summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGrandbois, Brett <brett.grandbois@opengear.com>2019-02-08 01:30:34 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-05-22 00:31:48 +0100
commit0e159278a1714dc32dfab7d03336baa4cbff220e (patch)
tree3ada8a498015ef9e57abf8d6536280e806106d45
parent589437ee23a4079b34a411ff0a3c8de846228754 (diff)
downloadpoky-0e159278a1714dc32dfab7d03336baa4cbff220e.tar.gz
ruby: remove CVE-2018-1000073.patch as already fixed
rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently applied all gem extraction fails as the realpath check is done against the full path including the file to be extracted which will always fail as the file hasnt been extracted yet (From OE-Core rev: a9cc1b3f9a684c14f02b06226693b023adc3e609) Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch34
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.5.3.bb1
2 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch b/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
deleted file mode 100644
index 22fa1b5f4d..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
+++ /dev/null
@@ -1,34 +0,0 @@
1From 1b931fc03b819b9a0214be3eaca844ef534175e2 Mon Sep 17 00:00:00 2001
2From: Jonathan Claudius <jclaudius@mozilla.com>
3Date: Wed, 7 Feb 2018 23:54:52 -0500
4Subject: [PATCH] Non-working patch for deducing symlinked base-dirs
5
6---
7CVE: CVE-2018-1000073
8
9Fixed in ruby 2.7.6.
10
11Upstream-Status: Backport [github.com/rubygems/rubygems/commit/1b931fc...]
12
13Signed-off-by: Joe Slater <joe.slater@windriver.com>
14
15---
16 lib/rubygems/package.rb | 2 ++
17 1 file changed, 2 insertions(+)
18
19diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
20index dede959..cb9c74a 100644
21--- a/lib/rubygems/package.rb
22+++ b/lib/rubygems/package.rb
23@@ -421,6 +421,8 @@ EOM
24 destination_dir = File.expand_path destination_dir
25
26 destination = File.join destination_dir, filename
27+ destination = File.realpath destination if
28+ File.respond_to? :realpath
29 destination = File.expand_path destination
30
31 raise Gem::Package::PathError.new(destination, destination_dir) unless
32--
331.7.9.5
34
diff --git a/meta/recipes-devtools/ruby/ruby_2.5.3.bb b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
index e9f0453788..3fb427e90e 100644
--- a/meta/recipes-devtools/ruby/ruby_2.5.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
@@ -3,7 +3,6 @@ require ruby.inc
3SRC_URI += " \ 3SRC_URI += " \
4 file://ruby-CVE-2017-9226.patch \ 4 file://ruby-CVE-2017-9226.patch \
5 file://ruby-CVE-2017-9228.patch \ 5 file://ruby-CVE-2017-9228.patch \
6 file://CVE-2018-1000073.patch \
7 " 6 "
8 7
9SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef" 8SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef"