rdoc 3.9.4 → 3.9.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9d9a58840506bd6b738237a6af63e481cb99d722
+  data.tar.gz: dd7c3e432a825b7d424a72c6d809fc846b4ca15d
+SHA512:
+  metadata.gz: 4aed26561794caea63847544ac7af1664170b460e6c1f0124f31396aa1a0e4f1f7feb59101342fe00160a0f4c823d64aaa5b5744c350b597d5bdf7ae39f23c9d
+  data.tar.gz: d7b563efe923aedecb2cfcd7d6c256cf70dc12791104e348be074ea68e9b951d9fef08bd32e8f36c9594124a94a7a629317d32c5a551d4311a69e4398ed177c7

data/CVE-2013-0256.rdoc

@@ -0,0 +1,49 @@
+= RDoc 2.3.0 through 3.12 XSS Exploit
+
+RDoc documentation generated by rdoc 2.3.0 through rdoc 3.12 and prereleases up
+to rdoc 4.0.0.preview2.1 are vulnerable to an XSS exploit.  This exploit may
+lead to cookie disclosure to third parties.
+
+The exploit exists in darkfish.js which is copied from the RDoc install
+location to the generated documentation.
+
+RDoc is a static documentation generation tool.  Patching the library itself
+is insufficient to correct this exploit.  Those hosting rdoc documentation will
+need to apply the following patch.  If applied while ignoring whitespace, this
+patch will correct all affected versions:
+
+  diff --git darkfish.js darkfish.js
+  index 4be722f..f26fd45 100644
+  --- darkfish.js
+  +++ darkfish.js
+  @@ -109,13 +109,15 @@ function hookSearch() {
+   function highlightTarget( anchor ) {
+     console.debug( "Highlighting target '%s'.", anchor );
+   
+  -  $("a[name=" + anchor + "]").each( function() {
+  -    if ( !$(this).parent().parent().hasClass('target-section') ) {
+  -      console.debug( "Wrapping the target-section" );
+  -      $('div.method-detail').unwrap( 'div.target-section' );
+  -      $(this).parent().wrap( '<div class="target-section"></div>' );
+  -    } else {
+  -      console.debug( "Already wrapped." );
+  +  $("a[name]").each( function() {
+  +    if ( $(this).attr("name") == anchor ) {
+  +      if ( !$(this).parent().parent().hasClass('target-section') ) {
+  +        console.debug( "Wrapping the target-section" );
+  +        $('div.method-detail').unwrap( 'div.target-section' );
+  +        $(this).parent().wrap( '<div class="target-section"></div>' );
+  +      } else {
+  +        console.debug( "Already wrapped." );
+  +      }
+       }
+     });
+   };
+
+RDoc 3.9.5, 3.12.1 and RDoc 4.0.0.rc.2 and newer are not vulnerable to this
+exploit.
+
+This exploit was discovered by Evgeny Ermakov <corwmh@gmail.com>.
+
+This vulnerability has been assigned the CVE identifier CVE-2013-0256.
+

data/History.txt

@@ -1,3 +1,10 @@
+=== 3.9.5 / 2013-02-05
+
+* Bug fixes
+  * Fixed an XSS exploit in darkfish.js.  This could lead to cookie disclosure
+    to third parties.  See CVE-2013-0256.rdoc for full details including a
+    patch you can apply to generated RDoc documentation.
+
 === 3.9.4 / 2011-08-26
 
 * Bug fixes

data/Manifest.txt

@@ -1,5 +1,6 @@
 .autotest
 .document
+CVE-2013-0256.rdoc
 History.txt
 LICENSE.txt
 Manifest.txt

data/Rakefile

@@ -41,7 +41,7 @@ Depending on your version of ruby, you may need to install ruby rdoc/ri data:
   extra_dev_deps << ['isolate',  '~> 3']
   extra_dev_deps << ['ZenTest',  '~> 4'] # for autotest/isolate
 
-  extra_rdoc_files << 'Rakefile'
+  extra_rdoc_files << 'Rakefile' << 'CVE-2013-0256.rdoc'
   spec_extras['required_rubygems_version'] = '>= 1.3'
   spec_extras['homepage'] = 'http://docs.seattlerb.org/rdoc'
 end

data/lib/rdoc.rb

@@ -104,7 +104,7 @@ module RDoc
   ##
   # RDoc version you are using
 
-  VERSION = '3.9.4'
+  VERSION = '3.9.5'
 
   ##
   # Method visibilities

data/lib/rdoc/generator/template/darkfish/js/darkfish.js

@@ -73,13 +73,15 @@ function hookQuickSearch() {
 function highlightTarget( anchor ) {
 	console.debug( "Highlighting target '%s'.", anchor );
 
-	$("a[name=" + anchor + "]").each( function() {
-		if ( !$(this).parent().parent().hasClass('target-section') ) {
-			console.debug( "Wrapping the target-section" );
-			$('div.method-detail').unwrap( 'div.target-section' );
-			$(this).parent().wrap( '<div class="target-section"></div>' );
-		} else {
-			console.debug( "Already wrapped." );
+	$("a[name]").each( function() {
+		if ( $(this).attr("name") == anchor ) {
+			if ( !$(this).parent().parent().hasClass('target-section') ) {
+				console.debug( "Wrapping the target-section" );
+				$('div.method-detail').unwrap( 'div.target-section' );
+				$(this).parent().wrap( '<div class="target-section"></div>' );
+			} else {
+				console.debug( "Already wrapped." );
+			}
 		}
 	});
 };

metadata

@@ -1,27 +1,21 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: rdoc
-version: !ruby/object:Gem::Version 
-  hash: 43
-  prerelease: 
-  segments: 
-  - 3
-  - 9
-  - 4
-  version: 3.9.4
+version: !ruby/object:Gem::Version
+  version: 3.9.5
 platform: ruby
-authors: 
+authors:
 - Eric Hodel
 - Dave Thomas
 - Phil Hagelberg
 - Tony Strauss
 autorequire: 
 bindir: bin
-cert_chain: 
+cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDNjCCAh6gAwIBAgIBADANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
+  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMRAwDgYDVQQDDAdkcmJy
   YWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZFgNu
-  ZXQwHhcNMDcxMjIxMDIwNDE0WhcNMDgxMjIwMDIwNDE0WjBBMRAwDgYDVQQDDAdk
+  ZXQwHhcNMTIwMjI4MTc1NDI1WhcNMTMwMjI3MTc1NDI1WjBBMRAwDgYDVQQDDAdk
   cmJyYWluMRgwFgYKCZImiZPyLGQBGRYIc2VnbWVudDcxEzARBgoJkiaJk/IsZAEZ
   FgNuZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbgLrGLGIDE76
   LV/cvxdEzCuYuS3oG9PrSZnuDweySUfdp/so0cDq+j8bqy6OzZSw07gdjwFMSd6J
@@ -29,117 +23,116 @@ cert_chain:
   Gj/okWrQl0NjYOYBpDi+9PPmaH2RmLJu0dB/NylsDnW5j6yN1BEI8MfJRR+HRKZY
   mUtgzBwF1V4KIZQ8EuL6I/nHVu07i6IkrpAgxpXUfdJQJi0oZAqXurAV3yTxkFwd
   g62YrrW26mDe+pZBzR6bpLE+PmXCzz7UxUq3AE0gPHbiMXie3EFE0oxnsU3lIduh
-  sCANiQ8BAgMBAAGjOTA3MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
-  BBS5k4Z75VSpdM0AclG2UvzFA/VW5DANBgkqhkiG9w0BAQUFAAOCAQEAHagT4lfX
-  kP/hDaiwGct7XPuVGbrOsKRVD59FF5kETBxEc9UQ1clKWngf8JoVuEoKD774dW19
-  bU0GOVWO+J6FMmT/Cp7nuFJ79egMf/gy4gfUfQMuvfcr6DvZUPIs9P/TlK59iMYF
-  DIOQ3DxdF3rMzztNUCizN4taVscEsjCcgW6WkUJnGdqlu3OHWpQxZBJkBTjPCoc6
-  UW6on70SFPmAy/5Cq0OJNGEWBfgD9q7rrs/X8GGwUWqXb85RXnUVi/P8Up75E0ag
-  14jEc90kN+C7oI/AGCBN0j6JnEtYIEJZibjjDJTSMWlUKKkj30kq7hlUC2CepJ4v
-  x52qPcexcYZR7w==
+  sCANiQ8BAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+  BBS5k4Z75VSpdM0AclG2UvzFA/VW5DAfBgNVHREEGDAWgRRkcmJyYWluQHNlZ21l
+  bnQ3Lm5ldDAfBgNVHRIEGDAWgRRkcmJyYWluQHNlZ21lbnQ3Lm5ldDANBgkqhkiG
+  9w0BAQUFAAOCAQEAPeWzFnrcvC6eVzdlhmjUub2s6qieBkongKRDHQz5MEeQv4LS
+  SARnoHY+uCAVL/1xGAhmpzqQ3fJGWK9eBacW/e8E5GF9xQcV3mE1bA0WNaiDlX5j
+  U2aI+ZGSblqvHUCxKBHR1s7UMHsbz1saOmgdRTyPx0juJs68ocbUTeYBLWu9V4KP
+  zdGAG2JXO2gONg3b4tYDvpBLbry+KOX27iAJulUaH9TiTOULL4ITJVFsK0mYVqmR
+  Q8Tno9S3e4XGGP1ZWfLrTWEJbavFfhGHut2iMRwfC7s/YILAHNATopaJdH9DNpd1
+  U81zGHMUBOvz/VGT6wJwYJ3emS2nfA2NOHFfgA==
   -----END CERTIFICATE-----
-
-date: 2011-08-26 00:00:00 Z
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-02-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: minitest
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 1
-        segments: 
-        - 2
-        - 3
-        - 1
-        version: 2.3.1
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.3'
   type: :development
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: minitest
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 2
-        version: "2"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.3'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.10'
   type: :development
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: isolate
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 3
-        version: "3"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.10'
+- !ruby/object:Gem::Dependency
+  name: isolate
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :development
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: ZenTest
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 4
-        version: "4"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: ZenTest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4'
   type: :development
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: hoe
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 27
-        segments: 
-        - 2
-        - 12
-        version: "2.12"
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4'
+- !ruby/object:Gem::Dependency
+  name: hoe
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
   type: :development
-  version_requirements: *id005
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.3'
 description: |-
   RDoc produces HTML and command-line documentation for Ruby projects.  RDoc
   includes the +rdoc+ and +ri+ tools for generating and displaying online
   documentation.
-  
+
   See RDoc for a description of RDoc's markup and basic use.
-email: 
+email:
 - drbrain@segment7.net
-- ""
+- ''
 - technomancy@gmail.com
 - tony.strauss@designingpatterns.com
-executables: 
+executables:
 - rdoc
 - ri
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
+- CVE-2013-0256.rdoc
 - History.txt
 - LICENSE.txt
 - Manifest.txt
 - README.txt
 - RI.txt
+- bin/rdoc
 - Rakefile
-files: 
-- .autotest
-- .document
+files:
+- ".autotest"
+- ".document"
+- CVE-2013-0256.rdoc
 - History.txt
 - LICENSE.txt
 - Manifest.txt
@@ -310,52 +303,39 @@ files:
 - test/test_rdoc_top_level.rb
 - test/xref_data.rb
 - test/xref_test_case.rb
-- .gemtest
+- ".gemtest"
 homepage: http://docs.seattlerb.org/rdoc
 licenses: []
-
+metadata: {}
 post_install_message: |
   Depending on your version of ruby, you may need to install ruby rdoc/ri data:
-  
+
   <= 1.8.6 : unsupported
    = 1.8.7 : gem install rdoc-data; rdoc-data --install
    = 1.9.1 : gem install rdoc-data; rdoc-data --install
   >= 1.9.2 : nothing to do! Yay!
-
-rdoc_options: 
-- --main
+rdoc_options:
+- "--main"
 - README.txt
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 57
-      segments: 
-      - 1
-      - 8
-      - 7
+    - !ruby/object:Gem::Version
       version: 1.8.7
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  none: false
-  requirements: 
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
   - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 9
-      segments: 
-      - 1
-      - 3
-      version: "1.3"
+    - !ruby/object:Gem::Version
+      version: '1.3'
 requirements: []
-
 rubyforge_project: rdoc
-rubygems_version: 1.8.9
+rubygems_version: 2.0.0.rc.2
 signing_key: 
-specification_version: 3
+specification_version: 4
 summary: RDoc produces HTML and command-line documentation for Ruby projects
-test_files: 
+test_files:
 - test/test_attribute_manager.rb
 - test/test_rdoc_alias.rb
 - test/test_rdoc_any_method.rb