Fix CVE-2022-24836
This commit is contained in:
wk333
parent
f36f7b78fd
commit
487c9d89d4
23
CVE-2022-24836.patch
Normal file
23
CVE-2022-24836.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From e444525ef1634b675cd1cf52d39f4320ef0aecfd Mon Sep 17 00:00:00 2001
|
||||
From: Mike Dalessio <mike.dalessio@gmail.com>
|
||||
Date: Sun, 10 Apr 2022 14:42:04 -0400
|
||||
Subject: [PATCH] fix(perf): HTML4::EncodingReader detection
|
||||
|
||||
---
|
||||
lib/nokogiri/html4/document.rb | 2 +-
|
||||
test/html4/test_document_encoding.rb | 12 ++++++++++++
|
||||
2 files changed, 13 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/nokogiri/html4/document.rb b/lib/nokogiri/html4/document.rb
|
||||
index 177efc04f..fbc22d207 100644
|
||||
--- a/lib/nokogiri/html4/document.rb
|
||||
+++ b/lib/nokogiri/html4/document.rb
|
||||
@@ -268,7 +268,7 @@ def start_element(name, attrs = [])
|
||||
end
|
||||
|
||||
def self.detect_encoding(chunk)
|
||||
- (m = chunk.match(/\A(<\?xml[ \t\r\n]+[^>]*>)/)) &&
|
||||
+ (m = chunk.match(/\A(<\?xml[ \t\r\n][^>]*>)/)) &&
|
||||
(return Nokogiri.XML(m[1]).encoding)
|
||||
|
||||
if Nokogiri.jruby?
|
||||
@ -7,7 +7,7 @@
|
||||
Summary: An HTML, XML, SAX, and Reader parser
|
||||
Name: rubygem-%{gem_name}
|
||||
Version: %{mainver}
|
||||
Release: 1
|
||||
Release: 2
|
||||
License: MIT and ASL 2.0
|
||||
URL: https://nokogiri.org
|
||||
Source0: https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem
|
||||
@ -15,6 +15,8 @@ Source1: rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
|
||||
Source2: rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
|
||||
# Shut down libxml2 version unmatching warning
|
||||
Patch0: %{name}-1.11.0.rc4-shutdown-libxml2-warning.patch
|
||||
# https://github.com/sparklemotion/nokogiri/commit/e444525
|
||||
Patch1: CVE-2022-24836.patch
|
||||
BuildRequires: ruby(release) ruby(rubygems) rubygem(minitest) rubygems-devel
|
||||
Obsoletes: ruby-%{gem_name} <= 1.5.2-2
|
||||
BuildRequires: gcc libxml2-devel libxslt-devel ruby-devel glibc-all-langpacks rubygem(racc)
|
||||
@ -52,6 +54,7 @@ This package provides non-Gem support for %{gem_name}.
|
||||
%setup -q -n %{gem_name}-%{version} -a 1
|
||||
mv ../%{gem_name}-%{version}.gemspec .
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
sed -i \
|
||||
-e 's|, "ports/archives/[^"][^"]*"||g' \
|
||||
-e 's|, "ports/patches/[^"][^"]*"||g' \
|
||||
@ -163,6 +166,9 @@ popd
|
||||
%{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/
|
||||
|
||||
%changelog
|
||||
* Sun Apr 24 2022 wangkai <wangkai385@h-partners.com> - 1.13.1-2
|
||||
- Fix CVE-2022-24836
|
||||
|
||||
* Tue Mar 29 2022 liyanan <liyanan32@huawei.com> - 1.13.1-1
|
||||
- update to 1.13.1
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user