Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mruby for openSUSE:Factory checked in at 2022-04-26 21:34:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mruby (Old) and /work/SRC/openSUSE:Factory/.mruby.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mruby" Tue Apr 26 21:34:59 2022 rev:6 rq:972972 version:3.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/mruby/mruby.changes 2022-02-21 20:51:32.282295873 +0100 +++ /work/SRC/openSUSE:Factory/.mruby.new.1538/mruby.changes 2022-04-26 21:34:59.608200036 +0200 @@ -1,0 +2,6 @@ +Tue Apr 26 18:57:21 UTC 2022 - Ferdinand Thiessen <r...@fthiessen.de> + +- Add b1d0296a.patch: fixing CVE-2022-1286 / boo#1198289 +- Add CVE-2022-1212.patch: fixing CVE-2022-1212 / boo#1198089 + +------------------------------------------------------------------- New: ---- CVE-2022-1212.patch b1d0296a.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mruby.spec ++++++ --- /var/tmp/diff_new_pack.uuzlXY/_old 2022-04-26 21:35:00.180201340 +0200 +++ /var/tmp/diff_new_pack.uuzlXY/_new 2022-04-26 21:35:00.184201349 +0200 @@ -38,6 +38,10 @@ Patch3: CVE-2022-0080.patch # PATCH-FIX-UPSTREAM CVE-2022-0481.patch -- https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e Patch4: CVE-2022-0481.patch +# PATCH-FIX-UPSTREAM b1d0296a.patch -- CVE-2022-1286 boo#1198289 +Patch5: https://github.com/mruby/mruby/commit/b1d0296a.patch +# PATCH-FIX-UPSTREAM CVE-2022-1212.patch -- https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6 +Patch6: CVE-2022-1212.patch BuildRequires: bison BuildRequires: cmake BuildRequires: pkgconfig ++++++ CVE-2022-1212.patch ++++++ diff -Nur mruby-3.0.0/src/vm.c new/src/vm.c --- mruby-3.0.0/src/vm.c 2021-03-05 09:07:35.000000000 +0100 +++ new/src/vm.c 2022-04-26 21:03:08.112400307 +0200 @@ -2109,9 +2109,9 @@ } if (ci->acc < 0) { ci = cipop(mrb); + mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb_gc_arena_restore(mrb, ai); mrb->c->vmexec = FALSE; - mrb->exc = (struct RObject*)break_new(mrb, RBREAK_TAG_BREAK, proc, v); mrb->jmp = prev_jmp; MRB_THROW(prev_jmp); } ++++++ b1d0296a.patch ++++++ >From b1d0296a937fe278239bdfac840a3fd0e93b3ee9 Mon Sep 17 00:00:00 2001 From: "Yukihiro \"Matz\" Matsumoto" <m...@ruby.or.jp> Date: Sat, 9 Apr 2022 09:25:35 +0900 Subject: [PATCH] class.c: clear method cache after `remove_method`. --- src/class.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/class.c b/src/class.c index 37fc4e68a4..68a0ff0843 100644 --- a/src/class.c +++ b/src/class.c @@ -2361,7 +2361,10 @@ mrb_remove_method(mrb_state *mrb, struct RClass *c, mrb_sym mid) MRB_CLASS_ORIGIN(c); h = c->mt; - if (h && mt_del(mrb, h, mid)) return; + if (h && mt_del(mrb, h, mid)) { + mrb_mc_clear_by_class(mrb, c); + return; + } mrb_name_error(mrb, mid, "method '%n' not defined in %C", mid, c); }
