* lib/rubygems: fix several vulnerabilities in RubyGems; bump to version

  2.5.2.1. [Backport #13842]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 14 insertions, 1 deletions

diff --git a/lib/rubygems/text.rb b/lib/rubygems/text.rb
index 732f1b99f2..b944b62c27 100644
--- a/lib/rubygems/text.rb
+++ b/lib/rubygems/text.rb
@@ -7,12 +7,25 @@ require 'rubygems'
 module Gem::Text
 
   ##
+  # Remove any non-printable characters and make the text suitable for
+  # printing.
+  def clean_text(text)
+    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
+  end
+
+  def truncate_text(text, description, max_length = 100_000)
+    raise ArgumentError, "max_length must be positive" unless max_length > 0
+    return text if text.size <= max_length
+    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
+  end
+
+  ##
   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
   # characters
 
   def format_text(text, wrap, indent=0)
     result = []
-    work = text.dup
+    work = clean_text(text)
 
     while work.length > wrap do
       if work =~ /^(.{0,#{wrap}})[ \n]/ then