKCafm2Jl/tDqgC/1UY7Fdc4HiIb1N4XhI4f9NcTcgSdpOUSaPw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id D84D41739A; Sun, 17 Apr 2022 04:08:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 23H48ptb024951; Sun, 17 Apr 2022 04:08:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 23H48pED024950; Sun, 17 Apr 2022 04:08:51 GMT (envelope-from git) Date: Sun, 17 Apr 2022 04:08:51 GMT Message-Id: <202204170408.23H48pED024950@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Yasuhiro Kimura Subject: git: 3d90d93bd56e - main - lang/ruby32: Add upstream patches to fix recent vulnerabilities List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: yasu X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 3d90d93bd56ee79ea165afecd38fd9fec6674d26 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1650168532; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aG02YPT4+6YggUYoQ9+G6OR5cSQvxtZ19Tm7VKQnBiQ=; b=s9tInG65cFo2pWpMnW8v3NqMmZi6+hOJXbOVJvCUFmNByLFzF2yMgLsErSZTYMbldcfWS5 6K3JoIl08lMy8PXXlZL6vzCRvZ/kJQidDrkNFwg4piqN3Visrc+L4CSD3B/W9yabq4BZA4 FHL9dxt9uz8r4wg3Swe6vcJUKBidc4NDb3QEsOPNIy4r94WF3LxYGH2WMG1pU3DgjOXTWr 7m/AO2qbzLQtYh/Ef4AQaXAjEniOn+gL4Jp9OWIZsMUm5TwtuDbnDKSrGf2PDen14jTN6b vSE8mVeQQvIF9IOyMAgkS5mVtaqjI+n9R1y+Rw8No5k5HRDr36MiPHW/t9dFFw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1650168532; a=rsa-sha256; cv=none; b=upVCZxfZxI63cq4fZP9o4bkwh2ANfc4H+FQaoBEW19WyM1xH98mC16RQt5/gfpgB+182S3 Dc6Oz4ZUZwblNd87zXkJSSO7KIwmuOj1hPjsslUweOj51zenRI+Est+x0y5B24AWI3BCUZ OzecWrjjjiOhWrz8/E+ZzlyIj9oOgLxZPYpPMC4ZdmSfpd/iEuONF+ZHpDsYbIkNbeB76I aNTllaydajOy++wFyeYU/B3DhJAODd25MTH82A1EFZoxYObUiug2zH4yKFqr6X6U1CWDW8 H8iuqu0s67zys+zrAKifC3cqbEDvRYywR39qow9entH4cA22mggepgmUGcU7qw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by yasu: URL: https://cgit.FreeBSD.org/ports/commit/?id=3d90d93bd56ee79ea165afecd38fd9fec6674d26 commit 3d90d93bd56ee79ea165afecd38fd9fec6674d26 Author: Yasuhiro Kimura AuthorDate: 2022-04-17 02:18:12 +0000 Commit: Yasuhiro Kimura CommitDate: 2022-04-17 04:07:45 +0000 lang/ruby32: Add upstream patches to fix recent vulnerabilities PR: 263357 Approved by: sunpoet (ruby@) Security: f22144d7-bad1-11ec-9cfe-0800270512f4 Security: 06ed6a49-bad4-11ec-9cfe-0800270512f4 --- Mk/bsd.ruby.mk | 2 +- lang/ruby32/files/patch-CVE-2022-28738 | 66 ++++++++++++++++++++++++++++++++++ lang/ruby32/files/patch-CVE-2022-28739 | 64 +++++++++++++++++++++++++++++++++ 3 files changed, 131 insertions(+), 1 deletion(-) diff --git a/Mk/bsd.ruby.mk b/Mk/bsd.ruby.mk index 5471244b4838..1e9286ced1b8 100644 --- a/Mk/bsd.ruby.mk +++ b/Mk/bsd.ruby.mk @@ -162,7 +162,7 @@ RUBY31= "" # PLIST_SUB helpers # Ruby 3.2 # RUBY_DISTVERSION= 3.2.0-preview1 -RUBY_PORTREVISION= 0 +RUBY_PORTREVISION= 1 RUBY_PORTEPOCH= 1 RUBY32= "" # PLIST_SUB helpers diff --git a/lang/ruby32/files/patch-CVE-2022-28738 b/lang/ruby32/files/patch-CVE-2022-28738 new file mode 100644 index 000000000000..79cd2f40b47b --- /dev/null +++ b/lang/ruby32/files/patch-CVE-2022-28738 @@ -0,0 +1,66 @@ +From cf2bbcfff2985c116552967c7c4522f4630f2d18 Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Fri, 11 Jun 2021 00:06:43 +0900 +Subject: [PATCH 1/2] Just free compiled pattern if no space is used + +https://hackerone.com/reports/1220911 +--- + regcomp.c | 14 ++++++++------ + test/ruby/test_regexp.rb | 9 +++++++++ + 2 files changed, 17 insertions(+), 6 deletions(-) + +diff --git regcomp.c regcomp.c +index 3e65c9d2e3..94640639d8 100644 +--- regcomp.c ++++ regcomp.c +@@ -142,8 +142,13 @@ bitset_on_num(BitSetRef bs) + static void + onig_reg_resize(regex_t *reg) + { +- resize: +- if (reg->alloc > reg->used) { ++ do { ++ if (!reg->used) { ++ xfree(reg->p); ++ reg->alloc = 0; ++ reg->p = 0; ++ } ++ else if (reg->alloc > reg->used) { + unsigned char *new_ptr = xrealloc(reg->p, reg->used); + // Skip the right size optimization if memory allocation fails + if (new_ptr) { +@@ -151,10 +156,7 @@ onig_reg_resize(regex_t *reg) + reg->p = new_ptr; + } + } +- if (reg->chain) { +- reg = reg->chain; +- goto resize; +- } ++ } while ((reg = reg->chain) != 0); + } + + extern int +diff --git test/ruby/test_regexp.rb test/ruby/test_regexp.rb +index 4be6d7bec7..84687c5380 100644 +--- test/ruby/test_regexp.rb ++++ test/ruby/test_regexp.rb +@@ -1431,6 +1431,15 @@ def test_bug18631 + assert_kind_of MatchData, /(?a)(?aa)\k/.match("aaaab") + end + ++ def test_invalid_group ++ assert_separately([], "#{<<-"begin;"}\n#{<<-'end;'}") ++ begin; ++ assert_raise_with_message(RegexpError, /invalid conditional pattern/) do ++ Regexp.new("((?(1)x|x|)x)+") ++ end ++ end; ++ end ++ + # This assertion is for porting x2() tests in testpy.py of Onigmo. + def assert_match_at(re, str, positions, msg = nil) + re = Regexp.new(re) unless re.is_a?(Regexp) +-- +2.35.2 + diff --git a/lang/ruby32/files/patch-CVE-2022-28739 b/lang/ruby32/files/patch-CVE-2022-28739 new file mode 100644 index 000000000000..8de3fa8b434b --- /dev/null +++ b/lang/ruby32/files/patch-CVE-2022-28739 @@ -0,0 +1,64 @@ +From d0a822eec524522d81ffc7da2bb1baf906b0318a Mon Sep 17 00:00:00 2001 +From: Nobuyoshi Nakada +Date: Thu, 1 Jul 2021 06:39:17 +0900 +Subject: [PATCH 2/2] Fix dtoa buffer overrun + +https://hackerone.com/reports/1248108 +--- + missing/dtoa.c | 3 ++- + test/ruby/test_float.rb | 18 ++++++++++++++++++ + 2 files changed, 20 insertions(+), 1 deletion(-) + +diff --git missing/dtoa.c missing/dtoa.c +index a940eabd91..b7a8302875 100644 +--- missing/dtoa.c ++++ missing/dtoa.c +@@ -1552,6 +1552,7 @@ break2: + if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0; + if (*s == '0') { + while (*++s == '0'); ++ if (!*s) goto ret; + s1 = strchr(hexdigit, *s); + } + if (s1 != NULL) { +@@ -1574,7 +1575,7 @@ break2: + for (; *s && (s1 = strchr(hexdigit, *s)); ++s) { + adj += aadj * ((s1 - hexdigit) & 15); + if ((aadj /= 16) == 0.0) { +- while (strchr(hexdigit, *++s)); ++ while (*++s && strchr(hexdigit, *s)); + break; + } + } +diff --git test/ruby/test_float.rb test/ruby/test_float.rb +index 4be2cfeeda..57a46fce92 100644 +--- test/ruby/test_float.rb ++++ test/ruby/test_float.rb +@@ -171,6 +171,24 @@ def test_strtod + assert_raise(ArgumentError, n += z + "A") {Float(n)} + assert_raise(ArgumentError, n += z + ".0") {Float(n)} + end ++ ++ x = nil ++ 2000.times do ++ x = Float("0x"+"0"*30) ++ break unless x == 0.0 ++ end ++ assert_equal(0.0, x, ->{"%a" % x}) ++ x = nil ++ 2000.times do ++ begin ++ x = Float("0x1."+"0"*270) ++ rescue ArgumentError => e ++ raise unless /"0x1\.0{270}"/ =~ e.message ++ else ++ break ++ end ++ end ++ assert_nil(x, ->{"%a" % x}) + end + + def test_divmod +-- +2.35.2 +