Merge remote-tracking branch 'origin/master' into f18

This commit is contained in:
Mamoru Tasaka 2012-10-13 14:54:34 +09:00
commit 773f36cff7
5 changed files with 32 additions and 110 deletions

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ ruby-rev415a3ef9ab82c65a7abc-ext_tk.tar.gz
/ruby-1.9.3-p0.tar.gz
/ruby-1.9.3-p125.tar.gz
/ruby-1.9.3-p194.tar.gz
/ruby-1.9.3-p286.tar.gz

View File

@ -1,103 +0,0 @@
Patch from trunk for CVE-2012-4464, CVE-2012-4466
Part for test/ruby/test_exception.rb was adjusted for ruby 1.9.3
Mamoru Tasaka <mtasaka@fedoraproject.org>
------------------------------------------------------------------------
r37068 | shugo | 2012-10-03 02:25:10 +0900 (Wed, 03 Oct 2012) | 2 lines
* error.c (exc_to_s, name_err_to_s, name_err_mesg_to_str): do not
taint messages.
------------------------------------------------------------------------
Index: error.c
===================================================================
--- error.c (revision 37067)
+++ error.c (revision 37068)
@@ -635,7 +635,6 @@
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
r = rb_String(mesg);
- OBJ_INFECT(r, exc);
return r;
}
@@ -996,11 +995,7 @@
if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc));
StringValue(str);
- if (str != mesg) {
- rb_iv_set(exc, "mesg", mesg = str);
- }
- OBJ_INFECT(mesg, exc);
- return mesg;
+ return str;
}
/*
@@ -1131,7 +1126,6 @@
args[2] = d;
mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args);
}
- OBJ_INFECT(mesg, obj);
return mesg;
}
Index: test/ruby/test_exception.rb
===================================================================
--- test/ruby/test_exception.rb (revision 37067)
+++ test/ruby/test_exception.rb (modified)
@@ -333,4 +333,54 @@
load(t.path)
end
end
+
+ def test_to_s_taintness_propagation
+ for exc in [Exception, NameError]
+ m = "abcdefg"
+ e = exc.new(m)
+ e.taint
+ s = e.to_s
+ assert_equal(false, m.tainted?,
+ "#{exc}#to_s should not propagate taintness")
+ assert_equal(false, s.tainted?,
+ "#{exc}#to_s should not propagate taintness")
+ end
+
+ o = Object.new
+ def o.to_str
+ "foo"
+ end
+ o.taint
+ e = NameError.new(o)
+ s = e.to_s
+ assert_equal(false, s.tainted?)
+ end
+
+ def test_exception_to_s_should_not_propagate_untrustedness
+ favorite_lang = "Ruby"
+
+ for exc in [Exception, NameError]
+ assert_raise(SecurityError) do
+ lambda {
+ $SAFE = 4
+ exc.new(favorite_lang).to_s
+ favorite_lang.replace("Python")
+ }.call
+ end
+ end
+
+ assert_raise(SecurityError) do
+ lambda {
+ $SAFE = 4
+ o = Object.new
+ o.singleton_class.send(:define_method, :to_str) {
+ favorite_lang
+ }
+ NameError.new(o).to_s
+ favorite_lang.replace("Python")
+ }.call
+ end
+
+ assert_equal("Ruby", favorite_lang)
+ end
end

View File

@ -0,0 +1,14 @@
--- ruby-1.9.3-p286/test/ruby/test_io.rb.devtty 2012-10-12 17:37:54.000000000 +0900
+++ ruby-1.9.3-p286/test/ruby/test_io.rb 2012-10-13 14:00:24.000000000 +0900
@@ -2068,6 +2068,11 @@
return if /linux/ !~ RUBY_PLATFORM
return if /^i.?86|^x86_64/ !~ RUBY_PLATFORM
return unless File.exist?('/dev/tty')
+ begin
+ File.open('/dev/tty') {|f|}
+ rescue Errno::ENXIO
+ return
+ end
File.open('/dev/tty') { |f|
tiocgwinsz=0x5413

View File

@ -1,7 +1,7 @@
%global major_version 1
%global minor_version 9
%global teeny_version 3
%global patch_level 194
%global patch_level 286
%global major_minor_version %{major_version}.%{minor_version}
@ -56,7 +56,7 @@ Version: %{ruby_version_patch_level}
# we cannot reset the release number to 1 even when the main (ruby) version
# is updated - because it may be that the versions of sub-components don't
# change.
Release: 18%{?dist}
Release: 19%{?dist}
Group: Development/Languages
# Public Domain for example for: include/ruby/st.h, strftime.c, ...
License: (Ruby or BSD) and Public Domain
@ -79,7 +79,8 @@ Patch4: ruby-1.9.3-fix-s390x-build.patch
# when it exists outside of the GEM_HOME (already fixed in the upstream)
Patch5: ruby-1.9.3-rubygems-1.8.11-uninstaller.patch
# http://redmine.ruby-lang.org/issues/5135 - see comment 29
Patch6: ruby-1.9.3-webrick-test-fix.patch
# Fixed in ruby 1.9.3p286
#Patch6: ruby-1.9.3-webrick-test-fix.patch
# Already fixed upstream:
# https://github.com/ruby/ruby/commit/f212df564a4e1025f9fb019ce727022a97bfff53
Patch7: ruby-1.9.3-bignum-test-fix.patch
@ -91,7 +92,11 @@ Patch8: ruby-1.9.3-custom-rubygems-location.patch
Patch9: rubygems-1.8.11-binary-extensions.patch
# Patch from trunk for CVE-4464, CVE-4466
# http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37068
Patch10: ruby-1.9.3-backport-from-trunk-rev37068.patch
# Fixed in ruby 1.9.3p286
#Patch10: ruby-1.9.3-backport-from-trunk-rev37068.patch
# Opening /dev/tty fails with ENXIO (ref: man 2 open) on koji.
# Let's rescue this
Patch10: ruby-1.9.3-p286-open-devtty-on-koji.patch
# Make mkmf verbose by default
Patch12: ruby-1.9.3-mkmf-verbose.patch
@ -330,11 +335,11 @@ Tcl/Tk interface for the object-oriented scripting language Ruby.
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
#%%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p0
%patch10 -p1
%patch12 -p1
%build
@ -741,6 +746,11 @@ make check TESTS="-v $DISABLE_TESTS"
%{ruby_libdir}/tkextlib
%changelog
* Sat Oct 13 2012 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.286-19
- Update to 1.9.3 p286
- Don't create files when NUL-containing path name is passed
(bug 865940)
* Thu Oct 04 2012 Mamoru Tasaka <mtasaka@fedoraproject.org> - 1.9.3.194-18
- Patch from trunk for CVE-2012-4464, CVE-2012-4466

View File

@ -1 +1 @@
bc0c715c69da4d1d8bd57069c19f6c0e ruby-1.9.3-p194.tar.gz
e2469b55c2a3d0d643097d47fe4984bb ruby-1.9.3-p286.tar.gz