fix CVE-2024-49761

2024-10-29 19:25:06 +08:00 · 2024-10-29 19:25:06 +08:00 · 1c2d20f9fb
commit 1c2d20f9fb
parent 2c685aa253
2 changed files with 43 additions and 1 deletions
--- a/backport-CVE-2024-49761.patch
+++ b/backport-CVE-2024-49761.patch
@ -0,0 +1,38 @@
+From ce59f2eb1aeb371fe1643414f06618dbe031979f Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 24 Oct 2024 14:45:31 +0900
+Subject: [PATCH] parser: fix a bug that &#0x...; is accepted as a character
+ reference
+
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 7bd8adf..b4547ba 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -150,7 +150,7 @@ module REXML
+         PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
+         ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
+         CARRIAGE_RETURN_NEWLINE_PATTERN = /\r\n?/
+-        CHARACTER_REFERENCES = /&#0*((?:\d+)|(?:x[a-fA-F0-9]+));/
+        CHARACTER_REFERENCES = /&#((?:\d+)|(?:x[a-fA-F0-9]+));/
+         DEFAULT_ENTITIES_PATTERNS = {}
+         default_entities = ['gt', 'lt', 'quot', 'apos', 'amp']
+         default_entities.each do |term|
+@@ -570,8 +570,12 @@ module REXML
+         return rv if matches.size == 0
+         rv.gsub!( Private::CHARACTER_REFERENCES ) {
+           m=$1
+-          m = "0#{m}" if m[0] == ?x
+-          [Integer(m)].pack('U*')
+          if m.start_with?("x")
+            code_point = Integer(m[1..-1], 16)
+          else
+            code_point = Integer(m, 10)
+          end
+          [code_point].pack('U*')
+         }
+         matches.collect!{|x|x[0]}.compact!
+         if filter
+-- 
+2.27.0
+
--- a/ruby.spec
+++ b/ruby.spec
@ -33,7 +33,7 @@

 Name:      ruby
 Version:   %{ruby_version}
-Release:   146
+Release:   147
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/en/
@ -102,6 +102,7 @@ Patch6025: backport-CVE-2024-41946.patch
 Patch6026: backport-CVE-2024-39908-CVE-2024-41123-upgrade-lib-rexml-to-3.3.3.patch
 Patch6027: backport-CVE-2024-43398-upgrade-lib-rexml-to-3.3.6.patch
 Patch6028: backport-CVE-2024-47220.patch
+Patch6029: backport-CVE-2024-49761.patch

 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@ -887,6 +888,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %{gem_dir}/specifications/matrix-%{matrix_version}.gemspec

 %changelog
+* Tue Oct 29 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-147
+- fix CVE-2024-49761
+
 * Tue Oct 08 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-146
 - fix CVE-2024-47220