Wed Mar 28 23:48:24 2018  Eric Wong  <normalperson@yhbt.net>

	webrick: prevent response splitting and header injection

	Original patch by tenderlove (with minor style adjustments).

	* lib/webrick/httpresponse.rb (send_header): call check_header
	  (check_header): raise on embedded CRLF in header value
	* test/webrick/test_httpresponse.rb
	  (test_prevent_response_splitting_headers): new test
	* (test_prevent_response_splitting_cookie_headers): ditto

Wed Mar 28 23:45:36 2018  Eric Wong  <normalperson@yhbt.net>

	webrick: use IO.copy_stream for multipart response

	Use the new Proc response body feature to generate a multipart
	range response dynamically.  We use a flat array to minimize
	object overhead as much as possible; as many ranges may fit
	into an HTTP request header.

	* lib/webrick/httpservlet/filehandler.rb (multipart_body): new method
	  (make_partial_content): use multipart_body

	webrick/httprequest: limit request headers size

	We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
	and Puma to prevent malicious users from using up all the memory
	with a single request.  This also limits the damage done by
	excessive ranges in multipart Range: requests.

	Due to the way we rely on IO#gets and the desire to keep
	the code simple, the actual maximum header may be 4093 bytes
	larger than 112 KB, but we're splitting hairs at that point.

	* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
	  (read_header): raise when headers exceed max length

	webrick/httpservlet/cgihandler: reduce memory use

	WEBrick::HTTPRequest#body can be passed a block to process the
	body in chunks.  Use this feature to avoid building a giant
	string in memory.

	* lib/webrick/httpservlet/cgihandler.rb (do_GET):
	  avoid reading entire request body into memory
	  (do_POST is aliased to do_GET, so it handles bodies)

	webrick/httprequest: raise correct exception

	"BadRequest" alone does not resolve correctly, it is in the
	HTTPStatus namespace.

	* lib/webrick/httprequest.rb (read_chunked): use correct exception
	* test/webrick/test_httpserver.rb (test_eof_in_chunk): new test

	webrick/httprequest: use InputBufferSize for chunked requests

	While WEBrick::HTTPRequest#body provides a Proc interface
	for streaming large request bodies, clients must not force
	the server to use an excessively large chunk size.

	* lib/webrick/httprequest.rb (read_chunk_size): limit each
	  read and block.call to :InputBufferSize in config.
	* test/webrick/test_httpserver.rb (test_big_chunks): new test

	webrick: add test for Digest auth-int

	No changes to the actual code, this is a new test for
	a feature for which no tests existed.  I don't understand
	the Digest authentication code well at all, but this is
	necessary for the subsequent change.

	* test/webrick/test_httpauth.rb (test_digest_auth_int): new test
	  (credentials_for_request): support bodies with POST

	webrick/httpauth/digestauth: stream req.body

	WARNING! WARNING! WARNING!  LIKELY BROKEN CHANGE

	Pass a proc to WEBrick::HTTPRequest#body to avoid reading a
	potentially large request body into memory during
	authentication.

	WARNING! this will break apps completely which want to do
	something with the body besides calculating the MD5 digest
	of it.

	Also, keep in mind that probably nobody uses "auth-int".
	Servers such as Apache, lighttpd, nginx don't seem to
	support it; nor does curl when using POST/PUT bodies;
	and we didn't have tests for it until now...

	* lib/webrick/httpauth/digestauth.rb (_authenticate): stream req.body

Wed Mar 28 23:41:53 2018  NAKAMURA Usaku  <usa@ruby-lang.org>

	get rid of test error/failure on Windows introduced at r62955

	* lib/webrick/httpresponse.rb (send_body_io): use seek if
	  NotImplementedError is raised in IO.copy_stream with offset.

	* lib/webrick/httpservlet/filehandler.rb (multipart_body): ditto.

Wed Mar 28 23:41:53 2018  Eric Wong  <normalperson@yhbt.net>

	webrick: support Proc objects as body responses

	* lib/webrick/httpresponse.rb (send_body): call send_body_proc
	  (send_body_proc): new method
	  (class ChunkedWrapper): new class

	* test/webrick/test_httpresponse.rb (test_send_body_proc): new test
	  (test_send_body_proc_chunked): ditto
	  [Feature #855]

	webrick: favor .write over << method

	This will make the next change to use IO.copy_stream
	easier-to-read.  When we can drop Ruby 2.4 support in a few
	years, this will allow us to use writev(2) with multiple
	arguments for headers and chunked responses.

	* lib/webrick/cgi.rb (write): new wrapper method
	  lib/webrick/httpresponse.rb: (send_header): use socket.write
	  (send_body_io): ditto
	  (send_body_string): ditto
	  (send_body_proc): ditto
	  (_write_data): ditto
	  (ChunkedWrapper#write): ditto
	  (_send_file): ditto

	webrick/httpresponse: IO.copy_stream for regular files

	Remove the redundant _send_file method since its functionality
	is unnecessary with IO.copy_stream.  IO.copy_stream also allows
	the use of sendfile under some OSes to speed up copies to
	non-TLS sockets.

	Testing with "curl >/dev/null" and "ruby -run -e httpd" to
	read a 1G file over Linux loopback reveals a reduction from
	around ~0.770 to ~0.490 seconds on the client side.

	* lib/webrick/httpresponse.rb (send_body_io): use IO.copy_stream
	  (_send_file): remove
	  [Feature #14237]

	webrick: use IO.copy_stream for single range response

	This is also compatible with range responses generated
	by Rack::File (tested with rack 2.0.3).

	* lib/webrick/httpresponse.rb (send_body_io): use Content-Range
	* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
	  use File object for the single range case
	* test/webrick/test_filehandler.rb (get_res_body): use send_body
	  to test result

	test/webrick/test_filehandler.rb: stricter multipart range test

	We need to ensure we generate compatibile output in
	the face of future changes

	* test/webrick/test_filehandler.rb (test_make_partial_content):
	  check response body

	webrick: quiet warning for multi-part ranges

	Content-Length is ignored by WEBrick::HTTPResponse even if we
	calculate it, so instead we chunk responses to HTTP/1.1 clients
	and terminate HTTP/1.0 connections.

	* lib/webrick/httpservlet/filehandler.rb (make_partial_content):
	  quiet warning

	webrick/httpresponse: make ChunkedWrapper copy_stream-compatible

	The .write method needs to return the number of bytes written
	to avoid confusing IO.copy_stream.

	* lib/webrick/httpresponse.rb (ChunkedWrapper#write): return bytes written
	  (ChunkedWrapper#<<): return self

	webrick: use IO.copy_stream for multipart response

	Use the new Proc response body feature to generate a multipart
	range response dynamically.  We use a flat array to minimize
	object overhead as much as possible; as many ranges may fit
	into an HTTP request header.

	* lib/webrick/httpservlet/filehandler.rb (multipart_body): new method
	  (make_partial_content): use multipart_body

Wed Mar 28 23:37:18 2018  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	pack.c: fix underflow

	* pack.c (pack_unpack_internal): get rid of underflow.
	  https://hackerone.com/reports/298246

Wed Mar 28 23:35:28 2018  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	unixsocket.c: check NUL bytes

	* ext/socket/unixsocket.c (rsock_init_unixsock): check NUL bytes.
	  https://hackerone.com/reports/302997

	unixsocket.c: abstract namespace

	* ext/socket/unixsocket.c (unixsock_path_value): fix r62991 for
	  Linux abstract namespace.

Wed Mar 28 23:30:32 2018  SHIBATA Hiroshi  <hsbt@ruby-lang.org>

	Ignore file separator from tmpfile/tmpdir name.

Wed Mar 28 23:27:23 2018  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	dir.c: check NUL bytes

	* dir.c (GlobPathValue): should be used in rb_push_glob only.
	  other methods should use FilePathValue.
	  https://hackerone.com/reports/302338

	* dir.c (rb_push_glob): expand GlobPathValue

Sat Feb 17 01:24:49 2018  SHIBATA Hiroshi  <hsbt@ruby-lang.org>

	Merge RubyGems 2.7.6 from upstream.

	It fixed some security vulnerabilities.

	http://blog.rubygems.org/2018/02/15/2.7.6-released.html

	fix regexp literal warning.

	* test/rubygems/test_gem_server.rb: eliminate duplicated character class warning.
	  [Bug #14481]

Fri Dec 15 00:08:26 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* test/net/ftp/test_ftp.rb (process_port_or_eprt): merge a part of
	  r56973 to pass the test introduced at previous commit.

Thu Dec 14 22:52:11 2017  Shugo Maeda  <shugo@ruby-lang.org>

	Fix a command injection vulnerability in Net::FTP.

Thu Dec 14 22:49:08 2017  SHIBATA Hiroshi  <hsbt@ruby-lang.org>

	Merge rubygems-2.6.14 changes.

	It fixed http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html

Thu Sep 14 20:44:26 2017  SHIBATA Hiroshi  <hsbt@ruby-lang.org>

	* ext/json: bump to version 1.8.1.1. [Backport #13853]

Thu Sep 14 20:39:39 2017  Kazuki Yamaguchi <k@rhe.jp>

	asn1: fix out-of-bounds read in decoding constructed objects

	* OpenSSL::ASN1.{decode,decode_all,traverse}: have a bug of
	  out-of-bounds read. int_ossl_asn1_decode0_cons() does not give the
	  correct available length to ossl_asn1_decode() when decoding the
	  inner components of a constructed object. This can cause
	  out-of-bounds read if a crafted input given.

	Reference: https://hackerone.com/reports/170316
	https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b

Thu Sep 14 20:36:54 2017  Yusuke Endoh  <mame@ruby-lang.org>

	lib/webrick/log.rb: sanitize any type of logs

	It had failed to sanitize some type of exception messages.  Reported and
	patched by Yusuke Endoh (mame) at https://hackerone.com/reports/223363

Thu Sep 14 20:33:52 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	Fix space flag when Inf/NaN and width==3

	* sprintf.c (rb_str_format): while "% 2f" and "% 4f" result in " Inf"
	  and " Inf" respectively, "% 3f" results in "Inf" (no space).

	Refactor "%f" % Inf/NaN

	* sprintf.c (rb_str_format): as for non-finite float, calculate the
	  exact needed size with the space flag.

Sun Sep 10 10:10:05 2017  SHIBATA Hiroshi  <hsbt@ruby-lang.org>

	* lib/rubygems: fix several vulnerabilities in RubyGems; bump to version
	  2.4.5.3. [Backport #13842]

Sat Sep  9 21:08:24 2017  SHIBATA Hiroshi  <hsbt@ruby-lang.org>

	* ext/psych/yaml: update libyaml to 0.1.7.

	* ext/psych/psych.gemspec: bump version to 2.0.8.1.

Tue Mar 28 15:39:26 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	configure.in: syscall is deprecated on macOS

	* configure.in: syscall is no longer supported on macOS since 10.12.
	  [Bug #13361]

Mon Mar 27 01:41:37 2017  NARUSE, Yui  <naruse@ruby-lang.org>

	* configure.in: improve ICC (Intel C Compiler) support.

	* configure.in (CXX): The name of icc's c++ compiler is `icpc`.

	* configure.in (warnings): Add `-diag-disable=2259` to suppress
	  noisy warnings: "non-pointer conversion from "..." to "..." may
	  lose significant bits".

	* configure.in (optflags): Add `-fp-model precise` like -fno-fast-math.

	* lib/mkmf.rb: icc supports -Werror=division-by-zero
	  and -Werror=deprecated-declarations, but doesn't support
	  -Wdivision-by-zero and -Wdeprecated-declarations.

Sun Mar 26 17:24:02 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* thread.c (rb_thread_fd_close): unintentionally removed at r58094.

Sun Mar 26 16:24:02 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* test/ruby/test_thread.rb (test_thread_interrupt_for_killed_thread):
	  may fix the test failure on some platforms introduced at r58108.

Sun Mar 26 16:22:03 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	envutil.rb: timeout_error argument to invoke_ruby

	* test/lib/envutil.rb (invoke_ruby): add `timeout_error` optional
	  keyword argument, the exception class to be raised if the target
	  process timed out.  if it is nil, no exception will be raised at
	  timeout but the terminated output, error, and status will be
	  returned.  defaulted to Timeout::Error.

	* test/lib/envutil.rb (assert_separately): check outputs and
	  status (including diagnostic reports) of timed-out process.

Sun Mar 26 13:07:21 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* thread.c (rb_thread_sleep_deadly_allow_spurious_wakeup): need to
	  mark as exported.  this may fix the load error introduced at r58115.

Sun Mar 26 03:55:45 2017  Marcus Stollsteimer  <sto.mar@web.de>

	docs for creating arrays

	* array.c: [DOC] add example for Array.new with block and index.
	  Reported by Don Cruickshank.  [ruby-core:68442] [Bug #10944]

Sun Mar 26 03:55:01 2017  Marcus Stollsteimer  <sto.mar@web.de>

	date_core.c: fix error in DateTime docs

	* ext/date/date_core.c: [DOC] fix format string for DateTime#rfc3339.
	  Reported by Andreas Rayo Kniep.  [ruby-core:68418] [Bug #10936]

	* ext/date/date_core.c: [DOC] ditto for DateTime#iso8601 and
	  DateTime#xmlschema; other small improvements.

Sun Mar 26 03:54:16 2017  Marcus Stollsteimer  <sto.mar@web.de>

	io.c: improve docs

	* io.c: [DOC] improve and harmonize docs for IO#read and ARGF#read;
	  fix invalid example code for IO#read to make it syntax highlighted.

	* io.c: [DOC] various improvements for docs of IO, ARGF, and Kernel:
	  fix indent to ensure correct code block detection; sync "outbuf"
	  paragraph for {IO,ARGF}#read, {IO,ARGF}#readpartial, and IO#sysread;
	  fix formatting of call-seq's; improve Kernel#open example to use nil?;
	  fix RDoc markup and typos.

Sun Mar 26 03:42:37 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	vm_method.c: resolve refined method to undef

	* vm_method.c (rb_undef): resolve the method entry which refines a
	  prepended method entry.  [ruby-core:78944] [Bug #13096]

Sun Mar 26 03:36:29 2017  Marcus Stollsteimer  <sto.mar@web.de>

	date_core.c: expand docs for Date shifting

	* ext/date/date_core.c: [DOC] expand docs for Date shifting

	  * add examples for Date#>> and Date#<< that clarify some edge cases
	  * add examples for Date#next_year and Date#prev_year
	  * add cross references to Date#>> and Date#<<

	  [ruby-core:79584] [Bug #13225]

Sun Mar 26 03:35:09 2017  Marcus Stollsteimer  <sto.mar@web.de>

	lib/ostruct.rb: [DOC] revise docs for OpenStruct

	* update paragraph on implementation:
	  define_singleton_method is used, not define_method
	* add call-seq with return values for each_pair
	* adopt description of dig from Array and Hash
	* fix description of the hash method
	* :nodoc: initialize_copy, respond_to_missing?
	* other small improvements, e.g. use the term `attribute' in the docs
	  (instead of `member'), which is clearer for users of the class
	* improve code examples: e.g. use more consistent style (always use
	  double quotes, drop `p' and `puts', ...), update inspect output,
	  use example data that is not prone to change (like population)
	* add more code examples
	* fix some small errors and grammar

	[ruby-core:79265] [Bug #13159]

Sun Mar 26 03:31:18 2017  Eric Wong  <normalperson@yhbt.net>

	doc: improve documentation for Binding [ci skip]

	* remove explicit return from code examples
	* grammar fixes
	* other small fixes

	Patch by: Marcus Stollsteimer <sto.mar@web.de>

	[ruby-core:79082] [Bug #13132]

Sun Mar 26 03:28:27 2017  Marcus Stollsteimer  <sto.mar@web.de>

	nodoc OptParse

	* lib/optparse.rb: [DOC] nodoc OptParse, introduced with r46126,
	  to avoid leaking of its documentation (OptionParser's docs) into
	  the class documentation of Object.  [ruby-core:79909] [Bug #13281]

Sun Mar 26 03:26:56 2017  Kazuhiro NISHIYAMA  <zn@mbf.nifty.com>

	rational.c: fix rdoc

	* rational.c: [DOC] fix wrong indentations and comment out some lines
	  in code examples to make them valid Ruby code and syntax highlighted
	  on the rendered page.

	[ci skip] [ruby-core:79607] [Bug #13233]
	Author:    Marcus Stollsteimer <sto.mar@web.de>

Sun Mar 26 03:24:28 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	fileutils.rb: do not make root

	* lib/fileutils.rb (FileUtils#mkdir_p): no need to make root
	  directory which should be exist and cannot be made with mkdir
	  recent Cygwin can make a directory contains a colon.
	  [Bug #13214]

Sun Mar 26 03:22:34 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	win32/resolv.rb: ad hoc workaround

	* ext/win32/lib/win32/resolv.rb (Win32::Resolv::SZ): an ad hoc
	  workaround for broken registry.  SearchList and other registry
	  values must be REG_SZ, or Windows ignores anything in those
	  values otherwise.  [ruby-dev:49924] [Bug #13081]
	  https://github.com/rubygems/rubygems/issues/1700
	win32/registry.rb: registry type names

	* ext/win32/lib/win32/registry.rb (Win32::Registry#read): show
	  registry type names instead of numeric values.

Sun Mar 26 03:19:17 2017  Eric Wong  <normalperson@yhbt.net>

	doc: Add example for Symbol#to_s

	* string.c: add example for Symbol#to_s.

	The docs for Symbol#to_s only include an example for
	Symbol#id2name, but not for #to_s which is an alias;
	the docs should include examples for both methods.

	From: Marcus Stollsteimer <sto.mar@web.de>

Sun Mar 26 03:16:16 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	rational.c: infinity in power

	* rational.c (nurat_expt): return Infinity due to overflow.
	  [ruby-core:79686] [Bug #13242]:
	rational.c: infinity in power

	* rational.c (nurat_expt): return 0 due to overflow.
	  [ruby-core:79686] [Bug #13242]:

Sun Mar 26 03:13:17 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	vm.c: check type of hash to merge

	* vm.c (core_hash_merge): check the type of the target hash to
	  merge.  [ruby-core:78536] [Bug #13015]

Sun Mar 26 03:07:08 2017  Koichi Sasada  <ko1@atdot.net>

	use TRUE/FALSE.

	define rb_thread_sleep_deadly_allow_spurious_wakeup().

	* thread.c, thread_sync.c: define new function
	  rb_thread_sleep_deadly_allow_spurious_wakeup() and use it instead of
	  using sleep_forever() directly.

	allow Queue operation in trap.

	* thread_sync.c: allow spurious wakeup to check Queue status just after trap.
	  [Bug #12405]

	* test/thread/test_queue.rb: add a test for it.

	test_queue.rb: fix portability

	* test/thread/test_queue.rb (test_queue_with_trap): fix
	  portability.  use SIGINT instead of SIGUSR2 which is supported
	  on not all platforms.

Sun Mar 26 02:44:16 2017  Akinori MUSHA  <knu@iDaemons.org>

	* doc/syntax/literals.rdoc (Strings): [DOC] Revise the character
	  literal part.

Sun Mar 26 02:44:16 2017  Akinori MUSHA  <knu@iDaemons.org>

	* doc/syntax/literals.rdoc (Strings): [DOC] Document the full list
	  of supported escape sequences in string literals.

Sun Mar 26 02:44:16 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* doc/syntax/literals.rdoc (Strings): mention about ?a literal.

Sun Mar 26 02:37:23 2017  Eric Wong  <normalperson@yhbt.net>

	doc: restore class documentation for Struct

	* struct.c: restore class documentation for Struct
	  that disappeared with r46663.

	Due to r46663, the class documentation for Struct disappeared.
	(The revision inserted the definition of `InitVM_Struct` between
	the rdoc and the definition of `Init_Struct`.)

	The docs are rendered for 2.1: <https://docs.ruby-lang.org/en/2.1.0/Struct.html>,
	but not for later versions, see: <https://docs.ruby-lang.org/en/2.2.0/Struct.html>
	(Same for `ri` pages).

	[ruby-core:79416] [Bug #13189]

Sun Mar 26 02:36:34 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	Enumerable#{min,min_by,max,max_by} [ci skip]

	* enum.c: [DOC] Enumerable#{min,min_by,max,max_by} return a sorted
	  array when +n+ argument is used.

	* enum.c: Small typo : minimum -> maximum

	[Bug #13161]
	Author:    Eric Duminil <eric.duminil@gmail.com>

Sun Mar 26 02:35:17 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* ruby.c (process_options): convert -e script to the encoding
	  given by a command line option on Windows.  assume it is the
	  expected encoding.  [ruby-dev:49461] [Bug #11900]

Sun Mar 26 02:34:13 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	rational.c: fix rdoc [ci skip]

	* rational.c (rb_rational_plus): [DOC] fix an example.
	  A patch by Trygve Flathen <at.ruby-lang AT flathen.net> in
	  [ruby-core:71755].  [Bug #11752]

Sun Mar 26 02:32:12 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* win32/win32.c (poll_child_status): rb_w32_wait_events_blocking() sets
	  errno internally, then should not set it here.

Sun Mar 26 02:27:37 2017  Koichi Sasada  <ko1@atdot.net>

	check thread deadness correctly.

Sun Mar 26 02:13:04 2017  Koichi Sasada  <ko1@atdot.net>

	* test/ruby/test_exception.rb: fix thread issues.
	  * use Queue instead of a local variable for synchronization.
	  * join created thread to soleve leaking threads warning.

Sun Mar 26 02:13:04 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* thread.c (rb_threadptr_raise): set cause from the called thread,
	  but not from the thread to be interrupted.
	  [ruby-core:77222] [Bug #12741]

Sun Mar 26 02:11:47 2017  Marcus Stollsteimer  <sto.mar@web.de>

	io.c: documentation for puts

	* io.c: [DOC] clarify that the 'record separator' between
	  arguments passed to 'puts' is always a newline.
	  Based on a patch by Mark Amery. [ruby-core:65801] [Misc #10403]
	* 2017-03-13

Sun Mar 26 02:08:06 2017  Marcus Stollsteimer  <sto.mar@web.de>

	proc.c: documentation for Proc#{call,yield,[]}

	* proc.c: [DOC] fix and improve docs for Proc#{call,yield,[]}:

	  * change order of Document-method directives as workaround for an
	    RDoc rendering problem where the documentation for Proc#call displays
	    a "Document-method: []" code block.  [ruby-core:79887] [Bug #13273]
	  * add missing call-seq and example for Proc#yield
	  * remove pointless cross reference to Proc#yield
	  * update description for handling of extra or missing arguments,
	    improve examples and add cross reference to #lambda?

Sun Mar 26 02:03:06 2017  Marcus Stollsteimer  <sto.mar@web.de>

	docs for IO#print

	* io.c: [DOC] split documentation for IO#print into smaller paragraphs,
	  delete duplicate sentence, fix call-seq.
	  Based on a patch by Dario Daic. [ruby-core:78291] [Bug #12975]

Sun Mar 26 02:01:54 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	fix UTF-32 valid_encoding?

	* enc/utf_32be.c (utf32be_mbc_enc_len): check arguments precisely.
	  [ruby-core:79966] [Bug #13292]

	* enc/utf_32le.c (utf32le_mbc_enc_len): ditto.

	* regenc.h (UNICODE_VALID_CODEPOINT_P): predicate for valid
	  Unicode codepoints.
	fix UTF-32 valid_encoding?

	* test/ruby/test_io_m17n.rb (TestIO_M17N#test_puts_widechar): do
	  not use invalid codepoint.  [ruby-core:79966] [Bug #13292]

Sun Mar 26 01:58:03 2017  NAKAMURA Usaku  <usa@ruby-lang.org>

	* regcomp.c (set_bm_skip): Need to check the end of the string.
	  this patch is from https://github.com/k-takata/Onigmo/commit/e5c0e6c36187898bb27960cd66d591f172558848 .
	  [Backport #12997]

Sun Mar 26 01:48:05 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	date_core.c: [DOC] revise docs [ci skip]

	* fix malformed rdoc for Date#today, Date._strptime,
	  and DateTime._strptime
	* add code examples for Date#<< and Date#>> to demonstrate
	  that different dates can result in the same return value
	* use Date::ITALY in call-seq instead of only ITALY
	* fix some copy/paste mistakes where Date should be DateTime
	* fix various errors and grammar
	* fix cross references and formatting

	[ruby-core:79433] [Bug #13193]
	Author:    Marcus Stollsteimer <sto.mar@web.de>

Sun Mar 26 01:35:25 2017  Marc-Andre Lafortune  <ruby-core@marc-andre.ca>

	lib/ostruct.rb: Fix returned value of each_pair.

	From a patch by Marcus Stollsteimer. [Fixes #13169]

Sun Mar 26 01:31:54 2017  Benoit Daloze  <eregontp@gmail.com>

	fix optimization for hash aset/aref with fstring

	Patch by Eric Wong [ruby-core:78797].
	I don't like the idea of making insns.def any bigger to support
	a corner case, and "test_hash_aref_fstring_identity" shows
	how contrived this is.

	[ruby-core:78783] [Bug #12855]
	adjust indent [ci skip]

Sun Mar 26 01:29:17 2017  Shugo Maeda  <shugo@ruby-lang.org>

	string.c: rindex(//) should set $~.

	This seems a bug introduced by r520 (1.4.0).  [ruby-core:79110] [Bug #13135]

Sun Mar 26 01:15:34 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	disable critical-error-handler

	* win32/win32.c (rb_w32_sysinit): disable critical-error-handler
	  message box even on mswin, regardless of runtime DLL version.
	  [ruby-dev:49988] [Bug #13254]

Sun Mar 26 01:14:19 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	broken mingw

	* configure.in: check whether frexp and modf are broken.

	* include/ruby/win32.h (frexp, modf): ignore bad declarations when
	  compiling as C++.  [ruby-core:79859] [Bug #13267]

Sun Mar 26 01:13:11 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	parallel.rb: fix intervention

	* test/lib/test/unit/parallel.rb (_report): send a response and a
	  newline atomically, to get rid of intervention with "p" which
	  runs in a separate thread.

Sun Mar 26 01:03:27 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	io.c: close before wait

	* io.c (io_close_fptr): notify then close, and wait for other
	  threads before free fptr.  [ruby-core:79262] [Bug #13158]

Sun Mar 26 00:47:52 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	io.c: fix race between read and close

	* io.c (io_fillbuf): fix race between read and close, in the case
	  the IO gets closed before the reading thread achieve the lock.
	  [ruby-core:78845] [Bug #13076]
	thread.c: fix race between read and close

	* thread.c (rb_thread_fd_close): wait until all threads using the
	  fd finish the operation, not to free the buffer in use.
	  [ruby-core:78845] [Bug #13076]
	revert a part of r57199

	* io.c (io_fillbuf): revert a part of r57199 because it broke IO#getch.
	  see also [Bug #13076]

	io.c: fix race between read and close

	* io.c (io_fillbuf): fix race between read and close and bail out
	  in the case the IO gets closed before the reading thread achieve
	  the lock.  [ruby-core:78845] [Bug #13076]

Sun Mar 26 00:39:40 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	class.c: non-keyword hash class

	* class.c (rb_extract_keywords): keep the class of non-keyword
	  elements hash as the original.  [ruby-core:77813] [Bug #12884]

Sun Mar 26 00:36:01 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	string.c: block for scrub with ASCII-incompatible

	* string.c (rb_enc_str_scrub): honor the given block with
	  ASCII-incompatible encoding.  [ruby-core:79039] [Bug #13120]
	string.c: yield invalid part

	* string.c (rb_enc_str_scrub): yield the invalid part only with
	  ASCII-incompatible.  [ruby-core:79039] [Bug #13120]
	string.c: replacement and block

	* string.c (rb_enc_str_scrub): only one of replacement and block
	  is allowed.  [ruby-core:79038] [Bug #13119]

Sun Mar 26 00:30:36 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	compile.c: check err_info

	* compile.c (iseq_setup): bail out if any errors found.
	  [ruby-core:76531] [Bug #12613]

Sun Mar 26 00:19:09 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	rational.c: memory leak in gcd

	* rational.c (rb_gcd_gmp): fix memory leak.  patched by KISHIMOTO,
	  Makoto <ksmakoto AT dd.iij4u.or.jp> in [ruby-dev:49934].
	  [Bug #13089]

Sun Mar 26 00:16:04 2017  Kazuki Yamaguchi  <k@rhe.jp>

	pack.c: avoid returning uninitialized String

	Fix unpacking with 'b', 'B', 'h' and 'H' format. Do not return an
	uninitialized String to Ruby before filling the content bytes.
	Fixes r11175 ("pack.c (pack_unpack): execute block if given with
	unpacked value instead of creating an array", 2006-10-15).
	[ruby-core:78841] [Bug #13075]
	test/ruby/test_pack.rb: fix test case added by r57187

	The test case for String#unpack added by r57187 is not properly testing
	because the String will be filled after the block invocation.
	[ruby-core:78841] [Bug #13075]

	Thanks to nagachika for pointing this out:

	  http://d.hatena.ne.jp/nagachika/20161226/ruby_trunk_changes_57184_57194#r57187

Sun Mar 26 00:09:48 2017  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	ruby-lex.rb: fix for label

	* lib/irb/ruby-lex.rb (identify_identifier): treat identifier just
	  followed by a colon as a lable.  this is not a precise solution
	  but enough for the time being.  [ruby-core:78526] [Bug #13012]

Tue Dec 27 20:43:54 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* time.c (usec2subsecx): fix return type, which is a numeric object but
	  not a long int. [Bug #13066]

Tue Dec 27 20:13:12 2016  Kazuki Yamaguchi  <k@rhe.jp>

	* re.c (match_{names,hash,equal}): consider the case of RMatch::regexp
	  is nil.

	  Don't assume RMatch::regexp always contains a valid Regexp instance;
	  it will be Qnil if the MatchData is created by
	  rb_backref_set_string(). [Bug #13054]

Tue Dec 27 20:02:43 2016  Kazuki Yamaguchi  <k@rhe.jp>

	* array.c (rb_ary_{repeated_,}combination): check array length every
	  time after yielding.

	  Since the Array may be modified during rb_yield(), the length before
	  invoking the block can't be trusted. Fix possible out-of-bounds read
	  in Array#combination and Array#repeated_combination.

	  It may better to make a defensive copy of the Array, but for now let's
	  follow what Array#permutation does. [Bug #13052]

Tue Dec 27 19:57:51 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* sprintf.c (rb_str_format): fix memory corruption by width underflow.
	  https://github.com/mruby/mruby/issues/3347

Tue Dec 27 19:55:10 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	 * re.c (rb_reg_regsub): other than regexp has no name references.
	  [Bug #13042]

Tue Dec 27 19:51:43 2016  Kazuki Yamaguchi  <k@rhe.jp>

	* encoding.c (rb_enc_ascget): handle needmore error from
	  rb_enc_precise_mbclen().

	  rb_enc_ascget() erroneously reports success even if the given byte
	  sequence is incomplete, for non-ASCII compatible encoding strings.

	  rb_enc_precise_mbclen() may return a negative value on error, and thus
	  rb_enc_ascget() must not store the return value in 'unsigned int';
	  otherwise the subsequent MBCLEN_CHARFOUND_P() check won't catch the
	  error. [Bug #13034]

Tue Dec 27 19:49:01 2016  Shugo Maeda  <shugo@ruby-lang.org>

	* cont.c, eval.c, eval_error.c, thread.c, vm_eval.c, vm_trace.c: add
	  clang volatile fixes from FreeBSD and NetBSD.

	  Use volatile instead of optnone to avoid optimization which causes
	  segmentation faults.
	  Patch by Dimitry Andric. [Bug #13014]

Tue Dec 27 19:40:09 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* README.EXT{.ja,}: [DOC] optional keyword arguments are defaulted to
	  Qundef. ignored keys are kept in the hash but a new Hash is not
	  created. [Bug #13004]

	* class.c (rb_get_kwargs): when values are stored, corresponding keys
	  have been remove from the keyword hash, and the hash should be empty
	  in that case. [Bug #13004]

Tue Dec 27 19:34:47 2016  Aaron Patterson <tenderlove@ruby-lang.org>

	* variable.c (rb_ivar_count): stop reading past the end of ivptr array.
	  [Bug #12988]

Tue Dec 27 19:32:03 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* thread.c (rb_thread_s_abort_exc, rb_thread_s_abort_exc_set):
	  [DOC] the raised exception will be re-raised in the main thread,
	  and then follows the ordinary exception sequence, exit status is
	  not 0. [Bug #12991]

	* thread.c (rb_thread_abort_exc_set): ditto.

Tue Dec 27 19:29:54 2016  Akinori MUSHA  <knu@iDaemons.org>

	* configure.in: reverse compatibility_version and current_version for
	  Darwin.

Tue Dec 27 19:10:09 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* marshal.c (dump_funcall, dump_check_funcall, load_funcall):
	  function calls with reentrant check.  always show names
	  corresponding to the called methods.

	* marshal.c (check_userdump_arg): marshal_dump should not return an
	  instance of the same class, otherwise it causes infinite recursion.
	  [Bug #12974]

Tue Dec 27 18:34:04 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* compile.c (setup_args): duplicate splatting array if more
	  arguments present to obey left-to-right execution order.
	  [ruby-core:77701] [Bug# 12860]

Tue Dec 27 18:28:20 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* dln.c (dln_load): raise LoadError instead of fatal error on
	  recent OSX, dlclose seems fixed in El Capitan or later.
	  [ruby-core:78200] [Bug #12956]

Tue Dec 27 18:17:23 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* test/misc/test_ruby_mode.rb (assert_indent): since write-region
	  in Emacs 25.1 no longer displays the "Wrote file" message, shows
	  the explicit message to check if successfully finished.
	  [ruby-core:77355] [Bug #12785]

Tue Nov 15 15:29:36 2016  NARUSE, Yui  <naruse@ruby-lang.org>

	* ext/openssl/ossl_ssl.c (ssl_npn_select_cb_common): fix parsing
	  protocol list.
	  The protocol list from OpenSSL is not null-terminated.
	  patched by Kazuki Yamaguchi [Bug #11810] [ruby-core:72082]

Tue Nov 15 03:55:45 2016  NARUSE, Yui  <naruse@ruby-lang.org>

	* ext/-test/file/fs.c (get_atime_p): Updating of file access times
	  is enabled or not.

Tue Nov 15 03:55:45 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* test/ruby/test_file.rb (TestFile#test_stat): fix noatime case.
	  [ruby-core:77943] [Bug #12903]

Tue Nov 15 03:54:14 2016  Shugo Maeda  <shugo@ruby-lang.org>

	* test/rinda/test_rinda.rb (test_make_socket_ipv6_multicast,
	  test_make_socket_ipv6_multicast_hops): skip if IPv6 multicast 
	  address is not available.

Tue Nov 15 03:39:07 2016  NARUSE, Yui  <naruse@ruby-lang.org>

	* lib/net/http.rb (transport_request): other than HTTPContinue
	  in 1xx (HTTPInformation) also needs to continue. [Bug #12890]

Sat Nov 12 07:48:07 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* proc.c (mnew_internal): follow the original class, not to loop
	  the prepended module.  [ruby-core:77591] [Bug #12832]

Sat Nov 12 07:47:19 2016  Shugo Maeda  <shugo@ruby-lang.org>

	* cont.c (cont_new): disable optimization if clang's version is
	  3.8.0.  [ruby-core:77894] [Bug #12893]

Sat Nov 12 07:37:30 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* sprintf.c (rb_str_format): format exact number more exactly.

Sat Nov 12 07:34:03 2016  Kazuki Yamaguchi  <k@rhe.jp>

	* ext/openssl/ossl.c (Init_openssl): register an ex_data index for
	  X509_STORE and X509_STORE_CTX respectively. Since they don't share
	  the ex_data index registry, we can't use the same index.
	  (ossl_verify_cb): use the the correct index.

	* ext/openssl/ossl_ssl.c (ossl_ssl_verify_callback): ditto.

	* ext/openssl/ossl_x509store.c (ossl_x509store_set_vfy_cb): ditto.
	  (ossl_x509stctx_verify): ditto.

	* ext/openssl/ossl.h (void ossl_clear_error): add extern declarations
	  of ossl_store_{ctx_,}ex_verify_cb_idx.

	* ext/openssl/openssl_missing.c: remove X509_STORE_set_ex_data and
	  X509_STORE_get_ex_data.

	* ext/openssl/openssl_missing.h: implement X509_STORE_get_ex_data,
	  X509_STORE_set_ex_data and X509_STORE_get_ex_new_index as macros.

Sat Nov 12 07:32:23 2016  Nobuyoshi Nakada  <nobu@ruby-lang.org>

	* thread.c (rb_thread_pending_interrupt_p): no pending interrupt
	  before initialization.
