https://git.ruby-lang.org/ruby.git/commit/?id=c2ce9eb9d8

From c2ce9eb9d88593870f68f5476ecc20cff99669db Mon Sep 17 00:00:00 2001
From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Thu, 25 Jul 2019 23:11:57 +0000
Subject: merge revision(s) a15f7dd1fb1148c3d586238ee6907875f2e40379: [Backport
 #15803]

	Always mark the string returned by File.realpath as tainted

	This string can include elements that were not in either string
	passed to File.realpath, even if one of the strings is an
	absolute path, due to symlinks:

	```ruby
	Dir.mkdir('b') unless File.directory?('b')
	File.write('b/a', '') unless File.file?('b/a')
	File.symlink('b', 'c') unless File.symlink?('c')
	path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
	path # "/home/testr/ruby/b/a"
	path.tainted? # should be true, as 'b' comes from file system
	```

	[Bug #15803]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67713 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

diff --git a/file.c b/file.c
index fa420c6..6721d9b 100644
--- a/file.c
+++ b/file.c
@@ -4152,7 +4152,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode https://github.com/ruby/ruby/blob/trunk/file.c#L4152
 	}
     }
 
-    OBJ_INFECT(resolved, unresolved_path);
+    rb_obj_taint(resolved);
     RB_GC_GUARD(unresolved_path);
     RB_GC_GUARD(curdir);
     return resolved;
diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb
index 5e9574c..36c154d 100644
--- a/test/ruby/test_file.rb
+++ b/test/ruby/test_file.rb
@@ -298,7 +298,7 @@ class TestFile < Test::Unit::TestCase https://github.com/ruby/ruby/blob/trunk/test/ruby/test_file.rb#L298
       assert_predicate(File.realpath(base, dir), :tainted?)
       base.untaint
       dir.untaint
-      assert_not_predicate(File.realpath(base, dir), :tainted?)
+      assert_predicate(File.realpath(base, dir), :tainted?)
       assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?)
     }
   end
diff --git a/version.h b/version.h
index 6594e9c..01f16aa 100644
--- a/version.h
+++ b/version.h
@@ -1,10 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L1
 #define RUBY_VERSION "2.6.3"
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 65
+#define RUBY_PATCHLEVEL 66
 
 #define RUBY_RELEASE_YEAR 2019
-#define RUBY_RELEASE_MONTH 6
-#define RUBY_RELEASE_DAY 22
+#define RUBY_RELEASE_MONTH 7
+#define RUBY_RELEASE_DAY 26
 
 #include "ruby/version.h"
 
-- 
cgit v0.10.2


--
ML: ruby-changes@q...
Info: http://www.atdot.net/~ko1/quickml/