diff --git a/backport-CVE-2024-47889-test.patch b/backport-CVE-2024-47889-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..472cb566cd53238d37d791d768edb6b14e67608e --- /dev/null +++ b/backport-CVE-2024-47889-test.patch @@ -0,0 +1,21 @@ +diff --git a/actionmailer/test/mail_helper_test.rb b/actionmailer/test/mail_helper_test.rb +index a8ab19a95c0e3..e49eabdce8275 100644 +--- a/actionmailer/test/mail_helper_test.rb ++++ b/actionmailer/test/mail_helper_test.rb +@@ -121,4 +121,16 @@ def test_use_cache + assert_equal "Greetings from a cache helper block", mail.body.encoded + end + end ++ ++ def helper ++ Object.new.extend(ActionMailer::MailHelper) ++ end ++ ++ def test_block_format ++ assert_equal " * foo\n", helper.block_format(" * foo") ++ assert_equal " * foo\n", helper.block_format(" * foo") ++ assert_equal " * foo\n", helper.block_format("* foo") ++ assert_equal " * foo\n*bar", helper.block_format("* foo*bar") ++ assert_equal " * foo\n * bar\n", helper.block_format("* foo * bar") ++ end + end diff --git a/backport-CVE-2024-47889.patch b/backport-CVE-2024-47889.patch new file mode 100644 index 0000000000000000000000000000000000000000..c7f39517654ec9b0237b86f7f08c5dd79a0930b4 --- /dev/null +++ b/backport-CVE-2024-47889.patch @@ -0,0 +1,39 @@ +From 985f1923fa62806ff676e41de67c3b4552131ab9 Mon Sep 17 00:00:00 2001 +From: John Hawthorn +Date: Fri, 11 Oct 2024 00:34:14 -0700 +Subject: [PATCH] Avoid backtracking in ActionMailer block_format + +[CVE-2024-47889] + +Thanks to yuki_osaki and scyoon for reporting this vulnerability +--- + actionmailer/lib/action_mailer/mail_helper.rb | 14 +++++++++++--- + actionmailer/test/mail_helper_test.rb | 12 ++++++++++++ + 2 files changed, 23 insertions(+), 3 deletions(-) + +diff --git a/actionmailer/lib/action_mailer/mail_helper.rb b/actionmailer/lib/action_mailer/mail_helper.rb +index e7bed41f8d294..f527d5a59ebf5 100644 +--- a/actionmailer/lib/action_mailer/mail_helper.rb ++++ b/actionmailer/lib/action_mailer/mail_helper.rb +@@ -23,10 +23,18 @@ def block_format(text) + }.join("\n\n") + + # Make list points stand on their own line +- formatted.gsub!(/[ ]*([*]+) ([^*]*)/) { " #{$1} #{$2.strip}\n" } +- formatted.gsub!(/[ ]*([#]+) ([^#]*)/) { " #{$1} #{$2.strip}\n" } ++ output = +"" ++ splits = formatted.split(/(\*+|\#+)/) ++ while line = splits.shift ++ if line.start_with?("*", "#") && splits[0].start_with?(" ") ++ output.chomp!(" ") while output.end_with?(" ") ++ output << " #{line} #{splits.shift.strip}\n" ++ else ++ output << line ++ end ++ end + +- formatted ++ output + end + + # Access the mailer instance. diff --git a/rubygem-actionmailer.spec b/rubygem-actionmailer.spec index 3091f617bcf3e11af6bf83ec9652ebc849a4144d..24f1e9f912d4fe7f1cf4b61296110921e53f6c02 100644 --- a/rubygem-actionmailer.spec +++ b/rubygem-actionmailer.spec @@ -3,13 +3,15 @@ Name: rubygem-%{gem_name} Epoch: 1 Version: 6.1.4.1 -Release: 1 +Release: 2 Summary: Email composition and delivery framework (part of Rails) License: MIT URL: https://rubyonrails.org Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem Source1: actionmailer-%{version}-tests.txz Source2: rails-%{version}-tools.txz +Patch3000: backport-CVE-2024-47889.patch +Patch3001: backport-CVE-2024-47889-test.patch BuildRequires: ruby(release) BuildRequires: rubygems-devel @@ -34,6 +36,11 @@ Documentation for %{name}. %prep %setup -q -n %{gem_name}-%{version}%{?prerelease} -b1 -b2 +%patch3000 -p2 + +pushd %{_builddir} +%patch3001 -p2 +popd %build gem build ../%{gem_name}-%{version}%{?prerelease}.gemspec @@ -65,11 +72,14 @@ popd %doc %{gem_instdir}/README.rdoc %changelog -* Wed May 04 2022 wangkerong - 6.1.4.1-1 +* Thu Oct 17 2024 yaoxin - 1:6.1.4.1-2 +- Fix CVE-2024-47889 + +* Wed May 04 2022 wangkerong - 1:6.1.4.1-1 - Upgrade to 6.1.4.1 -* Mon Feb 8 2021 sunguoshuai - 5.2.4.4-1 +* Mon Feb 8 2021 sunguoshuai - 1:5.2.4.4-1 - Upgrade to 5.2.4.4 -* Sat Aug 8 2020 chengzihan - 5.2.3-1 +* Sat Aug 8 2020 chengzihan - 1:5.2.3-1 - Package init