Age | Commit message (Collapse) | Author |
|
Fix a command injection vulnerability in Net::FTP.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61245 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
webrick: avoid unnecessary IO#sync= call
Sockets and pipes are always created with FMODE_SYNC flag
already set (otherwise many things would be broken).
* lib/webrick/server.rb (accept_client): remove unnecessary
IO#sync= call
webrick: do not hang acceptor on slow TLS connections
OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
which negotiate the TCP connection, but fail (or are slow) to
negotiate the subsequent TLS handshake. This prevents the
multi-threaded WEBrick server from accepting other connections.
Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
consists of normal read/write traffic over TCP, handle it in the
per-client thread, instead.
Furthermore, using non-blocking accept() is useful for non-TLS
sockets anyways because spurious wakeups are possible from
select(2).
* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
and remove OpenSSL::SSL::SSLSocket#accept call
* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#accept
* test/webrick/test_ssl_server.rb (test_slow_connect): new test
[ruby-core:83221] [Bug #14005]
webrick: fix up r60172
By making the socket non-blocking in r60172, TLS/SSL negotiation
via the SSL_accept function must handle non-blocking sockets
properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
non-blocking socket, so it must use non-blocking logic of
OpenSSL::SSL::SSLSocket#accept_nonblock.
Thanks to MSP-Greg (Greg L) for finding this.
* lib/webrick/server.rb (start_thread): use SSL_accept properly
with non-blocking socket.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and revert r60189
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
EPROTO, and EINVAL on TLS negotiation errors the same way they
were ignored before r60172 in the accept_client method of the
main acceptor thread.
[Bug #14013] [Bug #14005]
webrick: fix up r60172 and r60208
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): fix non-local return
introduced in r60208
webrick: fix up r60172 and r60210
Thanks to MSP-Greg (Greg L) for helping with this.
* lib/webrick/server.rb (start_thread): properly fix non-local return
introduced in r60208 and r60210
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61239 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
webrick: compile RE correctly for beginning and end match
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@61238 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Merge rubygems-2.6.14 changes.
It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@60168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/webrick/log.rb: sanitize any type of logs
It had failed to sanitize some type of exception messages. Reported and
patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Backport #13842]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59814 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59813 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
A HTTP Header value must not contain CR or LF.
to_str -> to_s
* lib/net/http/header.rb (set_field): `val` can not have `to_str`.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59783 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
REXML: Fix a bug that unexpected methods can be called as a XPath function
[HackerOne:249295]
Reported by Andrea Jegher. Thanks!!!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59782 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
escape.c: check argument
* ext/cgi/escape/escape.c (optimized_unescape): check
accept_charset encoding argument.
share `@@accept_charset`
* lib/cgi/{core,util}.rb: include CGI::Util not only extending, to
share `@@accept_charset` class variable, so that it is always
accessible. [ruby-core:80986] [Bug #13539]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59511 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
ostruct.rb: fix OpenStruct.allocate
* lib/ostruct.rb (OpenStruct.allocate): initialize an instance
variable directly, without calling `intialize` method which may
be overridden in a subclass. [ruby-core:80292] [Bug #13358]
ostruct.rb: improve fix for OpenStruct.allocate + #respond_to?
* lib/ostruct.rb (OpenStruct#respond_to_missing?): this makes
OpenStruct#respond_to? works on any OpenStruct instance,
just like Kernel#respond_to? does, without workarounds.
[ruby-core:80292] [Bug #13358]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59407 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
mkmf.rb: fix script installation
* lib/mkmf.rb (MakeMakefile): fix condition to install script
files.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rexml: add close tag check on end of document to StreamParser
[ruby-core:81593] [Bug #13636]
Reported by Anton Sivakov. Thanks!!!
* properties.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rss: Accept empty text element as valid element
Parser has been accepted it but XML serializer wasn't accepted.
Reported by stefano frabetti. Thanks!!!
[ruby-core:80965] [Bug #13531]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59396 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
optparse.rb: get rid of eval
* lib/optparse.rb: try Float() and Integer() instead of eval,
which does too much things.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59316 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
erb.rb: Allow explicit trimming carriage return
when trim_mode is "-", for Windows environments.
[ruby-core:39625] [Bug #5339]
erb.rb: Allow trimming CR in all trim_modes
to unify a behavior with r58823 and r58825.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59301 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
erb.rb: Allow trimming carriage return
when trim_mode is "<>", for Windows environments.
[Bug #11464]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@59300 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fileutils.rb: do not make root
* lib/fileutils.rb (FileUtils#mkdir_p): no need to make root
directory which should be exist and cannot be made with mkdir
recent Cygwin can make a directory contains a colon.
[Bug #13214]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58631 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
uri/generic.rb: fix exception on non-IP format
* lib/uri/generic.rb (URI::Generic#find_proxy): match IP address
no_proxy against resolved self IP address. [Fix GH-1513]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58624 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix bug of Tempfile#size if nothing is written [Bug #13198]
* lib/tempfile.rb (Tempfile#size): Fix its behavior when nothing
is written. Tempfile#size should return 0 in this case.
The patch is from nobu <nobu@ruby-lang.org>.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58013 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Raise error if spec is nil
With parallel test-all, the spec is sometimes nil.
To debug it raise more detailed error.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58002 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
test_gem.rb: exclude default gems
* test/rubygems/test_gem.rb: check difference to exclude default
gems from the expected results. [Feature #13186]
Merge rubygems-2.6.11
This version fixed regression of rubygems-2.6.10.
https://github.com/rubygems/rubygems/pull/1856
See details of changelogs for 2.6.11 release:
https://github.com/rubygems/rubygems/blob/adfcf40502716080bd9cdfdd2e43bd4296872784/History.txt#L3
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@58001 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Update Rubygems 2.6.10
* https://github.com/rubygems/rubygems/commit/2ee5bf9fd3bd7649d3e244bc40107ff32070ef47
* https://github.com/rubygems/rubygems/commit/be510dd4097e65c6a256a6e173d6b724a3a96472
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57952 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
docs for FileUtils.ln methods
* lib/fileutils.rb: [DOC] add clarifying call-seq's for FileUtil.ln,
ln_s, and ln_sf, with better argument names for the created link and
link target. Reported by Mike Vastola. [ruby-core:62532] [Bug #9829]
* lib/fileutils.rb: [DOC] further improve descriptions of FileUtils.ln
and related methods; improve examples: relative links probably won't
work in other dir, avoid `include', use more generic homedir name.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57940 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
rdoc for String class
* lib/unicode_normalize.rb: [DOC] prevent a comment from
showing up in the class documentation for String.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57927 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
nodoc OptParse
* lib/optparse.rb: [DOC] nodoc OptParse, introduced with r46126,
to avoid leaking of its documentation (OptionParser's docs) into
the class documentation of Object. [ruby-core:79909] [Bug #13281]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57926 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
fileutils.rb: improve rdoc for FileUtils
* lib/fileutils.rb: [DOC] fix invalid example code to make it
syntax highlighted, fix rdoc for lists, nodoc internal methods,
avoid a dangerous example.
hash.c: [DOC] fix book title in example
struct.c: improve rdoc for Struct
* struct.c: [DOC] improve examples for ::new, improve #dig example,
simplify #select example, use consistent style for return values,
fix typos and example code style, remove duplicate cross reference.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
forwardable.rb: use defined?
* lib/forwardable.rb (_delegator_method): use defined? operator
instead of binding and calling unbound Kernel#respond_to?. a
remedy for an performance bottleneck.
forwardable.rb: use defined?
* lib/forwardable.rb (_delegator_method): use defined? operator
instead of binding and calling unbound Kernel#respond_to?. a
remedy for an performance bottleneck.
forwardable.rb: fix branches
* lib/forwardable.rb (instance_delegate, single_delegate): fix
inverted branches.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57913 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/ostruct.rb: Fix returned value of each_pair.
From a patch by Marcus Stollsteimer. [Fixes #13169]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57893 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
mkmf.rb: message format string
* lib/mkmf.rb (checking_for): message needs format string.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57880 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[DOC] Use Integer instead of Fixnum [ci skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57875 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Add document for lib/rss/atom.rb
[fix GH-1520]
Patch by Tsehau Chao. Thanks!!!
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57874 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix typo of URI#escape [Bug #13147]
patched by Steve Hill <sghill.dev@gmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57870 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
csv.rb: fix field_size_limit check
* lib/csv.rb (CSV#shift): the last column is an Array in extended
column since r55985. [ruby-dev:49964] [Bug #13149]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57868 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Fix documentation of options for all of methods in FileUtils.
Patch by galia traub( @galiat ). [Fix GH-1510][ci skip]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_4@57863 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57071 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
`parser` refered RFC2396_Parser, but it is separated.
test is contributed by Dominik Menke
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57066 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
We were missing a `:nodoc:` magic comment that was making automated tools show
that this method was missing documentation, when it really didn't need to be
documented.
by Devon Estes <devon.c.estes@gmail.com>
https://github.com/ruby/ruby/pull/1482 fix GH-1482
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57047 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/irb/ruby-lex.rb (identify_identifier): treat identifier just
followed by a colon as a lable. this is not a precise solution
but enough for the time being. [ruby-core:78526] [Bug #13012]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57027 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
There is no need to call Utils.getservername when the :ServerName option is
specified, so delay Utils.getservername until needed to avoid unnecessary
DNS lookups. [ruby-core:78492] [Bug #13007]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57014 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57003 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56937 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/matrix.rb: now ruby warns ambiguous parentheses after a space in method definitions.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56931 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56925 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
The TLS handshake timeout can be specified independently, because the TLS
handshake doesn't start just after the underlying connection is established,
but after the AUTH command is completed. It's also useful for testing
purposes. However, if ssl_handshake_timeout is not specified, open_timeout
is used instead for convenience.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56919 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Otherwise, @sock.read in Net::FTP#close hungs until read_timeout exceeded.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56918 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Otherwise, file descriptor leaks may occur in Net::FTP.new.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56916 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Net::FTP inherits ssl_socket_connect from Net::Protocol to implement timeout.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56898 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
@addr2name is a private Hash and never changes its default_proc,
so only pay the hash lookup cost once; we know missing entries
in the hash will be nil.
* lib/resolv.rb (each_name): use safe navigation operator
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56890 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Symbol proc is less code and avoids confusion from variable
naming.
* lib/webrick/server.rb (shutdown): use symbol proc
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@56889 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|