Hello community, here is the log from the commit of package ruby19 for openSUSE:Factory checked in at 2012-10-26 17:47:50 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ruby19 (Old) and /work/SRC/openSUSE:Factory/.ruby19.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ruby19", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/ruby19/ruby19.changes 2012-10-19 08:52:22.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.ruby19.new/ruby19.changes 2012-10-26 17:47:52.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Oct 26 14:27:36 UTC 2012 - [email protected] + +- added ruby-1.8.7_safe_level_bypass.patch: (bnc#783511) + Fixes a SAFE_LEVEL bypass in name_err_to_s and exc_to_s. + CVE-2012-4464 + +------------------------------------------------------------------- New: ---- ruby-1.8.7_safe_level_bypass.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ruby19.spec ++++++ --- /var/tmp/diff_new_pack.tVX9CI/_old 2012-10-26 17:47:53.000000000 +0200 +++ /var/tmp/diff_new_pack.tVX9CI/_new 2012-10-26 17:47:53.000000000 +0200 @@ -73,6 +73,7 @@ Patch: rubygems-1.5.0_buildroot.patch Patch1: ruby-1.9.2p290_tcl_no_stupid_rpaths.patch Patch2: ruby19-export_init_prelude.patch +Patch3: ruby-1.8.7_safe_level_bypass.patch # Summary: An Interpreted Object-Oriented Scripting Language License: BSD-2-Clause or Ruby @@ -206,6 +207,7 @@ %patch %patch1 %patch2 -p1 +%patch3 %if 0%{?needs_optimization_zero} touch -r configure configure.timestamp perl -p -i.bak -e 's|-O2|-O0|g' configure ++++++ ruby-1.8.7_safe_level_bypass.patch ++++++ Index: error.c =================================================================== --- error.c.orig 2012-02-25 13:32:19.000000000 +0100 +++ error.c 2012-10-26 13:03:11.760708214 +0200 @@ -569,7 +569,6 @@ exc_to_s(VALUE exc) if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); r = rb_String(mesg); - OBJ_INFECT(r, exc); return r; } @@ -853,11 +852,7 @@ name_err_to_s(VALUE exc) if (NIL_P(mesg)) return rb_class_name(CLASS_OF(exc)); StringValue(str); - if (str != mesg) { - rb_iv_set(exc, "mesg", mesg = str); - } - OBJ_INFECT(mesg, exc); - return mesg; + return str; } /* @@ -988,7 +983,6 @@ name_err_mesg_to_str(VALUE obj) args[2] = d; mesg = rb_f_sprintf(NAME_ERR_MESG_COUNT, args); } - OBJ_INFECT(mesg, obj); return mesg; } Index: test/ruby/test_exception.rb =================================================================== --- test/ruby/test_exception.rb.orig 2012-02-08 01:44:05.000000000 +0100 +++ test/ruby/test_exception.rb 2012-10-26 13:03:11.761708215 +0200 @@ -333,4 +333,54 @@ end.join load(t.path) end end + + def test_to_s_taintness_propagation + for exc in [Exception, NameError] + m = "abcdefg" + e = exc.new(m) + e.taint + s = e.to_s + assert_equal(false, m.tainted?, + "#{exc}#to_s should not propagate taintness") + assert_equal(false, s.tainted?, + "#{exc}#to_s should not propagate taintness") + end + + o = Object.new + def o.to_str + "foo" + end + o.taint + e = NameError.new(o) + s = e.to_s + assert_equal(false, s.tainted?) + end + + def test_exception_to_s_should_not_propagate_untrustedness + favorite_lang = "Ruby" + + for exc in [Exception, NameError] + assert_raise(SecurityError) do + lambda { + $SAFE = 4 + exc.new(favorite_lang).to_s + favorite_lang.replace("Python") + }.call + end + end + + assert_raise(SecurityError) do + lambda { + $SAFE = 4 + o = Object.new + o.singleton_class.send(:define_method, :to_str) { + favorite_lang + } + NameError.new(o).to_s + favorite_lang.replace("Python") + }.call + end + + assert_equal("Ruby", favorite_lang) + end end -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
