6 files changed, 415 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
new file mode 100644
index 0000000000..c9d7ed2626
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
@@ -0,0 +1,44 @@
+From 2c39c91a65d69357cfbc35dd8079b3606d86bb70 Mon Sep 17 00:00:00 2001
+From: Watson <watson1978@gmail.com>
+Date: Fri, 19 Jul 2024 17:15:15 +0900
+Subject: [PATCH] Fix method scope in test in order to invoke the tests
+ properly and fix exception message (#182)
+This PR includes following two fixes.
+1. The `test_empty` and `test_linear_performance_gt` were defined as
+private method. Seems that test-unit runner does not invoke private
+methods even if the methods have `test_` prefix.
+2. When parse malformed entity declaration, the exception might have the
+message about `NoMethodError`. The proper exception message will be
+contained by this fix.
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 4864ba1..451fbf8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -308,7 +308,11 @@ module REXML
+               raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+               return [ :elementdecl, "<!ELEMENT" + md[1] ]
+             elsif @source.match("ENTITY", true)
+-              match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
+              match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
+              unless match_data
+                raise REXML::ParseException.new("Malformed entity declaration", @source)
+              end
+              match = [:entitydecl, *match_data.captures.compact]
+               ref = false
+               if match[1] == '%'
+                 ref = true
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
new file mode 100644
index 0000000000..6c6c81d7f1
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
@@ -0,0 +1,37 @@
+From 4444a04ece4c02a7bd51e8c75623f22dc12d882b Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Sun, 2 Jun 2024 16:59:16 +0900
+Subject: [PATCH] Add missing encode for custom term
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 08a035c..7be430a 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -160,6 +160,7 @@ module REXML
+     end
+ 
+     def read(term = nil)
+      term = encode(term) if term
+       begin
+         @scanner << readline(term)
+         true
+@@ -171,6 +172,7 @@ module REXML
+ 
+     def read_until(term)
+       pattern = Regexp.union(term)
+      term = encode(term)
+       data = []
+       begin
+         until str = @scanner.scan_until(pattern)
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
new file mode 100644
index 0000000000..d31b77efbf
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
@@ -0,0 +1,55 @@
+From ebc3e85bfa2796fb4922c1932760bec8390ff87c Mon Sep 17 00:00:00 2001
+From: NAITOH Jun <naitoh@gmail.com>
+Date: Mon, 8 Jul 2024 05:54:06 +0900
+Subject: [PATCH] Add position check for XML declaration (#162)
+XML declaration must be the first item.
+https://www.w3.org/TR/2006/REC-xml11-20060816/#document
+```
+[1]   document   ::=   ( prolog element Misc* ) - ( Char* RestrictedChar Char* )
+```
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-prolog
+```
+[22]   prolog   ::=     XMLDecl Misc* (doctypedecl Misc*)?
+```
+https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-XMLDecl
+```
+[23]   XMLDecl  ::=   '<?xml' VersionInfo EncodingDecl? SDDecl? S? '?>'
+```
+See: https://github.com/ruby/rexml/pull/161#discussion_r1666118193
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 451fbf8..71fce99 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -670,7 +670,10 @@ module REXML
+           @source.position = start_position
+           raise REXML::ParseException.new(message, @source)
+         end
+-        if @document_status.nil? and match_data[1] == "xml"
+        if match_data[1] == "xml"
+          if @document_status
+            raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
+          end
+           content = match_data[2]
+           version = VERSION.match(content)
+           version = version[1] unless version.nil?
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
new file mode 100644
index 0000000000..4d7603a5b9
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
@@ -0,0 +1,163 @@
+From 6cac15d45864c8d70904baa5cbfcc97181000960 Mon Sep 17 00:00:00 2001
+From: tomoya ishida <tomoyapenguin@gmail.com>
+Date: Thu, 1 Aug 2024 09:21:19 +0900
+Subject: [PATCH] Fix source.match performance without specifying term string
+ (#186)
+Performance problem of `source.match(regexp)` was recently fixed by
+specifying terminator string. However, I think maintaining appropriate
+terminator string for a regexp is hard.
+I propose solving this performance issue by increasing bytes to read in
+each iteration.
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb           | 22 ++++++------------
+ .bundle/gems/rexml-3.2.5/lib/rexml/source.rb  | 23 +++++++++++++++----
+ 2 files changed, 25 insertions(+), 20 deletions(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index 71fce99..c1a22b8 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,14 +124,6 @@ module REXML
+       }
+ 
+       module Private
+-        # Terminal requires two or more letters.
+-        INSTRUCTION_TERM = "?>"
+-        COMMENT_TERM = "-->"
+-        CDATA_TERM = "]]>"
+-        DOCTYPE_TERM = "]>"
+-        # Read to the end of DOCTYPE because there is no proper ENTITY termination
+-        ENTITY_TERM = DOCTYPE_TERM
+-
+         INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+@@ -244,7 +236,7 @@ module REXML
+             return process_instruction(start_position)
+           elsif @source.match("<!", true)
+             if @source.match("--", true)
+-              md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
+              md = @source.match(/(.*?)-->/um, true)
+               if md.nil?
+                 raise REXML::ParseException.new("Unclosed comment", @source)
+               end
+@@ -308,7 +300,7 @@ module REXML
+               raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
+               return [ :elementdecl, "<!ELEMENT" + md[1] ]
+             elsif @source.match("ENTITY", true)
+-              match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
+              match_data = @source.match(Private::ENTITYDECL_PATTERN, true)
+               unless match_data
+                 raise REXML::ParseException.new("Malformed entity declaration", @source)
+               end
+@@ -377,14 +369,14 @@ module REXML
+                 raise REXML::ParseException.new(message, @source)
+               end
+               return [:notationdecl, name, *id]
+-            elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
+            elsif md = @source.match(/--(.*?)-->/um, true)
+               case md[1]
+               when /--/, /-\z/
+                 raise REXML::ParseException.new("Malformed comment", @source)
+               end
+               return [ :comment, md[1] ] if md
+             end
+-          elsif match = @source.match(/(%.*?;)\s*/um, true, term: Private::DOCTYPE_TERM)
+          elsif match = @source.match(/(%.*?;)\s*/um, true)
+             return [ :externalentity, match[1] ]
+           elsif @source.match(/\]\s*>/um, true)
+             @document_status = :after_doctype
+@@ -417,7 +409,7 @@ module REXML
+               #STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
+               raise REXML::ParseException.new("Malformed node", @source) unless md
+               if md[0][0] == ?-
+-                md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
+                md = @source.match(/--(.*?)-->/um, true)
+ 
+                 case md[1]
+                 when /--/, /-\z/
+@@ -426,7 +418,7 @@ module REXML
+ 
+                 return [ :comment, md[1] ] if md
+               else
+-                md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
+                md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
+                 return [ :cdata, md[1] ] if md
+               end
+               raise REXML::ParseException.new( "Declarations can only occur "+
+@@ -664,7 +656,7 @@ module REXML
+       end
+ 
+       def process_instruction(start_position)
+-        match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
+        match_data = @source.match(Private::INSTRUCTION_END, true)
+         unless match_data
+           message = "Invalid processing instruction node"
+           @source.position = start_position
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+index 7be430a..7c05cb5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
+@@ -72,7 +72,7 @@ module REXML
+       @scanner.scan_until(Regexp.union(term)) or @scanner.rest
+     end
+ 
+-    def match(pattern, cons=false, term: nil)
+    def match(pattern, cons=false)
+       if cons
+         @scanner.scan(pattern).nil? ? nil : @scanner
+       else
+@@ -159,10 +159,20 @@ module REXML
+       end
+     end
+ 
+-    def read(term = nil)
+    def read(term = nil, min_bytes = 1)
+       term = encode(term) if term
+       begin
+-        @scanner << readline(term)
+        str = readline(term)
+        @scanner << str
+        read_bytes = str.bytesize
+        begin
+          while read_bytes < min_bytes
+            str = readline(term)
+            @scanner << str
+            read_bytes += str.bytesize
+          end
+        rescue IOError
+        end
+         true
+       rescue Exception, NameError
+         @source = nil
+@@ -186,7 +196,9 @@ module REXML
+       end
+     end
+ 
+-    def match( pattern, cons=false, term: nil )
+    def match( pattern, cons=false )
+      # To avoid performance issue, we need to increase bytes to read per scan
+      min_bytes = 1
+       read if @scanner.eos? && @source
+       while true
+         if cons
+@@ -197,7 +209,8 @@ module REXML
+         break if md
+         return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
+         return nil if @source.nil?
+-        return nil unless read(term)
+        return nil unless read(nil, min_bytes)
+        min_bytes *= 2
+       end
+ 
+       md.nil? ? nil : @scanner
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
new file mode 100644
index 0000000000..3d79d07327
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
@@ -0,0 +1,111 @@
+From e2546e6ecade16b04c9ee528e5be8509fe16c2d6 Mon Sep 17 00:00:00 2001
+From: Sutou Kouhei <kou@clear-code.com>
+Date: Thu, 1 Aug 2024 11:23:43 +0900
+Subject: [PATCH] parse pi: improve invalid case detection
+CVE: CVE-2024-41123
+Upstream-Status: Backport [https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6]
+Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
+---
+ .../lib/rexml/parsers/baseparser.rb           | 35 +++++++++++--------
+ 1 file changed, 20 insertions(+), 15 deletions(-)
+diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+index c1a22b8..0ece9b5 100644
+--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+@@ -124,11 +124,10 @@ module REXML
+       }
+ 
+       module Private
+-        INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
+         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
+         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
+         ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
+-        NAME_PATTERN = /\s*#{NAME}/um
+        NAME_PATTERN = /#{NAME}/um
+         GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
+         PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
+         ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})|(?:#{PEDECL_PATTERN})/um
+@@ -233,7 +232,7 @@ module REXML
+         if @document_status == nil
+           start_position = @source.position
+           if @source.match("<?", true)
+-            return process_instruction(start_position)
+            return process_instruction
+           elsif @source.match("<!", true)
+             if @source.match("--", true)
+               md = @source.match(/(.*?)-->/um, true)
+@@ -424,7 +423,7 @@ module REXML
+               raise REXML::ParseException.new( "Declarations can only occur "+
+                 "in the doctype declaration.", @source)
+             elsif @source.match("?", true)
+-              return process_instruction(start_position)
+              return process_instruction
+             else
+               # Get the next tag
+               md = @source.match(TAG_PATTERN, true)
+@@ -579,14 +578,14 @@ module REXML
+       def parse_name(base_error_message)
+         md = @source.match(NAME_PATTERN, true)
+         unless md
+-          if @source.match(/\s*\S/um)
+          if @source.match(/\S/um)
+             message = "#{base_error_message}: invalid name"
+           else
+             message = "#{base_error_message}: name is missing"
+           end
+           raise REXML::ParseException.new(message, @source)
+         end
+-        md[1]
+        md[0]
+       end
+ 
+       def parse_id(base_error_message,
+@@ -655,18 +654,24 @@ module REXML
+         end
+       end
+ 
+-      def process_instruction(start_position)
+-        match_data = @source.match(Private::INSTRUCTION_END, true)
+-        unless match_data
+-          message = "Invalid processing instruction node"
+-          @source.position = start_position
+-          raise REXML::ParseException.new(message, @source)
+      def process_instruction
+        name = parse_name("Malformed XML: Invalid processing instruction node")
+        if @source.match(/\s+/um, true)
+          match_data = @source.match(/(.*?)\?>/um, true)
+          unless match_data
+            raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
+          end
+          content = match_data[1]
+        else
+          content = nil
+          unless @source.match("?>", true)
+            raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
+          end
+         end
+-        if match_data[1] == "xml"
+        if name == "xml"
+           if @document_status
+             raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
+           end
+-          content = match_data[2]
+           version = VERSION.match(content)
+           version = version[1] unless version.nil?
+           encoding = ENCODING.match(content)
+@@ -681,7 +686,7 @@ module REXML
+           standalone = standalone[1] unless standalone.nil?
+           return [ :xmldecl, version, encoding, standalone ]
+         end
+-        [:processing_instruction, match_data[1], match_data[2]]
+        [:processing_instruction, name, content]
+       end
+ 
+       def parse_attributes(prefixes)
+-- 
+2.40.0
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index f967cc6948..f2f9c848f0 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -66,6 +66,11 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
           file://CVE-2024-39908-0010.patch \
           file://CVE-2024-39908-0011.patch \
           file://CVE-2024-39908-0012.patch \
+           file://CVE-2024-41123-0001.patch \
+           file://CVE-2024-41123-0002.patch \
+           file://CVE-2024-41123-0003.patch \
+           file://CVE-2024-41123-0004.patch \
+           file://CVE-2024-41123-0005.patch \
           "
 UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch new file mode 100644 index 0000000000..c9d7ed2626 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0001.patch
@@ -0,0 +1,44 @@
		1	From 2c39c91a65d69357cfbc35dd8079b3606d86bb70 Mon Sep 17 00:00:00 2001
		2	From: Watson <watson1978@gmail.com>
		3	Date: Fri, 19 Jul 2024 17:15:15 +0900
		4	Subject: [PATCH] Fix method scope in test in order to invoke the tests
		5	properly and fix exception message (#182)
		6
		7	This PR includes following two fixes.
		8
		9	1. The `test_empty` and `test_linear_performance_gt` were defined as
		10	private method. Seems that test-unit runner does not invoke private
		11	methods even if the methods have `test_` prefix.
		12	2. When parse malformed entity declaration, the exception might have the
		13	message about `NoMethodError`. The proper exception message will be
		14	contained by this fix.
		15
		16	CVE: CVE-2024-41123
		17
		18	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/2c39c91a65d69357cfbc35dd8079b3606d86bb70]
		19
		20	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		21	---
		22	.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb \| 6 +++++-
		23	1 file changed, 5 insertions(+), 1 deletion(-)
		24
		25	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		26	index 4864ba1..451fbf8 100644
		27	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		28	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		29	@@ -308,7 +308,11 @@ module REXML
		30	raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
		31	return [ :elementdecl, "<!ELEMENT" + md[1] ]
		32	elsif @source.match("ENTITY", true)
		33	- match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
		34	+ match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
		35	+ unless match_data
		36	+ raise REXML::ParseException.new("Malformed entity declaration", @source)
		37	+ end
		38	+ match = [:entitydecl, *match_data.captures.compact]
		39	ref = false
		40	if match[1] == '%'
		41	ref = true
		42	--
		43	2.40.0
		44


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch new file mode 100644 index 0000000000..6c6c81d7f1 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0002.patch
@@ -0,0 +1,37 @@
		1	From 4444a04ece4c02a7bd51e8c75623f22dc12d882b Mon Sep 17 00:00:00 2001
		2	From: Sutou Kouhei <kou@clear-code.com>
		3	Date: Sun, 2 Jun 2024 16:59:16 +0900
		4	Subject: [PATCH] Add missing encode for custom term
		5
		6	CVE: CVE-2024-41123
		7
		8	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/4444a04ece4c02a7bd51e8c75623f22dc12d882b]
		9
		10	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		11	---
		12	.bundle/gems/rexml-3.2.5/lib/rexml/source.rb \| 2 ++
		13	1 file changed, 2 insertions(+)
		14
		15	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		16	index 08a035c..7be430a 100644
		17	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		18	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		19	@@ -160,6 +160,7 @@ module REXML
		20	end
		21
		22	def read(term = nil)
		23	+ term = encode(term) if term
		24	begin
		25	@scanner << readline(term)
		26	true
		27	@@ -171,6 +172,7 @@ module REXML
		28
		29	def read_until(term)
		30	pattern = Regexp.union(term)
		31	+ term = encode(term)
		32	data = []
		33	begin
		34	until str = @scanner.scan_until(pattern)
		35	--
		36	2.40.0
		37


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch new file mode 100644 index 0000000000..d31b77efbf --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0003.patch
@@ -0,0 +1,55 @@
		1	From ebc3e85bfa2796fb4922c1932760bec8390ff87c Mon Sep 17 00:00:00 2001
		2	From: NAITOH Jun <naitoh@gmail.com>
		3	Date: Mon, 8 Jul 2024 05:54:06 +0900
		4	Subject: [PATCH] Add position check for XML declaration (#162)
		5
		6	XML declaration must be the first item.
		7
		8	https://www.w3.org/TR/2006/REC-xml11-20060816/#document
		9
		10	```
		11	[1] document ::= ( prolog element Misc* ) - ( Char* RestrictedChar Char* )
		12	```
		13
		14	https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-prolog
		15
		16	```
		17	[22] prolog ::= XMLDecl Misc* (doctypedecl Misc*)?
		18	```
		19
		20	https://www.w3.org/TR/2006/REC-xml11-20060816/#NT-XMLDecl
		21
		22	```
		23	[23] XMLDecl ::= '<?xml' VersionInfo EncodingDecl? SDDecl? S? '?>'
		24	```
		25
		26	See: https://github.com/ruby/rexml/pull/161#discussion_r1666118193
		27
		28	CVE: CVE-2024-41123
		29
		30	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/ebc3e85bfa2796fb4922c1932760bec8390ff87c]
		31
		32	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		33	---
		34	.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb \| 5 ++++-
		35	1 file changed, 4 insertions(+), 1 deletion(-)
		36
		37	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		38	index 451fbf8..71fce99 100644
		39	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		40	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		41	@@ -670,7 +670,10 @@ module REXML
		42	@source.position = start_position
		43	raise REXML::ParseException.new(message, @source)
		44	end
		45	- if @document_status.nil? and match_data[1] == "xml"
		46	+ if match_data[1] == "xml"
		47	+ if @document_status
		48	+ raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
		49	+ end
		50	content = match_data[2]
		51	version = VERSION.match(content)
		52	version = version[1] unless version.nil?
		53	--
		54	2.40.0
		55


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch new file mode 100644 index 0000000000..4d7603a5b9 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0004.patch
@@ -0,0 +1,163 @@
		1	From 6cac15d45864c8d70904baa5cbfcc97181000960 Mon Sep 17 00:00:00 2001
		2	From: tomoya ishida <tomoyapenguin@gmail.com>
		3	Date: Thu, 1 Aug 2024 09:21:19 +0900
		4	Subject: [PATCH] Fix source.match performance without specifying term string
		5	(#186)
		6
		7	Performance problem of `source.match(regexp)` was recently fixed by
		8	specifying terminator string. However, I think maintaining appropriate
		9	terminator string for a regexp is hard.
		10	I propose solving this performance issue by increasing bytes to read in
		11	each iteration.
		12
		13	CVE: CVE-2024-41123
		14
		15	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/6cac15d45864c8d70904baa5cbfcc97181000960]
		16
		17	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		18	---
		19	.../lib/rexml/parsers/baseparser.rb \| 22 ++++++------------
		20	.bundle/gems/rexml-3.2.5/lib/rexml/source.rb \| 23 +++++++++++++++----
		21	2 files changed, 25 insertions(+), 20 deletions(-)
		22
		23	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		24	index 71fce99..c1a22b8 100644
		25	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		26	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		27	@@ -124,14 +124,6 @@ module REXML
		28	}
		29
		30	module Private
		31	- # Terminal requires two or more letters.
		32	- INSTRUCTION_TERM = "?>"
		33	- COMMENT_TERM = "-->"
		34	- CDATA_TERM = "]]>"
		35	- DOCTYPE_TERM = "]>"
		36	- # Read to the end of DOCTYPE because there is no proper ENTITY termination
		37	- ENTITY_TERM = DOCTYPE_TERM
		38	-
		39	INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
		40	TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
		41	CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
		42	@@ -244,7 +236,7 @@ module REXML
		43	return process_instruction(start_position)
		44	elsif @source.match("<!", true)
		45	if @source.match("--", true)
		46	- md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
		47	+ md = @source.match(/(.*?)-->/um, true)
		48	if md.nil?
		49	raise REXML::ParseException.new("Unclosed comment", @source)
		50	end
		51	@@ -308,7 +300,7 @@ module REXML
		52	raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
		53	return [ :elementdecl, "<!ELEMENT" + md[1] ]
		54	elsif @source.match("ENTITY", true)
		55	- match_data = @source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM)
		56	+ match_data = @source.match(Private::ENTITYDECL_PATTERN, true)
		57	unless match_data
		58	raise REXML::ParseException.new("Malformed entity declaration", @source)
		59	end
		60	@@ -377,14 +369,14 @@ module REXML
		61	raise REXML::ParseException.new(message, @source)
		62	end
		63	return [:notationdecl, name, *id]
		64	- elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
		65	+ elsif md = @source.match(/--(.*?)-->/um, true)
		66	case md[1]
		67	when /--/, /-\z/
		68	raise REXML::ParseException.new("Malformed comment", @source)
		69	end
		70	return [ :comment, md[1] ] if md
		71	end
		72	- elsif match = @source.match(/(%.?;)\s/um, true, term: Private::DOCTYPE_TERM)
		73	+ elsif match = @source.match(/(%.?;)\s/um, true)
		74	return [ :externalentity, match[1] ]
		75	elsif @source.match(/\]\s*>/um, true)
		76	@document_status = :after_doctype
		77	@@ -417,7 +409,7 @@ module REXML
		78	#STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
		79	raise REXML::ParseException.new("Malformed node", @source) unless md
		80	if md[0][0] == ?-
		81	- md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
		82	+ md = @source.match(/--(.*?)-->/um, true)
		83
		84	case md[1]
		85	when /--/, /-\z/
		86	@@ -426,7 +418,7 @@ module REXML
		87
		88	return [ :comment, md[1] ] if md
		89	else
		90	- md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
		91	+ md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
		92	return [ :cdata, md[1] ] if md
		93	end
		94	raise REXML::ParseException.new( "Declarations can only occur "+
		95	@@ -664,7 +656,7 @@ module REXML
		96	end
		97
		98	def process_instruction(start_position)
		99	- match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
		100	+ match_data = @source.match(Private::INSTRUCTION_END, true)
		101	unless match_data
		102	message = "Invalid processing instruction node"
		103	@source.position = start_position
		104	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		105	index 7be430a..7c05cb5 100644
		106	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		107	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
		108	@@ -72,7 +72,7 @@ module REXML
		109	@scanner.scan_until(Regexp.union(term)) or @scanner.rest
		110	end
		111
		112	- def match(pattern, cons=false, term: nil)
		113	+ def match(pattern, cons=false)
		114	if cons
		115	@scanner.scan(pattern).nil? ? nil : @scanner
		116	else
		117	@@ -159,10 +159,20 @@ module REXML
		118	end
		119	end
		120
		121	- def read(term = nil)
		122	+ def read(term = nil, min_bytes = 1)
		123	term = encode(term) if term
		124	begin
		125	- @scanner << readline(term)
		126	+ str = readline(term)
		127	+ @scanner << str
		128	+ read_bytes = str.bytesize
		129	+ begin
		130	+ while read_bytes < min_bytes
		131	+ str = readline(term)
		132	+ @scanner << str
		133	+ read_bytes += str.bytesize
		134	+ end
		135	+ rescue IOError
		136	+ end
		137	true
		138	rescue Exception, NameError
		139	@source = nil
		140	@@ -186,7 +196,9 @@ module REXML
		141	end
		142	end
		143
		144	- def match( pattern, cons=false, term: nil )
		145	+ def match( pattern, cons=false )
		146	+ # To avoid performance issue, we need to increase bytes to read per scan
		147	+ min_bytes = 1
		148	read if @scanner.eos? && @source
		149	while true
		150	if cons
		151	@@ -197,7 +209,8 @@ module REXML
		152	break if md
		153	return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
		154	return nil if @source.nil?
		155	- return nil unless read(term)
		156	+ return nil unless read(nil, min_bytes)
		157	+ min_bytes *= 2
		158	end
		159
		160	md.nil? ? nil : @scanner
		161	--
		162	2.40.0
		163


diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch new file mode 100644 index 0000000000..3d79d07327 --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-41123-0005.patch
@@ -0,0 +1,111 @@
		1	From e2546e6ecade16b04c9ee528e5be8509fe16c2d6 Mon Sep 17 00:00:00 2001
		2	From: Sutou Kouhei <kou@clear-code.com>
		3	Date: Thu, 1 Aug 2024 11:23:43 +0900
		4	Subject: [PATCH] parse pi: improve invalid case detection
		5
		6	CVE: CVE-2024-41123
		7
		8	Upstream-Status: Backport [https://github.com/ruby/rexml/commit/e2546e6ecade16b04c9ee528e5be8509fe16c2d6]
		9
		10	Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
		11	---
		12	.../lib/rexml/parsers/baseparser.rb \| 35 +++++++++++--------
		13	1 file changed, 20 insertions(+), 15 deletions(-)
		14
		15	diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		16	index c1a22b8..0ece9b5 100644
		17	--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		18	+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
		19	@@ -124,11 +124,10 @@ module REXML
		20	}
		21
		22	module Private
		23	- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
		24	TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
		25	CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
		26	ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})\s>/um
		27	- NAME_PATTERN = /\s*#{NAME}/um
		28	+ NAME_PATTERN = /#{NAME}/um
		29	GEDECL_PATTERN = "\\s+#{NAME}\\s+#{ENTITYDEF}\\s*>"
		30	PEDECL_PATTERN = "\\s+(%)\\s+#{NAME}\\s+#{PEDEF}\\s*>"
		31	ENTITYDECL_PATTERN = /(?:#{GEDECL_PATTERN})\|(?:#{PEDECL_PATTERN})/um
		32	@@ -233,7 +232,7 @@ module REXML
		33	if @document_status == nil
		34	start_position = @source.position
		35	if @source.match("<?", true)
		36	- return process_instruction(start_position)
		37	+ return process_instruction
		38	elsif @source.match("<!", true)
		39	if @source.match("--", true)
		40	md = @source.match(/(.*?)-->/um, true)
		41	@@ -424,7 +423,7 @@ module REXML
		42	raise REXML::ParseException.new( "Declarations can only occur "+
		43	"in the doctype declaration.", @source)
		44	elsif @source.match("?", true)
		45	- return process_instruction(start_position)
		46	+ return process_instruction
		47	else
		48	# Get the next tag
		49	md = @source.match(TAG_PATTERN, true)
		50	@@ -579,14 +578,14 @@ module REXML
		51	def parse_name(base_error_message)
		52	md = @source.match(NAME_PATTERN, true)
		53	unless md
		54	- if @source.match(/\s*\S/um)
		55	+ if @source.match(/\S/um)
		56	message = "#{base_error_message}: invalid name"
		57	else
		58	message = "#{base_error_message}: name is missing"
		59	end
		60	raise REXML::ParseException.new(message, @source)
		61	end
		62	- md[1]
		63	+ md[0]
		64	end
		65
		66	def parse_id(base_error_message,
		67	@@ -655,18 +654,24 @@ module REXML
		68	end
		69	end
		70
		71	- def process_instruction(start_position)
		72	- match_data = @source.match(Private::INSTRUCTION_END, true)
		73	- unless match_data
		74	- message = "Invalid processing instruction node"
		75	- @source.position = start_position
		76	- raise REXML::ParseException.new(message, @source)
		77	+ def process_instruction
		78	+ name = parse_name("Malformed XML: Invalid processing instruction node")
		79	+ if @source.match(/\s+/um, true)
		80	+ match_data = @source.match(/(.*?)\?>/um, true)
		81	+ unless match_data
		82	+ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
		83	+ end
		84	+ content = match_data[1]
		85	+ else
		86	+ content = nil
		87	+ unless @source.match("?>", true)
		88	+ raise ParseException.new("Malformed XML: Unclosed processing instruction", @source)
		89	+ end
		90	end
		91	- if match_data[1] == "xml"
		92	+ if name == "xml"
		93	if @document_status
		94	raise ParseException.new("Malformed XML: XML declaration is not at the start", @source)
		95	end
		96	- content = match_data[2]
		97	version = VERSION.match(content)
		98	version = version[1] unless version.nil?
		99	encoding = ENCODING.match(content)
		100	@@ -681,7 +686,7 @@ module REXML
		101	standalone = standalone[1] unless standalone.nil?
		102	return [ :xmldecl, version, encoding, standalone ]
		103	end
		104	- [:processing_instruction, match_data[1], match_data[2]]
		105	+ [:processing_instruction, name, content]
		106	end
		107
		108	def parse_attributes(prefixes)
		109	--
		110	2.40.0
		111


diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index f967cc6948..f2f9c848f0 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -66,6 +66,11 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
66	file://CVE-2024-39908-0010.patch \	66	file://CVE-2024-39908-0010.patch \
67	file://CVE-2024-39908-0011.patch \	67	file://CVE-2024-39908-0011.patch \
68	file://CVE-2024-39908-0012.patch \	68	file://CVE-2024-39908-0012.patch \
		69	file://CVE-2024-41123-0001.patch \
		70	file://CVE-2024-41123-0002.patch \
		71	file://CVE-2024-41123-0003.patch \
		72	file://CVE-2024-41123-0004.patch \
		73	file://CVE-2024-41123-0005.patch \
69	"	74	"
70	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"	75	UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
71		76