| 1 |
commit: 0ab47c621f6211b455352604a9c776bbc4f601ba |
| 2 |
Author: Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com> |
| 3 |
AuthorDate: Mon Aug 7 15:56:04 2017 +0000 |
| 4 |
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed Aug 9 06:21:13 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ab47c62 |
| 7 |
|
| 8 |
dev-ruby/activesupport: remove unused patch. |
| 9 |
|
| 10 |
Closes: https://github.com/gentoo/gentoo/pull/5338 |
| 11 |
|
| 12 |
dev-ruby/activesupport/files/4-1-xml_depth.patch | 114 ----------------------- |
| 13 |
1 file changed, 114 deletions(-) |
| 14 |
|
| 15 |
diff --git a/dev-ruby/activesupport/files/4-1-xml_depth.patch b/dev-ruby/activesupport/files/4-1-xml_depth.patch |
| 16 |
deleted file mode 100644 |
| 17 |
index 29bc4d2ec72..00000000000 |
| 18 |
--- a/dev-ruby/activesupport/files/4-1-xml_depth.patch |
| 19 |
+++ /dev/null |
| 20 |
@@ -1,114 +0,0 @@ |
| 21 |
-From eb4f1d6a02e9557b97cdbed76157dc5a625cdb82 Mon Sep 17 00:00:00 2001 |
| 22 |
-From: Aaron Patterson <aaron.patterson@×××××.com> |
| 23 |
-Date: Tue, 9 Jun 2015 11:24:25 -0700 |
| 24 |
-Subject: [PATCH] enforce a depth limit on XML documents |
| 25 |
- |
| 26 |
-XML documents that are too deep can cause an stack overflow, which in |
| 27 |
-turn will cause a potential DoS attack. |
| 28 |
- |
| 29 |
-CVE-2015-3227 |
| 30 |
---- |
| 31 |
- activesupport/lib/active_support/xml_mini.rb | 3 +++ |
| 32 |
- activesupport/lib/active_support/xml_mini/jdom.rb | 11 ++++++----- |
| 33 |
- activesupport/lib/active_support/xml_mini/rexml.rb | 11 ++++++----- |
| 34 |
- 3 files changed, 15 insertions(+), 10 deletions(-) |
| 35 |
- |
| 36 |
-diff --git a/activesupport/lib/active_support/xml_mini.rb b/activesupport/lib/active_support/xml_mini.rb |
| 37 |
-index 009ee4d..df7b081 100644 |
| 38 |
---- a/activesupport/lib/active_support/xml_mini.rb |
| 39 |
-+++ b/activesupport/lib/active_support/xml_mini.rb |
| 40 |
-@@ -78,6 +78,9 @@ module ActiveSupport |
| 41 |
- ) |
| 42 |
- end |
| 43 |
- |
| 44 |
-+ attr_accessor :depth |
| 45 |
-+ self.depth = 100 |
| 46 |
-+ |
| 47 |
- delegate :parse, :to => :backend |
| 48 |
- |
| 49 |
- def backend |
| 50 |
-diff --git a/activesupport/lib/active_support/xml_mini/jdom.rb b/activesupport/lib/active_support/xml_mini/jdom.rb |
| 51 |
-index 27c64c4..cdc5490 100644 |
| 52 |
---- a/activesupport/lib/active_support/xml_mini/jdom.rb |
| 53 |
-+++ b/activesupport/lib/active_support/xml_mini/jdom.rb |
| 54 |
-@@ -46,7 +46,7 @@ module ActiveSupport |
| 55 |
- xml_string_reader = StringReader.new(data) |
| 56 |
- xml_input_source = InputSource.new(xml_string_reader) |
| 57 |
- doc = @dbf.new_document_builder.parse(xml_input_source) |
| 58 |
-- merge_element!({CONTENT_KEY => ''}, doc.document_element) |
| 59 |
-+ merge_element!({CONTENT_KEY => ''}, doc.document_element, XmlMini.depth) |
| 60 |
- end |
| 61 |
- end |
| 62 |
- |
| 63 |
-@@ -58,9 +58,10 @@ module ActiveSupport |
| 64 |
- # Hash to merge the converted element into. |
| 65 |
- # element:: |
| 66 |
- # XML element to merge into hash |
| 67 |
-- def merge_element!(hash, element) |
| 68 |
-+ def merge_element!(hash, element, depth) |
| 69 |
-+ raise 'Document too deep!' if depth == 0 |
| 70 |
- delete_empty(hash) |
| 71 |
-- merge!(hash, element.tag_name, collapse(element)) |
| 72 |
-+ merge!(hash, element.tag_name, collapse(element, depth)) |
| 73 |
- end |
| 74 |
- |
| 75 |
- def delete_empty(hash) |
| 76 |
-@@ -71,14 +72,14 @@ module ActiveSupport |
| 77 |
- # |
| 78 |
- # element:: |
| 79 |
- # The document element to be collapsed. |
| 80 |
-- def collapse(element) |
| 81 |
-+ def collapse(element, depth) |
| 82 |
- hash = get_attributes(element) |
| 83 |
- |
| 84 |
- child_nodes = element.child_nodes |
| 85 |
- if child_nodes.length > 0 |
| 86 |
- (0...child_nodes.length).each do |i| |
| 87 |
- child = child_nodes.item(i) |
| 88 |
-- merge_element!(hash, child) unless child.node_type == Node.TEXT_NODE |
| 89 |
-+ merge_element!(hash, child, depth - 1) unless child.node_type == Node.TEXT_NODE |
| 90 |
- end |
| 91 |
- merge_texts!(hash, element) unless empty_content?(element) |
| 92 |
- hash |
| 93 |
-diff --git a/activesupport/lib/active_support/xml_mini/rexml.rb b/activesupport/lib/active_support/xml_mini/rexml.rb |
| 94 |
-index 5c7c78b..924ed72 100644 |
| 95 |
---- a/activesupport/lib/active_support/xml_mini/rexml.rb |
| 96 |
-+++ b/activesupport/lib/active_support/xml_mini/rexml.rb |
| 97 |
-@@ -29,7 +29,7 @@ module ActiveSupport |
| 98 |
- doc = REXML::Document.new(data) |
| 99 |
- |
| 100 |
- if doc.root |
| 101 |
-- merge_element!({}, doc.root) |
| 102 |
-+ merge_element!({}, doc.root, XmlMini.depth) |
| 103 |
- else |
| 104 |
- raise REXML::ParseException, |
| 105 |
- "The document #{doc.to_s.inspect} does not have a valid root" |
| 106 |
-@@ -44,19 +44,20 @@ module ActiveSupport |
| 107 |
- # Hash to merge the converted element into. |
| 108 |
- # element:: |
| 109 |
- # XML element to merge into hash |
| 110 |
-- def merge_element!(hash, element) |
| 111 |
-- merge!(hash, element.name, collapse(element)) |
| 112 |
-+ def merge_element!(hash, element, depth) |
| 113 |
-+ raise REXML::ParseException, "The document is too deep" if depth == 0 |
| 114 |
-+ merge!(hash, element.name, collapse(element, depth)) |
| 115 |
- end |
| 116 |
- |
| 117 |
- # Actually converts an XML document element into a data structure. |
| 118 |
- # |
| 119 |
- # element:: |
| 120 |
- # The document element to be collapsed. |
| 121 |
-- def collapse(element) |
| 122 |
-+ def collapse(element, depth) |
| 123 |
- hash = get_attributes(element) |
| 124 |
- |
| 125 |
- if element.has_elements? |
| 126 |
-- element.each_element {|child| merge_element!(hash, child) } |
| 127 |
-+ element.each_element {|child| merge_element!(hash, child, depth - 1) } |
| 128 |
- merge_texts!(hash, element) unless empty_content?(element) |
| 129 |
- hash |
| 130 |
- else |
| 131 |
--- |
| 132 |
-2.2.1 |
| 133 |
- |
| 134 |
- |
| 135 |
\ No newline at end of file |
Archives