(PA-6386) Patch/Upgrade Ruby for CVE-2024-27282

 - Patches the ruby 'Use-After-Free' issue for regexp for 7.x (ruby 2.7.8).
 - Upstream fix commit: ruby/ruby@90b194b
 - Bump projects using ruby 3.2.3 to ruby 3.2.4 since 3.2.4 has addressed the CVE.
 - Remove windows patches not needed in upgraded ruby version.

Author: shubhamshinde360

configs/components/ruby-2.7.8.rb

@@ -38,6 +38,7 @@
   base = 'resources/patches/ruby_27'
   # Patch for https://bugs.ruby-lang.org/issues/14972
   pkg.apply_patch "#{base}/net_http_eof_14972_r2.5.patch"
+  pkg.apply_patch "#{base}/regexp_use_after_free.patch"
 
   pkg.apply_patch "#{base}/uri-redos-cve-2023-36617.patch"
 

configs/components/ruby-3.2.3.rb renamed to configs/components/ruby-3.2.4.rb

@@ -1,7 +1,7 @@
 # The file name of the ruby component must match the ruby_version
-component 'ruby-3.2.3' do |pkg, settings, platform|
-  pkg.version '3.2.3'
-  pkg.sha256sum 'af7f1757d9ddb630345988139211f1fd570ff5ba830def1cc7c468ae9b65c9ba'
+component 'ruby-3.2.4' do |pkg, settings, platform|
+  pkg.version '3.2.4'
+  pkg.sha256sum 'c72b3c5c30482dca18b0f868c9075f3f47d8168eaf626d4e682ce5b59c858692'
 
   # rbconfig-update is used to munge rbconfigs after the fact.
   pkg.add_source("file://resources/files/ruby/rbconfig-update.rb")
@@ -50,8 +50,6 @@
     pkg.apply_patch "#{base}/windows_mingw32_mkmf.patch"
     pkg.apply_patch "#{base}/windows_nocodepage_utf8_fallback_r2.5.patch"
     pkg.apply_patch "#{base}/ruby-faster-load_32.patch"
-    pkg.apply_patch "#{base}/revert_speed_up_rebuilding_loaded_feature_index.patch"
-    pkg.apply_patch "#{base}/revert-ruby-double-load-symlink.patch"
     pkg.apply_patch "#{base}/revert_ruby_utf8_default_encoding.patch"
   end
 

configs/projects/agent-runtime-main.rb

@@ -1,7 +1,7 @@
 project 'agent-runtime-main' do |proj|
 
   # Set preferred component versions if they differ from defaults:
-  proj.setting :ruby_version, '3.2.3'
+  proj.setting :ruby_version, '3.2.4'
   proj.setting :rubygem_deep_merge_version, '1.2.2'
   proj.setting :rubygem_highline_version, '3.0.1'
   proj.setting :rubygem_hocon_version, '1.4.0'

configs/projects/pdk-runtime.rb

@@ -48,7 +48,7 @@
   proj.setting(:includedir, File.join(proj.prefix, 'include'))
   proj.setting(:bindir, File.join(proj.prefix, 'bin'))
 
-  proj.setting(:ruby_version, '3.2.3')
+  proj.setting(:ruby_version, '3.2.4')
   proj.setting(:ruby_major_version, 3)
   proj.setting(:ruby_api, '3.2.0')
 

configs/projects/pe-bolt-server-runtime-main.rb

@@ -6,7 +6,7 @@
   # Once we are no longer using ruby 2.5 we can update.
   proj.setting(:no_doc, true)
 
-  proj.setting(:ruby_version, '3.2.3')
+  proj.setting(:ruby_version, '3.2.4')
   proj.setting(:openssl_version, '3.0')
 
   # We enable legacy algorithms for winrm transport. Currently the winrm transport

configs/projects/pe-installer-runtime-main.rb

@@ -1,5 +1,5 @@
 project 'pe-installer-runtime-main' do |proj|
-  proj.setting(:ruby_version, '3.2.3')
+  proj.setting(:ruby_version, '3.2.4')
   proj.setting(:openssl_version, '3.0')
   # NLTM uses MD4 unconditionally in its protocol, so legacy algos must be
   # enabled in OpenSSL >= 3.0 for Bolt's WinRM transport to work.

resources/patches/ruby_27/regexp_use_after_free.patch

@@ -0,0 +1,13 @@
+diff --git a/regexec.c b/regexec.c
+index 73694ab14a..140691ad42 100644
+--- a/regexec.c
++++ b/regexec.c
+@@ -3449,8 +3449,8 @@ match_at(regex_t* reg, const UChar* str, const UChar* end,
+     CASE(OP_MEMORY_END_PUSH_REC)  MOP_IN(OP_MEMORY_END_PUSH_REC);
+       GET_MEMNUM_INC(mem, p);
+       STACK_GET_MEM_START(mem, stkp); /* should be before push mem-end. */
+-      STACK_PUSH_MEM_END(mem, s);
+       mem_start_stk[mem] = GET_STACK_INDEX(stkp);
++      STACK_PUSH_MEM_END(mem, s);
+       MOP_OUT;
+       JUMP;