| Age | Commit message (Collapse) | Author |
|---|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v2_3_6@61260 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v2_3_6@61254 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61252 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
r56973 to pass the test introduced at previous commit.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61251 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/tags/v2_3_6@61249 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix a command injection vulnerability in Net::FTP.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61248 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
webrick: compile RE correctly for beginning and end match
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61241 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
webrick: do not hang acceptor on slow TLS connections
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
webrick: fix up r60172
By making the socket non-blocking in r60172, TLS/SSL negotiation
via the SSL_accept function must handle non-blocking sockets
properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
non-blocking socket, so it must use non-blocking logic of
OpenSSL::SSL::SSLSocket#accept_nonblock.
Thanks to MSP-Greg (Greg L) for finding this.
* lib/webrick/server.rb (start_thread): use SSL_accept properly
with non-blocking socket.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and revert r60189
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
EPROTO, and EINVAL on TLS negotiation errors the same way they
were ignored before r60172 in the accept_client method of the
main acceptor thread.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and r60208
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): fix non-local return
introduced in r60208
webrick: fix up r60172 and r60210
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): properly fix non-local return
introduced in r60208 and r60210
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61240 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
parse.y: fix line in rescue
* parse.y (set_line_body, primary): fix line number of bodystmt as
the beginning of the block. [ruby-core:79388] [Bug #13181]
parse.y: set_line_body is not used in ripper
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@60947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Merge rubygems-2.6.14 changes.
It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@60946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix --with-gmp (broken by r57490)
Looking at the generated shell script (also the autoconf manual), it
seems AC_SEARCH_LIBS() m4 macro does not define HAVE_LIBsomething C
preprocessor macros, unlike AC_CHECK_LIB() which does define them.
This previous change effectively killed building with GMP because
building that mode depends on existence of HAVE_LIBGMP. [Bug #13402]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59912 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/webrick/log.rb: sanitize any type of logs
It had failed to sanitize some type of exception messages. Reported and
patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59900 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
parse.y: empty hash in defined
* parse.y (command): NODE_ARRAY with NULL is invalid. traversal
in defined_expr0 is simplified than iseq_compile_each0.
[ruby-core:82113] [Bug #13756]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
string.c: fix false coderange
* string.c (rb_enc_str_scrub): enc can differ from the actual
encoding of the string, the cached coderange is useless then.
[ruby-core:82674] [Bug #13874]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59883 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59882 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
parse.y: primary should not be 0
* parse.y (primary): should not be 0, since it can be a receiver.
[ruby-core:82447] [Bug #13836]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59881 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
vm_method.c: alias warning at refined method
* vm_method.c (rb_method_entry_make): suppress a warning at
refined method which will not be redefined.
[ruby-core:82385] [Bug #13817]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fixable on 64bit mswin/mingw.
* ext/date/date_core.c (d_lite_hash): ditto.
[Backport #13877]
* ext/openssl/ossl_bn.c (ossl_bn_hash): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59879 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
correct available length to ossl_asn1_decode() when decoding the
inner components of a constructed object. This can cause
out-of-bounds read if a crafted input given.
Reference: https://hackerone.com/reports/170316
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59800 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
A HTTP Header value must not contain CR or LF.
to_str -> to_s
* lib/net/http/header.rb (set_field): `val` can not have `to_str`.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
REXML: Fix a bug that unexpected methods can be called as a XPath function
[HackerOne:249295]
Reported by Andrea Jegher. Thanks!!!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59796 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
2.5.2.1. [Backport #13842]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
compile.c: disallow next in once
* compile.c (iseq_compile_each0): turned dregx context in "once"
into "guarded" type from "block" type, to disallow `next`,
`break`, `redo` as well as outside "once".
[ruby-core:81805] [Bug #13690]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
encoding. fix test failures introduced at r59531 on some platforms.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59552 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
marshal.c: revert r57631 partially
* marshal.c (rb_marshal_dump_limited): do not free dump_arg, which
may be dereferenced in check_dump_arg due to continuation, and
get rid of dangling pointers.
* marshal.c (rb_marshal_load_with_proc): ditto for load_arg.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59551 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
variable derived from original patch.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59550 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Remove unused Init_frozen_strings declaration
Init_frozen_strings definition is removed in r51511.
https://bugs.ruby-lang.org/issues/11423
Patch by Kohei Suzuki <eagletmt@gmail.com>
* internal.h: Remove declaration of unexist function
[Fix GH-1558]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix TracePoint#return_value with non-local exits
* vm.c: get return_value from imemo_throw_data object (THROW_DATA_VAL()).
imemo_throw_data (TAG_BREAK) contains returned value.
However, imemo_throw_data (TAG_BREAK) can skip several frames so that
we need to use it only once (at most internal frame). To record it,
we introduced THROW_DATA_CONSUMED and check it.
* internal.h: define THROW_DATA_CONSUMED flag.
* test/ruby/test_settracefunc.rb: add tests for [Bug #13369]
* vm_insnhelper.h: add THROW_DATA_CONSUMED_P() and
THROW_DATA_CONSUMED_SET().
internal.h: parenthesize macro argument
* internal.h (THROW_DATA_P): parenthesize the argument which is
casted.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59547 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
random.c: ensure initialized
* random.c (get_rnd, try_get_rnd): ensure initialized to get rid
of crash in forked processes. [ruby-core:82100] [Bug #13753]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59546 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
strscan.c: fix segfault in aref
* ext/strscan/strscan.c (strscan_aref): fix segfault after
get_byte or getch which do not apply regexp.
[ruby-core:82116] [Bug #13759]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59545 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
configure.in: rpath with OPTDIR
* configure.in: add rpath flags which is needed for OPTDIR as well
as -L options, when it is given. [ruby-dev:50065] [Bug #13411]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
vm_insnhelper.c: break in once
* vm_insnhelper.c (vm_throw_start): size of catch table has been
included in iseq_catch_table struct, which could be NULL, since
2.2. e.g., proc-closure in `once'.
[ruby-core:81775] [Bug #13680]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59542 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
node.h: sign-extend
* node.h (nd_line): should sign-extend. shifting `VALUE` extends
with zero bits if `sizeof(VALUE)` equals to `sizeof(int)`. the
zero bits are truncated if `sizeof(VALUE)` is bigger enough.
[ruby-core:80920] [Bug #13523]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59541 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
until this case block is end. this is a part of r57971.
[Backport #13766]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59540 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
this patch contains r54158, r57410, r57631 and r57954.
Prevent GC by volatile [Bug #13150]
test/ruby/test_marshal.rb test_context_switch (load) and test_gc (dump)
are failed on FreeBSD 10.3 and gcc7 (FreeBSD Ports Collection) 7.0.0
20170115 (experimental); RB_GC_GUARD looks not worked well.
* include/ruby/ruby.h (RB_GC_GUARD): prevent guarded pointer from
optimization by using as an input to inline asm.
* ruby.h: remove comment
* include/ruby/ruby.h (RB_GC_GUARD): remove comment unsupported by
Solaris AS.
Hidden objects (klass == 0) are not visible to Ruby code invoked
from other threads or signal handlers, so they can never be
accessed from other contexts. This makes it safe to call
rb_gc_force_recycle on the object slot after releasing malloc
memory.
* marshal.c (rb_marshal_dump_limited): hide dump_arg and recycle when
done (rb_marshal_load_with_proc): hide load_arg and recycle when done
[ruby-core:79518]
* marshal.c (rb_marshal_dump_limited): do not free dump_arg, which
may be dereferenced in check_dump_arg due to continuation, and
get rid of dangling pointers.
* marshal.c (rb_marshal_load_with_proc): ditto for load_arg.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59539 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
eval.c: copy special exception
* eval.c (setup_exception): make unfrozen copy of special
exception before setting up a cause.
test_io.rb: separate a test
* test/ruby/test_io.rb (test_closed_stream_in_rescue): run in a
separated process.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
a64: fix crash on register stack mark/sweep pass
* thread_pthread.c: move 'register_stack_start' earlier.
[ruby-core:79928] [Bug #13284] [Fix GH-1625]
Author: Sergei Trofimovich <slyfox@gentoo.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59534 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/smtp.rb (tlsconnect): support timeout for TLS handshake.
[ruby-core:76893] [Bug #12678]
* lib/net/protocol.rb (ssl_socket_connect): new method to implement
timeout for TLS handshake.
* lib/net/http.rb (connect): use Net::Protocol#ssl_socket_connect.
* test/net/smtp/test_smtp.rb (test_tls_connect, test_tls_connect):
use Socket.tcp_server_sockets in case localhost is resolved to ::1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59533 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Zlib::GzipReader#pos underflows after calling #ungetbyte or #ungetc at start of file [Bug #13616]
patched by Andrew Haines <andrew@haines.org.nz> [ruby-core:81488]
zlib.c: fix unnormalized Fixnum
* ext/zlib/zlib.c (rb_gzfile_total_out): cast to long not to
result in an unsigned long to normalized to Fixnum on LLP64
platforms. [ruby-core:81488]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59532 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
process.c: handle dynamic :rlimit_* symbols in spawn execopts
* process.c (rb_execarg_addopt_rlimit): hoist out of rb_execarg_addopt
(rlimit_type_by_sym): new wrapper for dynamic symbol
(rb_execarg_addopt): check for dsym via rlimit_type_by_sym
* test/ruby/test_process.rb (test_execopts_rlimit): check dsym w/o pindown
Add extra check for bogus rlimit args, too.
[ruby-core:82033] [Bug #13744]
process.c: null bytes
* process.c (rlimit_type_by_sym): prohibit null bytes in key
names. [ruby-core:82033] [Bug #13744]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59531 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
optparse.rb: get rid of eval
* lib/optparse.rb: try Float() and Integer() instead of eval,
which does too much things.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59530 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
mkmf.rb: fix script installation
* lib/mkmf.rb (MakeMakefile): fix condition to install script
files.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59277 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
which fixes a real bug.
* thread.c (struct waiting_fd): declare
(rb_thread_io_blocking_region): use on-stack list waiter
(rb_notify_fd_close): walk vm->waiting_fds instead
(call_without_gvl): remove old field setting
(th_init): ditto
[Feature #9632]
* vm_core.h (typedef struct rb_vm_struct): add waiting_fds list
* (typedef struct rb_thread_struct): remove waiting_fd field
(rb_vm_living_threads_init): initialize waiting_fds list
This should fix bad interactions with test_race_gets_and_close
in test/ruby/test_io.rb since we ensure rb_notify_fd_close
continues returning the busy flag after enqueuing the interrupt.
* thread.c (rb_notify_fd_close): do not enqueue multiple interrupts
[ruby-core:81581] [Bug #13632]
* test/ruby/test_io.rb (test_single_exception_on_close):
new test based on script from Nikolay
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
from Cipher#initialize. This is effectively a revert of r32723
("Avoid possible SEGV from AES encryption/decryption", 2011-07-28).
the patch is derived from https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062,
written by Kazuki Yamaguchi.
[Backport #8221]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: bump version to 2.1.0.1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
