search

puppetlabs / puppet-runtime

runtime dependencies for Vanagon projects
Apache License 2.0
5 stars 88 forks source link

(PA-6283) Patch stringio in Ruby 2.7 for CVE-2024-27280 #871

Closed shubhamshinde360 closed 2 months ago

shubhamshinde360 commented 2 months ago
shubhamshinde360 commented 2 months ago

Tested for all platforms supported in agent-runtime-7.x: https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/3045/

windows-2012r2-x86 was stuck due to resource allocation issue in the above build, so I had to abort that and retrigger another build for it: https://jenkins-platform.delivery.puppetlabs.net/view/vanagon-generic-builder/job/platform_vanagon-generic-builder_vanagon-packaging_generic-builder/BUILD_TARGET=windows-2012r2-x86,SLAVE_LABEL=k8s-worker/

joshcooper commented 2 months ago 
❯ bundle exec rake vanagon:component_diff -- -P all -p el-9-x86_64 --from a6798ad --to HEAD 
...
Here is what your code changes would affect:

Project pe-installer-runtime-main
Nothing is affected 😊
Project pe-bolt-server-runtime-main
Nothing is affected 😊
Project agent-runtime-7.x

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

Project pe-bolt-server-runtime-2021.7.x
Nothing is affected 😊
Project pe-installer-runtime-2021.7.x

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

Project bolt-runtime

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

Project pdk-runtime

Platform name: el-9-x86_64
    Component 'ruby-2.7.8'
        Field: patches[3]
        --------------------
        + {"origin_path"=>"resources/patches/ruby_27/stringio_cve-2024-27280.patch", "namespace"=>"ruby-2.7.8", "assembly_path"=>"patches/ruby-2.7.8/stringio_cve-2024-27280.patch", "strip"=>1, "fuzz"=>0, "after"=>"unpack", "destination"=>nil}

Project client-tools-runtime-main
Nothing is affected 😊
Project client-tools-runtime-2021.7.x
Nothing is affected 😊
Project agent-runtime-main
Nothing is affected 😊