From 487c9d89d44c2f1dee1d9d0f8d3fa01cea063cf5 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Sun, 24 Apr 2022 11:02:02 +0800
Subject: [PATCH] Fix CVE-2022-24836

---
 CVE-2022-24836.patch  | 23 +++++++++++++++++++++++
 rubygem-nokogiri.spec |  8 +++++++-
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-24836.patch

diff --git a/CVE-2022-24836.patch b/CVE-2022-24836.patch
new file mode 100644
index 0000000..5c27301
--- /dev/null
+++ b/CVE-2022-24836.patch
@@ -0,0 +1,23 @@
+From e444525ef1634b675cd1cf52d39f4320ef0aecfd Mon Sep 17 00:00:00 2001
+From: Mike Dalessio <mike.dalessio@gmail.com>
+Date: Sun, 10 Apr 2022 14:42:04 -0400
+Subject: [PATCH] fix(perf): HTML4::EncodingReader detection
+
+---
+ lib/nokogiri/html4/document.rb       |  2 +-
+ test/html4/test_document_encoding.rb | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/lib/nokogiri/html4/document.rb b/lib/nokogiri/html4/document.rb
+index 177efc04f..fbc22d207 100644
+--- a/lib/nokogiri/html4/document.rb
++++ b/lib/nokogiri/html4/document.rb
+@@ -268,7 +268,7 @@ def start_element(name, attrs = [])
+         end
+ 
+         def self.detect_encoding(chunk)
+-          (m = chunk.match(/\A(<\?xml[ \t\r\n]+[^>]*>)/)) &&
++          (m = chunk.match(/\A(<\?xml[ \t\r\n][^>]*>)/)) &&
+             (return Nokogiri.XML(m[1]).encoding)
+ 
+           if Nokogiri.jruby?
diff --git a/rubygem-nokogiri.spec b/rubygem-nokogiri.spec
index c028bee..d49c520 100644
--- a/rubygem-nokogiri.spec
+++ b/rubygem-nokogiri.spec
@@ -7,7 +7,7 @@
 Summary:	An HTML, XML, SAX, and Reader parser
 Name:		rubygem-%{gem_name}
 Version:	%{mainver}
-Release:	1
+Release:	2
 License:	MIT and ASL 2.0
 URL:		https://nokogiri.org
 Source0:	https://rubygems.org/gems/%{gem_name}-%{mainver}%{?prever}.gem
@@ -15,6 +15,8 @@ Source1:        rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
 Source2:        rubygem-%{gem_name}-%{version}%{?prever}-full.tar.gz
 # Shut down libxml2 version unmatching warning
 Patch0:	        %{name}-1.11.0.rc4-shutdown-libxml2-warning.patch
+# https://github.com/sparklemotion/nokogiri/commit/e444525
+Patch1:         CVE-2022-24836.patch
 BuildRequires:  ruby(release) 	ruby(rubygems) 	rubygem(minitest) 	rubygems-devel
 Obsoletes:      ruby-%{gem_name} <= 1.5.2-2
 BuildRequires:  gcc libxml2-devel libxslt-devel ruby-devel glibc-all-langpacks rubygem(racc)
@@ -52,6 +54,7 @@ This package provides non-Gem support for %{gem_name}.
 %setup -q -n %{gem_name}-%{version} -a 1
 mv ../%{gem_name}-%{version}.gemspec .
 %patch0 -p1
+%patch1 -p1
 sed -i \
 	-e 's|, "ports/archives/[^"][^"]*"||g' \
 	-e 's|, "ports/patches/[^"][^"]*"||g' \
@@ -163,6 +166,9 @@ popd
 %{gem_dir}/doc/%{gem_name}-%{mainver}%{?prever}/
 
 %changelog
+* Sun Apr 24 2022 wangkai <wangkai385@h-partners.com> - 1.13.1-2
+- Fix CVE-2022-24836
+
 * Tue Mar 29 2022 liyanan <liyanan32@huawei.com> - 1.13.1-1
 - update to 1.13.1
 
-- 
Gitee