rdoc 3.9.4 → 3.9.5
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of rdoc might be problematic. Click here for more details.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CVE-2013-0256.rdoc +49 -0
- data/History.txt +7 -0
- data/Manifest.txt +1 -0
- data/Rakefile +1 -1
- data/lib/rdoc.rb +1 -1
- data/lib/rdoc/generator/template/darkfish/js/darkfish.js +9 -7
- metadata +105 -125
- metadata.gz.sig +0 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 9d9a58840506bd6b738237a6af63e481cb99d722
|
4
|
+
data.tar.gz: dd7c3e432a825b7d424a72c6d809fc846b4ca15d
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4aed26561794caea63847544ac7af1664170b460e6c1f0124f31396aa1a0e4f1f7feb59101342fe00160a0f4c823d64aaa5b5744c350b597d5bdf7ae39f23c9d
|
7
|
+
data.tar.gz: d7b563efe923aedecb2cfcd7d6c256cf70dc12791104e348be074ea68e9b951d9fef08bd32e8f36c9594124a94a7a629317d32c5a551d4311a69e4398ed177c7
|
checksums.yaml.gz.sig
ADDED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/CVE-2013-0256.rdoc
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
= RDoc 2.3.0 through 3.12 XSS Exploit
|
2
|
+
|
3
|
+
RDoc documentation generated by rdoc 2.3.0 through rdoc 3.12 and prereleases up
|
4
|
+
to rdoc 4.0.0.preview2.1 are vulnerable to an XSS exploit. This exploit may
|
5
|
+
lead to cookie disclosure to third parties.
|
6
|
+
|
7
|
+
The exploit exists in darkfish.js which is copied from the RDoc install
|
8
|
+
location to the generated documentation.
|
9
|
+
|
10
|
+
RDoc is a static documentation generation tool. Patching the library itself
|
11
|
+
is insufficient to correct this exploit. Those hosting rdoc documentation will
|
12
|
+
need to apply the following patch. If applied while ignoring whitespace, this
|
13
|
+
patch will correct all affected versions:
|
14
|
+
|
15
|
+
diff --git darkfish.js darkfish.js
|
16
|
+
index 4be722f..f26fd45 100644
|
17
|
+
--- darkfish.js
|
18
|
+
+++ darkfish.js
|
19
|
+
@@ -109,13 +109,15 @@ function hookSearch() {
|
20
|
+
function highlightTarget( anchor ) {
|
21
|
+
console.debug( "Highlighting target '%s'.", anchor );
|
22
|
+
|
23
|
+
- $("a[name=" + anchor + "]").each( function() {
|
24
|
+
- if ( !$(this).parent().parent().hasClass('target-section') ) {
|
25
|
+
- console.debug( "Wrapping the target-section" );
|
26
|
+
- $('div.method-detail').unwrap( 'div.target-section' );
|
27
|
+
- $(this).parent().wrap( '<div class="target-section"></div>' );
|
28
|
+
- } else {
|
29
|
+
- console.debug( "Already wrapped." );
|
30
|
+
+ $("a[name]").each( function() {
|
31
|
+
+ if ( $(this).attr("name") == anchor ) {
|
32
|
+
+ if ( !$(this).parent().parent().hasClass('target-section') ) {
|
33
|
+
+ console.debug( "Wrapping the target-section" );
|
34
|
+
+ $('div.method-detail').unwrap( 'div.target-section' );
|
35
|
+
+ $(this).parent().wrap( '<div class="target-section"></div>' );
|
36
|
+
+ } else {
|
37
|
+
+ console.debug( "Already wrapped." );
|
38
|
+
+ }
|
39
|
+
}
|
40
|
+
});
|
41
|
+
};
|
42
|
+
|
43
|
+
RDoc 3.9.5, 3.12.1 and RDoc 4.0.0.rc.2 and newer are not vulnerable to this
|
44
|
+
exploit.
|
45
|
+
|
46
|
+
This exploit was discovered by Evgeny Ermakov <corwmh@gmail.com>.
|
47
|
+
|
48
|
+
This vulnerability has been assigned the CVE identifier CVE-2013-0256.
|
49
|
+
|
data/History.txt
CHANGED
@@ -1,3 +1,10 @@
|
|
1
|
+
=== 3.9.5 / 2013-02-05
|
2
|
+
|
3
|
+
* Bug fixes
|
4
|
+
* Fixed an XSS exploit in darkfish.js. This could lead to cookie disclosure
|
5
|
+
to third parties. See CVE-2013-0256.rdoc for full details including a
|
6
|
+
patch you can apply to generated RDoc documentation.
|
7
|
+
|
1
8
|
=== 3.9.4 / 2011-08-26
|
2
9
|
|
3
10
|
* Bug fixes
|
data/Manifest.txt
CHANGED
data/Rakefile
CHANGED
@@ -41,7 +41,7 @@ Depending on your version of ruby, you may need to install ruby rdoc/ri data:
|
|
41
41
|
extra_dev_deps << ['isolate', '~> 3']
|
42
42
|
extra_dev_deps << ['ZenTest', '~> 4'] # for autotest/isolate
|
43
43
|
|
44
|
-
extra_rdoc_files << 'Rakefile'
|
44
|
+
extra_rdoc_files << 'Rakefile' << 'CVE-2013-0256.rdoc'
|
45
45
|
spec_extras['required_rubygems_version'] = '>= 1.3'
|
46
46
|
spec_extras['homepage'] = 'http://docs.seattlerb.org/rdoc'
|
47
47
|
end
|
data/lib/rdoc.rb
CHANGED
@@ -73,13 +73,15 @@ function hookQuickSearch() {
|
|
73
73
|
function highlightTarget( anchor ) {
|
74
74
|
console.debug( "Highlighting target '%s'.", anchor );
|
75
75
|
|
76
|
-
$("a[name
|
77
|
-
if (
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
76
|
+
$("a[name]").each( function() {
|
77
|
+
if ( $(this).attr("name") == anchor ) {
|
78
|
+
if ( !$(this).parent().parent().hasClass('target-section') ) {
|
79
|
+
console.debug( "Wrapping the target-section" );
|
80
|
+
$('div.method-detail').unwrap( 'div.target-section' );
|
81
|
+
$(this).parent().wrap( '<div class="target-section"></div>' );
|
82
|
+
} else {
|
83
|
+
console.debug( "Already wrapped." );
|
84
|
+
}
|
83
85
|
}
|
84
86
|
});
|
85
87
|
};
|
metadata
CHANGED
@@ -1,27 +1,21 @@
|
|
1
|
-
--- !ruby/object:Gem::Specification
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
2
|
name: rdoc
|
3
|
-
version: !ruby/object:Gem::Version
|
4
|
-
|
5
|
-
prerelease:
|
6
|
-
segments:
|
7
|
-
- 3
|
8
|
-
- 9
|
9
|
-
- 4
|
10
|
-
version: 3.9.4
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 3.9.5
|
11
5
|
platform: ruby
|
12
|
-
authors:
|
6
|
+
authors:
|
13
7
|
- Eric Hodel
|
14
8
|
- Dave Thomas
|
15
9
|
- Phil Hagelberg
|
16
10
|
- Tony Strauss
|
17
11
|
autorequire:
|
18
12
|
bindir: bin
|
19
|
-
cert_chain:
|
13
|
+
cert_chain:
|
20
14
|
- |
|
21
15
|
-----BEGIN CERTIFICATE-----
|
22
|
-
|
16
|
+
MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
|
23
17
|
YWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZFgNu
|
24
|
-
|
18
|
+
ZXQwHhcNMTIwMjI4MTc1NDI1WhcNMTMwMjI3MTc1NDI1WjBBMRAwDgYDVQQDDAdk
|
25
19
|
cmJyYWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZ
|
26
20
|
FgNuZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbgLrGLGIDE76
|
27
21
|
LV/cvxdEzCuYuS3oG9PrSZnuDweySUfdp/so0cDq+j8bqy6OzZSw07gdjwFMSd6J
|
@@ -29,117 +23,116 @@ cert_chain:
|
|
29
23
|
Gj/okWrQl0NjYOYBpDi+9PPmaH2RmLJu0dB/NylsDnW5j6yN1BEI8MfJRR+HRKZY
|
30
24
|
mUtgzBwF1V4KIZQ8EuL6I/nHVu07i6IkrpAgxpXUfdJQJi0oZAqXurAV3yTxkFwd
|
31
25
|
g62YrrW26mDe+pZBzR6bpLE+PmXCzz7UxUq3AE0gPHbiMXie3EFE0oxnsU3lIduh
|
32
|
-
|
33
|
-
BBS5k4Z75VSpdM0AclG2UvzFA/
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
26
|
+
sCANiQ8BAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
|
27
|
+
BBS5k4Z75VSpdM0AclG2UvzFA/VW5DAfBgNVHREEGDAWgRRkcmJyYWluQHNlZ21l
|
28
|
+
bnQ3Lm5ldDAfBgNVHRIEGDAWgRRkcmJyYWluQHNlZ21lbnQ3Lm5ldDANBgkqhkiG
|
29
|
+
9w0BAQUFAAOCAQEAPeWzFnrcvC6eVzdlhmjUub2s6qieBkongKRDHQz5MEeQv4LS
|
30
|
+
SARnoHY+uCAVL/1xGAhmpzqQ3fJGWK9eBacW/e8E5GF9xQcV3mE1bA0WNaiDlX5j
|
31
|
+
U2aI+ZGSblqvHUCxKBHR1s7UMHsbz1saOmgdRTyPx0juJs68ocbUTeYBLWu9V4KP
|
32
|
+
zdGAG2JXO2gONg3b4tYDvpBLbry+KOX27iAJulUaH9TiTOULL4ITJVFsK0mYVqmR
|
33
|
+
Q8Tno9S3e4XGGP1ZWfLrTWEJbavFfhGHut2iMRwfC7s/YILAHNATopaJdH9DNpd1
|
34
|
+
U81zGHMUBOvz/VGT6wJwYJ3emS2nfA2NOHFfgA==
|
40
35
|
-----END CERTIFICATE-----
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
- !ruby/object:Gem::Dependency
|
36
|
+
date: 2013-02-06 00:00:00.000000000 Z
|
37
|
+
dependencies:
|
38
|
+
- !ruby/object:Gem::Dependency
|
45
39
|
name: minitest
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
- !ruby/object:Gem::Version
|
52
|
-
hash: 1
|
53
|
-
segments:
|
54
|
-
- 2
|
55
|
-
- 3
|
56
|
-
- 1
|
57
|
-
version: 2.3.1
|
40
|
+
requirement: !ruby/object:Gem::Requirement
|
41
|
+
requirements:
|
42
|
+
- - "~>"
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
version: '4.3'
|
58
45
|
type: :development
|
59
|
-
version_requirements: *id001
|
60
|
-
- !ruby/object:Gem::Dependency
|
61
|
-
name: minitest
|
62
46
|
prerelease: false
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
47
|
+
version_requirements: !ruby/object:Gem::Requirement
|
48
|
+
requirements:
|
49
|
+
- - "~>"
|
50
|
+
- !ruby/object:Gem::Version
|
51
|
+
version: '4.3'
|
52
|
+
- !ruby/object:Gem::Dependency
|
53
|
+
name: rdoc
|
54
|
+
requirement: !ruby/object:Gem::Requirement
|
55
|
+
requirements:
|
56
|
+
- - "~>"
|
57
|
+
- !ruby/object:Gem::Version
|
58
|
+
version: '3.10'
|
72
59
|
type: :development
|
73
|
-
version_requirements: *id002
|
74
|
-
- !ruby/object:Gem::Dependency
|
75
|
-
name: isolate
|
76
60
|
prerelease: false
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
61
|
+
version_requirements: !ruby/object:Gem::Requirement
|
62
|
+
requirements:
|
63
|
+
- - "~>"
|
64
|
+
- !ruby/object:Gem::Version
|
65
|
+
version: '3.10'
|
66
|
+
- !ruby/object:Gem::Dependency
|
67
|
+
name: isolate
|
68
|
+
requirement: !ruby/object:Gem::Requirement
|
69
|
+
requirements:
|
70
|
+
- - "~>"
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
version: '3'
|
86
73
|
type: :development
|
87
|
-
version_requirements: *id003
|
88
|
-
- !ruby/object:Gem::Dependency
|
89
|
-
name: ZenTest
|
90
74
|
prerelease: false
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
75
|
+
version_requirements: !ruby/object:Gem::Requirement
|
76
|
+
requirements:
|
77
|
+
- - "~>"
|
78
|
+
- !ruby/object:Gem::Version
|
79
|
+
version: '3'
|
80
|
+
- !ruby/object:Gem::Dependency
|
81
|
+
name: ZenTest
|
82
|
+
requirement: !ruby/object:Gem::Requirement
|
83
|
+
requirements:
|
84
|
+
- - "~>"
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: '4'
|
100
87
|
type: :development
|
101
|
-
version_requirements: *id004
|
102
|
-
- !ruby/object:Gem::Dependency
|
103
|
-
name: hoe
|
104
88
|
prerelease: false
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
89
|
+
version_requirements: !ruby/object:Gem::Requirement
|
90
|
+
requirements:
|
91
|
+
- - "~>"
|
92
|
+
- !ruby/object:Gem::Version
|
93
|
+
version: '4'
|
94
|
+
- !ruby/object:Gem::Dependency
|
95
|
+
name: hoe
|
96
|
+
requirement: !ruby/object:Gem::Requirement
|
97
|
+
requirements:
|
98
|
+
- - "~>"
|
99
|
+
- !ruby/object:Gem::Version
|
100
|
+
version: '3.3'
|
115
101
|
type: :development
|
116
|
-
|
102
|
+
prerelease: false
|
103
|
+
version_requirements: !ruby/object:Gem::Requirement
|
104
|
+
requirements:
|
105
|
+
- - "~>"
|
106
|
+
- !ruby/object:Gem::Version
|
107
|
+
version: '3.3'
|
117
108
|
description: |-
|
118
109
|
RDoc produces HTML and command-line documentation for Ruby projects. RDoc
|
119
110
|
includes the +rdoc+ and +ri+ tools for generating and displaying online
|
120
111
|
documentation.
|
121
|
-
|
112
|
+
|
122
113
|
See RDoc for a description of RDoc's markup and basic use.
|
123
|
-
email:
|
114
|
+
email:
|
124
115
|
- drbrain@segment7.net
|
125
|
-
-
|
116
|
+
- ''
|
126
117
|
- technomancy@gmail.com
|
127
118
|
- tony.strauss@designingpatterns.com
|
128
|
-
executables:
|
119
|
+
executables:
|
129
120
|
- rdoc
|
130
121
|
- ri
|
131
122
|
extensions: []
|
132
|
-
|
133
|
-
|
123
|
+
extra_rdoc_files:
|
124
|
+
- CVE-2013-0256.rdoc
|
134
125
|
- History.txt
|
135
126
|
- LICENSE.txt
|
136
127
|
- Manifest.txt
|
137
128
|
- README.txt
|
138
129
|
- RI.txt
|
130
|
+
- bin/rdoc
|
139
131
|
- Rakefile
|
140
|
-
files:
|
141
|
-
- .autotest
|
142
|
-
- .document
|
132
|
+
files:
|
133
|
+
- ".autotest"
|
134
|
+
- ".document"
|
135
|
+
- CVE-2013-0256.rdoc
|
143
136
|
- History.txt
|
144
137
|
- LICENSE.txt
|
145
138
|
- Manifest.txt
|
@@ -310,52 +303,39 @@ files:
|
|
310
303
|
- test/test_rdoc_top_level.rb
|
311
304
|
- test/xref_data.rb
|
312
305
|
- test/xref_test_case.rb
|
313
|
-
- .gemtest
|
306
|
+
- ".gemtest"
|
314
307
|
homepage: http://docs.seattlerb.org/rdoc
|
315
308
|
licenses: []
|
316
|
-
|
309
|
+
metadata: {}
|
317
310
|
post_install_message: |
|
318
311
|
Depending on your version of ruby, you may need to install ruby rdoc/ri data:
|
319
|
-
|
312
|
+
|
320
313
|
<= 1.8.6 : unsupported
|
321
314
|
= 1.8.7 : gem install rdoc-data; rdoc-data --install
|
322
315
|
= 1.9.1 : gem install rdoc-data; rdoc-data --install
|
323
316
|
>= 1.9.2 : nothing to do! Yay!
|
324
|
-
|
325
|
-
|
326
|
-
- --main
|
317
|
+
rdoc_options:
|
318
|
+
- "--main"
|
327
319
|
- README.txt
|
328
|
-
require_paths:
|
320
|
+
require_paths:
|
329
321
|
- lib
|
330
|
-
required_ruby_version: !ruby/object:Gem::Requirement
|
331
|
-
|
332
|
-
requirements:
|
322
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
323
|
+
requirements:
|
333
324
|
- - ">="
|
334
|
-
- !ruby/object:Gem::Version
|
335
|
-
hash: 57
|
336
|
-
segments:
|
337
|
-
- 1
|
338
|
-
- 8
|
339
|
-
- 7
|
325
|
+
- !ruby/object:Gem::Version
|
340
326
|
version: 1.8.7
|
341
|
-
required_rubygems_version: !ruby/object:Gem::Requirement
|
342
|
-
|
343
|
-
requirements:
|
327
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
328
|
+
requirements:
|
344
329
|
- - ">="
|
345
|
-
- !ruby/object:Gem::Version
|
346
|
-
|
347
|
-
segments:
|
348
|
-
- 1
|
349
|
-
- 3
|
350
|
-
version: "1.3"
|
330
|
+
- !ruby/object:Gem::Version
|
331
|
+
version: '1.3'
|
351
332
|
requirements: []
|
352
|
-
|
353
333
|
rubyforge_project: rdoc
|
354
|
-
rubygems_version:
|
334
|
+
rubygems_version: 2.0.0.rc.2
|
355
335
|
signing_key:
|
356
|
-
specification_version:
|
336
|
+
specification_version: 4
|
357
337
|
summary: RDoc produces HTML and command-line documentation for Ruby projects
|
358
|
-
test_files:
|
338
|
+
test_files:
|
359
339
|
- test/test_attribute_manager.rb
|
360
340
|
- test/test_rdoc_alias.rb
|
361
341
|
- test/test_rdoc_any_method.rb
|
metadata.gz.sig
CHANGED
Binary file
|