Skip to content
This repository has been archived by the owner on Jan 15, 2025. It is now read-only.

(PA-6507) Cleanup bundled version of rexml (3.2.5) from ruby 3 #875

Closed
wants to merge 1 commit into from
Closed

(PA-6507) Cleanup bundled version of rexml (3.2.5) from ruby 3 #875

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 15 additions & 6 deletions configs/components/_base-rubygem.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,13 +40,22 @@
# If a gem needs more command line options to install set the :gem_install_options
# in its component file rubygem-<compoment>, before the instance_eval of this file.
gem_install_options = settings["#{pkg.get_name}_gem_install_options".to_sym]
if gem_install_options.nil?
pkg.install do
"#{settings[:gem_install]} #{name}-#{version}.gem"
pkg.install do
steps = []
if gem_install_options.nil?
steps << "#{settings[:gem_install]} #{name}-#{version}.gem"
else
steps << "#{settings[:gem_install]} #{name}-#{version}.gem #{gem_install_options}"
end
else
pkg.install do
"#{settings[:gem_install]} #{name}-#{version}.gem #{gem_install_options}"

# We gem installed rexml to 3.2.9 in ruby 3 for CVE 2024-35176. Since rexml is a bundled gem in ruby 3, we end up having
# two versions of rexml -- 1) the bundled version shipped with ruby 3 (3.2.5) and 2) the one we manually installed with
# the above gem install command (3.2.9).
# So, we run gem cleanup so that it deletes the older version 3.2.5.
# Note: We won't need to cleanup and install rexml once we upgrade to ruby >= 3.3.3
if name == 'rexml' && settings[:ruby_version].to_i == 3
steps << "#{settings[:gem_cleanup]} #{name}"
end
steps
end

2 changes: 2 additions & 0 deletions configs/projects/_shared-pe-bolt-server.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,8 @@
proj.setting(:gem_install, "#{proj.host_gem} install --no-rdoc --no-ri --local --bindir=#{proj.bindir}")
end

proj.setting(:gem_cleanup, "#{proj.host_gem} cleanup")

# What to build?
# --------------

Expand Down
2 changes: 2 additions & 0 deletions configs/projects/agent-runtime-main.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@
# platforms that use older rubies.
proj.setting(:gem_install, "#{proj.host_gem} install --no-document --local")

proj.setting(:gem_cleanup, "#{proj.host_gem} cleanup")

########
# Load shared agent components
########
Expand Down
Loading