Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
rubygem-activesupport-4_2
CVE-2020-8163.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2020-8163.patch of Package rubygem-activesupport-4_2
From 030d33c81514705ae9ec44422a063eb4bee2fbdd Mon Sep 17 00:00:00 2001 From: Matthew Draper <matthew@trebex.net> Date: Fri, 8 May 2020 11:52:26 -0400 Subject: [PATCH] Restrict which local names can be eval'd [CVE-2020-8163] Note: actionview part of the patch removed - we have that in a separate package. --- .../lib/active_support/core_ext/module/delegation.rb | 8 ++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/lib/active_support/core_ext/module/delegation.rb b/lib/active_support/core_ext/module/delegation.rb index 6fedf454e1..ea3730d9d5 100644 --- a/lib/active_support/core_ext/module/delegation.rb +++ b/lib/active_support/core_ext/module/delegation.rb @@ -11,6 +11,14 @@ class Module return self super then true undef unless until when while yield) ).freeze + DELEGATION_RESERVED_KEYWORDS = Set.new( + %w(_ arg args block) + ) + + DELEGATION_RESERVED_METHOD_NAMES = Set.new( + RUBY_RESERVED_WORDS + DELEGATION_RESERVED_KEYWORDS + ).freeze + # Provides a +delegate+ class method to easily expose contained objects' # public methods as your own. # -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor