git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	webrick/test_utils.rb: loosen timeout severity

	to stabilize CI failure like:
	https://rubyci.org/logs/rubyci.s3.amazonaws.com/osx1013/ruby-trunk/log/20181228T114501Z.fail.html.gz

	git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/trunk@66616 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67801 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	test/ruby/test_fiber.rb: reduce the count of object creation to cause
	 GC

	The test consistently fails on OpenBSD.

	https://rubyci.org/logs/rubyci.s3.amazonaws.com/openbsd-current/ruby-master/log/20190903T010009Z.fail.html.gz
	```
	  1) Failure:
	TestFiber#test_fork_from_fiber [/home/chkbuild/chkbuild/tmp/build/20190903T010009Z/ruby/test/ruby/test_fiber.rb:327]:
	[ruby-core:41456].
	<0> expected but was
	<1>.
	```

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67802 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	Fix a use-after-free bug by avoiding rb_str_new_frozen

	`str2 = rb_str_new_frozen(str1)` seems to make str1 a shared string that
	refers to str2, but str2 is not marked as STR_IS_SHARED_M nor
	STR_NOFREE.
	`rb_fstring(str2)` frees str2's ptr because it is not marked, and the
	free'ed pointer is the same as str1's ptr.
	After that, accessing str1 may cause use-after-free memory corruption.

	I guess this is a bug of rb_str_new_frozen, but I'm completely unsure
	what it should be; the string states and flags are not documented.
	So, this is a workaround for [Bug #16136].  I confirmed that rspec of
	activeadmin runs gracefully.

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67803 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	Tag string shared roots to fix use-after-free

	The buffer deduplication codepath in rb_fstring can be used to free the buffer
	of shared string roots, which leads to use-after-free.

	Introudce a new flag to tag strings that at one point have been a shared root.
	Check for it in rb_fstring to avoid freeing buffers that are shared by
	multiple strings. This change is based on nobu's idea in [ruby-core:94838].

	The included test case test for the sequence of calls to internal functions
	that lead to this bug. See attached ticket for Ruby level repros.

	[Bug #16151]

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67804 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	Fix memory leak

	* string.c (str_make_independent_expand): free independent buffer.
	  [Bug# 15935]

	Co-Authored-By: luke-gru (Luke Gruber) <[email protected]>

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67805 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	Fix for wrong fnmatch patttern

	* dir.c (file_s_fnmatch): ensure that pattern does not contain a
	  NUL character.  https://hackerone.com/reports/449617

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67806 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	Loop with String#scan without creating substrings

	Create the substrings necessary parts only, instead of cutting the
	rest of the buffer.  Also removed a useless, probable typo, regexp.

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67807 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

	WEBrick: prevent response splitting and header injection

	This is a follow up to d9d4a28.
	The commit prevented CRLR, but did not address an isolated CR or an
	isolated LF.

	Co-Authored-By: NARUSE, Yui <[email protected]>

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67808 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

`FileTest.send(command, ...)` allows to call not only FileTest-related
methods but also any method that belongs to Kernel, Object, etc.

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/branches/ruby_2_6@67810 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

git-svn-id: svn+ssh:https://ci.ruby-lang.org/ruby/tags/v2_6_5@67812 b2dd03c8-39d4-4d8f-98ff-823fe69b080e