Update ruby25{,-base} to 2.5.5.
Quote from release announce:
Ruby 2.5.4 (2019-03-13)
This release includes bug fixes and a security update of the bundled
RubyGems. See details in Multiple vulnerabilities in RubyGems and the commit
logs.
Ruby 2.5.5 (2019-03-15)
This release includes a bug fix for the deadlock in the
multi-thread+multi-process (using Process.fork) applications (ex: puma).
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
Since original patch included in official announce dose not cleanly applied to
Ruby 2.5.3, use a local version which drop patch to none existing test.
Bump PKGREVISION.
Ruby 2.5.2 Released
Ruby 2.5.2 has been released.
This release includes some bug fixes and some security fixes.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
There are also some bug fixes. See commit logs for more details.
Ruby 2.5.3 Released
Ruby 2.5.3 has been released.
There were some missing files in the release packages of 2.5.2 which are
necessary for building. See details in [Bug #15232].
This release is just for fixing the packaging issue. This release doesn’t
contain any additional bug fixes from 2.5.2.
Ruby 2.5.1 Released Posted by naruse on 28 Mar 2018
Ruby 2.5.1 has been released.
This release includes some bug fixes and some security fixes.
* CVE-2017-17742: HTTP response splitting in WEBrick
* CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
* CVE-2018-8777: DoS by large request in WEBrick
* CVE-2018-8778: Buffer under-read in String#unpack
* CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
* CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
* Multiple vulnerabilities in RubyGems
There are also some bug fixes. See commit logs for more details.
Ruby 2.5.0 is the first stable release of the Ruby 2.5 series. It introduces
many new features and performance improvements. The notable changes are as
follows:
o New Features
* rescue/else/ensure are now allowed to be used directly with do/end
blocks. [Feature #12906]
* Add yield_self to yield given block in its context. Unlike tap, it returns
the result of the block. [Feature #6721]
* Support branch coverage and method coverage measurement. The branch coverage
indicates which branches are executed and which are not. The method coverage
indicates which methods are invoked and which are not. By running a test
suite with these new features, you will know which branches and methods are
executed, and evaluate total coverage of the test suite more
strictly. [Feature #13901]
* Hash#slice [Feature #8499] and Hash#transform_keys [Feature #13583]
* Struct.new can create classes that accept keyword arguments. [Feature
#11925]
* Enumerable#any?, all?, none?, and one? accept a pattern argument. [Feature
#11286]
* Top-level constant look-up is no longer available. [Feature #11547]
* One of our most loved libraries, pp.rb, is now automatically loaded. You no
longer have to write require "pp". [Feature #14123]
* Print backtrace and error message in reverse order (oldest call first, most
recent call last). When a long backtrace appears on your terminal (TTY), you
can easily find the cause line at the bottom of the backtrace. Note that the
order is reversed only when the backtrace is printed out to the terminal
directly. [Feature #8661] [experimental]
o Performance improvements
* About 5-10% performance improvement by removing all trace instructions from
overall bytecode (instruction sequences). The trace instruction was added to
support the TracePoint. However, in most cases, TracePoint is not used and
trace instructions are pure overhead. Instead, now we use a dynamic
instrumentation technique. See [Feature #14104] for more details.
* Block passing by a block parameter (e.g. def foo(&b); bar(&b); end) is about
3 times faster than Ruby 2.4 by “Lazy Proc allocation” technique. [Feature
#14045]
* Mutex is rewritten to be smaller and faster. [Feature #13517]
* ERB now generates code from a template twice as fast as Ruby 2.4.
* Improve performance of some built-in methods including Array#concat,
Enumerable#sort_by, String#concat, String#index, Time#+, and more.
* IO.copy_stream uses copy_file_range(2) to copy offload. [Feature #13867]
o Other notable changes since 2.4
* SecureRandom now prefers OS-provided sources over OpenSSL. [Bug #9569]
* Promote cmath, csv, date, dbm, etc, fcntl, fiddle, fileutils, gdbm, ipaddr,
scanf, sdbm, stringio, strscan, webrick, zlib from standard libraries to
default gems.
* Update to Onigmo 6.1.3.
- It adds the absence operator.
- Note that Ruby 2.4.1 also includes this change.
* Update to Psych 3.0.2.
* Update to RubyGems 2.7.3.
* Update to RDoc 6.0.1.
- Switch the lexer from IRB based one to Ripper. This dramatically improves
the performance of document generation.
- Fix a significant amount of bugs that existed over ten years.
- Add support for new Ruby syntax from the latest versions.
* Update supported Unicode version to 10.0.0.
* Thread.report_on_exception is now set to true by default. This change helps
debugging of multi-threaded programs. [Feature #14143]
* IO#write now receives multiple arguments. [Feature #9323]
See NEWS or commit logs for details.
