Age | Commit message (Collapse) | Author |
|
https://github.com/ruby/psych/commit/1df86a2e81
|
|
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
https://github.com/ruby/psych/commit/176494297f
|
|
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
|
|
https://github.com/ruby/psych/commit/57d704fd63
|
|
https://github.com/ruby/psych/commit/01dda86681
|
|
https://github.com/ruby/psych/commit/1c5c29e81f
|
|
https://github.com/ruby/psych/commit/546154ddb7
|
|
|
|
|
|
Implement long path support on Windows by applying Microsoft's
recommended application manifest.
To make this work on both Visual C++ and MinGW, include the manifest as
a resource when generating the resource files. This way it will be
embedded into the executables generated by both compilers.
It's important for the manifest resource to have ID 1, otherwise GCC
will embed a default manifest.
Note that in addition to this, the user needs to have [long paths enabled]
either by modifying the registry or by enabling a group policy.
[long paths enabled]: https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=cmd#enable-long-paths-in-windows-10-version-1607-and-later
Co-authored-by: Nobuyoshi Nakada <nobu@ruby-lang.org>
Notes:
Merged: https://github.com/ruby/ruby/pull/4505
Merged-By: nobu <nobu@ruby-lang.org>
|
|
|
|
|
|
|
|
|
|
https://github.com/ruby/irb/commit/34496e20e8
|
|
Recently, lib/rubygems/test_case.rb also defines the method.
|
|
When `require "objspace/trace"` fails, previously the failure says:
```
1) Failure:
TestObjSpace#test_objspace_trace [/tmp/ruby/v3/src/trunk-mjit/test/objspace/test_objspace.rb:621]:
<3> expected but was
<0>.
```
but this is hard to debug.
|
|
|
|
... to disable a "method redefined" warning.
http://rubyci.s3.amazonaws.com/solaris11-gcc/ruby-master/log/20210514T050008Z.fail.html.gz
```
1) Failure:
TestObjSpace#test_objspace_trace [/export/home/chkbuild/chkbuild-gcc/tmp/build/20210514T050008Z/ruby/test/objspace/test_objspace.rb:621]:
<["objspace/trace is enabled"]> expected but was
<["/export/home/chkbuild/chkbuild-gcc/tmp/build/20210514T050008Z/ruby/.ext/common/objspace/trace.rb:29: warning: method redefined; discarding old p",
"objspace/trace is enabled"]>.
```
|
|
This file, when require'ed, starts tracing the object allocations, and
redefines `Kernel#p` to show the allocation site.
This commit is experimental; the library name and APIs may change.
[Feature #17762]
|
|
* honor actually used headers
* include sys/user.h only when `PAGE_SIZE` is not defined
|
|
|
|
* What's Here for BasicObject
Notes:
Merged-By: BurdetteLamar <BurdetteLamar@Yahoo.com>
|
|
Notes:
Merged-By: BurdetteLamar <BurdetteLamar@Yahoo.com>
|
|
|
|
On darwin we avoid including sys/user.h to avoid a conflict. Previously
we still ended up with PAGE_SIZE being defined because the headers for
system malloc define it. However, when compiling with jemalloc nothing
would define PAGE_SIZE.
This commit changes configure.ac so that we never use the PAGE_SIZE
constant on darwin and to always use the sysconf fallback.
Notes:
Merged: https://github.com/ruby/ruby/pull/4494
|
|
It seems a bug but it takes more time to debug.
To stop CI failures, skip this rb_bug on
`RGENGC_CHECK_MODE=2` temporarily.
|
|
As well as `\u`, `\U` should be invalid there too.
And highlight including `u`/`U` not only the backslash before it.
|
|
Fixes [Bug #17857]
Notes:
Merged: https://github.com/ruby/ruby/pull/4496
|
|
Ruby uses a recursive algorithm for handling control/meta escapes
in strings (read_escape). However, the equivalent code for regexps
(tokadd_escape) in did not use a recursive algorithm. Due to this,
Handling of control/meta escapes in regexp did not have the same
behavior as in strings, leading to behavior such as the following
returning nil:
```ruby
/\c\xFF/ =~ "\c\xFF"
```
Switch the code for handling \c, \C and \M in literal regexps to
use the same code as for strings (read_escape), to keep behavior
consistent between the two.
Fixes [Bug #14367]
Notes:
Merged: https://github.com/ruby/ruby/pull/4495
|
|
Essentially this reverts 45464bfcbdf9f9cfb440950bc57a27d237627a17.
The commit removed a mock of Time.now, which caused a random failure.
http://rubyci.s3.amazonaws.com/ubuntu1804/ruby-master/log/20210512T123004Z.fail.html.gz
```
1) Failure:
TestGemPackageTarWriter#test_add_file_signer [/home/chkbuild/chkbuild/tmp/build/20210512T123004Z/ruby/test/rubygems/test_gem_package_tar_writer.rb:117]:
Field mtime of the tar header differs..
<"14046746312\u0000"> expected but was
<"14046746311\x00">.
```
Object#stub is defined at f1af59fe02ef2cc58f13e2742e4cc6cf8c2a1a20, so
now `Time.stub :now` works.
https://github.com/rubygems/rubygems/commit/85f60a9ed0
|
|
|
|
This change allows `def hello = puts "Hello"` without parentheses.
Note that `private def hello = puts "Hello"` does not parse for
technical reason.
[Feature #17398]
|
|
|
|
`memsize_of(Object.new)` can be changed with past ivar creation
history for Object instances (another Object instance has 4 or
more ivars, next created Object instance has the area for the
ivars). So use antoher class for the comparison.
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
Because test-unit didn't provide the benchmark test. And This test
is fragile with the several environments.
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
Because pend of test-unit raises exception.
https://github.com/rubygems/rubygems/commit/b5e2d0855a
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/e7280f8d30
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/83ebdec27a
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/795b572ac2
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/ae44b68d57
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/0b145135c7
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/a10ff97830
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/d3fa893597
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
test/rubygems/test_gem_remote_fetcher.rb
https://github.com/rubygems/rubygems/commit/f1af59fe02
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/45464bfcbd
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/3fa93f6144
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/bfcdf79657
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|
|
https://github.com/rubygems/rubygems/commit/8b2ca6df3a
Notes:
Merged: https://github.com/ruby/ruby/pull/4491
|