-
Notifications
You must be signed in to change notification settings - Fork 160
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
misc/ruby-bundler1: apply security fix
Apply patch for CVE-2019-3881. Bump PKGREVISION.
- Loading branch information
taca
committed
Sep 13, 2020
1 parent
715d727
commit 4dc8c54
Showing
3 changed files
with
60 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,6 +1,7 @@ | ||
| $NetBSD: distinfo,v 1.1 2019/03/05 07:46:47 taca Exp $ | ||
| $NetBSD: distinfo,v 1.2 2020/09/13 14:57:04 taca Exp $ | ||
|
|
||
| SHA1 (bundler-1.17.3.gem) = b5f0a9bffd4ff9b983b536704973fbe1cf49f015 | ||
| RMD160 (bundler-1.17.3.gem) = dc0597bea59ff9f7f1feeec140898363e3747cac | ||
| SHA512 (bundler-1.17.3.gem) = 658de4228bc12fa5ca6ce335f76fff773f64da9f3d12f5097b4fd28d4c4f4d2a5bf12dce761b3d95432c5ea6a5aafae895df87c26660a4567db8b682aff48c02 | ||
| Size (bundler-1.17.3.gem) = 364032 bytes | ||
| SHA1 (patch-lib_bundler.rb) = bcdd308d40a9cb2972d57d1820e2085ed1bb5331 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| $NetBSD: patch-lib_bundler.rb,v 1.1 2020/09/13 14:57:05 taca Exp $ | ||
|
|
||
| Fix for CVE-2019-3881. | ||
|
|
||
| --- lib/bundler.rb.orig 2020-09-07 15:06:23.171036008 +0000 | ||
| +++ lib/bundler.rb | ||
| @@ -170,8 +170,7 @@ module Bundler | ||
| end | ||
|
|
||
| if warning | ||
| - Kernel.send(:require, "etc") | ||
| - user_home = tmp_home_path(Etc.getlogin, warning) | ||
| + user_home = tmp_home_path(warning) | ||
| Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n" | ||
| user_home | ||
| else | ||
| @@ -180,21 +179,6 @@ module Bundler | ||
| end | ||
| end | ||
|
|
||
| - def tmp_home_path(login, warning) | ||
| - login ||= "unknown" | ||
| - Kernel.send(:require, "tmpdir") | ||
| - path = Pathname.new(Dir.tmpdir).join("bundler", "home") | ||
| - SharedHelpers.filesystem_access(path) do |tmp_home_path| | ||
| - unless tmp_home_path.exist? | ||
| - tmp_home_path.mkpath | ||
| - tmp_home_path.chmod(0o777) | ||
| - end | ||
| - tmp_home_path.join(login).tap(&:mkpath) | ||
| - end | ||
| - rescue RuntimeError => e | ||
| - raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}") | ||
| - end | ||
| - | ||
| def user_bundle_path(dir = "home") | ||
| env_var, fallback = case dir | ||
| when "home" | ||
| @@ -555,6 +539,17 @@ EOF | ||
| Bundler.rubygems.clear_paths | ||
| end | ||
|
|
||
| + def tmp_home_path(warning) | ||
| + Kernel.send(:require, "tmpdir") | ||
| + SharedHelpers.filesystem_access(Dir.tmpdir) do | ||
| + path = Bundler.tmp | ||
| + at_exit { Bundler.rm_rf(path) } | ||
| + path | ||
| + end | ||
| + rescue RuntimeError => e | ||
| + raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}") | ||
| + end | ||
| + | ||
| # @param env [Hash] | ||
| def with_env(env) | ||
| backup = ENV.to_hash |