diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2024-43398.patch b/meta/recipes-devtools/ruby/ruby/CVE-2024-43398.patch new file mode 100644 index 0000000000..02dc0a20be --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2024-43398.patch @@ -0,0 +1,81 @@ +From 7cb5eaeb221c322b9912f724183294d8ce96bae3 Mon Sep 17 00:00:00 2001 +From: Sutou Kouhei +Date: Sat, 17 Aug 2024 17:45:52 +0900 +Subject: [PATCH] parser tree: improve namespace conflicted attribute check + performance + +It was slow for deep element. + +Reported by l33thaxor. Thanks!!! + +The changes to the test folder files are not included in this patch +because the test folder was not generated during the devtool source build. + +CVE: CVE-2024-43398 + +Upstream-Status: Backport [https://github.com/ruby/rexml/commit/7cb5eaeb221c322b9912f724183294d8ce96bae3] + +Signed-off-by: Divya Chellam +--- + .bundle/gems/rexml-3.2.5/lib/rexml/element.rb | 11 ----------- + .../rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 15 +++++++++++++++ + 2 files changed, 15 insertions(+), 11 deletions(-) + +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb +index 4c21dbd..78e78c2 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/element.rb +@@ -2388,17 +2388,6 @@ module REXML + elsif old_attr.kind_of? Hash + old_attr[value.prefix] = value + elsif old_attr.prefix != value.prefix +- # Check for conflicting namespaces +- if value.prefix != "xmlns" and old_attr.prefix != "xmlns" +- old_namespace = old_attr.namespace +- new_namespace = value.namespace +- if old_namespace == new_namespace +- raise ParseException.new( +- "Namespace conflict in adding attribute \"#{value.name}\": "+ +- "Prefix \"#{old_attr.prefix}\" = \"#{old_namespace}\" and "+ +- "prefix \"#{value.prefix}\" = \"#{new_namespace}\"") +- end +- end + store value.name, {old_attr.prefix => old_attr, + value.prefix => value} + else +diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +index e32c7f4..154f2ac 100644 +--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb ++++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb +@@ -634,6 +634,7 @@ module REXML + + def parse_attributes(prefixes, curr_ns) + attributes = {} ++ expanded_names = {} + closed = false + match_data = @source.match(/^(.*?)(\/)?>/um, true) + if match_data.nil? +@@ -641,6 +642,20 @@ module REXML + raise REXML::ParseException.new(message, @source) + end + ++ unless prefix == "xmlns" ++ uri = @namespaces[prefix] ++ expanded_name = [uri, local_part] ++ existing_prefix = expanded_names[expanded_name] ++ if existing_prefix ++ message = "Namespace conflict in adding attribute " + ++ "\"#{local_part}\": " + ++ "Prefix \"#{existing_prefix}\" = \"#{uri}\" and " + ++ "prefix \"#{prefix}\" = \"#{uri}\"" ++ raise REXML::ParseException.new(message, @source, self) ++ end ++ expanded_names[expanded_name] = prefix ++ end ++ + raw_attributes = match_data[1] + closed = !match_data[2].nil? + return attributes, closed if raw_attributes.nil? +-- +2.40.0 + diff --git a/meta/recipes-devtools/ruby/ruby_3.1.3.bb b/meta/recipes-devtools/ruby/ruby_3.1.3.bb index 76e5ac81ed..ca061e7f70 100644 --- a/meta/recipes-devtools/ruby/ruby_3.1.3.bb +++ b/meta/recipes-devtools/ruby/ruby_3.1.3.bb @@ -48,6 +48,7 @@ SRC_URI = "http://cache.ruby-lang.org/pub/ruby/${SHRT_VER}/ruby-${PV}.tar.gz \ file://CVE-2024-41946.patch \ file://CVE-2025-27220.patch \ file://CVE-2025-27219.patch \ + file://CVE-2024-43398.patch \ " UPSTREAM_CHECK_URI = "https://www.ruby-lang.org/en/downloads/"