ruby.git/test/webrick, branch ruby_2_6 The Ruby Programming Language Backport webrick patch for CVE-2020-25613 2021-01-31T09:56:27+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2021-01-31T09:56:27+00:00 8b49c3e4bc767bec8a66ac81cbda033330fb2703 [Backport #17201] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67892 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[Backport #17201]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67892 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 3ce238b5f9795581eb84114dcfbdf4aa086bfecc: 2019-10-01T10:57:43+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T10:57:43+00:00 8d5d5d5609e94b4ab75512c8d036d049fd1af6c2 WEBrick: prevent response splitting and header injection This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16. The commit prevented CRLR, but did not address an isolated CR or an isolated LF. Co-Authored-By: NARUSE, Yui <naruse@airemix.jp> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	WEBrick: prevent response splitting and header injection

	This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
	The commit prevented CRLR, but did not address an isolated CR or an
	isolated LF.

	Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03: 2019-10-01T10:56:49+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T10:56:49+00:00 1443dfd7c30fc9847d8316bc522ff32da5fb6fc1 Loop with String#scan without creating substrings Create the substrings necessary parts only, instead of cutting the rest of the buffer. Also removed a useless, probable typo, regexp. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	Loop with String#scan without creating substrings

	Create the substrings necessary parts only, instead of cutting the
	rest of the buffer.  Also removed a useless, probable typo, regexp.

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) b0b0ded5aa2cf7c4574b057d8326ed4e1c172c12: 2019-09-13T11:17:07+00:00 nagachika nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-09-13T11:17:07+00:00 9899e669edac9aef3dcaadba17a738f1178354d8 webrick/test_utils.rb: loosen timeout severity to stabilize CI failure like: https://rubyci.org/logs/rubyci.s3.amazonaws.com/osx1013/ruby-trunk/log/20181228T114501Z.fail.html.gz git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67801 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	webrick/test_utils.rb: loosen timeout severity

	to stabilize CI failure like:
	https://rubyci.org/logs/rubyci.s3.amazonaws.com/osx1013/ruby-trunk/log/20181228T114501Z.fail.html.gz

	git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67801 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: add the ability to override res, req creation 2018-12-19T11:08:05+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-12-19T11:08:05+00:00 4038d0137fd0e962748e5cde093d14ef75625a3b So that a customized HTTPServer subclass can use it's own Request/Response classes. To apply the override, make a subclass of WEBrick::HTTPServer and override the `create_request_and_response(with_webrick_config)` method. The method should return an Array of [request, response]. To check whether the Server supports this method (i.e. when using older versions of WEBrick when needing this functionality), you can ask the server if it responds to the method server.respond_to?(:create_request_and_response) This is backportable. [ruby-core:69604] [Feature #11266] From: Julik Tarkhanov <me@julik.nl> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
So that a customized HTTPServer subclass can use it's own
Request/Response classes.

To apply the override, make a subclass of WEBrick::HTTPServer
and override the
`create_request_and_response(with_webrick_config)` method. The
method should return an Array of [request, response].

To check whether the Server supports this method (i.e. when
using older versions of WEBrick when needing this
functionality), you can ask the server if it responds to the
method

    server.respond_to?(:create_request_and_response)

This is backportable.

[ruby-core:69604] [Feature #11266]

From: Julik Tarkhanov <me@julik.nl>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: fix tests on Debian sid/unstable with OpenSSL 1.1.1a 2018-12-03T04:51:08+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-12-03T04:51:08+00:00 a063f71a7ccc733d8ab4b997dfc3ffb1ab987afc OpenSSL complains abour our keys being small and weak :< Make them big and strong with 2048-bit RSA keys and SHA256 digests git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
OpenSSL complains abour our keys being small and weak :<
Make them big and strong with 2048-bit RSA keys and SHA256 digests

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66152 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Use binread because webrick also uses binread 2018-10-05T10:36:24+00:00 naruse naruse@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-10-05T10:36:24+00:00 0f5853c2c4fd35bbd42e503004195f8c18477c8d Reported-by: MSP-Greg [Bug #15203] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64924 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Reported-by: MSP-Greg [Bug #15203]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64924 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
webrick: raise EOFError in parse when read line is nil 2018-09-24T07:48:33+00:00 normal normal@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-09-24T07:48:33+00:00 1aef602d5a9398ff362de212ae402ffcd8ff76ae [Bug #15146] From: Justin Li <git@justinli.net> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
[Bug #15146]

From: Justin Li <git@justinli.net>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64823 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Silence Net::HTTP warning in test. 2018-08-07T13:08:53+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-08-07T13:08:53+00:00 dfd6787f4602394dcb7c83fbb1bb8dee0251624d https://github.com/ruby/webrick/pull/8 Co-authored-by: Espartaco Palma <> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  https://github.com/ruby/webrick/pull/8

  Co-authored-by: Espartaco Palma <>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Add missing test for WEBrick::HTTPAuth::Htgroup. 2018-08-07T12:56:48+00:00 hsbt hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2018-08-07T12:56:48+00:00 5a99a7404099995e3be99450dd4801082ece35c9 [Bug #14866][ruby-core:87602] https://github.com/ruby/webrick/pull/10 Co-authored-by: TSUYUSATO Kitsune <make.just.on@gmail.com> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
  [Bug #14866][ruby-core:87602]

  https://github.com/ruby/webrick/pull/10

  Co-authored-by: TSUYUSATO Kitsune <make.just.on@gmail.com>

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64216 b2dd03c8-39d4-4d8f-98ff-823fe69b080e