[DRE-commits] [SCM] ruby-fast-gettext.git branch, master, updated. upstream/0.5.13-4-g822358e

[Dmitry Borodaenko]

The following commit has been merged in the master branch:
commit 822358e180a59011f728532625b53fe68d563fd0
Author: Dmitry Borodaenko <angdraug at debian.org>
Date:   Sun Sep 25 19:25:05 2011 +0300

    patch: untaint relative file path

diff --git a/debian/patches/0002-untaint-relative-file-path.patch b/debian/patches/0002-untaint-relative-file-path.patch
new file mode 100644
index 0000000..a7271e2
--- /dev/null
+++ b/debian/patches/0002-untaint-relative-file-path.patch
@@ -0,0 +1,24 @@
+From: Dmitry Borodaenko <angdraug at debian.org>
+Date: Sun, 25 Sep 2011 19:09:24 +0300
+Subject: untaint relative file path
+
+path itself is not tainted or the preceding exists? would have raised
+SecurityError, so a file beneath it can be trusted, too
+---
+ lib/fast_gettext/translation_repository/base.rb |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/lib/fast_gettext/translation_repository/base.rb b/lib/fast_gettext/translation_repository/base.rb
+index b61b6df..3c80cc4 100644
+--- a/lib/fast_gettext/translation_repository/base.rb
++++ b/lib/fast_gettext/translation_repository/base.rb
+@@ -38,7 +38,7 @@ module FastGettext
+         @files = {}
+         Dir[File.join(path,'*')].each do |locale_folder|
+           next unless File.basename(locale_folder) =~ LOCALE_REX
+-          file = File.join(locale_folder,relative_file_path)
++          file = File.join(locale_folder,relative_file_path).untaint
+           next unless File.exist? file
+           locale = File.basename(locale_folder)
+           @files[locale] = yield(locale,file)
+-- 
diff --git a/debian/patches/series b/debian/patches/series
index 963f859..964e3a5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 0001-fix-rspec-requires.patch
+0002-untaint-relative-file-path.patch

-- 
ruby-fast-gettext.git