diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-07-21 20:47:34 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-07-21 20:47:34 +0100 |
commit | 1e3cb587fdf303df9aeb0b00a1a45585e18f6134 (patch) | |
tree | a35eca5f8860350c790edbcd0aa96ef4fa1200aa /dev-ruby/redcloth/files | |
parent | d3f42b1ace45210af6c1b0c1970d626d411b15e0 (diff) |
gentoo auto-resync : 21:07:2023 - 20:47:34
Diffstat (limited to 'dev-ruby/redcloth/files')
-rw-r--r-- | dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch | 22 | ||||
-rw-r--r-- | dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch | 22 |
2 files changed, 44 insertions, 0 deletions
diff --git a/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch new file mode 100644 index 000000000000..f5de833dafb3 --- /dev/null +++ b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-1.patch @@ -0,0 +1,22 @@ +From 8d3b5c730596d254d0bbcfbab52f4158f03397b3 Mon Sep 17 00:00:00 2001 +From: Kornelius Kalnbach <murphy@rubychan.de> +Date: Wed, 28 Jun 2023 17:24:55 +0200 +Subject: [PATCH] make regex faster with Atomic Grouping + +--- + lib/redcloth/formatters/html.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb +index b241c99..aaeae34 100644 +--- a/lib/redcloth/formatters/html.rb ++++ b/lib/redcloth/formatters/html.rb +@@ -324,7 +324,7 @@ def before_transform(text) + # Clean unauthorized tags. + def clean_html( text, allowed_tags = BASIC_TAGS ) + text.gsub!( /<!\[CDATA\[/, '' ) +- text.gsub!( /<(\/*)([A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m| ++ text.gsub!( /<(\/*)(?>[A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m| + raw = $~ + tag = raw[2].downcase + if allowed_tags.has_key? tag diff --git a/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch new file mode 100644 index 000000000000..fd8de28f0e71 --- /dev/null +++ b/dev-ruby/redcloth/files/redcloth-4.3.2-cve-2023-31606-2.patch @@ -0,0 +1,22 @@ +From 7429f32bdac4fccf9f5ab702afc9c47092a7b3df Mon Sep 17 00:00:00 2001 +From: Kornelius Kalnbach <murphy@rubychan.de> +Date: Thu, 29 Jun 2023 00:31:50 +0200 +Subject: [PATCH] simplify fix + +--- + lib/redcloth/formatters/html.rb | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/redcloth/formatters/html.rb b/lib/redcloth/formatters/html.rb +index aaeae34..396c2d0 100644 +--- a/lib/redcloth/formatters/html.rb ++++ b/lib/redcloth/formatters/html.rb +@@ -324,7 +324,7 @@ def before_transform(text) + # Clean unauthorized tags. + def clean_html( text, allowed_tags = BASIC_TAGS ) + text.gsub!( /<!\[CDATA\[/, '' ) +- text.gsub!( /<(\/*)(?>[A-Za-z]\w*)([^>]*?)(\s?\/?)>/ ) do |m| ++ text.gsub!( /<(\/*)([A-Za-z]\w*+)([^>]*?)(\s?\/?)>/ ) do |m| + raw = $~ + tag = raw[2].downcase + if allowed_tags.has_key? tag |