!7 [sync] PR-1: Fix CVE-2022-24839

From: @openeuler-sync-bot Reviewed-by: @jimmy_hero Signed-off-by: @jimmy_hero
2022-04-25 08:53:13 +00:00 · 2022-04-25 08:53:13 +00:00 · 25082e1c4a
commit 25082e1c4a
parent 3f2cb28de8 cba72f864f
2 changed files with 28 additions and 1 deletions
--- a/CVE-2022-24839.patch
+++ b/CVE-2022-24839.patch
@ -0,0 +1,22 @@
 From a800fce3b079def130ed42a408ff1d09f89e773d Mon Sep 17 00:00:00 2001
 From: Mike Dalessio <mike.dalessio@gmail.com>
 Date: Sun, 3 Apr 2022 19:03:39 -0400
 Subject: [PATCH] fix: ensure ill-formed PIs are parsed correctly
 ---
 src/org/cyberneko/html/HTMLScanner.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/org/cyberneko/html/HTMLScanner.java b/src/org/cyberneko/html/HTMLScanner.java
 index fe414a4..0519316 100644
 --- a/src/org/cyberneko/html/HTMLScanner.java
 +++ b/src/org/cyberneko/html/HTMLScanner.java
@@ -2588,7 +2588,7 @@ protected void scanPI() throws IOException {
                     if (c == '?' || c == '/') {
                         char c0 = (char)c;
                         c = fCurrentEntity.read();
 -                        if (c == '>') {
 +                        if (c == '>' || c == -1) {
                             break;
                         }
                         fStringBuffer.append(c0);
--- a/nekohtml.spec
+++ b/nekohtml.spec
@ -1,6 +1,6 @@
 Name:           nekohtml
 Version:        1.9.22
-Release:        8
+Release:        9
 Summary:        HTML scanner and tag balancer
 License:        ASL 2.0
 URL:            http://nekohtml.sourceforge.net/
@ -9,6 +9,8 @@ Source1:        http://central.maven.org/maven2/net/sourceforge/nekohtml/nekohtm
 Patch0:         0001-Crosslink-javadoc.patch
 Patch1:         0002-Jar-paths.patch
 Patch2:         0003-Add-OSGi-attributes.patch
 # https://github.com/sparklemotion/nekohtml/commit/a800fce
 Patch3:         CVE-2022-24839.patch
 Requires:       bcel xerces-j2 >= 0:2.7.1 xml-commons-apis
 BuildRequires:  javapackages-local ant ant-junit bcel xerces-j2 >= 0:2.7.1 xerces-j2-javadoc xml-commons-apis
 BuildArch:      noarch
@ -62,5 +64,8 @@ export CLASSPATH=$(build-classpath bcel xerces-j2 xml-commons-apis)
 %{_javadocdir}/%{name}
 %changelog
 * Sun Apr 24 2022 wangkai <wangkai385@h-partners.com> - 1.9.22-9
 - Fix CVE-2022-24839
 * Thu Dec 7 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.9.22-8
 - Package init