Projects
Mega:24.03:SP1:Everything
ruby
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:ruby.spec
Changed
@@ -33,7 +33,7 @@ Name: ruby Version: %{ruby_version} -Release: 146 +Release: 147 Summary: Object-oriented scripting language interpreter License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD URL: https://www.ruby-lang.org/en/ @@ -102,6 +102,7 @@ Patch6026: backport-CVE-2024-39908-CVE-2024-41123-upgrade-lib-rexml-to-3.3.3.patch Patch6027: backport-CVE-2024-43398-upgrade-lib-rexml-to-3.3.6.patch Patch6028: backport-CVE-2024-47220.patch +Patch6029: backport-CVE-2024-49761.patch Provides: %{name}-libs = %{version}-%{release} Obsoletes: %{name}-libs < %{version}-%{release} @@ -887,6 +888,9 @@ %{gem_dir}/specifications/matrix-%{matrix_version}.gemspec %changelog +* Tue Oct 29 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-147 +- fix CVE-2024-49761 + * Tue Oct 08 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-146 - fix CVE-2024-47220
View file
_service:tar_scm:backport-CVE-2024-49761.patch
Added
@@ -0,0 +1,38 @@ +From ce59f2eb1aeb371fe1643414f06618dbe031979f Mon Sep 17 00:00:00 2001 +From: Sutou Kouhei <kou@clear-code.com> +Date: Thu, 24 Oct 2024 14:45:31 +0900 +Subject: PATCH parser: fix a bug that �x...; is accepted as a character + reference + + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index 7bd8adf..b4547ba 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -150,7 +150,7 @@ module REXML + PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>" + ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um + CARRIAGE_RETURN_NEWLINE_PATTERN = /\r\n?/ +- CHARACTER_REFERENCES = /�*((?:\d+)|(?:xa-fA-F0-9+));/ ++ CHARACTER_REFERENCES = /&#((?:\d+)|(?:xa-fA-F0-9+));/ + DEFAULT_ENTITIES_PATTERNS = {} + default_entities = 'gt', 'lt', 'quot', 'apos', 'amp' + default_entities.each do |term| +@@ -570,8 +570,12 @@ module REXML + return rv if matches.size == 0 + rv.gsub!( Private::CHARACTER_REFERENCES ) { + m=$1 +- m = "0#{m}" if m0 == ?x +- Integer(m).pack('U*') ++ if m.start_with?("x") ++ code_point = Integer(m1..-1, 16) ++ else ++ code_point = Integer(m, 10) ++ end ++ code_point.pack('U*') + } + matches.collect!{|x|x0}.compact! + if filter +-- +2.27.0 +
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/ruby.git</param> - <param name="revision">openEuler-24.03-LTS-Next</param> + <param name="revision">openEuler-24.03-LTS-SP1</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2