| Age | Commit message (Collapse) | Author |
|---|
|
mkmf.rb: ignore linker warnings
* lib/mkmf.rb (try_ldflags): ignore linker warnings. they cause
unexpected failures on OpenBSD. [ruby-core:78827] [Bug #13069]
mkmf.rb: werror on mswin
* lib/mkmf.rb (MakeMakefile#try_ldflags): enable warning checking
on mswin, link.exe warns -l options but does not fail.
[Bug #13069]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
net/pop: make modified strings mutable
Thanks to Michael Zimmerman for the bug report
* lib/net/pop.rb: make modified strings mutable
[ruby-core:85210] [Bug #14416]
* test/net/pop/test_pop.rb: new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
lib/drb/extservm.rb (service): do not return `false'
invoke_service_command may set entries in @servers to `false',
making it incompatible with the intended use of the
safe navigation operator.
This caused occasional DRb test failures, but they were hidden
with automatic retry.
[ruby-core:87524] [Bug #14856]
Fixes: r53111 ("use safe navigation operator")
commit 059c9c1cf371e049c7481c78b76e9620da52757f [GH-1142]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64437 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
time.rb: fix parsing time zone in iso8601
* lib/time.rb (Time.xmlschema): a colon in time zone designator
can be omitted. [ruby-core:87277] [Bug #14790]
time.rb: fix parsing time zone in iso8601
* lib/time.rb (Time.xmlschema): the minute in time zone designator
can be omitted together with the preceding colon.
[ruby-core:87277] [Bug #14790]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64431 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
net/imap: Fix ArgumentError in send_string_data
Thanks to ShockwaveNN (Pavel Lobashov) for reporting the bug.
[ruby-core:86990] [Bug #14750]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@64420 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It breaks test-all
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@63025 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
get rid of test error/failure on Windows introduced at r62955
* lib/webrick/httpresponse.rb (send_body_io): use seek if NotImplementedError
is raised in IO.copy_stream with offset.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@63011 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@63007 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
win32/file.c: relative path with drive letter
* win32/file.c (IS_ABSOLUTE_PATH_P): home directory should not be
a relative path regardless a drive letter. PathIsRelativeW
returns FALSE on such path. [ruby-core:86356] [Bug #14638]
------------------------------------------------------------------------
r62953 | normal | 2018-03-28 17:05:46 +0900 (Wed, 28 Mar 2018) | 15 lines
webrick: favor .write over << method
This will make the next change to use IO.copy_stream
easier-to-read. When we can drop Ruby 2.4 support in a few
years, this will allow us to use writev(2) with multiple
arguments for headers and chunked responses.
* lib/webrick/cgi.rb (write): new wrapper method
lib/webrick/httpresponse.rb: (send_header): use socket.write
(send_body_io): ditto
(send_body_string): ditto
(send_body_proc): ditto
(_write_data): ditto
(ChunkedWrapper#write): ditto
(_send_file): ditto
------------------------------------------------------------------------
r62954 | normal | 2018-03-28 17:05:52 +0900 (Wed, 28 Mar 2018) | 14 lines
webrick/httpresponse: IO.copy_stream for regular files
Remove the redundant _send_file method since its functionality
is unnecessary with IO.copy_stream. IO.copy_stream also allows
the use of sendfile under some OSes to speed up copies to
non-TLS sockets.
Testing with "curl >/dev/null" and "ruby -run -e httpd" to
read a 1G file over Linux loopback reveals a reduction from
around ~0.770 to ~0.490 seconds on the client side.
* lib/webrick/httpresponse.rb (send_body_io): use IO.copy_stream
(_send_file): remove
[Feature #14237]
------------------------------------------------------------------------
r62955 | normal | 2018-03-28 17:05:57 +0900 (Wed, 28 Mar 2018) | 10 lines
webrick: use IO.copy_stream for single range response
This is also compatible with range responses generated
by Rack::File (tested with rack 2.0.3).
* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
use File object for the single range case
* test/webrick/test_filehandler.rb (get_res_body): use send_body
to test result
------------------------------------------------------------------------
r62956 | normal | 2018-03-28 17:06:02 +0900 (Wed, 28 Mar 2018) | 7 lines
test/webrick/test_filehandler.rb: stricter multipart range test
We need to ensure we generate compatibile output in
the face of future changes
* test/webrick/test_filehandler.rb (test_make_partial_content):
check response body
------------------------------------------------------------------------
r62957 | normal | 2018-03-28 17:06:08 +0900 (Wed, 28 Mar 2018) | 8 lines
webrick: quiet warning for multi-part ranges
Content-Length is ignored by WEBrick::HTTPResponse even if we
calculate it, so instead we chunk responses to HTTP/1.1 clients
and terminate HTTP/1.0 connections.
* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
quiet warning
------------------------------------------------------------------------
r62958 | normal | 2018-03-28 17:06:13 +0900 (Wed, 28 Mar 2018) | 7 lines
webrick/httpresponse: make ChunkedWrapper copy_stream-compatible
The .write method needs to return the number of bytes written
to avoid confusing IO.copy_stream.
* lib/webrick/httpresponse.rb (ChunkedWrapper#write): return bytes written
(ChunkedWrapper#<<): return self
------------------------------------------------------------------------
r62959 | normal | 2018-03-28 17:06:18 +0900 (Wed, 28 Mar 2018) | 9 lines
webrick: use IO.copy_stream for multipart response
Use the new Proc response body feature to generate a multipart
range response dynamically. We use a flat array to minimize
object overhead as much as possible; as many ranges may fit
into an HTTP request header.
* lib/webrick/httpservlet/filehandler.rb (multipart_body): new method
(make_partial_content): use multipart_body
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@63006 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Original patch by tenderlove (with minor style adjustments).
* lib/webrick/httpresponse.rb (send_header): call check_header
(check_header): raise on embedded CRLF in header value
* test/webrick/test_httpresponse.rb
(test_prevent_response_splitting_headers): new test
* (test_prevent_response_splitting_cookie_headers): ditto
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62986 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Reading entire request or response bodies into memory can lead
to trivial denial-of-service attacks. Introduce Fibers in both
cases to allow streaming.
WEBrick::HTTPRequest gains a new body_reader method to prepare
itself as a source for IO.copy_stream. This allows the
WEBrick::HTTPRequest object to be used as the
Net::HTTPGenericRequest#body_stream= arg for Net::HTTP.
For HTTP proxy response bodies, we also use a Fiber to
to make the HTTP request and read the response body.
* lib/webrick/httprequest.rb (body_reader): new method
(readpartial): ditto
* lib/webrick/httpproxy.rb (perform_proxy_request): use Fiber
to stream response body
(do_GET, do_HEAD): adjust call
(do_POST): adjust call and supply body_reader
* test/webrick/test_httprequest.rb (test_chunked): test
for IO.copy_stream compatibility
* test/webrick/test_httpproxy.rb (test_big_bodies): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62985 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
WARNING! WARNING! WARNING! LIKELY BROKEN CHANGE
Pass a proc to WEBrick::HTTPRequest#body to avoid reading a
potentially large request body into memory during
authentication.
WARNING! this will break apps completely which want to do
something with the body besides calculating the MD5 digest
of it.
Also, keep in mind that probably nobody uses "auth-int".
Servers such as Apache, lighttpd, nginx don't seem to
support it; nor does curl when using POST/PUT bodies;
and we didn't have tests for it until now...
* lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
While WEBrick::HTTPRequest#body provides a Proc interface
for streaming large request bodies, clients must not force
the server to use an excessively large chunk size.
* lib/webrick/httprequest.rb (read_chunk_size): limit each
read and block.call to :InputBufferSize in config.
* test/webrick/test_httpserver.rb (test_big_chunks): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62982 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
"BadRequest" alone does not resolve correctly, it is in the
HTTPStatus namespace.
* lib/webrick/httprequest.rb (read_chunked): use correct exception
* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62981 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
WEBrick::HTTPRequest#body can be passed a block to process the
body in chunks. Use this feature to avoid building a giant
string in memory.
* lib/webrick/httpservlet/cgihandler.rb (do_GET):
avoid reading entire request body into memory
(do_POST is aliased to do_GET, so it handles bodies)
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62980 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
and Puma to prevent malicious users from using up all the memory
with a single request. This also limits the damage done by
excessive ranges in multipart Range: requests.
Due to the way we rely on IO#gets and the desire to keep
the code simple, the actual maximum header may be 4093 bytes
larger than 112 KB, but we're splitting hairs at that point.
* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
(read_header): raise when headers exceed max length
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62979 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62971 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
#14481]
Merge RubyGems-2.7.5 from upstream.
Please see its details: http://blog.rubygems.org/2018/02/06/2.7.5-released.html
test_gem_util.rb: fix broken test
* test/rubygems/test_gem_util.rb: no guarantee that tmpdir is
always underneath the root directory at all.
test_gem_commands_setup_command.rb: BUNDLER_VERS
* test/rubygems/test_gem_commands_setup_command.rb: run bundled
gem command, instead of installed one.
no need to set bundled bundler unless Gem::USE_BUNDLER_FOR_GEMDEPS
revert r62302 and force to define the version constant
Merge RubyGems 2.7.6 from upstream.
It fixed some security vulnerabilities.
http://blog.rubygems.org/2018/02/15/2.7.6-released.html
fix regexp literal warning.
test/rubygems/test_gem_server.rb: eliminate duplicated character class warning.
[Bug #14481]
Remove unnecessary `[]`s
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62837 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
irb.rb: fix highlight
* lib/irb.rb (IRB::Irb#eval_input): fix highlight for multiple
lines exception messages.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62510 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
net/ftp: fix FrozenError in BufferedSocket
I noticed this bug while working on something else with
RUBYOPT=-d on, existing test cases all passed with it.
Note: I use String.new because it is the local style, here,
I prefer +'' (or ''.b, for a future commit)
* lib/net/ftp.rb (BufferedSocket#read): use String.new
* test/net/ftp/test_buffered_socket.rb (test_read_nil): new test
[ruby-core:84675] [Bug #14323]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62425 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
erb.rb: preserve the behavior for invalid syntax
comment. Fix regression at r58948.
I even don't want to deprecate it because deprecation needs to lex all
embedded Ruby script using Ripper and it would be slow. So Let me just
keep this behavior of Ruby 2.4. No change is the best compatibility.
This commit stopped using String#-@ because it's harmful for "ambiguous
first argument" warning if we really want to maintain this behavior.
[Bug #14243]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@61581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/rubygems/command.rb (Gem::Command#invoke_with_build_args):
restore UI and close the created SilentUI.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61465 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This release removes uses of Kernel#open to avoid unintended
behaviors and make future auditing easier. [Misc #14216]
6 changes since 1.4.1:
webrick: httpauth requires regular files
webrick/httpservlet/cgi_runner.rb: remove unnecessary open
webrick: WEBrick::Log requires path arg when given string
webrick/httpservlet/*handler: use File.open
webrick/httputils: note Kernel#open behavior
webrick/httpservelet/cgi_runner: avoid IO#reopen on pathname
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61435 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61434 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
It fixes an installation error of activerecord.
https://github.com/ruby/rdoc/issues/571
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
[Feature #8861]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61431 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I faced a big issue about Bundler with ruby core.
I have no time to resolve it issue before 2.5 final release.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61416 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/erb.rb (ERB#new_toplevel): shadow already defined local
variables by block local variabes, not to overwrite them.
[ruby-core:84390] [Bug #14215]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Added `FileUtils::VERSION` const variable.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61410 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
IO#reopen seems to behave strangely on Win32 based on the logs
posted by Greg for [Bug #14420]. Lets try to fix the issue by
using File.open explicitly (but not Kernel#open).
* lib/webrick/httpservelet/cgi_runner: use File.open explicitly
[Bug #14220]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
I don't know who uses the load_mime_types method; but it is
conceivable that a user would want to read the results of a
command instead of reading a regular file to load MIME types.
None of the WEBrick-related code in Ruby or default/bundled gems
seems to rely on this method; but it is likely 3rd-party code does.
* lib/webrick/httputils.rb (load_mime_types): note Kernel#open behavior
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Allowing a user to specify "| command" via Kernel#open is
nonsensical since we never read from the resultant IO.
* lib/webrick/log.rb (initialize): replace Kernel#open with File.open
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
IO#reopen already takes string path names as well as IO objects
(but not "| command" strings)
This makes further auditing for inadvertant code execution
easier. There's no actual bugfix or behavior change here,
as no external data is passed to cgi_runner.rb.
* lib/webrick/httpservlet/cgi_runner.rb: remove Kernel#open call
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61398 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
open-uri's Kernel.open will be deprecated in future.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61392 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61388 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
Logger should be able to open only files [Bug #14212]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61378 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
like r59693, initialize_http_header also should raise error. [Bug #14208]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61359 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/resolv.rb (Resolv::Config.parse_resolv_conf): fixed
potential command injection by use of Kernel#open.
[ruby-core:84347] [Bug #14205]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61351 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* resolv.rb (Resolv::Hosts#lazy_initialize): fixed potential
command Injection in Hosts::new() by use of Kernel#open.
[Fix GH-1777] [ruby-core:84347] [Bug #14205]
From: Drigg3r <drigg3r@yandex.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61349 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* Patch by @seki:
https://gist.github.com/seki/ae8bef20238c37c94a91b5461c4bfbdd
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61342 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/version.rb: bump version
* lib/webrick/webrick.gemspec: support Ruby 2.3+
[Bug #14189]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61322 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
- Followup of https://bugs.ruby-lang.org/issues/14123
From: Prathamesh Sonpatki <csonpatki@gmail.com>
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61310 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61286 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* lib/webrick/version.rb: change VERSION to 1.4.0
* lib/webrick/webrick.gemspec: require_relative for version,
update date and contact info
[Feature #13173]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61266 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61242 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61225 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
|
* generic.rb (URI::Generic#merge, URI::Generic#route_to): Fix a bug
where a sequence of slashes in the path part gets collapsed to a
single slash. According to the relevant RFCs and WHATWG URL
Standard, empty path components are simply valid and there is no
special treatment defined for them, so we just keep them as they
are.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
|
