| Age | Commit message (Collapse) | Author |
|---|
|
If someone sets an env variable defining a http_proxy, containing a
username / password with percent-encoded characters, then the resulting
base64 encoded auth header will be wrong.
For example, suppose a username is `Y\X` and the password is `R%S] ?X`.
Properly URL encoded the proxy url would be:
http://Y%5CX:R%25S%5D%20%3FX@proxy.example:8000
The resulting proxy auth header should be: `WVxYOlIlU10gP1g=`, but the
getters defined by ruby StdLib `URI` return a username `Y%5CX` and
password `R%25S%5D%20%3FX`, resulting in `WSU1Q1g6UiUyNVMlNUQlMjAlM0ZY`.
As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to
standard lib especially and I am not a ruby developer.
References:
- https://gitlab.com/gitlab-org/gitlab/-/issues/289836
- https://bugs.ruby-lang.org/projects/ruby-master/repository/trunk/revisions/58461
- https://bugs.ruby-lang.org/issues/17542
https://github.com/ruby/net-http/commit/e57d4f38aa
|
|
Use Socket.tcp's connect_timeout option instead
https://github.com/ruby/net-http/commit/753cae3bbc
|
|
testings >0.2.1
https://github.com/ruby/net-smtp/commit/8f2c9323e2
|
|
https://github.com/ruby/net-smtp/commit/69bba6b125
|
|
Timeout.timeout is inefficient since it spins up a new thread for
each invocation, use Socket.tcp's connect_timeout option instead
https://github.com/ruby/net-smtp/commit/6ae4a59f05
|
|
keyword argument
Additional params are passed to OpenSSL::SSL::SSLContext#set_params.
For example, `Net::SMTP#start(ssl_context_params: { cert_store: my_store, timeout: 123 })`
calls `set_params({ cert_store: my_store, timeout: 123 })`.
https://github.com/ruby/net-smtp/commit/4213389c21
|
|
iff means if and only if, but readers without that knowledge might
assume this to be a spelling mistake. To me, this seems like
exclusionary language that is unnecessary. Simply using "if and only if"
instead should suffice.
https://github.com/ruby/net-ftp/commit/e920473618
|
|
Reported by Alexandr Savca as a DoS vulnerability, but Net::FTP is a
client library and the impact of the issue is low, so I have decided
to fix it as a normal issue.
Based on patch by nobu.
https://github.com/ruby/net-ftp/commit/a93af636f8
|
|
setting up the transfer
Previously, the connection leaked in this case. This uses
begin/ensure and checking for an error in the ensure block.
An alternative approach would be to not even perform the
connection until after the RETR (or other) command has been
sent. However, I'm not sure all FTP servers support that.
The current behavior is:
* Send (PASV/EPSV)
* Connect to the host/port returned in 227/229 reply
* Send (RETR/other command)
Changing it to connect after the RETR could break things.
FTP servers might expect that the client has already
connected before sending the RETR. The alternative
approach is more likely to introduce backwards compatibility
issues, compared to the begin/ensure approach taken here.
Fixes Ruby Bug 17027
https://github.com/ruby/net-ftp/commit/6e8535f076
|
|
Timeout.timeout is inefficient since it spins up a new thread for
each invocation, use Socket.tcp's connect_timeout option instead
when we aren't using SOCKS (we can't replace Timeout.timeout
for SOCKS yet since SOCKSSocket doesn't have a connect_timeout
option).
https://github.com/ruby/net-ftp/commit/d65910132f
|
|
https://github.com/ruby/matrix/commit/f7c9981907
|
|
https://github.com/ruby/matrix/commit/baea4b90d4
|
|
Gem::Specification#add_development_dependency.
https://github.com/ruby/matrix/commit/1381fde5c1
|
|
This reverts commit c647205c3eb1f17409a859149bb7d2ea38b43bed.
Maybe the root issue was fixed by 7ac078e5b67ba752a755d6bd9c3a99999767fd3a
Notes:
Merged: https://github.com/ruby/ruby/pull/4416
|
|
Currently `IRB::Color.colorize` and `IRB::Color.colorize_code`
refer `$stdin.tty?` internally.
This patch adds `colorable` keyword option which overrides it.
https://github.com/ruby/irb/commit/402e3f1907
|
|
https://github.com/ruby/irb/commit/783a0569e8
|
|
To debug CI failures on FreeBSD, disable `shareable_constant_value`.
|
|
`#=~` builds `MatchData`, requiring extra allocations as compared to
`#match?`, which returns a boolean w/o having to build the `MatchData`.
https://github.com/ruby/uri/commit/158f58a9cc
|
|
https://github.com/ruby/uri/commit/0f0057e1b2
|
|
Tests pass on Ruby 2.4, but not on Ruby 2.3.
https://github.com/ruby/uri/commit/594418079a
|
|
This allows tests to pass on Ruby 2.4-2.6.
Fixes #19
https://github.com/ruby/uri/commit/67ca99ca87
|
|
https://github.com/ruby/uri/commit/3b7ccfd835
|
|
These Java properties, retrieved from JRuby's "Java env" ENV_JAVA,
allow JRuby users to use the same proxy properties the rest of the
Java platform uses.
This resolves https://bugs.ruby-lang.org/issues/11194
https://github.com/ruby/uri/commit/3bd2bcc95a
|
|
https://github.com/ruby/net-imap/commit/31f96ea884
|
|
Fixes #14
https://github.com/ruby/net-imap/commit/39d39ff9bb
|
|
|
|
This gem exposes no executables.
https://github.com/ruby/benchmark/commit/ff1ef7ae06
|
|
method name.
https://github.com/ruby/benchmark/commit/02ce298d3e
|
|
The gem exposes no executables
https://github.com/ruby/cgi/commit/cd7106ad97
|
|
https://github.com/ruby/cgi/commit/2b1c2e21a4
|
|
https://github.com/ruby/time/commit/c784e4f166
|
|
https://github.com/ruby/pp/commit/a202dd2c9b
|
|
https://github.com/ruby/pp/commit/3ee131ae92
|
|
This gem exposes no executables, and this makes that clearer.
https://github.com/ruby/resolv/commit/8797a9d3ce
|
|
This gem exposes no executables.
https://github.com/ruby/forwardable/commit/374b685927
|
|
This avoids shelling out to git.
https://github.com/ruby/base64/commit/f45f06f93f
|
|
This gem exposes no executables.
https://github.com/ruby/base64/commit/9d2c49cb19
|
|
https://github.com/ruby/abbrev/commit/f28839e7b8
|
|
iff means if and only if, but readers without that knowledge might
assume this to be a spelling mistake. To me, this seems like
exclusionary language that is unnecessary. Simply using "if and only if"
instead should suffice.
https://github.com/ruby/logger/commit/4fa0c28e00
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4383
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4383
|
|
|
|
|
|
https://github.com/ruby/optparse/commit/cccb28e0de
|
|
#reset, which is forgot to call
|
|
As expressions in a gemspec file are evaluated at the build time,
but not the run time, the conditional in the gemspec will not work
as intended.
https://github.com/ruby/reline/commit/c09b7c454a
|
|
https://github.com/ruby/reline/commit/ee23e6f3f8
|
|
https://github.com/ruby/reline/commit/27b689a7e2
|
|
As expressions in a gemspec file are evaluated at the build time,
but not the run time, the conditional in the gemspec will not work
as intended.
https://github.com/ruby/irb/commit/42f364ea23
|
|
And the required ruby version is 2.5 or later.
https://github.com/ruby/irb/commit/ac496d4c78
|
