1 |
commit: 0ab47c621f6211b455352604a9c776bbc4f601ba |
2 |
Author: Michael Mair-Keimberger (asterix) <m.mairkeimberger <AT> gmail <DOT> com> |
3 |
AuthorDate: Mon Aug 7 15:56:04 2017 +0000 |
4 |
Commit: Patrice Clement <monsieurp <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Aug 9 06:21:13 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ab47c62 |
7 |
|
8 |
dev-ruby/activesupport: remove unused patch. |
9 |
|
10 |
Closes: https://github.com/gentoo/gentoo/pull/5338 |
11 |
|
12 |
dev-ruby/activesupport/files/4-1-xml_depth.patch | 114 ----------------------- |
13 |
1 file changed, 114 deletions(-) |
14 |
|
15 |
diff --git a/dev-ruby/activesupport/files/4-1-xml_depth.patch b/dev-ruby/activesupport/files/4-1-xml_depth.patch |
16 |
deleted file mode 100644 |
17 |
index 29bc4d2ec72..00000000000 |
18 |
--- a/dev-ruby/activesupport/files/4-1-xml_depth.patch |
19 |
+++ /dev/null |
20 |
@@ -1,114 +0,0 @@ |
21 |
-From eb4f1d6a02e9557b97cdbed76157dc5a625cdb82 Mon Sep 17 00:00:00 2001 |
22 |
-From: Aaron Patterson <aaron.patterson@×××××.com> |
23 |
-Date: Tue, 9 Jun 2015 11:24:25 -0700 |
24 |
-Subject: [PATCH] enforce a depth limit on XML documents |
25 |
- |
26 |
-XML documents that are too deep can cause an stack overflow, which in |
27 |
-turn will cause a potential DoS attack. |
28 |
- |
29 |
-CVE-2015-3227 |
30 |
---- |
31 |
- activesupport/lib/active_support/xml_mini.rb | 3 +++ |
32 |
- activesupport/lib/active_support/xml_mini/jdom.rb | 11 ++++++----- |
33 |
- activesupport/lib/active_support/xml_mini/rexml.rb | 11 ++++++----- |
34 |
- 3 files changed, 15 insertions(+), 10 deletions(-) |
35 |
- |
36 |
-diff --git a/activesupport/lib/active_support/xml_mini.rb b/activesupport/lib/active_support/xml_mini.rb |
37 |
-index 009ee4d..df7b081 100644 |
38 |
---- a/activesupport/lib/active_support/xml_mini.rb |
39 |
-+++ b/activesupport/lib/active_support/xml_mini.rb |
40 |
-@@ -78,6 +78,9 @@ module ActiveSupport |
41 |
- ) |
42 |
- end |
43 |
- |
44 |
-+ attr_accessor :depth |
45 |
-+ self.depth = 100 |
46 |
-+ |
47 |
- delegate :parse, :to => :backend |
48 |
- |
49 |
- def backend |
50 |
-diff --git a/activesupport/lib/active_support/xml_mini/jdom.rb b/activesupport/lib/active_support/xml_mini/jdom.rb |
51 |
-index 27c64c4..cdc5490 100644 |
52 |
---- a/activesupport/lib/active_support/xml_mini/jdom.rb |
53 |
-+++ b/activesupport/lib/active_support/xml_mini/jdom.rb |
54 |
-@@ -46,7 +46,7 @@ module ActiveSupport |
55 |
- xml_string_reader = StringReader.new(data) |
56 |
- xml_input_source = InputSource.new(xml_string_reader) |
57 |
- doc = @dbf.new_document_builder.parse(xml_input_source) |
58 |
-- merge_element!({CONTENT_KEY => ''}, doc.document_element) |
59 |
-+ merge_element!({CONTENT_KEY => ''}, doc.document_element, XmlMini.depth) |
60 |
- end |
61 |
- end |
62 |
- |
63 |
-@@ -58,9 +58,10 @@ module ActiveSupport |
64 |
- # Hash to merge the converted element into. |
65 |
- # element:: |
66 |
- # XML element to merge into hash |
67 |
-- def merge_element!(hash, element) |
68 |
-+ def merge_element!(hash, element, depth) |
69 |
-+ raise 'Document too deep!' if depth == 0 |
70 |
- delete_empty(hash) |
71 |
-- merge!(hash, element.tag_name, collapse(element)) |
72 |
-+ merge!(hash, element.tag_name, collapse(element, depth)) |
73 |
- end |
74 |
- |
75 |
- def delete_empty(hash) |
76 |
-@@ -71,14 +72,14 @@ module ActiveSupport |
77 |
- # |
78 |
- # element:: |
79 |
- # The document element to be collapsed. |
80 |
-- def collapse(element) |
81 |
-+ def collapse(element, depth) |
82 |
- hash = get_attributes(element) |
83 |
- |
84 |
- child_nodes = element.child_nodes |
85 |
- if child_nodes.length > 0 |
86 |
- (0...child_nodes.length).each do |i| |
87 |
- child = child_nodes.item(i) |
88 |
-- merge_element!(hash, child) unless child.node_type == Node.TEXT_NODE |
89 |
-+ merge_element!(hash, child, depth - 1) unless child.node_type == Node.TEXT_NODE |
90 |
- end |
91 |
- merge_texts!(hash, element) unless empty_content?(element) |
92 |
- hash |
93 |
-diff --git a/activesupport/lib/active_support/xml_mini/rexml.rb b/activesupport/lib/active_support/xml_mini/rexml.rb |
94 |
-index 5c7c78b..924ed72 100644 |
95 |
---- a/activesupport/lib/active_support/xml_mini/rexml.rb |
96 |
-+++ b/activesupport/lib/active_support/xml_mini/rexml.rb |
97 |
-@@ -29,7 +29,7 @@ module ActiveSupport |
98 |
- doc = REXML::Document.new(data) |
99 |
- |
100 |
- if doc.root |
101 |
-- merge_element!({}, doc.root) |
102 |
-+ merge_element!({}, doc.root, XmlMini.depth) |
103 |
- else |
104 |
- raise REXML::ParseException, |
105 |
- "The document #{doc.to_s.inspect} does not have a valid root" |
106 |
-@@ -44,19 +44,20 @@ module ActiveSupport |
107 |
- # Hash to merge the converted element into. |
108 |
- # element:: |
109 |
- # XML element to merge into hash |
110 |
-- def merge_element!(hash, element) |
111 |
-- merge!(hash, element.name, collapse(element)) |
112 |
-+ def merge_element!(hash, element, depth) |
113 |
-+ raise REXML::ParseException, "The document is too deep" if depth == 0 |
114 |
-+ merge!(hash, element.name, collapse(element, depth)) |
115 |
- end |
116 |
- |
117 |
- # Actually converts an XML document element into a data structure. |
118 |
- # |
119 |
- # element:: |
120 |
- # The document element to be collapsed. |
121 |
-- def collapse(element) |
122 |
-+ def collapse(element, depth) |
123 |
- hash = get_attributes(element) |
124 |
- |
125 |
- if element.has_elements? |
126 |
-- element.each_element {|child| merge_element!(hash, child) } |
127 |
-+ element.each_element {|child| merge_element!(hash, child, depth - 1) } |
128 |
- merge_texts!(hash, element) unless empty_content?(element) |
129 |
- hash |
130 |
- else |
131 |
--- |
132 |
-2.2.1 |
133 |
- |
134 |
- |
135 |
\ No newline at end of file |