Update to 1.9.3 p286
- Don't create files when NUL-containing path name is passed (bug 865940)
This commit is contained in:
parent
9f5278c112
commit
352f32d3d1
1
.gitignore
vendored
1
.gitignore
vendored
@ -11,3 +11,4 @@ ruby-rev415a3ef9ab82c65a7abc-ext_tk.tar.gz
|
||||
/ruby-1.9.3-p0.tar.gz
|
||||
/ruby-1.9.3-p125.tar.gz
|
||||
/ruby-1.9.3-p194.tar.gz
|
||||
/ruby-1.9.3-p286.tar.gz
|
||||
|
@ -1,103 +0,0 @@
|
||||
Patch from trunk for CVE-2012-4464, CVE-2012-4466
|
||||
Part for test/ruby/test_exception.rb was adjusted for ruby 1.9.3
|
||||
|
||||
Mamoru Tasaka <mtasaka@fedoraproject.org>
|
||||
|
||||
------------------------------------------------------------------------
|
||||
r37068 | shugo | 2012-10-03 02:25:10 +0900 (Wed, 03 Oct 2012) | 2 lines
|
||||
|
||||
* error.c (exc_to_s, name_err_to_s, name_err_mesg_to_str): do not
|
||||
taint messages.
|
||||
------------------------------------------------------------------------
|
||||
Index: error.c
|
||||
===================================================================
|
||||
--- error.c (revision 37067)
|
||||
+++ error.c (revision 37068)
|
||||
@@ -635,7 +635,6 @@
|
||||
|
||||
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
||||
r = rb_String(mesg);
|
||||
- OBJ_INFECT(r, exc);
|
||||
return r;
|
||||
}
|
||||
|
||||
@@ -996,11 +995,7 @@
|
||||
|
||||
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
||||
StringValue(str);
|
||||
- if (str != mesg) {
|
||||
- rb_iv_set(exc, "mesg", mesg = str);
|
||||
- }
|
||||
- OBJ_INFECT(mesg, exc);
|
||||
- return mesg;
|
||||
+ return str;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1131,7 +1126,6 @@
|
||||
args[2] = d;
|
||||
mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
|
||||
}
|
||||
- OBJ_INFECT(mesg, obj);
|
||||
return mesg;
|
||||
}
|
||||
|
||||
Index: test/ruby/test_exception.rb
|
||||
===================================================================
|
||||
--- test/ruby/test_exception.rb (revision 37067)
|
||||
+++ test/ruby/test_exception.rb (modified)
|
||||
@@ -333,4 +333,54 @@
|
||||
load(t.path)
|
||||
end
|
||||
end
|
||||
+
|
||||
+ def test_to_s_taintness_propagation
|
||||
+ for exc in [Exception, NameError]
|
||||
+ m = "abcdefg"
|
||||
+ e = exc.new(m)
|
||||
+ e.taint
|
||||
+ s = e.to_s
|
||||
+ assert_equal(false, m.tainted?,
|
||||
+ "#{exc}#to_s should not propagate taintness")
|
||||
+ assert_equal(false, s.tainted?,
|
||||
+ "#{exc}#to_s should not propagate taintness")
|
||||
+ end
|
||||
+
|
||||
+ o = Object.new
|
||||
+ def o.to_str
|
||||
+ "foo"
|
||||
+ end
|
||||
+ o.taint
|
||||
+ e = NameError.new(o)
|
||||
+ s = e.to_s
|
||||
+ assert_equal(false, s.tainted?)
|
||||
+ end
|
||||
+
|
||||
+ def test_exception_to_s_should_not_propagate_untrustedness
|
||||
+ favorite_lang = "Ruby"
|
||||
+
|
||||
+ for exc in [Exception, NameError]
|
||||
+ assert_raise(SecurityError) do
|
||||
+ lambda {
|
||||
+ $SAFE = 4
|
||||
+ exc.new(favorite_lang).to_s
|
||||
+ favorite_lang.replace("Python")
|
||||
+ }.call
|
||||
+ end
|
||||
+ end
|
||||
+
|
||||
+ assert_raise(SecurityError) do
|
||||
+ lambda {
|
||||
+ $SAFE = 4
|
||||
+ o = Object.new
|
||||
+ o.singleton_class.send(:define_method, :to_str) {
|
||||
+ favorite_lang
|
||||
+ }
|
||||
+ NameError.new(o).to_s
|
||||
+ favorite_lang.replace("Python")
|
||||
+ }.call
|
||||
+ end
|
||||
+
|
||||
+ assert_equal("Ruby", favorite_lang)
|
||||
+ end
|
||||
end
|
14
ruby-1.9.3-p286-open-devtty-on-koji.patch
Normal file
14
ruby-1.9.3-p286-open-devtty-on-koji.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- ruby-1.9.3-p286/test/ruby/test_io.rb.devtty 2012-10-12 17:37:54.000000000 +0900
|
||||
+++ ruby-1.9.3-p286/test/ruby/test_io.rb 2012-10-13 14:00:24.000000000 +0900
|
||||
@@ -2068,6 +2068,11 @@
|
||||
return if /linux/ !~ RUBY_PLATFORM
|
||||
return if /^i.?86|^x86_64/ !~ RUBY_PLATFORM
|
||||
return unless File.exist?('/dev/tty')
|
||||
+ begin
|
||||
+ File.open('/dev/tty') {|f|}
|
||||
+ rescue Errno::ENXIO
|
||||
+ return
|
||||
+ end
|
||||
|
||||
File.open('/dev/tty') { |f|
|
||||
tiocgwinsz=0x5413
|
22
ruby.spec
22
ruby.spec
@ -1,7 +1,7 @@
|
||||
%global major_version 1
|
||||
%global minor_version 9
|
||||
%global teeny_version 3
|
||||
%global patch_level 194
|
||||
%global patch_level 286
|
||||
|
||||
%global major_minor_version %{major_version}.%{minor_version}
|
||||
|
||||
@ -56,7 +56,7 @@ Version: %{ruby_version_patch_level}
|
||||
# we cannot reset the release number to 1 even when the main (ruby) version
|
||||
# is updated - because it may be that the versions of sub-components don't
|
||||
# change.
|
||||
Release: 18%{?dist}
|
||||
Release: 19%{?dist}
|
||||
Group: Development/Languages
|
||||
# Public Domain for example for: include/ruby/st.h, strftime.c, ...
|
||||
License: (Ruby or BSD) and Public Domain
|
||||
@ -79,7 +79,8 @@ Patch4: ruby-1.9.3-fix-s390x-build.patch
|
||||
# when it exists outside of the GEM_HOME (already fixed in the upstream)
|
||||
Patch5: ruby-1.9.3-rubygems-1.8.11-uninstaller.patch
|
||||
# http://redmine.ruby-lang.org/issues/5135 - see comment 29
|
||||
Patch6: ruby-1.9.3-webrick-test-fix.patch
|
||||
# Fixed in ruby 1.9.3p286
|
||||
#Patch6: ruby-1.9.3-webrick-test-fix.patch
|
||||
# Already fixed upstream:
|
||||
# https://github.com/ruby/ruby/commit/f212df564a4e1025f9fb019ce727022a97bfff53
|
||||
Patch7: ruby-1.9.3-bignum-test-fix.patch
|
||||
@ -91,7 +92,11 @@ Patch8: ruby-1.9.3-custom-rubygems-location.patch
|
||||
Patch9: rubygems-1.8.11-binary-extensions.patch
|
||||
# Patch from trunk for CVE-4464, CVE-4466
|
||||
# http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
|
||||
Patch10: ruby-1.9.3-backport-from-trunk-rev37068.patch
|
||||
# Fixed in ruby 1.9.3p286
|
||||
#Patch10: ruby-1.9.3-backport-from-trunk-rev37068.patch
|
||||
# Opening /dev/tty fails with ENXIO (ref: man 2 open) on koji.
|
||||
# Let's rescue this
|
||||
Patch10: ruby-1.9.3-p286-open-devtty-on-koji.patch
|
||||
# Make mkmf verbose by default
|
||||
Patch12: ruby-1.9.3-mkmf-verbose.patch
|
||||
|
||||
@ -330,11 +335,11 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
#%%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p0
|
||||
%patch10 -p1
|
||||
%patch12 -p1
|
||||
|
||||
%build
|
||||
@ -741,6 +746,11 @@ make check TESTS="-v $DISABLE_TESTS"
|
||||
%{ruby_libdir}/tkextlib
|
||||
|
||||
%changelog
|
||||
* Sat Oct 13 2012 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.286-19
|
||||
- Update to 1.9.3 p286
|
||||
- Don't create files when NUL-containing path name is passed
|
||||
(bug 865940)
|
||||
|
||||
* Thu Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.9.3.194-18
|
||||
- Patch from trunk for CVE-2012-4464, CVE-2012-4466
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user