Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch for symfony/http-foundation: CVE-2019-10913 #1893

Merged
merged 2 commits into from
Aug 8, 2024
Merged

Patch for symfony/http-foundation: CVE-2019-10913 #1893

merged 2 commits into from
Aug 8, 2024

Conversation

ryanrath
Copy link
Contributor

@ryanrath ryanrath commented Aug 6, 2024

This patch sets up the patch pipeline in build.json and updates a few files that will cause issues during the CI / QA tests / build process. These changes originated in #1891 ( which will be merged in 11.5 ).

Description

  • open_xdmod/modules/xdmod/assets/setup.sh:
    • Removed the Composer Install section as this + the dangling cd was causing the composer dependencies of qa to be installed in the xdmod directory. This probably wasn't a problem or caught before because we were not previously patching files.
    • Changed the cd $xdmod_dirto a pushd | popd so that we reset the cwd after the script runs.
  • open_xdmod/modules/xdmod/build.json
    • added entries to support patching files. This necessitated adding the rm -rf vendor/ and composer install due to the build step occurring twice in the CI process.
  • tests/ci/scripts/qa-test-setup.sh:
    • Taking care of the other part of the Case of the Mysterious Disappearing Dependencies. Just made sure to save the existing $COMPOSER env variable so that we can restore it after we're done installing the qa dependencies.

Motivation and Context

Less holes == more good.

Tests performed

All Automated Tests passed.

Checklist:

  • The pull request description is suitable for a Changelog entry
  • The milestone is set correctly on the pull request
  • The appropriate labels have been added to the pull request

@ryanrath ryanrath added Category:General General security Relating to some aspect of security for XDMoD labels Aug 6, 2024
@ryanrath ryanrath added this to the 11.0.0 milestone Aug 6, 2024
@ryanrath
Providing patch for CVE-2019-10913
3ead1da 
This patch sets up the patch pipeline in `build.json` and updates a few files
that will cause issues during the CI / QA tests / build process. These changes
originated in ubccr#1891 ( which will be merged in
11.5 ).
@ryanrath
less patchey
97c5ab7
@ryanrath ryanrath merged commit 41a7f80 into ubccr:xdmod11.0 Aug 8, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aaronweeden aaronweeden aaronweeden approved these changes

@eiffel777 eiffel777 Awaiting requested review from eiffel777

@jpwhite4 jpwhite4 Awaiting requested review from jpwhite4

@connersaeli connersaeli Awaiting requested review from connersaeli

@aestoltm aestoltm Awaiting requested review from aestoltm

Assignees
No one assigned
Labels
Category:General General security Relating to some aspect of security for XDMoD
Projects
None yet
Milestone
11.0.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ryanrath @aaronweeden