ruby.git/test, branch ruby_2_4 The Ruby Programming Language lib/shell/command-processor.rb (Shell#[]): prevent unknown command 2019-10-01T11:06:17+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T11:06:17+00:00 1a45b0448224009a9bde9b28ae259d8674c792be `FileTest.send(command, ...)` allows to call not only FileTest-related methods but also any method that belongs to Kernel, Object, etc. patched by <mame@ruby-lang.org> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67820 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
`FileTest.send(command, ...)` allows to call not only FileTest-related
methods but also any method that belongs to Kernel, Object, etc.
patched by <mame@ruby-lang.org>


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67820 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 3ce238b5f9795581eb84114dcfbdf4aa086bfecc 2019-10-01T11:05:56+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T11:05:56+00:00 8eff476bce40b52f244b8c912d1a5f40aa64b683 WEBrick: prevent response splitting and header injection This is a follow up to d9d4a28. The commit prevented CRLR, but did not address an isolated CR or an isolated LF. Co-Authored-By: NARUSE, Yui <naruse@airemix.jp> git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67819 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
WEBrick: prevent response splitting and header injection

This is a follow up to d9d4a28.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.

Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67819 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 36e057e26ef2104bc2349799d6c52d22bb1c7d03 2019-10-01T11:05:22+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T11:05:22+00:00 38d2d0dbd319a9cc49fd2c945be4090cea72ef36 Loop with String#scan without creating substrings Create the substrings necessary parts only, instead of cutting the rest of the buffer. Also removed a useless, probable typo, regexp. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67818 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Loop with String#scan without creating substrings

Create the substrings necessary parts only, instead of cutting the
rest of the buffer.  Also removed a useless, probable typo, regexp.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67818 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) a0a2640b398cffd351f87d3f6243103add66575b 2019-10-01T11:04:48+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-10-01T11:04:48+00:00 88387876af112eb0bdefe7408bca6aaaacf52d6f Fix for wrong fnmatch patttern * dir.c (file_s_fnmatch): ensure that pattern does not contain a NUL character. https://hackerone.com/reports/449617 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67817 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
Fix for wrong fnmatch patttern

* dir.c (file_s_fnmatch): ensure that pattern does not contain a
  NUL character.  https://hackerone.com/reports/449617


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67817 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 67201: [Backport #15650] 2019-03-31T15:01:13+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-03-31T15:01:13+00:00 c0404b8cde7eefbc6405ba39559a50dd83888f46 eval.c: clear internal errinfo * eval.c (ruby_cleanup): clear internal error info when invoking end procs. [ruby-core:91731] [Bug #15650] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	eval.c: clear internal errinfo

	* eval.c (ruby_cleanup): clear internal error info when invoking
	  end procs.  [ruby-core:91731] [Bug #15650]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 67188: [Backport #15642] 2019-03-31T14:58:24+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-03-31T14:58:24+00:00 7a27746ecebbfee90203e8f3816e6e80d6c65d3b io.c: chomp CR at the end of read buffer * io.c (rb_io_getline_fast): chomp CR followed by LF but separated by the read buffer boundary. [ruby-core:91707] [Bug #15642] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67391 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	io.c: chomp CR at the end of read buffer

	* io.c (rb_io_getline_fast): chomp CR followed by LF but separated
	  by the read buffer boundary.  [ruby-core:91707] [Bug #15642]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67391 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Applied security patches for RubyGems 2019-03-18T18:30:36+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-03-18T18:30:36+00:00 f86e5daee790ee509cb17f4f51f95cc76ca89a4e git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67303 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67303 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 65365: 2019-03-01T07:57:58+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-03-01T07:57:58+00:00 391f88c8431075596a6f44d8bea19d2e155e3003 Update for tzdata-2018f git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67154 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	Update for tzdata-2018f

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67154 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 66909: [Backport #15555] 2019-02-28T14:55:05+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-02-28T14:55:05+00:00 e94087c279902302c826fa33747cb5998c0323d3 tmpdir.rb: permission of user given directory * lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the parent directory only when using the default temporary directory, and no check against user given directory. the security is the user's responsibility in that case. [ruby-core:91216] [Bug #15555] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	tmpdir.rb: permission of user given directory

	* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
	  parent directory only when using the default temporary
	  directory, and no check against user given directory.  the
	  security is the user's responsibility in that case.
	  [ruby-core:91216] [Bug #15555]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67148 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
merge revision(s) 62872,62873: [Backport #14621] 2019-02-28T14:52:06+00:00 usa usa@b2dd03c8-39d4-4d8f-98ff-823fe69b080e 2019-02-28T14:52:06+00:00 a6da4f8ac7147cf2c7b29c54dc9f395f0038f30c parse.y: unindent continued line * parse.y (tokadd_string): stop at continued line in dedented here documents, to dedent for each lines before removing escaped newlines. [ruby-core:86236] [Bug #14621] parse.y: terminator at continued line * parse.y (here_document): a continuing line is not the terminator. [ruby-core:86283] [Bug #14621] git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67147 b2dd03c8-39d4-4d8f-98ff-823fe69b080e 
	parse.y: unindent continued line

	* parse.y (tokadd_string): stop at continued line in dedented here
	  documents, to dedent for each lines before removing escaped
	  newlines.  [ruby-core:86236] [Bug #14621]

	parse.y: terminator at continued line

	* parse.y (here_document): a continuing line is not the
	  terminator.  [ruby-core:86283] [Bug #14621]

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@67147 b2dd03c8-39d4-4d8f-98ff-823fe69b080e