1 files changed, 0 insertions, 57 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
deleted file mode 100644
index 83064e85ab..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
-From: aycabta <aycabta@gmail.com>
-Date: Sun, 2 May 2021 20:52:23 +0900
-Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection
- vulnerability in CVE-2021-31799
-https://github.com/ruby/rdoc/commit/a7f5d6ab88
-CVE: CVE-2021-31799
-Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e]
-Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
---
- lib/rdoc/rdoc.rb            |  2 +-
- test/rdoc/test_rdoc_rdoc.rb | 12 ++++++++++++
- 2 files changed, 13 insertions(+), 1 deletion(-)
-diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
-index 680a8612f7..904625f105 100644
--- a/lib/rdoc/rdoc.rb
-+++ b/lib/rdoc/rdoc.rb
-@@ -444,7 +444,7 @@ def remove_unparseable files
-     files.reject do |file, *|
-       file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or
-         (file =~ /tags$/i and
-         open(file, 'rb') { |io|
-+         File.open(file, 'rb') { |io|
-            io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
-          })
-     end
-diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
-index 3910dd4656..a83d5a1b88 100644
--- a/test/rdoc/test_rdoc_rdoc.rb
-+++ b/test/rdoc/test_rdoc_rdoc.rb
-@@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim
-     end
-   end
- 
-+  def test_remove_unparseable_CVE_2021_31799
-+    temp_dir do
-+      file_list = ['| touch evil.txt && echo tags']
-+      file_list.each do |f|
-+        FileUtils.touch f
-+      end
-+
-+      assert_equal file_list, @rdoc.remove_unparseable(file_list)
-+      assert_equal file_list, Dir.children('.')
-+    end
-+  end
-+
-   def test_setup_output_dir
-     Dir.mktmpdir {|d|
-       path = File.join d, 'testdir'
-- 
-2.17.1

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch deleted file mode 100644 index 83064e85ab..0000000000 --- a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch +++ /dev/null
@@ -1,57 +0,0 @@
1	From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
2	From: aycabta <aycabta@gmail.com>
3	Date: Sun, 2 May 2021 20:52:23 +0900
4	Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection
5	vulnerability in CVE-2021-31799
6
7	https://github.com/ruby/rdoc/commit/a7f5d6ab88
8
9	CVE: CVE-2021-31799
10
11	Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e]
12
13	Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
14	---
15	lib/rdoc/rdoc.rb \| 2 +-
16	test/rdoc/test_rdoc_rdoc.rb \| 12 ++++++++++++
17	2 files changed, 13 insertions(+), 1 deletion(-)
18
19	diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
20	index 680a8612f7..904625f105 100644
21	--- a/lib/rdoc/rdoc.rb
22	+++ b/lib/rdoc/rdoc.rb
23	@@ -444,7 +444,7 @@ def remove_unparseable files
24	files.reject do \|file, *\|
25	file =~ /\.(?:class\|eps\|erb\|scpt\.txt\|svg\|ttf\|yml)$/i or
26	(file =~ /tags$/i and
27	- open(file, 'rb') { \|io\|
28	+ File.open(file, 'rb') { \|io\|
29	io.read(100) =~ /\A(\f\n[^,]+,\d+$\|!_TAG_)/
30	})
31	end
32	diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
33	index 3910dd4656..a83d5a1b88 100644
34	--- a/test/rdoc/test_rdoc_rdoc.rb
35	+++ b/test/rdoc/test_rdoc_rdoc.rb
36	@@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim
37	end
38	end
39
40	+ def test_remove_unparseable_CVE_2021_31799
41	+ temp_dir do
42	+ file_list = ['\| touch evil.txt && echo tags']
43	+ file_list.each do \|f\|
44	+ FileUtils.touch f
45	+ end
46	+
47	+ assert_equal file_list, @rdoc.remove_unparseable(file_list)
48	+ assert_equal file_list, Dir.children('.')
49	+ end
50	+ end
51	+
52	def test_setup_output_dir
53	Dir.mktmpdir {\|d\|
54	path = File.join d, 'testdir'
55	--
56	2.17.1
57