[rubygem-rdoc/f18] XSS flaw fix (CVE-2013-0256)
Josef Stribny
jstribny at fedoraproject.org
Thu Feb 7 13:16:21 UTC 2013
commit 456dad54b28996247b07d122a4e82b32af9696de
Author: Josef Stribny <jstribny at redhat.com>
Date: Thu Feb 7 10:33:05 2013 +0100
XSS flaw fix (CVE-2013-0256)
CVE-2013-0256.patch | 118 +++++++++++++++++++++++++++++++++++++++++++++++++++
rubygem-rdoc.spec | 8 +++-
2 files changed, 125 insertions(+), 1 deletions(-)
---
diff --git a/CVE-2013-0256.patch b/CVE-2013-0256.patch
new file mode 100644
index 0000000..d214126
--- /dev/null
+++ b/CVE-2013-0256.patch
@@ -0,0 +1,118 @@
+From ffa87887ee0517793df7541629a470e331f9fe60 Mon Sep 17 00:00:00 2001
+From: Eric Hodel <drbrain at segment7.net>
+Date: Tue, 5 Feb 2013 19:57:58 -0800
+Subject: [PATCH] Fix CVE-2013-0256, an XSS exploit in RDoc
+
+diff --git a/CVE-2013-0256.rdoc b/CVE-2013-0256.rdoc
+new file mode 100644
+index 0000000..b285b6a
+--- /dev/null
++++ b/CVE-2013-0256.rdoc
+@@ -0,0 +1,49 @@
++= RDoc 2.3.0 through 3.12 XSS Exploit
++
++RDoc documentation generated by rdoc 2.3.0 through rdoc 3.12 and prereleases up
++to rdoc 4.0.0.preview2.1 are vulnerable to an XSS exploit. This exploit may
++lead to cookie disclosure to third parties.
++
++The exploit exists in darkfish.js which is copied from the RDoc install
++location to the generated documentation.
++
++RDoc is a static documentation generation tool. Patching the library itself
++is insufficient to correct this exploit. Those hosting rdoc documentation will
++need to apply the following patch. If applied while ignoring whitespace, this
++patch will correct all affected versions:
++
++ diff --git darkfish.js darkfish.js
++ index 4be722f..f26fd45 100644
++ --- darkfish.js
++ +++ darkfish.js
++ @@ -109,13 +109,15 @@ function hookSearch() {
++ function highlightTarget( anchor ) {
++ console.debug( "Highlighting target '%s'.", anchor );
++
++ - $("a[name=" + anchor + "]").each( function() {
++ - if ( !$(this).parent().parent().hasClass('target-section') ) {
++ - console.debug( "Wrapping the target-section" );
++ - $('div.method-detail').unwrap( 'div.target-section' );
++ - $(this).parent().wrap( '<div class="target-section"></div>' );
++ - } else {
++ - console.debug( "Already wrapped." );
++ + $("a[name]").each( function() {
++ + if ( $(this).attr("name") == anchor ) {
++ + if ( !$(this).parent().parent().hasClass('target-section') ) {
++ + console.debug( "Wrapping the target-section" );
++ + $('div.method-detail').unwrap( 'div.target-section' );
++ + $(this).parent().wrap( '<div class="target-section"></div>' );
++ + } else {
++ + console.debug( "Already wrapped." );
++ + }
++ }
++ });
++ };
++
++RDoc 3.9.5, 3.12.1 and RDoc 4.0.0.rc.2 and newer are not vulnerable to this
++exploit.
++
++This exploit was discovered by Evgeny Ermakov <corwmh at gmail.com>.
++
++This vulnerability has been assigned the CVE identifier CVE-2013-0256.
++
+diff --git a/History.rdoc b/History.rdoc
+index 21497df..f4ebf1f 100644
+--- a/History.rdoc
++++ b/History.rdoc
+@@ -11,0 +11,3 @@
++ * Fixed an XSS exploit in darkfish.js. This could lead to cookie disclosure
++ to third parties. See CVE-2012-0256.rdoc for full details including a
++ patch you can apply to generated RDoc documentation.
+diff --git a/Manifest.txt b/Manifest.txt
+index 918447a..b26bfef 100644
+--- a/Manifest.txt
++++ b/Manifest.txt
+@@ -1,5 +1,6 @@
+ .autotest
+ .document
++CVE-2013-0256.rdoc
+ DEVELOPERS.rdoc
+ History.rdoc
+ LEGAL.rdoc
+diff --git a/Rakefile b/Rakefile
+index 3985102..962c473 100644
+--- a/Rakefile
++++ b/Rakefile
+@@ -42,6 +42,7 @@
+ self.testlib = :minitest
+ self.extra_rdoc_files += %w[
+ DEVELOPERS.rdoc
++ CVE-2013-0256.rdoc
+ History.rdoc
+ LICENSE.rdoc
+ LEGAL.rdoc
+diff --git a/lib/rdoc/generator/template/darkfish/js/darkfish.js b/lib/rdoc/generator/template/darkfish/js/darkfish.js
+index 4be722f..f26fd45 100644
+--- a/lib/rdoc/generator/template/darkfish/js/darkfish.js
++++ b/lib/rdoc/generator/template/darkfish/js/darkfish.js
+@@ -109,13 +109,15 @@ function hookSearch() {
+ function highlightTarget( anchor ) {
+ console.debug( "Highlighting target '%s'.", anchor );
+
+- $("a[name=" + anchor + "]").each( function() {
+- if ( !$(this).parent().parent().hasClass('target-section') ) {
+- console.debug( "Wrapping the target-section" );
+- $('div.method-detail').unwrap( 'div.target-section' );
+- $(this).parent().wrap( '<div class="target-section"></div>' );
+- } else {
+- console.debug( "Already wrapped." );
++ $("a[name]").each( function() {
++ if ( $(this).attr("name") == anchor ) {
++ if ( !$(this).parent().parent().hasClass('target-section') ) {
++ console.debug( "Wrapping the target-section" );
++ $('div.method-detail').unwrap( 'div.target-section' );
++ $(this).parent().wrap( '<div class="target-section"></div>' );
++ } else {
++ console.debug( "Already wrapped." );
++ }
+ }
+ });
+ };
diff --git a/rubygem-rdoc.spec b/rubygem-rdoc.spec
index 019f4f3..64e32d8 100644
--- a/rubygem-rdoc.spec
+++ b/rubygem-rdoc.spec
@@ -6,12 +6,13 @@
Summary: RDoc produces HTML and command-line documentation for Ruby projects
Name: rubygem-%{gem_name}
Version: 3.12
-Release: 5%{?dist}
+Release: 6%{?dist}
Group: Development/Languages
License: GPLv2 and Ruby and MIT
URL: http://docs.seattlerb.org/rdoc/
Source0: http://rubygems.org/gems/%{gem_name}-%{version}.gem
Patch0: ruby-1.9.3-disable-versioned-paths.patch
+Patch1: CVE-2013-0256.patch
Requires: ruby(rubygems)
Requires: ruby(abi) = %{rubyabi}
Requires: rubygem(json) => 1.4
@@ -51,6 +52,7 @@ gem install --local --install-dir .%{gem_dir} \
pushd .%{gem_instdir}
%patch0 -p1
+%patch1 -p1
popd
%build
@@ -95,6 +97,7 @@ popd
%doc %{gem_instdir}/History.rdoc
%doc %{gem_instdir}/Manifest.txt
%doc %{gem_instdir}/README.rdoc
+%doc %{gem_instdir}/CVE-2013-0256.rdoc
%doc %{gem_instdir}/RI.rdoc
%doc %{gem_instdir}/Rakefile
%doc %{gem_instdir}/TODO.rdoc
@@ -102,6 +105,9 @@ popd
%changelog
+* Wed Feb 06 2013 Josef Stribny <jstribny at redhat.com> - 3.12-6
+- Patch cross site scripting vulnerability CVE-2013-0256 (rhbz#908358).
+
* Thu Sep 06 2012 Vít Ondruch <vondruch at redhat.com> - 3.12-5
- Fix the location of Ruby documentation (rhbz#854418).
More information about the scm-commits
mailing list