[ANN] RubyInstaller 2.5.3-1 and 2.4.5-1 with code signature released

瀏覽次數:74 次
跳到第一則未讀訊息

Lars Kanis

未讀,
2018年10月21日 下午5:13:342018/10/21
收件者:RubyInstaller

RubyInstaller-2.5.3-1 and RubyInstaller-2.4.5-1 are released. These are maintenance releases with bug and security fixes. See ruby-2.4.5 release notes and ruby-2.5.2 release notes. Bundled OpenSSL versions are updated to 1.0.2p and 1.1.1.


The installer executables are now signed with a Microsoft trusted certificate of “Open Source Developer Lars Kanis”. This should give some confidence about the downloaded files and should soften the disposition of anti virus products.


More details are provided in the CHANGELOG. All binaries are available in the Download section!


--

Kind Regards,

Lars


Josh Cooper

未讀,
2018年11月13日 晚上7:43:222018/11/13
收件者:RubyInstaller
Hi Lars,

We're seeing some unexpected behavior where String#to_yaml does not emit the document end tag. For example, given this script:

require 'yaml'
 
puts "Ruby #{RUBY_VERSION}p#{RUBY_PATCHLEVEL}"
puts "Psych #{Psych::VERSION}"
puts "string".to_yaml

The document end tag "..." is missing from the latest security fix versions:

C:\>c:\rubyinstaller-2.4.5-1-x64\bin\ruby.exe yaml.rb
Ruby 2.4.5p335
Psych 2.2.2
--- string
C:\>c:\rubyinstaller-2.5.3-1-x64\bin\ruby.exe yaml.rb
Ruby 2.5.3p105
Psych 3.0.2
--- string

But is present with the earlier ruby versions from rubyinstaller.org:

C:\>c:\rubyinstaller-2.4.4-2-x64\bin\ruby.exe yaml.rb
Ruby 2.4.4p296
Psych 2.2.2
--- string
...
C:\>c:\rubyinstaller-2.5.1-2-x64\bin\ruby.exe yaml.rb
Ruby 2.5.1p57
Psych 3.0.2
--- string
...

Doing the same test on macOS+rbenv prints the document end tag for all ruby versions:

$ ruby yaml.rb
Ruby 2.4.4p296
Psych 2.2.2
--- string
...
$ ruby yaml.rb
Ruby 2.4.5p335
Psych 2.2.2
--- string
...
$ ruby yaml.rb
Ruby 2.5.1p57
Psych 3.0.2
--- string
...
$ ruby yaml.rb
Ruby 2.5.3p105
Psych 3.0.2
--- string
...

Is there something in the rubyinstaller build process that could account for this change? Or should I follow up with ruby maintainers?

Thanks!
Josh

Lars Kanis

未讀,
2018年11月14日 凌晨12:40:392018/11/14
收件者:rubyin...@googlegroups.com、Josh Cooper
Hi Josh!


On Wed, Nov 14, 2018, 01:43 Josh Cooper <jo...@puppet.com wrote:



Is there something in the rubyinstaller build process that could account for this change?

I guess it's due to the update of libyaml from version 0.1.7 to 0.2.1 between these two releases.
You can query the library version by YAML::LIBYAML_VERSION .
Ubuntu-18.10 is still at version 0.1.7, so that this issue doesn't show up there. Maybe the same is true on MacOS.


Or should I follow up with ruby maintainers?


I think so. Maybe there's something fixed already, so you may try the latest rubyinstaller-head version first: https://github.com/oneclick/rubyinstaller2/releases/tag/rubyinstaller-head

--
Kind Regards,
Lars

回覆所有人
回覆作者
轉寄
0 則新訊息