diff --git a/rubygem-actionpack-2.3.x-CVE-2009-4214.patch b/rubygem-actionpack-2.3.x-CVE-2009-4214.patch new file mode 100644 index 0000000..d180be8 --- /dev/null +++ b/rubygem-actionpack-2.3.x-CVE-2009-4214.patch @@ -0,0 +1,39 @@ +From bfe032858077bb2946abe25e95e485ba6da86bd5 Mon Sep 17 00:00:00 2001 +From: Gabe da Silveira +Date: Mon, 16 Nov 2009 21:17:35 -0800 +Subject: [PATCH] Make sure strip_tags removes tags which start with a non-printable character + +Signed-off-by: Michael Koziarski +--- + .../vendor/html-scanner/html/node.rb | 2 +- + .../test/controller/html-scanner/sanitizer_test.rb | 1 + + 2 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb +index 6c03316..0cd05d8 100644 +--- a/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb ++++ b/actionpack/lib/action_controller/vendor/html-scanner/html/node.rb +@@ -162,7 +162,7 @@ module HTML #:nodoc: + end + + closing = ( scanner.scan(/\//) ? :close : nil ) +- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/) ++ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/) + name.downcase! + + unless closing +diff --git a/actionpack/test/controller/html-scanner/sanitizer_test.rb b/actionpack/test/controller/html-scanner/sanitizer_test.rb +index e85a5c7..1923544 100644 +--- a/actionpack/test/controller/html-scanner/sanitizer_test.rb ++++ b/actionpack/test/controller/html-scanner/sanitizer_test.rb +@@ -19,6 +19,7 @@ class SanitizerTest < ActionController::TestCase + assert_equal "This has a here.", sanitizer.sanitize("This has a here.") + assert_equal "This has a here.", sanitizer.sanitize("This has a ]]> here.") + assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed ]] here...") ++ assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag") + [nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) } + end + +-- +1.6.0.1 + diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec index e811807..85ebc33 100644 --- a/rubygem-actionpack.spec +++ b/rubygem-actionpack.spec @@ -8,7 +8,7 @@ Summary: Web-flow and rendering framework putting the VC in MVC Name: rubygem-%{gemname} Epoch: 1 Version: 2.3.2 -Release: 3%{?dist} +Release: 4%{?dist} Group: Development/Languages License: MIT URL: http://www.rubyonrails.org @@ -17,6 +17,7 @@ Patch0: rubygem-actionpack-2.3.x-CVE-2009-3009.patch # Ticket #2200 upstream. see also: # https://rails.lighthouseapp.com/projects/8994/tickets/2200-session-support-broken#ticket-2200-23 Patch1: rubygem-actionpack-2.3.2-fix-reset_session.patch +Patch2: rubygem-actionpack-2.3.x-CVE-2009-4214.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: rubygems Requires: rubygem(activesupport) = %{version} @@ -42,6 +43,7 @@ gem install --local --install-dir %{buildroot}%{gemdir} \ pushd %{buildroot}%{geminstdir} patch -s -p2 < %{PATCH0} patch -s -p2 < %{PATCH1} +patch -s -p2 < %{PATCH2} popd # Remove backup files @@ -80,6 +82,9 @@ rm -rf %{buildroot} %changelog +* Thu Dec 10 2009 David Lutterkort - 1:2.3.2-4 +- Patch for CVE-2009-4214 (bz 542786) + * Wed Oct 21 2009 Jeroen van Meeuwen - 1:2.3.2-3 - Fix activerecord test for reset_session (#2200 upstream)