Age | Commit message (Collapse) | Author |
|
https://github.com/ruby/psych/commit/1df86a2e81
|
|
Psych.load is not safe for use with untrusted data. Too many
applications make the mistake of using `Psych.load` with untrusted data
and that ends up with some kind of security vulnerability.
This commit changes the default `Psych.load` to use `safe_load`. Users
that want to parse trusted data can use Psych.unsafe_load.
https://github.com/ruby/psych/commit/176494297f
|
|
In future versions of Psych, the `load` method will be mostly the same
as the `safe_load` method. In other words, the `load` method won't
allow arbitrary object deserialization (which can be used to escalate to
an RCE). People that need to load *trusted* documents can use the
`unsafe_load` method.
This commit introduces the `unsafe_load` method so that people can
incrementally upgrade. For example, if they try to upgrade to 4.0.0 and
something breaks, they can downgrade, audit callsites, change to
`safe_load` or `unsafe_load` as required, and then upgrade to 4.0.0
smoothly.
https://github.com/ruby/psych/commit/cb50aa8d3f
|
|
https://github.com/ruby/psych/commit/1c5c29e81f
|
|
https://github.com/ruby/psych/commit/546154ddb7
|
|
... to disable a "method redefined" warning.
http://rubyci.s3.amazonaws.com/solaris11-gcc/ruby-master/log/20210514T050008Z.fail.html.gz
```
1) Failure:
TestObjSpace#test_objspace_trace [/export/home/chkbuild/chkbuild-gcc/tmp/build/20210514T050008Z/ruby/test/objspace/test_objspace.rb:621]:
<["objspace/trace is enabled"]> expected but was
<["/export/home/chkbuild/chkbuild-gcc/tmp/build/20210514T050008Z/ruby/.ext/common/objspace/trace.rb:29: warning: method redefined; discarding old p",
"objspace/trace is enabled"]>.
```
|
|
This file, when require'ed, starts tracing the object allocations, and
redefines `Kernel#p` to show the allocation site.
This commit is experimental; the library name and APIs may change.
[Feature #17762]
|
|
https://github.com/ruby/psych/commit/98617e55a1
|
|
https://github.com/ruby/psych/commit/091cd46b1f
|
|
There is a small typo in ext/psych/yaml/yaml.h.
Should read `expressed` rather than `expessed`.
https://github.com/ruby/psych/commit/1150d669cb
|
|
Fixes jruby/jruby#6365
https://github.com/ruby/psych/commit/a88ff77f02
|
|
https://github.com/ruby/psych/commit/ee26f26ab5
|
|
https://github.com/ruby/psych/commit/285c461cd2
|
|
https://github.com/ruby/psych/commit/58223f0426
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4391
|
|
iff means if and only if, but readers without that knowledge might
assume this to be a spelling mistake. To me, this seems like
exclusionary language that is unnecessary. Simply using "if and only if"
instead should suffice.
https://github.com/ruby/strscan/commit/066451c11e
|
|
`String#byteslice` returns non string value [Bug #17756] (#20)
https://github.com/ruby/strscan/commit/92961cde2b
|
|
* Use Gemfile instead of Gem::Specification#add_development_dependency.
* Use pend instead of skip for test-unit.
|
|
* See [Feature #17752]
* Using this to detect them:
git grep -P 'if\s+HAVE' | grep -Pv 'HAVE_LONG_LONG|/ChangeLog|HAVE_TYPEOF'
Notes:
Merged: https://github.com/ruby/ruby/pull/4428
|
|
* See [Feature #17752]
Notes:
Merged: https://github.com/ruby/ruby/pull/4428
|
|
* See [Feature #17752]
Notes:
Merged: https://github.com/ruby/ruby/pull/4428
|
|
It seems like a vestige of ext/md5.
|
|
|
|
|
|
RubyInstaller2 supports metadata tags for installation of dependent
MSYS2/MINGW libraries. The openssl gem requires the mingw-openssl
package to be installed on the system, which the gem installer takes
care about, when this tag is set.
The feature is documented here:
https://github.com/oneclick/rubyinstaller2/wiki/For-gem-developers#msys2-library-dependency
Fixes https://github.com/oneclick/rubyinstaller2/issues/163
https://github.com/ruby/gdbm/commit/d95eed3e86
|
|
This gem exposes no executables.
https://github.com/ruby/pathname/commit/c401d97d58
|
|
Example:
```
In file included from ../../../include/ruby/defines.h:72,
from ../../../include/ruby/ruby.h:23,
from ../../../gc.h:3,
from ../../../ext/objspace/objspace_dump.c:15:
../../../ext/objspace/objspace_dump.c: In function ‘dump_append_ld’:
../../../ext/objspace/objspace_dump.c:95:26: warning: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’ [-Wsign-compare]
95 | RUBY_ASSERT(required <= width);
| ^~
```
Notes:
Merged: https://github.com/ruby/ruby/pull/4417
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4414
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4412
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4413
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4411
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4410
|
|
Having the separate dir makes testing difficult and doesn't
reflect the structure the gem will eventually have. We can filter
these files out if necessary when building the CRuby gem.
https://github.com/ruby/io-console/commit/881010447c
|
|
https://github.com/ruby/io-console/commit/c17b8cf3a9
|
|
This gem exposes no executables, and this clarifies this.
https://github.com/ruby/io-wait/commit/f491c6cc64
|
|
Remove the list of executables.
https://github.com/ruby/zlib/commit/6a70725b8e
|
|
This gem exposes zero executables.
https://github.com/ruby/gdbm/commit/d51cf47f65
|
|
https://github.com/ruby/dbm/commit/c86b94b781
|
|
https://github.com/ruby/date/commit/e574cc9048
|
|
Notes:
Merged: https://github.com/ruby/ruby/pull/4371
|
|
We previously used a mix of both `#if` and `#ifdef`, but the latter is
more reliable because it will still work if the macro is undefined.
https://github.com/ruby/openssl/commit/e4a622e67e
|
|
On Debian 9 (“stretch”) the `OPENSSL_NO_STATIC_ENGINE` macro is not
defined, which causes all the `#if HAVE_ENGINE_LOAD_…` directives to
fail with `error: 'HAVE_ENGINE_LOAD_…' is not defined, evaluates to 0
[-Werror,-Wundef]` while building TruffleRuby.
We can accomplish the same thing with `#ifdef`, which (of course) works
fine when the `HAVE_ENGINE_LOAD…` macros are also undefined.
Upstreamed from oracle/truffleruby#2255, which fixed
oracle/truffleruby#2254.
https://github.com/ruby/openssl/commit/65e2adf1ac
|
|
ASN1_dup() will not copy the 'pkey' field of a PKCS7_SIGNER_INFO object
by design; it is a temporary field kept until the PKCS7 structure is
finalized. Let's bump reference counter of the pkey in the original
object and use it in the new object, too.
This commit also removes PKCS7#add_signer's routine to add the
content-type attribute as a signed attribute automatically. This
behavior was not documented or tested. This change should not break any
working user code since the method was completely useless without the
change above.
https://github.com/ruby/openssl/commit/20ca7a27a8
|
|
|
|
|
|
https://github.com/ruby/io-console/commit/302e86a28c
https://github.com/ruby/io-console/commit/0690862526
|
|
Fix segmentation fault of Pathname#split when File.split returns
non array value [Bug #17755]
https://github.com/ruby/pathname/commit/e29b49e3b1
https://github.com/ruby/pathname/commit/1db7479a74
|
|
If called with an autoloaded encoding that was not yet
initialized, `rb_enc_interned_str` would crash with
a NULL pointer exception.
See: https://github.com/ruby/ruby/pull/4119#issuecomment-800189841
Notes:
Merged: https://github.com/ruby/ruby/pull/4290
|
|
|
|
|