Fix CVE-2022-24836
This commit is contained in:
wk333
parent
f36f7b78fd
commit
487c9d89d4
23
CVE-2022-24836.patch
Normal file
23
CVE-2022-24836.patch
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
From e444525ef1634b675cd1cf52d39f4320ef0aecfd Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mike Dalessio <mike.dalessio@gmail.com>
|
||||||
|
Date: Sun, 10 Apr 2022 14:42:04 -0400
|
||||||
|
Subject: [PATCH] fix(perf): HTML4::EncodingReader detection
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/nokogiri/html4/document.rb | 2 +-
|
||||||
|
test/html4/test_document_encoding.rb | 12 ++++++++++++
|
||||||
|
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/lib/nokogiri/html4/document.rb b/lib/nokogiri/html4/document.rb
|
||||||
|
index 177efc04f..fbc22d207 100644
|
||||||
|
--- a/lib/nokogiri/html4/document.rb
|
||||||
|
+++ b/lib/nokogiri/html4/document.rb
|
||||||
|
@@ -268,7 +268,7 @@ def start_element(name, attrs = [])
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.detect_encoding(chunk)
|
||||||
|
- (m = chunk.match(/\A(<\?xml[ \t\r\n]+[^>]*>)/)) &&
|
||||||
|
+ (m = chunk.match(/\A(<\?xml[ \t\r\n][^>]*>)/)) &&
|
||||||
|
(return Nokogiri.XML(m[1]).encoding)
|
||||||
|
|
||||||
|
if Nokogiri.jruby?
|
||||||
@ -7,7 +7,7 @@
|
|||||||
Summary: An HTML, XML, SAX, and Reader parser
|
Summary: An HTML, XML, SAX, and Reader parser
|
||||||
Name: rubygem-%{gem_name}
|
Name: rubygem-%{gem_name}
|
||||||
Version: %{mainver}
|
Version: %{mainver}
|
||||||
Release: 1
|
Release: 2
|
||||||
License: MIT and ASL 2.0
|
License: MIT and ASL 2.0
|
||||||
URL: https://nokogiri.org
|
URL: https://nokogiri.org
|
||||||
Source0: https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem
|
Source0: https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem
|
||||||
@ -15,6 +15,8 @@ Source1: rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
|
|||||||
Source2: rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
|
Source2: rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
|
||||||
# Shut down libxml2 version unmatching warning
|
# Shut down libxml2 version unmatching warning
|
||||||
Patch0: %{name}-1.11.0.rc4-shutdown-libxml2-warning.patch
|
Patch0: %{name}-1.11.0.rc4-shutdown-libxml2-warning.patch
|
||||||
|
# https://github.com/sparklemotion/nokogiri/commit/e444525
|
||||||
|
Patch1: CVE-2022-24836.patch
|
||||||
BuildRequires: ruby(release) ruby(rubygems) rubygem(minitest) rubygems-devel
|
BuildRequires: ruby(release) ruby(rubygems) rubygem(minitest) rubygems-devel
|
||||||
Obsoletes: ruby-%{gem_name} <= 1.5.2-2
|
Obsoletes: ruby-%{gem_name} <= 1.5.2-2
|
||||||
BuildRequires: gcc libxml2-devel libxslt-devel ruby-devel glibc-all-langpacks rubygem(racc)
|
BuildRequires: gcc libxml2-devel libxslt-devel ruby-devel glibc-all-langpacks rubygem(racc)
|
||||||
@ -52,6 +54,7 @@ This package provides non-Gem support for %{gem_name}.
|
|||||||
%setup -q -n %{gem_name}-%{version} -a 1
|
%setup -q -n %{gem_name}-%{version} -a 1
|
||||||
mv ../%{gem_name}-%{version}.gemspec .
|
mv ../%{gem_name}-%{version}.gemspec .
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
sed -i \
|
sed -i \
|
||||||
-e 's|, "ports/archives/[^"][^"]*"||g' \
|
-e 's|, "ports/archives/[^"][^"]*"||g' \
|
||||||
-e 's|, "ports/patches/[^"][^"]*"||g' \
|
-e 's|, "ports/patches/[^"][^"]*"||g' \
|
||||||
@ -163,6 +166,9 @@ popd
|
|||||||
%{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/
|
%{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Apr 24 2022 wangkai <wangkai385@h-partners.com> - 1.13.1-2
|
||||||
|
- Fix CVE-2022-24836
|
||||||
|
|
||||||
* Tue Mar 29 2022 liyanan <liyanan32@huawei.com> - 1.13.1-1
|
* Tue Mar 29 2022 liyanan <liyanan32@huawei.com> - 1.13.1-1
|
||||||
- update to 1.13.1
|
- update to 1.13.1
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user