Your message dated Thu, 30 Oct 2014 21:38:52 +0100 with message-id <5452A1DC.90405@thykier.net> and subject line Re: Bug#767258: unblock: ruby2.1/2.1.4-1 has caused the Debian Bug report #767258, regarding unblock: ruby2.1/2.1.4-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 767258: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767258 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: ruby2.1/2.1.4-1
- From: Antonio Terceiro <terceiro@debian.org>
- Date: Wed, 29 Oct 2014 14:15:58 -0200
- Message-id: <[🔎] 20141029161558.GA27753@debian.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package ruby2.1, or age it so that it gets into testing before the freeze. This is a new bug fix only upstream release, which contains fixes for two security issues. Quoting the changelog: * New upstream version - CVE-2014-8080: Denial of Service in XML Expansion - Changes default settings in OpenSSL bindings to not use deprecated and insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the "POODLE" bug in OpenSSL) The debdiff against the package in testing is attached. It does contains other bugfixes, but no API/ABI changes and nothing that should disrupt existing software unless said software is actually depending on those bugs. unblock ruby2.1/2.1.4-1 -- System Information: Debian Release: jessie/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16-3-amd64 (SMP w/4 CPU cores) Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Antonio Terceiro <terceiro@debian.org>diff -Nru ruby2.1-2.1.3/array.c ruby2.1-2.1.4/array.c --- ruby2.1-2.1.3/array.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/array.c 2014-10-27 09:25:17.000000000 -0200 @@ -1585,6 +1585,7 @@ MEMMOVE(RARRAY_PTR(ary) + beg, RARRAY_CONST_PTR(rpl), VALUE, rlen); } } + RB_GC_GUARD(rpl); } void @@ -3948,6 +3949,7 @@ RHASH(hash)->ntbl = 0; st_free_table(tbl); } + RB_GC_GUARD(hash); } /* @@ -3971,7 +3973,7 @@ rb_ary_diff(VALUE ary1, VALUE ary2) { VALUE ary3; - volatile VALUE hash; + VALUE hash; long i; hash = ary_make_hash(to_ary(ary2)); diff -Nru ruby2.1-2.1.3/ChangeLog ruby2.1-2.1.4/ChangeLog --- ruby2.1-2.1.3/ChangeLog 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/ChangeLog 2014-10-27 09:25:17.000000000 -0200 @@ -1,3 +1,154 @@ +Mon Oct 27 20:20:14 2014 NAKAMURA Usaku <usa@ruby-lang.org> + + * lib/rexml/entity.rb: keep the entity size within the limitation. + reported by Willis Vandevanter <will@silentrobots.com> and + patched by nahi. + +Sun Oct 26 03:31:46 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * vm_method.c (rb_method_entry_make): warn redefinition only for + already defined methods, but not for undefined methods. + [ruby-dev:48691] [Bug #10421] + +Sun Oct 26 03:21:30 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * class.c (unknown_keyword_error): delete expected keywords + directly from raw table, so that the given block is not called. + [ruby-core:65837] [Bug #10413] + +Wed Oct 22 23:02:49 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + * ext/openssl/lib/openssl/ssl.rb (DEFAULT_PARAMS): override + options even if OpenSSL::SSL::OP_NO_SSLv3 is not defined. + this is pointed out by Stephen Touset. [ruby-core:65711] [Bug #9424] + +Wed Oct 22 23:02:49 2014 Martin Bosslet <Martin.Bosslet@gmail.com> + + * test/openssl/test_ssl.rb: Reuse TLS default options from + OpenSSL::SSL::SSLContext::DEFAULT_PARAMS. + +Wed Oct 22 23:02:49 2014 Martin Bosslet <Martin.Bosslet@gmail.com> + + * lib/openssl/ssl.rb: Explicitly whitelist the default + SSL/TLS ciphers. Forbid SSLv2 and SSLv3, disable + compression by default. + Reported by Jeff Hodges. + [ruby-core:59829] [Bug #9424] + +Sun Oct 19 03:22:53 2014 Kazuki Tsujimoto <kazuki@callcc.net> + + * vm_core.h, vm.c, proc.c: fix GC mark miss on bindings. + [ruby-dev:48616] [Bug #10368] + + * test/ruby/test_eval.rb: add a test code. + +Sun Oct 19 03:13:38 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * parse.y (parser_here_document): do not append already appended + and disposed code fragment. [ruby-dev:48647] [Bug #10392] + +Thu Oct 16 22:10:11 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * ext/stringio/stringio.c (strio_write): ASCII-8BIT StringIO + should be writable any encoding strings, without conversion. + [ruby-core:65240] [Bug #10285] + +Thu Oct 16 22:06:03 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * vm_eval.c (eval_string_with_cref): fix super from eval with + scope. set klass in the current control frame to the class of + the receiver in the context to be evaluated, this class/module + must match the actual receiver to call super. + [ruby-core:65122] [Bug #10263] + +Thu Oct 16 00:30:30 2014 Tanaka Akira <akr@fsij.org> + + * lib/find.rb (Find.find): Call to_path for arguments to obtain + strings. + [ruby-core:63713] [Bug #10035] Reported by Herwin. + +Thu Oct 16 00:20:12 2014 Eric Wong <e@80x24.org> + + * object.c (rb_class_real): do not dereference 0 VALUE + + * test/ruby/test_module.rb (test_inspect_segfault): + Test case and bug report by Thomas Stratmann. + [ruby-core:65214] [Bug #10282] + +Thu Oct 16 00:10:45 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * signal.c (rb_f_kill): get rid of deadlock as unhandled and + discarded signals do not make interrupt_cond signaled. + based on the patch by Kazuki Tsujimoto at [ruby-dev:48606]. + [Bug #9820] + +Thu Oct 16 00:10:45 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * signal.c (rb_f_kill): should not ignore signal unless the + default handler is registered. [ruby-dev:48592] [Bug #9820] + +Wed Oct 15 23:58:13 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + merge r47598 partially. extracted commits are as follows. [Bug #9728] + https://github.com/k-takata/Onigmo/commit/15ddec6d18e27fdc1988236764e766fd5892ecf5 + +Wed Oct 15 23:50:33 2014 SHIBATA Hiroshi <shibata.hiroshi@gmail.com> + + * lib/fileutils.rb: handle ENOENT error with symlink targeted to + non-exists file. [ruby-dev:45933] [Bug #6716] + +Wed Oct 15 23:25:24 2014 NARUSE, Yui <naruse@ruby-lang.org> + + * configure.in: NetBSD's ksh, used by configure, needs escapes. + +Wed Oct 15 23:13:43 2014 Eric Wong <e@80x24.org> + + * array.c (ary_recycle_hash): add RB_GC_GUARD + (rb_ary_diff): remove volatile + [Bug #10369] + +Wed Oct 15 23:10:07 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * dir.c (dir_s_aref): fix rdoc. `Dir.glob` allows an array but + `Dir[]` not. the former accepts an optional parameter `flags`, + while the latter accepts arbitrary number of arguments but no + `flags`. [ruby-core:65265] [Bug #10294] + +Wed Oct 15 23:08:02 2014 Rei Odaira <Rei.Odaira@gmail.com> + + * configure.in: Fix typo. [Bug #9914] + +Wed Oct 15 22:46:52 2014 NAKAMURA Usaku <usa@ruby-lang.org> + + * error.c: update exception tree. [DOC] + reported by @hemge via twitter. + +Wed Sep 24 02:30:55 2014 Nobuyoshi Nakada <nobu@ruby-lang.org> + + * parse.y (parse_ident): just after a label, new expression should + start, cannot be a modifier. [ruby-core:65211] [Bug #10279] + +Wed Sep 24 02:21:41 2014 NAKAMURA Usaku <usa@ruby-lang.org> + + * win32/Makefile.sub (VCSUP): nothing to do if this worktree is not + under any VCS (it means that the worktree may be from the release + package). + +Wed Sep 24 02:06:33 2014 Tanaka Akira <akr@fsij.org> + + * test/ruby/test_time_tz.rb: Fix test error with tzdata-2014g. + [ruby-core:65058] [Bug #10245] Reported by Vit Ondruch. + +Wed Sep 24 02:06:33 2014 SHIBATA Hiroshi <shibata.hiroshi@gmail.com> + + * test/minitest/test_minitest_unit.rb: removed obsoleted condition + for Ruby 1.8. + * test/ruby/test_time_tz.rb: ditto. + +Wed Sep 24 01:43:13 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> + + * version.h (RUBY_VERSION): bump RUBY_VERSION to 2.1.4. + Fri Sep 19 00:58:34 2014 CHIKANAGA Tomoyuki <nagachika@ruby-lang.org> * version.h (RUBY_VERSION): bump RUBY_VERSION to 2.1.3. diff -Nru ruby2.1-2.1.3/class.c ruby2.1-2.1.4/class.c --- ruby2.1-2.1.3/class.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/class.c 2014-10-27 09:25:17.000000000 -0200 @@ -1876,10 +1876,12 @@ static void unknown_keyword_error(VALUE hash, const ID *table, int keywords) { + st_table *tbl = rb_hash_tbl_raw(hash); VALUE keys; int i; for (i = 0; i < keywords; i++) { - rb_hash_delete(hash, ID2SYM(table[i])); + st_data_t key = ID2SYM(table[i]); + st_delete(tbl, &key, NULL); } keys = rb_funcall(hash, rb_intern("keys"), 0, 0); if (!RB_TYPE_P(keys, T_ARRAY)) rb_raise(rb_eArgError, "unknown keyword"); diff -Nru ruby2.1-2.1.3/configure.in ruby2.1-2.1.4/configure.in --- ruby2.1-2.1.3/configure.in 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/configure.in 2014-10-27 09:25:17.000000000 -0200 @@ -1165,7 +1165,7 @@ [ # AIX currently does not support a 32-bit call to posix_fadvise() # if _LARGE_FILES is defined. - ac_cv_posix_fadvise=no + ac_cv_func_posix_fadvise=no ]) ]) @@ -2092,7 +2092,7 @@ else unset setjmp_sigmask fi -AC_MSG_RESULT(${setjmp_prefix}setjmp${setjmp_suffix}${setjmp_cast:+($setjmp_cast)}) +AC_MSG_RESULT(${setjmp_prefix}setjmp${setjmp_suffix}${setjmp_cast:+\($setjmp_cast\)}) AC_DEFINE_UNQUOTED([RUBY_SETJMP(env)], [${setjmp_prefix}setjmp${setjmp_suffix}($setjmp_cast(env)${setjmp_sigmask+,0})]) AC_DEFINE_UNQUOTED([RUBY_LONGJMP(env,val)], [${setjmp_prefix}longjmp($setjmp_cast(env),val)]) AC_DEFINE_UNQUOTED(RUBY_JMP_BUF, ${setjmp_sigmask+${setjmp_prefix}}jmp_buf) diff -Nru ruby2.1-2.1.3/debian/changelog ruby2.1-2.1.4/debian/changelog --- ruby2.1-2.1.3/debian/changelog 2014-10-20 09:38:02.000000000 -0200 +++ ruby2.1-2.1.4/debian/changelog 2014-10-29 13:15:29.000000000 -0200 @@ -1,3 +1,13 @@ +ruby2.1 (2.1.4-1) unstable; urgency=high + + * New upstream version + - CVE-2014-8080: Denial of Service in XML Expansion + - Changes default settings in OpenSSL bindings to not use deprecated and + insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the + "POODLE" bug in OpenSSL) + + -- Antonio Terceiro <terceiro@debian.org> Wed, 29 Oct 2014 12:07:22 -0200 + ruby2.1 (2.1.3-2) unstable; urgency=medium [ Sebastian Boehm ] diff -Nru ruby2.1-2.1.3/debian/patches/debian-changes ruby2.1-2.1.4/debian/patches/debian-changes --- ruby2.1-2.1.3/debian/patches/debian-changes 2014-10-20 09:38:45.000000000 -0200 +++ ruby2.1-2.1.4/debian/patches/debian-changes 2014-10-29 13:57:43.000000000 -0200 @@ -11,8 +11,8 @@ $ ./debian/upstream-changes ---- ruby2.1-2.1.3.orig/ext/io/console/io-console.gemspec -+++ ruby2.1-2.1.3/ext/io/console/io-console.gemspec +--- ruby2.1-2.1.4.orig/ext/io/console/io-console.gemspec ++++ ruby2.1-2.1.4/ext/io/console/io-console.gemspec @@ -1,11 +1,10 @@ # -*- ruby -*- _VERSION = "0.4.2" @@ -26,8 +26,8 @@ s.summary = "Console interface" s.email = "nobu@ruby-lang.org" s.description = "add console capabilities to IO instances." ---- ruby2.1-2.1.3.orig/lib/test/unit/test-unit.gemspec -+++ ruby2.1-2.1.3/lib/test/unit/test-unit.gemspec +--- ruby2.1-2.1.4.orig/lib/test/unit/test-unit.gemspec ++++ ruby2.1-2.1.4/lib/test/unit/test-unit.gemspec @@ -3,6 +3,7 @@ Gem::Specification.new do |s| s.name = "test-unit" @@ -36,8 +36,8 @@ s.homepage = "http://www.ruby-lang.org"; s.author = "Shota Fukumori" s.email = "sorah@tubusu.net" ---- ruby2.1-2.1.3.orig/tool/rbinstall.rb -+++ ruby2.1-2.1.3/tool/rbinstall.rb +--- ruby2.1-2.1.4.orig/tool/rbinstall.rb ++++ ruby2.1-2.1.4/tool/rbinstall.rb @@ -666,7 +666,8 @@ module RbInstall @gemspec ||= begin spec = Gem::Specification.load(src) || raise("invalid spec in #{src}") diff -Nru ruby2.1-2.1.3/dir.c ruby2.1-2.1.4/dir.c --- ruby2.1-2.1.3/dir.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/dir.c 2014-10-27 09:25:17.000000000 -0200 @@ -1784,11 +1784,9 @@ /* * call-seq: - * Dir[ array ] -> array * Dir[ string [, string ...] ] -> array * * Equivalent to calling - * <code>Dir.glob(</code><i>array,</i><code>0)</code> and * <code>Dir.glob([</code><i>string,...</i><code>],0)</code>. * */ diff -Nru ruby2.1-2.1.3/error.c ruby2.1-2.1.4/error.c --- ruby2.1-2.1.3/error.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/error.c 2014-10-27 09:25:17.000000000 -0200 @@ -1740,14 +1740,18 @@ * * LoadError * * NotImplementedError * * SyntaxError + * * SecurityError * * SignalException * * Interrupt * * StandardError -- default for +rescue+ * * ArgumentError - * * IndexError - * * StopIteration + * * EncodingError + * * FiberError * * IOError * * EOFError + * * IndexError + * * KeyError + * * StopIteration * * LocalJumpError * * NameError * * NoMethodError @@ -1755,14 +1759,13 @@ * * FloatDomainError * * RegexpError * * RuntimeError -- default for +raise+ - * * SecurityError * * SystemCallError * * Errno::* - * * SystemStackError * * ThreadError * * TypeError * * ZeroDivisionError * * SystemExit + * * SystemStackError * * fatal -- impossible to rescue */ diff -Nru ruby2.1-2.1.3/ext/openssl/lib/openssl/ssl.rb ruby2.1-2.1.4/ext/openssl/lib/openssl/ssl.rb --- ruby2.1-2.1.3/ext/openssl/lib/openssl/ssl.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/ext/openssl/lib/openssl/ssl.rb 2014-10-27 09:25:17.000000000 -0200 @@ -23,10 +23,49 @@ DEFAULT_PARAMS = { :ssl_version => "SSLv23", :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ciphers => "ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW", - :options => defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ? - OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS : - OpenSSL::SSL::OP_ALL, + :ciphers => %w{ + ECDHE-ECDSA-AES128-GCM-SHA256 + ECDHE-RSA-AES128-GCM-SHA256 + ECDHE-ECDSA-AES256-GCM-SHA384 + ECDHE-RSA-AES256-GCM-SHA384 + DHE-RSA-AES128-GCM-SHA256 + DHE-DSS-AES128-GCM-SHA256 + DHE-RSA-AES256-GCM-SHA384 + DHE-DSS-AES256-GCM-SHA384 + ECDHE-ECDSA-AES128-SHA256 + ECDHE-RSA-AES128-SHA256 + ECDHE-ECDSA-AES128-SHA + ECDHE-RSA-AES128-SHA + ECDHE-ECDSA-AES256-SHA384 + ECDHE-RSA-AES256-SHA384 + ECDHE-ECDSA-AES256-SHA + ECDHE-RSA-AES256-SHA + DHE-RSA-AES128-SHA256 + DHE-RSA-AES256-SHA256 + DHE-RSA-AES128-SHA + DHE-RSA-AES256-SHA + DHE-DSS-AES128-SHA256 + DHE-DSS-AES256-SHA256 + DHE-DSS-AES128-SHA + DHE-DSS-AES256-SHA + AES128-GCM-SHA256 + AES256-GCM-SHA384 + AES128-SHA256 + AES256-SHA256 + AES128-SHA + AES256-SHA + ECDHE-ECDSA-RC4-SHA + ECDHE-RSA-RC4-SHA + RC4-SHA + }.join(":"), + :options => -> { + opts = OpenSSL::SSL::OP_ALL + opts &= ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS if defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) + opts |= OpenSSL::SSL::OP_NO_COMPRESSION if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) + opts |= OpenSSL::SSL::OP_NO_SSLv2 if defined?(OpenSSL::SSL::OP_NO_SSLv2) + opts |= OpenSSL::SSL::OP_NO_SSLv3 if defined?(OpenSSL::SSL::OP_NO_SSLv3) + opts + }.call } DEFAULT_CERT_STORE = OpenSSL::X509::Store.new diff -Nru ruby2.1-2.1.3/ext/stringio/stringio.c ruby2.1-2.1.4/ext/stringio/stringio.c --- ruby2.1-2.1.3/ext/stringio/stringio.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/ext/stringio/stringio.c 2014-10-27 09:25:17.000000000 -0200 @@ -1169,12 +1169,13 @@ struct StringIO *ptr = writable(self); long len, olen; rb_encoding *enc, *enc2; + rb_encoding *const ascii8bit = rb_ascii8bit_encoding(); if (!RB_TYPE_P(str, T_STRING)) str = rb_obj_as_string(str); enc = rb_enc_get(ptr->string); enc2 = rb_enc_get(str); - if (enc != enc2 && enc != rb_ascii8bit_encoding()) { + if (enc != enc2 && enc != ascii8bit) { str = rb_str_conv_enc(str, enc2, enc); } len = RSTRING_LEN(str); @@ -1185,7 +1186,7 @@ ptr->pos = olen; } if (ptr->pos == olen) { - if (enc2 == rb_ascii8bit_encoding()) { + if (enc == ascii8bit || enc2 == ascii8bit) { rb_enc_str_buf_cat(ptr->string, RSTRING_PTR(str), len, enc); OBJ_INFECT(ptr->string, str); } diff -Nru ruby2.1-2.1.3/lib/fileutils.rb ruby2.1-2.1.4/lib/fileutils.rb --- ruby2.1-2.1.3/lib/fileutils.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/lib/fileutils.rb 2014-10-27 09:25:17.000000000 -0200 @@ -854,7 +854,8 @@ fu_check_options options, OPT_TABLE['install'] fu_output_message "install -c#{options[:preserve] && ' -p'}#{options[:mode] ? (' -m 0%o' % options[:mode]) : ''} #{[src,dest].flatten.join ' '}" if options[:verbose] return if options[:noop] - fu_each_src_dest(src, dest) do |s, d, st| + fu_each_src_dest(src, dest) do |s, d| + st = File.stat(s) unless File.exist?(d) and compare_file(s, d) remove_file d, true copy_file s, d @@ -1252,7 +1253,12 @@ end def exist? - lstat! ? true : false + begin + lstat + true + rescue Errno::ENOENT + false + end end def file? @@ -1570,7 +1576,7 @@ def fu_each_src_dest(src, dest) #:nodoc: fu_each_src_dest0(src, dest) do |s, d| raise ArgumentError, "same file: #{s} and #{d}" if fu_same?(s, d) - yield s, d, File.stat(s) + yield s, d end end private_module_function :fu_each_src_dest diff -Nru ruby2.1-2.1.3/lib/find.rb ruby2.1-2.1.4/lib/find.rb --- ruby2.1-2.1.3/lib/find.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/lib/find.rb 2014-10-27 09:25:17.000000000 -0200 @@ -40,6 +40,7 @@ fs_encoding = Encoding.find("filesystem") paths.collect!{|d| raise Errno::ENOENT unless File.exist?(d); d.dup}.each do |path| + path = path.to_path if path.respond_to? :to_path enc = path.encoding == Encoding::US_ASCII ? fs_encoding : path.encoding ps = [path] while file = ps.shift diff -Nru ruby2.1-2.1.3/lib/rexml/entity.rb ruby2.1-2.1.4/lib/rexml/entity.rb --- ruby2.1-2.1.3/lib/rexml/entity.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/lib/rexml/entity.rb 2014-10-27 09:25:17.000000000 -0200 @@ -138,8 +138,14 @@ matches = @value.scan(PEREFERENCE_RE) rv = @value.clone if @parent + sum = 0 matches.each do |entity_reference| entity_value = @parent.entity( entity_reference[0] ) + if sum + entity_value.bytesize > Security.entity_expansion_text_limit + raise "entity expansion has grown too large" + else + sum += entity_value.bytesize + end rv.gsub!( /%#{entity_reference.join};/um, entity_value ) end end diff -Nru ruby2.1-2.1.3/object.c ruby2.1-2.1.4/object.c --- ruby2.1-2.1.3/object.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/object.c 2014-10-27 09:25:17.000000000 -0200 @@ -203,9 +203,8 @@ VALUE rb_class_real(VALUE cl) { - if (cl == 0) - return 0; - while ((RBASIC(cl)->flags & FL_SINGLETON) || BUILTIN_TYPE(cl) == T_ICLASS) { + while (cl && + ((RBASIC(cl)->flags & FL_SINGLETON) || BUILTIN_TYPE(cl) == T_ICLASS)) { cl = RCLASS_SUPER(cl); } return cl; diff -Nru ruby2.1-2.1.3/parse.y ruby2.1-2.1.4/parse.y --- ruby2.1-2.1.3/parse.y 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/parse.y 2014-10-27 09:25:17.000000000 -0200 @@ -6547,7 +6547,10 @@ if (pend < lex_pend) rb_str_cat(str, "\n", 1); lex_goto_eol(parser); if (nextc() == -1) { - if (str) dispose_string(str); + if (str) { + dispose_string(str); + str = 0; + } goto error; } } while (!whole_match_p(eos, len, indent)); @@ -8195,7 +8198,7 @@ return keyword_do_block; return keyword_do; } - if (IS_lex_state_for(state, (EXPR_BEG | EXPR_VALUE))) + if (IS_lex_state_for(state, (EXPR_BEG | EXPR_VALUE | EXPR_LABELARG))) return kw->id[0]; else { if (kw->id[0] != kw->id[1]) diff -Nru ruby2.1-2.1.3/proc.c ruby2.1-2.1.4/proc.c --- ruby2.1-2.1.3/proc.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/proc.c 2014-10-27 09:25:17.000000000 -0200 @@ -262,6 +262,7 @@ bind = ptr; RUBY_MARK_UNLESS_NULL(bind->env); RUBY_MARK_UNLESS_NULL(bind->path); + RUBY_MARK_UNLESS_NULL(bind->blockprocval); } RUBY_MARK_LEAVE("binding"); } @@ -282,8 +283,8 @@ NULL, NULL, RUBY_TYPED_FREE_IMMEDIATELY }; -static VALUE -binding_alloc(VALUE klass) +VALUE +rb_binding_alloc(VALUE klass) { VALUE obj; rb_binding_t *bind; @@ -295,12 +296,13 @@ static VALUE binding_dup(VALUE self) { - VALUE bindval = binding_alloc(rb_cBinding); + VALUE bindval = rb_binding_alloc(rb_cBinding); rb_binding_t *src, *dst; GetBindingPtr(self, src); GetBindingPtr(bindval, dst); dst->env = src->env; dst->path = src->path; + dst->blockprocval = src->blockprocval; dst->first_lineno = src->first_lineno; return bindval; } @@ -317,30 +319,7 @@ VALUE rb_binding_new_with_cfp(rb_thread_t *th, const rb_control_frame_t *src_cfp) { - rb_control_frame_t *cfp = rb_vm_get_binding_creatable_next_cfp(th, src_cfp); - rb_control_frame_t *ruby_level_cfp = rb_vm_get_ruby_level_next_cfp(th, src_cfp); - VALUE bindval, envval; - rb_binding_t *bind; - - if (cfp == 0 || ruby_level_cfp == 0) { - rb_raise(rb_eRuntimeError, "Can't create Binding Object on top of Fiber."); - } - - while (1) { - envval = rb_vm_make_env_object(th, cfp); - if (cfp == ruby_level_cfp) { - break; - } - cfp = rb_vm_get_binding_creatable_next_cfp(th, RUBY_VM_PREVIOUS_CONTROL_FRAME(cfp)); - } - - bindval = binding_alloc(rb_cBinding); - GetBindingPtr(bindval, bind); - bind->env = envval; - bind->path = ruby_level_cfp->iseq->location.path; - bind->first_lineno = rb_vm_get_sourceline(ruby_level_cfp); - - return bindval; + return rb_vm_make_binding(th, src_cfp); } VALUE @@ -1666,6 +1645,7 @@ if (noex == NOEX_MODFUNC) { rb_method_entry_set(rb_singleton_class(mod), id, method->me, NOEX_PUBLIC); } + RB_GC_GUARD(body); } else if (rb_obj_is_proc(body)) { rb_proc_t *proc; @@ -2408,9 +2388,10 @@ } } - bindval = binding_alloc(rb_cBinding); + bindval = rb_binding_alloc(rb_cBinding); GetBindingPtr(bindval, bind); bind->env = proc->envval; + bind->blockprocval = proc->blockprocval; if (RUBY_VM_NORMAL_ISEQ_P(proc->block.iseq)) { bind->path = proc->block.iseq->location.path; bind->first_lineno = FIX2INT(rb_iseq_first_lineno(proc->block.iseq->self)); diff -Nru ruby2.1-2.1.3/regcomp.c ruby2.1-2.1.4/regcomp.c --- ruby2.1-2.1.3/regcomp.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/regcomp.c 2014-10-27 09:25:17.000000000 -0200 @@ -4495,6 +4495,9 @@ if (right_len == 0) { to->right_anchor |= left->right_anchor; } + else { + to->right_anchor |= (left->right_anchor & ANCHOR_PREC_READ_NOT); + } } static int @@ -5068,7 +5071,8 @@ case ANCHOR_END_BUF: case ANCHOR_SEMI_END_BUF: case ANCHOR_END_LINE: - case ANCHOR_LOOK_BEHIND: /* just for (?<=x).* */ + case ANCHOR_LOOK_BEHIND: /* just for (?<=x).* */ + case ANCHOR_PREC_READ_NOT: /* just for (?!x).* */ add_opt_anc_info(&opt->anc, NANCHOR(node)->type); break; @@ -5091,7 +5095,6 @@ } break; - case ANCHOR_PREC_READ_NOT: case ANCHOR_LOOK_BEHIND_NOT: break; } @@ -5357,7 +5360,8 @@ ANCHOR_BEGIN_POSITION | ANCHOR_ANYCHAR_STAR | ANCHOR_ANYCHAR_STAR_ML | ANCHOR_LOOK_BEHIND); - reg->anchor |= opt.anc.right_anchor & (ANCHOR_END_BUF | ANCHOR_SEMI_END_BUF); + reg->anchor |= opt.anc.right_anchor & (ANCHOR_END_BUF | ANCHOR_SEMI_END_BUF | + ANCHOR_PREC_READ_NOT); if (reg->anchor & (ANCHOR_END_BUF | ANCHOR_SEMI_END_BUF)) { reg->anchor_dmin = opt.len.min; diff -Nru ruby2.1-2.1.3/regexec.c ruby2.1-2.1.4/regexec.c --- ruby2.1-2.1.3/regexec.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/regexec.c 2014-10-27 09:25:17.000000000 -0200 @@ -4184,7 +4184,7 @@ prev = s; s += enclen(reg->enc, s, end); - if ((reg->anchor & ANCHOR_LOOK_BEHIND) == 0) { + if ((reg->anchor & (ANCHOR_LOOK_BEHIND | ANCHOR_PREC_READ_NOT)) == 0) { while (!ONIGENC_IS_MBC_NEWLINE_EX(reg->enc, prev, str, end, reg->options, 0) && s < range) { prev = s; diff -Nru ruby2.1-2.1.3/signal.c ruby2.1-2.1.4/signal.c --- ruby2.1-2.1.3/signal.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/signal.c 2014-10-27 09:25:17.000000000 -0200 @@ -343,6 +343,7 @@ raise(sig); } +static RETSIGTYPE sighandler(int sig); static int signal_ignored(int sig); static void signal_enque(int sig); @@ -449,6 +450,7 @@ rb_pid_t pid = NUM2PIDT(argv[i]); if ((sig != 0) && (self != -1) && (pid == self)) { + int t; /* * When target pid is self, many caller assume signal will be * delivered immediately and synchronously. @@ -467,7 +469,12 @@ ruby_kill(pid, sig); break; default: - if (signal_ignored(sig)) break; + t = signal_ignored(sig); + if (t) { + if (t < 0 && kill(pid, sig)) + rb_sys_fail(0); + break; + } signal_enque(sig); wakeup = 1; } @@ -612,16 +619,19 @@ static int signal_ignored(int sig) { + sighandler_t func; #ifdef POSIX_SIGNAL struct sigaction old; (void)VALGRIND_MAKE_MEM_DEFINED(&old, sizeof(old)); if (sigaction(sig, NULL, &old) < 0) return FALSE; - return old.sa_handler == SIG_IGN; + func = old.sa_handler; #else sighandler_t old = signal(sig, SIG_DFL); signal(sig, old); - return old == SIG_IGN; + func = old; #endif + if (func == SIG_IGN) return 1; + return func == sighandler ? 0 : -1; } static void diff -Nru ruby2.1-2.1.3/test/fileutils/test_fileutils.rb ruby2.1-2.1.4/test/fileutils/test_fileutils.rb --- ruby2.1-2.1.3/test/fileutils/test_fileutils.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/fileutils/test_fileutils.rb 2014-10-27 09:25:17.000000000 -0200 @@ -420,6 +420,12 @@ assert_raise(Errno::ELOOP) { mv 'tmp/symlink', 'tmp/symlink' } + # unexist symlink + File.symlink 'xxx', 'tmp/src' + assert_nothing_raised { + mv 'tmp/src', 'tmp/dest' + } + assert_equal true, File.symlink?('tmp/dest') end if have_symlink? def test_mv_pathname diff -Nru ruby2.1-2.1.3/test/minitest/test_minitest_unit.rb ruby2.1-2.1.4/test/minitest/test_minitest_unit.rb --- ruby2.1-2.1.3/test/minitest/test_minitest_unit.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/minitest/test_minitest_unit.rb 2014-10-27 09:25:17.000000000 -0200 @@ -197,11 +197,7 @@ end def util_expand_bt bt - if RUBY_VERSION >= '1.9.0' then - bt.map { |f| (f =~ /^\./) ? File.expand_path(f) : f } - else - bt - end + bt.map { |f| (f =~ /^\./) ? File.expand_path(f) : f } end end diff -Nru ruby2.1-2.1.3/test/openssl/test_ssl.rb ruby2.1-2.1.4/test/openssl/test_ssl.rb --- ruby2.1-2.1.3/test/openssl/test_ssl.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/openssl/test_ssl.rb 2014-10-27 09:25:17.000000000 -0200 @@ -4,10 +4,6 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase - TLS_DEFAULT_OPS = defined?(OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS) ? - OpenSSL::SSL::OP_ALL & ~OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS : - OpenSSL::SSL::OP_ALL - def test_ctx_setup ctx = OpenSSL::SSL::SSLContext.new assert_equal(ctx.setup, true) @@ -276,7 +272,7 @@ ctx = OpenSSL::SSL::SSLContext.new ctx.set_params assert_equal(OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode) - assert_equal(TLS_DEFAULT_OPS, ctx.options) + assert_equal(OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options], ctx.options) ciphers = ctx.ciphers ciphers_versions = ciphers.collect{|_, v, _, _| v } ciphers_names = ciphers.collect{|v, _, _, _| v } diff -Nru ruby2.1-2.1.3/test/rexml/test_document.rb ruby2.1-2.1.4/test/rexml/test_document.rb --- ruby2.1-2.1.3/test/rexml/test_document.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/rexml/test_document.rb 2014-10-27 09:25:17.000000000 -0200 @@ -47,6 +47,20 @@ </member> EOF + XML_WITH_NESTED_PARAMETER_ENTITY = <<EOF +<!DOCTYPE root [ + <!ENTITY % a "BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM.BOOM."> + <!ENTITY % b "%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;%a;"> + <!ENTITY % c "%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;%b;"> + <!ENTITY % d "%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;%c;"> + <!ENTITY % e "%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;%d;"> + <!ENTITY % f "%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;%e;"> + <!ENTITY % g "%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;%f;"> + <!ENTITY test "test %g;"> +]> +<cd></cd> +EOF + XML_WITH_4_ENTITY_EXPANSION = <<EOF <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE member [ @@ -83,6 +97,19 @@ end ensure REXML::Security.entity_expansion_limit = 10000 + end + + def test_entity_expansion_limit_for_parameter_entity + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) + end + REXML::Security.entity_expansion_limit = 100 + assert_equal(100, REXML::Security.entity_expansion_limit) + assert_raise(REXML::ParseException) do + REXML::Document.new(XML_WITH_NESTED_PARAMETER_ENTITY) + end + ensure + REXML::Security.entity_expansion_limit = 10000 end def test_tag_in_cdata_with_not_ascii_only_but_ascii8bit_encoding_source diff -Nru ruby2.1-2.1.3/test/rexml/test_entity.rb ruby2.1-2.1.4/test/rexml/test_entity.rb --- ruby2.1-2.1.3/test/rexml/test_entity.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/rexml/test_entity.rb 2014-10-27 09:25:17.000000000 -0200 @@ -122,6 +122,22 @@ end end + def test_entity_string_limit_for_parameter_entity + template = '<!DOCTYPE bomb [ <!ENTITY % a "^" > <!ENTITY bomb "$" > ]><root/>' + len = 5120 # 5k per entity + template.sub!(/\^/, "B" * len) + + # 10k is OK + entities = '%a;' * 2 # 5k entity * 2 = 10k + REXML::Document.new(template.sub(/\$/, entities)) + + # above 10k explodes + entities = '%a;' * 3 # 5k entity * 2 = 15k + assert_raises(REXML::ParseException) do + REXML::Document.new(template.sub(/\$/, entities)) + end + end + def test_raw source = '<!DOCTYPE foo [ <!ENTITY ent "replace"> diff -Nru ruby2.1-2.1.3/test/ripper/test_scanner_events.rb ruby2.1-2.1.4/test/ripper/test_scanner_events.rb --- ruby2.1-2.1.3/test/ripper/test_scanner_events.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ripper/test_scanner_events.rb 2014-10-27 09:25:17.000000000 -0200 @@ -708,6 +708,10 @@ assert_equal ["there\n""heredoc", "\n"], scan('tstring_content', "<<""EOS\n""there\n""heredoc\#@foo\nEOS"), bug7255 + bug10392 = '[ruby-dev:48647] [Bug #10392]' + assert_equal [" E\n\n"], + scan('tstring_content', "<<""'E'\n E\n\n"), + bug10392 end def test_heredoc_end diff -Nru ruby2.1-2.1.3/test/ruby/test_eval.rb ruby2.1-2.1.4/test/ruby/test_eval.rb --- ruby2.1-2.1.3/test/ruby/test_eval.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_eval.rb 2014-10-27 09:25:17.000000000 -0200 @@ -484,4 +484,19 @@ assert_same a, b end + + def test_gced_binding_block + assert_normal_exit %q{ + def m + binding + end + GC.stress = true + b = nil + tap do + b = m {} + end + 0.times.to_a + b.eval('yield') + }, '[Bug #10368]' + end end diff -Nru ruby2.1-2.1.3/test/ruby/test_keyword.rb ruby2.1-2.1.4/test/ruby/test_keyword.rb --- ruby2.1-2.1.3/test/ruby/test_keyword.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_keyword.rb 2014-10-27 09:25:17.000000000 -0200 @@ -325,7 +325,9 @@ assert_equal([[:keyreq, :a], [:keyrest, :b]], o.method(:bar).parameters, feature7701) assert_raise_with_message(ArgumentError, /missing keyword/, bug8139) {o.bar(c: bug8139)} assert_raise_with_message(ArgumentError, /missing keyword/, bug8139) {o.bar} + end + def test_required_keyword_with_newline bug9669 = '[ruby-core:61658] [Bug #9669]' assert_nothing_raised(SyntaxError, bug9669) do eval(<<-'end;', nil, __FILE__, __LINE__) @@ -335,6 +337,7 @@ end; end assert_equal(42, bug9669.foo(a: 42)) + o = nil assert_nothing_raised(SyntaxError, bug9669) do eval(<<-'end;', nil, __FILE__, __LINE__) o = { @@ -346,6 +349,17 @@ assert_equal({a: 1}, o, bug9669) end + def test_required_keyword_with_reserved + bug10279 = '[ruby-core:65211] [Bug #10279]' + h = nil + assert_nothing_raised(SyntaxError, bug10279) do + break eval(<<-'end;', nil, __FILE__, __LINE__) + h = {a: if true then 42 end} + end; + end + assert_equal({a: 42}, h, bug10279) + end + def test_block_required_keyword feature7701 = '[ruby-core:51454] [Feature #7701] required keyword argument' b = assert_nothing_raised(SyntaxError, feature7701) do @@ -491,4 +505,19 @@ tap { prc.call } }, bug8964 end + + def test_unknown_keyword_with_block + bug10413 = '[ruby-core:65837] [Bug #10413]' + class << (o = Object.new) + def bar(k2: 'v2') + end + + def foo + bar(k1: 1) + end + end + assert_raise_with_message(ArgumentError, /unknown keyword: k1/, bug10413) { + o.foo {raise "unreachable"} + } + end end diff -Nru ruby2.1-2.1.3/test/ruby/test_module.rb ruby2.1-2.1.4/test/ruby/test_module.rb --- ruby2.1-2.1.3/test/ruby/test_module.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_module.rb 2014-10-27 09:25:17.000000000 -0200 @@ -1957,6 +1957,30 @@ } end + def test_inspect_segfault + bug_10282 = '[ruby-core:65214] [Bug #10282]' + assert_separately [], <<-RUBY + module ShallowInspect + def shallow_inspect + "foo" + end + end + + module InspectIsShallow + include ShallowInspect + alias_method :inspect, :shallow_inspect + end + + class A + end + + A.prepend InspectIsShallow + + expect = "#<Method: A(Object)#inspect(shallow_inspect)>" + assert_equal expect, A.new.method(:inspect).inspect, "#{bug_10282}" + RUBY + end + private def assert_top_method_is_private(method) diff -Nru ruby2.1-2.1.3/test/ruby/test_object.rb ruby2.1-2.1.4/test/ruby/test_object.rb --- ruby2.1-2.1.3/test/ruby/test_object.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_object.rb 2014-10-27 09:25:17.000000000 -0200 @@ -298,6 +298,15 @@ $VERBOSE = false def (Object.new).__send__; end INPUT + + bug10421 = '[ruby-dev:48691] [Bug #10421]' + assert_in_out_err([], <<-INPUT, ["1"], [], bug10421) + $VERBOSE = false + class C < BasicObject + def object_id; 1; end + end + puts C.new.object_id + INPUT end def test_remove_method diff -Nru ruby2.1-2.1.3/test/ruby/test_signal.rb ruby2.1-2.1.4/test/ruby/test_signal.rb --- ruby2.1-2.1.3/test/ruby/test_signal.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_signal.rb 2014-10-27 09:25:17.000000000 -0200 @@ -278,5 +278,17 @@ Process.kill(:INT, $$) end end; + + if trap = Signal.list['TRAP'] + bug9820 = '[ruby-dev:48592] [Bug #9820]' + status = assert_in_out_err(['-e', 'Process.kill(:TRAP, $$)']) + assert_predicate(status, :signaled?, bug9820) + assert_equal(trap, status.termsig, bug9820) + end + + if Signal.list['CONT'] + bug9820 = '[ruby-dev:48606] [Bug #9820]' + assert_ruby_status(['-e', 'Process.kill(:CONT, $$)']) + end end if Process.respond_to?(:kill) end diff -Nru ruby2.1-2.1.3/test/ruby/test_super.rb ruby2.1-2.1.4/test/ruby/test_super.rb --- ruby2.1-2.1.3/test/ruby/test_super.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_super.rb 2014-10-27 09:25:17.000000000 -0200 @@ -494,4 +494,19 @@ end assert_equal(%w[B A], result, bug9721) end + + def test_from_eval + bug10263 = '[ruby-core:65122] [Bug #10263a]' + a = Class.new do + def foo + "A" + end + end + b = Class.new(a) do + def foo + binding.eval("super") + end + end + assert_equal("A", b.new.foo, bug10263) + end end diff -Nru ruby2.1-2.1.3/test/ruby/test_time_tz.rb ruby2.1-2.1.4/test/ruby/test_time_tz.rb --- ruby2.1-2.1.3/test/ruby/test_time_tz.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/ruby/test_time_tz.rb 2014-10-27 09:25:17.000000000 -0200 @@ -2,34 +2,43 @@ class TestTimeTZ < Test::Unit::TestCase has_right_tz = true + has_lisbon_tz = true force_tz_test = ENV["RUBY_FORCE_TIME_TZ_TEST"] == "yes" case RUBY_PLATFORM when /linux/ force_tz_test = true when /darwin|freebsd/ - has_right_tz = false + has_lisbon_tz = false force_tz_test = true end if force_tz_test - def with_tz(tz) - old = ENV["TZ"] - begin - ENV["TZ"] = tz - yield - ensure - ENV["TZ"] = old + module Util + def with_tz(tz) + old = ENV["TZ"] + begin + ENV["TZ"] = tz + yield + ensure + ENV["TZ"] = old + end end end else - def with_tz(tz) - if ENV["TZ"] == tz - yield + module Util + def with_tz(tz) + if ENV["TZ"] == tz + yield + end end end end module Util + def have_tz_offset?(tz) + with_tz(tz) {!Time.now.utc_offset.zero?} + end + def format_gmtoff(gmtoff, colon=false) if gmtoff < 0 expected = "-" @@ -72,14 +81,11 @@ include Util extend Util - if RUBY_VERSION < "1.9" - def time_to_s(t) - t.strftime("%Y-%m-%d %H:%M:%S ") + format_gmtoff(t.gmtoff) - end - else - def time_to_s(t) - t.to_s - end + has_right_tz &&= have_tz_offset?("right/America/Los_Angeles") + has_lisbon_tz &&= have_tz_offset?("Europe/Lisbon") + + def time_to_s(t) + t.to_s end @@ -153,7 +159,7 @@ with_tz(tz="Europe/Lisbon") { assert_equal("LMT", Time.new(-0x1_0000_0000_0000_0000).zone) } - end if has_right_tz + end if has_lisbon_tz def test_europe_moscow with_tz(tz="Europe/Moscow") { @@ -200,35 +206,42 @@ s.sub(/gen_/) { "gen" + "_#{hint}_".gsub(/[^0-9A-Za-z]+/, '_') } end + def self.parse_zdump_line(line) + return nil if /\A\#/ =~ line || /\A\s*\z/ =~ line + if /\A(\S+)\s+ + \S+\s+(\S+)\s+(\d+)\s+(\d\d):(\d\d):(\d\d)\s+(\d+)\s+UTC? + \s+=\s+ + \S+\s+(\S+)\s+(\d+)\s+(\d\d):(\d\d):(\d\d)\s+(\d+)\s+\S+ + \s+isdst=\d+\s+gmtoff=(-?\d+)\n + \z/x !~ line + raise "unexpected zdump line: #{line.inspect}" + end + tz, u_mon, u_day, u_hour, u_min, u_sec, u_year, + l_mon, l_day, l_hour, l_min, l_sec, l_year, gmtoff = $~.captures + u_year = u_year.to_i + u_mon = MON2NUM[u_mon] + u_day = u_day.to_i + u_hour = u_hour.to_i + u_min = u_min.to_i + u_sec = u_sec.to_i + l_year = l_year.to_i + l_mon = MON2NUM[l_mon] + l_day = l_day.to_i + l_hour = l_hour.to_i + l_min = l_min.to_i + l_sec = l_sec.to_i + gmtoff = gmtoff.to_i + [tz, + [u_year, u_mon, u_day, u_hour, u_min, u_sec], + [l_year, l_mon, l_day, l_hour, l_min, l_sec], + gmtoff] + end + def self.gen_zdump_test(data) sample = [] data.each_line {|line| - next if /\A\#/ =~ line || /\A\s*\z/ =~ line - /\A(\S+)\s+ - \S+\s+(\S+)\s+(\d+)\s+(\d\d):(\d\d):(\d\d)\s+(\d+)\s+UTC - \s+=\s+ - \S+\s+(\S+)\s+(\d+)\s+(\d\d):(\d\d):(\d\d)\s+(\d+)\s+\S+ - \s+isdst=\d+\s+gmtoff=(-?\d+)\n - \z/x =~ line - tz, u_mon, u_day, u_hour, u_min, u_sec, u_year, - l_mon, l_day, l_hour, l_min, l_sec, l_year, gmtoff = $~.captures - u_year = u_year.to_i - u_mon = MON2NUM[u_mon] - u_day = u_day.to_i - u_hour = u_hour.to_i - u_min = u_min.to_i - u_sec = u_sec.to_i - l_year = l_year.to_i - l_mon = MON2NUM[l_mon] - l_day = l_day.to_i - l_hour = l_hour.to_i - l_min = l_min.to_i - l_sec = l_sec.to_i - gmtoff = gmtoff.to_i - sample << [tz, - [u_year, u_mon, u_day, u_hour, u_min, u_sec], - [l_year, l_mon, l_day, l_hour, l_min, l_sec], - gmtoff] + s = parse_zdump_line(line) + sample << s if s } sample.each {|tz, u, l, gmtoff| expected_utc = "%04d-%02d-%02d %02d:%02d:%02d UTC" % u @@ -249,6 +262,7 @@ } } } + group_by(sample) {|tz, _, _, _| tz }.each {|tz, a| a.each_with_index {|(_, u, l, gmtoff), i| expected = "%04d-%02d-%02d %02d:%02d:%02d %s" % (l+[format_gmtoff(gmtoff)]) @@ -348,6 +362,45 @@ #right/Asia/Tokyo Sat Dec 31 23:59:60 2005 UTC = Sun Jan 1 08:59:60 2006 JST isdst=0 gmtoff=32400 right/Europe/Paris Fri Jun 30 23:59:60 1972 UTC = Sat Jul 1 00:59:60 1972 CET isdst=0 gmtoff=3600 right/Europe/Paris Wed Dec 31 23:59:60 2008 UTC = Thu Jan 1 00:59:60 2009 CET isdst=0 gmtoff=3600 +End + + def self.gen_variational_zdump_test(hint, data) + sample = [] + data.each_line {|line| + s = parse_zdump_line(line) + sample << s if s + } + + define_method(gen_test_name(hint)) { + results = [] + sample.each {|tz, u, l, gmtoff| + expected_utc = "%04d-%02d-%02d %02d:%02d:%02d UTC" % u + expected = "%04d-%02d-%02d %02d:%02d:%02d %s" % (l+[format_gmtoff(gmtoff)]) + mesg_utc = "TZ=#{tz} Time.utc(#{u.map {|arg| arg.inspect }.join(', ')})" + mesg = "#{mesg_utc}.localtime" + with_tz(tz) { + t = nil + assert_nothing_raised(mesg) { t = Time.utc(*u) } + assert_equal(expected_utc, time_to_s(t), mesg_utc) + assert_nothing_raised(mesg) { t.localtime } + + results << [ + expected == time_to_s(t), + gmtoff == t.gmtoff, + format_gmtoff(gmtoff) == t.strftime("%z"), + format_gmtoff(gmtoff, true) == t.strftime("%:z"), + format_gmtoff2(gmtoff) == t.strftime("%::z") + ] + } + } + assert_includes(results, [true, true, true, true, true]) + } + end + + # tzdata-2014g fixed the offset for lisbon from -0:36:32 to -0:36:45. + # [ruby-core:65058] [Bug #10245] + gen_variational_zdump_test "lisbon", <<'End' if has_lisbon_tz Europe/Lisbon Mon Jan 1 00:36:31 1912 UTC = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2192 +Europe/Lisbon Mon Jan 1 00:36:44 1912 UT = Sun Dec 31 23:59:59 1911 LMT isdst=0 gmtoff=-2205 End end diff -Nru ruby2.1-2.1.3/test/stringio/test_stringio.rb ruby2.1-2.1.4/test/stringio/test_stringio.rb --- ruby2.1-2.1.3/test/stringio/test_stringio.rb 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/test/stringio/test_stringio.rb 2014-10-27 09:25:17.000000000 -0200 @@ -137,6 +137,18 @@ assert_equal(Encoding::UTF_8, s.encoding, "honor the original encoding over ASCII-8BIT") end + def test_set_encoding + bug10285 = '[ruby-core:65240] [Bug #10285]' + f = StringIO.new() + f.set_encoding(Encoding::ASCII_8BIT) + f.write("quz \x83 mat".b) + s = "foo \x97 bar".force_encoding(Encoding::WINDOWS_1252) + assert_nothing_raised(Encoding::CompatibilityError, bug10285) { + f.write(s) + } + assert_equal(Encoding::ASCII_8BIT, f.string.encoding, bug10285) + end + def test_mode_error f = StringIO.new("", "r") assert_raise(IOError) { f.write("foo") } diff -Nru ruby2.1-2.1.3/version.h ruby2.1-2.1.4/version.h --- ruby2.1-2.1.3/version.h 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/version.h 2014-10-27 09:25:17.000000000 -0200 @@ -1,10 +1,10 @@ -#define RUBY_VERSION "2.1.3" -#define RUBY_RELEASE_DATE "2014-09-19" -#define RUBY_PATCHLEVEL 242 +#define RUBY_VERSION "2.1.4" +#define RUBY_RELEASE_DATE "2014-10-27" +#define RUBY_PATCHLEVEL 265 #define RUBY_RELEASE_YEAR 2014 -#define RUBY_RELEASE_MONTH 9 -#define RUBY_RELEASE_DAY 19 +#define RUBY_RELEASE_MONTH 10 +#define RUBY_RELEASE_DAY 27 #include "ruby/version.h" diff -Nru ruby2.1-2.1.3/vm.c ruby2.1-2.1.4/vm.c --- ruby2.1-2.1.3/vm.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/vm.c 2014-10-27 09:25:17.000000000 -0200 @@ -688,6 +688,39 @@ return procval; } +/* Binding */ + +VALUE +rb_vm_make_binding(rb_thread_t *th, const rb_control_frame_t *src_cfp) +{ + rb_control_frame_t *cfp = rb_vm_get_binding_creatable_next_cfp(th, src_cfp); + rb_control_frame_t *ruby_level_cfp = rb_vm_get_ruby_level_next_cfp(th, src_cfp); + VALUE bindval, envval; + rb_binding_t *bind; + VALUE blockprocval = 0; + + if (cfp == 0 || ruby_level_cfp == 0) { + rb_raise(rb_eRuntimeError, "Can't create Binding Object on top of Fiber."); + } + + while (1) { + envval = vm_make_env_object(th, cfp, &blockprocval); + if (cfp == ruby_level_cfp) { + break; + } + cfp = rb_vm_get_binding_creatable_next_cfp(th, RUBY_VM_PREVIOUS_CONTROL_FRAME(cfp)); + } + + bindval = rb_binding_alloc(rb_cBinding); + GetBindingPtr(bindval, bind); + bind->env = envval; + bind->path = ruby_level_cfp->iseq->location.path; + bind->blockprocval = blockprocval; + bind->first_lineno = rb_vm_get_sourceline(ruby_level_cfp); + + return bindval; +} + VALUE * rb_binding_add_dynavars(rb_binding_t *bind, int dyncount, const ID *dynvars) { @@ -699,6 +732,7 @@ NODE *node = 0; ID minibuf[4], *dyns = minibuf; VALUE idtmp = 0; + VALUE blockprocval = 0; if (dyncount < 0) return 0; @@ -719,7 +753,8 @@ ALLOCV_END(idtmp); vm_set_eval_stack(th, iseqval, 0, base_block); - bind->env = rb_vm_make_env_object(th, th->cfp); + bind->env = vm_make_env_object(th, th->cfp, &blockprocval); + bind->blockprocval = blockprocval; vm_pop_frame(th); GetEnvPtr(bind->env, env); diff -Nru ruby2.1-2.1.3/vm_core.h ruby2.1-2.1.4/vm_core.h --- ruby2.1-2.1.3/vm_core.h 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/vm_core.h 2014-10-27 09:25:17.000000000 -0200 @@ -726,6 +726,7 @@ typedef struct { VALUE env; VALUE path; + VALUE blockprocval; /* for GC mark */ unsigned short first_lineno; } rb_binding_t; @@ -842,6 +843,7 @@ /* VM related object allocate functions */ VALUE rb_thread_alloc(VALUE klass); VALUE rb_proc_alloc(VALUE klass); +VALUE rb_binding_alloc(VALUE klass); /* for debug */ extern void rb_vmdebug_stack_dump_raw(rb_thread_t *, rb_control_frame_t *); @@ -862,6 +864,7 @@ VALUE rb_vm_invoke_proc(rb_thread_t *th, rb_proc_t *proc, int argc, const VALUE *argv, const rb_block_t *blockptr); VALUE rb_vm_make_proc(rb_thread_t *th, const rb_block_t *block, VALUE klass); +VALUE rb_vm_make_binding(rb_thread_t *th, const rb_control_frame_t *src_cfp); VALUE rb_vm_make_env_object(rb_thread_t *th, rb_control_frame_t *cfp); VALUE rb_binding_new_with_cfp(rb_thread_t *th, const rb_control_frame_t *src_cfp); VALUE *rb_binding_add_dynavars(rb_binding_t *bind, int dyncount, const ID *dynvars); diff -Nru ruby2.1-2.1.3/vm_eval.c ruby2.1-2.1.4/vm_eval.c --- ruby2.1-2.1.3/vm_eval.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/vm_eval.c 2014-10-27 09:25:17.000000000 -0200 @@ -1211,7 +1211,7 @@ absolute_path = file; } - if (scope != Qnil) { + if (!NIL_P(scope)) { bind = Check_TypedStruct(scope, &ruby_binding_data_type); { envval = bind->env; @@ -1261,6 +1261,7 @@ COPY_CREF(cref, orig_cref); } vm_set_eval_stack(th, iseqval, cref, base_block); + th->cfp->klass = CLASS_OF(base_block->self); RB_GC_GUARD(crefval); if (0) { /* for debug */ diff -Nru ruby2.1-2.1.3/vm_method.c ruby2.1-2.1.4/vm_method.c --- ruby2.1-2.1.3/vm_method.c 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/vm_method.c 2014-10-27 09:25:17.000000000 -0200 @@ -181,6 +181,7 @@ xfree(me); } +static inline rb_method_entry_t *search_method(VALUE klass, ID id, VALUE *defined_class_ptr); static int rb_method_definition_eq(const rb_method_definition_t *d1, const rb_method_definition_t *d2); static inline rb_method_entry_t * @@ -355,7 +356,7 @@ } /* check mid */ if (mid == object_id || mid == id__send__) { - if (type == VM_METHOD_TYPE_ISEQ) { + if (type == VM_METHOD_TYPE_ISEQ && search_method(klass, mid, 0)) { rb_warn("redefining `%s' may cause serious problems", rb_id2name(mid)); } } diff -Nru ruby2.1-2.1.3/win32/Makefile.sub ruby2.1-2.1.4/win32/Makefile.sub --- ruby2.1-2.1.3/win32/Makefile.sub 2014-09-18 13:58:44.000000000 -0300 +++ ruby2.1-2.1.4/win32/Makefile.sub 2014-10-27 09:25:17.000000000 -0200 @@ -377,6 +377,8 @@ !else if exist($(srcdir)/.git) VCS = git VCSUP = $(VCS) pull $(GITPULLOPTIONS) +!else +VCSUP = rem !endif ruby_pc = $(RUBY_BASE_NAME)-$(MAJOR).$(MINOR).pcAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: Antonio Terceiro <terceiro@debian.org>, 767258-done@bugs.debian.org
- Subject: Re: Bug#767258: unblock: ruby2.1/2.1.4-1
- From: Niels Thykier <niels@thykier.net>
- Date: Thu, 30 Oct 2014 21:38:52 +0100
- Message-id: <5452A1DC.90405@thykier.net>
- In-reply-to: <[🔎] 20141029161558.GA27753@debian.org>
- References: <[🔎] 20141029161558.GA27753@debian.org>
On 2014-10-29 17:15, Antonio Terceiro wrote: > Package: release.debian.org > Severity: normal > User: release.debian.org@packages.debian.org > Usertags: unblock > > Please unblock package ruby2.1, or age it so that it gets into testing > before the freeze. > > This is a new bug fix only upstream release, which contains fixes for > two security issues. Quoting the changelog: > > * New upstream version > - CVE-2014-8080: Denial of Service in XML Expansion > - Changes default settings in OpenSSL bindings to not use deprecated and > insecure ciphers; avoids issues associated to CVE-2014-3566 (i.e. the > "POODLE" bug in OpenSSL) > > The debdiff against the package in testing is attached. It does contains > other bugfixes, but no API/ABI changes and nothing that should disrupt > existing software unless said software is actually depending on those > bugs. > > unblock ruby2.1/2.1.4-1 > > [...] Aged to 5 days. ~Niels
--- End Message ---