[oe-commits] [openembedded-core] 37/66: ruby: remove CVE-2018-1000073.patch as already fixed

git at git.openembedded.org git at git.openembedded.org
Tue May 21 23:33:00 UTC 2019 

This is an automated email from the git hooks/post-receive script.

rpurdie pushed a commit to branch thud
in repository openembedded-core.

commit a9cc1b3f9a684c14f02b06226693b023adc3e609
Author: Grandbois, Brett <brett.grandbois at opengear.com>
AuthorDate: Fri Feb 8 01:30:34 2019 +0000

    ruby: remove CVE-2018-1000073.patch as already fixed
    
    rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently
    applied all gem extraction fails as the realpath check is done against
    the full path including the file to be extracted which will always fail
    as the file hasnt been extracted yet
    
    Signed-off-by: Brett Grandbois <brett.grandbois at opengear.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 .../ruby/ruby/CVE-2018-1000073.patch               | 34 ----------------------
 meta/recipes-devtools/ruby/ruby_2.5.3.bb           |  1 -
 2 files changed, 35 deletions(-)

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch b/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
deleted file mode 100644
index 22fa1b5..0000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1b931fc03b819b9a0214be3eaca844ef534175e2 Mon Sep 17 00:00:00 2001
-From: Jonathan Claudius <jclaudius at mozilla.com>
-Date: Wed, 7 Feb 2018 23:54:52 -0500
-Subject: [PATCH] Non-working patch for deducing symlinked base-dirs
-
----
-CVE: CVE-2018-1000073
-
-Fixed in ruby 2.7.6.
-
-Upstream-Status: Backport [github.com/rubygems/rubygems/commit/1b931fc...]
-
-Signed-off-by: Joe Slater <joe.slater at windriver.com>
-
----
- lib/rubygems/package.rb |    2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
-index dede959..cb9c74a 100644
---- a/lib/rubygems/package.rb
-+++ b/lib/rubygems/package.rb
-@@ -421,6 +421,8 @@ EOM
-     destination_dir = File.expand_path destination_dir
- 
-     destination = File.join destination_dir, filename
-+    destination = File.realpath destination if
-+      File.respond_to? :realpath
-     destination = File.expand_path destination
- 
-     raise Gem::Package::PathError.new(destination, destination_dir) unless
--- 
-1.7.9.5
-
diff --git a/meta/recipes-devtools/ruby/ruby_2.5.3.bb b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
index e9f0453..3fb427e 100644
--- a/meta/recipes-devtools/ruby/ruby_2.5.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
@@ -3,7 +3,6 @@ require ruby.inc
 SRC_URI += " \
            file://ruby-CVE-2017-9226.patch \
            file://ruby-CVE-2017-9228.patch \
-           file://CVE-2018-1000073.patch \
            "
 
 SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef"

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list