Skip to content
This repository has been archived by the owner. It is now read-only.

Don't use insecure temporary directory as home directory #7416

Merged
1 commit merged into from Nov 7, 2019

Conversation

fatkodima
Copy link
Contributor

@fatkodima fatkodima commented Nov 1, 2019

Closes #6501

Copy link
Member

@deivid-rodriguez deivid-rodriguez left a comment

The fix looks good to me, I just added a few comments but this is something we should definitely do in my opinion, specially since Debian seems to already be patching this.

lib/bundler.rb Outdated Show resolved Hide resolved
spec/bundler/bundler_spec.rb Show resolved Hide resolved
@fatkodima fatkodima force-pushed the secure-temporary-dir-as-home branch from 6bd9ea0 to 65cfebb Compare Nov 4, 2019
@fatkodima
Copy link
Contributor Author

fatkodima commented Nov 4, 2019

@deivid-rodriguez Updated with your suggestion of making method private. I am doubt too that anybody uses it.

Copy link
Member

@deivid-rodriguez deivid-rodriguez left a comment

Looks good to me! I'll leave it a couple more days in case other maintainers have other insights/concerns.

Thanks for this!

@deivid-rodriguez deivid-rodriguez added this to the 2.1.0.pre.3 milestone Nov 6, 2019
@deivid-rodriguez
Copy link
Member

deivid-rodriguez commented Nov 7, 2019

@bundlerbot merge

ghost pushed a commit that referenced this issue Nov 7, 2019
7416: Don't use insecure temporary directory as home directory r=deivid-rodriguez a=fatkodima

Closes #6501 

Co-authored-by: fatkodima <fatkodima123@gmail.com>
@ghost
Copy link

ghost commented Nov 7, 2019

Build succeeded

@ghost ghost merged commit 65cfebb into rubygems:master Nov 7, 2019
3 checks passed
deivid-rodriguez pushed a commit that referenced this issue Nov 7, 2019
7416: Don't use insecure temporary directory as home directory r=deivid-rodriguez a=fatkodima

Closes #6501

Co-authored-by: fatkodima <fatkodima123@gmail.com>
(cherry picked from commit ac758c8)
hsbt added a commit to hsbt/ruby that referenced this issue Nov 11, 2019
  Features:
    - Add caller information to some deprecation messages to make them easier to fix [#7361](rubygems/bundler#7361)
    - Reconcile `bundle cache` vs `bundle package` everywhere. Now in docs, CLI help and everywhere else `bundle cache` is the preferred version and `bundle package` remains as an alias [#7389](rubygems/bundler#7389)
    - Display some basic `bundler` documentation together with ruby's RDoc based documentation [#7394](rubygems/bundler#7394)

  Bugfixes:
    - Fix typos deprecation message and upgrading docs [#7374](rubygems/bundler#7374)
    - Deprecation warnings about `taint` usage on ruby 2.7 [#7385](rubygems/bundler#7385)
    - Fix `--help` flag not correctly delegating to `man` when used with command aliases [#7388](rubygems/bundler#7388)
    - `bundle add` should cache newly added gems if an application cache exists [#7393](rubygems/bundler#7393)
    - Stop using an insecure folder as a "fallback home" when user home is not defined [#7416](rubygems/bundler#7416)
    - Fix `bundler/inline` warning about `Bundler.root` redefinition [#7417](rubygems/bundler#7417)
hsbt added a commit to ruby/ruby that referenced this issue Nov 11, 2019
  Features:
    - Add caller information to some deprecation messages to make them easier to fix [#7361](rubygems/bundler#7361)
    - Reconcile `bundle cache` vs `bundle package` everywhere. Now in docs, CLI help and everywhere else `bundle cache` is the preferred version and `bundle package` remains as an alias [#7389](rubygems/bundler#7389)
    - Display some basic `bundler` documentation together with ruby's RDoc based documentation [#7394](rubygems/bundler#7394)

  Bugfixes:
    - Fix typos deprecation message and upgrading docs [#7374](rubygems/bundler#7374)
    - Deprecation warnings about `taint` usage on ruby 2.7 [#7385](rubygems/bundler#7385)
    - Fix `--help` flag not correctly delegating to `man` when used with command aliases [#7388](rubygems/bundler#7388)
    - `bundle add` should cache newly added gems if an application cache exists [#7393](rubygems/bundler#7393)
    - Stop using an insecure folder as a "fallback home" when user home is not defined [#7416](rubygems/bundler#7416)
    - Fix `bundler/inline` warning about `Bundler.root` redefinition [#7417](rubygems/bundler#7417)
This pull request was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants