diff options
Diffstat (limited to 'meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch')
-rw-r--r-- | meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch deleted file mode 100644 index 83064e85ab..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch +++ /dev/null | |||
@@ -1,57 +0,0 @@ | |||
1 | From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001 | ||
2 | From: aycabta <aycabta@gmail.com> | ||
3 | Date: Sun, 2 May 2021 20:52:23 +0900 | ||
4 | Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection | ||
5 | vulnerability in CVE-2021-31799 | ||
6 | |||
7 | https://github.com/ruby/rdoc/commit/a7f5d6ab88 | ||
8 | |||
9 | CVE: CVE-2021-31799 | ||
10 | |||
11 | Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e] | ||
12 | |||
13 | Signed-off-by: Mingli Yu <mingli.yu@windriver.com> | ||
14 | --- | ||
15 | lib/rdoc/rdoc.rb | 2 +- | ||
16 | test/rdoc/test_rdoc_rdoc.rb | 12 ++++++++++++ | ||
17 | 2 files changed, 13 insertions(+), 1 deletion(-) | ||
18 | |||
19 | diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb | ||
20 | index 680a8612f7..904625f105 100644 | ||
21 | --- a/lib/rdoc/rdoc.rb | ||
22 | +++ b/lib/rdoc/rdoc.rb | ||
23 | @@ -444,7 +444,7 @@ def remove_unparseable files | ||
24 | files.reject do |file, *| | ||
25 | file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or | ||
26 | (file =~ /tags$/i and | ||
27 | - open(file, 'rb') { |io| | ||
28 | + File.open(file, 'rb') { |io| | ||
29 | io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/ | ||
30 | }) | ||
31 | end | ||
32 | diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb | ||
33 | index 3910dd4656..a83d5a1b88 100644 | ||
34 | --- a/test/rdoc/test_rdoc_rdoc.rb | ||
35 | +++ b/test/rdoc/test_rdoc_rdoc.rb | ||
36 | @@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim | ||
37 | end | ||
38 | end | ||
39 | |||
40 | + def test_remove_unparseable_CVE_2021_31799 | ||
41 | + temp_dir do | ||
42 | + file_list = ['| touch evil.txt && echo tags'] | ||
43 | + file_list.each do |f| | ||
44 | + FileUtils.touch f | ||
45 | + end | ||
46 | + | ||
47 | + assert_equal file_list, @rdoc.remove_unparseable(file_list) | ||
48 | + assert_equal file_list, Dir.children('.') | ||
49 | + end | ||
50 | + end | ||
51 | + | ||
52 | def test_setup_output_dir | ||
53 | Dir.mktmpdir {|d| | ||
54 | path = File.join d, 'testdir' | ||
55 | -- | ||
56 | 2.17.1 | ||
57 | |||