Skip to content
This repository has been archived by the owner on Jan 15, 2025. It is now read-only.

(PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 #871

Merged
merged 1 commit into from
Jul 11, 2024
Merged

(PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 #871

merged 1 commit into from
Jul 11, 2024

Conversation

shubhamshinde360
Copy link
Contributor

@shubhamshinde360
Copy link
Contributor Author

Tested for all platforms supported in agent-runtime-7.x:
https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/3045/

windows-2012r2-x86 was stuck due to resource allocation issue in the above build, so I had to abort that and retrigger another build for it:
https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/BUILD_TARGET=windows-2012r2-x86,SLAVE_LABEL=k8s-worker/

@shubhamshinde360 shubhamshinde360 marked this pull request as ready for review July 11, 2024 17:26
@shubhamshinde360 shubhamshinde360 requested review from a team as code owners July 11, 2024 17:26
@joshcooper joshcooper changed the title (PA-6283) Patch stringio for CVE-2024-27280 (PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 Jul 11, 2024
@joshcooper
Copy link
Contributor 

❯ bundle exec rake vanagon:component_diff -- -P all -p el-9-x86_64 --from a6798ad --to HEAD 
...
Here is what your code changes would affect:

Project pe-installer-runtime-main
Nothing is affected 😊
Project pe-bolt-server-runtime-main
Nothing is affected 😊
Project agent-runtime-7.x

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project pe-bolt-server-runtime-2021.7.x
Nothing is affected 😊
Project pe-installer-runtime-2021.7.x

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project bolt-runtime

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project pdk-runtime

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}


Project client-tools-runtime-main
Nothing is affected 😊
Project client-tools-runtime-2021.7.x
Nothing is affected 😊
Project agent-runtime-main
Nothing is affected 😊

@joshcooper joshcooper merged commit 9f3c265 into puppetlabs-toy-chest:master Jul 11, 2024
3 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@joshcooper joshcooper joshcooper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shubhamshinde360 @joshcooper