diff options
author | Mercedes Bernard <mercedesrbernard@gmail.com> | 2023-02-15 13:07:07 -0600 |
---|---|---|
committer | git <svn-admin@ruby-lang.org> | 2023-02-23 08:50:02 +0000 |
commit | 3d5ec8401f9b7736402a091deb10dc124c4540f4 (patch) | |
tree | eb963bdb02e1ffb76ae1d14370d0d8d1ca643d8e | |
parent | 3b567eb491e460e00a66fdea8054eeb083b5dafd (diff) | |
download | ruby-3d5ec8401f9b7736402a091deb10dc124c4540f4.tar.gz |
[rubygems/rubygems] safe marshal gem versions when fetching Marshal.specs.4.8.gz
https://github.com/rubygems/rubygems/commit/23880353c1
-rw-r--r-- | lib/bundler.rb | 2 | ||||
-rw-r--r-- | lib/bundler/rubygems_integration.rb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/lib/bundler.rb b/lib/bundler.rb index 132254bb25..95524b7e61 100644 --- a/lib/bundler.rb +++ b/lib/bundler.rb @@ -39,7 +39,7 @@ module Bundler environment_preserver.replace_with_backup SUDO_MUTEX = Thread::Mutex.new - SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash].freeze + SAFE_MARSHAL_CLASSES = [Symbol, TrueClass, String, Array, Hash, Gem::Version].freeze SAFE_MARSHAL_ERROR = "Unexpected class %s present in marshaled data. Only %s are allowed." SAFE_MARSHAL_PROC = proc do |object| object.tap do diff --git a/lib/bundler/rubygems_integration.rb b/lib/bundler/rubygems_integration.rb index 94753ca755..d8b7886af7 100644 --- a/lib/bundler/rubygems_integration.rb +++ b/lib/bundler/rubygems_integration.rb @@ -453,7 +453,7 @@ module Bundler fetcher = gem_remote_fetcher fetcher.headers = { "X-Gemfile-Source" => remote.original_uri.to_s } if remote.original_uri string = fetcher.fetch_path(path) - Bundler.load_marshal(string) + Bundler.safe_load_marshal(string) rescue Gem::RemoteFetcher::FetchError # it's okay for prerelease to fail raise unless name == "prerelease_specs" |