It contains security fix for CVE-2011-4815 (DoS).
Wed Dec 28 21:34:23 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* string.c (rb_str_hash): randomize hash to avoid algorithmic
complexity attacks. CVE-2011-4815
* st.c (strhash): ditto.
* string.c (Init_String): initialization of hash_seed to be at the
beginning of the process.
* st.c (Init_st): ditto.
Thu Dec 8 11:57:04 2011 Tanaka Akira <akr@fsij.org>
* inits.c (rb_call_inits): call Init_RandomSeed at first.
* random.c (seed_initialized): defined.
(fill_random_seed): extracted from random_seed.
(make_seed_value): extracted from random_seed.
(rb_f_rand): initialize random seed at first.
(initial_seed): defined.
(Init_RandomSeed): defined.
(Init_RandomSeed2): defined.
(rb_reset_random_seed): defined.
(Init_Random): call Init_RandomSeed2.
Sat Dec 10 20:44:23 2011 Tanaka Akira <akr@fsij.org>
* lib/securerandom.rb: call OpenSSL::Random.seed at the
SecureRandom.random_bytes call.
insert separators for array join.
patch by Masahiro Tomita. [ruby-dev:44270]
Mon Oct 17 04:20:22 2011 Nobuyoshi Nakada <nobu@ruby-lang.org>
* mkconfig.rb: fix for continued lines. based on a patch from
Marcus Rueckert <darix AT opensu.se> at [ruby-core:20420].
Mon Oct 17 04:19:39 2011 Yukihiro Matsumoto <matz@ruby-lang.org>
* numeric.c (flo_cmp): Infinity is greater than any bignum
number. [ruby-dev:38672]
* bignum.c (rb_big_cmp): ditto.
Mon Oct 17 03:56:12 2011 Yusuke Endoh <mame@tsg.ne.jp>
* ext/openssl/ossl_x509store.c (ossl_x509store_initialize): initialize
store->ex_data.sk. [ruby-core:28907] [ruby-core:23971]
[ruby-core:18121]
=== 3.12 / 2011-12-15
* Minor enhancements
* Added DEVELOPERS document which contains an overview of how RDoc works and
how to add new features to RDoc.
* Improved title for HTML output to include <code>--title</code> in the
title element.
* <code>rdoc --pipe</code> now understands <code>--markup</code>.
* RDoc now supports irc-scheme hyperlinks. Issue #83 by trans.
* Bug fixes
* Fix title on HTML output for pages.
* Fixed parsing of non-indented HEREDOC.
* Fixed parsing of <code>%w[]</code> and other % literals. Issue #84 by
Erik Hollensbe
* Fixed arrow replacement in HTML output munging the spaceship operator.
Issue #85 by eclectic923.
* Verbatim sections with ERB that match the ruby code whitelist are no
longer syntax-highlighted. Issue #86 by eclectic923
* Line endings on windows are normalized immediately after reading with
binmode. Issue #87 by Usa Nakamura
* RDoc better understands directives for comments. Comment directives can
now be found anywhere in multi-line comments. Issue #90 by Ryan Davis
* Tidy links to methods show the label again. Issue #88 by Simon Chiang
* RDoc::Parser::C can now find comments directly above
+rb_define_class_under+. Issue #89 by Enrico
* In rdoc, backspace and ansi formatters, labels and notes without bodies
are now shown.
* In rdoc, backspace and ansi formatters, whitespace between label or note
and the colon is now stripped.
=== 3.11 / 2011/10-17
* Bug fixes
* Avoid parsing TAGS files included in gems. Issue #81 by Santiago Pastorino.
=== 3.10 / 2011-10-08
* Major enhancements
* RDoc HTML output has been improved:
* The search from Vladimir Kolesnikov Sdoc has been integrated.
The search index generation is a reusable component through
RDoc::Generator::JsonIndex
* The table of contents is now a separate page and now shows links to
headings and sections inside a page or class.
* Class pages no longer show the namespace and no longer have file info
pages.
* HTML output is HTML 5.
* Static files can be copied into RDoc using --copy-files
* RDoc supports additional documentation formats:
* TomDoc 1.0.0-rc1
* RD format
The default markup can be set via the <tt>--markup</tt> option.
The format of documentation in a particular file can be specified by the
+:markup:+ directive. If the +:markup:+ directive is in the first comment
it is used as the default for the entire file. For other comments it
overrides the default markup format.
The markup format can be set for rake tasks using RDoc::Task#markup
* RDoc can save and load an options file.
To create an options file that defaults to using TomDoc markup run:
rdoc --markup tomdoc --write-options
This will create a .rdoc_options file. Check it in to your VCS and
package it with your gem. RDoc will automatically load this file and
combine it with the user's options.
Some options are not saved. See RDoc::Options@Saved+Options for full
details.
* Minor enhancements
* RDoc autoloads everything. You only need to require 'rdoc' now.
* HTML headings now have ids matching their titles.
= Hello!
Is rendered as
<h1 id="label-Hello%21">Hello!</h1>
* Labels for classes or methods can be linked-to by adding an <tt>@</tt>
following the class or method reference. For example,
<tt>RDoc::Markup@Links</tt>
See RDoc::Markup@Links for further details.
* For HTML output RDoc uses +SomeClass.method_name+ and
+SomeClass#method_name+ for remote methods and attributes and
+::method_name+ and +#method_name+ for local methods.
* RDoc makes an effort to syntax-highlight ruby code in verbatim sections.
See RDoc::Markup@Paragraphs+and+Verbatim
* Added RDoc::TopLevel#text? and RDoc::Parser::Text to indicate a
parsed file contains no ruby constructs.
* Added <tt>rdoc-label</tt> link scheme which allows bidirectional links.
See RDoc::Markup for details.
* Added RDoc::Comment which encapsulates comment-handling functionality.
* Added RDoc::Markup::PreProcess::post_process to allow arbitrary comment
munging.
* RDoc::RDoc::current is set for the entire RDoc run.
* Split rdoc/markup/inline into individual files for its component classes.
* Moved token stream HTML markup out of RDoc::AnyMethod#markup_code into
RDoc::TokenStream::to_html
* "Top" link in section headers is no longer inside the heading element.
* RDoc avoids printing some warnings unless run with `rdoc --verbose`. For
Rails issue #1646.
* Finishing a paragraph with two or more spaces will result in a line break.
This feature is experimental and may be modified or removed.
* Bug fixes
* Performance of RDoc::RubyLex has been improved. Ruby Bug #5202 by Ryan
Melton.
* Clicking a link in the method description now works. Issue #61 by Alan
Hogan.
* Fixed RDoc::Markup::Parser for CRLF line endings. Issue #67 by Marvin
Gülker.
* Fixed lexing of percent strings like %r{#}. Issue #68 by eclectic923.
* The C parser now understands classes defined with
+rb_struct_define_without_accessor+ (like Range). Pull Request #73 by Dan
Bernier
* Fixed lexing of <code>a b <<-HEREDOC</code>. Issue #75 by John Mair.
* Added LEGAL.rdoc with references to licenses in other files. Issue #78 by
Dmitry Jemerov.
* Block parameters are displayed in Darkfish output again. Issue #76 by
Andrea Singh.
* The method parameter coverage report no longer includes parameter default
values. Issue #77 by Jake Goulding.
* The module for an include is not looked up until parsed all the files are
parsed. Unless your project includes nonexistent modules this avoids
worst-case behavior (<tt>O(n!)</tt>) of RDoc::Include#module.
* Use 18, 19 instead of 1.9, 2.0 for RUBY_VERSION_DEFAULT.
* Add 193 for Ruby 1.9.3, too.
* If RUBY_VERSION_SUPPORTED contains single version of Ruby, make package
force depends to the version.
* Move RUBY_SITE_SUBDIR to Makefile.common.
* Change RUBY_VERSION_SUFFIX to RUBY_VERSION_FULL.
* Remove small code for NetBSD 1.x.
* Change RUBY_DLEXT and RUBY_SLEXT by ${_OPSYS_SHLIB_TYPE} instead of
${OPSYS}'s value.
=== 3.9.3 / 2011-08-23
* Bug fixes
* Add US-ASCII magic comments to work with <tt>ruby -Ku</tt>. Issue #63 by
Travis D. Warlick, Jr.
* Image paths at HTTPS URLs are now turned into +<img>+ tags. Pull
Request #60 by James Mead
* Markup defined by RDoc::Markup#add_special inside a <tt><tt></tt> is no
longer converted.
If it specified, it modify gemspec's dependency using update-gemspec.rb
Ruby script.
The goal is avoid to use patch for modifying depending version or gem's
name since gemspec files' content differ using rubygem's version.
It was really needed by devel/ruby-railties, sigh.
=== 3.8 / ??
* Minor enhancements
* RDoc::Parser::C can now discover methods on ENV and ARGF.
* RDoc::Parser::C now knows about rb_cSocket and rb_mDL.
* Bug fixes
* Updating Object in an ri data store with new data now removes methods,
includes, constants and aliases.
=== 3.7 / 2011-06-27
* Minor enhancements
* New directive :category: which allows methods to be grouped into sections
more cleanly. See RDoc::Markup for details.
* Document-class for RDoc::Parser::C now supports Foo::CONST as well as
CONST.
* ri method output is now a comma-separated list when displayed
interactively. Pull Request #39 by Benoit Daloze.
* RDoc::ClassModule#merge now prefers the argument's information over the
receiver's (it now behaves like Hash#merge! instead of a backwards
Hash#merge!).
* RDoc::Markup#convert now accepts an RDoc::Markup::Document instance
* RDoc now owns the code for generating RDoc and ri data when gems install
* Added RDoc::RDoc::reset
* Added RDoc::CodeObject#file_name
* Bug fixes
* ri no longer crashes when attempting to complete a plain [.
* ri data now tracks which file information came from so it can process
removals and changes to:
* Classes and Modules
* Methods
* Attributes
* Includes
* Constants
You will need to rebuild your ri data for it to update properly. Issue
#21 by Sven Riedel
* Signal and SignalException no longer clobber each other
* RDoc::Parser::C no longer creates classes when processing aliases.
* RDoc::Text#strip_stars handles Document-method for methods with =, ! and ?
now.
* RDoc::Parser::C now allows .cpp files to be used with the "in" comment on
rb_define_method. Bug #35 by Hanmac.
* RDoc::Parser::Ruby no longer eats content when =begin/=end documentation
blocks are followed by a documentable item. Issue #41 by mfn.
* RDoc::Markup::Formatter and subclasses now allow an optional +markup+
parameter for adding custom markup. The example in
RDoc::Markup::Formatter will now work. Issue #38 by tsilen.
* RDoc::Parser::C can now distinguish between class methods and instance
methods in Document-method. Issue #36 by Vincent Batts.
* RDoc now encodes file names in the output encoding. Issue #33 by Perry
Smith.
* ri data generation for method aliases no longer duplicates the class in
#full_name
If the package needs newer version in ruby{18,19}-base, set
RUBY_RDOC_REQD to minimum rdoc's version. ruby{18,19}-base have
these versions.
ruby18-base: rdoc 1.0.1
ruby19-base: rdoc 2.5.8
A package RUBY_RDOC_REQD set and built with devel/ruby-rdoc, it
will be also depends devel/ruby-rdoc package not only build time.
Because, files generated by rdoc commands of devel/ruby-rdoc may
not usable with ri commands in ruby{18,19}-base.
