diff options
| author | nagachika <nagachika@ruby-lang.org> | 2021-05-23 15:05:06 +0900 |
|---|---|---|
| committer | nagachika <nagachika@ruby-lang.org> | 2021-05-23 15:05:06 +0900 |
| commit | 86f7e55dfb5938e0c617b8629a1fbb4d24341dc0 (patch) | |
| tree | c4be0d0d88ee87131772104e677ebc9d301a5864 | |
| parent | 410216c9db033a72f4dd119c366bc58dd54383ec (diff) | |
merge revision(s) 10e63f3f56cc0f559816d921f3e771dea02f3eb9:
[ruby/rdoc] Vertical-bar is disallowed in path names on Windows
No risk of remote code execution, when the file cannot be created.
https://github.com/ruby/rdoc/runs/2565343916?check_suite_focus=true#step:5:58
```
Error: test_remove_unparseable_CVE_2021_31799(TestRDocRDoc): Errno::EINVAL: Invalid argument @ utime_failed - | touch evil.txt && echo tags
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `utime'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1142:in `block in touch'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `each'
D:/rubyinstaller-head-x64/lib/ruby/3.1.0/fileutils.rb:1139:in `touch'
D:/a/rdoc/rdoc/test/rdoc/test_rdoc_rdoc.rb:463:in `block (2 levels) in test_remove_unparseable_CVE_2021_31799'
460: temp_dir do
461: file_list = ['| touch evil.txt && echo tags']
462: file_list.each do |f|
=> 463: FileUtils.touch f
464: end
465:
466: assert_equal file_list, @rdoc.remove_unparseable(file_list)
```
https://github.com/ruby/rdoc/commit/a7df7dc8fa
---
test/rdoc/test_rdoc_rdoc.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
| -rw-r--r-- | test/rdoc/test_rdoc_rdoc.rb | 2 | ||||
| -rw-r--r-- | version.h | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/test/rdoc/test_rdoc_rdoc.rb b/test/rdoc/test_rdoc_rdoc.rb index a83d5a1b88..7b84bb698a 100644 --- a/test/rdoc/test_rdoc_rdoc.rb +++ b/test/rdoc/test_rdoc_rdoc.rb @@ -460,7 +460,7 @@ class TestRDocRDoc < RDoc::TestCase temp_dir do file_list = ['| touch evil.txt && echo tags'] file_list.each do |f| - FileUtils.touch f + FileUtils.touch f rescue omit end assert_equal file_list, @rdoc.remove_unparseable(file_list) @@ -12,7 +12,7 @@ # define RUBY_VERSION_MINOR RUBY_API_VERSION_MINOR #define RUBY_VERSION_TEENY 2 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR -#define RUBY_PATCHLEVEL 85 +#define RUBY_PATCHLEVEL 86 #define RUBY_RELEASE_YEAR 2021 #define RUBY_RELEASE_MONTH 5 |