pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/misc/ruby-bundler1
Module Name: pkgsrc
Committed By: taca
Date: Sun Sep 13 14:57:05 UTC 2020
Modified Files:
pkgsrc/misc/ruby-bundler1: Makefile distinfo
Added Files:
pkgsrc/misc/ruby-bundler1/patches: patch-lib_bundler.rb
Log Message:
misc/ruby-bundler1: apply security fix
Apply patch for CVE-2019-3881.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 pkgsrc/misc/ruby-bundler1/Makefile
cvs rdiff -u -r1.1 -r1.2 pkgsrc/misc/ruby-bundler1/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/misc/ruby-bundler1/patches/patch-lib_bundler.rb
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/misc/ruby-bundler1/Makefile
diff -u pkgsrc/misc/ruby-bundler1/Makefile:1.2 pkgsrc/misc/ruby-bundler1/Makefile:1.3
--- pkgsrc/misc/ruby-bundler1/Makefile:1.2 Wed Sep 18 14:27:45 2019
+++ pkgsrc/misc/ruby-bundler1/Makefile Sun Sep 13 14:57:04 2020
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.2 2019/09/18 14:27:45 taca Exp $
+# $NetBSD: Makefile,v 1.3 2020/09/13 14:57:04 taca Exp $
DISTNAME= bundler-1.17.3
PKGNAME= ${RUBY_PKGPREFIX}-${DISTNAME:S/bundler/bundler1/}
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= misc
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
Index: pkgsrc/misc/ruby-bundler1/distinfo
diff -u pkgsrc/misc/ruby-bundler1/distinfo:1.1 pkgsrc/misc/ruby-bundler1/distinfo:1.2
--- pkgsrc/misc/ruby-bundler1/distinfo:1.1 Tue Mar 5 07:46:47 2019
+++ pkgsrc/misc/ruby-bundler1/distinfo Sun Sep 13 14:57:04 2020
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.1 2019/03/05 07:46:47 taca Exp $
+$NetBSD: distinfo,v 1.2 2020/09/13 14:57:04 taca Exp $
SHA1 (bundler-1.17.3.gem) = b5f0a9bffd4ff9b983b536704973fbe1cf49f015
RMD160 (bundler-1.17.3.gem) = dc0597bea59ff9f7f1feeec140898363e3747cac
SHA512 (bundler-1.17.3.gem) = 658de4228bc12fa5ca6ce335f76fff773f64da9f3d12f5097b4fd28d4c4f4d2a5bf12dce761b3d95432c5ea6a5aafae895df87c26660a4567db8b682aff48c02
Size (bundler-1.17.3.gem) = 364032 bytes
+SHA1 (patch-lib_bundler.rb) = bcdd308d40a9cb2972d57d1820e2085ed1bb5331
Added files:
Index: pkgsrc/misc/ruby-bundler1/patches/patch-lib_bundler.rb
diff -u /dev/null pkgsrc/misc/ruby-bundler1/patches/patch-lib_bundler.rb:1.1
--- /dev/null Sun Sep 13 14:57:05 2020
+++ pkgsrc/misc/ruby-bundler1/patches/patch-lib_bundler.rb Sun Sep 13 14:57:05 2020
@@ -0,0 +1,56 @@
+$NetBSD: patch-lib_bundler.rb,v 1.1 2020/09/13 14:57:05 taca Exp $
+
+Fix for CVE-2019-3881.
+
+--- lib/bundler.rb.orig 2020-09-07 15:06:23.171036008 +0000
++++ lib/bundler.rb
+@@ -170,8 +170,7 @@ module Bundler
+ end
+
+ if warning
+- Kernel.send(:require, "etc")
+- user_home = tmp_home_path(Etc.getlogin, warning)
++ user_home = tmp_home_path(warning)
+ Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
+ user_home
+ else
+@@ -180,21 +179,6 @@ module Bundler
+ end
+ end
+
+- def tmp_home_path(login, warning)
+- login ||= "unknown"
+- Kernel.send(:require, "tmpdir")
+- path = Pathname.new(Dir.tmpdir).join("bundler", "home")
+- SharedHelpers.filesystem_access(path) do |tmp_home_path|
+- unless tmp_home_path.exist?
+- tmp_home_path.mkpath
+- tmp_home_path.chmod(0o777)
+- end
+- tmp_home_path.join(login).tap(&:mkpath)
+- end
+- rescue RuntimeError => e
+- raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
+- end
+-
+ def user_bundle_path(dir = "home")
+ env_var, fallback = case dir
+ when "home"
+@@ -555,6 +539,17 @@ EOF
+ Bundler.rubygems.clear_paths
+ end
+
++ def tmp_home_path(warning)
++ Kernel.send(:require, "tmpdir")
++ SharedHelpers.filesystem_access(Dir.tmpdir) do
++ path = Bundler.tmp
++ at_exit { Bundler.rm_rf(path) }
++ path
++ end
++ rescue RuntimeError => e
++ raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
++ end
++
+ # @param env [Hash]
+ def with_env(env)
+ backup = ENV.to_hash
Home |
Main Index |
Thread Index |
Old Index