aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGrandbois, Brett <brett.grandbois@opengear.com>2019-02-08 01:30:34 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-02-12 14:04:24 +0000
commit479620023aa0af9467ca1d2807cf7bedd73327f6 (patch)
tree67075cb46a356a09e861e8a31069b0ac3aca2fbb
parent0471307da8d1e0df27df115c47d05e7b64dea080 (diff)
downloadopenembedded-core-contrib-479620023aa0af9467ca1d2807cf7bedd73327f6.tar.gz
openembedded-core-contrib-479620023aa0af9467ca1d2807cf7bedd73327f6.tar.bz2
openembedded-core-contrib-479620023aa0af9467ca1d2807cf7bedd73327f6.zip
ruby: remove CVE-2018-1000073.patch as already fixed
rubygems 2.7.6 which is in ruby 2.5.3 has this fix and as currently applied all gem extraction fails as the realpath check is done against the full path including the file to be extracted which will always fail as the file hasnt been extracted yet Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch34
-rw-r--r--meta/recipes-devtools/ruby/ruby_2.5.3.bb1
2 files changed, 0 insertions, 35 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch b/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
deleted file mode 100644
index 22fa1b5f4d..0000000000
--- a/meta/recipes-devtools/ruby/ruby/CVE-2018-1000073.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 1b931fc03b819b9a0214be3eaca844ef534175e2 Mon Sep 17 00:00:00 2001
-From: Jonathan Claudius <jclaudius@mozilla.com>
-Date: Wed, 7 Feb 2018 23:54:52 -0500
-Subject: [PATCH] Non-working patch for deducing symlinked base-dirs
-
----
-CVE: CVE-2018-1000073
-
-Fixed in ruby 2.7.6.
-
-Upstream-Status: Backport [github.com/rubygems/rubygems/commit/1b931fc...]
-
-Signed-off-by: Joe Slater <joe.slater@windriver.com>
-
----
- lib/rubygems/package.rb | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/rubygems/package.rb b/lib/rubygems/package.rb
-index dede959..cb9c74a 100644
---- a/lib/rubygems/package.rb
-+++ b/lib/rubygems/package.rb
-@@ -421,6 +421,8 @@ EOM
- destination_dir = File.expand_path destination_dir
-
- destination = File.join destination_dir, filename
-+ destination = File.realpath destination if
-+ File.respond_to? :realpath
- destination = File.expand_path destination
-
- raise Gem::Package::PathError.new(destination, destination_dir) unless
---
-1.7.9.5
-
diff --git a/meta/recipes-devtools/ruby/ruby_2.5.3.bb b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
index e9f0453788..3fb427e90e 100644
--- a/meta/recipes-devtools/ruby/ruby_2.5.3.bb
+++ b/meta/recipes-devtools/ruby/ruby_2.5.3.bb
@@ -3,7 +3,6 @@ require ruby.inc
SRC_URI += " \
file://ruby-CVE-2017-9226.patch \
file://ruby-CVE-2017-9228.patch \
- file://CVE-2018-1000073.patch \
"
SRC_URI[md5sum] = "20c85b67846d49622ef3b24230803fef"