merge revision(s) a15f7dd1fb1148c3d586238ee6907875f2e40379: [Backport #15803]

	Always mark the string returned by File.realpath as tainted

	This string can include elements that were not in either string
	passed to File.realpath, even if one of the strings is an
	absolute path, due to symlinks:

	```ruby
	Dir.mkdir('b') unless File.directory?('b')
	File.write('b/a', '') unless File.file?('b/a')
	File.symlink('b', 'c') unless File.symlink?('c')
	path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
	path # "/home/testr/ruby/b/a"
	path.tainted? # should be true, as 'b' comes from file system
	```

	[Bug #15803]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@67755 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

3 files changed, 3 insertions, 3 deletions

diff --git a/file.c b/file.c
index b9e7a8307b..3bf092c05c 100644
--- a/file.c
+++ b/file.c
@@ -4145,7 +4145,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode
 	}
     }
 
-    OBJ_INFECT(resolved, unresolved_path);
+    rb_obj_taint(resolved);
     RB_GC_GUARD(unresolved_path);
     RB_GC_GUARD(curdir);
     return resolved;
diff --git a/test/ruby/test_file.rb b/test/ruby/test_file.rb
index ea03b59814..9a795ee02f 100644
--- a/test/ruby/test_file.rb
+++ b/test/ruby/test_file.rb
@@ -298,7 +298,7 @@ class TestFile < Test::Unit::TestCase
       assert_predicate(File.realpath(base, dir), :tainted?)
       base.untaint
       dir.untaint
-      assert_not_predicate(File.realpath(base, dir), :tainted?)
+      assert_predicate(File.realpath(base, dir), :tainted?)
       assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?)
     }
   end
diff --git a/version.h b/version.h
index 142ea40436..f9e5d38700 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
 #define RUBY_VERSION "2.5.6"
 #define RUBY_RELEASE_DATE "2019-08-26"
-#define RUBY_PATCHLEVEL 174
+#define RUBY_PATCHLEVEL 175
 
 #define RUBY_RELEASE_YEAR 2019
 #define RUBY_RELEASE_MONTH 8