poky/meta/recipes-devtools/ruby/ruby/CVE-2024-39908-0007.patch

From 9f1415a2616c77cad44a176eee90e8457b4774b6 Mon Sep 17 00:00:00 2001
From: Watson <watson1978@gmail.com>
Date: Tue, 16 Jul 2024 11:04:40 +0900
Subject: [PATCH] Fix performance issue caused by using repeated `>` characters
 inside `CDATA [ PAYLOAD ]` (#172)

A `<` is treated as a string delimiter.
In certain cases, if `<` is used in succession, read and match are
repeated, which slows down the process. Therefore, the following is used
to read ahead to a specific part of the string in advance.

CVE: CVE-2024-39908

Upstream-Status: Backport [https://github.com/ruby/rexml/commit/9f1415a2616c77cad44a176eee90e8457b4774b6]

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
---
 .bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
index 81753ad..c907f8c 100644
--- a/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
+++ b/.bundle/gems/rexml-3.2.5/lib/rexml/parsers/baseparser.rb
@@ -127,6 +127,7 @@ module REXML
         INSTRUCTION_END = /#{NAME}(\s+.*?)?\?>/um
         INSTRUCTION_TERM = "?>"
         COMMENT_TERM = "-->"
+        CDATA_TERM = "]]>"
         TAG_PATTERN = /((?>#{QNAME_STR}))\s*/um
         CLOSE_PATTERN = /(#{QNAME_STR})\s*>/um
         ATTLISTDECL_END = /\s+#{NAME}(?:#{ATTDEF})*\s*>/um
@@ -416,7 +417,7 @@ module REXML
 
                 return [ :comment, md[1] ] if md
               else
-                md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true)
+                md = @source.match(/\[CDATA\[(.*?)\]\]>/um, true, term: Private::CDATA_TERM)
                 return [ :cdata, md[1] ] if md
               end
               raise REXML::ParseException.new( "Declarations can only occur "+
-- 
2.40.0