| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/ruby/openssl/commit/2b88a6d444
|
|
default store
With OpenSSL 3.6.0, it causes nearly every certificate verification to
fail with the message "certificate verify failed (unable to get
certificate CRL)" because the CRLs are typically unavailable in the
default store used by OpenSSL::SSL::SSLContext#set_params.
OpenSSL::X509::V_FLAG_CRL_CHECK_ALL is a flag that extends the CRL
checking to all certificates in the chain. In OpenSSL < 3.6.0, the flag
alone has no effect, and OpenSSL::X509::V_FLAG_CRL_CHECK must also be
set to enable CRL checking.
In OpenSSL 3.6.0, OpenSSL::X509::V_FLAG_CRL_CHECK_ALL now implies
OpenSSL::X509::V_FLAG_CRL_CHECK. This is inconsistent with the man page
and may be fixed in a future OpenSSL 3.6.x release, but this flag is not
needed and should not be set by default.
Fixes https://github.com/ruby/openssl/issues/949
https://github.com/ruby/openssl/commit/e8481cd687
|
|
https://github.com/ruby/date/commit/545066ca28
|
|
https://github.com/ruby/date/commit/159e1ebb7f
https://github.com/ruby/date/commit/4f7b6c9b42
|
|
https://github.com/ruby/json/commit/4abfad090d
|
|
OpenSSL 3.0
Raise ArgumentError if this is attempted when the extension is compiled
with OpenSSL 3.0 or later. The form will be fully removed when we drop
support for OpenSSL 1.1.1.
When OpenSSL::PKey::{DH,DSA,EC,RSA}.new is called without any arguments,
it sets up an empty corresponding low-level struct and wraps it in an
EVP_PKEY. This is useful when the user later fills the missing fields
using low-level setter methods such as OpenSSL::PKey::RSA#set_key.
Such setter methods are not compatible with OpenSSL 3.0 or later, where
EVP_PKEY is immutable once created. This means that the ability to
create an empty instance is useless.
https://github.com/ruby/openssl/commit/affd569f78
|
|
Introduce a useful macro indicating that the low-level struct wrapped
in an EVP_PKEY cannot be modified.
Currently, the macro is defined for OpenSSL 3.0 or later only. LibreSSL
and AWS-LC can follow suit in the future.
https://github.com/ruby/openssl/commit/032ed63096
|
|
If pkg_config returns a truthy value, it found the library and added it
to the global values for the Makefile.
Calling `find_library` after a successful `pkg_config` causes -lyaml to
appear twice in the LIBS variable in the resulting Makefile, and causes
ld on macOS to emit a warning:
$ bundle exec rake compile 2>&1 | grep warning
ld: warning: ignoring duplicate libraries: '-lyaml'
https://github.com/ruby/psych/commit/cb5e3d465c
|
|
e.g.
```ruby
{ 1 => 2 }
```
The callback will be invoked for `1` as while it has a native JSON
equivalent, it's not legal as an object name.
|
|
Fix: https://github.com/ruby/json/issues/861
It's not incorrect to use scientific notation, but it tend
to throw people off a bit, so it's best to keep it for very large
numbers.
https://github.com/ruby/json/commit/1566cd01a6
|
|
https://github.com/ruby/json/commit/51ce76ea66
|
|
https://github.com/ruby/json/commit/55552cafe2
|
|
https://github.com/ruby/json/commit/5855f4f603
|
|
failures
(https://github.com/ruby/openssl/pull/939)
* Add AuthTagError exception for AEAD authentication failures
- Add OpenSSL::Cipher::AuthTagError as a subclass of CipherError
- Raise AuthTagError specifically for AEAD cipher authentication tag verification failures
- Enhanced error messages: 'AEAD authentication tag verification failed' for auth failures
- Precise detection: Only EVP_CipherFinal_ex failures in AEAD ciphers raise AuthTagError
- All other errors (key setup, IV setup, update failures, etc.) still raise CipherError
- Comprehensive test coverage for GCM/CCM modes and error inheritance
- Fully backwards compatible: AuthTagError < CipherError
https://github.com/ruby/openssl/commit/9663b09040
|
|
OSSL_DECODER"
This reverts commit https://github.com/ruby/openssl/commit/5347880c6eb0 and
https://github.com/ruby/openssl/commit/985ba27d6339.
These commits attempted to stop processing after the first relevant PEM
block, whether it is successful or not, when the input contains multiple
keys.
It turned out that it cannot be reliably determined using the
OSSL_DECODER API. There is an edge case where OSSL_DECODER_from_bio()
reports "unsupported" even though the input actually contains an error:
https://redirect.github.com/ruby/openssl/pull/931#discussion_r2347813807
Revert the changes for now and keep the existing behavior, as partial
support does not seem worth the added complexity.
https://github.com/ruby/openssl/commit/319cd4952a
|
|
https://github.com/ruby/date/commit/afaa4a997b
|
|
Get rid of `File.identical?` on a WebDAV-mounted drive.
|
|
|
|
On OpenBSD:
```
ld: warning: namespace.c:731(namespace.o:(rb_namespace_local_extension)): warning: strcpy() is almost always misused, please use strlcpy()
```
|
|
Treat an empty error queue after calling OSSL_DECODER_from_bio() as a
retryable error.
This is a follow-up to the previous commit https://github.com/ruby/openssl/commit/985ba27d6339 (pkey: stop
retrying after non-retryable error from OSSL_DECODER). The commit broke
loading public keys on Ubuntu 22.04 LTS, which ships OpenSSL 3.0.2.
https://github.com/ruby/openssl/commit/5347880c6e
|
|
Continue processing only when OSSL_DECODER_from_bio() returns the error
code ERR_R_UNSUPPORTED. Otherwise, raise an exception without retrying
decoding the input in another format.
This fixes another case where OpenSSL::PKey.read prompts for a
passphrase multiple times when the input contains multiple
passphrase-protected PEM blocks and the first one cannot be decoded.
I am not entirely sure if the error code ERR_R_UNSUPPORTED is considered
part of the public interface of OpenSSL, but this seems to be the only
option available and is the approach used internally by the
PEM_read_bio_*() functions.
Fixes https://github.com/ruby/openssl/issues/927
https://github.com/ruby/openssl/commit/985ba27d63
|
|
Specify OSSL_DECODER_CTX_set_pem_password_cb() only when we expect a
passphrase-protected private key.
OSSL_DECODER appears to try to decrypt every PEM block in the input even
when the PEM header does not match the requested selection. This can
cause repeated prompts for a passphrase in a single OpenSSL::PKey.read
call.
https://github.com/ruby/openssl/commit/933503f49f
|
|
https://github.com/ruby/json/commit/3232e8df41
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
|
The gem root was including the test/ directory, so lines from tests were
skipped, and the deprecation warnings were shown as coming from the test
framework.
https://github.com/ruby/json/commit/2ec31a7363
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
|
Fix https://github.com/ruby/json/commit/f411ddf1ceaf
https://github.com/ruby/json/commit/1397bf8cc9
Co-authored-by: Jean Boussier <jean.boussier@gmail.com>
|
|
https://github.com/ruby/fcntl/commit/13d8aa4785
|
|
I wanted to use file preallocation with fcntl, but the flags weren't
available. This commit just adds the missing flags.
https://github.com/ruby/fcntl/commit/7d4ab83a84
|
|
the correct use of proc argument.
https://github.com/ruby/json/commit/92654cd99b
|
|
when passing proc to JSON.unsafe_load, matching the changes made in
https://github.com/ruby/json/commit/73d2137fd3ad.
https://github.com/ruby/json/commit/77292cbc9b
|
|
Fix: https://github.com/ruby/json/pull/843
https://github.com/ruby/json/commit/d3f7f0452b
Co-Authored-By: Takashi Kokubun <takashikkbn@gmail.com>
|
|
TestTracepointObj#test_teardown_with_active_GC_end_hook was failing on
some platforms due to a Proc that is not marked being passed around.
Neither rb_tracepoint_new() nor rb_postponed_job_preregister() promise
to mark their callback `void *data`.
https://rubyci.s3.amazonaws.com/osx1300arm/ruby-master/log/20250902T154504Z.fail.html.gz
Add a GC.start to make the test a better detector for this safety issue
and fix it by getting the Proc from an ivar on the rooted module.
|
|
The embed layout is way more common than the heap one,
especially since WVA.
I think it makes for more readable code to inverse the
flag.
|
|
Because both strings and symbols keys are serialized the same,
it always has been possible to generate documents with duplicated
keys:
```ruby
>> puts JSON.generate({ foo: 1, "foo" => 2 })
{"foo":1,"foo":2}
```
This is pretty much always a mistake and can cause various
issues because it's not guaranteed how various JSON parsers
will handle this.
Until now I didn't think it was possible to catch such case without
tanking performance, hence why I only made the parser more strict.
But I finally found a way to check for duplicated keys cheaply enough.
|
|
|
|
|
|
https://github.com/ruby/json/commit/3187c88c06
|
|
https://github.com/ruby/json/commit/19bcfdd8d8
|
|
Helps with pretty printting performance:
```
== Encoding activitypub.json (52595 bytes)
ruby 3.4.2 (2025-02-15 revision https://github.com/ruby/json/commit/d2930f8e7a) +YJIT +PRISM [arm64-darwin24]
Warming up --------------------------------------
after 1.746k i/100ms
Calculating -------------------------------------
after 17.481k (± 1.0%) i/s (57.20 μs/i) - 89.046k in 5.094341s
Comparison:
before: 16038.4 i/s
after: 17481.1 i/s - 1.09x faster
== Encoding citm_catalog.json (500298 bytes)
ruby 3.4.2 (2025-02-15 revision https://github.com/ruby/json/commit/d2930f8e7a) +YJIT +PRISM [arm64-darwin24]
Warming up --------------------------------------
after 60.000 i/100ms
Calculating -------------------------------------
after 608.157 (± 2.3%) i/s (1.64 ms/i) - 3.060k in 5.034238s
Comparison:
before: 525.3 i/s
after: 608.2 i/s - 1.16x faster
== Encoding twitter.json (466906 bytes)
ruby 3.4.2 (2025-02-15 revision https://github.com/ruby/json/commit/d2930f8e7a) +YJIT +PRISM [arm64-darwin24]
Warming up --------------------------------------
after 160.000 i/100ms
Calculating -------------------------------------
after 1.606k (± 0.5%) i/s (622.70 μs/i) - 8.160k in 5.081406s
Comparison:
before: 1410.3 i/s
after: 1605.9 i/s - 1.14x faster
```
https://github.com/ruby/json/commit/f0dda861c5
|
|
https://github.com/ruby/json/commit/2d63648c0a
|
|
https://github.com/ruby/json/commit/12656777dc
|
|
Similar to 19f3793a4bd6974cd66cc058fc6d2ae733337745
Fixes:
```
../../../ext/socket/raddrinfo.c:755:60: warning: implicit conversion loses integer precision: 'size_t' (aka 'unsigned long') to 'socklen_t' (aka 'unsigned int') [-Wshorten-64-to-32]
755 | return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
| ~~~~~~~~~~~ ^~~~~~~
../../../ext/socket/raddrinfo.c:755:45: warning: implicit conversion loses integer precision: 'size_t' (aka 'unsigned long') to 'socklen_t' (aka 'unsigned int') [-Wshorten-64-to-32]
755 | return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags);
| ~~~~~~~~~~~ ^~~~~~~
```
|
|
|
|
When calling getnameinfo we spawn a thread because it may do a slow,
blocking reverse-DNS lookup. Spawning a thread is relatively fast (~20µs
on my Linux machine) but still an order of magnitude slower than when
getnameinfo is simply translating to a numeric IP or port, which, at
least in my tests on Linux, doesn't even make a syscall.
This commit adds a fast path for when reverse DNS isn't required: either
host isn't being fetched or NI_NUMERICHOST is set AND either the
service name isn't required or NI_NUMERICSERV is set. The service name
should only need to read /etc/services, which should be fast-ish, but
is still I/O so I kept the existing behaviour (it could be on a network
fs I guess).
I tested with:
s = TCPSocket.open("www.ruby-lang.org", 80)
500_000.times { Socket.unpack_sockaddr_in(s.getpeername) }
Before: 12.935s
After: 0.338s
|
|
Both the X509 store and X509 store context were missing write barriers.
To the callback object being stored in the ex data.
These values were also being stored as an IV, however in Ruby HEAD we're
now storing the IVs for T_DATA (generic IVs) on a separate object. So we
need an additional write barrier.
I believe this was always necessary, because we could have done
incremental marking ahead of compaction, and without the write barrier
the mark function could have been run before @verify_callback was
assigned.
This was detected by wbcheck
https://github.com/ruby/openssl/commit/1fda3a99ef
|
|
|
|
https://github.com/ruby/json/commit/72e231f929
|
|
https://github.com/ruby/json/commit/2d2e0d403d
|
|
On 32-bit Cygwin at least, it was failing to find that function,
presumably due to it being stdcall.
Signed-off-by: Jeremy Drake <github@jdrake.com>
https://github.com/ruby/resolv/commit/bceafef74b
|
|
https://github.com/ruby/stringio/commit/ac6292c17f
|
|
https://github.com/ruby/stringio/commit/113dd5a55e
|
