Update to 1.9.3 p286
- Don't create files when NUL-containing path name is passed (bug 865940)
This commit is contained in:
parent
9f5278c112
commit
352f32d3d1
1
.gitignore
vendored
1
.gitignore
vendored
@ -11,3 +11,4 @@ ruby-rev415a3ef9ab82c65a7abc-ext_tk.tar.gz
|
|||||||
/ruby-1.9.3-p0.tar.gz
|
/ruby-1.9.3-p0.tar.gz
|
||||||
/ruby-1.9.3-p125.tar.gz
|
/ruby-1.9.3-p125.tar.gz
|
||||||
/ruby-1.9.3-p194.tar.gz
|
/ruby-1.9.3-p194.tar.gz
|
||||||
|
/ruby-1.9.3-p286.tar.gz
|
||||||
|
@ -1,103 +0,0 @@
|
|||||||
Patch from trunk for CVE-2012-4464, CVE-2012-4466
|
|
||||||
Part for test/ruby/test_exception.rb was adjusted for ruby 1.9.3
|
|
||||||
|
|
||||||
Mamoru Tasaka <mtasaka@fedoraproject.org>
|
|
||||||
|
|
||||||
------------------------------------------------------------------------
|
|
||||||
r37068 | shugo | 2012-10-03 02:25:10 +0900 (Wed, 03 Oct 2012) | 2 lines
|
|
||||||
|
|
||||||
* error.c (exc_to_s, name_err_to_s, name_err_mesg_to_str): do not
|
|
||||||
taint messages.
|
|
||||||
------------------------------------------------------------------------
|
|
||||||
Index: error.c
|
|
||||||
===================================================================
|
|
||||||
--- error.c (revision 37067)
|
|
||||||
+++ error.c (revision 37068)
|
|
||||||
@@ -635,7 +635,6 @@
|
|
||||||
|
|
||||||
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
|
||||||
r = rb_String(mesg);
|
|
||||||
- OBJ_INFECT(r, exc);
|
|
||||||
return r;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -996,11 +995,7 @@
|
|
||||||
|
|
||||||
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
|
|
||||||
StringValue(str);
|
|
||||||
- if (str != mesg) {
|
|
||||||
- rb_iv_set(exc, "mesg", mesg = str);
|
|
||||||
- }
|
|
||||||
- OBJ_INFECT(mesg, exc);
|
|
||||||
- return mesg;
|
|
||||||
+ return str;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -1131,7 +1126,6 @@
|
|
||||||
args[2] = d;
|
|
||||||
mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
|
|
||||||
}
|
|
||||||
- OBJ_INFECT(mesg, obj);
|
|
||||||
return mesg;
|
|
||||||
}
|
|
||||||
|
|
||||||
Index: test/ruby/test_exception.rb
|
|
||||||
===================================================================
|
|
||||||
--- test/ruby/test_exception.rb (revision 37067)
|
|
||||||
+++ test/ruby/test_exception.rb (modified)
|
|
||||||
@@ -333,4 +333,54 @@
|
|
||||||
load(t.path)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
+
|
|
||||||
+ def test_to_s_taintness_propagation
|
|
||||||
+ for exc in [Exception, NameError]
|
|
||||||
+ m = "abcdefg"
|
|
||||||
+ e = exc.new(m)
|
|
||||||
+ e.taint
|
|
||||||
+ s = e.to_s
|
|
||||||
+ assert_equal(false, m.tainted?,
|
|
||||||
+ "#{exc}#to_s should not propagate taintness")
|
|
||||||
+ assert_equal(false, s.tainted?,
|
|
||||||
+ "#{exc}#to_s should not propagate taintness")
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ o = Object.new
|
|
||||||
+ def o.to_str
|
|
||||||
+ "foo"
|
|
||||||
+ end
|
|
||||||
+ o.taint
|
|
||||||
+ e = NameError.new(o)
|
|
||||||
+ s = e.to_s
|
|
||||||
+ assert_equal(false, s.tainted?)
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ def test_exception_to_s_should_not_propagate_untrustedness
|
|
||||||
+ favorite_lang = "Ruby"
|
|
||||||
+
|
|
||||||
+ for exc in [Exception, NameError]
|
|
||||||
+ assert_raise(SecurityError) do
|
|
||||||
+ lambda {
|
|
||||||
+ $SAFE = 4
|
|
||||||
+ exc.new(favorite_lang).to_s
|
|
||||||
+ favorite_lang.replace("Python")
|
|
||||||
+ }.call
|
|
||||||
+ end
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ assert_raise(SecurityError) do
|
|
||||||
+ lambda {
|
|
||||||
+ $SAFE = 4
|
|
||||||
+ o = Object.new
|
|
||||||
+ o.singleton_class.send(:define_method, :to_str) {
|
|
||||||
+ favorite_lang
|
|
||||||
+ }
|
|
||||||
+ NameError.new(o).to_s
|
|
||||||
+ favorite_lang.replace("Python")
|
|
||||||
+ }.call
|
|
||||||
+ end
|
|
||||||
+
|
|
||||||
+ assert_equal("Ruby", favorite_lang)
|
|
||||||
+ end
|
|
||||||
end
|
|
14
ruby-1.9.3-p286-open-devtty-on-koji.patch
Normal file
14
ruby-1.9.3-p286-open-devtty-on-koji.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
--- ruby-1.9.3-p286/test/ruby/test_io.rb.devtty 2012-10-12 17:37:54.000000000 +0900
|
||||||
|
+++ ruby-1.9.3-p286/test/ruby/test_io.rb 2012-10-13 14:00:24.000000000 +0900
|
||||||
|
@@ -2068,6 +2068,11 @@
|
||||||
|
return if /linux/ !~ RUBY_PLATFORM
|
||||||
|
return if /^i.?86|^x86_64/ !~ RUBY_PLATFORM
|
||||||
|
return unless File.exist?('/dev/tty')
|
||||||
|
+ begin
|
||||||
|
+ File.open('/dev/tty') {|f|}
|
||||||
|
+ rescue Errno::ENXIO
|
||||||
|
+ return
|
||||||
|
+ end
|
||||||
|
|
||||||
|
File.open('/dev/tty') { |f|
|
||||||
|
tiocgwinsz=0x5413
|
22
ruby.spec
22
ruby.spec
@ -1,7 +1,7 @@
|
|||||||
%global major_version 1
|
%global major_version 1
|
||||||
%global minor_version 9
|
%global minor_version 9
|
||||||
%global teeny_version 3
|
%global teeny_version 3
|
||||||
%global patch_level 194
|
%global patch_level 286
|
||||||
|
|
||||||
%global major_minor_version %{major_version}.%{minor_version}
|
%global major_minor_version %{major_version}.%{minor_version}
|
||||||
|
|
||||||
@ -56,7 +56,7 @@ Version: %{ruby_version_patch_level}
|
|||||||
# we cannot reset the release number to 1 even when the main (ruby) version
|
# we cannot reset the release number to 1 even when the main (ruby) version
|
||||||
# is updated - because it may be that the versions of sub-components don't
|
# is updated - because it may be that the versions of sub-components don't
|
||||||
# change.
|
# change.
|
||||||
Release: 18%{?dist}
|
Release: 19%{?dist}
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
# Public Domain for example for: include/ruby/st.h, strftime.c, ...
|
# Public Domain for example for: include/ruby/st.h, strftime.c, ...
|
||||||
License: (Ruby or BSD) and Public Domain
|
License: (Ruby or BSD) and Public Domain
|
||||||
@ -79,7 +79,8 @@ Patch4: ruby-1.9.3-fix-s390x-build.patch
|
|||||||
# when it exists outside of the GEM_HOME (already fixed in the upstream)
|
# when it exists outside of the GEM_HOME (already fixed in the upstream)
|
||||||
Patch5: ruby-1.9.3-rubygems-1.8.11-uninstaller.patch
|
Patch5: ruby-1.9.3-rubygems-1.8.11-uninstaller.patch
|
||||||
# http://redmine.ruby-lang.org/issues/5135 - see comment 29
|
# http://redmine.ruby-lang.org/issues/5135 - see comment 29
|
||||||
Patch6: ruby-1.9.3-webrick-test-fix.patch
|
# Fixed in ruby 1.9.3p286
|
||||||
|
#Patch6: ruby-1.9.3-webrick-test-fix.patch
|
||||||
# Already fixed upstream:
|
# Already fixed upstream:
|
||||||
# https://github.com/ruby/ruby/commit/f212df564a4e1025f9fb019ce727022a97bfff53
|
# https://github.com/ruby/ruby/commit/f212df564a4e1025f9fb019ce727022a97bfff53
|
||||||
Patch7: ruby-1.9.3-bignum-test-fix.patch
|
Patch7: ruby-1.9.3-bignum-test-fix.patch
|
||||||
@ -91,7 +92,11 @@ Patch8: ruby-1.9.3-custom-rubygems-location.patch
|
|||||||
Patch9: rubygems-1.8.11-binary-extensions.patch
|
Patch9: rubygems-1.8.11-binary-extensions.patch
|
||||||
# Patch from trunk for CVE-4464, CVE-4466
|
# Patch from trunk for CVE-4464, CVE-4466
|
||||||
# http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
|
# http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
|
||||||
Patch10: ruby-1.9.3-backport-from-trunk-rev37068.patch
|
# Fixed in ruby 1.9.3p286
|
||||||
|
#Patch10: ruby-1.9.3-backport-from-trunk-rev37068.patch
|
||||||
|
# Opening /dev/tty fails with ENXIO (ref: man 2 open) on koji.
|
||||||
|
# Let's rescue this
|
||||||
|
Patch10: ruby-1.9.3-p286-open-devtty-on-koji.patch
|
||||||
# Make mkmf verbose by default
|
# Make mkmf verbose by default
|
||||||
Patch12: ruby-1.9.3-mkmf-verbose.patch
|
Patch12: ruby-1.9.3-mkmf-verbose.patch
|
||||||
|
|
||||||
@ -330,11 +335,11 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
|
|||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
#%%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch9 -p1
|
%patch9 -p1
|
||||||
%patch10 -p0
|
%patch10 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -741,6 +746,11 @@ make check TESTS="-v $DISABLE_TESTS"
|
|||||||
%{ruby_libdir}/tkextlib
|
%{ruby_libdir}/tkextlib
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Oct 13 2012 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.286-19
|
||||||
|
- Update to 1.9.3 p286
|
||||||
|
- Don't create files when NUL-containing path name is passed
|
||||||
|
(bug 865940)
|
||||||
|
|
||||||
* Thu Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.9.3.194-18
|
* Thu Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.9.3.194-18
|
||||||
- Patch from trunk for CVE-2012-4464, CVE-2012-4466
|
- Patch from trunk for CVE-2012-4464, CVE-2012-4466
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user