ruby.git, branch ruby_2_6 The Ruby Programming Language Fix dtoa buffer overrun 2022-04-12T11:49:45+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2022-04-12T11:49:45+00:00 69f9992ed41920389d4185141a14f02f89a4d306 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67957 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Backport date-2.0.3 for Reiwa Support [Backport #18514] 2022-04-12T11:03:11+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2022-04-12T11:03:11+00:00 fa7f75ddda0eb01bc78363ced78d270cb55931ba git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67956 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67956 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
fix for #16798 to Ruby 2.6 introduced C99 syntax [Backport #18387] 2022-04-12T10:52:41+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2022-04-12T10:52:41+00:00 560a4cdf0433a42b635384ba1e1324471f19b785 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67955 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
When parsing cookies, only decode the values 2021-11-24T11:41:55+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-11-24T11:41:55+00:00 02c341c9bc5879eae568ed2ba02cf227ed948199 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67953 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Merge date-2.0.2 2021-11-24T09:07:47+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-11-24T09:07:47+00:00 1fbf663b00bf1bdde4ebbbf0875dd7d37b0d90c6 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67952 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67952 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Fix StartTLS stripping vulnerability 2021-07-07T10:38:10+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-07-07T10:38:10+00:00 95ba9053e20ad8d113af37b3f1f4cbfff1f6a8f1 Reported by Alexandr Savca in https://hackerone.com/reports/1178562 Co-authored-by: Shugo Maeda <shugo@ruby-lang.org> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Reported by Alexandr Savca in https://hackerone.com/reports/1178562

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Ignore IP addresses in PASV responses by default, and add new option use_pasv_ip 2021-07-07T10:34:08+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-07-07T10:34:08+00:00 be5a83e84a34091f2a4e3c6dfb911b20e78e690c This fixes CVE-2021-31810. Reported by Alexandr Savca. Co-authored-by: Shugo Maeda <shugo@ruby-lang.org> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67949 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
This fixes CVE-2021-31810.
Reported by Alexandr Savca.

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67949 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
patchlevel for previous commit 2021-07-03T17:10:56+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-07-03T17:10:56+00:00 9fd60e03aac60cd45e53910ceb988e8d5c2b7474 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67948 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67948 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) b1c73f23,c9ab8fe2: [Backport #17877] 2021-07-03T17:10:28+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-07-03T17:10:28+00:00 fe3c49c9baeeab58304ede915b7edd18ecf360fc [ruby/rdoc] Use File.open to fix the OS Command Injection vulnerability in CVE-2021-31799 https://github.com/ruby/rdoc/commit/a7f5d6ab88 The test for command injection on Unix platforms should be omitted on Windows git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	[ruby/rdoc] Use File.open to fix the OS Command Injection vulnerability in CVE-2021-31799
	
	https://github.com/ruby/rdoc/commit/a7f5d6ab88

	The test for command injection on Unix platforms should be omitted on Windows


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 9edc1625: [Backport #17781] 2021-07-03T16:56:34+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-07-03T16:56:34+00:00 83c255e89f376068f632fc1f17e67253184e4451 [ruby/resolv] Fix confusion of received response message This is a follow up for commit 33fb966197f1 ("Remove sender/message_id pair after response received in resolv", 2020-09-11). As the @senders instance variable is also used for tracking transaction ID allocation, simply removing an entry without releasing the ID would eventually deplete the ID space and cause Resolv::DNS.allocate_request_id to hang. It seems the intention of the code was to check that the received DNS message is actually the response for the question made within the method earlier. Let's have it actually do so. [Bug #12838] https://bugs.ruby-lang.org/issues/12838 [Bug #17748] https://bugs.ruby-lang.org/issues/17748 https://github.com/ruby/resolv/commit/53ca9c9209 --- lib/resolv.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	[ruby/resolv] Fix confusion of received response message

	This is a follow up for commit 33fb966197f1 ("Remove sender/message_id
	pair after response received in resolv", 2020-09-11).

	As the @senders instance variable is also used for tracking transaction
	ID allocation, simply removing an entry without releasing the ID would
	eventually deplete the ID space and cause
	Resolv::DNS.allocate_request_id to hang.

	It seems the intention of the code was to check that the received DNS
	message is actually the response for the question made within the method
	earlier. Let's have it actually do so.

	[Bug #12838] https://bugs.ruby-lang.org/issues/12838
	[Bug #17748] https://bugs.ruby-lang.org/issues/17748

	https://github.com/ruby/resolv/commit/53ca9c9209
	---
	 lib/resolv.rb | 6 +++---
	 1 file changed, 3 insertions(+), 3 deletions(-)

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e