!31 Fix CVE-2022-29181

From: @wang--ge Reviewed-by: @small_leek Signed-off-by: @small_leek
2022-07-15 00:23:53 +00:00 · 2022-07-15 00:23:53 +00:00 · fc46ba9466
commit fc46ba9466
parent 4ff79248e9 ec8a0e480a
6 changed files with 6 additions and 42 deletions
--- a/CVE-2022-24836.patch
+++ b/CVE-2022-24836.patch
@ -1,23 +0,0 @@
 From e444525ef1634b675cd1cf52d39f4320ef0aecfd Mon Sep 17 00:00:00 2001
 From: Mike Dalessio <mike.dalessio@gmail.com>
 Date: Sun, 10 Apr 2022 14:42:04 -0400
 Subject: [PATCH] fix(perf): HTML4::EncodingReader detection
 ---
 lib/nokogiri/html4/document.rb       |  2 +-
 test/html4/test_document_encoding.rb | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)
 diff --git a/lib/nokogiri/html4/document.rb b/lib/nokogiri/html4/document.rb
 index 177efc04f..fbc22d207 100644
 --- a/lib/nokogiri/html4/document.rb
 +++ b/lib/nokogiri/html4/document.rb
@@ -268,7 +268,7 @@ def start_element(name, attrs = [])
         end
         def self.detect_encoding(chunk)
 -          (m = chunk.match(/\A(<\?xml[ \t\r\n]+[^>]*>)/)) &&
 +          (m = chunk.match(/\A(<\?xml[ \t\r\n][^>]*>)/)) &&
             (return Nokogiri.XML(m[1]).encoding)
           if Nokogiri.jruby?
--- a/nokogiri-1.13.1.gem
+++ b/nokogiri-1.13.1.gem
--- a/nokogiri-1.13.7.gem
+++ b/nokogiri-1.13.7.gem
--- a/rubygem-nokogiri-1.11.0.rc4-shutdown-libxml2-warning.patch
+++ b/rubygem-nokogiri-1.11.0.rc4-shutdown-libxml2-warning.patch
@ -1,10 +0,0 @@
 --- nokogiri-1.11.0.rc4/lib/nokogiri/version/info.rb.warn	2020-12-31 16:56:11.533949657 +0900
 +++ nokogiri-1.11.0.rc4/lib/nokogiri/version/info.rb	2020-12-31 16:59:38.576697147 +0900
@@ -58,6 +58,7 @@ module Nokogiri
     def warnings
       warnings = []
 +      return warnings
       if libxml2?
         if compiled_libxml_version != loaded_libxml_version
--- a/rubygem-nokogiri-1.13.7-full.tar.gz
+++ b/rubygem-nokogiri-1.13.7-full.tar.gz
--- a/rubygem-nokogiri.spec
+++ b/rubygem-nokogiri.spec
@ -1,4 +1,4 @@
-%global	mainver		1.13.1
+%global	mainver		1.13.7
 %global	mainrel		1
 %global	prerpmver	%(echo "%{?prever}" | sed -e 's|\\.||g')
 %global	gem_name	nokogiri
@ -7,16 +7,12 @@
 Summary:	An HTML, XML, SAX, and Reader parser
 Name:		rubygem-%{gem_name}
 Version:	%{mainver}
-Release:	2
+Release:	1
 License:	MIT and ASL 2.0
 URL:		https://nokogiri.org
 Source0:	https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem
 Source1:        rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
-Source2:        rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
+
 # Shut down libxml2 version unmatching warning
 Patch0:	        %{name}-1.11.0.rc4-shutdown-libxml2-warning.patch
 # https://github.com/sparklemotion/nokogiri/commit/e444525
 Patch1:         CVE-2022-24836.patch
 BuildRequires:  ruby(release) 	ruby(rubygems) 	rubygem(minitest) 	rubygems-devel
 Obsoletes:      ruby-%{gem_name} <= 1.5.2-2
 BuildRequires:  gcc libxml2-devel libxslt-devel ruby-devel glibc-all-langpacks rubygem(racc)
@ -53,8 +49,6 @@ This package provides non-Gem support for %{gem_name}.
 %prep
 %setup -q -n %{gem_name}-%{version} -a 1
 mv ../%{gem_name}-%{version}.gemspec .
 %patch0 -p1
 %patch1 -p1
 sed -i \
 	-e 's|, "ports/archives/[^"][^"]*"||g' \
 	-e 's|, "ports/patches/[^"][^"]*"||g' \
@ -166,6 +160,9 @@ popd
 %{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/
 %changelog
 * Thu Jul 14 2022 Ge Wang <wangge20@h-partners.com> - 1.13.7-1
 - update to 1.13.7
 * Sun Apr 24 2022 wangkai <wangkai385@h-partners.com> - 1.13.1-2
 - Fix CVE-2022-24836