diff -pruN 3.3.8-2/debian/changelog 3.3.8-2ubuntu2/debian/changelog --- 3.3.8-2/debian/changelog 2025-04-29 10:58:14.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/changelog 2025-09-10 11:56:24.000000000 +0000 @@ -1,3 +1,47 @@ +ruby3.3 (3.3.8-2ubuntu2) questing; urgency=medium + + * SECURITY UPDATE: denial of service in resolv + - debian/patches/CVE-2025-24294.patch: Limit decompressed name length + - CVE-2025-24294 + * d/rules: Fix FTBFS on arm64 by adding gcs-report-dynamic=none + * d/p/skip-test_ractor-arm64.patch: skip failing test on arm64 + + -- Nishit Majithia Wed, 10 Sep 2025 17:26:24 +0530 + +ruby3.3 (3.3.8-2ubuntu1) questing; urgency=medium + + * Merge with Debian unstable (LP: #2110442). Remaining changes: + - d/p/1001-fix-ensure-stack-memory-corruption.patch: add a patch to fix + "ensure" structure stack memory use-after-free errors. + - d/p/1002-ppc64le-fix-fiber-corruption.patch: add a patch to fix + conditional registers getting clobbered on ppc64el during the + Ruby fiber switching. + * Dropped changes: + - SECURITY UPDATE: DoS in net-imap response parser + + debian/patches/CVE-2025-25186.patch: limit number of UIDs in + .bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb. + + CVE-2025-25186 + [ Fixed upstream in 3.3.8 ] + - SECURITY UPDATE: DoS in CGI Gem + + debian/patches/CVE-2025-27219.patch: use String#concat instead of + String#+ for reducing cpu usage in lib/cgi/cookie.rb. + + CVE-2025-27219 + [ Fixed in 3.3.7-2 ] + - SECURITY UPDATE: ReDoS in CGI Gem + + debian/patches/CVE-2025-27220.patch: escape/unescape unclosed tags as + well in lib/cgi/util.rb, test/cgi/test_cgi_util.rb. + + CVE-2025-27220 + [ Fixed in 3.3.7-2 ] + - SECURITY UPDATE: credential leak in URI gem + + debian/patches/CVE-2025-27221-1.patch: truncate userinfo in + lib/uri/generic.rb, test/uri/test_generic.rb. + + debian/patches/CVE-2025-27221-2.patch: fix merger of URI with + authority component in lib/uri/generic.rb, test/uri/test_generic.rb. + + CVE-2025-27221 + [ Fixed in 3.3.7-2 ] + + -- Athos Ribeiro Mon, 09 Jun 2025 09:46:54 -0300 + ruby3.3 (3.3.8-2) unstable; urgency=medium [ Antonio Terceiro ] @@ -49,6 +93,40 @@ ruby3.3 (3.3.7-2) unstable; urgency=medi -- Lucas Kanashiro Wed, 09 Apr 2025 15:42:58 -0300 +ruby3.3 (3.3.7-1ubuntu2) plucky; urgency=medium + + * SECURITY UPDATE: DoS in net-imap response parser + - debian/patches/CVE-2025-25186.patch: limit number of UIDs in + .bundle/gems/net-imap-0.4.9.1/lib/net/imap/response_parser.rb. + - CVE-2025-25186 + * SECURITY UPDATE: DoS in CGI Gem + - debian/patches/CVE-2025-27219.patch: use String#concat instead of + String#+ for reducing cpu usage in lib/cgi/cookie.rb. + - CVE-2025-27219 + * SECURITY UPDATE: ReDoS in CGI Gem + - debian/patches/CVE-2025-27220.patch: escape/unescape unclosed tags as + well in lib/cgi/util.rb, test/cgi/test_cgi_util.rb. + - CVE-2025-27220 + * SECURITY UPDATE: credential leak in URI gem + - debian/patches/CVE-2025-27221-1.patch: truncate userinfo in + lib/uri/generic.rb, test/uri/test_generic.rb. + - debian/patches/CVE-2025-27221-2.patch: fix merger of URI with + authority component in lib/uri/generic.rb, test/uri/test_generic.rb. + - CVE-2025-27221 + + -- Marc Deslauriers Tue, 04 Mar 2025 10:40:05 -0500 + +ruby3.3 (3.3.7-1ubuntu1) plucky; urgency=medium + + * Merge with Debian; remaining changes: + - d/p/1001-fix-ensure-stack-memory-corruption.patch: add a patch to fix + "ensure" structure stack memory use-after-free errors. + - d/p/1002-ppc64le-fix-fiber-corruption.patch: add a patch to fix + conditional registers getting clobbered on ppc64el during the + Ruby fiber switching. + + -- Matthias Klose Fri, 07 Feb 2025 10:40:57 +0100 + ruby3.3 (3.3.7-1) unstable; urgency=medium * New upstream version 3.3.7 @@ -60,6 +138,27 @@ ruby3.3 (3.3.7-1) unstable; urgency=medi -- Lucas Kanashiro Wed, 29 Jan 2025 12:07:55 -0300 +ruby3.3 (3.3.6-1.1ubuntu1) plucky; urgency=medium + + * Merge with Debian unstable (LP: #2093214). Remaining changes: + - d/rules: remove DEB_BUILD_OPTIONS=abi=time64. + * Dropped changes: + - debian/patches/CVE-2024-41946.patch, + debian/patches/CVE-2024-49761.patch: fixes included in upstream + Ruby 3.3.6 release. + - d/t/excludes/ppc64el: skip TCP test segfaulting in ppc64el: This + issue is fixed with the new patches introduced below. + - fix testsuite for openssl 3.4: included in the Debian NMU upload + version 3.3.6-1.1. + * New changes: + - d/p/1001-fix-ensure-stack-memory-corruption.patch: add a patch to fix + "ensure" structure stack memory use-after-free errors. + - d/p/1002-ppc64le-fix-fiber-corruption.patch: add a patch to fix + conditional registers getting clobbered on ppc64el during the + Ruby fiber switching. + + -- Zixing Liu Tue, 07 Jan 2025 13:05:54 -0700 + ruby3.3 (3.3.6-1.1) unstable; urgency=medium * Non-maintainer upload. @@ -130,6 +229,64 @@ ruby3.3 (3.3.5-1) unstable; urgency=medi -- Antonio Terceiro Sat, 07 Sep 2024 21:36:05 -0300 +ruby3.3 (3.3.4-2ubuntu7) plucky; urgency=medium + + * fix testsuite for openssl 3.4 + + -- Adrien Nader Tue, 10 Dec 2024 12:17:22 +0100 + +ruby3.3 (3.3.4-2ubuntu6) plucky; urgency=medium + + * SECURITY UPDATE: denial of service in REXML + - debian/patches/CVE-2024-41946.patch: Add support for XML entity + expansion limitation in SAX and pull parsers + - debian/patches/CVE-2024-49761.patch: fix a bug that �x...; is + accepted as a character reference + - CVE-2024-41946 + - CVE-2024-49761 + + -- Nishit Majithia Fri, 25 Oct 2024 15:59:37 +0530 + +ruby3.3 (3.3.4-2ubuntu5) oracular; urgency=medium + + * d/control: add runtime dependency on ruby-sdbm to libruby3.3 again. + The circular dependency issue was fixed in all architectures now, + including i386. + + -- Lucas Kanashiro Tue, 20 Aug 2024 19:45:41 -0300 + +ruby3.3 (3.3.4-2ubuntu4) oracular; urgency=medium + + * d/control: do not runtime depend on ruby-sdbm again. + The circular dependency issue was not solved on i386. + + -- Lucas Kanashiro Tue, 20 Aug 2024 16:54:01 -0300 + +ruby3.3 (3.3.4-2ubuntu3) oracular; urgency=medium + + * d/control: add runtime dependency on ruby-sdbm to libruby3.3 again. + The circular dependency issue was fixed, ruby-sdbm was built against + libruby3.3. + + -- Lucas Kanashiro Fri, 16 Aug 2024 16:36:09 -0300 + +ruby3.3 (3.3.4-2ubuntu2) oracular; urgency=medium + + * d/control: do not runtime depend on ruby-sdbm. + libruby3.3 depends on ruby-sdbm and now (with the ruby 3.3 transition) + ruby-sdbm depends on libruby < 3.3 but only 3.3 is going to be installed. + This dependency will be re-added once ruby-sdbm is rebuilt against + libruby3.3. + + -- Lucas Kanashiro Fri, 16 Aug 2024 13:31:34 -0300 + +ruby3.3 (3.3.4-2ubuntu1) oracular; urgency=medium + + * d/t/excludes/ppc64el: skip TCP test segfaulting in ppc64el. + * d/rules: remove DEB_BUILD_OPTIONS=abi=time64. + + -- Lucas Kanashiro Thu, 15 Aug 2024 14:36:07 -0300 + ruby3.3 (3.3.4-2) unstable; urgency=medium * d/libruby3.3.symbols: fix FTBFS in armel and loong64 (Closes: #1074300). diff -pruN 3.3.8-2/debian/control 3.3.8-2ubuntu2/debian/control --- 3.3.8-2/debian/control 2025-04-29 10:58:14.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/control 2025-06-09 12:46:54.000000000 +0000 @@ -1,7 +1,8 @@ Source: ruby3.3 Section: ruby Priority: optional -Maintainer: Debian Ruby Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Ruby Team Uploaders: Antonio Terceiro , Utkarsh Gupta , Lucas Kanashiro diff -pruN 3.3.8-2/debian/patches/1001-fix-ensure-stack-memory-corruption.patch 3.3.8-2ubuntu2/debian/patches/1001-fix-ensure-stack-memory-corruption.patch --- 3.3.8-2/debian/patches/1001-fix-ensure-stack-memory-corruption.patch 1970-01-01 00:00:00.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/patches/1001-fix-ensure-stack-memory-corruption.patch 2025-06-09 12:19:35.000000000 +0000 @@ -0,0 +1,133 @@ +Description: Fix ensure stack memory corruption + There is a stack memory reference returned from a function saved in + a heap-allocated object. + Upstream fixed this issue in Ruby 3.4 by refactoring the Prism parser. +Author: Zixing Liu +Forwarded: not-needed +Last-Update: 2024-09-29 +--- +Index: ruby3.3/compile.c +=================================================================== +--- ruby3.3.orig/compile.c ++++ ruby3.3/compile.c +@@ -118,12 +118,6 @@ struct ensure_range { + struct ensure_range *next; + }; + +-struct iseq_compile_data_ensure_node_stack { +- const void *ensure_node; +- struct iseq_compile_data_ensure_node_stack *prev; +- struct ensure_range *erange; +-}; +- + const ID rb_iseq_shared_exc_local_tbl[] = {idERROR_INFO}; + + /** +@@ -2510,7 +2504,7 @@ iseq_set_sequence(rb_iseq_t *iseq, LINK_ + + /* make instruction sequence */ + generated_iseq = ALLOC_N(VALUE, code_index); +- insns_info = ALLOC_N(struct iseq_insn_info_entry, insn_num); ++ insns_info = ZALLOC_N(struct iseq_insn_info_entry, insn_num); + positions = ALLOC_N(unsigned int, insn_num); + if (ISEQ_IS_SIZE(body)) { + body->is_entries = ZALLOC_N(union iseq_inline_storage_entry, ISEQ_IS_SIZE(body)); +@@ -7629,7 +7623,7 @@ compile_loop(rb_iseq_t *iseq, LINK_ANCHO + int prev_loopval_popped = ISEQ_COMPILE_DATA(iseq)->loopval_popped; + VALUE branches = Qfalse; + +- struct iseq_compile_data_ensure_node_stack enl; ++ struct iseq_compile_data_ensure_node_stack *enl = ZALLOC(struct iseq_compile_data_ensure_node_stack); + + LABEL *next_label = ISEQ_COMPILE_DATA(iseq)->start_label = NEW_LABEL(line); /* next */ + LABEL *redo_label = ISEQ_COMPILE_DATA(iseq)->redo_label = NEW_LABEL(line); /* redo */ +@@ -7641,7 +7635,7 @@ compile_loop(rb_iseq_t *iseq, LINK_ANCHO + LABEL *tmp_label = NULL; + + ISEQ_COMPILE_DATA(iseq)->loopval_popped = 0; +- push_ensure_entry(iseq, &enl, NULL, NULL); ++ push_ensure_entry(iseq, enl, NULL, NULL); + + if (RNODE_WHILE(node)->nd_state == 1) { + ADD_INSNL(ret, line_node, jump, next_label); +@@ -8148,7 +8142,7 @@ compile_ensure(rb_iseq_t *iseq, LINK_ANC + LINK_ELEMENT *last; + int last_leave = 0; + struct ensure_range er; +- struct iseq_compile_data_ensure_node_stack enl; ++ struct iseq_compile_data_ensure_node_stack *enl = ZALLOC(struct iseq_compile_data_ensure_node_stack); + struct ensure_range *erange; + + INIT_ANCHOR(ensr); +@@ -8159,7 +8153,7 @@ compile_ensure(rb_iseq_t *iseq, LINK_ANC + er.begin = lstart; + er.end = lend; + er.next = 0; +- push_ensure_entry(iseq, &enl, &er, RNODE_ENSURE(node)->nd_ensr); ++ push_ensure_entry(iseq, enl, &er, RNODE_ENSURE(node)->nd_ensr); + + ADD_LABEL(ret, lstart); + CHECK(COMPILE_(ret, "ensure head", RNODE_ENSURE(node)->nd_head, (popped | last_leave))); +@@ -8178,7 +8172,7 @@ compile_ensure(rb_iseq_t *iseq, LINK_ANC + } + } + +- ISEQ_COMPILE_DATA(iseq)->ensure_node_stack = enl.prev; ++ ISEQ_COMPILE_DATA(iseq)->ensure_node_stack = enl->prev; + return COMPILE_OK; + } + +Index: ruby3.3/iseq.c +=================================================================== +--- ruby3.3.orig/iseq.c ++++ ruby3.3/iseq.c +@@ -95,6 +95,12 @@ compile_data_free(struct iseq_compile_da + if (compile_data) { + free_arena(compile_data->node.storage_head); + free_arena(compile_data->insn.storage_head); ++ struct iseq_compile_data_ensure_node_stack *stack = compile_data->ensure_node_stack; ++ while (stack) { ++ struct iseq_compile_data_ensure_node_stack *prev = stack->prev; ++ ruby_xfree(stack); ++ stack = prev; ++ } + if (compile_data->ivar_cache_table) { + rb_id_table_free(compile_data->ivar_cache_table); + } +Index: ruby3.3/iseq.h +=================================================================== +--- ruby3.3.orig/iseq.h ++++ ruby3.3/iseq.h +@@ -301,6 +301,12 @@ struct iseq_compile_data_storage { + char buff[FLEX_ARY_LEN]; + }; + ++struct iseq_compile_data_ensure_node_stack { ++ const void *ensure_node; ++ struct iseq_compile_data_ensure_node_stack *prev; ++ struct ensure_range *erange; ++}; ++ + /* defined? */ + + enum defined_type { +Index: ruby3.3/prism_compile.c +=================================================================== +--- ruby3.3.orig/prism_compile.c ++++ ruby3.3/prism_compile.c +@@ -3043,13 +3043,13 @@ pm_compile_node(rb_iseq_t *iseq, const p + } + + struct ensure_range er; +- struct iseq_compile_data_ensure_node_stack enl; ++ struct iseq_compile_data_ensure_node_stack *enl = ZALLOC(struct iseq_compile_data_ensure_node_stack); + struct ensure_range *erange; + + er.begin = estart; + er.end = eend; + er.next = 0; +- push_ensure_entry(iseq, &enl, &er, (void *)begin_node->ensure_clause); ++ push_ensure_entry(iseq, enl, &er, (void *)begin_node->ensure_clause); + + pm_scope_node_t next_scope_node; + pm_scope_node_init((pm_node_t *)begin_node->ensure_clause, &next_scope_node, scope_node, parser); diff -pruN 3.3.8-2/debian/patches/1002-ppc64le-fix-fiber-corruption.patch 3.3.8-2ubuntu2/debian/patches/1002-ppc64le-fix-fiber-corruption.patch --- 3.3.8-2/debian/patches/1002-ppc64le-fix-fiber-corruption.patch 1970-01-01 00:00:00.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/patches/1002-ppc64le-fix-fiber-corruption.patch 2025-06-09 12:21:03.000000000 +0000 @@ -0,0 +1,59 @@ +Description: coroutine/ppc64le: fix conditional registers got clobbered + Now we also save the special cr registers during the fiber switching +Author: Zixing Liu +Forwarded: https://github.com/ruby/ruby/pull/12535 +Last-Update: 2025-01-08 +--- +diff --git a/coroutine/ppc64le/Context.S b/coroutine/ppc64le/Context.S +index 61be9efcf..ecb86c7d7 100644 +--- a/coroutine/ppc64le/Context.S ++++ b/coroutine/ppc64le/Context.S +@@ -8,7 +8,7 @@ + .type PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer), @function + PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): + # Make space on the stack for caller registers +- addi 1,1,-152 ++ addi 1,1,-160 + + # Save caller registers + std 14,0(1) +@@ -34,6 +34,10 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): + mflr 0 + std 0,144(1) + ++ # Save caller special register ++ mfcr 0 ++ std 0, 152(1) ++ + # Save stack pointer to first argument + std 1,0(3) + +@@ -64,8 +68,14 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): + ld 0,144(1) + mtlr 0 + ++ # Load special registers ++ ld 0,152(1) ++ # Restore cr register cr2, cr3 and cr4 (field index 3,4,5) ++ # (field index is 1-based, field 1 = cr0) using a mask (32|16|8 = 56) ++ mtcrf 56,0 ++ + # Pop stack frame +- addi 1,1,152 ++ addi 1,1,160 + + # Jump to return address + blr +diff --git a/coroutine/ppc64le/Context.h b/coroutine/ppc64le/Context.h +index fbfaa2ee6..63ea9f19f 100644 +--- a/coroutine/ppc64le/Context.h ++++ b/coroutine/ppc64le/Context.h +@@ -12,7 +12,7 @@ + + enum { + COROUTINE_REGISTERS = +- 19 /* 18 general purpose registers (r14-r31) and 1 return address */ ++ 20 /* 18 general purpose registers (r14-r31), 1 special register (cr) and 1 return address */ + + 4 /* space for fiber_entry() to store the link register */ + }; + diff -pruN 3.3.8-2/debian/patches/CVE-2025-24294.patch 3.3.8-2ubuntu2/debian/patches/CVE-2025-24294.patch --- 3.3.8-2/debian/patches/CVE-2025-24294.patch 1970-01-01 00:00:00.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/patches/CVE-2025-24294.patch 2025-09-10 11:56:24.000000000 +0000 @@ -0,0 +1,57 @@ +From 111a49e77e4b05a21bb37942ea2cfc254daa8d92 Mon Sep 17 00:00:00 2001 +From: Hiroshi SHIBATA +Date: Tue, 8 Jul 2025 16:39:02 +0900 +Subject: [PATCH] Bump up resolv-0.3.1 for Ruby 3.3 + +--- + lib/resolv.rb | 8 ++++++-- + test/resolv/test_dns.rb | 7 +++++++ + 2 files changed, 13 insertions(+), 2 deletions(-) + +--- ruby3.3-3.3.8.orig/lib/resolv.rb ++++ ruby3.3-3.3.8/lib/resolv.rb +@@ -37,7 +37,7 @@ end + + class Resolv + +- VERSION = "0.3.0" ++ VERSION = "0.3.1" + + ## + # Looks up the first IP address for +name+. +@@ -1655,6 +1655,7 @@ class Resolv + prev_index = @index + save_index = nil + d = [] ++ size = -1 + while true + raise DecodeError.new("limit exceeded") if @limit <= @index + case @data.getbyte(@index) +@@ -1675,7 +1676,10 @@ class Resolv + end + @index = idx + else +- d << self.get_label ++ l = self.get_label ++ d << l ++ size += 1 + l.string.bytesize ++ raise DecodeError.new("name label data exceed 255 octets") if size > 255 + end + end + end +--- ruby3.3-3.3.8.orig/test/resolv/test_dns.rb ++++ ruby3.3-3.3.8/test/resolv/test_dns.rb +@@ -589,6 +589,13 @@ class TestResolvDNS < Test::Unit::TestCa + assert_operator(2**14, :<, m.to_s.length) + end + ++ def test_too_long_address ++ too_long_address_message = [0, 0, 1, 0, 0, 0].pack("n*") + "\x01x" * 129 + [0, 0, 0].pack("cnn") ++ assert_raise_with_message(Resolv::DNS::DecodeError, /name label data exceed 255 octets/) do ++ Resolv::DNS::Message.decode too_long_address_message ++ end ++ end ++ + def assert_no_fd_leak + socket = assert_throw(self) do |tag| + Resolv::DNS.stub(:bind_random_port, ->(s, *) {throw(tag, s)}) do diff -pruN 3.3.8-2/debian/patches/series 3.3.8-2ubuntu2/debian/patches/series --- 3.3.8-2/debian/patches/series 2025-04-29 10:58:14.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/patches/series 2025-09-10 11:56:24.000000000 +0000 @@ -15,3 +15,7 @@ test-test_bundled_ca-Skip-test-because-i Fix-test-dlopen-for-.so-filename-with-more-than-one-digit.patch CVE-2025-27221_1.patch CVE-2025-27221_2.patch +1001-fix-ensure-stack-memory-corruption.patch +1002-ppc64le-fix-fiber-corruption.patch +CVE-2025-24294.patch +skip-test_ractor-arm64.patch diff -pruN 3.3.8-2/debian/patches/skip-test_ractor-arm64.patch 3.3.8-2ubuntu2/debian/patches/skip-test_ractor-arm64.patch --- 3.3.8-2/debian/patches/skip-test_ractor-arm64.patch 1970-01-01 00:00:00.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/patches/skip-test_ractor-arm64.patch 2025-09-10 11:56:24.000000000 +0000 @@ -0,0 +1,19 @@ +Author: Nishit Majithia +Description: Skip test_ractor.rb test on arm64 + ruby on arm64 failing the test_ractor test by giving similar error mentioned + in https://bugs.ruby-lang.org/issues/17878 + + This change will skip this test on arm64 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/2122520 + +--- ruby3.3-3.3.8.orig/bootstraptest/test_ractor.rb ++++ ruby3.3-3.3.8/bootstraptest/test_ractor.rb +@@ -283,7 +283,7 @@ assert_equal 30.times.map { 'ok' }.to_s, + 30.times.map{|i| + test i + } +-} unless (ENV.key?('TRAVIS') && ENV['TRAVIS_CPU_ARCH'] == 'arm64') # https://bugs.ruby-lang.org/issues/17878 ++} unless (ENV.key?('TRAVIS') && ENV['TRAVIS_CPU_ARCH'] == 'arm64') || RUBY_PLATFORM =~ /aarch64|arm64|armv8/ # https://bugs.ruby-lang.org/issues/17878 + + # Exception for empty select + assert_match /specify at least one ractor/, %q{ diff -pruN 3.3.8-2/debian/rules 3.3.8-2ubuntu2/debian/rules --- 3.3.8-2/debian/rules 2025-04-29 10:58:14.000000000 +0000 +++ 3.3.8-2ubuntu2/debian/rules 2025-09-10 11:55:03.000000000 +0000 @@ -88,6 +88,11 @@ ifneq (,$(filter $(DEB_HOST_ARCH),sh3 sh export DEB_CFLAGS_MAINT_APPEND += -fno-crossjumping endif +# See: Fix FTBFS on arm64 https://bugzilla.redhat.com/show_bug.cgi?id=2343981 +ifneq (,$(filter $(DEB_HOST_ARCH),arm64)) +export DEB_CFLAGS_MAINT_APPEND += -Wl,-z,gcs-report-dynamic=none +endif + export LANG := C.UTF-8 export LC_ALL := $(LANG)