From 67a708a4f5fdd51bb73e43c1f54e084208708e9f Mon Sep 17 00:00:00 2001
From: zouzhimin <zouzhimin@kylinos.cn>
Date: Mon, 1 Apr 2024 16:15:30 +0800
Subject: [PATCH 1/4] FIX CVE-2024-26141

(cherry picked from commit b4ffc46500cfbe094648af93930658c0331d2188)
---
 Fix-CVE-2024-26141.patch | 30 ++++++++++++++++++++++++++++++
 rubygem-rack.spec        | 13 +++++++++----
 2 files changed, 39 insertions(+), 4 deletions(-)
 create mode 100644 Fix-CVE-2024-26141.patch

diff --git a/Fix-CVE-2024-26141.patch b/Fix-CVE-2024-26141.patch
new file mode 100644
index 0000000..c388ec3
--- /dev/null
+++ b/Fix-CVE-2024-26141.patch
@@ -0,0 +1,30 @@
+From 72ecb3f4e05b2fc0a5073d23fd178686818eb958 Mon Sep 17 00:00:00 2001
+From: Aaron Patterson <tenderlove@ruby-lang.org>
+Date: Tue, 13 Feb 2024 13:34:34 -0800
+Subject: [PATCH] Return an empty array when ranges are too large
+
+If the sum of the requested ranges is larger than the file itself,
+return an empty array. In other words, refuse to respond with any bytes.
+
+[CVE-2024-26141]
+---
+ lib/rack/utils.rb | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
+index ca6182c..199312f 100644
+--- a/lib/rack/utils.rb
++++ b/lib/rack/utils.rb
+@@ -379,6 +379,9 @@ module Rack
+         end
+         ranges << (r0..r1)  if r0 <= r1
+       end
++
++      return [] if ranges.map(&:size).sum > size
++
+       ranges
+     end
+ 
+-- 
+2.43.0
+
diff --git a/rubygem-rack.spec b/rubygem-rack.spec
index 7bf9359..db370e9 100644
--- a/rubygem-rack.spec
+++ b/rubygem-rack.spec
@@ -4,13 +4,14 @@
 Name:    rubygem-%{gem_name}
 Version: 2.2.4
 Epoch:   1
-Release: 1
+Release: 2
 Summary: A modular Ruby webserver interface
 License: MIT and BSD
 URL:     https://rack.github.io/
 Source0: https://rubygems.org/downloads/%{gem_name}-%{version}.gem
 Patch0: 2-2-multipart-dos.patch 
 Patch1: 2-2-header-redos.patch
+Patch2: Fix-CVE-2024-26141.patch
 BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2
 BuildRequires: memcached rubygem(memcache-client) rubygem(minitest)
 BuildRequires: rubygem(memcache-client)
@@ -41,9 +42,7 @@ BuildArch: noarch
 Documentation for %{name}.
 
 %prep
-%setup -q -n %{gem_name}-%{version}
-%patch0 -p1
-%patch1 -p1
+%autosetup -n %{gem_name}-%{version} -p1 -S git
 
 %build
 gem build ../%{gem_name}-%{version}.gemspec
@@ -101,6 +100,12 @@ popd
 %doc %{gem_instdir}/contrib
 
 %changelog
+* Mon Apr 01 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.4-2
+- Type:CVES
+- ID:CVE-2024-26141
+- SUG:NA
+- DESC:CVE-2024-26141
+
 * Thu Aug 17 2023 wulei <wu_lei@hoperun.com> - 1:2.2.4-1
 - Upgrade to version 2.2.4
 
-- 
Gitee


From b45f2bf7a3c1a30eb7cf741f52b463bed480b3ef Mon Sep 17 00:00:00 2001
From: zouzhimin <zouzhimin@kylinos.cn>
Date: Mon, 1 Apr 2024 16:52:51 +0800
Subject: [PATCH 2/4] Fix CVE-2024-26146

(cherry picked from commit 5af5edd5c85af597c3c57e92885e96c2515fa079)
---
 Fix-CVE-2024-26146.patch | 30 ++++++++++++++++++++++++++++++
 rubygem-rack.spec        |  9 ++++++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 Fix-CVE-2024-26146.patch

diff --git a/Fix-CVE-2024-26146.patch b/Fix-CVE-2024-26146.patch
new file mode 100644
index 0000000..c1775b4
--- /dev/null
+++ b/Fix-CVE-2024-26146.patch
@@ -0,0 +1,30 @@
+From e4c117749ba24a66f8ec5a08eddf68deeb425ccd Mon Sep 17 00:00:00 2001
+From: Aaron Patterson <tenderlove@ruby-lang.org>
+Date: Wed, 21 Feb 2024 11:05:06 -0800
+Subject: [PATCH] Fixing ReDoS in header parsing
+
+Thanks svalkanov
+
+[CVE-2024-26146]
+---
+ lib/rack/utils.rb | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/rack/utils.rb b/lib/rack/utils.rb
+index c8e61ea1..0ed64b7a 100644
+--- a/lib/rack/utils.rb
++++ b/lib/rack/utils.rb
+@@ -142,8 +142,8 @@ module Rack
+     end
+ 
+     def q_values(q_value_header)
+-      q_value_header.to_s.split(/\s*,\s*/).map do |part|
+-        value, parameters = part.split(/\s*;\s*/, 2)
++      q_value_header.to_s.split(',').map do |part|
++        value, parameters = part.split(';', 2).map(&:strip)
+         quality = 1.0
+         if parameters && (md = /\Aq=([\d.]+)/.match(parameters))
+           quality = md[1].to_f
+-- 
+2.25.1
+
diff --git a/rubygem-rack.spec b/rubygem-rack.spec
index db370e9..d3ae563 100644
--- a/rubygem-rack.spec
+++ b/rubygem-rack.spec
@@ -4,7 +4,7 @@
 Name:    rubygem-%{gem_name}
 Version: 2.2.4
 Epoch:   1
-Release: 2
+Release: 3
 Summary: A modular Ruby webserver interface
 License: MIT and BSD
 URL:     https://rack.github.io/
@@ -12,6 +12,7 @@ Source0: https://rubygems.org/downloads/%{gem_name}-%{version}.gem
 Patch0: 2-2-multipart-dos.patch 
 Patch1: 2-2-header-redos.patch
 Patch2: Fix-CVE-2024-26141.patch
+Patch3: Fix-CVE-2024-26146.patch
 BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2
 BuildRequires: memcached rubygem(memcache-client) rubygem(minitest)
 BuildRequires: rubygem(memcache-client)
@@ -100,6 +101,12 @@ popd
 %doc %{gem_instdir}/contrib
 
 %changelog
+* Tue Apr 02 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.4-3
+- Type:CVES
+- ID:CVE-2024-26146
+- SUG:NA
+- DESC:CVE-2024-26146
+
 * Mon Apr 01 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.4-2
 - Type:CVES
 - ID:CVE-2024-26141
-- 
Gitee


From a386b697586075dd3cd99e3a83cdbb7960210770 Mon Sep 17 00:00:00 2001
From: zouzhimin <zouzhimin@kylinos.cn>
Date: Mon, 1 Apr 2024 17:19:09 +0800
Subject: [PATCH 3/4] Fix CVE-2024-25126

(cherry picked from commit c4458441c9e78e84e2843ea84174abd6069108e1)
---
 Fix-CVE-2024-25126.patch | 51 ++++++++++++++++++++++++++++++++++++++++
 rubygem-rack.spec        |  9 ++++++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 Fix-CVE-2024-25126.patch

diff --git a/Fix-CVE-2024-25126.patch b/Fix-CVE-2024-25126.patch
new file mode 100644
index 0000000..4acac33
--- /dev/null
+++ b/Fix-CVE-2024-25126.patch
@@ -0,0 +1,51 @@
+From d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 Mon Sep 17 00:00:00 2001
+From: Jean Boussier <jean.boussier@gmail.com>
+Date: Wed, 6 Dec 2023 18:32:19 +0100
+Subject: [PATCH] Avoid 2nd degree polynomial regexp in MediaType
+
+---
+ lib/rack/media_type.rb | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/lib/rack/media_type.rb b/lib/rack/media_type.rb
+index 41937c99..7fc1e39d 100644
+--- a/lib/rack/media_type.rb
++++ b/lib/rack/media_type.rb
+@@ -4,7 +4,7 @@ module Rack
+   # Rack::MediaType parse media type and parameters out of content_type string
+ 
+   class MediaType
+-    SPLIT_PATTERN = %r{\s*[;,]\s*}
++    SPLIT_PATTERN = /[;,]/
+ 
+     class << self
+       # The media type (type/subtype) portion of the CONTENT_TYPE header
+@@ -15,7 +15,11 @@ module Rack
+       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
+       def type(content_type)
+         return nil unless content_type
+-        content_type.split(SPLIT_PATTERN, 2).first.tap &:downcase!
++        if type = content_type.split(SPLIT_PATTERN, 2).first
++          type.rstrip!
++          type.downcase!
++          type
++        end
+       end
+ 
+       # The media type parameters provided in CONTENT_TYPE as a Hash, or
+@@ -27,9 +31,10 @@ module Rack
+         return {} if content_type.nil?
+ 
+         content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
++          s.strip!
+           k, v = s.split('=', 2)
+-
+-          hsh[k.tap(&:downcase!)] = strip_doublequotes(v)
++          k.downcase!
++          hsh[k] = strip_doublequotes(v)
+         end
+       end
+ 
+-- 
+2.25.1
+
diff --git a/rubygem-rack.spec b/rubygem-rack.spec
index d3ae563..1ef8660 100644
--- a/rubygem-rack.spec
+++ b/rubygem-rack.spec
@@ -4,7 +4,7 @@
 Name:    rubygem-%{gem_name}
 Version: 2.2.4
 Epoch:   1
-Release: 3
+Release: 4
 Summary: A modular Ruby webserver interface
 License: MIT and BSD
 URL:     https://rack.github.io/
@@ -13,6 +13,7 @@ Patch0: 2-2-multipart-dos.patch
 Patch1: 2-2-header-redos.patch
 Patch2: Fix-CVE-2024-26141.patch
 Patch3: Fix-CVE-2024-26146.patch
+Patch4: Fix-CVE-2024-25126.patch
 BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2
 BuildRequires: memcached rubygem(memcache-client) rubygem(minitest)
 BuildRequires: rubygem(memcache-client)
@@ -101,6 +102,12 @@ popd
 %doc %{gem_instdir}/contrib
 
 %changelog
+* Tue Apr 02 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.4-4
+- Type:CVES
+- ID:CVE-2024-25126
+- SUG:NA
+- DESC:CVE-2024-25126
+
 * Tue Apr 02 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.4-3
 - Type:CVES
 - ID:CVE-2024-26146
-- 
Gitee


From 45a92e6cc71cb47d00b9dd4561257041bd2b4b2e Mon Sep 17 00:00:00 2001
From: panchenbo <panchenbo@kylinsec.com.cn>
Date: Sun, 7 Apr 2024 14:33:10 +0800
Subject: [PATCH 4/4] add BuildRequires: git

---
 rubygem-rack.spec | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/rubygem-rack.spec b/rubygem-rack.spec
index 1ef8660..20c60a7 100644
--- a/rubygem-rack.spec
+++ b/rubygem-rack.spec
@@ -4,7 +4,7 @@
 Name:    rubygem-%{gem_name}
 Version: 2.2.4
 Epoch:   1
-Release: 4
+Release: 5
 Summary: A modular Ruby webserver interface
 License: MIT and BSD
 URL:     https://rack.github.io/
@@ -14,7 +14,7 @@ Patch1: 2-2-header-redos.patch
 Patch2: Fix-CVE-2024-26141.patch
 Patch3: Fix-CVE-2024-26146.patch
 Patch4: Fix-CVE-2024-25126.patch
-BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2
+BuildRequires: ruby(release) rubygems-devel ruby >= 2.2.2 git
 BuildRequires: memcached rubygem(memcache-client) rubygem(minitest)
 BuildRequires: rubygem(memcache-client)
 BuildRequires: rubygem(minitest)
@@ -102,6 +102,12 @@ popd
 %doc %{gem_instdir}/contrib
 
 %changelog
+* Sun Apr 07 2024 panchenbo <panchenbo@kylinsec.com.cn> - 1:2.2.4-5
+- Type: Bugfix
+- ID:NA
+- SUG:NA
+- DESC:add BuildRequires: git
+
 * Tue Apr 02 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:2.2.4-4
 - Type:CVES
 - ID:CVE-2024-25126
-- 
Gitee