Bumps ffi from 1.9.23 to 1.9.25. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).*
> **ruby-ffi DDL loading issue on Windows OS**
> ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be
> hijacked on Windows OS, when a Symbol is used as DLL name instead of a String
> This vulnerability appears to have been fixed in v1.9.24 and later.
>
> Patched versions: >= 1.9.24
> Unaffected versions: none
*Sourced from The GitHub Vulnerability Alert Database.*
> **CVE-2018-1000201**
> See https://nvd.nist.gov/vuln/detail/CVE-2018-1000201.
>
> Affected versions: < 1.9.24
Changelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).*
> 1.9.25 / 2018-06-03
> -------------------
>
> Changed:
> * Revert closures via libffi.
> This re-adds ClosurePool and fixes compat with SELinux enabled systems. [#621](https://github-redirect.dependabot.com/ffi/ffi/issues/621)
>
>
> 1.9.24 / 2018-06-02
> -------------------
>
> Security Note:
>
> This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush.
>
> Added:
> * Added a CHANGELOG file
> * Add mips64(eb) support, and mips r6 support. ([#601](https://github-redirect.dependabot.com/ffi/ffi/issues/601))
>
> Changed:
> * Update libffi to latest changes on master.
> * Don't search in hardcoded /usr paths on Windows.
> * Don't treat Symbol args different to Strings in ffi_lib.
> * Make sure size_t is defined in Thread.c. Fixes [#609](https://github-redirect.dependabot.com/ffi/ffi/issues/609)
Commits
- [`aa1b844`](https://github.com/ffi/ffi/commit/aa1b844f9c91538802780f35ac27119d4e877052) Prepare for release 1.9.25
- [`f1385ae`](https://github.com/ffi/ffi/commit/f1385ae65ac9c0347868fd081af5ddc13c036d29) Revert "README: Remove now unnecessary PaX workaround [ci skip]"
- [`94441aa`](https://github.com/ffi/ffi/commit/94441aa5f8b694b62f70528011b32c5db3d42dd4) Revert "Do closures via libffi"
- [`4e1051a`](https://github.com/ffi/ffi/commit/4e1051a5b8131547db333455dc4fc6a39e04491a) Run rspec with dots output only
- [`e70b13d`](https://github.com/ffi/ffi/commit/e70b13d6ef20351541649532d6705bac0acec170) Fix integer parameter range specs
- [`55ae232`](https://github.com/ffi/ffi/commit/55ae232232696b81e1d36807e2f44c262a649c48) Fix several specs where raise_error was called without class
- [`8821d4f`](https://github.com/ffi/ffi/commit/8821d4f4cb9b4cc622bf5627d9f9d150ca19af64) Specify error class for several raise_error calls
- [`bf48d44`](https://github.com/ffi/ffi/commit/bf48d44f9572e54f6e5e8adda2c375a0002b779b) Fix missing C declarations causing compiler warnings
- [`f569788`](https://github.com/ffi/ffi/commit/f56978849d828025c097236eb6a1ddc258361785) Replace symlinks for mips r6 with plain files
- [`fedbae0`](https://github.com/ffi/ffi/commit/fedbae01b1c0906e97c2f7795bfbb09d020d7903) Update CHANGELOG
- Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.23...1.9.25)
(This is an example of the kind of PRs Dependabot creates, so you can see it in action alongside #438. It won't automatically rebase or any of the clever stuff Dependabot normally does because I've manually copied it across, though.)
Coverage remained the same at 92.221% when pulling 76ce25583c273ee0b6cd124a6668cc30925ac114 on greysteil:dependabot/bundler/ffi-1.9.25 into 1b9adfd4a350f2b64cd60500a17406328ebd46f9 on ivaldi:master.
Bumps ffi from 1.9.23 to 1.9.25. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).* > **ruby-ffi DDL loading issue on Windows OS** > ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be > hijacked on Windows OS, when a Symbol is used as DLL name instead of a String > This vulnerability appears to have been fixed in v1.9.24 and later. > > Patched versions: >= 1.9.24 > Unaffected versions: none *Sourced from The GitHub Vulnerability Alert Database.* > **CVE-2018-1000201** > See https://nvd.nist.gov/vuln/detail/CVE-2018-1000201. > > Affected versions: < 1.9.24Changelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).* > 1.9.25 / 2018-06-03 > ------------------- > > Changed: > * Revert closures via libffi. > This re-adds ClosurePool and fixes compat with SELinux enabled systems. [#621](https://github-redirect.dependabot.com/ffi/ffi/issues/621) > > > 1.9.24 / 2018-06-02 > ------------------- > > Security Note: > > This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush. > > Added: > * Added a CHANGELOG file > * Add mips64(eb) support, and mips r6 support. ([#601](https://github-redirect.dependabot.com/ffi/ffi/issues/601)) > > Changed: > * Update libffi to latest changes on master. > * Don't search in hardcoded /usr paths on Windows. > * Don't treat Symbol args different to Strings in ffi_lib. > * Make sure size_t is defined in Thread.c. Fixes [#609](https://github-redirect.dependabot.com/ffi/ffi/issues/609)Commits
- [`aa1b844`](https://github.com/ffi/ffi/commit/aa1b844f9c91538802780f35ac27119d4e877052) Prepare for release 1.9.25 - [`f1385ae`](https://github.com/ffi/ffi/commit/f1385ae65ac9c0347868fd081af5ddc13c036d29) Revert "README: Remove now unnecessary PaX workaround [ci skip]" - [`94441aa`](https://github.com/ffi/ffi/commit/94441aa5f8b694b62f70528011b32c5db3d42dd4) Revert "Do closures via libffi" - [`4e1051a`](https://github.com/ffi/ffi/commit/4e1051a5b8131547db333455dc4fc6a39e04491a) Run rspec with dots output only - [`e70b13d`](https://github.com/ffi/ffi/commit/e70b13d6ef20351541649532d6705bac0acec170) Fix integer parameter range specs - [`55ae232`](https://github.com/ffi/ffi/commit/55ae232232696b81e1d36807e2f44c262a649c48) Fix several specs where raise_error was called without class - [`8821d4f`](https://github.com/ffi/ffi/commit/8821d4f4cb9b4cc622bf5627d9f9d150ca19af64) Specify error class for several raise_error calls - [`bf48d44`](https://github.com/ffi/ffi/commit/bf48d44f9572e54f6e5e8adda2c375a0002b779b) Fix missing C declarations causing compiler warnings - [`f569788`](https://github.com/ffi/ffi/commit/f56978849d828025c097236eb6a1ddc258361785) Replace symlinks for mips r6 with plain files - [`fedbae0`](https://github.com/ffi/ffi/commit/fedbae01b1c0906e97c2f7795bfbb09d020d7903) Update CHANGELOG - Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.23...1.9.25)(This is an example of the kind of PRs Dependabot creates, so you can see it in action alongside #438. It won't automatically rebase or any of the clever stuff Dependabot normally does because I've manually copied it across, though.)