Ubuntu
ruby3.0 package

Merge ~utkarsh/ubuntu/+source/ruby3.0:lp1982703-array-slice-invalid-memory-access into ubuntu/+source/ruby3.0:ubuntu/jammy-devel

  1. Git
  2. lp:~utkarsh/ubuntu/+source/ruby3.0
  3. lp1982703-array-slice-invalid-memory-access
  4. Merge into ubuntu/jammy-devel
Proposed by Utkarsh Gupta
Status: Merged
Merged at revision: 9fd5f8bfff0d30d21008941599b3c4dd2c4f0268
Proposed branch: ~utkarsh/ubuntu/+source/ruby3.0:lp1982703-array-slice-invalid-memory-access
Merge into: ubuntu/+source/ruby3.0:ubuntu/jammy-devel
Diff against target: 59 lines (+37/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix-length-calc-for-Array#slice.patch (+29/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Lucas Kanashiro (community) Approve
Canonical Server Reporter Pending
git-ubuntu import Pending
Review via email: mp+432956@code.launchpad.net

Description of the change

Hellu!

This is a fix of LP: #1982703 for ruby3.0/jammy. The PPA can be found here: https://launchpad.net/~utkarsh/+archive/ubuntu/temporary-stuff. It's a trivial fix, really.

I'd appreciate the reviews on this one. Should you have any questions or concerns, please let me know. Thank you!

To post a comment you must log in.
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thanks for this MP Utkarsh! LGTM, I suggested some tiny changes in the DEP-3 headers of the patch.

review: Approve
Revision history for this message
Utkarsh Gupta (utkarsh) :
Revision history for this message
Lucas Kanashiro (lucaskanashiro) :
Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Thanks, Lucas. Fixed per your suggestions. ;)

..and uploaded:

$ dput ubuntu ../ruby3.0_3.0.2-7ubuntu2.2_source.changes
Checking signature on .changes
gpg: ../ruby3.0_3.0.2-7ubuntu2.2_source.changes: Valid signature from 823E967606C34B96
Checking signature on .dsc
gpg: ../ruby3.0_3.0.2-7ubuntu2.2.dsc: Valid signature from 823E967606C34B96
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading ruby3.0_3.0.2-7ubuntu2.2.dsc: done.
  Uploading ruby3.0_3.0.2.orig.tar.xz: done.
  Uploading ruby3.0_3.0.2-7ubuntu2.2.debian.tar.xz: done.
  Uploading ruby3.0_3.0.2-7ubuntu2.2_source.buildinfo: done.
  Uploading ruby3.0_3.0.2-7ubuntu2.2_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 442db73..db66622 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+ruby3.0 (3.0.2-7ubuntu2.2) jammy; urgency=medium
7+
8+ * d/p/fix-length-calc-for-Array#slice.patch: Add patch to
9+ fix length calculation for Array#slice!. (LP: #1982703)
10+
11+ -- Utkarsh Gupta <utkarsh@ubuntu.com> Mon, 14 Nov 2022 17:21:06 +0530
12+
13 ruby3.0 (3.0.2-7ubuntu2.1) jammy-security; urgency=medium
14
15 * SECURITY UPDATE: Double free
16diff --git a/debian/patches/fix-length-calc-for-Array#slice.patch b/debian/patches/fix-length-calc-for-Array#slice.patch
17new file mode 100644
18index 0000000..02a039d
19--- /dev/null
20+++ b/debian/patches/fix-length-calc-for-Array#slice.patch
21@@ -0,0 +1,29 @@
22+From d9bc7b94ea9e8794da62e45269b5c3e0c11edaf4 Mon Sep 17 00:00:00 2001
23+From: Mike Dalessio <mike.dalessio@gmail.com>
24+Date: Sat, 28 Aug 2021 10:29:17 -0400
25+Subject: [PATCH] Fix length calculation for Array#slice!
26+
27+Commit 4f24255 introduced a bug which allows a length to be passed to
28+rb_ary_new4 which is too large, resulting in invalid memory access.
29+
30+For example:
31+
32+ (1..1000).to_a.slice!(-2, 1000)
33+
34+Origin: upstream, https://github.com/ruby/ruby/commit/d43279edacd09edf3a43e02d62f5be475e7c3bcb
35+Bug: https://bugs.ruby-lang.org/issues/18138
36+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ruby3.0/+bug/1982703
37+Applied-Upstream: v3_2_0_preview3, commit:d43279edacd09edf3a43e02d62f5be475e7c3bcb
38+Last-Updated: 2022-11-11
39+
40+--- a/array.c
41++++ b/array.c
42+@@ -4072,7 +4072,7 @@
43+ else if (orig_len < pos) {
44+ return Qnil;
45+ }
46+- else if (orig_len < pos + len) {
47++ if (orig_len < pos + len) {
48+ len = orig_len - pos;
49+ }
50+ if (len == 0) {
51diff --git a/debian/patches/series b/debian/patches/series
52index eeda34a..139a256 100644
53--- a/debian/patches/series
54+++ b/debian/patches/series
55@@ -19,3 +19,4 @@ CVE-2021-41817-3.patch
56 CVE-2021-41819.patch
57 CVE-2022-28738.patch
58 CVE-2022-28739.patch
59+fix-length-calc-for-Array#slice.patch

Subscribers

People subscribed via source and target branches