[DRE-maint] Bug#1037233: .../odbc/statement.rb:89: warning: rb_tainted_str_new_cstr is deprecated

Martin Dorey martindorey at gmail.com
Thu Jun 8 20:12:00 BST 2023


Package: ruby-odbc
Version: 0.99998-2
Severity: normal
Tags: patch

Dear Maintainer,

As I mentioned at the end of:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941707

Using ruby-odbc under Bullseye's Ruby generates warnings of the deprecation of
tainting, as can be demonstrated by running the simplest of SQL queries:

$ ruby -e 'require "makeTdConnection"; db = makeTdConnection(); db.execute("select 0").finish();'
$ 

If warnings are enabled, the same becomes:

$ ruby -we 'require "makeTdConnection"; db = makeTdConnection(); db.execute("select 0").finish();'
/usr/lib/ruby/vendor_ruby/dbd/odbc/statement.rb:89: warning: rb_tainted_str_new_cstr is deprecated and will be removed in Ruby 3.2.
/usr/lib/ruby/vendor_ruby/dbd/odbc/statement.rb:89: warning: rb_tainted_str_new_cstr is deprecated and will be removed in Ruby 3.2.
/usr/lib/ruby/vendor_ruby/dbd/odbc/statement.rb:89: warning: rb_tainted_str_new_cstr is deprecated and will be removed in Ruby 3.2.
/usr/lib/ruby/vendor_ruby/dbd/odbc/statement.rb:89: warning: rb_tainted_str_new_cstr is deprecated and will be removed in Ruby 3.2.
$ 

I attach a rather simple-minded, understanding-free patch that we've been using without incident since 2023-04-16.


-- System Information:
Debian Release: 11.7
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-22-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages ruby-odbc depends on:
ii  libc6             2.31-13+deb11u6
ii  libodbc1          2.3.6-0.1+b1
ii  libruby2.7        2.7.4-1+deb11u1
ii  odbcinst1debian2  2.3.6-0.1+b1
ii  ruby              1:2.7+2
ii  ruby1.8 [ruby]    1.8.7.358-7.1+deb7u6
ii  unixodbc          2.3.6-0.1+b1

ruby-odbc recommends no packages.

ruby-odbc suggests no packages.

-- no debconf information
-------------- next part --------------
--- ext/odbc.c.orig	2023-04-16 13:02:20.028926480 -0700
+++ ext/odbc.c	2023-04-16 12:59:56.947862615 -0700
@@ -69,6 +69,16 @@
 #include "ruby/thread.h"
 #endif
 
+#if 0
+#define MAYBE_OBJ_TAINT(obj) rb_obj_taint(obj)
+#define MAYBE_TAINTED_STR_NEW(ptr, len) rb_tainted_str_new(ptr, len)
+#define MAYBE_TAINTED_STR_NEW2(ptr) rb_tainted_str_new2(ptr)
+#else
+#define MAYBE_OBJ_TAINT(obj) obj
+#define MAYBE_TAINTED_STR_NEW(ptr, len) rb_str_new(ptr, len)
+#define MAYBE_TAINTED_STR_NEW2(ptr) rb_str_new_cstr(ptr)
+#endif
+
 /*
  * Conditionally undefine aliases of ODBC installer UNICODE functions.
  */
@@ -1371,7 +1381,7 @@
     if ((cp != NULL) && (str != NULL)) {
 	ulen = mkutf(cp, str, len);
     }
-    v = rb_tainted_str_new((cp != NULL) ? cp : "", ulen);
+    v = MAYBE_TAINTED_STR_NEW((cp != NULL) ? cp : "", ulen);
 #ifdef USE_RB_ENC
     rb_enc_associate(v, rb_enc);
 #endif
@@ -1861,7 +1871,7 @@
     rb_enc_associate(v, rb_enc);
 #endif
     a = rb_ary_new2(1);
-    rb_ary_push(a, rb_obj_taint(v));
+    rb_ary_push(a, MAYBE_OBJ_TAINT(v));
     CVAR_SET(Cobj, warn ? IDatatinfo : IDataterror, a);
     return STR2CSTR(v);
 }
@@ -1939,7 +1949,7 @@
 		v0 = v;
 		a = rb_ary_new();
 	    }
-	    rb_ary_push(a, rb_obj_taint(v));
+	    rb_ary_push(a, MAYBE_OBJ_TAINT(v));
 	    tracemsg(1, fprintf(stderr, "  | %s\n", STR2CSTR(v)););
 	}
     }
@@ -2035,7 +2045,7 @@
 		v0 = v;
 		a = rb_ary_new();
 	    }
-	    rb_ary_push(a, rb_obj_taint(v));
+	    rb_ary_push(a, MAYBE_OBJ_TAINT(v));
 	    tracemsg(1, fprintf(stderr, "  | %s\n", STR2CSTR(v)););
 	}
     }
@@ -2289,7 +2299,7 @@
     buf[SQL_MAX_MESSAGE_LENGTH] = '\0';
     v = rb_str_new2(buf);
     a = rb_ary_new2(1);
-    rb_ary_push(a, rb_obj_taint(v));
+    rb_ary_push(a, MAYBE_OBJ_TAINT(v));
     CVAR_SET(Cobj, IDataterror, a);
     rb_raise(Cerror, "%s", buf);
     return Qnil;
@@ -2379,8 +2389,8 @@
 #else
 	dsnLen = (dsnLen == 0) ? (SQLSMALLINT) strlen(dsn) : dsnLen;
 	descrLen = (descrLen == 0) ? (SQLSMALLINT) strlen(descr) : descrLen;
-	rb_iv_set(odsn, "@name", rb_tainted_str_new(dsn, dsnLen));
-	rb_iv_set(odsn, "@descr", rb_tainted_str_new(descr, descrLen));
+	rb_iv_set(odsn, "@name", MAYBE_TAINTED_STR_NEW(dsn, dsnLen));
+	rb_iv_set(odsn, "@descr", MAYBE_TAINTED_STR_NEW(descr, descrLen));
 #endif
 	rb_ary_push(aret, odsn);
 	first = dsnLen = descrLen = 0;
@@ -2444,13 +2454,13 @@
 	}
 #else
 	driverLen = (driverLen == 0) ? (SQLSMALLINT) strlen(driver) : driverLen;
-	rb_iv_set(odrv, "@name", rb_tainted_str_new(driver, driverLen));
+	rb_iv_set(odrv, "@name", MAYBE_TAINTED_STR_NEW(driver, driverLen));
 	for (attr = attrs; *attr; attr += strlen(attr) + 1) {
 	    char *p = strchr(attr, '=');
 
 	    if ((p != NULL) && (p != attr)) {
-		rb_hash_aset(h, rb_tainted_str_new(attr, p - attr),
-			     rb_tainted_str_new2(p + 1));
+		rb_hash_aset(h, MAYBE_TAINTED_STR_NEW(attr, p - attr),
+			     MAYBE_TAINTED_STR_NEW2(p + 1));
 		count++;
 	    }
 	}
@@ -2759,7 +2769,7 @@
 	if (SQLReadFileDSN((LPCSTR) sfname, (LPCSTR) saname,
 			   (LPCSTR) skname, (LPSTR) valbuf,
 			   sizeof (valbuf), NULL)) {
-	    return rb_tainted_str_new2((char *) valbuf);
+	    return MAYBE_TAINTED_STR_NEW2((char *) valbuf);
 	}
     }
 #else
@@ -2769,7 +2779,7 @@
     valbuf[0] = '\0';
     if (SQLReadFileDSN(sfname, saname, skname, valbuf,
 		       sizeof (valbuf), NULL)) {
-	return rb_tainted_str_new2(valbuf);
+	return MAYBE_TAINTED_STR_NEW2(valbuf);
     }
 #endif
 #if defined(HAVE_SQLINSTALLERERROR) || (defined(UNICODE) && defined(HAVE_SQLINSTALLERERRORW))
@@ -4548,7 +4558,7 @@
 	    len = 0;
 	}
 	mkutf(tmp, name, len);
-	v = rb_tainted_str_new2(upcase_if(tmp, 1));
+	v = MAYBE_TAINTED_STR_NEW2(upcase_if(tmp, 1));
 #ifdef USE_RB_ENC
 	rb_enc_associate(v, rb_enc);
 #endif
@@ -4560,7 +4570,7 @@
 	rb_iv_set(obj, "@name", uc_tainted_str_new2(name));
     }
 #else
-    rb_iv_set(obj, "@name", rb_tainted_str_new2(upcase_if(name, upc)));
+    rb_iv_set(obj, "@name", MAYBE_TAINTED_STR_NEW2(upcase_if(name, upc)));
 #endif
     v = Qnil;
     name[0] = 0;
@@ -4578,7 +4588,7 @@
 #ifdef UNICODE
 	v = uc_tainted_str_new2(name);
 #else
-	v = rb_tainted_str_new2(name);
+	v = MAYBE_TAINTED_STR_NEW2(name);
 #endif
     }
     rb_iv_set(obj, "@table", v);
@@ -6670,7 +6680,7 @@
 	break;
 #endif
     case SQL_C_CHAR:
-	v = rb_tainted_str_new(q->paraminfo[vnum].outbuf,
+	v = MAYBE_TAINTED_STR_NEW(q->paraminfo[vnum].outbuf,
 			       q->paraminfo[vnum].rlen);
 	break;
     }
@@ -6746,7 +6756,7 @@
 	return uc_tainted_str_new(cname, cnLen);
 #else
 	cnLen = (cnLen == 0) ? (SQLSMALLINT) strlen((char *) cname) : cnLen;
-	return rb_tainted_str_new((char *) cname, cnLen);
+	return MAYBE_TAINTED_STR_NEW((char *) cname, cnLen);
 #endif
     }
     if (TYPE(cn) != T_STRING) {
@@ -6832,7 +6842,7 @@
 
 		sprintf(buf, "#%d", i);
 		name = rb_str_dup(name);
-		name = rb_obj_taint(rb_str_cat2(name, buf));
+		name = MAYBE_OBJ_TAINT(rb_str_cat2(name, buf));
 	    }
 	    rb_hash_aset(res, name, obj);
 	}
@@ -7081,7 +7091,7 @@
 		    }
 		    for (i = 0; i < 4 * q->ncols; i++) {
 			res = colbuf[i / q->ncols];
-			cname = rb_tainted_str_new2(q->colnames[i]);
+			cname = MAYBE_TAINTED_STR_NEW2(q->colnames[i]);
 #ifdef USE_RB_ENC
 			rb_enc_associate(cname, rb_enc);
 #endif
@@ -7089,7 +7099,7 @@
 			if (rb_funcall(res, IDkeyp, 1, cname) == Qtrue) {
 			    char *p;
 
-			    cname = rb_tainted_str_new2(q->colnames[i]);
+			    cname = MAYBE_TAINTED_STR_NEW2(q->colnames[i]);
 #ifdef USE_RB_ENC
 			    rb_enc_associate(cname, rb_enc);
 #endif
@@ -7330,7 +7340,7 @@
 		break;
 #endif
 	    default:
-		v = rb_tainted_str_new(valp, curlen);
+		v = MAYBE_TAINTED_STR_NEW(valp, curlen);
 		break;
 	    }
 	}
@@ -7343,14 +7353,14 @@
 	    valp = q->colnames[i + offc];
 	    name = (q->colvals == NULL) ? Qnil : q->colvals[i + offc];
 	    if (name == Qnil) {
-		name = rb_tainted_str_new2(valp);
+		name = MAYBE_TAINTED_STR_NEW2(valp);
 #ifdef USE_RB_ENC
 		rb_enc_associate(name, rb_enc);
 #endif
 		if (rb_funcall(res, IDkeyp, 1, name) == Qtrue) {
 		    char *p;
 
-		    name = rb_tainted_str_new2(valp);
+		    name = MAYBE_TAINTED_STR_NEW2(valp);
 #ifdef USE_RB_ENC
 		    rb_enc_associate(name, rb_enc);
 #endif


More information about the Pkg-ruby-extras-maintainers mailing list