This release removes uses of Kernel#open to avoid unintended
behaviors and make future auditing easier. [Misc #14216]
6 changes since 1.4.1:
webrick: httpauth requires regular files
webrick/httpservlet/cgi_runner.rb: remove unnecessary open
webrick: WEBrick::Log requires path arg when given string
webrick/httpservlet/*handler: use File.open
webrick/httputils: note Kernel#open behavior
webrick/httpservelet/cgi_runner: avoid IO#reopen on pathname
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* compile.c (compile_return): evaluate arguments to top-level
return but ignore the results.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61437 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
It fixes an installation error of activerecord.
https://github.com/ruby/rdoc/issues/571
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61432 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
GCC 4.8 with optimization causes error if it compiles following code.
[Bug #14221]
```c
__builtin_choose_expr(__builtin_constant_p(b),0,1)
```
https://github.com/ruby/ruby/pull/1778
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61429 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* iseq.c (iseqw_trace_points): add `RubyVM::InstructionSequence#trace_points`
method for tools which want to manipulate ISeq (and traces).
* test/ruby/test_iseq.rb: add a test for this method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61427 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* iseq.c (iseqw_each_child): add RubyVM::InstructionSequence#each_child
method for tools which want to manipulate ISeq.
* test/ruby/test_iseq.rb: add a test for this method.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61425 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* compile.c (rb_iseq_compile_node): line number spec of :return, :b_return
and :end events of 'TracePoint` is changed for [Feature #14104].
Quoted from [Feature #14104]:
> Line numbers on :return/:b_return events show the last executed lines,
> instead of end lines (without return statement).
Note that :end event also affected.
However, "buybug", a well-known ruby debugger depends on previous behavior
so that I reverted this specification.
* test/ruby/test_settracefunc.rb: catch up this fix.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61424 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
My motivation was to improve the output of `ruby --dump=insns xxx.rb`.
When one file has many iseqs, it's hard to find the one I want to read.
So I wanted `iseq_disasm` to show first_lineno. I unified the behavior
of `iseqw_disasm` for consistency.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61423 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* iseq.c (rb_insn_operand_intern): simplified the condition for
local variable names, assume TS_LINDEX and TS_NUM combinations
are only for local variables.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61421 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* insns.def (checkkeyword): adjust argument type to
vm_check_keyword as lindex_t.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61420 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/ruby/enc/test_regex_casefold.rb: fix searching unicode data
directory, like as test_case_comprehensive.rb.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61417 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
I faced a big issue about Bundler with ruby core.
I have no time to resolve it issue before 2.5 final release.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61416 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* io.c (nogvl_copy_file_range): ignore EPERM and fallback to
sendfile(2) or read/write. copy_file_range(2) may not exist
even if __NR_copy_file_range is defined in the build environment.
[Bug #14207]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61412 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* lib/erb.rb (ERB#new_toplevel): shadow already defined local
variables by block local variabes, not to overwrite them.
[ruby-core:84390] [Bug #14215]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61411 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen seems to behave strangely on Win32 based on the logs
posted by Greg for [Bug #14420]. Lets try to fix the issue by
using File.open explicitly (but not Kernel#open).
* lib/webrick/httpservelet/cgi_runner: use File.open explicitly
[Bug #14220]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61409 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* test/rdoc/test_rdoc_markup_pre_process.rb: show
`RDoc::Markup::PreProcess.post_processors` as a failure message
for debugging.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61408 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
I don't know who uses the load_mime_types method; but it is
conceivable that a user would want to read the results of a
command instead of reading a regular file to load MIME types.
None of the WEBrick-related code in Ruby or default/bundled gems
seems to rely on this method; but it is likely 3rd-party code does.
* lib/webrick/httputils.rb (load_mime_types): note Kernel#open behavior
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61402 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This makes future code audits easier. None of these changes
fix realistic remote code execution vulnerabilities because
we stat(2) before attempting Kernel#open.
* lib/webrick/httpservlet/erbhandler.rb (do_GET): use File.open
* lib/webrick/httpservlet/filehandler.rb (do_GET): use File.open
(make_partial_content): ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61401 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Allowing a user to specify "| command" via Kernel#open is
nonsensical since we never read from the resultant IO.
* lib/webrick/log.rb (initialize): replace Kernel#open with File.open
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61400 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This previously had no coverage.
* test/webrick/test_filehandler.rb (test_erbhandler): new test
* test/webrick/webrick.rhtml: new file for test
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61399 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
IO#reopen already takes string path names as well as IO objects
(but not "| command" strings)
This makes further auditing for inadvertant code execution
easier. There's no actual bugfix or behavior change here,
as no external data is passed to cgi_runner.rb.
* lib/webrick/httpservlet/cgi_runner.rb: remove Kernel#open call
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61398 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Be sure we do not try to open a pipe to read from, since we care
about mtime in all cases.
* lib/webrick/httpauth/htdigest.rb: use File.open
* lib/webrick/httpauth/htgroup.rb: ditto
* lib/webrick/httpauth/htpasswd.rb: ditto
[Misc #14216]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61397 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
* string.c (str_undump): use rb_enc_find_index2 to find encoding
by unterminated string. check the format before encoding name.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@61396 b2dd03c8-39d4-4d8f-98ff-823fe69b080e