1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[rubygems/rubygems] Stop storing executable names in ivars

Browse Source 
Removes usage of these classes as ACE gadgets

See https://nastystereo.com/security/ruby-3.4-deserialization.html

Signed-off-by: Samuel Giddins <segiddins@segiddins.me>

https://github.com/rubygems/rubygems/commit/89ad04db86
This commit is contained in:
Samuel Giddins 2024-12-04 12:45:53 -08:00 committed by git
parent 6877c38866
commit 7daf85bdf2
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/rubygems/resolver/git_set.rb
View File

@ -36,7 +36,6 @@ class Gem::Resolver::GitSet < Gem::Resolver::Set
def initialize # :nodoc: def initialize # :nodoc:
super() super()
@git = ENV["git"] || "git"
@need_submodules = {} @need_submodules = {}
@repositories = {} @repositories = {}
@root_dir = Gem.dir @root_dir = Gem.dir

19
lib/rubygems/source/git.rb
View File

@ -58,7 +58,6 @@ class Gem::Source::Git < Gem::Source
@remote = true @remote = true
@root_dir = Gem.dir @root_dir = Gem.dir
@git = ENV["git"] || "git"
end end
def <=>(other) def <=>(other)
@ -81,6 +80,10 @@ class Gem::Source::Git < Gem::Source
@need_submodules == other.need_submodules @need_submodules == other.need_submodules
end end
def git_command
ENV.fetch("git", "git")
end
## ##
# Checks out the files for the repository into the install_dir. # Checks out the files for the repository into the install_dir.
@ -90,18 +93,18 @@ class Gem::Source::Git < Gem::Source
return false unless File.exist? repo_cache_dir return false unless File.exist? repo_cache_dir
unless File.exist? install_dir unless File.exist? install_dir
system @git, "clone", "--quiet", "--no-checkout", system git, "clone", "--quiet", "--no-checkout",
repo_cache_dir, install_dir repo_cache_dir, install_dir
end end
Dir.chdir install_dir do Dir.chdir install_dir do
system @git, "fetch", "--quiet", "--force", "--tags", install_dir system git, "fetch", "--quiet", "--force", "--tags", install_dir
success = system @git, "reset", "--quiet", "--hard", rev_parse success = system git, "reset", "--quiet", "--hard", rev_parse
if @need_submodules if @need_submodules
require "open3" require "open3"
_, status = Open3.capture2e(@git, "submodule", "update", "--quiet", "--init", "--recursive") _, status = Open3.capture2e(git, "submodule", "update", "--quiet", "--init", "--recursive")
success &&= status.success? success &&= status.success?
end end
@ -118,11 +121,11 @@ class Gem::Source::Git < Gem::Source
if File.exist? repo_cache_dir if File.exist? repo_cache_dir
Dir.chdir repo_cache_dir do Dir.chdir repo_cache_dir do
system @git, "fetch", "--quiet", "--force", "--tags", system git, "fetch", "--quiet", "--force", "--tags",
@repository, "refs/heads/*:refs/heads/*" @repository, "refs/heads/*:refs/heads/*"
end end
else else
system @git, "clone", "--quiet", "--bare", "--no-hardlinks", system git, "clone", "--quiet", "--bare", "--no-hardlinks",
@repository, repo_cache_dir @repository, repo_cache_dir
end end
end end
@ -182,7 +185,7 @@ class Gem::Source::Git < Gem::Source
hash = nil hash = nil
Dir.chdir repo_cache_dir do Dir.chdir repo_cache_dir do
hash = Gem::Util.popen(@git, "rev-parse", @reference).strip hash = Gem::Util.popen(git_command, "rev-parse", @reference).strip
end end
raise Gem::Exception, raise Gem::Exception,