From 78ca651997b43ad1ad4a62e9bf747b0ef9e4147c Mon Sep 17 00:00:00 2001
From: peng2285 <jiangpeng01@ncti-gba.cn>
Date: Tue, 14 Feb 2023 14:52:21 +0800
Subject: [PATCH 1/2] fix CVE-2023-22797

	modified:   rubygem-actionpack.spec

	new file:   CVE-2023-22797.patch
	modified:   rubygem-actionpack.spec

	new file:   CVE-2023-22797.patch
	modified:   rubygem-actionpack.spec
---
 .C.swp                  | Bin 0 -> 12288 bytes
 CVE-2023-22797.patch    |  32 ++++++++++++++++++++++++++++++++
 rubygem-actionpack.spec |   9 +++++++--
 3 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 .C.swp
 create mode 100644 CVE-2023-22797.patch

diff --git a/.C.swp b/.C.swp
new file mode 100644
index 0000000000000000000000000000000000000000..11c6ee84848fc50dd76e2c8acfb69dda672c0b60
GIT binary patch
literal 12288
zcmeI%u?~VT5P;$0ZZ!G=sI!2$xH~yG;%aI!YE(+FnmG9|K9&#S;3BAO;KZQGe@Q8Y
z+~xXhO&8v5GPOsJFVbjck9S<}mPoWV`TE<u(@O5v`e2;bTd4PP6BQ)5IySC4E#2g}
zIIoubzEozTqgbl#eBh1?GWdi50@VrBgP}k0vU<I4$8NWR>Pk}y0R#|0009ILKmY**
zeqO-Dmbj!{);^tDCG*d3ga#2n009ILKmY**5I_I{1Q0-=R6vG8+!{hW(vjW&=jZ>|
fx-^R)2q1s}0tg_000IagfB*srAn+#wDh=@j1|%YO

literal 0
HcmV?d00001

diff --git a/CVE-2023-22797.patch b/CVE-2023-22797.patch
new file mode 100644
index 0000000..e5a9b98
--- /dev/null
+++ b/CVE-2023-22797.patch
@@ -0,0 +1,32 @@
+From e50e26d7a9f4a1e4fb5ef2538c30b2b5cc81bd92 Mon Sep 17 00:00:00 2001
+From: wonda-tea-coffee <lagrange.resolvent@gmail.com>
+Date: Mon, 5 Dec 2022 12:27:15 +0000
+Subject: [PATCH] Fix sec issue with _url_host_allowed?
+
+Disallow certain strings from `_url_host_allowed?` to avoid a redirect
+to malicious sites.
+
+[CVE-2023-22797]
+---
+ .../action_controller/metal/redirecting.rb    |  6 ++-
+ actionpack/test/controller/redirect_test.rb   | 38 +++++++++++++++++++
+ 2 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb
+index 721d5d3279..0ae6a48748 100644
+--- a/actionpack/lib/action_controller/metal/redirecting.rb
++++ b/actionpack/lib/action_controller/metal/redirecting.rb
+@@ -196,7 +196,11 @@ def _enforce_open_redirect_protection(location, allow_other_host:)
+ 
+       def _url_host_allowed?(url)
+         host = URI(url.to_s).host
+-        host == request.host || host.nil? && url.to_s.start_with?("/")
++
++        return true if host == request.host
++        return false unless host.nil?
++        return false unless url.to_s.start_with?("/")
++        return !url.to_s.start_with?("//")
+       rescue ArgumentError, URI::Error
+         false
+       end
+
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index 80b69dc..a461e69 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -4,7 +4,7 @@
 Name:		rubygem-%{gem_name}
 Epoch:		1
 Version:	7.0.4
-Release: 	1
+Release: 	2
 Summary: 	Web-flow and rendering framework putting the VC in MVC (part of Rails)
 License: 	MIT
 URL: 		http://rubyonrails.org
@@ -22,6 +22,7 @@ Source2: 	rails-%{version}-tools.txz
 # Fixes for Minitest 5.16+
 # https://github.com/rails/rails/pull/45370
 Patch0: rubygem-actionpack-7.0.2.3-Fix-tests-for-minitest-5.16.patch
+Patch1: CVE-2023-22797.patch
 
 # Let's keep Requires and BuildRequires sorted alphabeticaly
 BuildRequires: 	ruby(release)
@@ -62,6 +63,7 @@ Documentation for %{name}.
 
 pushd %{_builddir}
 %patch0 -p2
+%patch1 -p2
 popd
 
 %build
@@ -104,13 +106,16 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Tue Feb 14 2023 jiangpeng <jiangpeng01@ncti-gba.cn> - 1:7.0.4-2
+- Fix CVE-2023-22797
+
 * Fri Jan 20 2023 wangkai <wangkai385@h-partners.com> - 1:7.0.4-1
 - Upgrade to version 7.0.4
 
 * Thu Jun 30 2022 houyingchao <houyingchao@h-partners.com> - 1:6.1.4.1-2
 - Fix compilation failed
 
-* Thu May 03 2022 wangkerong <wangkerong@h-partners.com>- 6.1.4.1-1
+* Tue May 03 2022 wangkerong <wangkerong@h-partners.com>- 6.1.4.1-1
 - Upgrade to 6.1.4.1
 
 * Mon Jun 28 2021 wangyue<wangyue92@huawei.com> - 5.2.4.4-3
-- 
Gitee


From a6264f0ec0df2b1480a16e5a005d18ec7fa0f00c Mon Sep 17 00:00:00 2001
From: peng2285 <jiangpeng01@ncti-gba.cn>
Date: Mon, 20 Feb 2023 06:55:21 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20.C.s?=
 =?UTF-8?q?wp?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .C.swp | Bin 12288 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 .C.swp

diff --git a/.C.swp b/.C.swp
deleted file mode 100644
index 11c6ee84848fc50dd76e2c8acfb69dda672c0b60..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 12288
zcmeI%u?~VT5P;$0ZZ!G=sI!2$xH~yG;%aI!YE(+FnmG9|K9&#S;3BAO;KZQGe@Q8Y
z+~xXhO&8v5GPOsJFVbjck9S<}mPoWV`TE<u(@O5v`e2;bTd4PP6BQ)5IySC4E#2g}
zIIoubzEozTqgbl#eBh1?GWdi50@VrBgP}k0vU<I4$8NWR>Pk}y0R#|0009ILKmY**
zeqO-Dmbj!{);^tDCG*d3ga#2n009ILKmY**5I_I{1Q0-=R6vG8+!{hW(vjW&=jZ>|
fx-^R)2q1s}0tg_000IagfB*srAn+#wDh=@j1|%YO

-- 
Gitee