From 420d1637518c6edf2af9b6a23f3f0338517cebb6 Mon Sep 17 00:00:00 2001
From: zouzhimin <zouzhimin@kylinos.cn>
Date: Wed, 12 Jun 2024 04:20:06 +0800
Subject: [PATCH] fix CVE-2022-23633

---
 CVE-2022-23633-test.patch | 47 +++++++++++++++++++++++++++++++++++++++
 CVE-2022-23633.patch      | 32 ++++++++++++++++++++++++++
 rubygem-actionpack.spec   | 13 ++++++++++-
 3 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-23633-test.patch
 create mode 100644 CVE-2022-23633.patch

diff --git a/CVE-2022-23633-test.patch b/CVE-2022-23633-test.patch
new file mode 100644
index 0000000..b3230a0
--- /dev/null
+++ b/CVE-2022-23633-test.patch
@@ -0,0 +1,47 @@
+From 07d9600172a18b45791c89e95a642e13fc367545 Mon Sep 17 00:00:00 2001
+From: Jean Boussier <jean.boussier@gmail.com>
+Date: Fri, 11 Feb 2022 13:09:30 +0100
+Subject: [PATCH] ActionDispatch::Executor don't fully trust `body#close`
+
+Under certain circumstances, the middleware isn't informed that the
+response body has been fully closed which result in request state not
+being fully reset before the next request.
+
+[CVE-2022-23633]
+---
+diff --git a/actionpack/test/dispatch/executor_test.rb b/actionpack/test/dispatch/executor_test.rb
+index 5b8be39b6d..d0bf574009 100644
+--- a/actionpack/test/dispatch/executor_test.rb
++++ b/actionpack/test/dispatch/executor_test.rb
+@@ -119,6 +119,27 @@ def test_callbacks_execute_in_shared_context
+     assert_not defined?(@in_shared_context) # it's not in the test itself
+   end
+ 
++  def test_body_abandonned
++    total = 0
++    ran = 0
++    completed = 0
++
++    executor.to_run { total += 1; ran += 1 }
++    executor.to_complete { total += 1; completed += 1}
++
++    stack = middleware(proc { [200, {}, "response"] })
++
++    requests_count = 5
++
++    requests_count.times do
++      stack.call({})
++    end
++
++    assert_equal (requests_count * 2) - 1, total
++    assert_equal requests_count, ran
++    assert_equal requests_count - 1, completed
++  end
++
+   private
+     def call_and_return_body(&block)
+       app = middleware(block || proc { [200, {}, "response"] })
+ 
+-- 
+2.25.1
+
diff --git a/CVE-2022-23633.patch b/CVE-2022-23633.patch
new file mode 100644
index 0000000..8657e54
--- /dev/null
+++ b/CVE-2022-23633.patch
@@ -0,0 +1,32 @@
+From 07d9600172a18b45791c89e95a642e13fc367545 Mon Sep 17 00:00:00 2001
+From: Jean Boussier <jean.boussier@gmail.com>
+Date: Fri, 11 Feb 2022 13:09:30 +0100
+Subject: [PATCH] ActionDispatch::Executor don't fully trust `body#close`
+
+Under certain circumstances, the middleware isn't informed that the
+response body has been fully closed which result in request state not
+being fully reset before the next request.
+
+[CVE-2022-23633]
+---
+ .../action_dispatch/middleware/executor.rb    |  2 +-
+ actionpack/test/dispatch/executor_test.rb     | 21 ++++++++++++++
+ 2 files changed, 15 insertions(+), 1 deletions(-)
+
+diff --git a/actionpack/lib/action_dispatch/middleware/executor.rb b/actionpack/lib/action_dispatch/middleware/executor.rb
+index 129b18d3d9..a32f916260 100644
+--- a/actionpack/lib/action_dispatch/middleware/executor.rb
++++ b/actionpack/lib/action_dispatch/middleware/executor.rb
+@@ -9,7 +9,7 @@ def initialize(app, executor)
+     end
+ 
+     def call(env)
+-      state = @executor.run!
++      state = @executor.run!(reset: true)
+       begin
+         response = @app.call(env)
+         returned = response << ::Rack::BodyProxy.new(response.pop) { state.complete! }
+ 
+-- 
+2.25.1
+
diff --git a/rubygem-actionpack.spec b/rubygem-actionpack.spec
index 7cd50b4..100b5ba 100644
--- a/rubygem-actionpack.spec
+++ b/rubygem-actionpack.spec
@@ -4,7 +4,7 @@
 Name:		rubygem-%{gem_name}
 Epoch:		1
 Version:	6.1.4.1
-Release: 	5
+Release: 	6
 Summary: 	Web-flow and rendering framework putting the VC in MVC (part of Rails)
 License: 	MIT
 URL: 		http://rubyonrails.org
@@ -21,6 +21,9 @@ Patch4:         CVE-2023-22795.patch
 # https://github.com/rails/rails/commit/b329b261dd32a61316f2831788d6078ca0563ab6
 Patch5:         CVE-2024-28103.patch
 Patch6:         CVE-2024-28103-test.patch
+# https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545
+Patch3000:      CVE-2022-23633.patch
+Patch3001:      CVE-2022-23633-test.patch
 
 # Let's keep Requires and BuildRequires sorted alphabeticaly
 BuildRequires: 	ruby(release)
@@ -62,10 +65,12 @@ Documentation for %{name}.
 %patch2 -p2
 %patch4 -p2
 %patch5 -p2
+%patch3000 -p2
 pushd %{_builddir}
 %patch1 -p2
 %patch3 -p2
 %patch6 -p2
+%patch3001 -p2
 popd
 
 
@@ -109,6 +114,12 @@ popd
 %doc %{gem_instdir}/README.rdoc
 
 %changelog
+* Tue Jun 25 2024 zouzhimin <zouzhimin@kylinos.cn> - 1:6.1.4.1-6
+- Type:CVES
+- ID:CVE-2022-23633
+- SUG:NA
+- DESC:fix CVE-2022-23633
+
 * Thu Jun 06 2024 yaoxin <yao_xin001@hoperun.com> - 1:6.1.4.1-5
 - Fix CVE-2024-28103
 
-- 
Gitee