Projects
openEuler:20.03:LTS:SP1
ruby
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 33
View file
_service:tar_scm_kernel_repo:ruby.spec
Changed
@@ -1,6 +1,6 @@ Name: ruby Version: 2.5.8 -Release: 122 +Release: 123 Summary: Object-oriented scripting language interpreter License: (Ruby or BSD) and Public Domain and MIT and CC0 and zlib and UCD URL: https://www.ruby-lang.org/ @@ -60,6 +60,7 @@ Patch6017: backport-CVE-2024-27281-Filter-marshaled-objects.patch Patch6018: backport-CVE-2024-27281-Use-safe_load-for-.rdoc_options.patch Patch6019: backport-CVE-2024-27281-Fix-NoMethodError-for-start_with.patch +Patch6020: backport-Use-File.open-instead-of-Kernel-open.patch Provides: %{name}-libs = %{version}-%{release} Obsoletes: %{name}-libs < %{version}-%{release} @@ -597,6 +598,9 @@ %exclude %{gem_dir}/gems/xmlrpc-0.3.0/.* %changelog +* Sun Apr 07 2024 shixuantong <shixuantong1@huawei.com> - 2.5.8-123 +- Use File.open instead of Kernel#open to avoid potential security risks + * Sat Mar 30 2024 shixuantong <shixuantong1@huawei.com> - 2.5.8-122 - fix CVE-2024-27281
View file
_service:tar_scm_kernel_repo:backport-Use-File.open-instead-of-Kernel-open.patch
Added
@@ -0,0 +1,405 @@ +From 4a8c6ba6c4bd65a96949b994f4e10f2ac3342262 Mon Sep 17 00:00:00 2001 +From: SHIBATA Hiroshi <hsbt@ruby-lang.org> +Date: Fri, 5 Jan 2018 16:10:12 +0900 +Subject: [PATCH] Use `File.open` instead of `Kernel#open`. + + We should use safety method. +--- + lib/rdoc/encoding.rb | 2 +- + lib/rdoc/erbio.rb | 2 +- + lib/rdoc/options.rb | 2 +- + lib/rdoc/parser.rb | 2 +- + lib/rdoc/rdoc.rb | 4 ++-- + lib/rdoc/ri/driver.rb | 2 +- + lib/rdoc/store.rb | 8 ++++---- + test/rdoc/test_rdoc_parser.rb | 18 +++++++++--------- + test/rdoc/test_rdoc_rdoc.rb | 18 +++++++++--------- + test/rdoc/test_rdoc_ri_paths.rb | 2 +- + test/rdoc/test_rdoc_servlet.rb | 2 +- + test/rdoc/test_rdoc_store.rb | 12 ++++++------ + 12 files changed, 37 insertions(+), 37 deletions(-) + +diff --git a/lib/rdoc/encoding.rb b/lib/rdoc/encoding.rb +index 54ecd89..c277efb 100644 +--- a/lib/rdoc/encoding.rb ++++ b/lib/rdoc/encoding.rb +@@ -18,7 +18,7 @@ module RDoc::Encoding + # unknown character in the target encoding will be replaced with '?' + + def self.read_file filename, encoding, force_transcode = false +- content = open filename, "rb" do |f| f.read end ++ content = File.open filename, "rb" do |f| f.read end + content.gsub!("\r\n", "\n") if RUBY_PLATFORM =~ /mswin|mingw/ + + utf8 = content.sub!(/\A\xef\xbb\xbf/, '') +diff --git a/lib/rdoc/erbio.rb b/lib/rdoc/erbio.rb +index 42ce895..29a9db5 100644 +--- a/lib/rdoc/erbio.rb ++++ b/lib/rdoc/erbio.rb +@@ -9,7 +9,7 @@ require 'erb' + # + # erbio = RDoc::ERBIO.new '<%= "hello world" %>', nil, nil + # +-# open 'hello.txt', 'w' do |io| ++# File.open 'hello.txt', 'w' do |io| + # erbio.result binding + # end + # +diff --git a/lib/rdoc/options.rb b/lib/rdoc/options.rb +index 17bbca8..99d7aaa 100644 +--- a/lib/rdoc/options.rb ++++ b/lib/rdoc/options.rb +@@ -1217,7 +1217,7 @@ Usage: #{opt.program_name} [options] [names...] + def write_options + RDoc.load_yaml + +- open '.rdoc_options', 'w' do |io| ++ File.open '.rdoc_options', 'w' do |io| + io.set_encoding Encoding::UTF_8 + + YAML.dump self, io +diff --git a/lib/rdoc/parser.rb b/lib/rdoc/parser.rb +index 2b826d9..597bcd6 100644 +--- a/lib/rdoc/parser.rb ++++ b/lib/rdoc/parser.rb +@@ -139,7 +139,7 @@ class RDoc::Parser + # Returns the file type from the modeline in +file_name+ + + def self.check_modeline file_name +- line = open file_name do |io| ++ line = File.open file_name do |io| + io.gets + end + +diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb +index e0a45b8..0089fe9 100644 +--- a/lib/rdoc/rdoc.rb ++++ b/lib/rdoc/rdoc.rb +@@ -189,7 +189,7 @@ class RDoc::RDoc + error "#{dir} exists and is not a directory" unless File.directory? dir + + begin +- open flag_file do |io| ++ File.open flag_file do |io| + unless force then + Time.parse io.gets + +@@ -234,7 +234,7 @@ option) + def update_output_dir(op_dir, time, last = {}) + return if @options.dry_run or not @options.update_output_dir + +- open output_flag_file(op_dir), "w" do |f| ++ File.open output_flag_file(op_dir), "w" do |f| + f.puts time.rfc2822 + last.each do |n, t| + f.puts "#{n}\t#{t.rfc2822}" +diff --git a/lib/rdoc/ri/driver.rb b/lib/rdoc/ri/driver.rb +index fa0e040..6b44384 100644 +--- a/lib/rdoc/ri/driver.rb ++++ b/lib/rdoc/ri/driver.rb +@@ -110,7 +110,7 @@ class RDoc::RI::Driver + def self.dump data_path + require 'pp' + +- open data_path, 'rb' do |io| ++ File.open data_path, 'rb' do |io| + pp Marshal.load(io.read) + end + end +diff --git a/lib/rdoc/store.rb b/lib/rdoc/store.rb +index 07d03e9..f892df3 100644 +--- a/lib/rdoc/store.rb ++++ b/lib/rdoc/store.rb +@@ -768,7 +768,7 @@ class RDoc::Store + + marshal = Marshal.dump @cache + +- open cache_path, 'wb' do |io| ++ File.open cache_path, 'wb' do |io| + io.write marshal + end + end +@@ -844,7 +844,7 @@ class RDoc::Store + + marshal = Marshal.dump klass + +- open path, 'wb' do |io| ++ File.open path, 'wb' do |io| + io.write marshal + end + end +@@ -869,7 +869,7 @@ class RDoc::Store + + marshal = Marshal.dump method + +- open method_file(full_name, method.full_name), 'wb' do |io| ++ File.open method_file(full_name, method.full_name), 'wb' do |io| + io.write marshal + end + end +@@ -891,7 +891,7 @@ class RDoc::Store + + marshal = Marshal.dump page + +- open path, 'wb' do |io| ++ File.open path, 'wb' do |io| + io.write marshal + end + end +diff --git a/test/rdoc/test_rdoc_parser.rb b/test/rdoc/test_rdoc_parser.rb +index 5d4da7e..2cd0394 100644 +--- a/test/rdoc/test_rdoc_parser.rb ++++ b/test/rdoc/test_rdoc_parser.rb +@@ -19,7 +19,7 @@ class TestRDocParser < RDoc::TestCase + def test_class_binary_eh_ISO_2022_JP + iso_2022_jp = File.join Dir.tmpdir, "test_rdoc_parser_#{$$}.rd" + +- open iso_2022_jp, 'wb' do |io| ++ File.open iso_2022_jp, 'wb' do |io| + io.write "# coding: ISO-2022-JP\n" + io.write ":\e$B%3%^%s%I\e(B:\n" + end +@@ -31,7 +31,7 @@ class TestRDocParser < RDoc::TestCase + + def test_class_binary_eh_marshal + marshal = File.join Dir.tmpdir, "test_rdoc_parser_#{$$}.marshal" +- open marshal, 'wb' do |io| ++ File.open marshal, 'wb' do |io| + io.write Marshal.dump('') + io.write 'lots of text ' * 500 + end +@@ -92,7 +92,7 @@ class TestRDocParser < RDoc::TestCase + def test_class_for_executable + temp_dir do + content = "#!/usr/bin/env ruby -w\n" +- open 'app', 'w' do |io| io.write content end ++ File.open 'app', 'w' do |io| io.write content end + app = @store.add_file 'app' + + parser = @RP.for app, 'app', content, @options, :stats +@@ -126,7 +126,7 @@ class TestRDocParser < RDoc::TestCase + temp_dir do + content = "# -*- rdoc -*-\n= NEWS\n" + +- open 'NEWS', 'w' do |io| io.write content end ++ File.open 'NEWS', 'w' do |io| io.write content end + app = @store.add_file 'NEWS' + + parser = @RP.for app, 'NEWS', content, @options, :stats +@@ -140,7 +140,7 @@ class TestRDocParser < RDoc::TestCase + def test_can_parse_modeline + readme_ext = File.join Dir.tmpdir, "README.EXT.#{$$}" + +- open readme_ext, 'w' do |io| ++ File.open readme_ext, 'w' do |io| + io.puts "# README.EXT - -*- rdoc -*- created at: Mon Aug 7 16:45:54 JST 1995" + io.puts + io.puts "This document explains how to make extension libraries for Ruby." +@@ -162,7 +162,7 @@ class TestRDocParser < RDoc::TestCase + def test_check_modeline
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.