fix CVE-2021-28965

backport-0002-CVE-2021-28965.patch

@@ -0,0 +1,94 @@
+From b7f19dd8419aa10c8bc3dfb8181a2caafe0d81d9 Mon Sep 17 00:00:00 2001
+From: usa <usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Mon, 5 Apr 2021 11:46:23 +0000
+Subject: [PATCH] Oops, forgotten to add
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67938 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+---
+ test/rexml/parse/test_element.rb | 77 ++++++++++++++++++++++++++++++++
+ 1 file changed, 77 insertions(+)
+ create mode 100644 test/rexml/parse/test_element.rb
+
+diff --git a/test/rexml/parse/test_element.rb b/test/rexml/parse/test_element.rb
+new file mode 100644
+index 000000000000..e8dce4b99718
+--- /dev/null
++++ b/test/rexml/parse/test_element.rb
+@@ -0,0 +1,77 @@
++require "test/unit"
++require "rexml/document"
++
++module REXMLTests
++  class TestParseElement < Test::Unit::TestCase
++    def parse(xml)
++      REXML::Document.new(xml)
++    end
++
++    class TestInvalid < self
++      def test_top_level_end_tag
++        exception = assert_raise(REXML::ParseException) do
++          parse("</a>")
++        end
++        assert_equal(<<-DETAIL.chomp, exception.to_s)
++Unexpected top-level end tag (got 'a')
++Line: 1
++Position: 4
++Last 80 unconsumed characters:
++
++        DETAIL
++      end
++
++      def test_no_end_tag
++        exception = assert_raise(REXML::ParseException) do
++          parse("<a></")
++        end
++        assert_equal(<<-DETAIL.chomp, exception.to_s)
++Missing end tag for 'a'
++Line: 1
++Position: 5
++Last 80 unconsumed characters:
++</
++        DETAIL
++      end
++
++      def test_empty_namespace_attribute_name
++        exception = assert_raise(REXML::ParseException) do
++          parse("<x :a=\"\"></x>")
++        end
++        assert_equal(<<-DETAIL.chomp, exception.to_s)
++Invalid attribute name: <:a="">
++Line: 1
++Position: 13
++Last 80 unconsumed characters:
++
++        DETAIL
++      end
++
++      def test_garbage_less_than_before_root_element_at_line_start
++        exception = assert_raise(REXML::ParseException) do
++          parse("<\n<x/>")
++        end
++        assert_equal(<<-DETAIL.chomp, exception.to_s)
++malformed XML: missing tag start
++Line: 2
++Position: 6
++Last 80 unconsumed characters:
++< <x/>
++        DETAIL
++      end
++
++      def test_garbage_less_than_slash_before_end_tag_at_line_start
++        exception = assert_raise(REXML::ParseException) do
++          parse("<x></\n</x>")
++        end
++        assert_equal(<<-DETAIL.chomp, exception.to_s)
++Missing end tag for 'x'
++Line: 2
++Position: 10
++Last 80 unconsumed characters:
++</ </x>
++        DETAIL
++      end
++    end
++  end
++end

ruby.spec

@@ -1,6 +1,6 @@
 Name:      ruby
 Version:   2.5.8
-Release:   112
+Release:   113
 Summary:   Object-oriented scripting language interpreter
 License:   (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD
 URL:       https://www.ruby-lang.org/
@@ -39,6 +39,8 @@ Patch0013: CVE-2019-19204.patch
 Patch0014: CVE-2019-19246.patch
 Patch0015: CVE-2019-16163.patch
 Patch0016: CVE-2020-25613.patch
+Patch6000: backport-0001-CVE-2021-28965.patch
+Patch6001: backport-0002-CVE-2021-28965.patch
 
 Provides:  %{name}-libs = %{version}-%{release}
 Obsoletes: %{name}-libs < %{version}-%{release}
@@ -576,6 +578,12 @@ make runruby TESTRUN_SCRIPT=%{SOURCE13}
 %exclude %{gem_dir}/gems/xmlrpc-0.3.0/.*
 
 %changelog
+* Tue Jul 06 2021 shixuantong <shixuantong@huawei.com> - 2.5.8-113
+- Type:cves
+- ID:CVE-2021-28965
+- SUG:NA
+- DESC:fix CVE-2021-28965
+
 * Tue Apr 20 2021 shixuantong <shixuantong@huawei.com> - 2.5.8-112
 - Type:bugfix
 - ID:NA