packages/rubygem-rack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2025-25184

Browse Source 
(cherry picked from commit b8f4036191a54e7bfd8db46e35694ba76af8ec2e)
This commit is contained in:
changtao 2025-02-20 00:34:30 +08:00 committed by openeuler-sync-bot
parent 6d6bc5d25a
commit 36fac7f425
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
Fix-CVE-2025-25184.patch Normal file
View File

@ -0,0 +1,34 @@
From 074ae244430cda05c27ca91cda699709cfb3ad8e Mon Sep 17 00:00:00 2001
From: Jeremy Evans <code@jeremyevans.net>
Date: Tue, 11 Feb 2025 19:10:05 -0800
Subject: [PATCH] Escape non-printable characters when logging.
---
lib/rack/common_logger.rb | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/rack/common_logger.rb b/lib/rack/common_logger.rb
index 9c6f921..68399c7 100644
--- a/lib/rack/common_logger.rb
+++ b/lib/rack/common_logger.rb
@@ -15,7 +15,7 @@ module Rack
# The actual format is slightly different than the above due to the
# separation of SCRIPT_NAME and PATH_INFO, and because the elapsed
# time in seconds is included at the end.
- FORMAT = %{%s - %s [%s] "%s %s%s%s %s" %d %s %0.4f\n}
+ FORMAT = %{%s - %s [%s] "%s %s%s%s %s" %d %s %0.4f }
# +logger+ can be any object that supports the +write+ or +<<+ methods,
# which includes the standard library Logger. These methods are called
@@ -60,7 +60,8 @@ module Rack
length,
Utils.clock_time - began_at ]
- msg.gsub!(/[^[:print:]\n]/) { |c| "\\x#{c.ord}" }
+ msg.gsub!(/[^[:print:]]/) { |c| sprintf("\\x%x", c.ord) }
+ msg[-1] = "\n"
logger = @logger || env[RACK_ERRORS]
--
2.46.0

9
rubygem-rack.spec
View File

@ -4,7 +4,7 @@
Name: rubygem-%{gem_name} Name: rubygem-%{gem_name}
Version: 2.2.4 Version: 2.2.4
Epoch: 1 Epoch: 1
Release: 10 Release: 11
Summary: A modular Ruby webserver interface Summary: A modular Ruby webserver interface
License: MIT and BSD License: MIT and BSD
URL: https://rack.github.io/ URL: https://rack.github.io/
@ -19,6 +19,7 @@ Patch6: Fix-CVE-2022-44571.patch
Patch7: Fix-CVE-2022-44572.patch Patch7: Fix-CVE-2022-44572.patch
Patch8: Fix-CVE-2025-27610.patch Patch8: Fix-CVE-2025-27610.patch
Patch9: Fix-CVE-2025-27111.patch Patch9: Fix-CVE-2025-27111.patch
Patch10: Fix-CVE-2025-25184.patch
BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 git BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 git
BuildRequires: memcached rubygem(memcache-client) rubygem(minitest) BuildRequires: memcached rubygem(memcache-client) rubygem(minitest)
BuildRequires: rubygem(memcache-client) BuildRequires: rubygem(memcache-client)
@ -107,6 +108,12 @@ popd
%doc %{gem_instdir}/contrib %doc %{gem_instdir}/contrib
%changelog %changelog
* Tue Mar 18 2025 changtao <changtao@kylinos.cn> - 1:2.2.4-11
- Type:CVE
- CVE:CVE-2025-25184
- SUG:NA
- DESC:fix CVE-2025-25184
* Thu Mar 13 2025 changtao <changtao@kylinos.cn> - 1:2.2.4-10 * Thu Mar 13 2025 changtao <changtao@kylinos.cn> - 1:2.2.4-10
- Type:CVE - Type:CVE
- CVE:CVE-2025-27111 - CVE:CVE-2025-27111