| Age | Commit message (Collapse) | Author |
|---|
|
|
|
* Merge URI-0.10.3
* Merge URI-0.10.0.3 for Bundler
|
|
|
|
|
|
|
|
* Merge URI-0.10.2
* Merge URI-0.10.0.2 for bundler
* Added assert_linear_performance for URI tests
|
|
|
|
The warning against `-undefined dynamic_lookup` is just a warning yet,
and many gems seem to pay no attention to warnings. Until it fails
actually, keep it as a migration path, except for standard extension
libraries and bundled extension gems.
|
|
Co-authored-by: Yuta Saito <kateinoigakukun@gmail.com>
|
|
|
|
|
|
Make use of the check in rb_alloc_tmp_buffer2.
https://hackerone.com/reports/1328463
When parsing cookies, only decode the values
Bump version
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Co-authored-by: Yusuke Endoh <mame@ruby-lang.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://github.com/ruby/drb/commit/7edf67654c
|
|
|
|
|
|
|
|
|
|
This fixes CVE-2021-32066.
Reported by Alexandr Savca in <https://hackerone.com/reports/1178562>.
|
|
This fixes CVE-2021-31810.
Reported by Alexandr Savca.
Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
[ruby/net-ftp] Bump version to 0.1.2
https://github.com/ruby/net-ftp/commit/895ba44b3c
---
lib/net/ftp.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/net-ftp] Replace "iff" with "if and only if"
iff means if and only if, but readers without that knowledge might
assume this to be a spelling mistake. To me, this seems like
exclusionary language that is unnecessary. Simply using "if and only if"
instead should suffice.
https://github.com/ruby/net-ftp/commit/e920473618
---
lib/net/ftp.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/net-ftp] Close the passive connection data socket if there is
an error setting up the transfer
Previously, the connection leaked in this case. This uses
begin/ensure and checking for an error in the ensure block.
An alternative approach would be to not even perform the
connection until after the RETR (or other) command has been
sent. However, I'm not sure all FTP servers support that.
The current behavior is:
* Send (PASV/EPSV)
* Connect to the host/port returned in 227/229 reply
* Send (RETR/other command)
Changing it to connect after the RETR could break things.
FTP servers might expect that the client has already
connected before sending the RETR. The alternative
approach is more likely to introduce backwards compatibility
issues, compared to the begin/ensure approach taken here.
Fixes Ruby Bug 17027
https://github.com/ruby/net-ftp/commit/6e8535f076
---
lib/net/ftp.rb | 24 ++++++++++++++----------
test/net/ftp/test_ftp.rb | 39 +++++++++++++++++++++++++++++++++++++--
2 files changed, 51 insertions(+), 12 deletions(-)
|
|
[ruby/net-ftp] Replace Timeout.timeout with socket timeout
Timeout.timeout is inefficient since it spins up a new thread for
each invocation, use Socket.tcp's connect_timeout option instead
when we aren't using SOCKS (we can't replace Timeout.timeout
for SOCKS yet since SOCKSSocket doesn't have a connect_timeout
option).
https://github.com/ruby/net-ftp/commit/d65910132f
---
lib/net/ftp.rb | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
|
|
mkmf: fixed install directories of header files in extension
libraries [Bug #17761]
When installing an extension library which provides a header, that
header should be installed under site_ruby (or vendor_ruby when
"--vendor" option was given to extconf.rb). However, currently
this file is about to be installed in the core include directory.
---
lib/mkmf.rb | 8 ++++----
test/mkmf/test_install.rb | 30 ++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 4 deletions(-)
create mode 100644 test/mkmf/test_install.rb
|
|
mkmf.rb: convert also arch_hdrdir [Bug #16651]
---
lib/mkmf.rb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
[ruby/resolv] Fix confusion of received response message
This is a follow up for commit 33fb966197f1 ("Remove sender/message_id
pair after response received in resolv", 2020-09-11).
As the @senders instance variable is also used for tracking transaction
ID allocation, simply removing an entry without releasing the ID would
eventually deplete the ID space and cause
Resolv::DNS.allocate_request_id to hang.
It seems the intention of the code was to check that the received DNS
message is actually the response for the question made within the method
earlier. Let's have it actually do so.
[Bug #12838] https://bugs.ruby-lang.org/issues/12838
[Bug #17748] https://bugs.ruby-lang.org/issues/17748
https://github.com/ruby/resolv/commit/53ca9c9209
---
lib/resolv.rb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
|
