Overview

File rubygem-kramdown-CVE-2020-14001.patch of Package rubygem-kramdown.25851

--- kramdown-1.15.0.orig/lib/kramdown/options.rb	2022-09-08 12:27:15.097914404 +0000
+++ kramdown-1.15.0/lib/kramdown/options.rb	2022-09-08 12:28:08.034267960 +0000
@@ -622,6 +622,16 @@ EOF
       val
     end
 
+    define(:forbidden_inline_options, Object, %w[template], <<~EOF) do |val|
+      Defines the options that may not be set using the {::options} extension
+
+      Default: template
+      Used by: HTML converter
+    EOF
+      val.map! {|item| item.kind_of?(String) ? str_to_sym(item) : item }
+      simple_array_validator(val, :forbidden_inline_options)
+    end
+
   end
 
 end
diff -upr kramdown-1.15.0.orig/lib/kramdown/parser/kramdown/extensions.rb kramdown-1.15.0/lib/kramdown/parser/kramdown/extensions.rb
--- kramdown-1.15.0.orig/lib/kramdown/parser/kramdown/extensions.rb	2022-09-08 12:27:15.101914430 +0000
+++ kramdown-1.15.0/lib/kramdown/parser/kramdown/extensions.rb	2022-09-08 12:28:08.034267960 +0000
@@ -104,6 +104,12 @@ module Kramdown
           opts.select do |k,v|
             k = k.to_sym
             if Kramdown::Options.defined?(k)
+              if @options[:forbidden_inline_options].include?(k) ||
+                  k == :forbidden_inline_options
+                warning("Option #{k} may not be set inline")
+                next false
+              end
+
               begin
                 val = Kramdown::Options.parse(k, v)
                 @options[k] = val
diff -upr kramdown-1.15.0.orig/test/testcases/block/12_extension/options.text kramdown-1.15.0/test/testcases/block/12_extension/options.text
--- kramdown-1.15.0.orig/test/testcases/block/12_extension/options.text	2022-09-08 12:27:15.125914590 +0000
+++ kramdown-1.15.0/test/testcases/block/12_extension/options.text	2022-09-08 12:28:08.034267960 +0000
@@ -19,3 +19,5 @@ some <span>*para*</span>
 Some text[^ab].
 
 [^ab]: Some text.
+
+{::options template="/etc/passwd" /}
openSUSE Build Service is sponsored by
Places