ruby: fix CVE-2024-41123

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-41123 Upstream-patches: https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70 https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960 https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6 (From OE-Core rev: 6b2a2e689a69deef6098f6c266542234e46fb24b) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Divya Chellam <divya.chellam@windriver.com> 2025-11-20 15:07:22 +0530
committer: Steve Sakoman <steve@sakoman.com> 2025-12-01 06:50:49 -0800
commit: 6639c7b29502bed5ce1bfb0abcfd4dc09b3e1da6 (patch)
tree: b37a3c727ab72195aa5d35ac8b9e917531ae9480 /meta/recipes-devtools/ruby
parent: 7c4bd642e4ce30e2a7504fcd4fe12fca2f6b91e1 (diff)
download: poky-6639c7b29502bed5ce1bfb0abcfd4dc09b3e1da6.tar.gz
6 files changed, 415 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
new file mode 100644
index 0000000000..c9d7ed2626
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
@@ -0,0 +1,44 @@
+From 2c39c91a65d69357cfbc35dd8079b3606d86bb70 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Fri, 19 Jul 2024 17:15:15 +0900
+Subject: [PATCH] Fix method scope in test in order to invoke the tests
+ properly and fix exception message (#182)
+This PR includes following two fixes.
+1. The `test_empty` and `test_linear_performance_gt` were defined as
+private method. Seems that test-unit runner does not invoke private
+methods even if the methods have `test_` prefix.
+2. When parse malformed entity declaration, the exception might have the
+message about `NoMethodError`. The proper exception message will be
+contained by this fix.
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 4864ba1..451fbf8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -308,7 +308,11 @@ module REXML
+               raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+               return [ :elementdecl, "<!ELEMENT" + md[1] ]
+             elsif @source.match("ENTITY", true)
+-              match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
+              match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
+              unless match_data
+                raise REXML::ParseException.new("Malformed entity declaration", @source)
+              end
+              match = [:entitydecl, *match_data.captures.compact]
+               ref = false
+               if match[1] == '%'
+                 ref = true
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
new file mode 100644
index 0000000000..6c6c81d7f1
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
@@ -0,0 +1,37 @@
+From 4444a04ece4c02a7bd51e8c75623f22dc12d882b Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Sun, 2 Jun 2024 16:59:16 +0900
+Subject: [PATCH] Add missing encode for custom term
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 08a035c..7be430a 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -160,6 +160,7 @@ module REXML
+     end
+ 
+     def read(term = nil)
+      term = encode(term) if term
+       begin
+         @scanner << readline(term)
+         true
+@@ -171,6 +172,7 @@ module REXML
+ 
+     def read_until(term)
+       pattern = Regexp.union(term)
+      term = encode(term)
+       data = []
+       begin
+         until str = @scanner.scan_until(pattern)
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
new file mode 100644
index 0000000000..d31b77efbf
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
@@ -0,0 +1,55 @@
+From ebc3e85bfa2796fb4922c1932760bec8390ff87c Mon Sep 17 00:00:00 2001
+From: NAITOH Jun <naitoh@gmail.com>
+Date: Mon, 8 Jul 2024 05:54:06 +0900
+Subject: [PATCH] Add position check for XML declaration (#162)
+XML declaration must be the first item.
+https://www.w3.org/TR/2006/REC-xml11-20060816/#document
+```
+[1]   document   ::=   ( prolog element Misc* ) - ( Char* RestrictedChar Char* )
+```
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-prolog
+```
+[22]   prolog   ::=     XMLDecl Misc* (doctypedecl Misc*)?
+```
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-XMLDecl
+```
+[23]   XMLDecl  ::=   '<?xml' VersionInfo EncodingDecl? SDDecl? S? '?>'
+```
+See: https://github.com/ruby/rexml/pull/161#discussion_r1666118193
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 451fbf8..71fce99 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -670,7 +670,10 @@ module REXML
+           @source.position = start_position
+           raise REXML::ParseException.new(message, @source)
+         end
+-        if @document_status.nil? and match_data[1] == "xml"
+        if match_data[1] == "xml"
+          if @document_status
+            raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
+          end
+           content = match_data[2]
+           version = VERSION.match(content)
+           version = version[1] unless version.nil?
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
new file mode 100644
index 0000000000..4d7603a5b9
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
@@ -0,0 +1,163 @@
+From 6cac15d45864c8d70904baa5cbfcc97181000960 Mon Sep 17 00:00:00 2001
+From: tomoya ishida <tomoyapenguin@gmail.com>
+Date: Thu, 1 Aug 2024 09:21:19 +0900
+Subject: [PATCH] Fix source.match performance without specifying term string
+ (#186)
+Performance problem of `source.match(regexp)` was recently fixed by
+specifying terminator string. However, I think maintaining appropriate
+terminator string for a regexp is hard.
+I propose solving this performance issue by increasing bytes to read in
+each iteration.
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb           | 22 ++++++------------
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb  | 23 +++++++++++++++----
+ 2 files changed, 25 insertions(+), 20 deletions(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 71fce99..c1a22b8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,14 +124,6 @@ module REXML
+       }
+ 
+       module Private
+-        # Terminal requires two or more letters.
+-        INSTRUCTION_TERM = "?>"
+-        COMMENT_TERM = "-->"
+-        CDATA_TERM = "]]>"
+-        DOCTYPE_TERM = "]>"
+-        # Read to the end of DOCTYPE because there is no proper ENTITY termination
+-        ENTITY_TERM = DOCTYPE_TERM
+-
+         INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+@@ -244,7 +236,7 @@ module REXML
+             return process_instruction(start_position)
+           elsif @source.match("<!", true)
+             if @source.match("--", true)
+-              md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
+              md = @source.match(/(.*?)-->/um, true)
+               if md.nil?
+                 raise REXML::ParseException.new("Unclosed comment", @source)
+               end
+@@ -308,7 +300,7 @@ module REXML
+               raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+               return [ :elementdecl, "<!ELEMENT" + md[1] ]
+             elsif @source.match("ENTITY", true)
+-              match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
+              match_data = @source.match(Private::ENTITYDECL_PATTERN, true)
+               unless match_data
+                 raise REXML::ParseException.new("Malformed entity declaration", @source)
+               end
+@@ -377,14 +369,14 @@ module REXML
+                 raise REXML::ParseException.new(message, @source)
+               end
+               return [:notationdecl, name, *id]
+-            elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
+            elsif md = @source.match(/--(.*?)-->/um, true)
+               case md[1]
+               when /--/, /-\z/
+                 raise REXML::ParseException.new("Malformed comment", @source)
+               end
+               return [ :comment, md[1] ] if md
+             end
+-          elsif match = @source.match(/(%.*?;)\s*/um, true, term: Private::DOCTYPE_TERM)
+          elsif match = @source.match(/(%.*?;)\s*/um, true)
+             return [ :externalentity, match[1] ]
+           elsif @source.match(/\]\s*>/um, true)
+             @document_status = :after_doctype
+@@ -417,7 +409,7 @@ module REXML
+               #STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
+               raise REXML::ParseException.new("Malformed node", @source) unless md
+               if md[0][0] == ?-
+-                md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
+                md = @source.match(/--(.*?)-->/um, true)
+ 
+                 case md[1]
+                 when /--/, /-\z/
+@@ -426,7 +418,7 @@ module REXML
+ 
+                 return [ :comment, md[1] ] if md
+               else
+-                md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
+                md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
+                 return [ :cdata, md[1] ] if md
+               end
+               raise REXML::ParseException.new( "Declarations can only occur "+
+@@ -664,7 +656,7 @@ module REXML
+       end
+ 
+       def process_instruction(start_position)
+-        match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
+        match_data = @source.match(Private::INSTRUCTION_END, true)
+         unless match_data
+           message = "Invalid processing instruction node"
+           @source.position = start_position
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 7be430a..7c05cb5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -72,7 +72,7 @@ module REXML
+       @scanner.scan_until(Regexp.union(term)) or @scanner.rest
+     end
+ 
+-    def match(pattern, cons=false, term: nil)
+    def match(pattern, cons=false)
+       if cons
+         @scanner.scan(pattern).nil? ? nil : @scanner
+       else
+@@ -159,10 +159,20 @@ module REXML
+       end
+     end
+ 
+-    def read(term = nil)
+    def read(term = nil, min_bytes = 1)
+       term = encode(term) if term
+       begin
+-        @scanner << readline(term)
+        str = readline(term)
+        @scanner << str
+        read_bytes = str.bytesize
+        begin
+          while read_bytes < min_bytes
+            str = readline(term)
+            @scanner << str
+            read_bytes += str.bytesize
+          end
+        rescue IOError
+        end
+         true
+       rescue Exception, NameError
+         @source = nil
+@@ -186,7 +196,9 @@ module REXML
+       end
+     end
+ 
+-    def match( pattern, cons=false, term: nil )
+    def match( pattern, cons=false )
+      # To avoid performance issue, we need to increase bytes to read per scan
+      min_bytes = 1
+       read if @scanner.eos? && @source
+       while true
+         if cons
+@@ -197,7 +209,8 @@ module REXML
+         break if md
+         return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
+         return nil if @source.nil?
+-        return nil unless read(term)
+        return nil unless read(nil, min_bytes)
+        min_bytes *= 2
+       end
+ 
+       md.nil? ? nil : @scanner
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
new file mode 100644
index 0000000000..3d79d07327
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
@@ -0,0 +1,111 @@
+From e2546e6ecade16b04c9ee528e5be8509fe16c2d6 Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 1 Aug 2024 11:23:43 +0900
+Subject: [PATCH] parse pi: improve invalid case detection
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb           | 35 +++++++++++--------
+ 1 file changed, 20 insertions(+), 15 deletions(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index c1a22b8..0ece9b5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,11 +124,10 @@ module REXML
+       }
+ 
+       module Private
+-        INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+         ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+-        NAME_PATTERN = /\s*#{NAME}/um
+        NAME_PATTERN = /#{NAME}/um
+         GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
+         PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
+         ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
+@@ -233,7 +232,7 @@ module REXML
+         if @document_status == nil
+           start_position = @source.position
+           if @source.match("<?", true)
+-            return process_instruction(start_position)
+            return process_instruction
+           elsif @source.match("<!", true)
+             if @source.match("--", true)
+               md = @source.match(/(.*?)-->/um, true)
+@@ -424,7 +423,7 @@ module REXML
+               raise REXML::ParseException.new( "Declarations can only occur "+
+                 "in the doctype declaration.", @source)
+             elsif @source.match("?", true)
+-              return process_instruction(start_position)
+              return process_instruction
+             else
+               # Get the next tag
+               md = @source.match(TAG_PATTERN, true)
+@@ -579,14 +578,14 @@ module REXML
+       def parse_name(base_error_message)
+         md = @source.match(NAME_PATTERN, true)
+         unless md
+-          if @source.match(/\s*\S/um)
+          if @source.match(/\S/um)
+             message = "#{base_error_message}: invalid name"
+           else
+             message = "#{base_error_message}: name is missing"
+           end
+           raise REXML::ParseException.new(message, @source)
+         end
+-        md[1]
+        md[0]
+       end
+ 
+       def parse_id(base_error_message,
+@@ -655,18 +654,24 @@ module REXML
+         end
+       end
+ 
+-      def process_instruction(start_position)
+-        match_data = @source.match(Private::INSTRUCTION_END, true)
+-        unless match_data
+-          message = "Invalid processing instruction node"
+-          @source.position = start_position
+-          raise REXML::ParseException.new(message, @source)
+      def process_instruction
+        name = parse_name("Malformed XML: Invalid processing instruction node")
+        if @source.match(/\s+/um, true)
+          match_data = @source.match(/(.*?)\?>/um, true)
+          unless match_data
+            raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
+          end
+          content = match_data[1]
+        else
+          content = nil
+          unless @source.match("?>", true)
+            raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
+          end
+         end
+-        if match_data[1] == "xml"
+        if name == "xml"
+           if @document_status
+             raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
+           end
+-          content = match_data[2]
+           version = VERSION.match(content)
+           version = version[1] unless version.nil?
+           encoding = ENCODING.match(content)
+@@ -681,7 +686,7 @@ module REXML
+           standalone = standalone[1] unless standalone.nil?
+           return [ :xmldecl, version, encoding, standalone ]
+         end
+-        [:processing_instruction, match_data[1], match_data[2]]
+        [:processing_instruction, name, content]
+       end
+ 
+       def parse_attributes(prefixes)
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index f967cc6948..f2f9c848f0 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -66,6 +66,11 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
           file://CVE-2024-39908-0010.patch \
           file://CVE-2024-39908-0011.patch \
           file://CVE-2024-39908-0012.patch \
+           file://CVE-2024-41123-0001.patch \
+           file://CVE-2024-41123-0002.patch \
+           file://CVE-2024-41123-0003.patch \
+           file://CVE-2024-41123-0004.patch \
+           file://CVE-2024-41123-0005.patch \
           "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
author	Divya Chellam <divya.chellam@windriver.com>	2025-11-20 15:07:22 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-12-01 06:50:49 -0800
commit	6639c7b29502bed5ce1bfb0abcfd4dc09b3e1da6 (patch)
tree	b37a3c727ab72195aa5d35ac8b9e917531ae9480 /meta/recipes-devtools/ruby
parent	7c4bd642e4ce30e2a7504fcd4fe12fca2f6b91e1 (diff)
download	poky-6639c7b29502bed5ce1bfb0abcfd4dc09b3e1da6.tar.gz

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch new file mode 100644 index 0000000000..c9d7ed2626 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
@@ -0,0 +1,44 @@
		1	From 2c39c91a65d69357cfbc35dd8079b3606d86bb70 Mon Sep 17 00:00:00 2001
		2	From: Watson <watson1978@gmail.com>
		3	Date: Fri, 19 Jul 2024 17:15:15 +0900
		4	Subject: [PATCH] Fix method scope in test in order to invoke the tests
		5	properly and fix exception message (#182)
		6
		7	This PR includes following two fixes.
		8
		9	1. The `test_empty` and `test_linear_performance_gt` were defined as
		10	private method. Seems that test-unit runner does not invoke private
		11	methods even if the methods have `test_` prefix.
		12	2. When parse malformed entity declaration, the exception might have the
		13	message about `NoMethodError`. The proper exception message will be
		14	contained by this fix.
		15
		16	CVE: CVE-2024-41123
		17
		18	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70]
		19
		20	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		21	---
		22	.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb \| 6 +++++-
		23	1 file changed, 5 insertions(+), 1 deletion(-)
		24
		25	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		26	index 4864ba1..451fbf8 100644
		27	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		28	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		29	@@ -308,7 +308,11 @@ module REXML
		30	raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
		31	return [ :elementdecl, "<!ELEMENT" + md[1] ]
		32	elsif @source.match("ENTITY", true)
		33	- match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
		34	+ match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
		35	+ unless match_data
		36	+ raise REXML::ParseException.new("Malformed entity declaration", @source)
		37	+ end
		38	+ match = [:entitydecl, *match_data.captures.compact]
		39	ref = false
		40	if match[1] == '%'
		41	ref = true
		42	--
		43	2.40.0
		44


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch new file mode 100644 index 0000000000..6c6c81d7f1 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
@@ -0,0 +1,37 @@
		1	From 4444a04ece4c02a7bd51e8c75623f22dc12d882b Mon Sep 17 00:00:00 2001
		2	From: Sutou Kouhei <kou@clear-code.com>
		3	Date: Sun, 2 Jun 2024 16:59:16 +0900
		4	Subject: [PATCH] Add missing encode for custom term
		5
		6	CVE: CVE-2024-41123
		7
		8	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b]
		9
		10	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		11	---
		12	.bundle/gems/rexml-3.2.5/lib/rexml/source.rb \| 2 ++
		13	1 file changed, 2 insertions(+)
		14
		15	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		16	index 08a035c..7be430a 100644
		17	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		18	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		19	@@ -160,6 +160,7 @@ module REXML
		20	end
		21
		22	def read(term = nil)
		23	+ term = encode(term) if term
		24	begin
		25	@scanner << readline(term)
		26	true
		27	@@ -171,6 +172,7 @@ module REXML
		28
		29	def read_until(term)
		30	pattern = Regexp.union(term)
		31	+ term = encode(term)
		32	data = []
		33	begin
		34	until str = @scanner.scan_until(pattern)
		35	--
		36	2.40.0
		37


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch new file mode 100644 index 0000000000..d31b77efbf --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
@@ -0,0 +1,55 @@
		1	From ebc3e85bfa2796fb4922c1932760bec8390ff87c Mon Sep 17 00:00:00 2001
		2	From: NAITOH Jun <naitoh@gmail.com>
		3	Date: Mon, 8 Jul 2024 05:54:06 +0900
		4	Subject: [PATCH] Add position check for XML declaration (#162)
		5
		6	XML declaration must be the first item.
		7
		8	https://www.w3.org/TR/2006/REC-xml11-20060816/#document
		9
		10	```
		11	[1] document ::= ( prolog element Misc* ) - ( Char* RestrictedChar Char* )
		12	```
		13
		14	https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-prolog
		15
		16	```
		17	[22] prolog ::= XMLDecl Misc* (doctypedecl Misc*)?
		18	```
		19
		20	https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-XMLDecl
		21
		22	```
		23	[23] XMLDecl ::= '<?xml' VersionInfo EncodingDecl? SDDecl? S? '?>'
		24	```
		25
		26	See: https://github.com/ruby/rexml/pull/161#discussion_r1666118193
		27
		28	CVE: CVE-2024-41123
		29
		30	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c]
		31
		32	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		33	---
		34	.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb \| 5 ++++-
		35	1 file changed, 4 insertions(+), 1 deletion(-)
		36
		37	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		38	index 451fbf8..71fce99 100644
		39	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		40	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		41	@@ -670,7 +670,10 @@ module REXML
		42	@source.position = start_position
		43	raise REXML::ParseException.new(message, @source)
		44	end
		45	- if @document_status.nil? and match_data[1] == "xml"
		46	+ if match_data[1] == "xml"
		47	+ if @document_status
		48	+ raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
		49	+ end
		50	content = match_data[2]
		51	version = VERSION.match(content)
		52	version = version[1] unless version.nil?
		53	--
		54	2.40.0
		55


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch new file mode 100644 index 0000000000..4d7603a5b9 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
@@ -0,0 +1,163 @@
		1	From 6cac15d45864c8d70904baa5cbfcc97181000960 Mon Sep 17 00:00:00 2001
		2	From: tomoya ishida <tomoyapenguin@gmail.com>
		3	Date: Thu, 1 Aug 2024 09:21:19 +0900
		4	Subject: [PATCH] Fix source.match performance without specifying term string
		5	(#186)
		6
		7	Performance problem of `source.match(regexp)` was recently fixed by
		8	specifying terminator string. However, I think maintaining appropriate
		9	terminator string for a regexp is hard.
		10	I propose solving this performance issue by increasing bytes to read in
		11	each iteration.
		12
		13	CVE: CVE-2024-41123
		14
		15	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960]
		16
		17	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		18	---
		19	.../lib/rexml/parsers/baseparser.rb \| 22 ++++++------------
		20	.bundle/gems/rexml-3.2.5/lib/rexml/source.rb \| 23 +++++++++++++++----
		21	2 files changed, 25 insertions(+), 20 deletions(-)
		22
		23	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		24	index 71fce99..c1a22b8 100644
		25	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		26	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		27	@@ -124,14 +124,6 @@ module REXML
		28	}
		29
		30	module Private
		31	- # Terminal requires two or more letters.
		32	- INSTRUCTION_TERM = "?>"
		33	- COMMENT_TERM = "-->"
		34	- CDATA_TERM = "]]>"
		35	- DOCTYPE_TERM = "]>"
		36	- # Read to the end of DOCTYPE because there is no proper ENTITY termination
		37	- ENTITY_TERM = DOCTYPE_TERM
		38	-
		39	INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
		40	TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
		41	CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
		42	@@ -244,7 +236,7 @@ module REXML
		43	return process_instruction(start_position)
		44	elsif @source.match("<!", true)
		45	if @source.match("--", true)
		46	- md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
		47	+ md = @source.match(/(.*?)-->/um, true)
		48	if md.nil?
		49	raise REXML::ParseException.new("Unclosed comment", @source)
		50	end
		51	@@ -308,7 +300,7 @@ module REXML
		52	raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
		53	return [ :elementdecl, "<!ELEMENT" + md[1] ]
		54	elsif @source.match("ENTITY", true)
		55	- match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
		56	+ match_data = @source.match(Private::ENTITYDECL_PATTERN, true)
		57	unless match_data
		58	raise REXML::ParseException.new("Malformed entity declaration", @source)
		59	end
		60	@@ -377,14 +369,14 @@ module REXML
		61	raise REXML::ParseException.new(message, @source)
		62	end
		63	return [:notationdecl, name, *id]
		64	- elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
		65	+ elsif md = @source.match(/--(.*?)-->/um, true)
		66	case md[1]
		67	when /--/, /-\z/
		68	raise REXML::ParseException.new("Malformed comment", @source)
		69	end
		70	return [ :comment, md[1] ] if md
		71	end
		72	- elsif match = @source.match(/(%.?;)\s/um, true, term: Private::DOCTYPE_TERM)
		73	+ elsif match = @source.match(/(%.?;)\s/um, true)
		74	return [ :externalentity, match[1] ]
		75	elsif @source.match(/\]\s*>/um, true)
		76	@document_status = :after_doctype
		77	@@ -417,7 +409,7 @@ module REXML
		78	#STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
		79	raise REXML::ParseException.new("Malformed node", @source) unless md
		80	if md[0][0] == ?-
		81	- md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
		82	+ md = @source.match(/--(.*?)-->/um, true)
		83
		84	case md[1]
		85	when /--/, /-\z/
		86	@@ -426,7 +418,7 @@ module REXML
		87
		88	return [ :comment, md[1] ] if md
		89	else
		90	- md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
		91	+ md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
		92	return [ :cdata, md[1] ] if md
		93	end
		94	raise REXML::ParseException.new( "Declarations can only occur "+
		95	@@ -664,7 +656,7 @@ module REXML
		96	end
		97
		98	def process_instruction(start_position)
		99	- match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
		100	+ match_data = @source.match(Private::INSTRUCTION_END, true)
		101	unless match_data
		102	message = "Invalid processing instruction node"
		103	@source.position = start_position
		104	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		105	index 7be430a..7c05cb5 100644
		106	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		107	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		108	@@ -72,7 +72,7 @@ module REXML
		109	@scanner.scan_until(Regexp.union(term)) or @scanner.rest
		110	end
		111
		112	- def match(pattern, cons=false, term: nil)
		113	+ def match(pattern, cons=false)
		114	if cons
		115	@scanner.scan(pattern).nil? ? nil : @scanner
		116	else
		117	@@ -159,10 +159,20 @@ module REXML
		118	end
		119	end
		120
		121	- def read(term = nil)
		122	+ def read(term = nil, min_bytes = 1)
		123	term = encode(term) if term
		124	begin
		125	- @scanner << readline(term)
		126	+ str = readline(term)
		127	+ @scanner << str
		128	+ read_bytes = str.bytesize
		129	+ begin
		130	+ while read_bytes < min_bytes
		131	+ str = readline(term)
		132	+ @scanner << str
		133	+ read_bytes += str.bytesize
		134	+ end
		135	+ rescue IOError
		136	+ end
		137	true
		138	rescue Exception, NameError
		139	@source = nil
		140	@@ -186,7 +196,9 @@ module REXML
		141	end
		142	end
		143
		144	- def match( pattern, cons=false, term: nil )
		145	+ def match( pattern, cons=false )
		146	+ # To avoid performance issue, we need to increase bytes to read per scan
		147	+ min_bytes = 1
		148	read if @scanner.eos? && @source
		149	while true
		150	if cons
		151	@@ -197,7 +209,8 @@ module REXML
		152	break if md
		153	return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
		154	return nil if @source.nil?
		155	- return nil unless read(term)
		156	+ return nil unless read(nil, min_bytes)
		157	+ min_bytes *= 2
		158	end
		159
		160	md.nil? ? nil : @scanner
		161	--
		162	2.40.0
		163


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch new file mode 100644 index 0000000000..3d79d07327 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
@@ -0,0 +1,111 @@
		1	From e2546e6ecade16b04c9ee528e5be8509fe16c2d6 Mon Sep 17 00:00:00 2001
		2	From: Sutou Kouhei <kou@clear-code.com>
		3	Date: Thu, 1 Aug 2024 11:23:43 +0900
		4	Subject: [PATCH] parse pi: improve invalid case detection
		5
		6	CVE: CVE-2024-41123
		7
		8	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6]
		9
		10	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		11	---
		12	.../lib/rexml/parsers/baseparser.rb \| 35 +++++++++++--------
		13	1 file changed, 20 insertions(+), 15 deletions(-)
		14
		15	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		16	index c1a22b8..0ece9b5 100644
		17	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		18	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		19	@@ -124,11 +124,10 @@ module REXML
		20	}
		21
		22	module Private
		23	- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
		24	TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
		25	CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
		26	ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})\s>/um
		27	- NAME_PATTERN = /\s*#{NAME}/um
		28	+ NAME_PATTERN = /#{NAME}/um
		29	GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
		30	PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
		31	ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})\|(?:#{PEDECL_PATTERN})/um
		32	@@ -233,7 +232,7 @@ module REXML
		33	if @document_status == nil
		34	start_position = @source.position
		35	if @source.match("<?", true)
		36	- return process_instruction(start_position)
		37	+ return process_instruction
		38	elsif @source.match("<!", true)
		39	if @source.match("--", true)
		40	md = @source.match(/(.*?)-->/um, true)
		41	@@ -424,7 +423,7 @@ module REXML
		42	raise REXML::ParseException.new( "Declarations can only occur "+
		43	"in the doctype declaration.", @source)
		44	elsif @source.match("?", true)
		45	- return process_instruction(start_position)
		46	+ return process_instruction
		47	else
		48	# Get the next tag
		49	md = @source.match(TAG_PATTERN, true)
		50	@@ -579,14 +578,14 @@ module REXML
		51	def parse_name(base_error_message)
		52	md = @source.match(NAME_PATTERN, true)
		53	unless md
		54	- if @source.match(/\s*\S/um)
		55	+ if @source.match(/\S/um)
		56	message = "#{base_error_message}: invalid name"
		57	else
		58	message = "#{base_error_message}: name is missing"
		59	end
		60	raise REXML::ParseException.new(message, @source)
		61	end
		62	- md[1]
		63	+ md[0]
		64	end
		65
		66	def parse_id(base_error_message,
		67	@@ -655,18 +654,24 @@ module REXML
		68	end
		69	end
		70
		71	- def process_instruction(start_position)
		72	- match_data = @source.match(Private::INSTRUCTION_END, true)
		73	- unless match_data
		74	- message = "Invalid processing instruction node"
		75	- @source.position = start_position
		76	- raise REXML::ParseException.new(message, @source)
		77	+ def process_instruction
		78	+ name = parse_name("Malformed XML: Invalid processing instruction node")
		79	+ if @source.match(/\s+/um, true)
		80	+ match_data = @source.match(/(.*?)\?>/um, true)
		81	+ unless match_data
		82	+ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
		83	+ end
		84	+ content = match_data[1]
		85	+ else
		86	+ content = nil
		87	+ unless @source.match("?>", true)
		88	+ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
		89	+ end
		90	end
		91	- if match_data[1] == "xml"
		92	+ if name == "xml"
		93	if @document_status
		94	raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
		95	end
		96	- content = match_data[2]
		97	version = VERSION.match(content)
		98	version = version[1] unless version.nil?
		99	encoding = ENCODING.match(content)
		100	@@ -681,7 +686,7 @@ module REXML
		101	standalone = standalone[1] unless standalone.nil?
		102	return [ :xmldecl, version, encoding, standalone ]
		103	end
		104	- [:processing_instruction, match_data[1], match_data[2]]
		105	+ [:processing_instruction, name, content]
		106	end
		107
		108	def parse_attributes(prefixes)
		109	--
		110	2.40.0
		111


diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index f967cc6948..f2f9c848f0 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -66,6 +66,11 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
66	file://CVE-2024-39908-0010.patch \	66	file://CVE-2024-39908-0010.patch \
67	file://CVE-2024-39908-0011.patch \	67	file://CVE-2024-39908-0011.patch \
68	file://CVE-2024-39908-0012.patch \	68	file://CVE-2024-39908-0012.patch \
		69	file://CVE-2024-41123-0001.patch \
		70	file://CVE-2024-41123-0002.patch \
		71	file://CVE-2024-41123-0003.patch \
		72	file://CVE-2024-41123-0004.patch \
		73	file://CVE-2024-41123-0005.patch \
69	"	74	"
70	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"	75	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
71		76