[pkgsrc/trunk]: pkgsrc/misc/ruby-bundler1 misc/ruby-bundler1: apply security fix

[taca <taca%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/bb09149c756f
branches:  trunk
changeset: 439019:bb09149c756f
user:      taca <taca%pkgsrc.org@localhost>
date:      Sun Sep 13 14:57:04 2020 +0000

description:
misc/ruby-bundler1: apply security fix

Apply patch for CVE-2019-3881.

Bump PKGREVISION.

diffstat:

 misc/ruby-bundler1/Makefile                     |   4 +-
 misc/ruby-bundler1/distinfo                     |   3 +-
 misc/ruby-bundler1/patches/patch-lib_bundler.rb |  56 +++++++++++++++++++++++++
 3 files changed, 60 insertions(+), 3 deletions(-)

diffs (86 lines):

diff -r 33ed3c1b7bec -r bb09149c756f misc/ruby-bundler1/Makefile
--- a/misc/ruby-bundler1/Makefile       Sun Sep 13 14:55:53 2020 +0000
+++ b/misc/ruby-bundler1/Makefile       Sun Sep 13 14:57:04 2020 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2019/09/18 14:27:45 taca Exp $
+# $NetBSD: Makefile,v 1.3 2020/09/13 14:57:04 taca Exp $
 
 DISTNAME=      bundler-1.17.3
 PKGNAME=       ${RUBY_PKGPREFIX}-${DISTNAME:S/bundler/bundler1/}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    misc
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 33ed3c1b7bec -r bb09149c756f misc/ruby-bundler1/distinfo
--- a/misc/ruby-bundler1/distinfo       Sun Sep 13 14:55:53 2020 +0000
+++ b/misc/ruby-bundler1/distinfo       Sun Sep 13 14:57:04 2020 +0000
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1 2019/03/05 07:46:47 taca Exp $
+$NetBSD: distinfo,v 1.2 2020/09/13 14:57:04 taca Exp $
 
 SHA1 (bundler-1.17.3.gem) = b5f0a9bffd4ff9b983b536704973fbe1cf49f015
 RMD160 (bundler-1.17.3.gem) = dc0597bea59ff9f7f1feeec140898363e3747cac
 SHA512 (bundler-1.17.3.gem) = 658de4228bc12fa5ca6ce335f76fff773f64da9f3d12f5097b4fd28d4c4f4d2a5bf12dce761b3d95432c5ea6a5aafae895df87c26660a4567db8b682aff48c02
 Size (bundler-1.17.3.gem) = 364032 bytes
+SHA1 (patch-lib_bundler.rb) = bcdd308d40a9cb2972d57d1820e2085ed1bb5331
diff -r 33ed3c1b7bec -r bb09149c756f misc/ruby-bundler1/patches/patch-lib_bundler.rb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/ruby-bundler1/patches/patch-lib_bundler.rb   Sun Sep 13 14:57:04 2020 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-lib_bundler.rb,v 1.1 2020/09/13 14:57:05 taca Exp $
+
+Fix for CVE-2019-3881.
+
+--- lib/bundler.rb.orig        2020-09-07 15:06:23.171036008 +0000
++++ lib/bundler.rb
+@@ -170,8 +170,7 @@ module Bundler
+         end
+ 
+         if warning
+-          Kernel.send(:require, "etc")
+-          user_home = tmp_home_path(Etc.getlogin, warning)
++          user_home = tmp_home_path(warning)
+           Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
+           user_home
+         else
+@@ -180,21 +179,6 @@ module Bundler
+       end
+     end
+ 
+-    def tmp_home_path(login, warning)
+-      login ||= "unknown"
+-      Kernel.send(:require, "tmpdir")
+-      path = Pathname.new(Dir.tmpdir).join("bundler", "home")
+-      SharedHelpers.filesystem_access(path) do |tmp_home_path|
+-        unless tmp_home_path.exist?
+-          tmp_home_path.mkpath
+-          tmp_home_path.chmod(0o777)
+-        end
+-        tmp_home_path.join(login).tap(&:mkpath)
+-      end
+-    rescue RuntimeError => e
+-      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
+-    end
+-
+     def user_bundle_path(dir = "home")
+       env_var, fallback = case dir
+                           when "home"
+@@ -555,6 +539,17 @@ EOF
+       Bundler.rubygems.clear_paths
+     end
+ 
++    def tmp_home_path(warning)
++      Kernel.send(:require, "tmpdir")
++      SharedHelpers.filesystem_access(Dir.tmpdir) do
++        path = Bundler.tmp
++        at_exit { Bundler.rm_rf(path) }
++        path
++      end
++    rescue RuntimeError => e
++      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
++    end
++
+     # @param env [Hash]
+     def with_env(env)
+       backup = ENV.to_hash