Age | Commit message (Collapse) | Author |
|
This fixes CVE-2021-31810.
Reported by Alexandr Savca.
Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
|
|
[ruby/net-ftp] Bump version to 0.1.2
https://github.com/ruby/net-ftp/commit/895ba44b3c
---
lib/net/ftp.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/net-ftp] Replace "iff" with "if and only if"
iff means if and only if, but readers without that knowledge might
assume this to be a spelling mistake. To me, this seems like
exclusionary language that is unnecessary. Simply using "if and only if"
instead should suffice.
https://github.com/ruby/net-ftp/commit/e920473618
---
lib/net/ftp.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/net-ftp] Close the passive connection data socket if there is
an error setting up the transfer
Previously, the connection leaked in this case. This uses
begin/ensure and checking for an error in the ensure block.
An alternative approach would be to not even perform the
connection until after the RETR (or other) command has been
sent. However, I'm not sure all FTP servers support that.
The current behavior is:
* Send (PASV/EPSV)
* Connect to the host/port returned in 227/229 reply
* Send (RETR/other command)
Changing it to connect after the RETR could break things.
FTP servers might expect that the client has already
connected before sending the RETR. The alternative
approach is more likely to introduce backwards compatibility
issues, compared to the begin/ensure approach taken here.
Fixes Ruby Bug 17027
https://github.com/ruby/net-ftp/commit/6e8535f076
---
lib/net/ftp.rb | 24 ++++++++++++++----------
test/net/ftp/test_ftp.rb | 39 +++++++++++++++++++++++++++++++++++++--
2 files changed, 51 insertions(+), 12 deletions(-)
|
|
[ruby/net-ftp] Replace Timeout.timeout with socket timeout
Timeout.timeout is inefficient since it spins up a new thread for
each invocation, use Socket.tcp's connect_timeout option instead
when we aren't using SOCKS (we can't replace Timeout.timeout
for SOCKS yet since SOCKSSocket doesn't have a connect_timeout
option).
https://github.com/ruby/net-ftp/commit/d65910132f
---
lib/net/ftp.rb | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
|
|
4ae27d8075b2d138d13cb2b112f0ee50934b3017,2670509ebba5ba31a5bf34cf906943075446e005,8e2ac2140d1cd9c163c1556df58c020dc22ab269:
[ruby/net-ftp] Reduce resource cosumption of Net::FTP::TIME_PARSER
Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
client library and the impact of the issue is low, so I have decided
to fix it as a normal issue.
Based on patch by nobu.
https://github.com/ruby/net-ftp/commit/a93af636f8
---
lib/net/ftp.rb | 5 +++--
test/net/ftp/test_ftp.rb | 11 +++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
[ruby/net-ftp] Add test cases
https://github.com/ruby/net-ftp/commit/865232bb2a
---
test/net/ftp/test_ftp.rb | 6 ++++++
1 file changed, 6 insertions(+)
test/net/ftp/test_ftp.rb: reduce the size of a long response
"9" * 999999999 (about 1 GB) was too large for some CI servers.
This commit changes the size to 999999 (about 1 MB).
http://rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20210427T141707Z.fail.html.gz
http://rubyci.s3.amazonaws.com/raspbian10-aarch64/ruby-master/log/20210427T145408Z.fail.html.gz
---
test/net/ftp/test_ftp.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
They are followed up with
https://github.com/ruby/ruby/commit/8fb02b7a97317090e3946e6f2d4a7d034f9699f1
|
|
|
|
On case-insensitive filesystem, generated Net/FTP.html is
overwritten by Net/Ftp.html.
https://github.com/ruby/net-ftp/commit/14a6ff5134
|
|
|
|
Patch by koshigoe (Masataka SUZUKI). Thanks!
|
|
|
|
|
|
Fixed misspellings reported at [Bug #16437], for default gems.
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/2758
|
|
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/2615
|
|
Patch by darkphnx (Dan Wentworth) . Thanks!
[Feature #15964]
|
|
Mostly requires adding ** in either calls or method definitions.
Notes:
Merged: https://github.com/ruby/ruby/pull/2395
|
|
This reverts commit 69a1db96fe63ff3071cb3d272675a1d0470aab01.
getaddrinfo(3) doesn't support timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66660 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/net/pop.rb: ditto
lib/net/ftp.rb: ditto
lib/net/smtp.rb: ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66659 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[#15206] [Fix GH-1976]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@65505 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
When TLS 1.3 is in use, the session ticket may not have been sent yet
even though a handshake has finished. Also, the ticket could change if
multiple session ticket messages are sent by the server. Use
SSLContext#session_new_cb instead of calling SSLSocket#session
immediately after a handshake. This way also works with earlier protocol
versions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@64234 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I noticed this bug while working on something else with
RUBYOPT=-d on, existing test cases all passed with it.
Note: I use String.new because it is the local style, here,
I prefer +'' (or ''.b, for a future commit)
* lib/net/ftp.rb (BufferedSocket#read): use String.new
* test/net/ftp/test_buffered_socket.rb (test_read_nil): new test
[ruby-core:84675] [Bug #14323]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61639 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
If uplevel keyword is given, the warning message is prepended
with caller file and line information and the string "warning: ".
The use of the uplevel keyword makes Kernel#warn format output
similar to how rb_warn formats output.
This patch modifies net/ftp and net/imap to use Kernel#warn
instead of $stderr.puts or $stderr.printf, since they are used
for printing warnings.
This makes lib/cgi/core and tempfile use $stderr.puts instead of
warn for debug logging, since they are used for debug printing
and not for warning.
This does not modify bundler, rubygems, or rdoc, as those are
maintained outside of ruby and probably wish to remain backwards
compatible with older ruby versions.
rb_warn_m code is originally from nobu, but I've changed it
so that it only includes the path and lineno from uplevel
(not the method), and also prepends the string "warning: ",
to make it more similar to rb_warn.
From: Jeremy Evans code@jeremyevans.net
Signed-off-by: Urabe Shyouhei shyouhei@ruby-lang.org
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Bug #14020][ruby-core:83313]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@60198 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/ftp.rb (Net::FTP#initialize): simplify as per
the original intent.
* spec/ruby/library/net/ftp/initialize_spec.rb: adapt specs.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59981 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* [Misc #13792] [ruby-core:82287]
* Prefer test-spec over test-rubyspec in spec/README.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@59980 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56925 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
The TLS handshake timeout can be specified independently, because the TLS
handshake doesn't start just after the underlying connection is established,
but after the AUTH command is completed. It's also useful for testing
purposes. However, if ssl_handshake_timeout is not specified, open_timeout
is used instead for convenience.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56919 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Otherwise, @sock.read in Net::FTP#close hungs until read_timeout exceeded.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Otherwise, file descriptor leaks may occur in Net::FTP.new.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Net::FTP inherits ssl_socket_connect from Net::Protocol to implement timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56885 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/ftp.rb (shutdown): fix typo
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56883 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
In that case, BufferedSSLSocket#read in FTP#close exceeded timeout because
BufferedSSLSocket#shutdown did nothing. So BufferedIO#rbuf_fill is
overridden in BufferedSSLSocket to raise an EOFError if the connection is
shut down.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Based on the patch by soleboxy.
[Fix GH-1478] [ruby-core:78240] [Feature #12965]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56879 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLSocket#send is not defined, so use #write instead. flags and dest are
ignored.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56871 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/net/ftp.rb (Net::FTP#initialize): [DOC] fix type in option
name, :username is used but :use is not.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56862 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56861 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56860 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56851 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Because @sock.remote_address fails if @sock is an SSLSocket.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56847 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
SSLSocket#stop is a private method and cannot be called, but explicit calls
are not necessary because SSL_shutdown() is called from SSLSocket#close.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56846 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56843 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56842 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56839 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56837 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56835 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|