[DRE-maint] Bug#882802: jessie-pu: package ruby-ox/2.1.1-2+b2
Cédric Boutillier
boutil at debian.org
Sun Nov 26 22:28:39 UTC 2017
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
this update fixes bug #881445 [CVE-2017-15928]
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
by cherrypicking a patch from upstream, to crash of the ruby interpreter
on a parse error.
Debdiff attached.
As mentioned in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882724#10
since the debdiffs are identical for jessie and stretch,
except for version numbers and suite, the upload to jessie will follow
shortly this report.
Cheers,
Cédric
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr:en_US (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
diff -Nru ruby-ox-2.1.1/debian/changelog ruby-ox-2.1.1/debian/changelog
--- ruby-ox-2.1.1/debian/changelog 2014-04-04 12:58:15.000000000 +0200
+++ ruby-ox-2.1.1/debian/changelog 2017-11-26 01:08:40.000000000 +0100
@@ -1,3 +1,12 @@
+ruby-ox (2.1.1-2+deb8u1) jessie; urgency=medium
+
+ * Team upload
+ * Add fix_parse_obj_segfault.patch picked from upstream
+ + fix CVE-2017-15928: segmentation fault in parse_obj
+ (Closes: #881445)
+
+ -- Cédric Boutillier <boutil at debian.org> Sun, 26 Nov 2017 01:08:40 +0100
+
ruby-ox (2.1.1-2) unstable; urgency=medium
* Team upload.
diff -Nru ruby-ox-2.1.1/debian/gbp.conf ruby-ox-2.1.1/debian/gbp.conf
--- ruby-ox-2.1.1/debian/gbp.conf 1970-01-01 01:00:00.000000000 +0100
+++ ruby-ox-2.1.1/debian/gbp.conf 2017-11-26 01:08:40.000000000 +0100
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch=jessie/master
+upstream-branch=jessie/upstream
diff -Nru ruby-ox-2.1.1/debian/patches/fix_parse_obj_segfault.patch ruby-ox-2.1.1/debian/patches/fix_parse_obj_segfault.patch
--- ruby-ox-2.1.1/debian/patches/fix_parse_obj_segfault.patch 1970-01-01 01:00:00.000000000 +0100
+++ ruby-ox-2.1.1/debian/patches/fix_parse_obj_segfault.patch 2017-11-26 01:08:40.000000000 +0100
@@ -0,0 +1,51 @@
+Description: Avoid crash with invalid XML passed to Oj.parse_obj()
+ this fixes CVE-2017-15928
+Author: Peter Ohler <peter at ohler.com>
+Origin: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8.patch
+Bug: https://github.com/ohler55/ox/issues/194
+Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881445
+Last-Update: 2017-11-25
+
+--- a/ext/ox/obj_load.c
++++ b/ext/ox/obj_load.c
+@@ -791,8 +791,10 @@
+ Helper gh;
+
+ helper_stack_pop(&pi->helpers);
+- gh = helper_stack_peek(&pi->helpers);
+-
++ if (NULL == (gh = helper_stack_peek(&pi->helpers))) {
++ set_error(&pi->err, "Corrupt parse stack, container is wrong type", pi->str, pi->s);
++ return;
++ }
+ rb_hash_aset(gh->obj, ph->obj, h->obj);
+ }
+ break;
+--- a/ext/ox/err.c
++++ b/ext/ox/err.c
+@@ -42,7 +42,11 @@
+ va_end(ap);
+ }
+
++#if __GNUC__ > 4
++_Noreturn void
++#else
+ void
++#endif
+ ox_err_raise(Err e) {
+ rb_raise(e->clas, "%s", e->msg);
+ }
+--- a/ext/ox/ox.c
++++ b/ext/ox/ox.c
+@@ -990,7 +990,11 @@
+ #endif
+ }
+
++#if __GNUC__ > 4
++_Noreturn void
++#else
+ void
++#endif
+ _ox_raise_error(const char *msg, const char *xml, const char *current, const char* file, int line) {
+ int xline = 1;
+ int col = 1;
diff -Nru ruby-ox-2.1.1/debian/patches/series ruby-ox-2.1.1/debian/patches/series
--- ruby-ox-2.1.1/debian/patches/series 2014-03-22 13:16:52.000000000 +0100
+++ ruby-ox-2.1.1/debian/patches/series 2017-11-26 01:08:40.000000000 +0100
@@ -1 +1,2 @@
+fix_parse_obj_segfault.patch
000-fix-so-load-path.patch
More information about the Pkg-ruby-extras-maintainers
mailing list