]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: bddf9be)
ruby: remove CVE-2018-1000073.patch as already fixed
authorGrandbois, Brett <brett.grandbois@opengear.com>
Fri, 8 Feb 2019 01:30:34 +0000 (01:30 +0000)
committerArmin Kuster <akuster808@gmail.com>
Sun, 14 Apr 2019 14:23:40 +0000 (07:23 -0700)
rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently
applied all gem extraction fails as the realpath check is done against
the full path including the file to be extracted which will always fail
as the file hasnt been extracted yet

Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch [deleted file] patch | blob | history
meta/recipes-devtools/ruby/ruby_2.5.3.bb patch | blob | history

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch b/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
deleted file mode 100644 (file)
index 22fa1b5..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1b931fc03b819b9a0214be3eaca844ef534175e2 Mon Sep 17 00:00:00 2001
-From: Jonathan Claudius <jclaudius@mozilla.com>
-Date: Wed, 7 Feb 2018 23:54:52 -0500
-Subject: [PATCH] Non-working patch for deducing symlinked base-dirs
-
----
-CVE: CVE-2018-1000073
-
-Fixed in ruby 2.7.6.
-
-Upstream-Status: Backport [github.com/rubygems/rubygems/commit/1b931fc...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
----
- lib/rubygems/package.rb |    2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
-index dede959..cb9c74a 100644
---- a/lib/rubygems/package.rb
-+++ b/lib/rubygems/package.rb
-@@ -421,6 +421,8 @@ EOM
-     destination_dir = File.expand_path destination_dir
-     destination = File.join destination_dir, filename
-+    destination = File.realpath destination if
-+      File.respond_to? :realpath
-     destination = File.expand_path destination
-     raise Gem::Package::PathError.new(destination, destination_dir) unless
--- 
-1.7.9.5
-
diff --git a/meta/recipes-devtools/ruby/ruby_2.5.3.bb b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
index e9f0453788dc2ef0fb497673276eeb9671bc1f61..3fb427e90ece005ac7577f47e79c8e526c8ff1c8 100644 (file)
--- a/meta/recipes-devtools/ruby/ruby_2.5.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
@@ -3,7 +3,6 @@ require ruby.inc
 SRC_URI += " \
            file://ruby-CVE-2017-9226.patch \
            file://ruby-CVE-2017-9228.patch \
-           file://CVE-2018-1000073.patch \
            "
 
 SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef"
Mirror of the official openembedded-core repository