coveralls
commented
5 years ago Coverage remained the same at 92.221% when pulling 76ce25583c273ee0b6cd124a6668cc30925ac114 on greysteil:dependabot/bundler/ffi-1.9.25 into 1b9adfd4a350f2b64cd60500a17406328ebd46f9 on ivaldi:master.
Bumps ffi from 1.9.23 to 1.9.25. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ffi/CVE-2018-1000201.yml).* > **ruby-ffi DDL loading issue on Windows OS** > ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be > hijacked on Windows OS, when a Symbol is used as DLL name instead of a String > This vulnerability appears to have been fixed in v1.9.24 and later. > > Patched versions: >= 1.9.24 > Unaffected versions: none *Sourced from The GitHub Vulnerability Alert Database.* > **CVE-2018-1000201** > See https://nvd.nist.gov/vuln/detail/CVE-2018-1000201. > > Affected versions: < 1.9.24Changelog
*Sourced from [ffi's changelog](https://github.com/ffi/ffi/blob/master/CHANGELOG.md).* > 1.9.25 / 2018-06-03 > ------------------- > > Changed: > * Revert closures via libffi. > This re-adds ClosurePool and fixes compat with SELinux enabled systems. [#621](https://github-redirect.dependabot.com/ffi/ffi/issues/621) > > > 1.9.24 / 2018-06-02 > ------------------- > > Security Note: > > This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush. > > Added: > * Added a CHANGELOG file > * Add mips64(eb) support, and mips r6 support. ([#601](https://github-redirect.dependabot.com/ffi/ffi/issues/601)) > > Changed: > * Update libffi to latest changes on master. > * Don't search in hardcoded /usr paths on Windows. > * Don't treat Symbol args different to Strings in ffi_lib. > * Make sure size_t is defined in Thread.c. Fixes [#609](https://github-redirect.dependabot.com/ffi/ffi/issues/609)Commits
- [`aa1b844`](https://github.com/ffi/ffi/commit/aa1b844f9c91538802780f35ac27119d4e877052) Prepare for release 1.9.25 - [`f1385ae`](https://github.com/ffi/ffi/commit/f1385ae65ac9c0347868fd081af5ddc13c036d29) Revert "README: Remove now unnecessary PaX workaround [ci skip]" - [`94441aa`](https://github.com/ffi/ffi/commit/94441aa5f8b694b62f70528011b32c5db3d42dd4) Revert "Do closures via libffi" - [`4e1051a`](https://github.com/ffi/ffi/commit/4e1051a5b8131547db333455dc4fc6a39e04491a) Run rspec with dots output only - [`e70b13d`](https://github.com/ffi/ffi/commit/e70b13d6ef20351541649532d6705bac0acec170) Fix integer parameter range specs - [`55ae232`](https://github.com/ffi/ffi/commit/55ae232232696b81e1d36807e2f44c262a649c48) Fix several specs where raise_error was called without class - [`8821d4f`](https://github.com/ffi/ffi/commit/8821d4f4cb9b4cc622bf5627d9f9d150ca19af64) Specify error class for several raise_error calls - [`bf48d44`](https://github.com/ffi/ffi/commit/bf48d44f9572e54f6e5e8adda2c375a0002b779b) Fix missing C declarations causing compiler warnings - [`f569788`](https://github.com/ffi/ffi/commit/f56978849d828025c097236eb6a1ddc258361785) Replace symlinks for mips r6 with plain files - [`fedbae0`](https://github.com/ffi/ffi/commit/fedbae01b1c0906e97c2f7795bfbb09d020d7903) Update CHANGELOG - Additional commits viewable in [compare view](https://github.com/ffi/ffi/compare/1.9.23...1.9.25)(This is an example of the kind of PRs Dependabot creates, so you can see it in action alongside #438. It won't automatically rebase or any of the clever stuff Dependabot normally does because I've manually copied it across, though.)