2 files changed, 58 insertions, 0 deletions
diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
new file mode 100644
index 0000000000..83064e85ab
--- /dev/null
+++ b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
@@ -0,0 +1,57 @@
+From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
+From: aycabta <aycabta@gmail.com>
+Date: Sun, 2 May 2021 20:52:23 +0900
+Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection
+ vulnerability in CVE-2021-31799
+https://github.com/ruby/rdoc/commit/a7f5d6ab88
+CVE: CVE-2021-31799
+Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e]
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ lib/rdoc/rdoc.rb            |  2 +-
+ test/rdoc/test_rdoc_rdoc.rb | 12 ++++++++++++
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
+index 680a8612f7..904625f105 100644
+--- a/lib/rdoc/rdoc.rb
+++ b/lib/rdoc/rdoc.rb
+@@ -444,7 +444,7 @@ def remove_unparseable files
+     files.reject do |file, *|
+       file =~ /\.(?:class|eps|erb|scpt\.txt|svg|ttf|yml)$/i or
+         (file =~ /tags$/i and
+-         open(file, 'rb') { |io|
+         File.open(file, 'rb') { |io|
+            io.read(100) =~ /\A(\f\n[^,]+,\d+$|!_TAG_)/
+          })
+     end
+diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
+index 3910dd4656..a83d5a1b88 100644
+--- a/test/rdoc/test_rdoc_rdoc.rb
+++ b/test/rdoc/test_rdoc_rdoc.rb
+@@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim
+     end
+   end
+ 
+  def test_remove_unparseable_CVE_2021_31799
+    temp_dir do
+      file_list = ['| touch evil.txt && echo tags']
+      file_list.each do |f|
+        FileUtils.touch f
+      end
+
+      assert_equal file_list, @rdoc.remove_unparseable(file_list)
+      assert_equal file_list, Dir.children('.')
+    end
+  end
+
+   def test_setup_output_dir
+     Dir.mktmpdir {|d|
+       path = File.join d, 'testdir'
+-- 
+2.17.1
diff --git a/meta/recipes-devtools/ruby/ruby_3.0.1.bb b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
index ae953a0a89..4ac7383a97 100644
--- a/meta/recipes-devtools/ruby/ruby_3.0.1.bb
+++ b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
@@ -8,6 +8,7 @@ SRC_URI += " \
           file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
           file://CVE-2021-31810.patch \
           file://CVE-2021-32066.patch \
+           file://CVE-2021-31799.patch \
           "
 SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727"

diff --git a/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch new file mode 100644 index 0000000000..83064e85ab --- /dev/null +++ b/meta/recipes-devtools/ruby/ruby/CVE-2021-31799.patch
@@ -0,0 +1,57 @@
		1	From b1c73f239fe9af97de837331849f55d67c27561e Mon Sep 17 00:00:00 2001
		2	From: aycabta <aycabta@gmail.com>
		3	Date: Sun, 2 May 2021 20:52:23 +0900
		4	Subject: [PATCH] [ruby/rdoc] Use File.open to fix the OS Command Injection
		5	vulnerability in CVE-2021-31799
		6
		7	https://github.com/ruby/rdoc/commit/a7f5d6ab88
		8
		9	CVE: CVE-2021-31799
		10
		11	Upstream-Status: Backport[https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e]
		12
		13	Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
		14	---
		15	lib/rdoc/rdoc.rb \| 2 +-
		16	test/rdoc/test_rdoc_rdoc.rb \| 12 ++++++++++++
		17	2 files changed, 13 insertions(+), 1 deletion(-)
		18
		19	diff --git a/lib/rdoc/rdoc.rb b/lib/rdoc/rdoc.rb
		20	index 680a8612f7..904625f105 100644
		21	--- a/lib/rdoc/rdoc.rb
		22	+++ b/lib/rdoc/rdoc.rb
		23	@@ -444,7 +444,7 @@ def remove_unparseable files
		24	files.reject do \|file, *\|
		25	file =~ /\.(?:class\|eps\|erb\|scpt\.txt\|svg\|ttf\|yml)$/i or
		26	(file =~ /tags$/i and
		27	- open(file, 'rb') { \|io\|
		28	+ File.open(file, 'rb') { \|io\|
		29	io.read(100) =~ /\A(\f\n[^,]+,\d+$\|!_TAG_)/
		30	})
		31	end
		32	diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb
		33	index 3910dd4656..a83d5a1b88 100644
		34	--- a/test/rdoc/test_rdoc_rdoc.rb
		35	+++ b/test/rdoc/test_rdoc_rdoc.rb
		36	@@ -456,6 +456,18 @@ def test_remove_unparseable_tags_vim
		37	end
		38	end
		39
		40	+ def test_remove_unparseable_CVE_2021_31799
		41	+ temp_dir do
		42	+ file_list = ['\| touch evil.txt && echo tags']
		43	+ file_list.each do \|f\|
		44	+ FileUtils.touch f
		45	+ end
		46	+
		47	+ assert_equal file_list, @rdoc.remove_unparseable(file_list)
		48	+ assert_equal file_list, Dir.children('.')
		49	+ end
		50	+ end
		51	+
		52	def test_setup_output_dir
		53	Dir.mktmpdir {\|d\|
		54	path = File.join d, 'testdir'
		55	--
		56	2.17.1
		57


diff --git a/meta/recipes-devtools/ruby/ruby_3.0.1.bb b/meta/recipes-devtools/ruby/ruby_3.0.1.bb index ae953a0a89..4ac7383a97 100644 --- a/meta/recipes-devtools/ruby/ruby_3.0.1.bb +++ b/meta/recipes-devtools/ruby/ruby_3.0.1.bb
@@ -8,6 +8,7 @@ SRC_URI += " \
8	file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \	8	file://0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch \
9	file://CVE-2021-31810.patch \	9	file://CVE-2021-31810.patch \
10	file://CVE-2021-32066.patch \	10	file://CVE-2021-32066.patch \
		11	file://CVE-2021-31799.patch \
11	"	12	"
12		13
13	SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727"	14	SRC_URI[sha256sum] = "369825db2199f6aeef16b408df6a04ebaddb664fb9af0ec8c686b0ce7ab77727"