Correct Method Search Order
Regression [lreplace {} 1 1]
Crash regression in [oo::class destroy]
Regress [regsub -all {\(.*} a(b) {}]
[try {} on ok {} - on return {} {}] panic
[tcl::unsupported::getbytecode] disassember
[string cat] bytecode optimization
segfault in mangled bytecode
Hang in some [read]s of limited size
segfault in [array set] of traced array
MSVC14 compile support
[fcopy] treats [blocked] as error
regression in Tcl_Write() interface
fix [gets] on non-blocking channels
restore [open comX: r+]
Restore [lappend v] return value
Stop forcing EOF to be permanent
Changelog:
7.0.72: http://www.oracle.com/technetwork/java/javase/7u72-relnotes-2296190.html
Instructions to disable SSL v3.0 in Oracle JDK and JRE
Oracle recommends that users and developers disable use of the SSLv3 protocol. Please follow the Instructions to disable SSL v3.0 in Oracle JDK and JRE.
Change in javax.smartcardio.Card.disconnect(boolean reset) method behavior
Prior to the JDK 8u20 and JDK 7u72 releases, the javax.smartcardio.Card.disconnect(boolean reset) method had inverted logic for the 'reset' boolean value passed to it. The card was reset upon a disconnect if false was passed to it and vice versa. Starting with JDK 7u72 and JDK 8u20, the correct behavior as per API documentation has been implemented.
In order to provide backwards compatibility to users who rely on the old behavior, a new system property has been introduced. The following command-line option can be used to enforce the old broken behavior:
-Dsun.security.smartcardio.invertCardReset=true
This property is set by default for 7u72 and later JDK 7 update releases. By default, no behavioral change will be noticed in this area for JDK 7 update releases.
Also the following command-line option can be used to enforce the new correct behavior:
-Dsun.security.smartcardio.invertCardReset=false
This is default for 8u20 and later JDK 8 update releases. In future Java releases, the property will be ignored/disabled and default disconnect method behavior will be as specified by API.
Bug Fixes
This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.
For a list of bug fixes included in this release, see JDK 7u72 Bug Fixes page.
Area: security-libs/javax.net.ssl
Synopsis: Decrease the preference mode of RC4 in the enabled cipher suite list
This fix decreases the preference of RC4 based cipher suites in the default enabled cipher suite list of SunJSSE provider.
See JDK-8043832 (not public).
From: http://www.oracle.com/technetwork/java/javase/2col/7u72-bugfixes-2298229.html
Bug Id Category Subcategory Description
8036022 client-libs 2d D3D: rendering with XOR composite causes InternalError.
8019623 client-libs java.awt Lack of synchronization in AppContext.getAppContext()
8024061 client-libs java.awt Exception thrown when drag and drop between two components is executed quickly
8028617 client-libs java.awt Dvorak keyboard mapping not honored when ctrl key pressed
8016545 client-libs java.beans java.beans.XMLEncoder.writeObject output is wrong
8036819 client-libs javax.accessibility JAB: mneumonics not read for textboxes
8036983 client-libs javax.accessibility JAB:Multiselection Ctrl+CursorUp/Down and ActivateDescenderPropertyChanged event
8028616 client-libs javax.swing Htmleditorkit parser doesn't handle leading slash (/)
8032872 client-libs javax.swing [macosx] Cannot select from JComboBox in a JWindow
8032874 client-libs javax.swing ArrayIndexOutOfBoundsException in JTable while clearing data in JTable
8032878 client-libs javax.swing Editable combos in table do not behave as expected
8041451 core-libs javax.naming com.sun.jndi.ldap.Connection:ReadTimeout should abandon ldap request
8042857 core-libs javax.naming 14 stuck threads waiting for notification on LDAPRequest
7142035 core-svc java.lang.instrument assert in j.l.instrument agents during shutdown when daemon thread is running
8028623 core-svc tools SA: hash codes in SymbolTable mismatching java_lang_String::hash_code for extended characters.
8028619 deploy deployment_toolkit Display issue of java control panel in ko and ja locale
8031490 deploy deployment_toolkit Broken Java SE 7 jnlp samples (app2 and app3)
8038463 deploy deployment_toolkit Java Control Panel doesn't display correctly in high resolution
8025051 globalization locale-data Update resource files for TimeZone display names
8039298 hotspot compiler C2: assert(base == NULL || t_adr->isa_rawptr() || !phase->type(base)->higher_equal(TypePtr::NULL_PTR)) failed: NULL+offs not RAW address?
8038925 hotspot gc Java with G1 crashes in dump_instance_fields using jmap or jcmd without fullgc
8019324 hotspot runtime assert(_f2 == 0 || _f2 == f2) failed: illegal field change
8031290 hotspot runtime Adjust call to getisax() for additional words returned
8033696 hotspot runtime "assert(thread != NULL) failed: just checking" due to Thread::current() and JNI pthread interaction
8051012 hotspot runtime Regression in verifier for <init> method call from inside of a branch
8021804 security-libs java.security Certpath validation fails if validity period of root cert does not include validity period of intermediate cert
8050158 security-libs javax.net.ssl Introduce system property to maintain RC4 preference order
7047033 security-libs javax.smartcardio (smartcardio) Card.disconnect(boolean reset) does not reset when reset is true
7195480 security-libs javax.smartcardio javax.smartcardio does not detect cards on Mac OS X
8039319 security-libs javax.smartcardio (smartcardio) Card.transmitControlCommand() does not work on Mac OS X
8043507 security-libs javax.smartcardio (smartcardio) javax.smartcardio.CardTerminals.list() fails on MacOSX
8046343 security-libs javax.smartcardio (smartcardio) CardTerminal.connect('direct') does not work on MacOSX
8049250 security-libs javax.smartcardio (smartcardio) Need a flag to invert the Card.disconnect(reset) argument
8036709 tools jar Java 7 jarsigner displays warning about cert policy tree
8033113 xml jax-ws wsimport fails on WSDL:header parameter name customization
8029837 xml jaxp NPE seen in XMLDocumentFragmentScannerImpl.setProperty since 7u40b33
7.0.71:
From: http://www.oracle.com/technetwork/java/javase/2col/7u71-bugfixes-2298226.html
Bug Id Category Subcategory Description
8032788 client-libs java.awt ImageIcon constructor throws an NPE and hangs when passed a null String parameter
8057184 client-libs javax.swing JCK8's api/javax_swing/JDesktopPane/descriptions.html#getset failed with GTKLookAndFeel on Linux and Solaris run v.s. JDK8+
8001105 core-libs java.lang.invoke findVirtual of Object[].clone produces internal error
8031502 core-libs java.lang.invoke JSR292: IncompatibleClassChangeError in LambdaForm for CharSequence.toString() method handle type converter
8027821 deploy For signed jars without manifest "Permissions", there is still security warning dialog before Application Error (Or blocked) Dialog.
8054904 deploy webstart Webstart cache path error for Java >= 7u65
8032883 deploy plugin java.lang.UnsupportedClassVersionError occurs while accessing an applet
8036620 deploy plugin JAR file is downloaded on DownloadService.removeResource, if it is not in Deployment Cache
8040786 deploy plugin Text is truncated in JavaScript to Java security warning dialog on OS X
8043478 deploy plugin Oracle Linux 5.x: Expired JRE disabled in the browser automatically and no native dialog prompting for the JRE update
8025726 deploy webstart Certificate rule in DRS does not work for Java Web Start app when caching is turned off
8051891 deploy webstart SWT cannot load native look&feel
8050485 hotspot runtime super() in a try block in a ctor may need to cause VerifyError
8027686 install Fail to install on MacOS 10.10
7160837 security-libs javax.crypto DigestOutputStream does not turn off digest calculation when "close()" is called
8028627 security-libs javax.crypto Unsynchronized code path from javax.crypto.Cipher to the WeakHashMap used by JceSecurity to store codebase mappings
8012026 client-libs java.awt [macosx] Component.getMousePosition() does not work in an applet on MacOS
8032078 client-libs java.awt [macosx] CPlatformWindow.setWindowState throws RuntimeException, if windowState=ICONIFIED:MAXIMIZED_BOTH
8032961 client-libs java.awt A JTextField of an applet loses the abillity to receive the focus under certain circumstances.
8032669 client-libs javax.swing Mouse release not being delivered to Swing component in 7u45
7122142 core-libs java.lang (ann) Race condition between isAnnotationPresent and getAnnotations
8005232 core-libs java.lang (JEP-149) Class Instance size reduction
7185456 core-libs java.lang.reflect (ann) Optimize Annotation handling in java/sun.reflect.* code for small number of annotationsC
8015421 core-libs java.net NegativeArraySizeException occurs in ChunkedOutputStream() with Integer.MAX_VALUE
8021372 core-libs java.net NetworkInterface.getNetworkInterfaces() returns duplicate hardware address
8009764 deploy webstart Java Web Start app run on Java SE 8 b79 shows "trust level" SecurityExceptions
7094099 deploy plugin DropDown List of JComboBox detached
6653795 hotspot compiler C2 intrinsic for Unsafe.getAddress performs pointer sign extension on 32-bit systems
8027359 xml jaxp XML parser returns incorrect parsing results
8032909 xml jaxp XSLT string-length returns incorrect length when string includes complementary chars
cparser 0.9.14 (2012-11-21)
---------------------------
* Adapt to libfirm-1.21.0
* Improved error recovery
* Improved firm graph generation (faster/smaller graphs)
* Implement U,u and u8 strings
* Preliminary preprocessor (we still use system cpp by default, as some macro
expansion corner cases are still buggy and prevent us from compiling glibc
headers)
* More gcc extensions: binary constants, __leaf__ attribute
cparser 0.9.13 (2011-12-07)
---------------------------
* Adapt to libfirm-1.20.0
* Implement --help
* More work on preprocessor (still not finished though)
* Refactoring work so others can reuse input, optimization order logic
* Columns in source positions (but external preprocessor doesn't preserve all spaces)
* Improvements to gnu builtins/attributes
* Bugfixes (we did alot of csmith testing)
cparser 0.9.12 (2011-03-15)
---------------------------
* Adapt to libfirm-1.19.0
* Introduce -mtarget (and -mtriple for llvm compatibility) for conventient
cross-compilation
* Fix big-endian struct layouting
* Bugfixes
cparser 0.9.11 (2009-05-16)
---------------------------
* add missing NEWS entries
* fix crash when known C library functions had the wrong number of arguments
cparser 0.9.10 (2009-04-15)
---------------------------
* bugfixes
* adapt to libfirm-1.18.0
* Update icedtea* to latest
* UTF-8 build patch
These are based on the patches from richard@.
Changelog:
From: http://www.oracle.com/technetwork/java/javase/7u71-relnotes-2296187.html
The full version string for this update release is 1.7.0_71-b14 (where "b" means "build"). The version number is 7u71.
IANA Data 2014c
JDK 7u71 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
GUILE, GNU's Ubiquitous Intelligent Language for Extension, is a library
that implements the Scheme language plus various convenient facilities.
It's designed so that you can link it into an application or utility to
make it extensible. Our plan is to link this library into all GNU programs
that call for extensibility.
This is guile 2.0, the current stable version.
The hope is that backward compatibility will be sufficient for us
not to need to import every new stable version as a separate package.
Changes since vala024 was imported:
Vala 0.26.0
===========
* Bug fix and binding updates.
Vala 0.25.4
===========
* Add option --vapi-comments.
* Bug fixes and binding updates.
Vala 0.25.3
===========
* Bug fixes and binding updates.
Vala 0.25.2
===========
* Require and target GLib >= 2.24.
* Report warning for private struct fields.
* Replace webkit2gtk-3.0 bindings with webkit2gtk-4.0 bindings.
* Always build vapigen.
* Bug fixes and binding updates.
Vala 0.25.1
===========
* Support explicit interface method implementation.
* Support (unowned type)[] syntax.
* Support non-literal length in fixed-size arrays.
* Mark regular expression literals as stable.
* GIR parser updates.
* Add webkit2gtk-3.0 bindings.
* Add gstreamer-allocators-1.0 and gstreamer-riff-1.0 bindings.
* Bug fixes and binding updates.
# --- ext/date/all ---
# make[2]: make[2]: don't know how to make ../../.ext/common/date. Stop
# make[2]: stopped in .../lang/ruby193-base/work/ruby-1.9.3-p550/ext/date
Ruby 2.1.4 is released
Ruby 2.1.4 has been released.
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial Of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
See tickets and ChangeLog for details.
Ruby 2.1.3 Released
We are pleased to announce the release of Ruby 2.1.3. This is a patchlevel
release of the stable 2.1 series.
This release contains a change of full GC timing to reduce memory consumption
(see Bug #9607), and many bugfixes.
See tickets and ChangeLog for details.
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
Ruby 1.9.3-p550 Released
We are pleased to announce the release of Ruby 1.9.3-p550.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, in addition, bandled jQuery for darkfish template of RDoc is also
updated.
