From fabe4a81df2792b464f0135f4516eeda46307a1b Mon Sep 17 00:00:00 2001
From: wszlight <wushaozheng@ncti-gba.cn>
Date: Tue, 21 Feb 2023 03:05:01 +0000
Subject: [PATCH] CVE-2023-22796

update cev num

update spec

(cherry picked from commit a5dd8df398d9bff8dc96ddc2f84959d93b6ca711)
---
 CVE-2023-22796.patch       | 27 +++++++++++++++++++++++++++
 rubygem-activesupport.spec |  8 +++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-22796.patch

diff --git a/CVE-2023-22796.patch b/CVE-2023-22796.patch
new file mode 100644
index 0000000..6d48383
--- /dev/null
+++ b/CVE-2023-22796.patch
@@ -0,0 +1,27 @@
+From a7cda7e6aa5334ab41b1f4b0f671be931be946ef Mon Sep 17 00:00:00 2001
+From: John Hawthorn <john@hawthorn.email>
+Date: Wed, 11 Jan 2023 10:14:55 -0800
+Subject: [PATCH] Avoid regex backtracking in Inflector.underscore
+
+[CVE-2023-22796]
+---
+ activesupport/lib/active_support/inflector/methods.rb | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb b/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb
+index ad136532bf..acb86fe1a4 100644
+--- a/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb
++++ b/activesupport-6.1.4.1/lib/active_support/inflector/methods.rb
+@@ -93,8 +93,7 @@ def underscore(camel_cased_word)
+       return camel_cased_word unless /[A-Z-]|::/.match?(camel_cased_word)
+       word = camel_cased_word.to_s.gsub("::", "/")
+       word.gsub!(inflections.acronyms_underscore_regex) { "#{$1 && '_' }#{$2.downcase}" }
+-      word.gsub!(/([A-Z\d]+)([A-Z][a-z])/, '\1_\2')
+-      word.gsub!(/([a-z\d])([A-Z])/, '\1_\2')
++      word.gsub!(/([A-Z])(?=[A-Z][a-z])|([a-z\d])(?=[A-Z])/) { ($1 || $2) << "_" }
+       word.tr!("-", "_")
+       word.downcase!
+       word
+-- 
+2.35.1
+
diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec
index 65d2692..bc741d2 100644
--- a/rubygem-activesupport.spec
+++ b/rubygem-activesupport.spec
@@ -2,7 +2,7 @@
 Name:                rubygem-%{gem_name}
 Epoch:               1
 Version:             6.1.4.1
-Release:             2
+Release:             3
 Summary:             A support libraries and Ruby core extensions extracted from the Rails framework
 License:             MIT
 URL:                 http://rubyonrails.org
@@ -10,6 +10,7 @@ Source0:             https://rubygems.org/gems/%{gem_name}-%{version}.gem
 Source1:             %{gem_name}-%{version}-tests.txz
 Source2:             rails-%{version}-tools.txz
 Patch0:              Add-support-dalli-3.2.2.patch
+Patch1:	  	     CVE-2023-22796.patch
 Requires:            rubygem(bigdecimal) rubygem(json)
 BuildRequires:       ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder)
 BuildRequires:       rubygem(concurrent-ruby) rubygem(connection_pool) rubygem(dalli)
@@ -33,6 +34,8 @@ Documentation for %{name}.
 pushd %{_builddir}/test
 %patch0 -p1
 popd
+%patch1 -p2
+
 
 %build
 gem build ../%{gem_name}-%{version}.gemspec
@@ -76,6 +79,9 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Tue Feb 21 2023 wushaozheng <wushaozheng@ncti-gba.cn> - 1:6.1.4.1-3
+- fix CVE-2023-22796 
+
 * Tue Jul 05 2022 liyanan <liyanan32@h-partners.com> - 6.1.4.1-2
 - Add support dalli 3.2.2
 
-- 
Gitee