From 996d32208f28dc229d16945a06853f4215ef1310 Mon Sep 17 00:00:00 2001
From: shixuantong <shixuantong1@huawei.com>
Date: Tue, 26 Mar 2024 20:31:09 +0800
Subject: [PATCH] fix CVE-2024-27281

(cherry picked from commit eb656d013deaacd4c82039cf718fc5e4828118e5)
---
 backport-CVE-2024-27281.patch | 91 +++++++++++++++++++++++++++++++++++
 ruby.spec                     |  6 ++-
 2 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-27281.patch

diff --git a/backport-CVE-2024-27281.patch b/backport-CVE-2024-27281.patch
new file mode 100644
index 0000000..f9115e8
--- /dev/null
+++ b/backport-CVE-2024-27281.patch
@@ -0,0 +1,91 @@
+From d5dbada8a2127d9b6b670dd891eabbb63c48268f Mon Sep 17 00:00:00 2001
+From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
+Date: Thu, 21 Mar 2024 15:39:09 +0900
+Subject: [PATCH] Merge RDoc-6.5.1.1
+
+---
+ lib/rdoc/store.rb   | 45 ++++++++++++++++++++++++++-------------------
+ 1 files changed, 26 insertions(+), 19 deletions(-)
+
+diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb
+index 9fc540d3172bd2..c793e49ed845ed 100644
+--- a/lib/rdoc/store.rb
++++ b/lib/rdoc/store.rb
+@@ -556,9 +556,7 @@ def load_all
+   def load_cache
+     #orig_enc = @encoding
+ 
+-    File.open cache_path, 'rb' do |io|
+-      @cache = Marshal.load io
+-    end
++    @cache = marshal_load(cache_path)
+ 
+     load_enc = @cache[:encoding]
+ 
+@@ -615,9 +613,7 @@ def load_class klass_name
+   def load_class_data klass_name
+     file = class_file klass_name
+ 
+-    File.open file, 'rb' do |io|
+-      Marshal.load io
+-    end
++    marshal_load(file)
+   rescue Errno::ENOENT => e
+     error = MissingFileError.new(self, file, klass_name)
+     error.set_backtrace e.backtrace
+@@ -630,14 +626,10 @@ def load_class_data klass_name
+   def load_method klass_name, method_name
+     file = method_file klass_name, method_name
+ 
+-    File.open file, 'rb' do |io|
+-      obj = Marshal.load io
+-      obj.store = self
+-      obj.parent =
+-        find_class_or_module(klass_name) || load_class(klass_name) unless
+-          obj.parent
+-      obj
+-    end
++    obj = marshal_load(file)
++    obj.store = self
++    obj.parent ||= find_class_or_module(klass_name) || load_class(klass_name)
++    obj
+   rescue Errno::ENOENT => e
+     error = MissingFileError.new(self, file, klass_name + method_name)
+     error.set_backtrace e.backtrace
+@@ -650,11 +642,9 @@ def load_method klass_name, method_name
+   def load_page page_name
+     file = page_file page_name
+ 
+-    File.open file, 'rb' do |io|
+-      obj = Marshal.load io
+-      obj.store = self
+-      obj
+-    end
++    obj = marshal_load(file)
++    obj.store = self
++    obj
+   rescue Errno::ENOENT => e
+     error = MissingFileError.new(self, file, page_name)
+     error.set_backtrace e.backtrace
+@@ -976,4 +966,21 @@ def unique_modules
+     @unique_modules
+   end
+ 
++  private
++  def marshal_load(file)
++    File.open(file, 'rb') {|io| Marshal.load(io, MarshalFilter)}
++  end
++
++  MarshalFilter = proc do |obj|
++    case obj
++    when true, false, nil, Array, Class, Encoding, Hash, Integer, String, Symbol, RDoc::Text
++    else
++      unless obj.class.name.start_with?("RDoc::")
++        raise TypeError, "not permitted class: #{obj.class.name}"
++      end
++    end
++    obj
++  end
++  private_constant :MarshalFilter
++
+ end
diff --git a/ruby.spec b/ruby.spec
index 8928f58..d7419df 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -33,7 +33,7 @@
 
 Name:      ruby
 Version:   %{ruby_version}
-Release:   138
+Release:   139
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/en/
@@ -89,6 +89,7 @@ Patch6005: backport-CVE-2019-16161.patch
 Patch6006: backport-CVE-2019-16162.patch
 Patch6007: backport-CVE-2019-16163.patch
 Patch6015: backport-CVE-2023-36617.patch
+Patch6016: backport-CVE-2024-27281.patch
 
 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@@ -874,6 +875,9 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %{gem_dir}/specifications/matrix-%{matrix_version}.gemspec
 
 %changelog
+* Tue Mar 26 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-139
+- fix CVE-2024-27281
+
 * Mon Sep 11 2023 shixuantong <shixuantong1@huawei.com> - 3.2.2-138
 - remove old so file