From 297dd3b0b14e3bafba22cb1d608d40bed24fe683 Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Wed, 3 Sep 2025 18:57:28 +0800
Subject: [PATCH] Fix-CVE-2025-59830

---
 CVE-2025-59830.patch | 41 +++++++++++++++++++++++++++++++++++++++++
 rubygem-rack.spec    |  9 ++++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2025-59830.patch

diff --git a/CVE-2025-59830.patch b/CVE-2025-59830.patch
new file mode 100644
index 0000000..9206a49
--- /dev/null
+++ b/CVE-2025-59830.patch
@@ -0,0 +1,41 @@
+From 54e4ffdd5affebcb0c015cc6ae74635c0831ed71 Mon Sep 17 00:00:00 2001
+From: Jeremy Evans <code@jeremyevans.net>
+Date: Thu, 25 Sep 2025 17:51:18 +0900
+Subject: [PATCH] Unbounded parameter parsing in `Rack::QueryParser`.
+
+---
+ CHANGELOG.md             | 4 ++++
+ lib/rack/query_parser.rb | 2 +-
+ 2 files changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+index 80f57c9..d99af35 100644
+--- a/CHANGELOG.md
++++ b/CHANGELOG.md
+@@ -2,6 +2,10 @@
+ 
+ All notable changes to this project will be documented in this file. For info on how to format all future additions to this file please reference [Keep A Changelog](https://keepachangelog.com/en/1.0.0/).
+ 
+++## [2.2.18] - 2025-09-25
++
++- [CVE-2025-59830](https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm) Unbounded parameter parsing in `Rack::QueryParser` can lead to memory exhaustion via semicolon-separated parameters.
++
+ ## [2.2.3.1] - 2022-05-27
+ 
+ - [CVE-2022-30123] Fix shell escaping issue in Common Logger
+diff --git a/lib/rack/query_parser.rb b/lib/rack/query_parser.rb
+index 4a02e37..f28d5be 100644
+--- a/lib/rack/query_parser.rb
++++ b/lib/rack/query_parser.rb
+@@ -187,7 +187,7 @@ module Rack
+           raise QueryLimitError, "total query size (#{qs.bytesize}) exceeds limit (#{@bytesize_limit})"
+         end
+ 
+-        if (param_count = qs.count(sep.is_a?(String) ? sep : '&')) >= @params_limit
++        if (param_count = qs.count(sep.is_a?(String) ? sep : '&;')) >= @params_limit
+           raise QueryLimitError, "total number of query parameters (#{param_count+1}) exceeds limit (#{@params_limit})"
+         end
+ 
+-- 
+2.46.0
+
diff --git a/rubygem-rack.spec b/rubygem-rack.spec
index cab1668..bcfd77a 100644
--- a/rubygem-rack.spec
+++ b/rubygem-rack.spec
@@ -4,7 +4,7 @@
 Name:    rubygem-%{gem_name}
 Version: 2.2.3.1
 Epoch:   1
-Release: 9
+Release: 10
 Summary: A modular Ruby webserver interface
 License: MIT and BSD
 URL:     https://rack.github.io/
@@ -21,6 +21,7 @@ Patch7: CVE-2025-27610.patch
 Patch8: CVE-2025-27111.patch
 Patch9: CVE-2025-25184.patch
 Patch10: CVE-2025-46727.patch
+Patch11: CVE-2025-59830.patch 
 
 BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 rubygem(concurrent-ruby)
 BuildRequires: memcached rubygem(memcache-client) rubygem(minitest)
@@ -110,6 +111,12 @@ popd
 %doc %{gem_instdir}/contrib
 
 %changelog
+* Sun Sep 28 2025 changtao <changtao@kylinos.cn> - 1:2.2.3.1-10
+- Type:CVES
+- ID:CVE-2025-59830
+- SUG:NA
+- DESC:CVE-2025-59830
+
 * Wed Aug 20 2025 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.3.1-9
 - Type:CVES
 - ID:CVE-2025-46727
-- 
Gitee