Backport 3c06609 to 3.7-stable

Install platform-specific gems as required
Backport c2dff2c to 3.7-stable
2026-04-28 03:01:03 -04:00 · 2019-03-18 11:31:15 +05:30 · 2019-03-13 23:10:54 +05:30 · 2019-03-13 10:18:43 -04:00 · 2018-12-18 22:52:34 +05:30 · 2018-12-18 22:46:02 +05:30
18 changed files with 149 additions and 23 deletions
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,7 +2,6 @@ bundler_args: --without benchmark:site:development
 script: script/cibuild
 cache: bundler
 language: ruby
-sudo: false

 rvm:
  - &ruby1 2.5.0
@@ -31,7 +30,7 @@ branches:
  only:
    - master
    - themes
-    - /*-stable/
+    - /.*-stable/

 notifications:
  slack:
@@ -54,4 +53,4 @@ after_success:
  - bundle exec codeclimate-test-reporter

 before_install:
-  - gem update --system
+  - gem update --system || true
--- a/7
+++ b/7
@@ -27,15 +27,16 @@ group :test do
  gem "httpclient"
  gem "jekyll_test_plugin"
  gem "jekyll_test_plugin_malicious"
-  # nokogiri v1.8 does not work with ruby 2.1 and below
-  gem "nokogiri", RUBY_VERSION >= "2.2" ? "~> 1.7" : "~> 1.7.0"
+  # nokogiri v1.10 does not work with ruby 2.2 and below
+  gem "nokogiri", RUBY_VERSION >= "2.3" ? "~> 1.9" : "~> 1.9.0"
  gem "rspec"
  gem "rspec-mocks"
  gem "rubocop", "~> 0.51.0"
  gem "test-dependency-theme", :path => File.expand_path("test/fixtures/test-dependency-theme", __dir__)
  gem "test-theme", :path => File.expand_path("test/fixtures/test-theme", __dir__)
+  gem "test-theme-symlink", :path => File.expand_path("test/fixtures/test-theme-symlink", __dir__)

-  gem "jruby-openssl" if RUBY_ENGINE == "jruby"
+  gem "jruby-openssl", "0.10.1" if RUBY_ENGINE == "jruby"
 end

 #
--- a/History.markdown
+++ b/History.markdown
@@ -1,3 +1,14 @@
+## 3.7.4 / 2018-09-07
+
+### Bug Fixes
+
+  * Security: fix `include` bypass of EntryFilter#filter symlink check
+
+## 3.7.3 / 2018-02-25
+
+### Bug Fixes
+  * Do not hardcode locale unless certainly necessary (#6791)
+
 ## 3.7.2 / 2018-01-25

 ### Development Fixes
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -6,6 +6,7 @@ branches:
  only:
    - master
    - themes
+    - /.*-stable/

 build: off

--- a/features/step_definitions.rb
+++ b/features/step_definitions.rb
@@ -216,8 +216,6 @@ end

 When(%r!^I decide to build the theme gem$!) do
  Dir.chdir(Paths.theme_gem_dir)
-  gemspec = "my-cool-theme.gemspec"
-  File.write(gemspec, File.read(gemspec).sub("TODO: ", ""))
  File.new("_includes/blank.html", "w")
  File.new("_sass/blank.scss", "w")
  File.new("assets/blank.scss", "w")
--- a/features/theme_gem.feature
+++ b/features/theme_gem.feature
@@ -17,7 +17,7 @@ Feature: Building Theme Gems
    Then the "assets/blank.scss" file should exist
    When I run git add .
    Then I should get an updated git index
-    When I run gem build my-cool-theme.gemspec
+    When I run gem build --force my-cool-theme.gemspec
    Then the "./my-cool-theme-0.1.0.gem" file should exist
    When I run gem unpack my-cool-theme-0.1.0.gem
    Then the my-cool-theme-0.1.0 directory should exist
--- a/lib/jekyll.rb
+++ b/lib/jekyll.rb
@@ -35,7 +35,6 @@ require "colorator"
 require "i18n"

 SafeYAML::OPTIONS[:suppress_warnings] = true
-I18n.config.available_locales = :en

 module Jekyll
  # internal requires
--- a/lib/jekyll/commands/new.rb
+++ b/lib/jekyll/commands/new.rb
@@ -87,10 +87,14 @@ group :jekyll_plugins do
 end

 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
-gem "tzinfo-data", platforms: [:mingw, :mswin, :x64_mingw, :jruby]
+# and associated library.
+install_if -> { RUBY_PLATFORM =~ %r!mingw|mswin|java! } do
+  gem "tzinfo", "~> 1.2"
+  gem "tzinfo-data"
+end

 # Performance-booster for watching directories on Windows
-gem "wdm", "~> 0.1.0" if Gem.win_platform?
+gem "wdm", "~> 0.1.0", :install_if => Gem.win_platform?

 RUBY
        end
--- a/lib/jekyll/entry_filter.rb
+++ b/lib/jekyll/entry_filter.rb
@@ -31,9 +31,12 @@ module Jekyll

    def filter(entries)
      entries.reject do |e|
-        unless included?(e)
-          special?(e) || backup?(e) || excluded?(e) || symlink?(e)
-        end
+        # Reject this entry if it is a symlink.
+        next true if symlink?(e)
+        # Do not reject this entry if it is included.
+        next false if included?(e)
+        # Reject this entry if it is special, a backup file, or excluded.
+        special?(e) || backup?(e) || excluded?(e)
      end
    end

--- a/lib/jekyll/theme.rb
+++ b/lib/jekyll/theme.rb
@@ -54,7 +54,11 @@ module Jekyll
    end

    def realpath_for(folder)
-      File.realpath(Jekyll.sanitized_path(root, folder.to_s))
+      # This resolves all symlinks for the theme subfolder and then ensures
+      # that the directory remains inside the theme root. This prevents the
+      # use of symlinks for theme subfolders to escape the theme root.
+      # However, symlinks are allowed to point to other directories within the theme.
+      Jekyll.sanitized_path(root, File.realpath(Jekyll.sanitized_path(root, folder.to_s)))
    rescue Errno::ENOENT, Errno::EACCES, Errno::ELOOP
      nil
    end
--- a/lib/jekyll/utils.rb
+++ b/lib/jekyll/utils.rb
@@ -203,7 +203,10 @@ module Jekyll
      end

      # Drop accent marks from latin characters. Everything else turns to ?
-      string = ::I18n.transliterate(string) if mode == "latin"
+      if mode == "latin"
+        I18n.config.available_locales = :en if I18n.config.available_locales.empty?
+        string = I18n.transliterate(string)
+      end

      slug = replace_character_sequence_with_hyphen(string, :mode => mode)

--- a/lib/jekyll/version.rb
+++ b/lib/jekyll/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true

 module Jekyll
-  VERSION = "3.7.2".freeze
+  VERSION = "3.7.4".freeze
 end
--- a/test/fixtures/test-theme-symlink/test-theme-symlink.gemspec
+++ b/test/fixtures/test-theme-symlink/test-theme-symlink.gemspec
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+Gem::Specification.new do |s|
+  s.name        = "test-theme-symlink"
+  s.version     = "0.1.0"
+  s.licenses    = ["MIT"]
+  s.summary     = "This is a theme with a symlink used to test Jekyll"
+  s.authors     = ["Jekyll"]
+  s.files       = ["lib/example.rb"]
+  s.homepage    = "https://github.com/jekyll/jekyll"
+end
--- a/test/helper.rb
+++ b/test/helper.rb
@@ -195,6 +195,15 @@ class JekyllUnitTest < Minitest::Test
      skip msg.to_s.magenta
    end
  end
+
+  def symlink_if_allowed(target, sym_file)
+    FileUtils.ln_sf(target, sym_file)
+  rescue Errno::EACCES
+    skip "Permission denied for creating a symlink to #{target.inspect} " \
+         "on this machine".magenta
+  rescue NotImplementedError => error
+    skip error.to_s.magenta
+  end
 end

 class FakeLogger
--- a/test/source/symlink-test/symlinked-file-outside-source
+++ b/test/source/symlink-test/symlinked-file-outside-source
@@ -0,0 +1 @@
+/etc/passwd
--- a/test/test_entry_filter.rb
+++ b/test/test_entry_filter.rb
@@ -5,7 +5,7 @@ require "helper"
 class TestEntryFilter < JekyllUnitTest
  context "Filtering entries" do
    setup do
-      @site = Site.new(site_configuration)
+      @site = fixture_site
    end

    should "filter entries" do
@@ -87,7 +87,7 @@ class TestEntryFilter < JekyllUnitTest
      # no support for symlinks on Windows
      skip_if_windows "Jekyll does not currently support symlinks on Windows."

-      site = Site.new(site_configuration("safe" => true))
+      site = fixture_site("safe" => true)
      site.reader.read_directories("symlink-test")

      assert_equal %w(main.scss symlinked-file).length, site.pages.length
@@ -99,11 +99,21 @@ class TestEntryFilter < JekyllUnitTest
      # no support for symlinks on Windows
      skip_if_windows "Jekyll does not currently support symlinks on Windows."

-      site = Site.new(site_configuration)
+      @site.reader.read_directories("symlink-test")
+      refute_equal [], @site.pages
+      refute_equal [], @site.static_files
+    end

+    should "include only safe symlinks in safe mode even when included" do
+      # no support for symlinks on Windows
+      skip_if_windows "Jekyll does not currently support symlinks on Windows."
+
+      site = fixture_site("safe" => true, "include" => ["symlinked-file-outside-source"])
      site.reader.read_directories("symlink-test")
-      refute_equal [], site.pages
-      refute_equal [], site.static_files
+
+      # rubocop:disable Performance/FixedSize
+      assert_equal %w(main.scss symlinked-file).length, site.pages.length
+      refute_includes site.static_files.map(&:name), "symlinked-file-outside-source"
    end
  end

--- a/test/test_layout_reader.rb
+++ b/test/test_layout_reader.rb
@@ -31,5 +31,52 @@ class TestLayoutReader < JekyllUnitTest
        assert_equal LayoutReader.new(@site).layout_directory, source_dir("blah/_layouts")
      end
    end
+
+    context "when a layout is a symlink" do
+      setup do
+        symlink_if_allowed("/etc/passwd", source_dir("_layouts", "symlink.html"))
+
+        @site = fixture_site({
+          "safe"    => true,
+          "include" => ["symlink.html"],
+        })
+      end
+
+      teardown do
+        FileUtils.rm_f(source_dir("_layouts", "symlink.html"))
+      end
+
+      should "only read the layouts which are in the site" do
+        skip_if_windows "Jekyll does not currently support symlinks on Windows."
+
+        layouts = LayoutReader.new(@site).read
+
+        refute layouts.key?("symlink"), "Should not read the symlinked layout"
+      end
+    end
+
+    context "with a theme" do
+      setup do
+        symlink_if_allowed("/etc/passwd", theme_dir("_layouts", "theme-symlink.html"))
+        @site = fixture_site({
+          "include" => ["theme-symlink.html"],
+          "theme"   => "test-theme",
+          "safe"    => true,
+        })
+      end
+
+      teardown do
+        FileUtils.rm_f(theme_dir("_layouts", "theme-symlink.html"))
+      end
+
+      should "not read a symlink'd theme" do
+        skip_if_windows "Jekyll does not currently support symlinks on Windows."
+
+        layouts = LayoutReader.new(@site).read
+
+        refute layouts.key?("theme-symlink"), \
+          "Should not read symlinked layout from theme"
+      end
+    end
  end
 end
--- a/test/test_theme_assets_reader.rb
+++ b/test/test_theme_assets_reader.rb
@@ -75,4 +75,29 @@ class TestThemeAssetsReader < JekyllUnitTest
      refute_file_with_relative_path site.pages, "assets/style.scss"
    end
  end
+
+  context "symlinked theme" do
+    should "not read assets from symlinked theme" do
+      skip_if_windows "Jekyll does not currently support symlinks on Windows."
+
+      begin
+        tmp_dir = Dir.mktmpdir("jekyll-theme-test")
+        File.open(File.join(tmp_dir, "test.txt"), "wb") { |f| f.write "content" }
+
+        theme_dir = File.join(__dir__, "fixtures", "test-theme-symlink")
+        File.symlink(tmp_dir, File.join(theme_dir, "assets"))
+
+        site = fixture_site(
+          "theme"       => "test-theme-symlink",
+          "theme-color" => "black"
+        )
+        ThemeAssetsReader.new(site).read
+
+        assert_empty site.static_files, "static file should not have been picked up"
+      ensure
+        FileUtils.rm_rf(tmp_dir)
+        FileUtils.rm_rf(File.join(theme_dir, "assets"))
+      end
+    end
+  end
 end
Author	SHA1	Message	Date
Ashwin Maroli	647c5931bc	Backport `3c06609` to 3.7-stable Install platform-specific gems as required	2019-03-18 11:31:15 +05:30
Ashwin Maroli	e3144fd7d2	Backport `c2dff2c` to 3.7-stable * Fix CI builds on older Ruby versions * Remove deprecated Travis configuration	2019-03-13 23:10:54 +05:30
Parker Moore	c813cfbc0c	Merge pull request #7423 from jekyll/3.7-stable-backport-7419 Backport #7419 for v3.7.x: Theme gems: ensure directories aren't symlinks	2019-03-13 10:18:43 -04:00
Ashwin Maroli	e478a331ba	Merge branch '3.7-stable' into 3.7-stable-backport-7419	2018-12-18 22:52:34 +05:30
Ashwin Maroli	68945e96db	Backport `c368fec` to 3.7-stable Create symlink only if target is accessible (#7429)	2018-12-18 22:46:02 +05:30
Parker Moore	22bbe6dd2d	Skip theme dir symlink test if Windows.	2018-12-17 16:35:52 -05:00
Ashwin Maroli	f6c834f7f0	Merge branch '3.7-stable' into this branch	2018-12-15 00:13:56 +05:30
Ashwin Maroli	888fb4c8d2	Backport `e41c427` to 3.7-stable CI: Build stable branches during backport	2018-12-15 00:07:07 +05:30
olivia hugger	9c66c3cbcc	Backport `564f773` to 3.7-stable test for stable and backport branches on travis	2018-12-14 23:31:42 +05:30
Frank Taillandier	a054e4ae80	Backport #6784 to 3.7.x : Fix theme gem feature	2018-12-14 23:29:07 +05:30
Parker Moore	9db91abc9b	Fix linting issue with lines being too long.	2018-12-14 10:31:45 -05:00
Parker Moore	220f1bdc16	Backport ensure-realpath-for-theme-dirs-is-in-theme-dir from #7419 to 3.7-stable	2018-12-14 10:12:14 -05:00
Parker Moore	07561b301b	Release 💎 3.7.4	2018-09-07 13:36:55 -04:00
Parker Moore	bd70949ecf	Release 💎 v3.7.4	2018-09-07 13:36:34 -04:00
Parker Moore	4108ddb05c	Merge pull request #7224 from jekyll/3.7-entryfilter-symlink-fix 3.7.x: EntryFilter#filter symlink fix	2018-09-07 13:28:17 -04:00
Parker Moore	2025d12502	Revert "Run this branch." This reverts commit `f5cd15cfd4`.	2018-09-07 13:28:00 -04:00
Parker Moore	7f1faea47d	LayoutReader: skip tests if Windows	2018-09-07 13:23:22 -04:00
Parker Moore	f5cd15cfd4	Run this branch.	2018-09-07 12:36:22 -04:00
Parker Moore	35219a8c42	Fix fmt errors.	2018-09-07 12:35:30 -04:00
Parker Moore	2c088e2596	Update tests for EntryFilter#filter fix and add comments for it	2018-09-07 12:29:04 -04:00
Parker Moore	a8b91de97b	EntryFilter#filter: reject all symlinks, even if included Previously, you could include the name of a symlinked file and Jekyll would not filter it. This is considered a bypass of the symlink checking, and thus a security bug.	2018-09-06 13:11:41 -04:00
Parker Moore	2a679e797c	Add failing tests for symlink check.	2018-09-06 12:30:59 -04:00
olivia	6298d06f40	Release 💎 3.7.3	2018-02-25 17:41:51 +01:00
olivia	7b88125445	Prepare for 3.7.3 release	2018-02-25 17:41:23 +01:00
olivia	f9f6b2fcfa	Update history to reflect backport of #6791	2018-02-25 12:26:53 +01:00
olivia	31130f724d	Backport #6791 from master to 3.7-stable	2018-02-25 12:24:03 +01:00