diff --git a/SOURCES/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch b/SOURCES/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch new file mode 100644 index 0000000..325a6bf --- /dev/null +++ b/SOURCES/ruby-2.6.0-rdoc-6.0.2-check-nil-text-token.patch @@ -0,0 +1,69 @@ +From 9d98bfe7f1abdeda5aedf9404588104980ee7a86 Mon Sep 17 00:00:00 2001 +From: aycabta +Date: Mon, 15 Jan 2018 22:32:56 +0900 +Subject: [PATCH] Check nil text token + +Sometimes :on_ignored_nl token has nil text. This commit checks and +bypasses the token. +--- + lib/rdoc/parser/ripper_state_lex.rb | 4 +++- + test/test_rdoc_parser_ruby.rb | 30 +++++++++++++++++++++++++++++ + 2 files changed, 33 insertions(+), 1 deletion(-) + +diff --git a/lib/rdoc/parser/ripper_state_lex.rb b/lib/rdoc/parser/ripper_state_lex.rb +index 2a285b97a4..c56cef46ee 100644 +--- a/lib/rdoc/parser/ripper_state_lex.rb ++++ b/lib/rdoc/parser/ripper_state_lex.rb +@@ -330,8 +330,10 @@ class RDoc::RipperStateLex + @heredoc_queue << retrieve_heredoc_info(tk) + @inner_lex.lex_state = EXPR_END unless RIPPER_HAS_LEX_STATE + when :on_nl, :on_ignored_nl, :on_comment, :on_heredoc_end then +- unless @heredoc_queue.empty? ++ if !@heredoc_queue.empty? + get_heredoc_tk(*@heredoc_queue.shift) ++ elsif tk[:text].nil? # :on_ignored_nl sometimes gives nil ++ tk[:text] = '' + end + when :on_words_beg then + tk = get_words_tk(tk) +diff --git a/test/rdoc/test_rdoc_parser_ruby.rb b/test/rdoc/test_rdoc_parser_ruby.rb +index 833ed2cc74..c9d57021ce 100644 +--- a/test/rdoc/test_rdoc_parser_ruby.rb ++++ b/test/rdoc/test_rdoc_parser_ruby.rb +@@ -306,6 +306,36 @@ def sum(n) + assert_equal @top_level, sum.file + end + ++ def test_parse_on_ignored_nl_with_nil_text ++ util_parser <def meth ++ variable # comment ++ .chain ++end ++EXPECTED ++ expected = expected.rstrip ++ ++ @parser.scan ++ ++ foo = @store.find_class_named 'Foo' ++ meth = foo.method_list.first ++ ++ assert_equal 'meth', meth.name ++ assert_equal @top_level, meth.file ++ ++ markup_code = meth.markup_code.sub(/^.*\n/, '') ++ assert_equal expected, markup_code ++ end ++ + def test_parse_alias + klass = RDoc::NormalClass.new 'Foo' + klass.parent = @top_level diff --git a/SOURCES/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch b/SOURCES/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch new file mode 100644 index 0000000..5c7aec5 --- /dev/null +++ b/SOURCES/ruby-2.6.10-Fix-CVE-2022-28739-Buffer-overrun-in-str2float.patch @@ -0,0 +1,73 @@ +From 8e2ed0b9d965a526b29f9dc3bff8e9fe33dae98d Mon Sep 17 00:00:00 2001 +From: usa +Date: Tue, 12 Apr 2022 11:49:45 +0000 +Subject: [PATCH] Fix CVE-2022-28739 Buffer overrun in str2float. + +CVE-2022-28739: Buffer overrun in String-to-Float conversion +Backported from upstream Ruby 2.6.10, +Git commit: +https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 + +==== Original commit message + +Fix dtoa buffer overrun + +git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e +--- + test/ruby/test_float.rb | 18 ++++++++++++++++++ + util.c | 3 ++- + 2 files changed, 20 insertions(+), 1 deletion(-) + +diff --git a/test/ruby/test_float.rb b/test/ruby/test_float.rb +index 7fabfd3..78c63c2 100644 +--- a/test/ruby/test_float.rb ++++ b/test/ruby/test_float.rb +@@ -171,6 +171,24 @@ class TestFloat < Test::Unit::TestCase + assert_raise(ArgumentError, n += z + "A") {Float(n)} + assert_raise(ArgumentError, n += z + ".0") {Float(n)} + end ++ ++ x = nil ++ 2000.times do ++ x = Float("0x"+"0"*30) ++ break unless x == 0.0 ++ end ++ assert_equal(0.0, x, ->{"%a" % x}) ++ x = nil ++ 2000.times do ++ begin ++ x = Float("0x1."+"0"*270) ++ rescue ArgumentError => e ++ raise unless /"0x1\.0{270}"/ =~ e.message ++ else ++ break ++ end ++ end ++ assert_nil(x, ->{"%a" % x}) + end + + def test_divmod +diff --git a/util.c b/util.c +index 2222744..f1d910f 100644 +--- a/util.c ++++ b/util.c +@@ -2046,6 +2046,7 @@ break2: + if (!*++s || !(s1 = strchr(hexdigit, *s))) goto ret0; + if (*s == '0') { + while (*++s == '0'); ++ if (!*s) goto ret; + s1 = strchr(hexdigit, *s); + } + if (s1 != NULL) { +@@ -2068,7 +2069,7 @@ break2: + for (; *s && (s1 = strchr(hexdigit, *s)); ++s) { + adj += aadj * ((s1 - hexdigit) & 15); + if ((aadj /= 16) == 0.0) { +- while (strchr(hexdigit, *++s)); ++ while (*++s && strchr(hexdigit, *s)); + break; + } + } +-- +2.41.0 + diff --git a/SOURCES/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch b/SOURCES/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch new file mode 100644 index 0000000..b30dc6a --- /dev/null +++ b/SOURCES/ruby-2.7.7-Fix-CVE-2021-33621-HTTP-response-splitting-in-CGI.patch @@ -0,0 +1,328 @@ +From 8fc4b4792919c627183f4ddb6dc256aae49eb738 Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA +Date: Tue, 22 Nov 2022 13:48:18 +0900 +Subject: [PATCH] Fix CVE-2021-33621 HTTP response splitting in CGI. + +Backported from upstream Ruby, commit: +https://github.com/ruby/ruby/commit/7cf697179dab52b0d024543304f4d3ab5fa5e847 + +Test "CGICookieTest#test_cgi_cookie_new_with_domain" was adjusted to +deal with Ruby 2.5 not allowing String with double splat operator. + +==== Original commit message +Merge CGI-0.1.0.2 +--- + lib/cgi/cookie.rb | 51 ++++++++++++++++------- + lib/cgi/core.rb | 45 ++++++++++++-------- + test/cgi/test_cgi_cookie.rb | 82 +++++++++++++++++++++++++++++++++++++ + test/cgi/test_cgi_header.rb | 8 ++++ + 4 files changed, 154 insertions(+), 32 deletions(-) + +diff --git a/lib/cgi/cookie.rb b/lib/cgi/cookie.rb +index 009566b..f26f015 100644 +--- a/lib/cgi/cookie.rb ++++ b/lib/cgi/cookie.rb +@@ -40,6 +40,10 @@ class CGI + class Cookie < Array + @@accept_charset="UTF-8" unless defined?(@@accept_charset) + ++ TOKEN_RE = %r"\A[[!-~]&&[^()<>@,;:\\\"/?=\[\]{}]]+\z" ++ PATH_VALUE_RE = %r"\A[[ -~]&&[^;]]*\z" ++ DOMAIN_VALUE_RE = %r"\A(?