merge revision(s) a15f7dd1fb: [Backport #15803]

Always mark the string returned by File.realpath as tainted

	This string can include elements that were not in either string
	passed to File.realpath, even if one of the strings is an
	absolute path, due to symlinks:

	```ruby
	Dir.mkdir('b') unless File.directory?('b')
	File.write('b/a', '') unless File.file?('b/a')
	File.symlink('b', 'c') unless File.symlink?('c')
	path = File.realpath('c/a'.untaint, Dir.pwd.untaint)
	path # "/home/testr/ruby/b/a"
	path.tainted? # should be true, as 'b' comes from file system
	```

	[Bug #15803]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67713 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

file.c

@@ -4152,7 +4152,7 @@ rb_check_realpath_internal(VALUE basedir, VALUE path, enum rb_realpath_mode mode
 	}
     }
 
-    OBJ_INFECT(resolved, unresolved_path);
+    rb_obj_taint(resolved);
     RB_GC_GUARD(unresolved_path);
     RB_GC_GUARD(curdir);
     return resolved;

test/ruby/test_file.rb

@@ -298,7 +298,7 @@ class TestFile < Test::Unit::TestCase
       assert_predicate(File.realpath(base, dir), :tainted?)
       base.untaint
       dir.untaint
-      assert_not_predicate(File.realpath(base, dir), :tainted?)
+      assert_predicate(File.realpath(base, dir), :tainted?)
       assert_predicate(Dir.chdir(dir) {File.realpath(base)}, :tainted?)
     }
   end

version.h

@@ -1,10 +1,10 @@
 #define RUBY_VERSION "2.6.3"
 #define RUBY_RELEASE_DATE RUBY_RELEASE_YEAR_STR"-"RUBY_RELEASE_MONTH_STR"-"RUBY_RELEASE_DAY_STR
-#define RUBY_PATCHLEVEL 65
+#define RUBY_PATCHLEVEL 66
 
 #define RUBY_RELEASE_YEAR 2019
-#define RUBY_RELEASE_MONTH 6
-#define RUBY_RELEASE_DAY 22
+#define RUBY_RELEASE_MONTH 7
+#define RUBY_RELEASE_DAY 26
 
 #include "ruby/version.h"