From cba72f864f24d1232699ad0b4750db2493703987 Mon Sep 17 00:00:00 2001
From: wk333 <13474090681@163.com>
Date: Sun, 24 Apr 2022 11:30:16 +0800
Subject: [PATCH] Fix CVE-2022-24839

(cherry picked from commit 7e407e2ee06e8338dbb4d8d67ac548452f98c70d)
---
 CVE-2022-24839.patch | 22 ++++++++++++++++++++++
 nekohtml.spec        |  7 ++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-24839.patch

diff --git a/CVE-2022-24839.patch b/CVE-2022-24839.patch
new file mode 100644
index 0000000..5f22e23
--- /dev/null
+++ b/CVE-2022-24839.patch
@@ -0,0 +1,22 @@
+From a800fce3b079def130ed42a408ff1d09f89e773d Mon Sep 17 00:00:00 2001
+From: Mike Dalessio <mike.dalessio@gmail.com>
+Date: Sun, 3 Apr 2022 19:03:39 -0400
+Subject: [PATCH] fix: ensure ill-formed PIs are parsed correctly
+
+---
+ src/org/cyberneko/html/HTMLScanner.java | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/org/cyberneko/html/HTMLScanner.java b/src/org/cyberneko/html/HTMLScanner.java
+index fe414a4..0519316 100644
+--- a/src/org/cyberneko/html/HTMLScanner.java
++++ b/src/org/cyberneko/html/HTMLScanner.java
+@@ -2588,7 +2588,7 @@ protected void scanPI() throws IOException {
+                     if (c == '?' || c == '/') {
+                         char c0 = (char)c;
+                         c = fCurrentEntity.read();
+-                        if (c == '>') {
++                        if (c == '>' || c == -1) {
+                             break;
+                         }
+                         fStringBuffer.append(c0);
diff --git a/nekohtml.spec b/nekohtml.spec
index 8b8a3a3..3cc1c39 100644
--- a/nekohtml.spec
+++ b/nekohtml.spec
@@ -1,6 +1,6 @@
 Name:           nekohtml
 Version:        1.9.22
-Release:        8
+Release:        9
 Summary:        HTML scanner and tag balancer
 License:        ASL 2.0
 URL:            http://nekohtml.sourceforge.net/
@@ -9,6 +9,8 @@ Source1:        http://central.maven.org/maven2/net/sourceforge/nekohtml/nekohtm
 Patch0:         0001-Crosslink-javadoc.patch
 Patch1:         0002-Jar-paths.patch
 Patch2:         0003-Add-OSGi-attributes.patch
+# https://github.com/sparklemotion/nekohtml/commit/a800fce
+Patch3:         CVE-2022-24839.patch
 Requires:       bcel xerces-j2 >= 0:2.7.1 xml-commons-apis
 BuildRequires:  javapackages-local ant ant-junit bcel xerces-j2 >= 0:2.7.1 xerces-j2-javadoc xml-commons-apis
 BuildArch:      noarch
@@ -62,5 +64,8 @@ export CLASSPATH=$(build-classpath bcel xerces-j2 xml-commons-apis)
 %{_javadocdir}/%{name}
 
 %changelog
+* Sun Apr 24 2022 wangkai <wangkai385@h-partners.com> - 1.9.22-9
+- Fix CVE-2022-24839
+
 * Thu Dec 7 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.22-8
 - Package init