Revert "Merge branch 'security-bundler-secure-tmp-home-patch-13-4' into '13-4-stable'"

This reverts merge request !60

Revert "Merge branch 'security-bundler-secure-tmp-home-patch-13-4' into '13-4-stable'"
aff6c1e3 · John Skarbek · 7be1a7c2 · 7be1a7c2 · 7be1a7c2 · aff6c1e3
Commit aff6c1e3 authored 4 years ago by John Skarbek
--- a/changelogs/unreleased/secuirty-bundler-secure-tmp-home.yml
+++ b/changelogs/unreleased/secuirty-bundler-secure-tmp-home.yml
---
-title: Patch bundler to not use insecure temp directory as home
-merge_request:
-author:
-type: security
--- a/config/patches/bundler/secure-temporary-dir-as-home.patch
+++ b/config/patches/bundler/secure-temporary-dir-as-home.patch
-diff --git a/lib/bundler.rb b/lib/bundler.rb
-index 1cb3b4fb21..bb7438dd2d 100644
--- a/lib/bundler.rb
-+++ b/lib/bundler.rb
-@@ -170,8 +170,7 @@ module Bundler
-         end
-
-         if warning
-          Kernel.send(:require, "etc")
-          user_home = tmp_home_path(Etc.getlogin, warning)
-+          user_home = tmp_home_path(warning)
-           Bundler.ui.warn "#{warning}\nBundler will use `#{user_home}' as your home directory temporarily.\n"
-           user_home
-         else
-@@ -180,19 +179,15 @@ module Bundler
-       end
-     end
-
-    def tmp_home_path(login, warning)
-      login ||= "unknown"
-+    def tmp_home_path(warning)
-       Kernel.send(:require, "tmpdir")
-      path = Pathname.new(Dir.tmpdir).join("bundler", "home")
-      SharedHelpers.filesystem_access(path) do |tmp_home_path|
-        unless tmp_home_path.exist?
-          tmp_home_path.mkpath
-          tmp_home_path.chmod(0o777)
-        end
-        tmp_home_path.join(login).tap(&:mkpath)
-+      SharedHelpers.filesystem_access(Dir.tmpdir) do
-+        path = Bundler.tmp
-+        at_exit { Bundler.rm_rf(path) }
-+        path
-       end
-     rescue RuntimeError => e
-      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory at `#{path}':\n#{e}")
-+      raise e.exception("#{warning}\nBundler also failed to create a temporary home directory':\n#{e}")
-     end
-
-     def user_bundle_path(dir = "home")
--- a/config/software/bundler.rb
+++ b/config/software/bundler.rb
@@ -37,7 +37,4 @@ build do
    v_opts,
    '--no-document --force'
  ].compact.join(' '), env: env
-
-  patch source: 'secure-temporary-dir-as-home.patch',
-        target: "#{install_dir}/embedded/lib/ruby/gems/2.7.0/gems/bundler-#{version}/lib/bundler.rb"
 end