| Age | Commit message (Collapse) | Author |
|---|
|
r56973 to pass the test introduced at previous commit.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61251 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix a command injection vulnerability in Net::FTP.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61248 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
webrick: compile RE correctly for beginning and end match
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61241 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
webrick: do not hang acceptor on slow TLS connections
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
webrick: fix up r60172
By making the socket non-blocking in r60172, TLS/SSL negotiation
via the SSL_accept function must handle non-blocking sockets
properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
non-blocking socket, so it must use non-blocking logic of
OpenSSL::SSL::SSLSocket#accept_nonblock.
Thanks to MSP-Greg (Greg L) for finding this.
* lib/webrick/server.rb (start_thread): use SSL_accept properly
with non-blocking socket.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and revert r60189
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
EPROTO, and EINVAL on TLS negotiation errors the same way they
were ignored before r60172 in the accept_client method of the
main acceptor thread.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and r60208
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): fix non-local return
introduced in r60208
webrick: fix up r60172 and r60210
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): properly fix non-local return
introduced in r60208 and r60210
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@61240 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
parse.y: fix line in rescue
* parse.y (set_line_body, primary): fix line number of bodystmt as
the beginning of the block. [ruby-core:79388] [Bug #13181]
parse.y: set_line_body is not used in ripper
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@60947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Merge rubygems-2.6.14 changes.
It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@60946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix --with-gmp (broken by r57490)
Looking at the generated shell script (also the autoconf manual), it
seems AC_SEARCH_LIBS() m4 macro does not define HAVE_LIBsomething C
preprocessor macros, unlike AC_CHECK_LIB() which does define them.
This previous change effectively killed building with GMP because
building that mode depends on existence of HAVE_LIBGMP. [Bug #13402]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59912 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/webrick/log.rb: sanitize any type of logs
It had failed to sanitize some type of exception messages. Reported and
patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59900 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
parse.y: empty hash in defined
* parse.y (command): NODE_ARRAY with NULL is invalid. traversal
in defined_expr0 is simplified than iseq_compile_each0.
[ruby-core:82113] [Bug #13756]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
string.c: fix false coderange
* string.c (rb_enc_str_scrub): enc can differ from the actual
encoding of the string, the cached coderange is useless then.
[ruby-core:82674] [Bug #13874]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59883 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59882 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fixable on 64bit mswin/mingw.
* ext/date/date_core.c (d_lite_hash): ditto.
[Backport #13877]
* ext/openssl/ossl_bn.c (ossl_bn_hash): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59879 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
correct available length to ossl_asn1_decode() when decoding the
inner components of a constructed object. This can cause
out-of-bounds read if a crafted input given.
Reference: https://hackerone.com/reports/170316
https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59800 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59798 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
2.5.2.1. [Backport #13842]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59795 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
compile.c: disallow next in once
* compile.c (iseq_compile_each0): turned dregx context in "once"
into "guarded" type from "block" type, to disallow `next`,
`break`, `redo` as well as outside "once".
[ruby-core:81805] [Bug #13690]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59553 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
encoding. fix test failures introduced at r59531 on some platforms.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59552 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
marshal.c: revert r57631 partially
* marshal.c (rb_marshal_dump_limited): do not free dump_arg, which
may be dereferenced in check_dump_arg due to continuation, and
get rid of dangling pointers.
* marshal.c (rb_marshal_load_with_proc): ditto for load_arg.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59551 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
variable derived from original patch.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59550 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Remove unused Init_frozen_strings declaration
Init_frozen_strings definition is removed in r51511.
https://bugs.ruby-lang.org/issues/11423
Patch by Kohei Suzuki <eagletmt@gmail.com>
* internal.h: Remove declaration of unexist function
[Fix GH-1558]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59548 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix TracePoint#return_value with non-local exits
* vm.c: get return_value from imemo_throw_data object (THROW_DATA_VAL()).
imemo_throw_data (TAG_BREAK) contains returned value.
However, imemo_throw_data (TAG_BREAK) can skip several frames so that
we need to use it only once (at most internal frame). To record it,
we introduced THROW_DATA_CONSUMED and check it.
* internal.h: define THROW_DATA_CONSUMED flag.
* test/ruby/test_settracefunc.rb: add tests for [Bug #13369]
* vm_insnhelper.h: add THROW_DATA_CONSUMED_P() and
THROW_DATA_CONSUMED_SET().
internal.h: parenthesize macro argument
* internal.h (THROW_DATA_P): parenthesize the argument which is
casted.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59547 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
random.c: ensure initialized
* random.c (get_rnd, try_get_rnd): ensure initialized to get rid
of crash in forked processes. [ruby-core:82100] [Bug #13753]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59546 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
strscan.c: fix segfault in aref
* ext/strscan/strscan.c (strscan_aref): fix segfault after
get_byte or getch which do not apply regexp.
[ruby-core:82116] [Bug #13759]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59545 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
configure.in: rpath with OPTDIR
* configure.in: add rpath flags which is needed for OPTDIR as well
as -L options, when it is given. [ruby-dev:50065] [Bug #13411]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59544 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
vm_insnhelper.c: break in once
* vm_insnhelper.c (vm_throw_start): size of catch table has been
included in iseq_catch_table struct, which could be NULL, since
2.2. e.g., proc-closure in `once'.
[ruby-core:81775] [Bug #13680]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59543 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59542 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
until this case block is end. this is a part of r57971.
[Backport #13766]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59540 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
this patch contains r54158, r57410, r57631 and r57954.
Prevent GC by volatile [Bug #13150]
test/ruby/test_marshal.rb test_context_switch (load) and test_gc (dump)
are failed on FreeBSD 10.3 and gcc7 (FreeBSD Ports Collection) 7.0.0
20170115 (experimental); RB_GC_GUARD looks not worked well.
* include/ruby/ruby.h (RB_GC_GUARD): prevent guarded pointer from
optimization by using as an input to inline asm.
* ruby.h: remove comment
* include/ruby/ruby.h (RB_GC_GUARD): remove comment unsupported by
Solaris AS.
Hidden objects (klass == 0) are not visible to Ruby code invoked
from other threads or signal handlers, so they can never be
accessed from other contexts. This makes it safe to call
rb_gc_force_recycle on the object slot after releasing malloc
memory.
* marshal.c (rb_marshal_dump_limited): hide dump_arg and recycle when
done (rb_marshal_load_with_proc): hide load_arg and recycle when done
[ruby-core:79518]
* marshal.c (rb_marshal_dump_limited): do not free dump_arg, which
may be dereferenced in check_dump_arg due to continuation, and
get rid of dangling pointers.
* marshal.c (rb_marshal_load_with_proc): ditto for load_arg.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59539 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
eval.c: copy special exception
* eval.c (setup_exception): make unfrozen copy of special
exception before setting up a cause.
test_io.rb: separate a test
* test/ruby/test_io.rb (test_closed_stream_in_rescue): run in a
separated process.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59538 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
a64: fix crash on register stack mark/sweep pass
* thread_pthread.c: move 'register_stack_start' earlier.
[ruby-core:79928] [Bug #13284] [Fix GH-1625]
Author: Sergei Trofimovich <slyfox@gentoo.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59537 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59534 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/smtp.rb (tlsconnect): support timeout for TLS handshake.
[ruby-core:76893] [Bug #12678]
* lib/net/protocol.rb (ssl_socket_connect): new method to implement
timeout for TLS handshake.
* lib/net/http.rb (connect): use Net::Protocol#ssl_socket_connect.
* test/net/smtp/test_smtp.rb (test_tls_connect, test_tls_connect):
use Socket.tcp_server_sockets in case localhost is resolved to ::1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59533 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
which fixes a real bug.
* thread.c (struct waiting_fd): declare
(rb_thread_io_blocking_region): use on-stack list waiter
(rb_notify_fd_close): walk vm->waiting_fds instead
(call_without_gvl): remove old field setting
(th_init): ditto
[Feature #9632]
* vm_core.h (typedef struct rb_vm_struct): add waiting_fds list
* (typedef struct rb_thread_struct): remove waiting_fd field
(rb_vm_living_threads_init): initialize waiting_fds list
This should fix bad interactions with test_race_gets_and_close
in test/ruby/test_io.rb since we ensure rb_notify_fd_close
continues returning the busy flag after enqueuing the interrupt.
* thread.c (rb_notify_fd_close): do not enqueue multiple interrupts
[ruby-core:81581] [Bug #13632]
* test/ruby/test_io.rb (test_single_exception_on_close):
new test based on script from Nikolay
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59274 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
from Cipher#initialize. This is effectively a revert of r32723
("Avoid possible SEGV from AES encryption/decryption", 2011-07-28).
the patch is derived from https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062,
written by Kazuki Yamaguchi.
[Backport #8221]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59267 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* ext/psych/psych.gemspec: bump version to 2.1.0.1.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
parse.y: check multibyte char
* parse.y (parser_precise_mbclen): check invalid multibyte char at
skipping strings following `?x` literal string, not to stuck in
a infinite loop. [ruby-core:81746] [Bug #13672]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59241 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
pathname.rb: UNC root pathname needs a separator
* ext/pathname/lib/pathname.rb (Pathname#plus): UNC root pathname
needs a separator. File.basename returns "/" on UNC root, as
well as sole drive letter, even if it does not end with a
separator. [ruby-core:80900] [Bug #13515]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59240 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rexml: add close tag check on end of document to StreamParser
[ruby-core:81593] [Bug #13636]
Reported by Anton Sivakov. Thanks!!!
* properties.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
array.c: check position to insert
* array.c (rb_ary_insert): check position to insert even if no
elements to be inserted. [ruby-core:81125] [Bug #13558]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59238 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
date_core.c: fix docs for %Z format
* ext/date/date_core.c: [DOC] fix documentation for %Z format
of {Date,DateTime}.strftime.
Reported by Damon Timm. Based on a patch by nano.
[ruby-core:79602] [Bug #13231] [Fix GH-1565]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59237 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rss: Accept empty text element as valid element
Parser has been accepted it but XML serializer wasn't accepted.
Reported by stefano frabetti. Thanks!!!
[ruby-core:80965] [Bug #13531]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59236 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
X509_LOOKUP_load_file()
X509_LOOKUP_load_file(), which ends up calling
X509_load_cert_crl_file()
internally, may leave error entries in the queue even when it returns
non-zero value (which indicates success).
This will be fixed by OpenSSL 1.1.1, but can be worked around by
clearing the error queue ourselves.
Fixes: [Backport #11033]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59235 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* gc.c (heap_page_resurrect): do not return tomb_pages when
page->freelist == NULL.
[Bug #12670]
test for [Bug #12670]
heap corruption by deferred free.
gc.c: expand sorted pages
* gc.c (heap_page_allocate): expand sorted pages before inserting
allocated new page. [Bug #12670]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
vsnprintf.c: prefix with precision
* vsnprintf.c (BSD_vfprintf): sign and hex-prefix should not be
counted in precision. [ruby-dev:47714] [Bug #8916]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59233 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
thread.c: disable VM events when stack overflow
* thread.c (ruby_thread_stack_overflow): disable VM events when
stack overflow occurred; it causes another stack overflow again
in making backtrace object, and crashes.
[ruby-core:80662] [Bug #13425]
increase timeout seconds.
* test/ruby/test_trace.rb (test_trace_stackoverflow): on some platforms
this test fails because of timeout.
disable rewind hooks.
* vm.c (hook_before_rewind): skip rewind hooks if err is SystemStackError
because rewind hooks can cause stack overflow again and again.
* thread.c (ruby_thread_stack_overflow): do not disable all hooks.
Additionally, clearing ruby_vm_event_flags is not suitable way
to disable hooks.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59232 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
proc.c: skip prepended modules
* proc.c (method_super_method): skip prepended modules and
continue from the super class of the original class.
[ruby-core:81666] [Bug #13656]
test/ruby/test_method.rb: refined [ruby-core:81666] [Bug #13656]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59231 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/smtp.rb (getok, get_response): raise an ArgumentError when
CR or LF is included in a line, because they are not allowed in
RFC5321.
RFC5321. Thanks, Jeremy Daer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59230 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
thread.c: avoid busy looping on rb_thread_fd_close
We no longer use it this function, but extensions do, and
we need to ensure it continues to work for them.
* thread.c (rb_thread_fd_close): schedule other threads in loop
* ext/-test-/thread_fd_close/thread_fd_close.c: new file
* ext/-test-/thread_fd_close/depend: ditto
* ext/-test-/thread_fd_close/extconf.rb: ditto
* test/-ext-/thread_fd_close/test_thread_fd_close.rb: new test
* properties.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59229 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
sample/pty/shl.rb: update sample
* Specify frozen_string_literal: true.
* Fix TypeError of raise.
* Use a character literal instead of Integer.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_3@59228 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
