[SCM] 100% pure-Java implementation of Ruby branch, master, updated. debian/1.5.6-3-4-g38efe35
tony mancill
tmancill at debian.org
Thu Sep 20 22:10:37 UTC 2012
The following commit has been merged in the master branch:
commit cd68d2b0847c08ccc1de276fc503817acf5a45e8
Author: tony mancill <tmancill at debian.org>
Date: Wed Sep 19 20:47:02 2012 -0700
apply patch for CVE-2011-4838
diff --git a/debian/patches/0008-CVE-2011-4838.patch b/debian/patches/0008-CVE-2011-4838.patch
new file mode 100644
index 0000000..0236f8a
--- /dev/null
+++ b/debian/patches/0008-CVE-2011-4838.patch
@@ -0,0 +1,132 @@
+--- a/src/org/jruby/RubyHash.java
++++ b/src/org/jruby/RubyHash.java
+@@ -809,7 +809,7 @@
+ oldTable[j] = null;
+ while (entry != null) {
+ RubyHashEntry next = entry.next;
+- entry.hash = entry.key.hashCode(); // update the hash value
++ entry.hash = hashValue(entry.key.hashCode()); // update the hash value
+ int i = bucketIndex(entry.hash, newTable.length);
+ entry.next = newTable[i];
+ newTable[i] = entry;
+--- a/src/org/jruby/Ruby.java
++++ b/src/org/jruby/Ruby.java
+@@ -269,6 +269,8 @@
+ this.beanManager = BeanManagerFactory.create(this, config.isManagementEnabled());
+ this.jitCompiler = new JITCompiler(this);
+ this.parserStats = new ParserStats(this);
++
++ this.hashSeed = this.random.nextInt();
+
+ this.beanManager.register(new Config(this));
+ this.beanManager.register(parserStats);
+@@ -3704,6 +3706,10 @@
+ public Set<Script> getJittedMethods() {
+ return jittedMethods;
+ }
++
++ public int getHashSeed() {
++ return hashSeed;
++ }
+
+ public ExecutorService getExecutor() {
+ return executor;
+@@ -3808,6 +3814,8 @@
+ private long randomSeed = 0;
+ private long randomSeedSequence = 0;
+ private Random random = new Random();
++ /** The runtime-local seed for hash randomization */
++ private int hashSeed = 0;
+
+ private final List<EventHook> eventHooks = new Vector<EventHook>();
+ private boolean hasEventHooks;
+--- a/src/org/jruby/RubyString.java
++++ b/src/org/jruby/RubyString.java
+@@ -91,6 +91,7 @@
+ import org.jruby.runtime.marshal.UnmarshalStream;
+ import org.jruby.util.ByteList;
+ import org.jruby.util.ConvertBytes;
++import org.jruby.util.MurmurHash;
+ import org.jruby.util.Numeric;
+ import org.jruby.util.Pack;
+ import org.jruby.util.Sprintf;
+@@ -1024,11 +1025,11 @@
+ }
+
+ private int strHashCode(Ruby runtime) {
++ int hash = MurmurHash.hash32(value.getUnsafeBytes(), value.getBegin(), value.getRealSize(), runtime.getHashSeed());
+ if (runtime.is1_9()) {
+- return value.hashCode() ^ (value.getEncoding().isAsciiCompatible() && scanForCodeRange() == CR_7BIT ? 0 : value.getEncoding().getIndex());
+- } else {
+- return value.hashCode();
++ hash ^= (value.getEncoding().isAsciiCompatible() && scanForCodeRange() == CR_7BIT ? 0 : value.getEncoding().getIndex());
+ }
++ return hash;
+ }
+
+ @Override
+--- /dev/null
++++ b/src/org/jruby/util/MurmurHash.java
+@@ -0,0 +1,62 @@
++package org.jruby.util;
++
++public class MurmurHash {
++ // Based on Murmurhash 2.0 Java port at http://dmy999.com/article/50/murmurhash-2-java-port
++ // 2011-12-05: Modified by Hiroshi Nakamura <nahi at ruby-lang.org>
++ // - signature change to use offset
++ // hash(byte[] data, int seed) to hash(byte[] src, int offset, int length, int seed)
++ // - extract 'm' and 'r' as murmurhash2.0 constants
++
++ // Ported by Derek Young from the C version (specifically the endian-neutral
++ // version) from:
++ // http://murmurhash.googlepages.com/
++ //
++ // released to the public domain - dmy999 at gmail.com
++
++ // 'm' and 'r' are mixing constants generated offline.
++ // They're not really 'magic', they just happen to work well.
++ private static final int MURMUR2_MAGIC = 0x5bd1e995;
++ // CRuby 1.9 uses 16 but original C++ implementation uses 24 with above Magic.
++ private static final int MURMUR2_R = 24;
++
++ @SuppressWarnings("fallthrough")
++ public static int hash32(byte[] src, int offset, int length, int seed) {
++ // Initialize the hash to a 'random' value
++ int h = seed ^ length;
++
++ int i = offset;
++ int len = length;
++ while (len >= 4) {
++ int k = src[i + 0] & 0xFF;
++ k |= (src[i + 1] & 0xFF) << 8;
++ k |= (src[i + 2] & 0xFF) << 16;
++ k |= (src[i + 3] & 0xFF) << 24;
++
++ k *= MURMUR2_MAGIC;
++ k ^= k >>> MURMUR2_R;
++ k *= MURMUR2_MAGIC;
++
++ h *= MURMUR2_MAGIC;
++ h ^= k;
++
++ i += 4;
++ len -= 4;
++ }
++
++ switch (len) {
++ case 3:
++ h ^= (src[i + 2] & 0xFF) << 16;
++ case 2:
++ h ^= (src[i + 1] & 0xFF) << 8;
++ case 1:
++ h ^= (src[i + 0] & 0xFF);
++ h *= MURMUR2_MAGIC;
++ }
++
++ h ^= h >>> 13;
++ h *= MURMUR2_MAGIC;
++ h ^= h >>> 15;
++
++ return h;
++ }
++}
--
100% pure-Java implementation of Ruby
More information about the pkg-java-commits
mailing list