rpms
/
rubygem-redcarpet
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bacckport upstream patch for CVE-2020-26298 (bug 1915370)

Browse Source
f38 imports/e9/rubygem-redcarpet-3.3.2-26.el9
Mamoru TASAKA 2 years ago
parent 8d17959621
commit 0bc4066bad
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File

56
redcarpet-3.3.2-CVE-2020-26298.patch
Unescape View File

@ -0,0 +1,56 @@
From a699c82292b17c8e6a62e1914d5eccc252272793 Mon Sep 17 00:00:00 2001
From: Robin Dupret <robin.dupret@hey.com>
Date: Tue, 15 Dec 2020 20:57:32 +0100
Subject: [PATCH] Fix a security issue using `:quote` with `:escape_html`
Reported by @johan-smits.
---
CHANGELOG.md | 7 +++++++
ext/redcarpet/html.c | 9 ++++++++-
lib/redcarpet.rb | 2 +-
redcarpet.gemspec | 4 ++--
test/markdown_test.rb | 10 ++++++++++
5 files changed, 28 insertions(+), 4 deletions(-)
diff --git a/ext/redcarpet/html.c b/ext/redcarpet/html.c
index 805ddd8e..785f780f 100644
--- a/ext/redcarpet/html.c
+++ b/ext/redcarpet/html.c
@@ -255,8 +255,15 @@ rndr_quote(struct buf *ob, const struct buf *text, void *opaque)
if (!text || !text->size)
return 0;
+ struct html_renderopt *options = opaque;
+
BUFPUTSL(ob, "<q>");
- bufput(ob, text->data, text->size);
+
+ if (options->flags & HTML_ESCAPE)
+ escape_html(ob, text->data, text->size);
+ else
+ bufput(ob, text->data, text->size);
+
BUFPUTSL(ob, "</q>");
return 1;
diff --git a/test/markdown_test.rb b/test/markdown_test.rb
index 4347be9b..68de1255 100644
--- a/test/markdown_test.rb
+++ b/test/markdown_test.rb
@@ -220,6 +220,16 @@ def test_quote_flag_works
assert output.include? '<q>quote</q>'
end
+ def test_quote_flag_honors_escape_html
+ text = 'We are not "<svg/onload=pwned>"'
+
+ output_enabled = render(text, with: [:quote, :escape_html])
+ output_disabled = render(text, with: [:quote])
+
+ assert_equal "<p>We are not <q>&lt;svg/onload=pwned&gt;</q></p>\n", output_enabled
+ assert_equal "<p>We are not <q><svg/onload=pwned></q></p>\n", output_disabled
+ end
+
def test_that_fenced_flag_works
text = <<fenced
This is a simple test

14
rubygem-redcarpet.spec
Unescape View File

@ -2,13 +2,21 @@
Name: rubygem-%{gem_name} Name: rubygem-%{gem_name}
Version: 3.3.2 Version: 3.3.2
Release: 25%{?dist} Release: 26%{?dist}
Summary: A fast, safe and extensible Markdown to (X)HTML parser Summary: A fast, safe and extensible Markdown to (X)HTML parser
# https://github.com/vmg/redcarpet/issues/502 # https://github.com/vmg/redcarpet/issues/502
License: MIT and ISC License: MIT and ISC
URL: http://github.com/vmg/redcarpet URL: http://github.com/vmg/redcarpet
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
# https://github.com/advisories/GHSA-q3wr-qw3g-3p4h
# https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793
# https://nvd.nist.gov/vuln/detail/CVE-2020-26298
# Fix a security issue using :quote with :escape_html
# Fixed in 3.5.1
# A bit modified for 3.3.2
# Note that 14942b4f5ef8dbaeeff8d9212f098391d7c1fbdc does chomp, reverting this
Patch0: %{gem_name}-3.3.2-CVE-2020-26298.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: ruby(release) BuildRequires: ruby(release)
@ -29,6 +37,7 @@ Documentation for %{name}.
%prep %prep
%setup -q -n %{gem_name}-%{version} %setup -q -n %{gem_name}-%{version}
%patch -P0 -p1
%build %build
gem build ../%{gem_name}-%{version}.gemspec gem build ../%{gem_name}-%{version}.gemspec
@ -87,6 +96,9 @@ popd
%changelog %changelog
* Sun Apr 30 2023 Mamoru TASAKA <mtasaka@fedoraproject.org> - 3.3.2-26
- Bacckport upstream patch for CVE-2020-26298 (bug 1915370)
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.2-25 * Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.2-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

Write Preview
Loading…
Cancel
Save