summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-devtools')
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch46
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch130
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch46
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch76
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch87
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch44
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch44
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch44
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch36
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch53
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch35
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch36
-rw-r--r--meta/recipes-devtools/ruby/ruby_3.1.3.bb12
13 files changed, 689 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
new file mode 100644
index 0000000000..44d3e1dffe
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0001.patch
@@ -0,0 +1,46 @@
1From f1df7d13b3e57a5e059273d2f0870163c08d7420 Mon Sep 17 00:00:00 2001
2From: Sutou Kouhei <kou@clear-code.com>
3Date: Mon, 20 May 2024 12:17:27 +0900
4Subject: [PATCH] Add support for old strscan
5
6Fix GH-132
7
8If we support old strscan, users can also use strscan installed as a
9default gem.
10
11Reported by Adam. Thanks!!!
12
13CVE: CVE-2024-39908
14
15Upstream-Status: Backport [https://github.com/ruby/rexml/commit/f1df7d13b3e57a5e059273d2f0870163c08d7420]
16
17Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
18---
19 .../gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 11 +++++++++++
20 1 file changed, 11 insertions(+)
21
22diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
23index eab942d..8ea8b43 100644
24--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
26@@ -7,6 +7,17 @@ require "strscan"
27
28 module REXML
29 module Parsers
30+ if StringScanner::Version < "3.0.8"
31+ module StringScannerCaptures
32+ refine StringScanner do
33+ def captures
34+ values_at(*(1...size))
35+ end
36+ end
37+ end
38+ using StringScannerCaptures
39+ end
40+
41 # = Using the Pull Parser
42 # <em>This API is experimental, and subject to change.</em>
43 # parser = PullParser.new( "<a>text<b att='val'/>txet</a>" )
44--
452.40.0
46
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
new file mode 100644
index 0000000000..25a9e70891
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0002.patch
@@ -0,0 +1,130 @@
1From d146162e9a61574499d10428bc0065754cd26601 Mon Sep 17 00:00:00 2001
2From: NAITOH Jun <naitoh@gmail.com>
3Date: Mon, 4 Mar 2024 05:24:53 +0900
4Subject: [PATCH] Remove `Source#string=` method (#117)
5
6We want to just change scan pointer.
7
8https://github.com/ruby/rexml/pull/114#discussion_r1501773803
9> I want to just change scan pointer (`StringScanner#pos=`) instead of
10changing `@scanner.string`.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/d146162e9a61574499d10428bc0065754cd26601]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .../lib/rexml/parsers/baseparser.rb | 19 +++++++++++--------
19 .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 8 ++++++--
20 2 files changed, 17 insertions(+), 10 deletions(-)
21
22diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
23index 8ea8b43..81415a8 100644
24--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
26@@ -231,8 +231,9 @@ module REXML
27 #STDERR.puts @source.encoding
28 #STDERR.puts "BUFFER = #{@source.buffer.inspect}"
29 if @document_status == nil
30+ start_position = @source.position
31 if @source.match("<?", true)
32- return process_instruction
33+ return process_instruction(start_position)
34 elsif @source.match("<!", true)
35 if @source.match("--", true)
36 return [ :comment, @source.match(/(.*?)-->/um, true)[1] ]
37@@ -244,7 +245,7 @@ module REXML
38 else
39 message = "#{base_error_message}: invalid name"
40 end
41- @source.string = "<!DOCTYPE" + @source.buffer
42+ @source.position = start_position
43 raise REXML::ParseException.new(message, @source)
44 end
45 name = parse_name(base_error_message)
46@@ -285,6 +286,7 @@ module REXML
47 end
48 if @document_status == :in_doctype
49 @source.match(/\s*/um, true) # skip spaces
50+ start_position = @source.position
51 if @source.match("<!", true)
52 if @source.match("ELEMENT", true)
53 md = @source.match(/(.*?)>/um, true)
54@@ -344,7 +346,7 @@ module REXML
55 else
56 message = "#{base_error_message}: invalid name"
57 end
58- @source.string = " <!NOTATION" + @source.buffer
59+ @source.position = start_position
60 raise REXML::ParseException.new(message, @source)
61 end
62 name = parse_name(base_error_message)
63@@ -374,6 +376,7 @@ module REXML
64 @source.match(/\s*/um, true)
65 end
66 begin
67+ start_position = @source.position
68 if @source.match("<", true)
69 if @source.match("/", true)
70 @namespaces_restore_stack.pop
71@@ -386,7 +389,7 @@ module REXML
72 if md.nil? or last_tag != md[1]
73 message = "Missing end tag for '#{last_tag}'"
74 message += " (got '#{md[1]}')" if md
75- @source.string = "</" + @source.buffer if md.nil?
76+ @source.position = start_position if md.nil?
77 raise REXML::ParseException.new(message, @source)
78 end
79 return [ :end_element, last_tag ]
80@@ -410,12 +413,12 @@ module REXML
81 raise REXML::ParseException.new( "Declarations can only occur "+
82 "in the doctype declaration.", @source)
83 elsif @source.match("?", true)
84- return process_instruction
85+ return process_instruction(start_position)
86 else
87 # Get the next tag
88 md = @source.match(TAG_PATTERN, true)
89 unless md
90- @source.string = "<" + @source.buffer
91+ @source.position = start_position
92 raise REXML::ParseException.new("malformed XML: missing tag start", @source)
93 end
94 tag = md[1]
95@@ -641,11 +644,11 @@ module REXML
96 end
97 end
98
99- def process_instruction
100+ def process_instruction(start_position)
101 match_data = @source.match(INSTRUCTION_END, true)
102 unless match_data
103 message = "Invalid processing instruction node"
104- @source.string = "<?" + @source.buffer
105+ @source.position = start_position
106 raise REXML::ParseException.new(message, @source)
107 end
108 if @document_status.nil? and match_data[1] == "xml"
109diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
110index 7132147..b20cc4f 100644
111--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
112+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
113@@ -80,8 +80,12 @@ module REXML
114 end
115 end
116
117- def string=(string)
118- @scanner.string = string
119+ def position
120+ @scanner.pos
121+ end
122+
123+ def position=(pos)
124+ @scanner.pos = pos
125 end
126
127 # @return true if the Source is exhausted
128--
1292.40.0
130
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
new file mode 100644
index 0000000000..4208555c3c
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0003.patch
@@ -0,0 +1,46 @@
1From b5bf109a599ea733663150e99c09eb44046b41dd Mon Sep 17 00:00:00 2001
2From: Hiroya Fujinami <make.just.on@gmail.com>
3Date: Thu, 13 Jun 2024 15:12:32 +0900
4Subject: [PATCH] Add a "malformed comment" check for top-level comments (#145)
5
6This check was missing. Therefore, `REXML::Document.new("<!--")` raised
7the ``undefined method `[]' for nil`` error, for example.
8
9This PR also adds tests for "malformed comment" checks.
10
11---------
12
13Co-authored-by: Sutou Kouhei <kou@cozmixng.org>
14
15CVE: CVE-2024-39908
16
17Upstream-Status: Backport [https://github.com/ruby/rexml/commit/b5bf109a599ea733663150e99c09eb44046b41dd]
18
19Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
20---
21 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 9 ++++++++-
22 1 file changed, 8 insertions(+), 1 deletion(-)
23
24diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25index 81415a8..49c313c 100644
26--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
27+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
28@@ -236,7 +236,14 @@ module REXML
29 return process_instruction(start_position)
30 elsif @source.match("<!", true)
31 if @source.match("--", true)
32- return [ :comment, @source.match(/(.*?)-->/um, true)[1] ]
33+ md = @source.match(/(.*?)-->/um, true)
34+ if md.nil?
35+ raise REXML::ParseException.new("Unclosed comment", @source)
36+ end
37+ if /--|-\z/.match?(md[1])
38+ raise REXML::ParseException.new("Malformed comment", @source)
39+ end
40+ return [ :comment, md[1] ]
41 elsif @source.match("DOCTYPE", true)
42 base_error_message = "Malformed DOCTYPE"
43 unless @source.match(/\s+/um, true)
44--
452.40.0
46
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
new file mode 100644
index 0000000000..11a4c1ca54
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0004.patch
@@ -0,0 +1,76 @@
1From b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 10:48:53 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 inside `<?xml` (#170)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/b8a5f4cd5c8fe29c65d7a00e67170223d9d2b50e]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
19 .bundle/gems/rexml-3.2.5/lib/rexml/source.rb | 6 +++---
20 2 files changed, 5 insertions(+), 4 deletions(-)
21
22diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
23index 49c313c..767e134 100644
24--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
26@@ -125,6 +125,7 @@ module REXML
27
28 module Private
29 INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
30+ INSTRUCTION_TERM = "?>"
31 TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
32 CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
33 ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
34@@ -652,7 +653,7 @@ module REXML
35 end
36
37 def process_instruction(start_position)
38- match_data = @source.match(INSTRUCTION_END, true)
39+ match_data = @source.match(Private::INSTRUCTION_END, true, term: Private::INSTRUCTION_TERM)
40 unless match_data
41 message = "Invalid processing instruction node"
42 @source.position = start_position
43diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
44index b20cc4f..08a035c 100644
45--- a/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
46+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/source.rb
47@@ -72,7 +72,7 @@ module REXML
48 @scanner.scan_until(Regexp.union(term)) or @scanner.rest
49 end
50
51- def match(pattern, cons=false)
52+ def match(pattern, cons=false, term: nil)
53 if cons
54 @scanner.scan(pattern).nil? ? nil : @scanner
55 else
56@@ -184,7 +184,7 @@ module REXML
57 end
58 end
59
60- def match( pattern, cons=false )
61+ def match( pattern, cons=false, term: nil )
62 read if @scanner.eos? && @source
63 while true
64 if cons
65@@ -195,7 +195,7 @@ module REXML
66 break if md
67 return nil if pattern.is_a?(String) && pattern.bytesize <= @scanner.rest_size
68 return nil if @source.nil?
69- return nil unless read
70+ return nil unless read(term)
71 end
72
73 md.nil? ? nil : @scanner
74--
752.40.0
76
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
new file mode 100644
index 0000000000..0726927865
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0005.patch
@@ -0,0 +1,87 @@
1From 0af55fa49d4c9369f90f239a9571edab800ed36e Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 10:57:39 +0900
4Subject: [PATCH] Fix ReDoS caused by very large character references using
5 repeated 0s (#169)
6
7This patch will fix the ReDoS that is caused by large string of 0s on a
8character reference (like `&#00000000...`).
9
10This is occurred in Ruby 3.1 or earlier.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/0af55fa49d4c9369f90f239a9571edab800ed36e]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/text.rb | 48 +++++++++++++++-------
19 1 file changed, 34 insertions(+), 14 deletions(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
22index 050b09c..0957d70 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/text.rb
25@@ -151,25 +151,45 @@ module REXML
26 end
27 end
28
29- # context sensitive
30- string.scan(pattern) do
31- if $1[-1] != ?;
32- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
33- elsif $1[0] == ?&
34- if $5 and $5[0] == ?#
35- case ($5[1] == ?x ? $5[2..-1].to_i(16) : $5[1..-1].to_i)
36- when *VALID_CHAR
37+ pos = 0
38+ while (index = string.index(/<|&/, pos))
39+ if string[index] == "<"
40+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
41+ end
42+
43+ unless (end_index = string.index(/[^\s];/, index + 1))
44+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
45+ end
46+
47+ value = string[(index + 1)..end_index]
48+ if /\s/.match?(value)
49+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
50+ end
51+
52+ if value[0] == "#"
53+ character_reference = value[1..-1]
54+
55+ unless (/\A(\d+|x[0-9a-fA-F]+)\z/.match?(character_reference))
56+ if character_reference[0] == "x" || character_reference[-1] == "x"
57+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
58 else
59- raise "Illegal character #{$1.inspect} in raw string #{string.inspect}"
60+ raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
61 end
62- # FIXME: below can't work but this needs API change.
63- # elsif @parent and $3 and !SUBSTITUTES.include?($1)
64- # if !doctype or !doctype.entities.has_key?($3)
65- # raise "Undeclared entity '#{$1}' in raw string \"#{string}\""
66- # end
67 end
68+
69+ case (character_reference[0] == "x" ? character_reference[1..-1].to_i(16) : character_reference[0..-1].to_i)
70+ when *VALID_CHAR
71+ else
72+ raise "Illegal character #{string.inspect} in raw string #{string.inspect}"
73+ end
74+ elsif !(/\A#{Entity::NAME}\z/um.match?(value))
75+ raise "Illegal character \"#{string[index]}\" in raw string #{string.inspect}"
76 end
77+
78+ pos = end_index + 1
79 end
80+
81+ string
82 end
83
84 def node_type
85--
862.40.0
87
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
new file mode 100644
index 0000000000..9d78112edd
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0006.patch
@@ -0,0 +1,44 @@
1From c1b64c174ec2e8ca2174c51332670e3be30c865f Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 10:57:50 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 inside comments (#171)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/c1b64c174ec2e8ca2174c51332670e3be30c865f]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
19 1 file changed, 2 insertions(+), 1 deletion(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
22index 767e134..81753ad 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25@@ -126,6 +126,7 @@ module REXML
26 module Private
27 INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
28 INSTRUCTION_TERM = "?>"
29+ COMMENT_TERM = "-->"
30 TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
31 CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
32 ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
33@@ -237,7 +238,7 @@ module REXML
34 return process_instruction(start_position)
35 elsif @source.match("<!", true)
36 if @source.match("--", true)
37- md = @source.match(/(.*?)-->/um, true)
38+ md = @source.match(/(.*?)-->/um, true, term: Private::COMMENT_TERM)
39 if md.nil?
40 raise REXML::ParseException.new("Unclosed comment", @source)
41 end
42--
432.40.0
44
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
new file mode 100644
index 0000000000..bb2325bbbd
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch
@@ -0,0 +1,44 @@
1From 9f1415a2616c77cad44a176eee90e8457b4774b6 Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 11:04:40 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 inside `CDATA [ PAYLOAD ]` (#172)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
19 1 file changed, 2 insertions(+), 1 deletion(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
22index 81753ad..c907f8c 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25@@ -127,6 +127,7 @@ module REXML
26 INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
27 INSTRUCTION_TERM = "?>"
28 COMMENT_TERM = "-->"
29+ CDATA_TERM = "]]>"
30 TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
31 CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
32 ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
33@@ -416,7 +417,7 @@ module REXML
34
35 return [ :comment, md[1] ] if md
36 else
37- md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
38+ md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
39 return [ :cdata, md[1] ] if md
40 end
41 raise REXML::ParseException.new( "Declarations can only occur "+
42--
432.40.0
44
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
new file mode 100644
index 0000000000..e9413ba2c0
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0008.patch
@@ -0,0 +1,44 @@
1From c33ea498102be65082940e8b7d6d31cb2c6e6ee2 Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 11:11:17 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 after ` <!DOCTYPE name` (#173)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/c33ea498102be65082940e8b7d6d31cb2c6e6ee2]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
19 1 file changed, 2 insertions(+), 1 deletion(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
22index c907f8c..5391e0a 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25@@ -128,6 +128,7 @@ module REXML
26 INSTRUCTION_TERM = "?>"
27 COMMENT_TERM = "-->"
28 CDATA_TERM = "]]>"
29+ DOCTYPE_TERM = "]>"
30 TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
31 CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
32 ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
33@@ -375,7 +376,7 @@ module REXML
34 end
35 return [ :comment, md[1] ] if md
36 end
37- elsif match = @source.match(/(%.*?;)\s*/um, true)
38+ elsif match = @source.match(/(%.*?;)\s*/um, true, term: Private::DOCTYPE_TERM)
39 return [ :externalentity, match[1] ]
40 elsif @source.match(/\]\s*>/um, true)
41 @document_status = :after_doctype
42--
432.40.0
44
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
new file mode 100644
index 0000000000..1de0551879
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0009.patch
@@ -0,0 +1,36 @@
1From a79ac8b4b42a9efabe33a0be31bd82d33fd50347 Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 11:18:11 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 inside `<!DOCTYPE root [<!-- PAYLOAD -->]>` (#174)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/a79ac8b4b42a9efabe33a0be31bd82d33fd50347]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
22index 5391e0a..c22b632 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25@@ -369,7 +369,7 @@ module REXML
26 raise REXML::ParseException.new(message, @source)
27 end
28 return [:notationdecl, name, *id]
29- elsif md = @source.match(/--(.*?)-->/um, true)
30+ elsif md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
31 case md[1]
32 when /--/, /-\z/
33 raise REXML::ParseException.new("Malformed comment", @source)
34--
352.40.0
36
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
new file mode 100644
index 0000000000..a46ba171de
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0010.patch
@@ -0,0 +1,53 @@
1From 67efb5951ed09dbb575c375b130a1e469f437d1f Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 11:26:57 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 inside `<!DOCTYPE name [<!ENTITY>]>` (#175)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/67efb5951ed09dbb575c375b130a1e469f437d1f]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 8 ++++++--
19 1 file changed, 6 insertions(+), 2 deletions(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
22index c22b632..c4de254 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25@@ -124,11 +124,15 @@ module REXML
26 }
27
28 module Private
29- INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
30+ # Terminal requires two or more letters.
31 INSTRUCTION_TERM = "?>"
32 COMMENT_TERM = "-->"
33 CDATA_TERM = "]]>"
34 DOCTYPE_TERM = "]>"
35+ # Read to the end of DOCTYPE because there is no proper ENTITY termination
36+ ENTITY_TERM = DOCTYPE_TERM
37+
38+ INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
39 TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
40 CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
41 ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
42@@ -304,7 +308,7 @@ module REXML
43 raise REXML::ParseException.new( "Bad ELEMENT declaration!", @source ) if md.nil?
44 return [ :elementdecl, "<!ELEMENT" + md[1] ]
45 elsif @source.match("ENTITY", true)
46- match = [:entitydecl, *@source.match(ENTITYDECL_PATTERN, true).captures.compact]
47+ match = [:entitydecl, *@source.match(Private::ENTITYDECL_PATTERN, true, term: Private::ENTITY_TERM).captures.compact]
48 ref = false
49 if match[1] == '%'
50 ref = true
51--
522.40.0
53
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
new file mode 100644
index 0000000000..505007af9a
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0011.patch
@@ -0,0 +1,35 @@
1From 1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2 Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 11:35:41 +0900
4Subject: [PATCH] Fix ReDoS by using repeated space characters inside
5 `<!DOCTYPE name [<!ATTLIST>]>` (#176)
6
7Fix performance by removing unnecessary spaces.
8
9This is occurred in Ruby 3.1 or earlier.
10
11CVE: CVE-2024-39908
12
13Upstream-Status: Backport [https://github.com/ruby/rexml/commit/1f1e6e9b40bf339894e843dfd679c2fb1a5ddbf2]
14
15Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
16---
17 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +-
18 1 file changed, 1 insertion(+), 1 deletion(-)
19
20diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
21index c4de254..a9b1b44 100644
22--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
23+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24@@ -340,7 +340,7 @@ module REXML
25 contents = md[0]
26
27 pairs = {}
28- values = md[0].scan( ATTDEF_RE )
29+ values = md[0].strip.scan( ATTDEF_RE )
30 values.each do |attdef|
31 unless attdef[3] == "#IMPLIED"
32 attdef.compact!
33--
342.40.0
35
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
new file mode 100644
index 0000000000..5a7cbe18dc
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0012.patch
@@ -0,0 +1,36 @@
1From 910e5a2b487cb5a30989884a39f9cad2cc499cfc Mon Sep 17 00:00:00 2001
2From: Watson <watson1978@gmail.com>
3Date: Tue, 16 Jul 2024 11:36:05 +0900
4Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
5 inside `<xml><!-- --></xml>` (#177)
6
7A `<` is treated as a string delimiter.
8In certain cases, if `<` is used in succession, read and match are
9repeated, which slows down the process. Therefore, the following is used
10to read ahead to a specific part of the string in advance.
11
12CVE: CVE-2024-39908
13
14Upstream-Status: Backport [https://github.com/ruby/rexml/commit/910e5a2b487cb5a30989884a39f9cad2cc499cfc]
15
16Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
17---
18 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 2 +-
19 1 file changed, 1 insertion(+), 1 deletion(-)
20
21diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
22index a9b1b44..4864ba1 100644
23--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
24+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
25@@ -413,7 +413,7 @@ module REXML
26 #STDERR.puts "SOURCE BUFFER = #{source.buffer}, #{source.buffer.size}"
27 raise REXML::ParseException.new("Malformed node", @source) unless md
28 if md[0][0] == ?-
29- md = @source.match(/--(.*?)-->/um, true)
30+ md = @source.match(/--(.*?)-->/um, true, term: Private::COMMENT_TERM)
31
32 case md[1]
33 when /--/, /-\z/
34--
352.40.0
36
diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
index 6a381b2e40..f967cc6948 100644
--- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb
@@ -54,6 +54,18 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \
54 file://CVE-2025-27221-0001.patch \ 54 file://CVE-2025-27221-0001.patch \
55 file://CVE-2025-27221-0002.patch \ 55 file://CVE-2025-27221-0002.patch \
56 file://CVE-2024-35176.patch \ 56 file://CVE-2024-35176.patch \
57 file://CVE-2024-39908-0001.patch \
58 file://CVE-2024-39908-0002.patch \
59 file://CVE-2024-39908-0003.patch \
60 file://CVE-2024-39908-0004.patch \
61 file://CVE-2024-39908-0005.patch \
62 file://CVE-2024-39908-0006.patch \
63 file://CVE-2024-39908-0007.patch \
64 file://CVE-2024-39908-0008.patch \
65 file://CVE-2024-39908-0009.patch \
66 file://CVE-2024-39908-0010.patch \
67 file://CVE-2024-39908-0011.patch \
68 file://CVE-2024-39908-0012.patch \
57 " 69 "
58UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/" 70UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"
59 71
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-23 02:18:01 +0000