From 54ae05473ff6623467b36d7325622095be00a27f Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Wed, 26 Jun 2024 15:14:11 +0800
Subject: [PATCH] Fix CVE-2023-28120

(cherry picked from commit 45c8c8d25b8c4349604be55f949c21fd34b85cb4)
---
 CVE-2023-28120-test.patch  | 51 ++++++++++++++++++++++++++++++++++++++
 CVE-2023-28120.patch       | 25 +++++++++++++++++++
 rubygem-activesupport.spec | 10 +++++++-
 3 files changed, 85 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2023-28120-test.patch
 create mode 100644 CVE-2023-28120.patch

diff --git a/CVE-2023-28120-test.patch b/CVE-2023-28120-test.patch
new file mode 100644
index 0000000..5edc50a
--- /dev/null
+++ b/CVE-2023-28120-test.patch
@@ -0,0 +1,51 @@
+From 3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 Mon Sep 17 00:00:00 2001
+From: Akira Matsuda <ronnie@dio.jp>
+Date: Thu, 5 Jan 2023 05:25:37 +0900
+Subject: [PATCH] Implement SafeBuffer#bytesplice
+
+---
+ .../core_ext/string/output_safety.rb          |  4 +++
+ .../test/core_ext/string_ext_test.rb          | 30 +++++++++++++++++++
+ 2 files changed, 34 insertions(+)
+
+diff --git a/activesupport/test/core_ext/string_ext_test.rb b/activesupport/test/core_ext/string_ext_test.rb
+index a51f2f64cbe27..c436821c94a0b 100644
+--- a/activesupport/test/core_ext/string_ext_test.rb
++++ b/activesupport/test/core_ext/string_ext_test.rb
+@@ -987,6 +987,36 @@ def to_s
+     assert_predicate string, :html_safe?
+   end
+ 
++  if "".respond_to?(:bytesplice)
++    test "Bytesplicing safe into safe yields safe" do
++      string = "hello".html_safe
++      string.bytesplice(0, 0, "<b>".html_safe)
++
++      assert_equal "<b>hello", string
++      assert_predicate string, :html_safe?
++
++      string = "hello".html_safe
++      string.bytesplice(0..1, "<b>".html_safe)
++
++      assert_equal "<b>llo", string
++      assert_predicate string, :html_safe?
++    end
++
++    test "Bytesplicing unsafe into safe yields escaped safe" do
++      string = "hello".html_safe
++      string.bytesplice(1, 0, "<b>")
++
++      assert_equal "h&lt;b&gt;ello", string
++      assert_predicate string, :html_safe?
++
++      string = "hello".html_safe
++      string.bytesplice(1..2, "<b>")
++
++      assert_equal "h&lt;b&gt;lo", string
++      assert_predicate string, :html_safe?
++    end
++  end
++
+   test "emits normal string yaml" do
+     assert_equal "foo".to_yaml, "foo".html_safe.to_yaml(foo: 1)
+   end
diff --git a/CVE-2023-28120.patch b/CVE-2023-28120.patch
new file mode 100644
index 0000000..b57fe9b
--- /dev/null
+++ b/CVE-2023-28120.patch
@@ -0,0 +1,25 @@
+From 3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 Mon Sep 17 00:00:00 2001
+From: Akira Matsuda <ronnie@dio.jp>
+Date: Thu, 5 Jan 2023 05:25:37 +0900
+Subject: [PATCH] Implement SafeBuffer#bytesplice
+
+---
+ .../core_ext/string/output_safety.rb          |  4 +++
+ .../test/core_ext/string_ext_test.rb          | 30 +++++++++++++++++++
+ 2 files changed, 34 insertions(+)
+
+diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
+index 8a06ccdd8e385..a627540a353db 100644
+--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
++++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
+@@ -216,6 +216,10 @@ def concat(value)
+     end
+     alias << concat
+ 
++    def bytesplice(*args, value)
++      super(*args, implicit_html_escape_interpolated_argument(value))
++    end
++
+     def insert(index, value)
+       super(index, html_escape_interpolated_argument(value))
+     end
diff --git a/rubygem-activesupport.spec b/rubygem-activesupport.spec
index 87612b1..6a04ba8 100644
--- a/rubygem-activesupport.spec
+++ b/rubygem-activesupport.spec
@@ -2,7 +2,7 @@
 Name:                rubygem-%{gem_name}
 Epoch:               1
 Version:             6.1.4.1
-Release:             7
+Release:             8
 Summary:             A support libraries and Ruby core extensions extracted from the Rails framework
 License:             MIT
 URL:                 http://rubyonrails.org
@@ -16,6 +16,9 @@ Patch3:              CVE-2023-38037-test.patch
 # https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb
 # https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545
 Patch3000:           CVE-2022-23633.patch
+# https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70
+Patch3001:           CVE-2023-28120.patch
+Patch3002:           CVE-2023-28120-test.patch
 Requires:            rubygem(bigdecimal) rubygem(json)
 BuildRequires:       ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(bigdecimal) rubygem(builder)
 BuildRequires:       rubygem(concurrent-ruby) rubygem(connection_pool) rubygem(dalli)
@@ -39,10 +42,12 @@ Documentation for %{name}.
 pushd %{_builddir}/test
 %patch0 -p1
 %patch3 -p3
+%patch3002 -p3
 popd
 %patch1 -p2
 %patch2 -p2
 %patch3000 -p1
+%patch3001 -p2
 
 %build
 gem build ../%{gem_name}-%{version}.gemspec
@@ -90,6 +95,9 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Wed Jun 26 2024 wangkai <13474090681@163.com> - 1:6.1.4.1-8
+- Fix CVE-2023-28120
+
 * Tue Jun 25 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:6.1.4.1-7
 - Type:CVES
 - ID:CVE-2022-23633
-- 
Gitee