Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mruby for openSUSE:Factory checked in at 2022-02-09 22:04:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mruby (Old) and /work/SRC/openSUSE:Factory/.mruby.new.1898 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mruby" Wed Feb 9 22:04:15 2022 rev:4 rq:953008 version:3.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mruby/mruby.changes 2022-01-19 00:35:39.786310516 +0100 +++ /work/SRC/openSUSE:Factory/.mruby.new.1898/mruby.changes 2022-02-09 22:04:16.309621477 +0100 @@ -1,0 +2,7 @@ +Wed Feb 9 15:51:52 UTC 2022 - Ferdinand Thiessen <[email protected]> + +- Added CVE-2022-0481.patch from upstream + fixed NULL Pointer Dereference boo#1195632 / CVE-2022-0481 +- Fixed file attributes (executable bit for shared library) + +------------------------------------------------------------------- New: ---- CVE-2022-0481.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mruby.spec ++++++ --- /var/tmp/diff_new_pack.pXs3HR/_old 2022-02-09 22:04:16.857622670 +0100 +++ /var/tmp/diff_new_pack.pXs3HR/_new 2022-02-09 22:04:16.861622678 +0100 @@ -34,6 +34,8 @@ Patch1: CVE-2022-0240.patch # PATCH-FIX-UPSTREAM CVE-2022-0080.patch -- https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 Patch2: CVE-2022-0080.patch +# PATCH-FIX-UPSTREAM CVE-2022-0481.patch -- https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e +Patch3: CVE-2022-0481.patch BuildRequires: bison BuildRequires: cmake BuildRequires: pkgconfig @@ -95,7 +97,7 @@ # Install libraries for l in libmruby.so; do - install -D -m 0644 "build/host/lib/${l}" "%{buildroot}%{_libdir}/${l}.%{version}" + install -D -m 0755 "build/host/lib/${l}" "%{buildroot}%{_libdir}/${l}.%{version}" ln -s ${l}.%{version} "%{buildroot}%{_libdir}/${l}" done ++++++ CVE-2022-0481.patch ++++++ diff -Nur mruby-3.0.0/mrbgems/mruby-compiler/core/codegen.c new/mrbgems/mruby-compiler/core/codegen.c --- mruby-3.0.0/mrbgems/mruby-compiler/core/codegen.c 2021-03-05 09:07:35.000000000 +0100 +++ new/mrbgems/mruby-compiler/core/codegen.c 2022-02-09 17:00:32.354407572 +0100 @@ -1928,7 +1928,7 @@ while (tree) { if (nint(tree->car->car->car) == NODE_KW_REST_ARGS) { - if (len > 0) { + if (val && len > 0) { pop_n(len*2); if (!update) { genop_2(s, OP_HASH, cursp(), len); @@ -1940,7 +1940,7 @@ push(); } codegen(s, tree->car->cdr, VAL); - if (len > 0 || update) { + if (val && (len > 0 || update)) { pop(); pop(); genop_1(s, OP_HASHCAT, cursp()); push();
