File 7416.patch of Package rubygem-bundler.36161
From 65cfebb041c454c246aaf32a177b0243915a9998 Mon Sep 17 00:00:00 2001
From: fatkodima <fatkodima123@gmail.com>
Date: Fri, 1 Nov 2019 23:06:10 +0200
Subject: [PATCH] Don't use insecure temporary directory as home directory
---
lib/bundler.rb | 29 +++++++++++---------------
spec/bundler/bundler_spec.rb | 38 +++++++++--------------------------
spec/bundler/settings_spec.rb | 2 +-
3 files changed, 22 insertions(+), 47 deletions(-)
Index: bundler-1.16.1/lib/bundler.rb
===================================================================
--- bundler-1.16.1.orig/lib/bundler.rb
+++ bundler-1.16.1/lib/bundler.rb
@@ -169,7 +169,7 @@ module Bundler
end
if warning
- user_home = tmp_home_path(Etc.getlogin, warning)
+ user_home = tmp_home_path(warning)
Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
user_home
else
@@ -178,21 +178,6 @@ module Bundler
end
end
- def tmp_home_path(login, warning)
- login ||= "unknown"
- Kernel.send(:require, "tmpdir")
- path = Pathname.new(Dir.tmpdir).join("bundler", "home")
- SharedHelpers.filesystem_access(path) do |tmp_home_path|
- unless tmp_home_path.exist?
- tmp_home_path.mkpath
- tmp_home_path.chmod(0o777)
- end
- tmp_home_path.join(login).tap(&:mkpath)
- end
- rescue => e
- raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
- end
-
def user_bundle_path
Pathname.new(user_home).join(".bundle")
end
@@ -533,6 +518,17 @@ EOF
Bundler.rubygems.clear_paths
end
+ def tmp_home_path(warning)
+ Kernel.send(:require, "tmpdir")
+ SharedHelpers.filesystem_access(Dir.tmpdir) do
+ path = Bundler.tmp
+ at_exit { Bundler.rm_rf(path) }
+ path
+ end
+ rescue RuntimeError => e
+ raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
+ end
+
# @param env [Hash]
def with_env(env)
backup = ENV.to_hash
