Skip to content

(PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 #871

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 11, 2024
Merged

(PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 #871

merged 1 commit into from
Jul 11, 2024

Conversation

@shubhamshinde360
Copy link
Contributor

@shubhamshinde360 shubhamshinde360 commented Jul 11, 2024

@shubhamshinde360
Copy link
Contributor Author

shubhamshinde360 commented Jul 11, 2024

Tested for all platforms supported in agent-runtime-7.x:
https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/3045/

windows-2012r2-x86 was stuck due to resource allocation issue in the above build, so I had to abort that and retrigger another build for it:
https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/BUILD_TARGET=windows-2012r2-x86,SLAVE_LABEL=k8s-worker/

@shubhamshinde360 shubhamshinde360 marked this pull request as ready for review July 11, 2024 17:26
@shubhamshinde360 shubhamshinde360 requested review from a team as code owners July 11, 2024 17:26
@joshcooper joshcooper changed the title (PA-6283) Patch stringio for CVE-2024-27280 (PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 Jul 11, 2024
@joshcooper
Copy link
Collaborator

joshcooper commented Jul 11, 2024 

❯ bundle exec rake vanagon:component_diff -- -P all -p el-9-x86_64 --from a6798ad --to HEAD 
...
Here is what your code changes would affect:

Project pe-installer-runtime-main
Nothing is affected 😊
Project pe-bolt-server-runtime-main
Nothing is affected 😊
Project agent-runtime-7.x

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project pe-bolt-server-runtime-2021.7.x
Nothing is affected 😊
Project pe-installer-runtime-2021.7.x

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project bolt-runtime

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project pdk-runtime

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project client-tools-runtime-main
Nothing is affected 😊
Project client-tools-runtime-2021.7.x
Nothing is affected 😊
Project agent-runtime-main
Nothing is affected 😊

@joshcooper joshcooper merged commit 9f3c265 into puppetlabs:master Jul 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joshcooper joshcooper joshcooper approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shubhamshinde360 @joshcooper