Addresses the following security issues:
- CVE-2020-16255: Unsafe Object Creation Vulnerability in JSON
(Additional fix)
- CVE-2020-10933: Heap exposure vulnerability in the socket library
[Details](https://chl.li/ljREu).
Includes improved enforcement guidelines. Format has been switched to
ASCII Doc from Markdown in order to leverage enhanced documentation
capabilities.
Resolves several security vulnerabilities:
- CVE-2019-16255: A code injection vulnerability of Shell#[] and
Shell#test
- CVE-2019-16254: HTTP response splitting in WEBrick (Additional fix)
- CVE-2019-15845: A NUL injection vulnerability of File.fnmatch and
File.fnmatch?
- CVE-2019-16201: Regular Expression Denial of Service vulnerability of
WEBrick’s Digest access authentication
[Details](https://is.gd/qWSrzR)
Was originally removed in this commit (a895090ca9) and has been
restored in order to handle situations where we have only a single file
install.
For example, the MacOS Config project needs this function in order to
properly install the Pathogem (Vim) file.
Fixed major issue with `Net::Protocol::BufferedIO#write` raising
`NoMethodError` when sending large multi-byte strings.
[Details](https://is.gd/cQ8wcl).
Was missing the checksum which would cause Ruby to be downloaded and
rebuilt each time.
The Docker image has been updated to use an unspecified version to
reduce version maintenance.
The `CI_RUBY_VERSION` environment variable was introduced to be
dynamically set based on value in the `.ruby-version` for improved
maintainability.
Modifies and renames the original `install_file` function so it
calculates install path based on application name. This ensures
`install_program` has the same behavior as found with similar install
functions:
- `install_dmg_app`
- `install_dmg_pkg`
- `install_zip_app`
- `install_zip_pkg`
- `install_tar_app`
These tools were originally necessary for some of the Homebrew
applications to install successfully (especially Elasticsearch) but
those requirements are no longer necessary. This also reduces the setup
friction by requiring less manual work on behalf of the installer.
Discovered this situation while wanting to rebuild a recently rebuilt
machine of the same operation system version. At first, thought the
original bootdisk was corrupted but turns out the system NVRAM/PRAM was
causing the issue.
Some apps are binaries packaged within a DMG, zip, etc. that have no
extension but are executable. These are meant to go in the
`/usr/local/bin` folder.
This corresponds with the code found in the `installers.sh` file (see
the `install_app` function).
