From c804292faf623f1ce8ed6ef86c7318f6d3dd4e63 Mon Sep 17 00:00:00 2001 From: wang--ge Date: Fri, 11 Nov 2022 16:00:32 +0800 Subject: [PATCH] fix build failure due to libxml fixed CVE (cherry picked from commit d95de0c631001d361efeba8529979fd2f25afda4) --- rubygem-nokogiri.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/rubygem-nokogiri.spec b/rubygem-nokogiri.spec index 176a295..84216d0 100644 --- a/rubygem-nokogiri.spec +++ b/rubygem-nokogiri.spec @@ -7,13 +7,14 @@ Summary: An HTML, XML, SAX, and Reader parser Name: rubygem-%{gem_name} Version: %{mainver} -Release: 1 -License: MIT and ASL 2.0 +Release: 2 +License: MIT and Apache-2.0 URL: https://nokogiri.org Source0: https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem Source1: rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz BuildRequires: ruby(release) ruby(rubygems) rubygem(minitest) rubygems-devel +BuildRequires: rubygem(did_you_mean) Obsoletes: ruby-%{gem_name} <= 1.5.2-2 BuildRequires: gcc libxml2-devel libxslt-devel ruby-devel glibc-all-langpacks rubygem(racc) Requires: rubygem(racc) @@ -68,6 +69,8 @@ sed -i \ gumbo-parser/src/Makefile \ -e 's|^\(CFLAGS.*=.*\)$|\1 -fPIC|' env LANG=C.UTF-8 gem build %{gem_name}-%{version}.gemspec +#CVE-2022-40303 https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986 +sed -i 's/assert_predicate(handler.errors, :empty?)/assert_match(\/CData section too big\/, handler.errors.first)/g' nokogiri-1.13.7/test/xml/sax/test_parser.rb %build export NOKOGIRI_USE_SYSTEM_LIBRARIES=yes @@ -160,6 +163,9 @@ popd %{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/ %changelog +* Fri Nov 11 2022 Ge Wang - 1.13.7-2 +- fix build failure due to libxml fixed CVE + * Thu Jul 14 2022 Ge Wang - 1.13.7-1 - update to 1.13.7 -- Gitee