From b692c24fcbc1d129c1ffcbcae66a283e63ba2b93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A1bor=20Cs=C3=A1rdi?= Date: Tue, 17 Dec 2024 23:03:34 +0100 Subject: [PATCH] Patch RDS CVE Closes #21. --- dockerfiles/bionic/R-3.6.0.patch | 73 +++++++++++++++++++++++---- dockerfiles/bionic/R-3.6.1.patch | 73 +++++++++++++++++++++++---- dockerfiles/bionic/R-3.6.2.patch | 63 +++++++++++++++++++++-- dockerfiles/bionic/R-3.6.3.patch | 61 +++++++++++++++++++++-- dockerfiles/bionic/R-4.0.0.patch | 70 ++++++++++++++++++++++++-- dockerfiles/bionic/R-4.0.1.patch | 70 ++++++++++++++++++++++++-- dockerfiles/bionic/R-4.0.2.patch | 70 ++++++++++++++++++++++++-- dockerfiles/bionic/R-4.0.3.patch | 70 ++++++++++++++++++++++++-- dockerfiles/bionic/R-4.0.4.patch | 70 ++++++++++++++++++++++++-- dockerfiles/bionic/R-4.0.5.patch | 70 ++++++++++++++++++++++++-- dockerfiles/bionic/R-4.1.0.patch | 68 ++++++++++++++++++++++++- dockerfiles/bionic/R-4.1.1.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.1.2.patch | 68 ++++++++++++++++++++++++- dockerfiles/bionic/R-4.1.3.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.2.0.patch | 68 ++++++++++++++++++++++++- dockerfiles/bionic/R-4.2.1.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.2.2.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.2.3.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.3.0.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.3.1.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.3.2.patch | 69 +++++++++++++++++++++++++- dockerfiles/bionic/R-4.3.3.patch | 69 +++++++++++++++++++++++++- test/test-cve-2024-27322.R | 85 ++++++++++++++++++++++++++++++++ test/test.bats | 7 ++- 24 files changed, 1539 insertions(+), 68 deletions(-) create mode 100644 test/test-cve-2024-27322.R diff --git a/dockerfiles/bionic/R-3.6.0.patch b/dockerfiles/bionic/R-3.6.0.patch index 76ff3f2..f738889 100644 --- a/dockerfiles/bionic/R-3.6.0.patch +++ b/dockerfiles/bionic/R-3.6.0.patch @@ -1,8 +1,8 @@ diff --git a/configure b/configure -index 976de50..bd8a807 100755 +index fad6463..fd8d79c 100755 --- a/configure +++ b/configure -@@ -39822,7 +39822,7 @@ if ${r_cv_icu+:} false; then : +@@ -39561,7 +39561,7 @@ if ${r_cv_icu+:} false; then : $as_echo_n "(cached) " >&6 else r_save_LIBS="${LIBS}" @@ -11,16 +11,16 @@ index 976de50..bd8a807 100755 if test "$cross_compiling" = yes; then : r_cv_icu=no else -@@ -39869,7 +39869,7 @@ if test "x${r_cv_icu}" = xyes; then - +@@ -39608,7 +39608,7 @@ if test "x${r_cv_icu}" = xyes; then + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else use_ICU=no fi -@@ -40952,10 +40952,10 @@ $as_echo "$r_cv_has_pangocairo" >&6; } +@@ -40691,10 +40691,10 @@ $as_echo "$r_cv_has_pangocairo" >&6; } else xmodlist="${modlist}" fi @@ -32,10 +32,10 @@ index 976de50..bd8a807 100755 + CAIROX11_CPPFLAGS=`"${PKG_CONFIG}" --cflags --static ${xmodlist}` + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" -@@ -42905,7 +42905,7 @@ int main() +@@ -42644,7 +42644,7 @@ int main() { #ifdef LIBCURL_VERSION_MAJOR #if LIBCURL_VERSION_MAJOR > 7 @@ -44,7 +44,7 @@ index 976de50..bd8a807 100755 #elif LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 22 exit(0); #else -@@ -43266,6 +43266,7 @@ done +@@ -43005,6 +43005,7 @@ done CPPFLAGS=${save_CPPFLAGS} if test "x${ac_cv_header_tiffio_h}" = xyes ; then TIF_LIBS=`"${PKG_CONFIG}" --libs ${mod}` @@ -52,3 +52,58 @@ index 976de50..bd8a807 100755 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TIFFOpen in -ltiff" >&5 $as_echo_n "checking for TIFFOpen in -ltiff... " >&6; } if ${ac_cv_lib_tiff_TIFFOpen+:} false; then : +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 7fcf232..b3a08bc 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 3.6.0}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{SIGNIFICANT USER-VISIBLE CHANGES}{ + \itemize{ +diff --git a/src/main/serialize.c b/src/main/serialize.c +index 323924c..14ba584 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2549,6 +2549,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2598,7 +2605,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3203,8 +3210,8 @@ SEXP attribute_hidden + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); diff --git a/dockerfiles/bionic/R-3.6.1.patch b/dockerfiles/bionic/R-3.6.1.patch index 76ff3f2..46e51db 100644 --- a/dockerfiles/bionic/R-3.6.1.patch +++ b/dockerfiles/bionic/R-3.6.1.patch @@ -1,8 +1,8 @@ diff --git a/configure b/configure -index 976de50..bd8a807 100755 +index 12569ac..e90ee1e 100755 --- a/configure +++ b/configure -@@ -39822,7 +39822,7 @@ if ${r_cv_icu+:} false; then : +@@ -39596,7 +39596,7 @@ if ${r_cv_icu+:} false; then : $as_echo_n "(cached) " >&6 else r_save_LIBS="${LIBS}" @@ -11,16 +11,16 @@ index 976de50..bd8a807 100755 if test "$cross_compiling" = yes; then : r_cv_icu=no else -@@ -39869,7 +39869,7 @@ if test "x${r_cv_icu}" = xyes; then - +@@ -39643,7 +39643,7 @@ if test "x${r_cv_icu}" = xyes; then + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else use_ICU=no fi -@@ -40952,10 +40952,10 @@ $as_echo "$r_cv_has_pangocairo" >&6; } +@@ -40726,10 +40726,10 @@ $as_echo "$r_cv_has_pangocairo" >&6; } else xmodlist="${modlist}" fi @@ -32,10 +32,10 @@ index 976de50..bd8a807 100755 + CAIROX11_CPPFLAGS=`"${PKG_CONFIG}" --cflags --static ${xmodlist}` + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" -@@ -42905,7 +42905,7 @@ int main() +@@ -42679,7 +42679,7 @@ int main() { #ifdef LIBCURL_VERSION_MAJOR #if LIBCURL_VERSION_MAJOR > 7 @@ -44,7 +44,7 @@ index 976de50..bd8a807 100755 #elif LIBCURL_VERSION_MAJOR == 7 && LIBCURL_VERSION_MINOR >= 22 exit(0); #else -@@ -43266,6 +43266,7 @@ done +@@ -43040,6 +43040,7 @@ done CPPFLAGS=${save_CPPFLAGS} if test "x${ac_cv_header_tiffio_h}" = xyes ; then TIF_LIBS=`"${PKG_CONFIG}" --libs ${mod}` @@ -52,3 +52,58 @@ index 976de50..bd8a807 100755 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TIFFOpen in -ltiff" >&5 $as_echo_n "checking for TIFFOpen in -ltiff... " >&6; } if ${ac_cv_lib_tiff_TIFFOpen+:} false; then : +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index fd2d6d2..606bd78 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 3.6.1}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{INSTALLATION on a UNIX-ALIKE}{ + \itemize{ +diff --git a/src/main/serialize.c b/src/main/serialize.c +index 323924c..14ba584 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2549,6 +2549,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2598,7 +2605,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3203,8 +3210,8 @@ SEXP attribute_hidden + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); diff --git a/dockerfiles/bionic/R-3.6.2.patch b/dockerfiles/bionic/R-3.6.2.patch index 76ff3f2..91b0103 100644 --- a/dockerfiles/bionic/R-3.6.2.patch +++ b/dockerfiles/bionic/R-3.6.2.patch @@ -1,5 +1,5 @@ diff --git a/configure b/configure -index 976de50..bd8a807 100755 +index 5d65131..a67df15 100755 --- a/configure +++ b/configure @@ -39822,7 +39822,7 @@ if ${r_cv_icu+:} false; then : @@ -12,9 +12,9 @@ index 976de50..bd8a807 100755 r_cv_icu=no else @@ -39869,7 +39869,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -32,7 +32,7 @@ index 976de50..bd8a807 100755 + CAIROX11_CPPFLAGS=`"${PKG_CONFIG}" --cflags --static ${xmodlist}` + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -42905,7 +42905,7 @@ int main() @@ -52,3 +52,58 @@ index 976de50..bd8a807 100755 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TIFFOpen in -ltiff" >&5 $as_echo_n "checking for TIFFOpen in -ltiff... " >&6; } if ${ac_cv_lib_tiff_TIFFOpen+:} false; then : +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index af8633d..8f7b293 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 3.6.2}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{NEW FEATURES}{ + \itemize{ +diff --git a/src/main/serialize.c b/src/main/serialize.c +index 323924c..14ba584 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2549,6 +2549,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2598,7 +2605,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3203,8 +3210,8 @@ SEXP attribute_hidden + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); diff --git a/dockerfiles/bionic/R-3.6.3.patch b/dockerfiles/bionic/R-3.6.3.patch index 76ff3f2..e5c3a7b 100644 --- a/dockerfiles/bionic/R-3.6.3.patch +++ b/dockerfiles/bionic/R-3.6.3.patch @@ -12,9 +12,9 @@ index 976de50..bd8a807 100755 r_cv_icu=no else @@ -39869,7 +39869,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -32,7 +32,7 @@ index 976de50..bd8a807 100755 + CAIROX11_CPPFLAGS=`"${PKG_CONFIG}" --cflags --static ${xmodlist}` + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -42905,7 +42905,7 @@ int main() @@ -52,3 +52,58 @@ index 976de50..bd8a807 100755 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TIFFOpen in -ltiff" >&5 $as_echo_n "checking for TIFFOpen in -ltiff... " >&6; } if ${ac_cv_lib_tiff_TIFFOpen+:} false; then : +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index bc90d9f..8d93813 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 3.6.3}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{NEW FEATURES}{ + \itemize{ +diff --git a/src/main/serialize.c b/src/main/serialize.c +index ce01db3..c47df7f 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2549,6 +2549,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2598,7 +2605,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3203,8 +3210,8 @@ SEXP attribute_hidden + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); diff --git a/dockerfiles/bionic/R-4.0.0.patch b/dockerfiles/bionic/R-4.0.0.patch index 5080570..2c94f89 100644 --- a/dockerfiles/bionic/R-4.0.0.patch +++ b/dockerfiles/bionic/R-4.0.0.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 094396b..75fae89 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN 4.0.0}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{SIGNIFICANT USER-VISIBLE CHANGES}{ + \itemize{ diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -33,7 +97,7 @@ index eec8a95..a6e767e 100755 + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIRO_LIBS="${CAIRO_LIBS} -lpixman-1 -lfontconfig -lfreetype -lpcre -lpng -lexpat -lthai -lz -lm -lpthread" + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -46052,7 +46052,7 @@ int main() diff --git a/dockerfiles/bionic/R-4.0.1.patch b/dockerfiles/bionic/R-4.0.1.patch index 5080570..71e2081 100644 --- a/dockerfiles/bionic/R-4.0.1.patch +++ b/dockerfiles/bionic/R-4.0.1.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 9417774..5a7fa23 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.0.1}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{NEW FEATURES}{ + \itemize{ diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -33,7 +97,7 @@ index eec8a95..a6e767e 100755 + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIRO_LIBS="${CAIRO_LIBS} -lpixman-1 -lfontconfig -lfreetype -lpcre -lpng -lexpat -lthai -lz -lm -lpthread" + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -46052,7 +46052,7 @@ int main() diff --git a/dockerfiles/bionic/R-4.0.2.patch b/dockerfiles/bionic/R-4.0.2.patch index 5080570..8157daf 100644 --- a/dockerfiles/bionic/R-4.0.2.patch +++ b/dockerfiles/bionic/R-4.0.2.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 4c45f26..69285cd 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.0.2}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{UTILITIES}{ + \itemize{ diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -33,7 +97,7 @@ index eec8a95..a6e767e 100755 + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIRO_LIBS="${CAIRO_LIBS} -lpixman-1 -lfontconfig -lfreetype -lpcre -lpng -lexpat -lthai -lz -lm -lpthread" + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -46052,7 +46052,7 @@ int main() diff --git a/dockerfiles/bionic/R-4.0.3.patch b/dockerfiles/bionic/R-4.0.3.patch index 5080570..405579d 100644 --- a/dockerfiles/bionic/R-4.0.3.patch +++ b/dockerfiles/bionic/R-4.0.3.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 916961a..521a1fd 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.0.3}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{NEW FEATURES}{ + \itemize{ diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -33,7 +97,7 @@ index eec8a95..a6e767e 100755 + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIRO_LIBS="${CAIRO_LIBS} -lpixman-1 -lfontconfig -lfreetype -lpcre -lpng -lexpat -lthai -lz -lm -lpthread" + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -46052,7 +46052,7 @@ int main() diff --git a/dockerfiles/bionic/R-4.0.4.patch b/dockerfiles/bionic/R-4.0.4.patch index 5e04dcc..b623022 100644 --- a/dockerfiles/bionic/R-4.0.4.patch +++ b/dockerfiles/bionic/R-4.0.4.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index ec44c62..510dadc 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.0.4}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + + \subsection{NEW FEATURES}{ + \itemize{ diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -33,7 +97,7 @@ index eec8a95..a6e767e 100755 + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIRO_LIBS="${CAIRO_LIBS} -lpixman-1 -lfontconfig -lfreetype -lpcre -lpng -lexpat -lthai -lz -lm -lpthread" + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -46052,7 +46052,7 @@ int main() diff --git a/dockerfiles/bionic/R-4.0.5.patch b/dockerfiles/bionic/R-4.0.5.patch index 5e04dcc..c0a0c79 100644 --- a/dockerfiles/bionic/R-4.0.5.patch +++ b/dockerfiles/bionic/R-4.0.5.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 5640a16..5bebf9e 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.0.5}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + \subsection{BUG FIXES}{ + \itemize{ + \item The change to the internal table in \R 4.0.4 for diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else @@ -33,7 +97,7 @@ index eec8a95..a6e767e 100755 + CAIRO_LIBS=`"${PKG_CONFIG}" --libs --static ${modlist}` + CAIRO_LIBS="${CAIRO_LIBS} -lpixman-1 -lfontconfig -lfreetype -lpcre -lpng -lexpat -lthai -lz -lm -lpthread" + CAIROX11_LIBS=`"${PKG_CONFIG}" --libs --static ${xmodlist}` - + CPPFLAGS="${CPPFLAGS} ${CAIRO_CPPFLAGS}" LIBS="${LIBS} ${CAIRO_LIBS}" @@ -46052,7 +46052,7 @@ int main() diff --git a/dockerfiles/bionic/R-4.1.0.patch b/dockerfiles/bionic/R-4.1.0.patch index e46ae45..c32626c 100644 --- a/dockerfiles/bionic/R-4.1.0.patch +++ b/dockerfiles/bionic/R-4.1.0.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 2fcc2e7..f0ed95b 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.1.0}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + \subsection{FUTURE DIRECTIONS}{ + \itemize{ + \item It is planned that the 4.1.x series will be the last to diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +76,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.1.1.patch b/dockerfiles/bionic/R-4.1.1.patch index e46ae45..11ed173 100644 --- a/dockerfiles/bionic/R-4.1.1.patch +++ b/dockerfiles/bionic/R-4.1.1.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 8515986..760dccb 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.1.1}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{NEW FEATURES}{ + \itemize{ + \item \code{require(\var{pkg}, quietly = TRUE)} is quieter and in diff --git a/configure b/configure index eec8a95..a6e767e 100755 --- a/configure @@ -12,9 +77,9 @@ index eec8a95..a6e767e 100755 r_cv_icu=no else @@ -43032,7 +43032,7 @@ if test "x${r_cv_icu}" = xyes; then - + $as_echo "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.1.2.patch b/dockerfiles/bionic/R-4.1.2.patch index 9157085..545e5ce 100644 --- a/dockerfiles/bionic/R-4.1.2.patch +++ b/dockerfiles/bionic/R-4.1.2.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 90c8408..d24571b 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.1.2}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + \subsection{C-LEVEL FACILITIES}{ + \itemize{ + \item The workaround in headers \file{R.h} and \file{Rmath.h} diff --git a/configure b/configure index f30284e..fa508ea 100755 --- a/configure @@ -12,9 +76,9 @@ index f30284e..fa508ea 100755 then : r_cv_icu=no @@ -44495,7 +44495,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.1.3.patch b/dockerfiles/bionic/R-4.1.3.patch index 9157085..69605c3 100644 --- a/dockerfiles/bionic/R-4.1.3.patch +++ b/dockerfiles/bionic/R-4.1.3.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 8b4e587..b4f145e 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.1.3}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{NEW FEATURES}{ + \itemize{ + \item The default version of Bioconductor has been changed to diff --git a/configure b/configure index f30284e..fa508ea 100755 --- a/configure @@ -12,9 +77,9 @@ index f30284e..fa508ea 100755 then : r_cv_icu=no @@ -44495,7 +44495,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.2.0.patch b/dockerfiles/bionic/R-4.2.0.patch index 9157085..14fdca6 100644 --- a/dockerfiles/bionic/R-4.2.0.patch +++ b/dockerfiles/bionic/R-4.2.0.patch @@ -1,3 +1,67 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 62f25ae..82dfac6 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,12 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.2.0}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } + \subsection{SIGNIFICANT USER-VISIBLE CHANGES}{ + \itemize{ + \item The \code{formula} method of \code{aggregate()} now matches diff --git a/configure b/configure index f30284e..fa508ea 100755 --- a/configure @@ -12,9 +76,9 @@ index f30284e..fa508ea 100755 then : r_cv_icu=no @@ -44495,7 +44495,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.2.1.patch b/dockerfiles/bionic/R-4.2.1.patch index 9157085..dbef5e6 100644 --- a/dockerfiles/bionic/R-4.2.1.patch +++ b/dockerfiles/bionic/R-4.2.1.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 630c88f..3504a87 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.2.1}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{NEW FEATURES}{ + \itemize{ + \item New function \code{utils::findCRANmirror()} to find out if a diff --git a/configure b/configure index f30284e..fa508ea 100755 --- a/configure @@ -12,9 +77,9 @@ index f30284e..fa508ea 100755 then : r_cv_icu=no @@ -44495,7 +44495,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.2.2.patch b/dockerfiles/bionic/R-4.2.2.patch index 9157085..ccfc014 100644 --- a/dockerfiles/bionic/R-4.2.2.patch +++ b/dockerfiles/bionic/R-4.2.2.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index b52627e..aee4475 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.2.2}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{NEW FEATURES}{ + \itemize{ + \item \code{tools::Rdiff(useDiff = TRUE)} checks for the presence diff --git a/configure b/configure index f30284e..fa508ea 100755 --- a/configure @@ -12,9 +77,9 @@ index f30284e..fa508ea 100755 then : r_cv_icu=no @@ -44495,7 +44495,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.2.3.patch b/dockerfiles/bionic/R-4.2.3.patch index 9157085..f018985 100644 --- a/dockerfiles/bionic/R-4.2.3.patch +++ b/dockerfiles/bionic/R-4.2.3.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index fe2a646..986e83d 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.2.3}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{C-LEVEL FACILITIES}{ + \itemize{ + \item The definition of \code{DL_FUNC} in \file{R_ext/Rdynload.h} diff --git a/configure b/configure index f30284e..fa508ea 100755 --- a/configure @@ -12,9 +77,9 @@ index f30284e..fa508ea 100755 then : r_cv_icu=no @@ -44495,7 +44495,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.3.0.patch b/dockerfiles/bionic/R-4.3.0.patch index 1cbbf74..eed0c9e 100644 --- a/dockerfiles/bionic/R-4.3.0.patch +++ b/dockerfiles/bionic/R-4.3.0.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 2fd50d5..6b24e71 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.3.0}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{SIGNIFICANT USER-VISIBLE CHANGES}{ + \itemize{ + \item Calling \code{&&} or \code{||} with LHS or (if evaluated) RHS of diff --git a/configure b/configure index ea413eb..334f852 100755 --- a/configure @@ -12,9 +77,9 @@ index ea413eb..334f852 100755 then : r_cv_icu=no @@ -48473,7 +48473,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.3.1.patch b/dockerfiles/bionic/R-4.3.1.patch index 1cbbf74..81ee23e 100644 --- a/dockerfiles/bionic/R-4.3.1.patch +++ b/dockerfiles/bionic/R-4.3.1.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 5ca6489..62db476 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.3.1}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{C-LEVEL FACILITIES}{ + \itemize{ + \item The C-level API version of \R's \code{integrate()}, diff --git a/configure b/configure index ea413eb..334f852 100755 --- a/configure @@ -12,9 +77,9 @@ index ea413eb..334f852 100755 then : r_cv_icu=no @@ -48473,7 +48473,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.3.2.patch b/dockerfiles/bionic/R-4.3.2.patch index 1cbbf74..597a630 100644 --- a/dockerfiles/bionic/R-4.3.2.patch +++ b/dockerfiles/bionic/R-4.3.2.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index dd59f87..f3abe02 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -6,6 +6,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.3.2}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{NEW FEATURES}{ + \itemize{ + \item The default initialization of the \code{"repos"} option diff --git a/configure b/configure index ea413eb..334f852 100755 --- a/configure @@ -12,9 +77,9 @@ index ea413eb..334f852 100755 then : r_cv_icu=no @@ -48473,7 +48473,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/dockerfiles/bionic/R-4.3.3.patch b/dockerfiles/bionic/R-4.3.3.patch index 1cbbf74..0003eac 100644 --- a/dockerfiles/bionic/R-4.3.3.patch +++ b/dockerfiles/bionic/R-4.3.3.patch @@ -1,3 +1,68 @@ +commit c06f7f2518673a75f9b36f2af9caf7b69ab4952e +Author: luke +Date: Sun Mar 31 19:35:58 2024 +0000 + + readRDS() and unserialize() now signal an errorr instead of returning a PROMSXP. + + + git-svn-id: https://svn.r-project.org/R/trunk@86235 00db46b3-68df-0310-9c12-caf00c1e9a41 + +diff --git a/src/main/serialize.c b/src/main/serialize.c +index a389f71311..a190fbf8f3 100644 +--- a/src/main/serialize.c ++++ b/src/main/serialize.c +@@ -2650,6 +2650,13 @@ do_serializeToConn(SEXP call, SEXP op, SEXP args, SEXP env) + return R_NilValue; + } + ++static SEXP checkNotPromise(SEXP val) ++{ ++ if (TYPEOF(val) == PROMSXP) ++ error(_("cannot return a promise (PROMSXP) object")); ++ return val; ++} ++ + /* unserializeFromConn(conn, hook) used from readRDS(). + It became public in R 2.13.0, and that version added support for + connections internally */ +@@ -2699,7 +2706,7 @@ do_unserializeFromConn(SEXP call, SEXP op, SEXP args, SEXP env) + con->close(con); + UNPROTECT(1); + } +- return ans; ++ return checkNotPromise(ans); + } + + /* +@@ -3330,8 +3337,8 @@ attribute_hidden SEXP + do_serialize(SEXP call, SEXP op, SEXP args, SEXP env) + { + checkArity(op, args); +- if (PRIMVAL(op) == 2) return R_unserialize(CAR(args), CADR(args)); +- ++ if (PRIMVAL(op) == 2) //return R_unserialize(CAR(args), CADR(args)); ++ return checkNotPromise(R_unserialize(CAR(args), CADR(args))); + SEXP object, icon, type, ver, fun; + object = CAR(args); args = CDR(args); + icon = CAR(args); args = CDR(args); +diff --git a/doc/NEWS.Rd b/doc/NEWS.Rd +index 25bdb12..7456662 100644 +--- a/doc/NEWS.Rd ++++ b/doc/NEWS.Rd +@@ -7,6 +7,13 @@ + \encoding{UTF-8} + + \section{\Rlogo CHANGES IN R 4.3.3}{ ++ \subsection{CHANGES IN POSIT'S BUILD FROM \url{https://github.com/r-hub/r-glibc}}{ ++ \itemize{ ++ \item readRDS() and unserialize() now signal an error instead of ++ returning a PROMSXP, to fix CVE-2024-27322. ++ } ++ } ++ + \subsection{NEW FEATURES}{ + \itemize{ + \item \code{iconv()} now fixes up variant encoding names such as diff --git a/configure b/configure index ea413eb..334f852 100755 --- a/configure @@ -12,9 +77,9 @@ index ea413eb..334f852 100755 then : r_cv_icu=no @@ -48473,7 +48473,7 @@ if test "x${r_cv_icu}" = xyes; then - + printf "%s\n" "#define USE_ICU 1" >>confdefs.h - + - LIBS="${LIBS} -licuuc -licui18n" + LIBS="${LIBS} -licui18n -licuuc -licudata -lstdc++ -lm -ldl" else diff --git a/test/test-cve-2024-27322.R b/test/test-cve-2024-27322.R new file mode 100644 index 0000000..5d6d330 --- /dev/null +++ b/test/test-cve-2024-27322.R @@ -0,0 +1,85 @@ +R.home() + +prom <- as.raw(c(0x58, 0x0a, 0x00, 0x00, 0x00, 0x03, 0x00, 0x04, 0x03, + 0x01, 0x00, 0x03, 0x05, 0x00, 0x00, 0x00, 0x00, 0x05, 0x55, 0x54, + 0x46, 0x2d, 0x38, 0x00, 0x00, 0x04, 0x05, 0x00, 0x00, 0x00, 0xfd, + 0x00, 0x00, 0x00, 0xfc, 0x00, 0x00, 0x02, 0x06, 0x00, 0x00, 0x04, + 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, + 0x00, 0x06, 0x73, 0x72, 0x63, 0x72, 0x65, 0x66, 0x00, 0x00, 0x00, + 0x13, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x03, 0x0d, 0x00, 0x00, + 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x14, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x14, + 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, + 0x00, 0x09, 0x00, 0x00, 0x00, 0x07, 0x73, 0x72, 0x63, 0x66, 0x69, + 0x6c, 0x65, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xf2, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x05, 0x6c, 0x69, 0x6e, + 0x65, 0x73, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x3f, 0x64, 0x65, 0x6c, 0x61, + 0x79, 0x65, 0x64, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x28, 0x27, + 0x78, 0x27, 0x2c, 0x20, 0x7b, 0x20, 0x63, 0x61, 0x74, 0x28, 0x27, + 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, 0x6e, 0x67, 0x20, 0x61, + 0x72, 0x62, 0x69, 0x74, 0x72, 0x61, 0x72, 0x79, 0x20, 0x63, 0x6f, + 0x64, 0x65, 0x5c, 0x6e, 0x27, 0x29, 0x3b, 0x20, 0x31, 0x32, 0x33, + 0x20, 0x7d, 0x29, 0x0a, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x08, 0x66, 0x69, + 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x00, 0x00, 0x00, 0x10, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0xfe, 0x00, 0x00, 0x00, 0xfe, 0x00, 0x00, 0x04, + 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, + 0x00, 0x05, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x00, 0x00, 0x00, 0x10, + 0x00, 0x00, 0x00, 0x02, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, + 0x0b, 0x73, 0x72, 0x63, 0x66, 0x69, 0x6c, 0x65, 0x63, 0x6f, 0x70, + 0x79, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x07, 0x73, 0x72, + 0x63, 0x66, 0x69, 0x6c, 0x65, 0x00, 0x00, 0x00, 0xfe, 0x00, 0x00, + 0x04, 0x02, 0x00, 0x00, 0x07, 0xff, 0x00, 0x00, 0x00, 0x10, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, + 0x73, 0x72, 0x63, 0x72, 0x65, 0x66, 0x00, 0x00, 0x00, 0xfe, 0x00, + 0x00, 0x03, 0x0d, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x36, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x36, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x04, 0x02, 0x00, + 0x00, 0x03, 0xff, 0x00, 0x00, 0x04, 0xff, 0x00, 0x00, 0x04, 0x02, + 0x00, 0x00, 0x07, 0xff, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, 0x73, 0x72, + 0x63, 0x72, 0x65, 0x66, 0x00, 0x00, 0x00, 0xfe, 0x00, 0x00, 0x03, + 0x0d, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x39, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x3b, 0x00, + 0x00, 0x00, 0x39, 0x00, 0x00, 0x00, 0x3b, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, 0x03, + 0xff, 0x00, 0x00, 0x04, 0xff, 0x00, 0x00, 0x04, 0x02, 0x00, 0x00, + 0x07, 0xff, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, 0x73, 0x72, 0x63, 0x72, + 0x65, 0x66, 0x00, 0x00, 0x00, 0xfe, 0x00, 0x00, 0x04, 0x02, 0x00, + 0x00, 0x03, 0xff, 0x00, 0x00, 0x04, 0xff, 0x00, 0x00, 0x04, 0x02, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, + 0x0b, 0x77, 0x68, 0x6f, 0x6c, 0x65, 0x53, 0x72, 0x63, 0x72, 0x65, + 0x66, 0x00, 0x00, 0x03, 0x0d, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x3d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x3d, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x04, + 0x02, 0x00, 0x00, 0x03, 0xff, 0x00, 0x00, 0x04, 0xff, 0x00, 0x00, + 0x04, 0x02, 0x00, 0x00, 0x07, 0xff, 0x00, 0x00, 0x00, 0x10, 0x00, + 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06, + 0x73, 0x72, 0x63, 0x72, 0x65, 0x66, 0x00, 0x00, 0x00, 0xfe, 0x00, + 0x00, 0x00, 0xfe, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, + 0x00, 0x00, 0x00, 0x01, 0x7b, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x06, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, 0x00, + 0x00, 0x00, 0x03, 0x63, 0x61, 0x74, 0x00, 0x00, 0x00, 0x02, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x09, + 0x00, 0x00, 0x00, 0x19, 0x65, 0x78, 0x65, 0x63, 0x75, 0x74, 0x69, + 0x6e, 0x67, 0x20, 0x61, 0x72, 0x62, 0x69, 0x74, 0x72, 0x61, 0x72, + 0x79, 0x20, 0x63, 0x6f, 0x64, 0x65, 0x0a, 0x00, 0x00, 0x00, 0xfe, + 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, + 0x01, 0x40, 0x5e, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xfe, 0x00, 0x00, 0x00, 0xfe)) + +err <- NULL +tryCatch( + unserialize(prom), error = function(e) err <<- e +) + +if (is.null(err) || !grepl("cannot return a promise", conditionMessage(err))) { + stop("CVE-2024-27322 is not fixed") +} diff --git a/test/test.bats b/test/test.bats index be66e66..27cf863 100644 --- a/test/test.bats +++ b/test/test.bats @@ -47,7 +47,12 @@ [ "$status" -eq 0 ] || echo "$output" && [ "$status" -eq 0 ] } -@test "install package w/ BLAS/LAPACK dependency { +@test "install package w/ BLAS/LAPACK dependency" { run R -q -f test-install-blas.R [ "$status" -eq 0 ] || echo "$output" && [ "$status" -eq 0 ] } + +@test "CVE-2024-27322" { + run R -q -f test-cve-2024-27322.R + [ "$status" -eq 0 ] || echo "$output" && [ "$status" -eq 0 ] +}