system/ruby/CVE-2020-8130.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Note: adjusted paths since it's being vendored inside ruby.

From 5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee Mon Sep 17 00:00:00 2001
From: Hiroshi SHIBATA <hsbt@ruby-lang.org>
Date: Mon, 22 Jul 2019 10:23:43 +0900
Subject: [PATCH] Use File.open explicitly.

--- ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb
+++ ruby-2.5.7/gems/rake-12.3.0/lib/rake/file_list.rb
@@ -294,7 +294,7 @@ def egrep(pattern, *options)
       matched = 0
       each do |fn|
         begin
-          open(fn, "r", *options) do |inf|
+          File.open(fn, "r", *options) do |inf|
             count = 0
             inf.each do |line|
               count += 1