开源软件构建与测试

Changes of Revision 2

_service:tar_scm:ruby.spec Changed

@@ -33,7 +33,7 @@
 
 Name:      ruby
 Version:   %{ruby_version}
-Release:   143
+Release:   147
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/en/
@@ -99,6 +99,10 @@
 Patch6023: backport-0005-CVE-2024-35221.patch
 Patch6024: upgrade-lib-rexml-to-3.3.1.patch
 Patch6025: backport-CVE-2024-41946.patch
+Patch6026: backport-CVE-2024-39908-CVE-2024-41123-upgrade-lib-rexml-to-3.3.3.patch
+Patch6027: backport-CVE-2024-43398-upgrade-lib-rexml-to-3.3.6.patch
+Patch6028: backport-CVE-2024-47220.patch
+Patch6029: backport-CVE-2024-49761.patch
 
 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@@ -188,7 +192,7 @@
 %package -n rubygem-rdoc
 Summary:    Generate HTML and command-line documentation for Ruby projects
 Version:    %{rdoc_version}
-License:    GPLv2 and Ruby and MIT and OFL
+License:    GPLv2 and Ruby and MIT and OFL-1.1-RFN
 Requires:   ruby(release) ruby(rubygems) >= %{rubygems_version} ruby(irb) = %{ruby_version} rubygem(io-console) >= %{io_console_version} rubygem(json) >= %{json_version}
 Provides:   rdoc = %{version}-%{release} ri = %{version}-%{release} rubygem(rdoc) = %{version}-%{release}
 BuildArch:  noarch
@@ -884,6 +888,18 @@
 %{gem_dir}/specifications/matrix-%{matrix_version}.gemspec
 
 %changelog
+* Tue Oct 29 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-147
+- fix CVE-2024-49761
+
+* Tue Oct 08 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-146
+- fix CVE-2024-47220
+
+* Thu Aug 29 2024 shixuantong <shixuantong1@huawei.com> - 3.2.2-145
+- upgrade rexml to fix CVE-2024-39908 CVE-2024-41123 CVE-2024-43398
+
+* Wed Aug 14 2024 wangjiang <wangjiang37@h-partners.com> - 3.2.2-144
+- License compliance rectification
+
 * Thu Aug 08 2024 zhangxianting <zhangxianting@uniontech.com> - 3.2.2-143
 - fix CVE-2024-41946

_service:tar_scm:backport-CVE-2024-39908-CVE-2024-41123-upgrade-lib-rexml-to-3.3.3.patch Added

@@ -0,0 +1,372 @@
+From e4a067e11235a2ec7a00616d41350485e384ec05 Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 1 Aug 2024 11:51:33 +0900
+Subject: PATCH Add 3.3.3 entry
+
+---
+ .../lib/rexml/formatters/pretty.rb            |  2 +-
+ .../lib/rexml/parsers/baseparser.rb           | 67 ++++++++++++++-----
+ .../lib/rexml/parsers/sax2parser.rb           | 21 +-----
+ .../lib/rexml/parsers/streamparser.rb         |  4 +-
+ .bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb   |  2 +-
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb  | 22 ++++--
+ .bundle/gems/rexml-3.2.5/lib/rexml/text.rb    | 48 +++++++++----
+ 7 files changed, 105 insertions(+), 61 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb
+index a1198b7..a838d83 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/formatters/pretty.rb
+@@ -111,7 +111,7 @@ module REXML
+         # itself, then we don't need a carriage return... which makes this
+         # logic more complex.
+         node.children.each { |child|
+-          next if child == node.children-1 and child.instance_of?(Text)
++          next if child.instance_of?(Text)
+           unless child == node.children0 or child.instance_of?(Text) or
+             (child == node.children1 and !node.children0.writethis)
+             output << "\n"
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 617a3d5..44dc658 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,11 +124,10 @@ module REXML
+       }
+ 
+       module Private
+-        INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+         ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+-        NAME_PATTERN = /\s*#{NAME}/um
++        NAME_PATTERN = /#{NAME}/um
+         GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
+         PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
+         ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
+@@ -159,6 +158,7 @@ module REXML
+       def stream=( source )
+         @source = SourceFactory.create_from( source )
+         @closed = nil
++        @have_root = false
+         @document_status = nil
+         @tags = 
+         @stack = 
+@@ -241,7 +241,7 @@ module REXML
+         if @document_status == nil
+           start_position = @source.position
+           if @source.match("<?", true)
+-            return process_instruction(start_position)
++            return process_instruction
+           elsif @source.match("<!", true)
+             if @source.match("--", true)
+               md = @source.match(/(.*?)-->/um, true)
+@@ -311,7 +311,11 @@ module REXML
+               raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+               return  :elementdecl, "<!ELEMENT" + md1 
+             elsif @source.match("ENTITY", true)
+-              match = :entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true).captures.compact
++              match_data = @source.match(Private::ENTITYDECL_PATTERN, true)
++              unless match_data
++                raise REXML::ParseException.new("Malformed entity declaration", @source)
++              end
++              match = :entitydecl, *match_data.captures.compact
+               ref = false
+               if match1 == '%'
+                 ref = true
+@@ -343,7 +347,7 @@ module REXML
+               contents = md0
+ 
+               pairs = {}
+-              values = md0.scan( ATTDEF_RE )
++              values = md0.strip.scan( ATTDEF_RE )
+               values.each do |attdef|
+                 unless attdef3 == "#IMPLIED"
+                   attdef.compact!
+@@ -437,7 +441,7 @@ module REXML
+               raise REXML::ParseException.new( "Declarations can only occur "+
+                 "in the doctype declaration.", @source)
+             elsif @source.match("?", true)
+-              return process_instruction(start_position)
++              return process_instruction
+             else
+               # Get the next tag
+               md = @source.match(Private::TAG_PATTERN, true)
+@@ -462,8 +466,12 @@ module REXML
+                 @closed = tag
+                 @nsstack.shift
+               else
++                if @tags.empty? and @have_root
++                  raise ParseException.new("Malformed XML: Extra tag at the end of the document (got '<#{tag}')", @source)
++                end
+                 @tags.push( tag )
+               end
++              @have_root = true
+               return  :start_element, tag, attributes 
+             end
+           else
+@@ -471,6 +479,16 @@ module REXML
+             if text.chomp!("<")
+               @source.position -= "<".bytesize
+             end
++            if @tags.empty?
++              unless /\A\s*\z/.match?(text)
++                if @have_root
++                  raise ParseException.new("Malformed XML: Extra content at the end of the document (got '#{text}')", @source)
++                else
++                  raise ParseException.new("Malformed XML: Content at the start of the document (got '#{text}')", @source)
++                end
++              end
++              return pull_event if @have_root
++            end
+             return  :text, text 
+           end
+         rescue REXML::UndefinedNamespaceException
+@@ -515,7 +533,11 @@ module REXML
+ 
+       # Unescapes all possible entities
+       def unnormalize( string, entities=nil, filter=nil )
+-        rv = string.gsub( Private::CARRIAGE_RETURN_NEWLINE_PATTERN, "\n" )
++        if string.include?("\r")
++          rv = string.gsub( Private::CARRIAGE_RETURN_NEWLINE_PATTERN, "\n" )
++        else
++          rv = string.dup
++        end
+         matches = rv.scan( REFERENCE_RE )
+         return rv if matches.size == 0
+         rv.gsub!( Private::CHARACTER_REFERENCES ) {
+@@ -565,14 +587,14 @@ module REXML
+       def parse_name(base_error_message)
+         md = @source.match(Private::NAME_PATTERN, true)
+         unless md
+-          if @source.match(/\s*\S/um)
++          if @source.match(/\S/um)
+             message = "#{base_error_message}: invalid name"
+           else
+             message = "#{base_error_message}: name is missing"
+           end
+           raise REXML::ParseException.new(message, @source)
+         end
+-        md1
++        md0
+       end
+ 
+       def parse_id(base_error_message,
+@@ -641,15 +663,24 @@ module REXML
+         end
+       end
+ 
+-      def process_instruction(start_position)
+-        match_data = @source.match(Private::INSTRUCTION_END, true)
+-        unless match_data
+-          message = "Invalid processing instruction node"
+-          @source.position = start_position
+-          raise REXML::ParseException.new(message, @source)
++      def process_instruction
++        name = parse_name("Malformed XML: Invalid processing instruction node")
++        if @source.match(/\s+/um, true)
++          match_data = @source.match(/(.*?)\?>/um, true)
++          unless match_data
++            raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
++          end
++          content = match_data1
++        else
++          content = nil
++          unless @source.match("?>", true)
++            raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
++          end
+         end
+-        if @document_status.nil? and match_data1 == "xml"
+-          content = match_data2
++        if name == "xml"
++          if @document_status
++            raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
++          end
+           version = VERSION.match(content)
+           version = version1 unless version.nil?
+           encoding = ENCODING.match(content)
+@@ -664,7 +695,7 @@ module REXML
+           standalone = standalone1 unless standalone.nil?
+           return  :xmldecl, version, encoding, standalone 
+         end
+-        :processing_instruction, match_data1, match_data2
++        :processing_instruction, name, content
+       end
+ 
+       def parse_attributes(prefixes, curr_ns)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb
+index 01cb469..cec9d2f 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/sax2parser.rb
+@@ -161,25 +161,8 @@ module REXML
+               end
+             end
+           when :text
+-            #normalized = @parser.normalize( event1 )
+-            #handle( :characters, normalized )
+-            copy = event1.clone
+-
+-            esub = proc { |match|
+-              if @entities.has_key?($1)
+-                @entities$1.gsub(Text::REFERENCE, &esub)
+-              else
+-                match
+-              end
+-            }
+-
+-            copy.gsub!( Text::REFERENCE, &esub )
+-            copy.gsub!( Text::NUMERICENTITY ) {|m|
+-              m=$1
+-              m = "0#{m}" if m0 == ?x
+-              Integer(m).pack('U*')
+-            }
+-            handle( :characters, copy )
++            unnormalized = @parser.unnormalize( event1, @entities )
++            handle( :characters, unnormalized )
+           when :entitydecl
+             handle_entitydecl( event )
+           when :processing_instruction, :comment, :attlistdecl,
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb
+index 9e0eb0b..fa3ac49 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb
+@@ -36,8 +36,8 @@ module REXML
+             @listener.tag_end( event1 )
+             @tag_stack.pop
+           when :text
+-            normalized = @parser.unnormalize( event1 )
+-            @listener.text( normalized )
++            unnormalized = @parser.unnormalize( event1 )
++            @listener.text( unnormalized )
+           when :processing_instruction
+             @listener.instruction( *event1,2 )
+           when :start_doctype
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb
+index 3af03ec..39e92a5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb
+@@ -31,7 +31,7 @@
+ module REXML
+   COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
+   DATE = "2008/019"
+-  VERSION = "3.3.1"
++  VERSION = "3.3.3"
+   REVISION = ""
+ 
+   Copyright = COPYRIGHT
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 5715c35..ff887fc 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -204,10 +204,20 @@ module REXML
+       end
+     end
+ 
+-    def read(term = nil)
++    def read(term = nil, min_bytes = 1)
+       term = encode(term) if term
+       begin
+-        @scanner << readline(term)
++        str = readline(term)
++        @scanner << str
++        read_bytes = str.bytesize
++        begin
++          while read_bytes < min_bytes
++            str = readline(term)
++            @scanner << str
++            read_bytes += str.bytesize
++          end
++        rescue IOError
++        end
+         true
+       rescue Exception, NameError
+         @source = nil
+@@ -237,10 +247,9 @@ module REXML
+       read if @scanner.eos? && @source
+     end
+ 
+-    # Note: When specifying a string for 'pattern', it must not include '>' except in the following formats:
+-    # - ">"
+-    # - "XXX>" (X is any string excluding '>')
+     def match( pattern, cons=false )
++      # To avoid performance issue, we need to increase bytes to read per scan
++      min_bytes = 1
+       while true
+         if cons
+           md = @scanner.scan(pattern)
+@@ -250,7 +259,8 @@ module REXML
+         break if md
+         return nil if pattern.is_a?(String)
+         return nil if @source.nil?
+-        return nil unless read
++        return nil unless read(nil, min_bytes)
++        min_bytes *= 2
+       end
+ 
+       md.nil? ? nil : @scanner
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
+index b47bad3..7e0befe 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
+@@ -151,25 +151,45 @@ module REXML
+         end
+       end
+ 
+-      # context sensitive
+-      string.scan(pattern) do
+-        if $1-1 != ?;
+-          raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
+-        elsif $10 == ?&
+-          if $5 and $50 == ?#
+-            case ($51 == ?x ? $52..-1.to_i(16) : $51..-1.to_i)
+-            when *VALID_CHAR
++      pos = 0
++      while (index = string.index(/<|&/, pos))
++        if stringindex == "<"
++          raise "Illegal character \"#{stringindex}\" in raw string #{string.inspect}"
++        end
++
++        unless (end_index = string.index(/^\s;/, index + 1))
++          raise "Illegal character \"#{stringindex}\" in raw string #{string.inspect}"
++        end
++
++        value = string(index + 1)..end_index
++        if /\s/.match?(value)
++          raise "Illegal character \"#{stringindex}\" in raw string #{string.inspect}"
++        end
++
++        if value0 == "#"
++          character_reference = value1..-1
++
++          unless (/\A(\d+|x0-9a-fA-F+)\z/.match?(character_reference))
++            if character_reference0 == "x" || character_reference-1 == "x"
++              raise "Illegal character \"#{stringindex}\" in raw string #{string.inspect}"
+             else
+-              raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
++              raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
+             end
+-          # FIXME: below can't work but this needs API change.
+-          # elsif @parent and $3 and !SUBSTITUTES.include?($1)
+-          #   if !doctype or !doctype.entities.has_key?($3)
+-          #     raise "Undeclared entity '#{$1}' in raw string \"#{string}\""
+-          #   end
+           end
++
++          case (character_reference0 == "x" ? character_reference1..-1.to_i(16) : character_reference0..-1.to_i)
++          when *VALID_CHAR
++          else
++            raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
++          end
++        elsif !(/\A#{Entity::NAME}\z/um.match?(value))
++          raise "Illegal character \"#{stringindex}\" in raw string #{string.inspect}"
+         end
++
++        pos = end_index + 1
+       end
++
++      string
+     end
+ 
+     def node_type
+-- 
+2.27.0
+

_service:tar_scm:backport-CVE-2024-43398-upgrade-lib-rexml-to-3.3.6.patch Added

@@ -0,0 +1,524 @@
+From 95871f399eda642a022b03550479b7994895c742 Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 22 Aug 2024 09:54:49 +0900
+Subject: PATCH Add 3.3.6 entry
+
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/element.rb |  30 ++--
+ .bundle/gems/rexml-3.2.5/lib/rexml/entity.rb  |  52 +------
+ .../lib/rexml/parsers/baseparser.rb           | 139 +++++++++++++-----
+ .../lib/rexml/parsers/streamparser.rb         |  16 +-
+ .../lib/rexml/parsers/treeparser.rb           |   7 -
+ .bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb   |   2 +-
+ 6 files changed, 131 insertions(+), 115 deletions(-)
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb
+index a5808d7..4e3a60b 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb
+@@ -441,9 +441,14 @@ module REXML
+     # Related: #root_node, #document.
+     #
+     def root
+-      return elements1 if self.kind_of? Document
+-      return self if parent.kind_of? Document or parent.nil?
+-      return parent.root
++      target = self
++      while target
++        return target.elements1 if target.kind_of? Document
++        parent = target.parent
++        return target if parent.kind_of? Document or parent.nil?
++        target = parent
++      end
++      nil
+     end
+ 
+     # :call-seq:
+@@ -619,8 +624,12 @@ module REXML
+       else
+         prefix = "xmlns:#{prefix}" unless prefix0,5 == 'xmlns'
+       end
+-      ns = attributes prefix 
+-      ns = parent.namespace(prefix) if ns.nil? and parent
++      ns = nil
++      target = self
++      while ns.nil? and target
++        ns = target.attributesprefix
++        target = target.parent
++      end
+       ns = '' if ns.nil? and prefix == 'xmlns'
+       return ns
+     end
+@@ -2375,17 +2384,6 @@ module REXML
+       elsif old_attr.kind_of? Hash
+         old_attrvalue.prefix = value
+       elsif old_attr.prefix != value.prefix
+-        # Check for conflicting namespaces
+-        if value.prefix != "xmlns" and old_attr.prefix != "xmlns"
+-          old_namespace = old_attr.namespace
+-          new_namespace = value.namespace
+-          if old_namespace == new_namespace
+-            raise ParseException.new(
+-                    "Namespace conflict in adding attribute \"#{value.name}\": "+
+-                    "Prefix \"#{old_attr.prefix}\" = \"#{old_namespace}\" and "+
+-                    "prefix \"#{value.prefix}\" = \"#{new_namespace}\"")
+-          end
+-        end
+         store value.name, {old_attr.prefix => old_attr,
+                            value.prefix    => value}
+       else
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/entity.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/entity.rb
+index 573db69..12bbad3 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/entity.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/entity.rb
+@@ -12,6 +12,7 @@ module REXML
+     EXTERNALID = "(?:(?:(SYSTEM)\\s+#{SYSTEMLITERAL})|(?:(PUBLIC)\\s+#{PUBIDLITERAL}\\s+#{SYSTEMLITERAL}))"
+     NDATADECL = "\\s+NDATA\\s+#{NAME}"
+     PEREFERENCE = "%#{NAME};"
++    PEREFERENCE_RE = /#{PEREFERENCE}/um
+     ENTITYVALUE = %Q{((?:"(?:^%&"|#{PEREFERENCE}|#{REFERENCE})*")|(?:'(^%&'|#{PEREFERENCE}|#{REFERENCE})*'))}
+     PEDEF = "(?:#{ENTITYVALUE}|#{EXTERNALID})"
+     ENTITYDEF = "(?:#{ENTITYVALUE}|(?:#{EXTERNALID}(#{NDATADECL})?))"
+@@ -19,7 +20,7 @@ module REXML
+     GEDECL = "<!ENTITY\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
+     ENTITYDECL = /\s*(?:#{GEDECL})|(?:#{PEDECL})/um
+ 
+-    attr_reader :name, :external, :ref, :ndata, :pubid
++    attr_reader :name, :external, :ref, :ndata, :pubid, :value
+ 
+     # Create a new entity.  Simple entities can be constructed by passing a
+     # name, value to the constructor; this creates a generic, plain entity
+@@ -68,14 +69,11 @@ module REXML
+     end
+ 
+     # Evaluates to the unnormalized value of this entity; that is, replacing
+-    # all entities -- both %ent; and &ent; entities.  This differs from
+-    # +value()+ in that +value+ only replaces %ent; entities.
++    # &ent; entities.
+     def unnormalized
+       document.record_entity_expansion unless document.nil?
+-      v = value()
+-      return nil if v.nil?
+-      @unnormalized = Text::unnormalize(v, parent)
+-      @unnormalized
++      return nil if @value.nil?
++      @unnormalized = Text::unnormalize(@value, parent)
+     end
+ 
+     #once :unnormalized
+@@ -121,46 +119,6 @@ module REXML
+       write rv
+       rv
+     end
+-
+-    PEREFERENCE_RE = /#{PEREFERENCE}/um
+-    # Returns the value of this entity.  At the moment, only internal entities
+-    # are processed.  If the value contains internal references (IE,
+-    # %blah;), those are replaced with their values.  IE, if the doctype
+-    # contains:
+-    #  <!ENTITY % foo "bar">
+-    #  <!ENTITY yada "nanoo %foo; nanoo>
+-    # then:
+-    #  doctype.entity('yada').value   #-> "nanoo bar nanoo"
+-    def value
+-      @resolved_value ||= resolve_value
+-    end
+-
+-    def parent=(other)
+-      @resolved_value = nil
+-      super
+-    end
+-
+-    private
+-    def resolve_value
+-      return nil if @value.nil?
+-      return @value unless @value.match?(PEREFERENCE_RE)
+-
+-      matches = @value.scan(PEREFERENCE_RE)
+-      rv = @value.clone
+-      if @parent
+-        sum = 0
+-        matches.each do |entity_reference|
+-          entity_value = @parent.entity( entity_reference0 )
+-          if sum + entity_value.bytesize > Security.entity_expansion_text_limit
+-            raise "entity expansion has grown too large"
+-          else
+-            sum += entity_value.bytesize
+-          end
+-          rv.gsub!( /%#{entity_reference.join};/um, entity_value )
+-        end
+-      end
+-      rv
+-    end
+   end
+ 
+   # This is a set of entity constants -- the ones defined in the XML
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 44dc658..d11c276 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -1,12 +1,29 @@
+ # frozen_string_literal: true
+ require_relative '../parseexception'
+ require_relative '../undefinednamespaceexception'
++require_relative '../security'
+ require_relative '../source'
+ require 'set'
+ require "strscan"
+ 
+ module REXML
+   module Parsers
++    unless .respond_to?(:tally)
++      module EnumerableTally
++        refine Enumerable do
++          def tally
++            counts = {}
++            each do |item|
++              countsitem ||= 0
++              countsitem += 1
++            end
++            counts
++          end
++        end
++      end
++      using EnumerableTally
++    end
++
+     if StringScanner::Version < "3.0.8"
+       module StringScannerCaptures
+         refine StringScanner do
+@@ -124,6 +141,7 @@ module REXML
+       }
+ 
+       module Private
++        PEREFERENCE_PATTERN = /#{PEREFERENCE}/um
+         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+         ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+@@ -163,7 +181,8 @@ module REXML
+         @tags = 
+         @stack = 
+         @entities = 
+-        @nsstack = 
++        @namespaces = {}
++        @namespaces_restore_stack = 
+       end
+ 
+       def position
+@@ -231,6 +250,10 @@ module REXML
+           if @document_status == :in_doctype
+             raise ParseException.new("Malformed DOCTYPE: unclosed", @source)
+           end
++          unless @tags.empty?
++            path = "/" + @tags.join("/")
++            raise ParseException.new("Missing end tag for '#{path}'", @source)
++          end
+           return  :end_document 
+         end
+         return @stack.shift if @stack.size > 0
+@@ -263,7 +286,6 @@ module REXML
+                 @source.position = start_position
+                 raise REXML::ParseException.new(message, @source)
+               end
+-              @nsstack.unshift(Set.new)
+               name = parse_name(base_error_message)
+               if @source.match(/\s*\/um, true)
+                 id = nil, nil, nil
+@@ -333,6 +355,8 @@ module REXML
+                 match4 = match41..-2 # HREF
+                 match.delete_at(5) if match.size > 5 # Chop out NDATA decl
+                 # match is  :entity, name, PUBLIC, pubid, href(, ndata)? 
++              elsif Private::PEREFERENCE_PATTERN.match?(match2)
++                raise REXML::ParseException.new("Parameter entity references forbidden in internal subset: #{match2}", @source)
+               else
+                 match2 = match21..-2
+                 match.pop if match.size == 4
+@@ -355,7 +379,7 @@ module REXML
+                   val = attdef4 if val == "#FIXED "
+                   pairsattdef0 = val
+                   if attdef0 =~ /^xmlns:(.*)/
+-                    @nsstack0 << $1
++                    @namespaces$1 = val
+                   end
+                 end
+               end
+@@ -408,7 +432,7 @@ module REXML
+             # here explicitly.
+             @source.ensure_buffer
+             if @source.match("/", true)
+-              @nsstack.shift
++              @namespaces_restore_stack.pop
+               last_tag = @tags.pop
+               md = @source.match(Private::CLOSE_PATTERN, true)
+               if md and !last_tag
+@@ -453,18 +477,18 @@ module REXML
+               @document_status = :in_element
+               @prefixes.clear
+               @prefixes << md2 if md2
+-              @nsstack.unshift(curr_ns=Set.new)
+-              attributes, closed = parse_attributes(@prefixes, curr_ns)
++              push_namespaces_restore
++              attributes, closed = parse_attributes(@prefixes)
+               # Verify that all of the prefixes have been defined
+               for prefix in @prefixes
+-                unless @nsstack.find{|k| k.member?(prefix)}
++                unless @namespaces.key?(prefix)
+                   raise UndefinedNamespaceException.new(prefix,@source,self)
+                 end
+               end
+ 
+               if closed
+                 @closed = tag
+-                @nsstack.shift
++                pop_namespaces_restore
+               else
+                 if @tags.empty? and @have_root
+                   raise ParseException.new("Malformed XML: Extra tag at the end of the document (got '<#{tag}')", @source)
+@@ -504,15 +528,13 @@ module REXML
+       private :pull_event
+ 
+       def entity( reference, entities )
+-        value = nil
+-        value = entities reference  if entities
+-        if value
+-          record_entity_expansion
+-        else
+-          value = DEFAULT_ENTITIES reference 
+-          value = value2 if value
+-        end
+-        unnormalize( value, entities ) if value
++        return unless entities
++
++        value = entities reference 
++        return if value.nil?
++
++        record_entity_expansion
++        unnormalize( value, entities )
+       end
+ 
+       # Escapes all possible entities
+@@ -546,22 +568,29 @@ module REXML
+           Integer(m).pack('U*')
+         }
+         matches.collect!{|x|x0}.compact!
++        if filter
++          matches.reject! do |entity_reference|
++            filter.include?(entity_reference)
++          end
++        end
+         if matches.size > 0
+-          sum = 0
+-          matches.each do |entity_reference|
+-            unless filter and filter.include?(entity_reference)
+-              entity_value = entity( entity_reference, entities )
+-              if entity_value
+-                re = Private::DEFAULT_ENTITIES_PATTERNSentity_reference || /&#{entity_reference};/
+-                rv.gsub!( re, entity_value )
+-                sum += rv.bytesize
+-                if sum > Security.entity_expansion_text_limit
+-                  raise "entity expansion has grown too large"
+-                end
+-              else
+-                er = DEFAULT_ENTITIESentity_reference
+-                rv.gsub!( er0, er2 ) if er
++          matches.tally.each do |entity_reference, n|
++            entity_expansion_count_before = @entity_expansion_count
++            entity_value = entity( entity_reference, entities )
++            if entity_value
++              if n > 1
++                entity_expansion_count_delta =
++                  @entity_expansion_count - entity_expansion_count_before
++                record_entity_expansion(entity_expansion_count_delta * (n - 1))
+               end
++              re = Private::DEFAULT_ENTITIES_PATTERNSentity_reference || /&#{entity_reference};/
++              rv.gsub!( re, entity_value )
++              if rv.bytesize > Security.entity_expansion_text_limit
++                raise "entity expansion has grown too large"
++              end
++            else
++              er = DEFAULT_ENTITIESentity_reference
++              rv.gsub!( er0, er2 ) if er
+             end
+           end
+           rv.gsub!( Private::DEFAULT_ENTITIES_PATTERNS'amp', '&' )
+@@ -570,9 +599,34 @@ module REXML
+       end
+ 
+       private
++      def add_namespace(prefix, uri)
++        @namespaces_restore_stack.lastprefix = @namespacesprefix
++        if uri.nil?
++          @namespaces.delete(prefix)
++        else
++          @namespacesprefix = uri
++        end
++      end
++
++      def push_namespaces_restore
++        namespaces_restore = {}
++        @namespaces_restore_stack.push(namespaces_restore)
++        namespaces_restore
++      end
+ 
+-      def record_entity_expansion
+-        @entity_expansion_count += 1
++      def pop_namespaces_restore
++        namespaces_restore = @namespaces_restore_stack.pop
++        namespaces_restore.each do |prefix, uri|
++          if uri.nil?
++            @namespaces.delete(prefix)
++          else
++            @namespacesprefix = uri
++          end
++        end
++      end
++
++      def record_entity_expansion(delta=1)
++        @entity_expansion_count += delta
+         if @entity_expansion_count > Security.entity_expansion_limit
+           raise "number of entity expansions exceeded, processing aborted."
+         end
+@@ -698,8 +752,9 @@ module REXML
+         :processing_instruction, name, content
+       end
+ 
+-      def parse_attributes(prefixes, curr_ns)
++      def parse_attributes(prefixes)
+         attributes = {}
++        expanded_names = {}
+         closed = false
+         while true
+           if @source.match(">", true)
+@@ -741,7 +796,7 @@ module REXML
+                   "(http://www.w3.org/TR/REC-xml-names/#ns-decl)"
+                 raise REXML::ParseException.new( msg, @source, self)
+               end
+-              curr_ns << local_part
++              add_namespace(local_part, value)
+             elsif prefix
+               prefixes << prefix unless prefix == "xml"
+             end
+@@ -751,6 +806,20 @@ module REXML
+               raise REXML::ParseException.new(msg, @source, self)
+             end
+ 
++            unless prefix == "xmlns"
++              uri = @namespacesprefix
++              expanded_name = uri, local_part
++              existing_prefix = expanded_namesexpanded_name
++              if existing_prefix
++                message = "Namespace conflict in adding attribute " +
++                          "\"#{local_part}\": " +
++                          "Prefix \"#{existing_prefix}\" = \"#{uri}\" and " +
++                          "prefix \"#{prefix}\" = \"#{uri}\""
++                raise REXML::ParseException.new(message, @source, self)
++              end
++              expanded_namesexpanded_name = prefix
++            end
++
+             attributesname = value
+           else
+             message = "Invalid attribute name: <#{@source.buffer.split(%r{/>\s}).first}>"
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb
+index fa3ac49..7781fe4 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/streamparser.rb
+@@ -7,36 +7,33 @@ module REXML
+       def initialize source, listener
+         @listener = listener
+         @parser = BaseParser.new( source )
+-        @tag_stack = 
++        @entities = {}
+       end
+ 
+       def add_listener( listener )
+         @parser.add_listener( listener )
+       end
+ 
++      def entity_expansion_count
++        @parser.entity_expansion_count
++      end
++
+       def parse
+         # entity string
+         while true
+           event = @parser.pull
+           case event0
+           when :end_document
+-            unless @tag_stack.empty?
+-              tag_path = "/" + @tag_stack.join("/")
+-              raise ParseException.new("Missing end tag for '#{tag_path}'",
+-                                       @parser.source)
+-            end
+             return
+           when :start_element
+-            @tag_stack << event1
+             attrs = event2.each do |n, v|
+               event2n = @parser.unnormalize( v )
+             end
+             @listener.tag_start( event1, attrs )
+           when :end_element
+             @listener.tag_end( event1 )
+-            @tag_stack.pop
+           when :text
+-            unnormalized = @parser.unnormalize( event1 )
++            unnormalized = @parser.unnormalize( event1, @entities )
+             @listener.text( unnormalized )
+           when :processing_instruction
+             @listener.instruction( *event1,2 )
+@@ -48,6 +45,7 @@ module REXML
+           when :comment, :attlistdecl, :cdata, :xmldecl, :elementdecl
+             @listener.send( event0.to_s, *event1..-1 )
+           when :entitydecl, :notationdecl
++            @entities event1  = event2 if event.size == 3
+             @listener.send( event0.to_s, event1..-1 )
+           when :externalentity
+             entity_reference = event1
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb
+index 0cb6f7c..4565a40 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/treeparser.rb
+@@ -15,7 +15,6 @@ module REXML
+       end
+ 
+       def parse
+-        tag_stack = 
+         entities = nil
+         begin
+           while true
+@@ -23,19 +22,13 @@ module REXML
+             #STDERR.puts "TREEPARSER GOT #{event.inspect}"
+             case event0
+             when :end_document
+-              unless tag_stack.empty?
+-                raise ParseException.new("No close tag for #{@build_context.xpath}",
+-                                         @parser.source, @parser)
+-              end
+               return
+             when :start_element
+-              tag_stack.push(event1)
+               el = @build_context = @build_context.add_element( event1 )
+               event2.each do |key, value|
+                 el.attributeskey=Attribute.new(key,value,self)
+               end
+             when :end_element
+-              tag_stack.pop
+               @build_context = @build_context.parent
+             when :text
+               if @build_context-1.instance_of? Text
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb
+index 39e92a5..99d574b 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/rexml.rb
+@@ -31,7 +31,7 @@
+ module REXML
+   COPYRIGHT = "Copyright © 2001-2008 Sean Russell <ser@germane-software.com>"
+   DATE = "2008/019"
+-  VERSION = "3.3.3"
++  VERSION = "3.3.6"
+   REVISION = ""
+ 
+   Copyright = COPYRIGHT
+-- 
+2.27.0
+

_service:tar_scm:backport-CVE-2024-47220.patch Added

@@ -0,0 +1,62 @@
+From f5faca9222541591e1a7c3c97552ebb0c92733c7 Mon Sep 17 00:00:00 2001
+From: Jeremy Evans <code@jeremyevans.net>
+Date: Wed, 18 Sep 2024 14:11:49 -0700
+Subject: PATCH Prevent request smuggling
+
+If a request has both a content-length and transfer-encoding
+headers, return a 400 response.  This is allowed by RFC 7230
+section 3.3.3.3.
+
+Fixes #145
+---
+ tool/lib/webrick/httprequest.rb       |  4 ++++
+ tool/test/webrick/test_httprequest.rb | 18 ++++++++++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/tool/lib/webrick/httprequest.rb b/tool/lib/webrick/httprequest.rb
+index 5cf5844..820acb2 100644
+--- a/tool/lib/webrick/httprequest.rb
++++ b/tool/lib/webrick/httprequest.rb
+@@ -474,6 +474,10 @@ module WEBrick
+     def read_body(socket, block)
+       return unless socket
+       if tc = self'transfer-encoding'
++        if self'content-length'
++          raise HTTPStatus::BadRequest, "request with both transfer-encoding and content-length, possible request smuggling"
++        end
++
+         case tc
+         when /\Achunked\z/io then read_chunked(socket, block)
+         else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
+diff --git a/tool/test/webrick/test_httprequest.rb b/tool/test/webrick/test_httprequest.rb
+index 855ff9d..cce9b91 100644
+--- a/tool/test/webrick/test_httprequest.rb
++++ b/tool/test/webrick/test_httprequest.rb
+@@ -81,6 +81,24 @@ GET /
+     }
+   end
+ 
++  def test_content_length_and_transfer_encoding_headers_smuggling
++    msg = <<~HTTP.gsub("\n", "\r\n")
++      POST /user HTTP/1.1
++      Content-Length: 28
++      Transfer-Encoding: chunked
++
++      0
++
++      GET /admin HTTP/1.1
++
++    HTTP
++    req = WEBrick::HTTPRequest.new(WEBrick::Config::HTTP)
++    req.parse(StringIO.new(msg))
++    assert_raise(WEBrick::HTTPStatus::BadRequest){
++      req.body
++    }
++  end
++
+   def test_parse_headers
+     msg = <<-_end_of_message_
+       GET /path HTTP/1.1
+-- 
+2.27.0
+

_service:tar_scm:backport-CVE-2024-49761.patch Added

@@ -0,0 +1,38 @@
+From ce59f2eb1aeb371fe1643414f06618dbe031979f Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 24 Oct 2024 14:45:31 +0900
+Subject: PATCH parser: fix a bug that &#0x...; is accepted as a character
+ reference
+
+
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 7bd8adf..b4547ba 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -150,7 +150,7 @@ module REXML
+         PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
+         ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
+         CARRIAGE_RETURN_NEWLINE_PATTERN = /\r\n?/
+-        CHARACTER_REFERENCES = /&#0*((?:\d+)|(?:xa-fA-F0-9+));/
++        CHARACTER_REFERENCES = /&#((?:\d+)|(?:xa-fA-F0-9+));/
+         DEFAULT_ENTITIES_PATTERNS = {}
+         default_entities = 'gt', 'lt', 'quot', 'apos', 'amp'
+         default_entities.each do |term|
+@@ -570,8 +570,12 @@ module REXML
+         return rv if matches.size == 0
+         rv.gsub!( Private::CHARACTER_REFERENCES ) {
+           m=$1
+-          m = "0#{m}" if m0 == ?x
+-          Integer(m).pack('U*')
++          if m.start_with?("x")
++            code_point = Integer(m1..-1, 16)
++          else
++            code_point = Integer(m, 10)
++          end
++          code_point.pack('U*')
+         }
+         matches.collect!{|x|x0}.compact!
+         if filter
+-- 
+2.27.0
+

_service Changed