Merge branch 'master-2.3' into dist/2.3/xenial

Author: sorah

ChangeLog

@@ -1,3 +1,114 @@
+Thu Dec 14 23:53:41 2017  NAKAMURA Usaku  <[email protected]>
+
+	* test/net/ftp/test_ftp.rb (process_port_or_eprt): merge a part of
+	  r56973 to pass the test introduced at previous commit.
+
+Thu Dec 14 22:55:05 2017  Shugo Maeda  <[email protected]>
+
+	Fix a command injection vulnerability in Net::FTP.
+
+Thu Dec 14 22:35:19 2017  Eric Wong  <[email protected]>
+
+	webrick: compile RE correctly for beginning and end match
+
+	Using ^ and $ in regexps means we can accidentally get fooled
+	by "%0a" in HTTP request paths being decoded to newline
+	characters.  Use \A and \z to match beginning and end-of-string
+	respectively, instead.
+
+	Thanks to mame and hsbt for reporting.
+
+	* lib/webrick/httpserver.rb (MountTable#compile):
+	  use \A and \z instead of ^ and $
+	* lib/webrick/httpserver.rb (MountTable#normalize): use \z instead of $
+	* test/webrick/test_httpserver.rb (test_cntrl_in_path): new test
+
+Thu Dec 14 22:29:04 2017  Eric Wong  <[email protected]>
+
+	webrick: do not hang acceptor on slow TLS connections
+
+	OpenSSL::SSL::SSLSocket#accept may block indefinitely on clients
+	which negotiate the TCP connection, but fail (or are slow) to
+	negotiate the subsequent TLS handshake.  This prevents the
+	multi-threaded WEBrick server from accepting other connections.
+
+	Since the TLS handshake (via OpenSSL::SSL::SSLSocket#accept)
+	consists of normal read/write traffic over TCP, handle it in the
+	per-client thread, instead.
+
+	Furthermore, using non-blocking accept() is useful for non-TLS
+	sockets anyways because spurious wakeups are possible from
+	select(2).
+
+	* lib/webrick/server.rb (accept_client): use TCPServer#accept_nonblock
+	  and remove OpenSSL::SSL::SSLSocket#accept call
+	* lib/webrick/server.rb (start_thread): call OpenSSL::SSL::SSLSocket#acc
+ept
+	* test/webrick/test_ssl_server.rb (test_slow_connect): new test
+	  [ruby-core:83221] [Bug #14005]
+
+	webrick: fix up r60172
+
+	By making the socket non-blocking in r60172, TLS/SSL negotiation
+	via the SSL_accept function must handle non-blocking sockets
+	properly and retry on SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
+	OpenSSL::SSL::SSLSocket#accept cannot do that properly with a
+	non-blocking socket, so it must use non-blocking logic of
+	OpenSSL::SSL::SSLSocket#accept_nonblock.
+
+	Thanks to MSP-Greg (Greg L) for finding this.
+
+	* lib/webrick/server.rb (start_thread): use SSL_accept properly
+	  with non-blocking socket.
+	  [Bug #14013] [Bug #14005]
+
+	webrick: fix up r60172 and revert r60189
+
+	Thanks to MSP-Greg (Greg L) for helping with this.
+
+	* lib/webrick/server.rb (start_thread): ignore ECONNRESET, ECONNABORTED,
+	  EPROTO, and EINVAL on TLS negotiation errors the same way they
+	  were ignored before r60172 in the accept_client method of the
+	  main acceptor thread.
+	  [Bug #14013] [Bug #14005]
+
+	webrick: fix up r60172 and r60208
+
+	Thanks to MSP-Greg (Greg L) for helping with this.
+
+	* lib/webrick/server.rb (start_thread): fix non-local return
+	  introduced in r60208
+
+	webrick: fix up r60172 and r60210
+
+	Thanks to MSP-Greg (Greg L) for helping with this.
+
+	* lib/webrick/server.rb (start_thread): properly fix non-local return
+	  introduced in r60208 and r60210
+
+Thu Nov 30 23:37:08 2017  Nobuyoshi Nakada  <[email protected]>
+
+	parse.y: fix line in rescue
+
+	* parse.y (set_line_body, primary): fix line number of bodystmt as the
+	  beginning of the block. [Bug #13181]
+
+Thu Nov 30 23:29:00 2017  SHIBATA Hiroshi  <[email protected]>
+
+	Merge rubygems-2.6.14 changes.
+
+	It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
+
+Fri Sep 15 05:40:40 2017  URABE Shyouhei  <[email protected]>
+
+	fix --with-gmp (broken by r57490)
+
+	Looking at the generated shell script (also the autoconf manual), it
+	seems AC_SEARCH_LIBS() m4 macro does not define HAVE_LIBsomething C
+	preprocessor macros, unlike AC_CHECK_LIB() which does define them.
+	This previous change effectively killed building with GMP because
+	building that mode depends on existence of HAVE_LIBGMP. [Bug #13402]
+
 Thu Sep 14 20:25:55 2017  Yusuke Endoh  <[email protected]>
 
 	lib/webrick/log.rb: sanitize any type of logs

debian/changelog

@@ -1,3 +1,9 @@
+ruby2.3 (2.3.6-0nkmi1) unstable; urgency=medium
+
+  * new upstream version
+
+ -- Sorah Fukumori <[email protected]>  Thu, 14 Dec 2017 18:18:53 +0000
+
 ruby2.3 (2.3.5-0nkmi1~xenial) xenial; urgency=medium
 
   * new upstream version

lib/net/ftp.rb

@@ -622,10 +622,10 @@ def getbinaryfile(remotefile, localfile = File.basename(remotefile),
       if localfile
         if @resume
           rest_offset = File.size?(localfile)
-          f = open(localfile, "a")
+          f = File.open(localfile, "a")
         else
           rest_offset = nil
-          f = open(localfile, "w")
+          f = File.open(localfile, "w")
         end
       elsif !block_given?
         result = String.new
@@ -655,7 +655,7 @@ def gettextfile(remotefile, localfile = File.basename(remotefile),
       f = nil
       result = nil
       if localfile
-        f = open(localfile, "w")
+        f = File.open(localfile, "w")
       elsif !block_given?
         result = String.new
       end
@@ -701,7 +701,7 @@ def putbinaryfile(localfile, remotefile = File.basename(localfile),
       else
         rest_offset = nil
       end
-      f = open(localfile)
+      f = File.open(localfile)
       begin
         f.binmode
         if rest_offset
@@ -720,7 +720,7 @@ def putbinaryfile(localfile, remotefile = File.basename(localfile),
     # passing in the transmitted data one line at a time.
     #
     def puttextfile(localfile, remotefile = File.basename(localfile), &block) # :yield: line
-      f = open(localfile)
+      f = File.open(localfile)
       begin
         storlines("STOR #{remotefile}", f, &block)
       ensure

lib/rubygems.rb

@@ -10,7 +10,7 @@
 require 'thread'
 
 module Gem
-  VERSION = '2.5.2.1'
+  VERSION = '2.5.2.2'
 end
 
 # Must be first since it unloads the prelude from 1.9.2
@@ -602,7 +602,7 @@ def self.load_yaml
 
     unless test_syck
       begin
-        gem 'psych', '>= 1.2.1'
+        gem 'psych', '>= 2.0.0'
       rescue Gem::LoadError
         # It's OK if the user does not have the psych gem installed.  We will
         # attempt to require the stdlib version
@@ -626,6 +626,7 @@ def self.load_yaml
     end
 
     require 'yaml'
+    require 'rubygems/safe_yaml'
 
     # If we're supposed to be using syck, then we may have to force
     # activate it via the YAML::ENGINE API.

lib/rubygems/config_file.rb

@@ -332,7 +332,7 @@ def load_file(filename)
     return {} unless filename and File.exist? filename
 
     begin
-      content = YAML.load(File.read(filename))
+      content = Gem::SafeYAML.load(File.read(filename))
       unless content.kind_of? Hash
         warn "Failed to load #{filename} because it doesn't contain valid YAML hash"
         return {}

lib/rubygems/package.rb

@@ -466,7 +466,7 @@ def read_checksums gem
 
     @checksums = gem.seek 'checksums.yaml.gz' do |entry|
       Zlib::GzipReader.wrap entry do |gz_io|
-        YAML.load gz_io.read
+        Gem::SafeYAML.safe_load gz_io.read
       end
     end
   end

lib/rubygems/package/old.rb

@@ -101,7 +101,7 @@ def file_list io # :nodoc:
       header << line
     end
 
-    YAML.load header
+    Gem::SafeYAML.safe_load header
   end
 
   ##

lib/rubygems/safe_yaml.rb

@@ -0,0 +1,48 @@
+module Gem
+
+  ###
+  # This module is used for safely loading YAML specs from a gem.  The
+  # `safe_load` method defined on this module is specifically designed for
+  # loading Gem specifications.  For loading other YAML safely, please see
+  # Psych.safe_load
+
+  module SafeYAML
+    WHITELISTED_CLASSES = %w(
+      Symbol
+      Time
+      Date
+      Gem::Dependency
+      Gem::Platform
+      Gem::Requirement
+      Gem::Specification
+      Gem::Version
+      Gem::Version::Requirement
+      YAML::Syck::DefaultKey
+      Syck::DefaultKey
+    )
+
+    WHITELISTED_SYMBOLS = %w(
+      development
+      runtime
+    )
+
+    if ::YAML.respond_to? :safe_load
+      def self.safe_load input
+        ::YAML.safe_load(input, WHITELISTED_CLASSES, WHITELISTED_SYMBOLS, true)
+      end
+
+      def self.load input
+        ::YAML.safe_load(input, [::Symbol])
+      end
+    else
+      warn "YAML safe loading is not available. Please upgrade psych to a version that supports safe loading (>= 2.0)."
+      def self.safe_load input, *args
+        ::YAML.load input
+      end
+
+      def self.load input
+        ::YAML.load input
+      end
+    end
+  end
+end

lib/rubygems/specification.rb

@@ -1101,7 +1101,7 @@ def self.from_yaml(input)
     Gem.load_yaml
 
     input = normalize_yaml_input input
-    spec = YAML.load input
+    spec = Gem::SafeYAML.safe_load input
 
     if spec && spec.class == FalseClass then
       raise Gem::EndOfYAMLException

lib/webrick/httpserver.rb

@@ -267,12 +267,12 @@ def compile
         k.sort!
         k.reverse!
         k.collect!{|path| Regexp.escape(path) }
-        @scanner = Regexp.new("^(" + k.join("|") +")(?=/|$)")
+        @scanner = Regexp.new("\\A(" + k.join("|") +")(?=/|\\z)")
       end
 
       def normalize(dir)
         ret = dir ? dir.dup : ""
-        ret.sub!(%r|/+$|, "")
+        ret.sub!(%r|/+\z|, "")
         ret
       end
     end