ruby-changes:66308
From: nagachika <ko1@a...>
Date: Sun, 23 May 2021 15:05:27 +0900 (JST)
Subject: [ruby-changes:66308] 86f7e55dfb (ruby_3_0): merge revision(s) 10e63f3f56cc0f559816d921f3e771dea02f3eb9:
https://git.ruby-lang.org/ruby.git/commit/?id=86f7e55dfb From 86f7e55dfb5938e0c617b8629a1fbb4d24341dc0 Mon Sep 17 00:00:00 2001 From: nagachika <nagachika@r...> Date: Sun, 23 May 2021 15:05:06 +0900 Subject: merge revision(s) 10e63f3f56cc0f559816d921f3e771dea02f3eb9: [ruby/rdoc] Vertical-bar is disallowed in path names on Windows No risk of remote code execution, when the file cannot be created. https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58 ``` Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each' D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch' D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799' 460: temp_dir do 461: file_list = ['| touch evil.txt && echo tags'] 462: file_list.each do |f| => 463: FileUtils.touch f 464: end 465: 466: assert_equal file_list, @rdoc.remove_unparseable(file_list) ``` https://github.com/ruby/rdoc/commit/a7df7dc8fa --- test/rdoc/test_rdoc_rdoc.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- test/rdoc/test_rdoc_rdoc.rb | 2 +- version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb index a83d5a1..7b84bb6 100644 --- a/test/rdoc/test_rdoc_rdoc.rb +++ b/test/rdoc/test_rdoc_rdoc.rb @@ -460,7 +460,7 @@ class TestRDocRDoc < RDoc::TestCase https://github.com/ruby/ruby/blob/trunk/test/rdoc/test_rdoc_rdoc.rb#L460 temp_dir do file_list = ['| touch evil.txt && echo tags'] file_list.each do |f| - FileUtils.touch f + FileUtils.touch f rescue omit end assert_equal file_list, @rdoc.remove_unparseable(file_list) diff --git a/version.h b/version.h index 0acccfc..36d0caa 100644 --- a/version.h +++ b/version.h @@ -12,7 +12,7 @@ https://github.com/ruby/ruby/blob/trunk/version.h#L12 # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR #define RUBY_VERSION_TEENY 2 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 85 +#define RUBY_PATCHLEVEL 86 #define RUBY_RELEASE_YEAR 2021 #define RUBY_RELEASE_MONTH 5 -- cgit v1.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/