diff --git a/class.c b/class.c index bd017b51a58445..81e740b2099ef7 100644 --- a/class.c +++ b/class.c @@ -41,7 +41,7 @@ * This is done for classes defined from C to allow storing them in global variables. * 1: RUBY_FL_SINGLETON * This class is a singleton class. - * 2: RCLASS_PRIME_CLASSEXT_PRIME_WRITABLE + * 2: RCLASS_PRIME_CLASSEXT_WRITABLE * This class's prime classext is the only classext and writable from any boxes. * If unset, the prime classext is writable only from the root box. * 3: RCLASS_IS_INITIALIZED @@ -52,7 +52,7 @@ /* Flags of T_ICLASS * - * 2: RCLASS_PRIME_CLASSEXT_PRIME_WRITABLE + * 2: RCLASS_PRIME_CLASSEXT_WRITABLE * This module's prime classext is the only classext and writable from any boxes. * If unset, the prime classext is writable only from the root box. * 4: RCLASS_BOXABLE @@ -66,7 +66,7 @@ * This is done for classes defined from C to allow storing them in global variables. * 1: * Ensures that RUBY_FL_SINGLETON is never set on a T_MODULE. See `rb_class_real`. - * 2: RCLASS_PRIME_CLASSEXT_PRIME_WRITABLE + * 2: RCLASS_PRIME_CLASSEXT_WRITABLE * This module's prime classext is the only classext and writable from any boxes. * If unset, the prime classext is writable only from the root box. * 3: RCLASS_IS_INITIALIZED diff --git a/prism/templates/include/prism/ast.h.erb b/prism/templates/include/prism/ast.h.erb index 9115f20eaae766..06123417727fcb 100644 --- a/prism/templates/include/prism/ast.h.erb +++ b/prism/templates/include/prism/ast.h.erb @@ -22,7 +22,7 @@ */ typedef enum pm_token_type { <%- tokens.each do |token| -%> - /** <%= token.comment %> */ + /** <%= Prism::Template::Doxygen.verbatim(token.comment) %> */ PM_TOKEN_<%= token.name %><%= " = #{token.value}" if token.value %>, <%- end -%> diff --git a/prism/templates/template.rb b/prism/templates/template.rb index 6c3efd7e6c91a4..aca626b5eba181 100755 --- a/prism/templates/template.rb +++ b/prism/templates/template.rb @@ -49,6 +49,14 @@ def self.escape(value) end end + # This module contains methods for escaping characters in Doxygen comments. + module Doxygen + # Similar to /verbatim ... /endverbatim but doesn't wrap the result in a code block. + def self.verbatim(value) + value.gsub(/[\.*%!`#<>_+-]/, '\\\\\0') + end + end + # A comment attached to a field or node. class ConfigComment attr_reader :value diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb index 1b5328774e4f2a..617c156cbd7525 100644 --- a/test/openssl/test_pkcs12.rb +++ b/test/openssl/test_pkcs12.rb @@ -3,6 +3,29 @@ if defined?(OpenSSL) +# OpenSSL::PKCS12.create calling the PKCS12_create() has the argument mac_iter +# which uses a MAC key using PKCS12KDF which is not FIPS-approved. +# OpenSSL::PKCS12.new with base64-encoded example calling PKCS12_parse() +# verifies the MAC key using PKCS12KDF which is not FIPS-approved. +# +# PBE-SHA1-3DES uses PKCS12KDF which is not FIPS-approved according to the RFC +# 7292 PKCS#12. +# https://datatracker.ietf.org/doc/html/rfc7292#appendix-C +# > The PBES1 encryption scheme defined in PKCS #5 provides a number of +# > algorithm identifiers for deriving keys and IVs; here, we specify a +# > few more, all of which use the procedure detailed in Appendices B.2 +# > and B.3 to construct keys (and IVs, where needed). As is implied by +# > their names, all of the object identifiers below use the hash +# > function SHA-1. +# > ... +# > pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} +# +# Note that the pbeWithSHAAnd3-KeyTripleDES-CBC (pkcs12-pbeids 3) in the RFC +# 7292 PKCS#12 means PBE-SHA1-3DES in OpenSSL. PKCS12KDF is used in PKCS#12. +# https://oidref.com/1.2.840.113549.1.12.1.3 +# https://github.com/openssl/openssl/blob/ed57d1e06dca28689190e00d9893e0fd7ecc67c1/crypto/objects/objects.txt#L385 +return if OpenSSL.fips_mode + module OpenSSL class TestPKCS12 < OpenSSL::TestCase DEFAULT_PBE_PKEYS = "PBE-SHA1-3DES" @@ -210,8 +233,13 @@ def test_create_with_keytype end def test_new_with_no_keys - # generated with: - # openssl pkcs12 -certpbe PBE-SHA1-3DES -in <@mycert> -nokeys -export + # Generated with the following steps: + # Print the value of the @mycert such as by `puts @mycert.to_s` and + # save the value as the file `mycert.pem`. + # Run the following commands: + # openssl pkcs12 -certpbe PBE-SHA1-3DES -in <(cat mycert.pem) \ + # -nokeys -export -passout pass:abc123 -out /tmp/p12.out + # base64 -w 60 /tmp/p12.out str = <<~EOF.unpack1("m") MIIGJAIBAzCCBeoGCSqGSIb3DQEHAaCCBdsEggXXMIIF0zCCBc8GCSqGSIb3 DQEHBqCCBcAwggW8AgEAMIIFtQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMw @@ -259,8 +287,10 @@ def test_new_with_no_keys end def test_new_with_no_certs - # generated with: - # openssl pkcs12 -inkey fixtures/openssl/pkey/rsa-1.pem -nocerts -export + # Generated with the folowing steps: + # openssl pkcs12 -inkey test/openssl/fixtures/pkey/rsa-1.pem \ + # -nocerts -export -passout pass:abc123 -out /tmp/p12.out + # base64 -w 60 /tmp/p12.out str = <<~EOF.unpack1("m") MIIJ7wIBAzCCCbUGCSqGSIb3DQEHAaCCCaYEggmiMIIJnjCCCZoGCSqGSIb3 DQEHAaCCCYsEggmHMIIJgzCCCX8GCyqGSIb3DQEMCgECoIIJbjCCCWowHAYK diff --git a/test/prism/errors_test.rb b/test/prism/errors_test.rb index cbe8b06ad659f4..b30a0f304d14a1 100644 --- a/test/prism/errors_test.rb +++ b/test/prism/errors_test.rb @@ -7,7 +7,7 @@ module Prism class ErrorsTest < TestCase base = File.expand_path("errors", __dir__) - filepaths = Dir["**/*.txt", base: base] + filepaths = Dir[ENV.fetch("FOCUS", "**/*.txt"), base: base] filepaths.each do |filepath| ruby_versions_for(filepath).each do |version| @@ -100,6 +100,10 @@ def assert_errors(filepath, version) refute_empty errors, "Expected errors in #{filepath}" actual = result.errors_format + if expected != actual && ENV["UPDATE_SNAPSHOTS"] + File.write(filepath, actual) + end + assert_equal expected, actual, "Expected errors to match for #{filepath}" end end diff --git a/tool/lib/vcs.rb b/tool/lib/vcs.rb index 26c9763c13cc11..4169031436e993 100644 --- a/tool/lib/vcs.rb +++ b/tool/lib/vcs.rb @@ -459,7 +459,8 @@ def export_changelog(url = '@', from = nil, to = nil, _path = nil, path: _path, rev or next rev unless rev.empty? end - unless from&.match?(/./) or (from = branch_beginning(url))&.match?(/./) + to ||= url.to_str + unless from&.match?(/./) or (from = branch_beginning(to))&.match?(/./) warn "no starting commit found", uplevel: 1 from = nil end @@ -470,7 +471,6 @@ def export_changelog(url = '@', from = nil, to = nil, _path = nil, path: _path, else warn "Could not fetch notes/commits tree", uplevel: 1 end - to ||= url.to_str if from arg = ["#{from}^..#{to}"] else