Merge RubyGems-2.7.5 from upstream.
Please see its details: http://blog.rubygems.org/2018/02/06/2.7.5-released.html
test_gem_util.rb: fix broken test
* test/rubygems/test_gem_util.rb: no guarantee that tmpdir is
always underneath the root directory at all.
test_gem_commands_setup_command.rb: BUNDLER_VERS
* test/rubygems/test_gem_commands_setup_command.rb: run bundled
gem command, instead of installed one.
no need to set bundled bundler unless Gem::USE_BUNDLER_FOR_GEMDEPS
revert r62302 and force to define the version constant
Merge RubyGems 2.7.6 from upstream.
It fixed some security vulnerabilities.
http://blog.rubygems.org/2018/02/15/2.7.6-released.html
fix regexp literal warning.
test/rubygems/test_gem_server.rb: eliminate duplicated character class warning.
[Bug #14481]
Remove unnecessary `[]`s
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62837 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
net/ftp: fix FrozenError in BufferedSocket
I noticed this bug while working on something else with
RUBYOPT=-d on, existing test cases all passed with it.
Note: I use String.new because it is the local style, here,
I prefer +'' (or ''.b, for a future commit)
* lib/net/ftp.rb (BufferedSocket#read): use String.new
* test/net/ftp/test_buffered_socket.rb (test_read_nil): new test
[ruby-core:84675] [Bug #14323]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@62425 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
erb.rb: preserve the behavior for invalid syntax
comment. Fix regression at r58948.
I even don't want to deprecate it because deprecation needs to lex all
embedded Ruby script using Ripper and it would be slow. So Let me just
keep this behavior of Ruby 2.4. No change is the best compatibility.
This commit stopped using String#-@ because it's harmful for "ambiguous
first argument" warning if we really want to maintain this behavior.
[Bug #14243]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_5@61581 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/rubygems/command.rb (Gem::Command#invoke_with_build_args):
restore UI and close the created SilentUI.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61465 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This release removes uses of Kernel#open to avoid unintended
behaviors and make future auditing easier. [Misc #14216]
6 changes since 1.4.1:
webrick: httpauth requires regular files
webrick/httpservlet/cgi_runner.rb: remove unnecessary open
webrick: WEBrick::Log requires path arg when given string
webrick/httpservlet/*handler: use File.open
webrick/httputils: note Kernel#open behavior
webrick/httpservelet/cgi_runner: avoid IO#reopen on pathname
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It fixes an installation error of activerecord.
https://github.com/ruby/rdoc/issues/571
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
I faced a big issue about Bundler with ruby core.
I have no time to resolve it issue before 2.5 final release.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61416 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/erb.rb (ERB#new_toplevel): shadow already defined local
variables by block local variabes, not to overwrite them.
[ruby-core:84390] [Bug #14215]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen seems to behave strangely on Win32 based on the logs
posted by Greg for [Bug #14420]. Lets try to fix the issue by
using File.open explicitly (but not Kernel#open).
* lib/webrick/httpservelet/cgi_runner: use File.open explicitly
[Bug #14220]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
I don't know who uses the load_mime_types method; but it is
conceivable that a user would want to read the results of a
command instead of reading a regular file to load MIME types.
None of the WEBrick-related code in Ruby or default/bundled gems
seems to rely on this method; but it is likely 3rd-party code does.
* lib/webrick/httputils.rb (load_mime_types): note Kernel#open behavior
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Allowing a user to specify "| command" via Kernel#open is
nonsensical since we never read from the resultant IO.
* lib/webrick/log.rb (initialize): replace Kernel#open with File.open
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen already takes string path names as well as IO objects
(but not "| command" strings)
This makes further auditing for inadvertant code execution
easier. There's no actual bugfix or behavior change here,
as no external data is passed to cgi_runner.rb.
* lib/webrick/httpservlet/cgi_runner.rb: remove Kernel#open call
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61398 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
like r59693, initialize_http_header also should raise error. [Bug #14208]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61359 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/webrick/version.rb: change VERSION to 1.4.0
* lib/webrick/webrick.gemspec: require_relative for version,
update date and contact info
[Feature #13173]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61266 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* generic.rb (URI::Generic#merge, URI::Generic#route_to): Fix a bug
where a sequence of slashes in the path part gets collapsed to a
single slash. According to the relevant RFCs and WHATWG URL
Standard, empty path components are simply valid and there is no
special treatment defined for them, so we just keep them as they
are.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61218 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Using ^ and $ in regexps means we can accidentally get fooled
by "%0a" in HTTP request paths being decoded to newline
characters. Use \A and \z to match beginning and end-of-string
respectively, instead.
Thanks to mame and hsbt for reporting.
* lib/webrick/httpserver.rb (MountTable#compile):
use \A and \z instead of ^ and $
* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61197 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/drb/drb.rb: avoid creating a Thread and call the shutdown logic
directly. Do not try to kill or join the current Thread.
Thread.new { stop_service } caused "can't alloc thread (ThreadError)",
which is shown with Thread.report_on_exception = true.
[Bug #14171]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61184 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
If uplevel keyword is given, the warning message is prepended
with caller file and line information and the string "warning: ".
The use of the uplevel keyword makes Kernel#warn format output
similar to how rb_warn formats output.
This patch modifies net/ftp and net/imap to use Kernel#warn
instead of $stderr.puts or $stderr.printf, since they are used
for printing warnings.
This makes lib/cgi/core and tempfile use $stderr.puts instead of
warn for debug logging, since they are used for debug printing
and not for warning.
This does not modify bundler, rubygems, or rdoc, as those are
maintained outside of ruby and probably wish to remain backwards
compatible with older ruby versions.
rb_warn_m code is originally from nobu, but I've changed it
so that it only includes the path and lineno from uplevel
(not the method), and also prepends the string "warning: ",
to make it more similar to rb_warn.
From: Jeremy Evans code@jeremyevans.net
Signed-off-by: Urabe Shyouhei shyouhei@ruby-lang.org
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61155 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This is not perfectly good solution (at least we don't want to have ARGV
as default value of `argv` argument), but unfortunately IRB.setup and
IRB.parse_opts are public methods and we can't make breaking change to
those methods.
We may deprecate using them and then make them private in the future,
but the removal should not be in Ruby 2.5. So I kept their interface for
now.
[Bug #14162] [close GH-1770]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61149 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It's rc version for bundler-1.16.1. I'm going to update it version
after official release from bundler team.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61134 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Because there is now the same guard in prelude.rb (alias pp pp).
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61111 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/mkmf.rb (depend_rules): all objs should depend on win32.h on Windows.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61107 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
