This fixes CVE-2021-32066.
Reported by Alexandr Savca in <https://hackerone.com/reports/1178562>.

This fixes CVE-2021-31810.
Reported by Alexandr Savca.

Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>

	[ruby/net-ftp] Bump version to 0.1.2

	https://github.com/ruby/net-ftp/commit/895ba44b3c
	---
	 lib/net/ftp.rb | 2 +-
	 1 file changed, 1 insertion(+), 1 deletion(-)

	[ruby/net-ftp] Replace "iff" with "if and only if"

	iff means if and only if, but readers without that knowledge might
	assume this to be a spelling mistake. To me, this seems like
	exclusionary language that is unnecessary. Simply using "if and only if"
	instead should suffice.

	https://github.com/ruby/net-ftp/commit/e920473618
	---
	 lib/net/ftp.rb | 2 +-
	 1 file changed, 1 insertion(+), 1 deletion(-)

	[ruby/net-ftp] Close the passive connection data socket if there is
	 an error setting up the transfer

	Previously, the connection leaked in this case.  This uses
	begin/ensure and checking for an error in the ensure block.

	An alternative approach would be to not even perform the
	connection until after the RETR (or other) command has been
	sent.  However, I'm not sure all FTP servers support that.
	The current behavior is:

	* Send (PASV/EPSV)
	* Connect to the host/port returned in 227/229 reply
	* Send (RETR/other command)

	Changing it to connect after the RETR could break things.
	FTP servers might expect that the client has already
	connected before sending the RETR.  The alternative
	approach is more likely to introduce backwards compatibility
	issues, compared to the begin/ensure approach taken here.

	Fixes Ruby Bug 17027

	https://github.com/ruby/net-ftp/commit/6e8535f076
	---
	 lib/net/ftp.rb           | 24 ++++++++++++++----------
	 test/net/ftp/test_ftp.rb | 39 +++++++++++++++++++++++++++++++++++++--
	 2 files changed, 51 insertions(+), 12 deletions(-)

	[ruby/net-ftp] Replace Timeout.timeout with socket timeout

	Timeout.timeout is inefficient since it spins up a new thread for
	each invocation, use Socket.tcp's connect_timeout option instead
	when we aren't using SOCKS (we can't replace Timeout.timeout
	for SOCKS yet since SOCKSSocket doesn't have a connect_timeout
	option).

	https://github.com/ruby/net-ftp/commit/d65910132f
	---
	 lib/net/ftp.rb | 17 +++++++++++------
	 1 file changed, 11 insertions(+), 6 deletions(-)

	[ruby/net-ftp] Reduce resource cosumption of Net::FTP::TIME_PARSER

	Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
	client library and the impact of the issue is low, so I have decided
	to fix it as a normal issue.
	Based on patch by nobu.

	https://github.com/ruby/net-ftp/commit/a93af636f8
	---
	 lib/net/ftp.rb           |  5 +++--
	 test/net/ftp/test_ftp.rb | 11 +++++++++++
	 2 files changed, 14 insertions(+), 2 deletions(-)

	[ruby/net-ftp] Add test cases

	https://github.com/ruby/net-ftp/commit/865232bb2a
	---
	 test/net/ftp/test_ftp.rb | 6 ++++++
	 1 file changed, 6 insertions(+)

	test/net/ftp/test_ftp.rb: reduce the size of a long response

	"9" * 999999999 (about 1 GB) was too large for some CI servers.
	This commit changes the size to 999999 (about 1 MB).

	http://rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20210427T141707Z.fail.html.gz
	http://rubyci.s3.amazonaws.com/raspbian10-aarch64/ruby-master/log/20210427T145408Z.fail.html.gz
	---
	 test/net/ftp/test_ftp.rb | 4 ++--
	 1 file changed, 2 insertions(+), 2 deletions(-)