[GR-20473] Backport: Update Ruby to 2.6.5.

PullRequest: truffleruby/1248

Author: ezzarghili

.gitattributes

@@ -1,6 +1,6 @@
 # Merge options
 
-/CHANGELOG.md merge=union
+#/CHANGELOG.md merge=union
 
 # Rules for GitHub's Linguist language-classification system. We're abusing the
 # 'vendored' attribute to exclude files as a lot of this isn't really vendored,

.ruby-version

@@ -1 +1 @@
-2.6.2
+2.6.5

3rd_party_licenses.txt

@@ -257,6 +257,10 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
+lib/rdoc/generator/template/darkfish/css/fonts.css:
+This file is licensed under the SIL Open Font License.
+http://scripts.sil.org/OFL
+
 ext/psych/yaml:
 Copyright (c) 2006 Kirill Simonov
 

CHANGELOG.md

@@ -1,8 +1,13 @@
 # 19.3.1
 
+New features:
+
+* Updated to Ruby 2.6.5 (#1749).
+
 Compatibility:
 
 * Implemented `rb_gc_register_mark_object` and `rb_enc_str_asciionly_p` (#1856, @chrisseaton).
+* Support for the Darkfish theme for RDoc generation has been added back.
 
 # 19.3.0
 

doc/contributor/stdlib.md

@@ -155,7 +155,7 @@ gem list | grep default:
 * `ostruct` (default: 0.1.0)
 * `prime` (default: 0.1.0)
 * `psych` (default: 3.1.0)
-* `rdoc` (default: 6.1.0)
+* `rdoc` (default: 6.1.2)
 * `rexml` (default: 3.1.9)
 * `rss` (default: 0.2.7)
 * `scanf` (default: 1.0.0)

doc/contributor/updating-ruby.md

@@ -44,11 +44,13 @@ You'll usually get some conflicts to work out.
 
 Configuration files must be regenerated from ruby for Linux and macOS
 and copied into `lib/cext/include/truffleruby`. In the MRI repository
-do the folowing
+do the following:
 
 ```
+graalvm_clang=$(jt ruby -e 'puts RbConfig::CONFIG["CC"]')
+
 autoconf
-CC=clang ./configure
+CC=$graalvm_clang ./configure
 ```
 
 The output of configure should report that it has created or updated a
@@ -72,46 +74,29 @@ You will need to copy that file to
 * Update `doc/contributor/stdlib.md`
 * Update method lists - see `spec/truffle/methods_spec.rb`
 * Update `ci.jsonnet` to use the corresponding MRI version for benchmarking
+* Grep for the old version with `git grep -F x.y.z`
 
 ## Update libraries from third-party repos
 
 Look in `../ruby/ext/json` to see the version of `flori/json` being used, and
 then copy the original source of `flori/json` into `lib/json`.
 
-## Updating .gemspec of default gems
+## Updating default and bundled gems
+
+You need a clean install (e.g., no extra gems installed) of MRI for this.
 
-Default gems are imported from MRI files, except the .gemspec files in
-`lib/gems/specifications/default`.
-To update those, copy the files over from an installed MRI.
 ```
+rm -rf lib/gems/gems
+cp -R ~/.rubies/ruby-n.n.n/lib/ruby/gems/n.n.n/gems lib/gems
+
 rm -rf lib/gems/specifications/default
 cp -r ~/.rubies/ruby-n.n.n/lib/ruby/gems/n.n.n/specifications/default lib/gems/specifications
 ```
 
-If any of these gemspecs has executables (`s.executables = ...`), then those
-files must be copied under `lib/gems/gems/GEM-VERSION/exe` for `Gem.bin_path` to
-work:
-```
-grep -R executables lib/gems/specifications/default
-cp -R ~/.rubies/ruby-n.n.n/lib/ruby/gems/n.n.n/gems/GEM-VERSION lib/gems/gems
-```
-
-Note: `gem install --default` might help with this, but it does not seem to
-create the executable files currently, even on MRI.
-
 ## Updating bundled gems
 
-To update a bundled gem, follow these steps:
-
-* Remove the current gem and gemspec from `lib/gems/gems` and
-  `lib/gems/specifications`
-* Run the gem install command with the desired version
-  `gem install rake -v 10.4.2 --no-doc`
-* Update the project `.gitignore` to allow the newly install gem sources
-  and gemspec
-* Copy from the build directory `lib` to the source `lib`
-* If the gem installs any executables like `rake` in `bin` ensure that the
-  shebang has a format as follows:
+If the gem installs any executables like `rake` in `bin` ensure that the
+shebang has a format as follows:
 
 ```bash
 #!/usr/bin/env bash

doc/legal/legal.md

@@ -19,7 +19,7 @@ See `epl-2.0.txt`, `gpl-2.txt`, `lgpl-2.1.txt`.
 ## MRI
 
 The standard implementation of Ruby is MRI. TruffleRuby contains code from MRI
-version 2.6.1, including:
+version 2.6.5, including:
 
 * the standard library in `lib/mri`, 
 * Ruby C extension API in `lib/cext/include` and `src/main/c/cext`, 
@@ -45,6 +45,9 @@ CC0 public domain dedication, see `ccan-cc0.txt`.
 terms of 'BSD-MIT', see `ccan-bsd-mit.txt`. Despite the filename 'BSD-MIT' this
 is the conventional MIT licence.
 
+RDoc Darkfish theme fonts under `lib/mri/rdoc/generator/template/darkfish/` are
+available under the terms of the SIL Open Font License 1.1, see `ofl.txt`.
+
 The header file `lib/cext/include/ruby/onigmo.h` is part of Onigmo, available
 under the same 2-clause BSD licence as Ruby.
 

doc/user/compatibility.md

@@ -1,7 +1,7 @@
 # Compatibility
 
 TruffleRuby aims to be fully compatible with the standard implementation of
-Ruby, MRI, version 2.6.2, revision 67232.
+Ruby, MRI, version 2.6.5.
 
 Any incompatibility with MRI is considered a bug, except for rare cases detailed below.
 If you find an incompatibility with MRI, please [report](https://github.com/oracle/truffleruby/issues) it to us.
@@ -87,10 +87,6 @@ more explanation on this.
 
 `RubyVM` is not intended for users and is not implemented.
 
-#### RDoc HTML generation
-
-TruffleRuby does not include the Darkfish theme for RDoc.
-
 ## Features with major differences
 
 #### Threads run in parallel

doc/user/security.md

@@ -37,6 +37,12 @@ https://www.ruby-lang.org/en/security/.
 
 Number | Description | Their Mitigation | Test | Our Mitigation
 --- | --- | --- | --- | ---
+CVE-2019-16255 | A code injection vulnerability of Shell#[] and Shell#test | [Fix](https://github.com/ruby/ruby/commit/d6adc68dc9c74a33b3ca012af171e2d59f0dea10) | MRI test | Same
+CVE-2019-16254 | HTTP response splitting in WEBrick (Additional fix) | [Fix](https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc) | MRI test | Same
+CVE-2019-15845 | A NUL injection vulnerability of File.fnmatch and File.fnmatch? | [Fix](https://github.com/ruby/ruby/commit/a0a2640b398cffd351f87d3f6243103add66575b) | MRI test | Check for NUL bytes
+CVE-2019-16201 | Regular Expression Denial of Service vulnerability of WEBrick’s Digest access authentication | [Fix](https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03) | MRI test | Same
+CVE-2012-6708 | Multiple jQuery vulnerabilities in RDoc | Remove jquery.js | N/A | Same
+CVE-2015-9251 | Multiple jQuery vulnerabilities in RDoc | Remove jquery.js | N/A | Same
 CVE-2019-8320 | Delete directory using symlink when decompressing `tar` | Check the expanded path | Tested in MRI `test/rubygems/test_gem_package.rb` | Applied the same patch
 CVE-2019-8321 | Escape sequence injection in `verbose` | Sanitise message | Tested in `ruby/spec` `:security` | Applied the same patch
 CVE-2019-8322 | Escape sequence injection in `gem owner` | Sanitise message | Tested in `ruby/spec` `:security` | Applied the same patch

lib/cext/include/ruby/ruby.h

@@ -1775,7 +1775,7 @@ VALUE rb_check_symbol(volatile VALUE *namep);
 #define RUBY_CONST_ID_CACHE(result, str)		\
     {							\
 	static ID rb_intern_id_cache;			\
-	if (!rb_intern_id_cache)			\
+	if (!polyglot_is_value(rb_intern_id_cache)) \
 	    rb_intern_id_cache = rb_intern2((str), (long)strlen(str)); \
 	result rb_intern_id_cache;			\
     }