Conversation
headius
force-pushed
the
update_stdlib_2.5
branch
from
5b964e2 to
bd27274
Compare
| @initialized = false | ||
| end | ||
|
|
||
| def lazy_initialize |
There was a problem hiding this comment.
just for confirmation, this was backported to ruby 2.3, 2.4 and 2.6?
isn't 2.5 also affected?
see https://bugs.ruby-lang.org/issues/14571 and #5074
There was a problem hiding this comment.
Yes, this was originally filed against 2.5 it appears and backported as far as 2.3.
There was a problem hiding this comment.
yeah, but this change reverts the fix. Maybe MRI guys forgot to backport it?
- pass String instance (when possible) directly to unpack - or retrieved array elements should affect created string related to jrubyGH-5505
- pass String instance (when possible) directly to unpack - or retrieved array elements should affect created string related to jrubyGH-5505
| assert_equal "01000001", "A".unpack1("B*") | ||
| end | ||
|
|
||
| def test_pack_infection |
There was a problem hiding this comment.
fix for pack/unpack tainting is already on master: 1d1bb5d
... but you will need to tag this one since JRuby does not do much with 'P' (or 'p')
There was a problem hiding this comment.
I think @enebo was looking into this...maybe it doesn't need to be done.
This is a new test for ARGV tainting that we never would have passed, because we don't taint ARGV strings. Note that MRI always taints all strings that come from "external" bytes, which is similar to our "external" Java strings. We are opting to localize this fix to ARGV only due to the unknown impact of suddenly tainting all strings imported from Java via our version of the "external" string construction. https://bugs.ruby-lang.org/issues/14941
… super is actually invoked. Therefore we cannot assume any argument which we think we need to splat is actually in need of splatting. Simple instanceof checks solves it. MRI core tests caught this in stdlib update to 2.5.4.
IRWrappedLambdaReturnValue exception coming out because END blocks are internally modelled as closures. This change also changed this exception to know whether it had been initiated by break or return.
…ine. Addresses MRI test.
so that "\u{0D 0A}" ends up as a single point.
This also updates Ruby compat version to run post-2.5.1 specs for this behavior. https://bugs.ruby-lang.org/issues/14380
headius
force-pushed
the
update_stdlib_2.5
branch
from
04c3b9b to
abe5c19
Compare
… is way more important
…pagate potential taintedness.
These tests were imported with jruby#5505 and will be reenabled once
|
The final completed build failed because an earlier exclude was accidentally removed. I am merging after having restored that tag. |
4 participants
No description provided.