Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

Don't use insecure temporary directory as home directory #7416

Merged
1 commit merged into from Nov 7, 2019

Conversation

fatkodima
Copy link
Contributor

Closes #6501

Copy link
Member

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix looks good to me, I just added a few comments but this is something we should definitely do in my opinion, specially since Debian seems to already be patching this.

lib/bundler.rb Outdated Show resolved Hide resolved
spec/bundler/bundler_spec.rb Show resolved Hide resolved
@fatkodima
Copy link
Contributor Author

@deivid-rodriguez Updated with your suggestion of making method private. I am doubt too that anybody uses it.

Copy link
Member

@deivid-rodriguez deivid-rodriguez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me! I'll leave it a couple more days in case other maintainers have other insights/concerns.

Thanks for this!

@deivid-rodriguez deivid-rodriguez added this to the 2.1.0.pre.3 milestone Nov 6, 2019
@deivid-rodriguez
Copy link
Member

@bundlerbot merge

ghost pushed a commit that referenced this pull request Nov 7, 2019
7416: Don't use insecure temporary directory as home directory r=deivid-rodriguez a=fatkodima

Closes #6501 

Co-authored-by: fatkodima <fatkodima123@gmail.com>
@ghost
Copy link

ghost commented Nov 7, 2019

Build succeeded

@ghost ghost merged commit 65cfebb into rubygems:master Nov 7, 2019
deivid-rodriguez pushed a commit that referenced this pull request Nov 7, 2019
7416: Don't use insecure temporary directory as home directory r=deivid-rodriguez a=fatkodima

Closes #6501

Co-authored-by: fatkodima <fatkodima123@gmail.com>
(cherry picked from commit ac758c8)
hsbt added a commit to ruby/ruby that referenced this pull request Nov 11, 2019
  Features:
    - Add caller information to some deprecation messages to make them easier to fix [#7361](rubygems/bundler#7361)
    - Reconcile `bundle cache` vs `bundle package` everywhere. Now in docs, CLI help and everywhere else `bundle cache` is the preferred version and `bundle package` remains as an alias [#7389](rubygems/bundler#7389)
    - Display some basic `bundler` documentation together with ruby's RDoc based documentation [#7394](rubygems/bundler#7394)

  Bugfixes:
    - Fix typos deprecation message and upgrading docs [#7374](rubygems/bundler#7374)
    - Deprecation warnings about `taint` usage on ruby 2.7 [#7385](rubygems/bundler#7385)
    - Fix `--help` flag not correctly delegating to `man` when used with command aliases [#7388](rubygems/bundler#7388)
    - `bundle add` should cache newly added gems if an application cache exists [#7393](rubygems/bundler#7393)
    - Stop using an insecure folder as a "fallback home" when user home is not defined [#7416](rubygems/bundler#7416)
    - Fix `bundler/inline` warning about `Bundler.root` redefinition [#7417](rubygems/bundler#7417)
This pull request was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

tmp_home_path insecure
2 participants