Age | Commit message (Collapse) | Author |
|
|
|
This fixes CVE-2021-32066.
Reported by Alexandr Savca in <https://hackerone.com/reports/1178562>.
|
|
This fixes CVE-2021-31810.
Reported by Alexandr Savca.
Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
|
|
[ruby/net-ftp] Bump version to 0.1.2
https://github.com/ruby/net-ftp/commit/895ba44b3c
---
lib/net/ftp.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/net-ftp] Replace "iff" with "if and only if"
iff means if and only if, but readers without that knowledge might
assume this to be a spelling mistake. To me, this seems like
exclusionary language that is unnecessary. Simply using "if and only if"
instead should suffice.
https://github.com/ruby/net-ftp/commit/e920473618
---
lib/net/ftp.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/net-ftp] Close the passive connection data socket if there is
an error setting up the transfer
Previously, the connection leaked in this case. This uses
begin/ensure and checking for an error in the ensure block.
An alternative approach would be to not even perform the
connection until after the RETR (or other) command has been
sent. However, I'm not sure all FTP servers support that.
The current behavior is:
* Send (PASV/EPSV)
* Connect to the host/port returned in 227/229 reply
* Send (RETR/other command)
Changing it to connect after the RETR could break things.
FTP servers might expect that the client has already
connected before sending the RETR. The alternative
approach is more likely to introduce backwards compatibility
issues, compared to the begin/ensure approach taken here.
Fixes Ruby Bug 17027
https://github.com/ruby/net-ftp/commit/6e8535f076
---
lib/net/ftp.rb | 24 ++++++++++++++----------
test/net/ftp/test_ftp.rb | 39 +++++++++++++++++++++++++++++++++++++--
2 files changed, 51 insertions(+), 12 deletions(-)
|
|
[ruby/net-ftp] Replace Timeout.timeout with socket timeout
Timeout.timeout is inefficient since it spins up a new thread for
each invocation, use Socket.tcp's connect_timeout option instead
when we aren't using SOCKS (we can't replace Timeout.timeout
for SOCKS yet since SOCKSSocket doesn't have a connect_timeout
option).
https://github.com/ruby/net-ftp/commit/d65910132f
---
lib/net/ftp.rb | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
|
|
4ae27d8075b2d138d13cb2b112f0ee50934b3017,2670509ebba5ba31a5bf34cf906943075446e005,8e2ac2140d1cd9c163c1556df58c020dc22ab269:
[ruby/net-ftp] Reduce resource cosumption of Net::FTP::TIME_PARSER
Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
client library and the impact of the issue is low, so I have decided
to fix it as a normal issue.
Based on patch by nobu.
https://github.com/ruby/net-ftp/commit/a93af636f8
---
lib/net/ftp.rb | 5 +++--
test/net/ftp/test_ftp.rb | 11 +++++++++++
2 files changed, 14 insertions(+), 2 deletions(-)
[ruby/net-ftp] Add test cases
https://github.com/ruby/net-ftp/commit/865232bb2a
---
test/net/ftp/test_ftp.rb | 6 ++++++
1 file changed, 6 insertions(+)
test/net/ftp/test_ftp.rb: reduce the size of a long response
"9" * 999999999 (about 1 GB) was too large for some CI servers.
This commit changes the size to 999999 (about 1 MB).
http://rubyci.s3.amazonaws.com/scw-9d6766/ruby-master/log/20210427T141707Z.fail.html.gz
http://rubyci.s3.amazonaws.com/raspbian10-aarch64/ruby-master/log/20210427T145408Z.fail.html.gz
---
test/net/ftp/test_ftp.rb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
They are followed up with
https://github.com/ruby/ruby/commit/8fb02b7a97317090e3946e6f2d4a7d034f9699f1
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://github.com/ruby/net-smtp/commit/6e5c09dcc4
|
|
|
|
|
|
|
|
https://github.com/ruby/net-smtp/commit/b706942392
|
|
The helo argument is not important, but the helo argument must be
specified to specify the user and secret arguments.
If helo, user, secret, and authtype arguments are keyword arguments,
it is not necessary to specify the helo argument.
https://github.com/ruby/net-smtp/commit/269774deac
|
|
In tlsconnect(), the host name is checked when
@ssl_context.verify_mode is not OpenSSL::SSL::VERIFY_NONE, but the
verify_mode of @ssl_context generated by default is nil.
https://github.com/ruby/net-smtp/commit/bde75a15b5
|
|
|
|
|
|
|
|
|
|
|
|
"requiring version.rb" strategy has some issues.
- cannot work when cross-compiling
- often introduces wrong namespace
- must know the superclasses
- costs at each runtime than at build-time
etc.
Notes:
Merged: https://github.com/ruby/ruby/pull/3375
|
|
On case-insensitive filesystem, generated Net/FTP.html is
overwritten by Net/Ftp.html.
https://github.com/ruby/net-ftp/commit/14a6ff5134
|
|
|
|
|
|
https://github.com/ruby/net-imap/commit/c3256e3848
|
|
...to reflect that Net::HTTP.start accepts keep_alive_timeout as an option.
Notes:
Merged: https://github.com/ruby/ruby/pull/3185
|
|
* See https://bugs.ruby-lang.org/issues/13882#note-6
Notes:
Merged: https://github.com/ruby/ruby/pull/3164
|
|
Fixes [Misc #16916]
|
|
Patch by koshigoe (Masataka SUZUKI). Thanks!
|
|
|
|
Currently, Net::HTTP can only send a single SSL certificate when it
establishes a connection. Some use-cases involve sending an entire
certificate chain to the destination; for this, SSLContext supports
assigning to #extra_chain_cert=.
This adds support in Net::HTTP for exposing this underlying SSLContext
property to end-users. [Feature #9758]
|
|
|
|
https://github.com/ruby/actions/runs/500526558?check_suite_focus=true#step:16:127
```
Failures:
1) Bundler.setup when Bundler is bundled doesn't blow up
Failure/Error: expect(err).to be_empty
expected `"fatal: not a git repository (or any of the parent directories): .git\nfatal: not a git repository (o...the parent directories): .git\nfatal: not a git repository (or any of the parent directories): .git".empty?` to return true, got false
Commands:
$ /home/runner/work/actions/actions/snapshot-master/ruby \
-I/home/runner/work/actions/actions/snapshot-master/lib:/home/runner/work/actions/actions/snapshot-master/spec/bundler \
-rsupport/hax -rsupport/artifice/fail \
/home/runner/work/actions/actions/snapshot-master/libexec/bundle install --retry 0
Resolving dependencies...
Using bundler 2.1.4
Bundle complete! 1 Gemfile dependency, 1 gem now installed.
Use `bundle info [gemname]` to see where a bundled gem is installed.
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
# $? => 0
$ /home/runner/work/actions/actions/snapshot-master/ruby \
-I/home/runner/work/actions/actions/snapshot-master/lib:/home/runner/work/actions/actions/snapshot-master/spec/bundler \
-rsupport/hax -rsupport/artifice/fail \
/home/runner/work/actions/actions/snapshot-master/libexec/bundle exec ruby -e \
require\ \'bundler\'\;\ Bundler.setup
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
fatal: not a git repository (or any of the parent directories): .git
# $? => 0
# ./spec/bundler/runtime/setup_spec.rb:1056:in `block (3 levels) in <top (required)>'
# ./spec/bundler/spec_helper.rb:111:in `block (3 levels) in <top (required)>'
# ./spec/bundler/spec_helper.rb:111:in `block (2 levels) in <top (required)>'
# ./spec/bundler/spec_helper.rb:78:in `block (2 levels) in <top (required)>'
make: *** [yes-test-bundler] Error 1
```
|
|
|
|
* Let Net::HTTP.get take request headers
* Add more test cases for no header usages
* Add examples with request headers
* Add a NEWS entry [ci skip]
[Feature #16686]
Notes:
Merged-By: k0kubun <takashikkbn@gmail.com>
|
|
|
|
As `String#split` with the default argument drops trailing newline
as a separator, preceding `String#chomp` is futile.
|
|
|
|
test/net/http/test_https.rb: rename fixture methods to read_fixture
because it conflicts with test-unit gem.
|
|
|
|
|
|
|