Age | Commit message (Collapse) | Author |
|
Reported by Alexandr Savca in https://hackerone.com/reports/1178562
Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67950 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This fixes CVE-2021-31810.
Reported by Alexandr Savca.
Co-authored-by: Shugo Maeda <shugo@ruby-lang.org>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67949 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby/rdoc] Use File.open to fix the OS Command Injection vulnerability in CVE-2021-31799
https://github.com/ruby/rdoc/commit/a7f5d6ab88
The test for command injection on Unix platforms should be omitted on Windows
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67947 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby/resolv] Fix confusion of received response message
This is a follow up for commit 33fb966197f1 ("Remove sender/message_id
pair after response received in resolv", 2020-09-11).
As the @senders instance variable is also used for tracking transaction
ID allocation, simply removing an entry without releasing the ID would
eventually deplete the ID space and cause
Resolv::DNS.allocate_request_id to hang.
It seems the intention of the code was to check that the received DNS
message is actually the response for the question made within the method
earlier. Let's have it actually do so.
[Bug #12838] https://bugs.ruby-lang.org/issues/12838
[Bug #17748] https://bugs.ruby-lang.org/issues/17748
https://github.com/ruby/resolv/commit/53ca9c9209
---
lib/resolv.rb | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67946 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67940 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Remove sender/message_id pair after response received in resolv
Once a response for a given DNS request has been received (which
requires a matching message id), the [sender, message_id] pair
should be removed from the list of valid senders. This makes it
so duplicate responses from the same sender are ignored.
Fixes [Bug #12838]
---
lib/resolv.rb | 2 +-
test/resolv/test_dns.rb | 113 ++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 114 insertions(+), 1 deletion(-)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67929 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby/uri] Check if DN exists
https://bugs.ruby-lang.org/issues/16830
https://github.com/ruby/uri/commit/b4bf8c1217
---
lib/uri/ldap.rb | 1 +
test/uri/test_ldap.rb | 4 ++++
2 files changed, 5 insertions(+)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67914 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Correctly remove temporary directory if path yielded is mutated
Another approach would be to freeze the string, but that could
cause backwards compatibility issues.
Fixes [Bug #16918]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67910 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix error raised by Net::HTTPResponse#inflater if the block raises
* See https://bugs.ruby-lang.org/issues/13882#note-6
---
lib/net/http/response.rb | 5 ++-
spec/ruby/library/net/http/http/get_spec.rb | 67 +++++++++++++++++++++++++++++
2 files changed, 70 insertions(+), 2 deletions(-)
Quarantine specs which fail frequently with CHECK_LEAKS=true
---
spec/ruby/library/net/http/http/get_spec.rb | 2 ++
1 file changed, 2 insertions(+)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67909 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
brace the fact that lchmod(2) can EOPNOTSUPP
Musl libc has this function as a tiny wrapper of fchmodat(3posix). On
the other hand Linux kernel does not support changing modes of a symlink.
The operation always fails with EOPNOTSUPP. This fchmodat behaviour is
defined in POSIX. We have to take care of such exceptions.
---
lib/fileutils.rb | 3 ++-
test/pathname/test_pathname.rb | 2 +-
test/ruby/test_notimp.rb | 19 ++++++++++++-------
3 files changed, 15 insertions(+), 9 deletions(-)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67907 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Backport #17201]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67892 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67888 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
`FileTest.send(command, ...)` allows to call not only FileTest-related
methods but also any method that belongs to Kernel, Object, etc.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67810 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
WEBrick: prevent response splitting and header injection
This is a follow up to d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16.
The commit prevented CRLR, but did not address an isolated CR or an
isolated LF.
Co-Authored-By: NARUSE, Yui <naruse@airemix.jp>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Loop with String#scan without creating substrings
Create the substrings necessary parts only, instead of cutting the
rest of the buffer. Also removed a useless, probable typo, regexp.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
f308ab2131ee675000926540cbb8c13c91dc3be5,989e8ad322afdfa3aa06e74b89fc42aef42895d0:
Remove jquery.js
Remove debug print [ci skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67797 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67780 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Avoid creating Hash objects per each mon_synchronize call (#2393)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67749 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
handle_interrupt to defend monitor state [Bug #15992]
If an exception is raised from another thread for example Timeout
and this thread is just after `mon_exit`'s `@mon_owner = nil`,
the exception breaks the state of MonitorMixin. To prevent that situation,
it need to block interruption in mon_enter and mon_exit.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67742 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fix visibility of SecureRandom.gen_random
Aliasing a method preserves its visibility. These aliases turn
formerly-public methods into private. Should make them public
again. [Bug #15847]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67723 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Support SNI (Reapplying r67488)
This fixes connecting using TLS 1.3 to imap.gmail.com
[Fix GH-2077] [Feature #15594]
From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67564 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
separate downloading of Unicode property files and auxiliary files
Separate downloading of Unicode property files in ucd and in ucd/auxiliary.
This is needed because we need information from separate index.html files
to discover the exact file names of property files during a beta period.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67562 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
change lib/unicode_normalize/tables.rb to single item per line to make diffs shorter
* template/unicode_norm_gen.tmpl: Change formatting of output to produce only a
single item (or range) for each line to make future diffs shorter and easier
to understand and check.
* lib/unicode_normalize/tables.rb: output of the above
update to Unicode Version 12.1.0 (beta)
Unicode Version 12.1.0 adds one single character, U+32FF SQUARE ERA NAME REIWA,
for the new Japanese era starting on May 1st. 12.1.0 will be finalized only on
May 7th, so we go with the beta version because further changes in the data we
need are highly unlikely, and we want to make sure Ruby is ready for the new era.
* common.mk: change UNICODE_VERSION to 12.1.0, UNICODE_BETA to YES
* enc/unicode/12.1.0, enc/unicode/12.1.0/casefold.h, enc/unicode/12.1.0/name2ctype.h:
add directory and generated data files for new version
* lib/unicode_normalize/tables.rb: update for new character
* test/ruby/test_regexp.rb: add test for character property age=12.1
* test/test_unicode_normalize.rb: add test for NFKC decomposition of new character
This (mostly) completes issue #15195.
remove Unicode 12.0.0 related directory and generated files
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67525 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Fixed following vulnerabilities:
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handling
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
* see also https://blog.rubygems.org/2019/03/05/3.0.3-released.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67182 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fixed gemspec location of bundler.
FileCollector of rbinstall.rb requires location of gemspec under
the sub-direcotry with the same name as default gems.
I forgot to fix it with r66867.
[Bug #15582][ruby-core:91374]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67180 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Ignore to add bundler lib direcotry if it is same as rubylibdir.
[Bug #15469][ruby-core:90742]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67179 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix exception namespace
* lib/fileutils.rb (remove_entry_secure): EISDIR is under the
Errno namespace. [ruby-core:91362] [Bug #15577]
From: Tietew (Toru Iwase) <tietew@tietew.net>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67177 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
update Unicode version (and Emoji version) to 12.0.0
- common.mk: set UNICODE_VERSION and UNICODE_EMOJI_VERSION to 12.0.0
- lib/unicode_normalize/tables.rb: update table data to Unicode version 12.0.0
- enc/unicode/12.0.0/casefold.h, enc/unicode/12.0.0/name2ctype.h: add generated
files for Unicode version 12.0.0
This is the main commit for #15321.
add news about Unicode version update (issue #15321) to NEWS [ci skip]
delete directory and files related to Unicode version 11.0.0
this completes and closes feature #15321
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67175 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
tmpdir.rb: permission of user given directory
* lib/tmpdir.rb (Dir.mktmpdir): check if the permission of the
parent directory only when using the default temporary
directory, and no check against user given directory. the
security is the user's responsibility in that case.
[ruby-core:91216] [Bug #15555]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66941 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Upgrade CSV to 3.0.4
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66926 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix mday overflow
[ruby-core:90897] [Bug #15506]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66825 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix Net::Protocol::BufferedIO#write when sending large multi-byte string
This commit should fix Net::Protocol::BufferedIO#write when sending
large multi-byte string like following example.
```
$ ruby -rnet/http -rjson -v -e "Net::HTTP.post(URI('http://httpbin.org/post'), { text: '?'*100_000 }.to_json, 'Content-Type' => 'application/json')"
ruby 2.6.0p0 (2018-12-25 revision 66547) [x86_64-linux]
Traceback (most recent call last):
19: from -e:1:in `<main>'
18: from lib/ruby/2.6.0/net/http.rb:500:in `post'
17: from lib/ruby/2.6.0/net/http.rb:605:in `start'
16: from lib/ruby/2.6.0/net/http.rb:920:in `start'
15: from lib/ruby/2.6.0/net/http.rb:502:in `block in post'
14: from lib/ruby/2.6.0/net/http.rb:1281:in `post'
13: from lib/ruby/2.6.0/net/http.rb:1493:in `send_entity'
12: from lib/ruby/2.6.0/net/http.rb:1479:in `request'
11: from lib/ruby/2.6.0/net/http.rb:1506:in `transport_request'
10: from lib/ruby/2.6.0/net/http.rb:1506:in `catch'
9: from lib/ruby/2.6.0/net/http.rb:1507:in `block in transport_request'
8: from lib/ruby/2.6.0/net/http/generic_request.rb:123:in `exec'
7: from lib/ruby/2.6.0/net/http/generic_request.rb:189:in `send_request_with_body'
6: from lib/ruby/2.6.0/net/protocol.rb:247:in `write'
5: from lib/ruby/2.6.0/net/protocol.rb:265:in `writing'
4: from lib/ruby/2.6.0/net/protocol.rb:248:in `block in write'
3: from lib/ruby/2.6.0/net/protocol.rb:275:in `write0'
2: from lib/ruby/2.6.0/net/protocol.rb:275:in `each_with_index'
1: from lib/ruby/2.6.0/net/protocol.rb:275:in `each'
lib/ruby/2.6.0/net/protocol.rb:280:in `block in write0': undefined method `bytesize' for nil:NilClass (NoMethodError)
```
[Fix GH-2058]
From: Eito Katagiri <eitoball@gmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Import REXML 3.1.9
It restores removed REXML::Parsers::BaseParser::UNQME_STR.
Because it's used by kramdown.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@66542 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66511 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This includes performance improvement especially writing. Writing is
about 2 times faster.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66507 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It fixed the issues of RubyGems 3.0.0.
https://blog.rubygems.org/2018/12/23/3.0.1-released.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66499 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Patch by Shuji Kobayashi.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66496 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
See https://github.com/ruby/rexml/blob/master/NEWS.md for change summary.
Changes for spec/ has been reported: https://github.com/ruby/spec/pull/639
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66458 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
So that a customized HTTPServer subclass can use it's own
Request/Response classes.
To apply the override, make a subclass of WEBrick::HTTPServer
and override the
`create_request_and_response(with_webrick_config)` method. The
method should return an Array of [request, response].
To check whether the Server supports this method (i.e. when
using older versions of WEBrick when needing this
functionality), you can ask the server if it responds to the
method
server.respond_to?(:create_request_and_response)
This is backportable.
[ruby-core:69604] [Feature #11266]
From: Julik Tarkhanov <me@julik.nl>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66452 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
https://blog.rubygems.org/2018/12/19/3.0.0-released.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66451 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66450 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66433 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
- Enable frozen_string_literal and do a bit of code cleanup
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[ruby-core:90525] [Bug #15411]
From: zverok (Victor Shepelev) <zverok.offline@gmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66415 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
So that classes which uses Net::HTTP with https can use OpenSSL
namespace for example exception classes like OpenSSL::SSL::SSLError.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
OpenSSL maybe aren't loaded in rubygems.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66395 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66358 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66357 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix and improve version string by @stomar
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@66356 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|