Update stdlib to 2.3.0.

lib/ruby/stdlib/English.rb

@@ -1,7 +1,9 @@
-# Modified for JRuby
-# In JRuby, we define these aliases by default, so this file
-# does nothing.
-
+# frozen_string_literal: false
+#
+#  Modified for JRuby
+#  In JRuby, we define these aliases by default, so this file
+#  does nothing.
+#
 #  Include the English library file in a Ruby script, and you can
 #  reference the global variables such as \VAR{\$\_} using less
 #  cryptic names, listed in the following table.% \vref{tab:english}.

lib/ruby/stdlib/abbrev.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # Copyright (c) 2001,2003 Akinori MUSHA <knu@iDaemons.org>
 #

lib/ruby/stdlib/base64.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # = base64.rb: methods for base64-encoding and -decoding strings
 #
@@ -77,15 +78,30 @@ def strict_decode64(str)
   # This method complies with ``Base 64 Encoding with URL and Filename Safe
   # Alphabet'' in RFC 4648.
   # The alphabet uses '-' instead of '+' and '_' instead of '/'.
-  def urlsafe_encode64(bin)
-    strict_encode64(bin).tr("+/", "-_")
+  # Note that the result can still contain '='.
+  # You can remove the padding by setting +padding+ as false.
+  def urlsafe_encode64(bin, padding: true)
+    str = strict_encode64(bin).tr("+/", "-_")
+    str = str.delete("=") unless padding
+    str
   end
 
   # Returns the Base64-decoded version of +str+.
   # This method complies with ``Base 64 Encoding with URL and Filename Safe
   # Alphabet'' in RFC 4648.
   # The alphabet uses '-' instead of '+' and '_' instead of '/'.
+  #
+  # The padding character is optional.
+  # This method accepts both correctly-padded and unpadded input.
+  # Note that it still rejects incorrectly-padded input.
   def urlsafe_decode64(str)
-    strict_decode64(str.tr("-_", "+/"))
+    # NOTE: RFC 4648 does say nothing about unpadded input, but says that
+    # "the excess pad characters MAY also be ignored", so it is inferred that
+    # unpadded input is also acceptable.
+    str = str.tr("-_", "+/")
+    if !str.end_with?("=") && str.length % 4 != 0
+      str = str.ljust((str.length + 3) & ~3, "=")
+    end
+    strict_decode64(str)
   end
 end

lib/ruby/stdlib/benchmark.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # benchmark.rb - a performance benchmarking library
 #
@@ -25,7 +26,7 @@
 #
 #       puts Benchmark.measure { "a"*1_000_000_000 }
 #
-#   On my machine (OSX 10.8.3 on i5 1.7 Ghz) this generates:
+#   On my machine (OSX 10.8.3 on i5 1.7 GHz) this generates:
 #
 #       0.350000   0.400000   0.750000 (  0.835234)
 #
@@ -131,7 +132,7 @@ module Benchmark
   #
   # If the block returns an array of
   # Benchmark::Tms objects, these will be used to format
-  # additional lines of output. If +label+ parameters are
+  # additional lines of output. If +labels+ parameter are
   # given, these are used to label these extra lines.
   #
   # _Note_: Other methods provide a simpler interface to this one, and are
@@ -180,8 +181,8 @@ def benchmark(caption = "", label_width = nil, format = nil, *labels) # :yield:
 
 
   # A simple interface to the #benchmark method, #bm generates sequential
-  # reports with labels.  The parameters have the same meaning as for
-  # #benchmark.
+  # reports with labels. +label_width+ and +labels+ parameters have the same
+  # meaning as for #benchmark.
   #
   #     require 'benchmark'
   #
@@ -270,23 +271,27 @@ def bmbm(width = 0) # :yield: job
     STDOUT.sync = sync unless sync.nil?
   end
 
-  # :stopdoc:
-  case
-  when defined?(Process::CLOCK_MONOTONIC)
-    BENCHMARK_CLOCK = Process::CLOCK_MONOTONIC
-  else
-    BENCHMARK_CLOCK = Process::CLOCK_REALTIME
-  end
-  # :startdoc:
-
   #
   # Returns the time used to execute the given block as a
-  # Benchmark::Tms object.
+  # Benchmark::Tms object. Takes +label+ option.
+  #
+  #       require 'benchmark'
+  #
+  #       n = 1000000
+  #
+  #       time = Benchmark.measure do
+  #         n.times { a = "1" }
+  #       end
+  #       puts time
+  #
+  # Generates:
+  #
+  #        0.220000   0.000000   0.220000 (  0.227313)
   #
   def measure(label = "") # :yield:
-    t0, r0 = Process.times, Process.clock_gettime(BENCHMARK_CLOCK)
+    t0, r0 = Process.times, Process.clock_gettime(Process::CLOCK_MONOTONIC)
     yield
-    t1, r1 = Process.times, Process.clock_gettime(BENCHMARK_CLOCK)
+    t1, r1 = Process.times, Process.clock_gettime(Process::CLOCK_MONOTONIC)
     Benchmark::Tms.new(t1.utime  - t0.utime,
                        t1.stime  - t0.stime,
                        t1.cutime - t0.cutime,
@@ -299,9 +304,9 @@ def measure(label = "") # :yield:
   # Returns the elapsed real time used to execute the given block.
   #
   def realtime # :yield:
-    r0 = Process.clock_gettime(BENCHMARK_CLOCK)
+    r0 = Process.clock_gettime(Process::CLOCK_MONOTONIC)
     yield
-    Process.clock_gettime(BENCHMARK_CLOCK) - r0
+    Process.clock_gettime(Process::CLOCK_MONOTONIC) - r0
   end
 
   module_function :benchmark, :measure, :realtime, :bm, :bmbm
@@ -475,7 +480,7 @@ def /(x); memberwise(:/, x) end
 
     #
     # Returns the contents of this Tms object as
-    # a formatted string, according to a format string
+    # a formatted string, according to a +format+ string
     # like that passed to Kernel.format. In addition, #format
     # accepts the following extensions:
     #
@@ -487,7 +492,7 @@ def /(x); memberwise(:/, x) end
     # <tt>%r</tt>::     Replaced by the elapsed real time, as reported by Tms#real
     # <tt>%n</tt>::     Replaced by the label string, as reported by Tms#label (Mnemonic: n of "*n*ame")
     #
-    # If _format_ is not given, FORMAT is used as default value, detailing the
+    # If +format+ is not given, FORMAT is used as default value, detailing the
     # user, system and real elapsed time.
     #
     def format(format = nil, *args)

lib/ruby/stdlib/bigdecimal/jacobian.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # require 'bigdecimal/jacobian'
 #

lib/ruby/stdlib/bigdecimal/ludcmp.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 require 'bigdecimal'
 
 #

lib/ruby/stdlib/bigdecimal/math.rb

@@ -1,4 +1,6 @@
+# frozen_string_literal: false
 require 'bigdecimal'
+require 'bigdecimal/util'
 
 #
 #--
@@ -226,6 +228,19 @@ def PI(prec)
   #
   def E(prec)
     raise ArgumentError, "Zero or negative precision for E" if prec <= 0
-    BigMath.exp(1, prec)
+    n    = prec + BigDecimal.double_fig
+    one  = BigDecimal("1")
+    y  = one
+    d  = y
+    z  = one
+    i  = 0
+    while d.nonzero? && ((m = n - (y.exponent - d.exponent).abs) > 0)
+      m = BigDecimal.double_fig if m < BigDecimal.double_fig
+      i += 1
+      z *= i
+      d  = one.div(z,m)
+      y += d
+    end
+    y
   end
 end

lib/ruby/stdlib/bigdecimal/newton.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 require "bigdecimal/ludcmp"
 require "bigdecimal/jacobian"
 

lib/ruby/stdlib/bigdecimal/util.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 # BigDecimal extends the native Integer class to provide the #to_d method.
 #
 # When you require the BigDecimal library in your application, this methodwill

lib/ruby/stdlib/cgi.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # cgi.rb - cgi support library
 #
@@ -80,7 +81,7 @@
 #
 # For instance, suppose the request contains the parameter
 # "favourite_colours" with the multiple values "blue" and "green".  The
-# following behaviour would occur:
+# following behavior would occur:
 #
 #   cgi.params["favourite_colours"]  # => ["blue", "green"]
 #   cgi["favourite_colours"]         # => "blue"

lib/ruby/stdlib/cgi/cookie.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 require 'cgi/util'
 class CGI
   # Class representing an HTTP cookie.
@@ -10,29 +11,32 @@ class CGI
   # == Examples of use
   #   cookie1 = CGI::Cookie.new("name", "value1", "value2", ...)
   #   cookie1 = CGI::Cookie.new("name" => "name", "value" => "value")
-  #   cookie1 = CGI::Cookie.new('name'    => 'name',
-  #                              'value'   => ['value1', 'value2', ...],
-  #                              'path'    => 'path',   # optional
-  #                              'domain'  => 'domain', # optional
-  #                              'expires' => Time.now, # optional
-  #                              'secure'  => true      # optional
+  #   cookie1 = CGI::Cookie.new('name'     => 'name',
+  #                             'value'    => ['value1', 'value2', ...],
+  #                             'path'     => 'path',   # optional
+  #                             'domain'   => 'domain', # optional
+  #                             'expires'  => Time.now, # optional
+  #                             'secure'   => true,     # optional
+  #                             'httponly' => true      # optional
   #                             )
   #
   #   cgi.out("cookie" => [cookie1, cookie2]) { "string" }
   #
-  #   name    = cookie1.name
-  #   values  = cookie1.value
-  #   path    = cookie1.path
-  #   domain  = cookie1.domain
-  #   expires = cookie1.expires
-  #   secure  = cookie1.secure
+  #   name     = cookie1.name
+  #   values   = cookie1.value
+  #   path     = cookie1.path
+  #   domain   = cookie1.domain
+  #   expires  = cookie1.expires
+  #   secure   = cookie1.secure
+  #   httponly = cookie1.httponly
   #
-  #   cookie1.name    = 'name'
-  #   cookie1.value   = ['value1', 'value2', ...]
-  #   cookie1.path    = 'path'
-  #   cookie1.domain  = 'domain'
-  #   cookie1.expires = Time.now + 30
-  #   cookie1.secure  = true
+  #   cookie1.name     = 'name'
+  #   cookie1.value    = ['value1', 'value2', ...]
+  #   cookie1.path     = 'path'
+  #   cookie1.domain   = 'domain'
+  #   cookie1.expires  = Time.now + 30
+  #   cookie1.secure   = true
+  #   cookie1.httponly = true
   class Cookie < Array
     @@accept_charset="UTF-8" unless defined?(@@accept_charset)
 
@@ -60,6 +64,8 @@ class Cookie < Array
     #   secure:: whether this cookie is a secure cookie or not (default to
     #            false).  Secure cookies are only transmitted to HTTPS
     #            servers.
+    #   httponly:: whether this cookie is a HttpOnly cookie or not (default to
+    #            false).  HttpOnly cookies are not available to javascript.
     #
     #   These keywords correspond to attributes of the cookie object.
     def initialize(name = "", *value)
@@ -70,6 +76,7 @@ def initialize(name = "", *value)
         %r|^(.*/)|.match(ENV["SCRIPT_NAME"])
         @path = ($1 or "")
         @secure = false
+        @httponly = false
         return super(value)
       end
 
@@ -89,7 +96,8 @@ def initialize(name = "", *value)
       end
       @domain = options["domain"]
       @expires = options["expires"]
-      @secure = options["secure"] == true ? true : false
+      @secure = options["secure"] == true
+      @httponly = options["httponly"] == true
 
       super(value)
     end
@@ -103,7 +111,9 @@ def initialize(name = "", *value)
     # Time at which this cookie expires, as a +Time+
     attr_accessor :expires
     # True if this cookie is secure; false otherwise
-    attr_reader("secure")
+    attr_reader :secure
+    # True if this cookie is httponly; false otherwise
+    attr_reader :httponly
 
     # Returns the value or list of values for this cookie.
     def value
@@ -123,14 +133,22 @@ def secure=(val)
       @secure
     end
 
+    # Set whether the Cookie is a httponly cookie or not.
+    #
+    # +val+ must be a boolean.
+    def httponly=(val)
+      @httponly = !!val
+    end
+
     # Convert the Cookie to its string representation.
     def to_s
       val = collect{|v| CGI.escape(v) }.join("&")
       buf = "#{@name}=#{val}"
       buf << "; domain=#{@domain}" if @domain
       buf << "; path=#{@path}"     if @path
       buf << "; expires=#{CGI::rfc1123_date(@expires)}" if @expires
-      buf << "; secure"            if @secure == true
+      buf << "; secure"            if @secure
+      buf << "; HttpOnly"          if @httponly
       buf
     end
 

lib/ruby/stdlib/cgi/core.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #--
 # Methods for generating HTML, parsing CGI-related parameters, and
 # generating HTTP responses.

lib/ruby/stdlib/cgi/html.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 class CGI
   # Base module for HTML-generation mixins.
   #

lib/ruby/stdlib/cgi/session.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: false
 #
 # cgi/session.rb - session support for cgi scripts
 #
@@ -163,24 +164,26 @@ def Session::callback(dbman)  #:nodoc:
 
     # Create a new session id.
     #
-    # The session id is an MD5 hash based upon the time,
-    # a random number, and a constant string.  This routine
-    # is used internally for automatically generated
-    # session ids.
+    # The session id is a secure random number by SecureRandom
+    # if possible, otherwise an SHA512 hash based upon the time,
+    # a random number, and a constant string.  This routine is
+    # used internally for automatically generated session ids.
     def create_new_id
       require 'securerandom'
       begin
+        # by OpenSSL, or system provided entropy pool
         session_id = SecureRandom.hex(16)
       rescue NotImplementedError
-        require 'digest/md5'
-        md5 = Digest::MD5::new
+        # never happens on modern systems
+        require 'digest'
+        d = Digest('SHA512').new
         now = Time::now
-        md5.update(now.to_s)
-        md5.update(String(now.usec))
-        md5.update(String(rand(0)))
-        md5.update(String($$))
-        md5.update('foobar')
-        session_id = md5.hexdigest
+        d.update(now.to_s)
+        d.update(String(now.usec))
+        d.update(String(rand(0)))
+        d.update(String($$))
+        d.update('foobar')
+        session_id = d.hexdigest[0, 32]
       end
       session_id
     end