Ruby 2.1.4 is released
Ruby 2.1.4 has been released.
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial Of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
See tickets and ChangeLog for details.
Ruby 2.1.3 Released
We are pleased to announce the release of Ruby 2.1.3. This is a patchlevel
release of the stable 2.1 series.
This release contains a change of full GC timing to reduce memory consumption
(see Bug #9607), and many bugfixes.
See tickets and ChangeLog for details.
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
Ruby 1.9.3-p550 Released
We are pleased to announce the release of Ruby 1.9.3-p550.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, in addition, bandled jQuery for darkfish template of RDoc is also
updated.
Upstream changes:
1.3132 2014-10-20
[STATISTICS]
- code churn: 1 file changed, 12 insertions(+), 6 deletions(-)
1.3131_1 2014-10-13
[BUG FIXES]
- One test would fail if Template::Toolkit was not installed. (GH#1083)
[STATISTICS]
- code churn: 2 files changed, 26 insertions(+), 10 deletions(-)
1.3131_0 2014-10-11
[BUG FIXES]
- Test was failing under perl 5.8.9. (GH#1057, Tom Hukins)
- Don't get tripped by YAML::XS's readonly values. (GH#1070)
[DOCUMENTATION]
- Minor doc update to detail how to pass protocol information in Apache
(GH#1079, Andy Beverley)
- Add the Dancer policy POD.
[ENHANCEMENTS]
- Dancer::Template::TemplateToolkit now supports DATA-embedded templates.
(GH#1061, Jochen Lutz)
- New function 'param_array'. (GH#1055, Yanick Champoux)
- D::Serializer::YAML and Dancer::Config can now use 'YAML::XS'.
[MISC]
- Add 'YAML' as a recommended dependency. (GH#1080)
[STATISTICS]
- code churn: 14 files changed, 348 insertions(+), 30 deletions(-)
Upstream changes:
0.050 2014-09-23 15:30:18-04:00 America/New_York
[FIXED]
- Fixed CONNECT requests for some proxies
0.049 2014-09-02 11:20:07-04:00 America/New_York
[FIXED]
- 'keep_alive' is now fork-safe and thread-safe
0.048 2014-08-21 13:19:51-04:00 America/New_York
[FIXED]
- Protected proxy tests from ALL_PROXY in the environment
0.047 2014-07-29 14:09:05-04:00 America/New_York
[CHANGED]
- Updated Mozilla::CA module recommendation version to 20130114
[FIXED]
- Fixed t/00-report-prereqs.t when CPAN::Meta is not installed
0.046 2014-07-21 10:32:32-04:00 America/New_York
[FIXED]
- Empty header fields are now allowed; headers with the 'undef' value
will be rendered as an empty header.
[DOCUMENTED]
- Updated HTTP/1.1 spec description from RFC 2616 to RFC 7230-7235
0.045 2014-07-19 23:17:28-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed t/002_croakage.t for various operating systems.
0.044 2014-07-16 23:46:09-04:00 America/New_York
[CHANGED]
- Providing a custom 'Host' header is now a fatal exception. Previously, it
was silently ignored, as the RFC mandates that Host be set from the
URL, but ignoring it could lead to unexpected, confusing errors.
- optimized URL splitting
- Passing 'undef' for any proxy attribute will prevent HTTP::Tiny from
setting the proxy from the environment.
Upstream changes:
5.93 Sun Oct 26 06:00:48 MST 2014
- corrected alignment problem in SHA struct (src/sha.h)
-- thanks to H. Merijn Brand and J. Hietaniemi for
analysis and suggested patch
- provided workaround in t/methods.t for unreliable -T test
-- Some Perl 5.8's mistake text for binary
Upstream changes:
version 1.96 at 2014-10-20 13:27:59 +0000
-----------------------------------------
Change: 67510a440b9b5dfc9705e6e07a324ef8ee29ee67
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2014-10-20 14:27:59 +0000
Updated for v5.21.5
2014-10-06: Version 7.1
* New: Option -i, --info to print file information.
This new option prints number of DOS, Unix, and Mac line breaks, the byte
order mark, and if the file is text or binary. And it can print the names
of files that would be converted.
2014-09-09: Version 7.0
* New: automated self-tests.
* New: option -u to keep UTF-16 encoding.
* New: option -v to print information about BOMs and converted line breaks.
* Change: stdio mode does not automatically set quiet mode.
* Change: stdio mode does not automatically force conversion of binaries.
An error is returned when the stdin stream contains a binary symbol.
* Bugfix: dos2unix -l created DOS line breaks from Mac line breaks.
* Bugfix: system error number was not always returned.
* Bugfix: an Unicode input file disabled 7bit and iso mode for next input files.
* Bugfix: mac2unix help text, options -b and -r.
* The code has been cleaned up.
2.6.4
----------
- Improve assertion failure reporting on iterables, by using ndiff and pprint.
- removed outdated japanese docs from source tree.
- docs for "pytest_addhooks" hook. Thanks Bruno Oliveira.
- updated plugin index docs. Thanks Bruno Oliveira.
- fix issue557: with "-k" we only allow the old style "-" for negation
at the beginning of strings and even that is deprecated. Use "not" instead.
This should allow to pick parametrized tests where "-" appeared in the parameter.
- fix issue604: Escape % character in the assertion message.
- fix issue620: add explanation in the --genscript target about what
the binary blob means. Thanks Dinu Gherman.
- fix issue614: fixed pastebin support.
7.0
---
* Issue #80, Issue #209: Eggs that are downloaded for ``setup_requires``,
``test_requires``, etc. are now placed in a ``./.eggs`` directory instead of
directly in the current directory. This choice of location means the files
can be readily managed (removed, ignored). Additionally,
later phases or invocations of setuptools will not detect the package as
already installed and ignore it for permanent install (See #209).
This change is indicated as backward-incompatible as installations that
depend on the installation in the current directory will need to account for
the new location. Systems that ignore ``*.egg`` will probably need to be
adapted to ignore ``.eggs``. The files will need to be manually moved or
will be retrieved again. Most use cases will require no attention.
1.4.26
==================================================
- avoid calling normpath twice in py.path.local
- py.builtin._reraise properly reraises under Python3 now.
- fix issue53 - remove module index, thanks jenisys.
- allow posix path separators when "fnmatch" is called.
Thanks Christian Long for the complete PR.
Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
Notmuch 0.18.2 (2014-10-25)
===========================
Test Suite
----------
Translate T380-atomicity to use gdb/python
The new version is compatible with gdb 7.8
Emacs 24.4 related bug fixes
The Messages buffer became read-only, and the generated mime
structure for signatures changed slightly.
Simplify T360-symbol-hiding
Replace the use of `objdump` on the object files with `nm` on the
resulting lib.
---------
0.27.5 (2014-10-24)
^^^^^^^^^^^^^^^^^^^
- Made assert_* functions automatically rollback session
- Changed make_order_by_deterministic attach order by primary key for queries without order by
- Fixed alias handling in has_unique_index
- Fixed alias handling in has_index
- Fixed alias handling in make_order_by_deterministic
0.27.4 (2014-10-23)
^^^^^^^^^^^^^^^^^^^
- Added assert_non_nullable, assert_nullable and assert_max_length testing functions
0.27.3 (2014-10-22)
^^^^^^^^^^^^^^^^^^^
- Added supported for various SQLAlchemy objects in make_order_by_deterministic (previosly this function threw exceptions for other than Column objects)
0.27.2 (2014-10-21)
^^^^^^^^^^^^^^^^^^^
- Fixed MapperEntity handling in get_mapper and get_tables utility functions
- Fixed make_order_by_deterministic handling for queries without order by (no just silently ignores those rather than throws exception)
- Made make_order_by_deterministic if given query uses strings as order by args
0.27.1 (2014-10-20)
^^^^^^^^^^^^^^^^^^^
- Added support for more SQLAlchemy based objects and classes in get_tables function
- Added has_unique_index utility function
- Added make_order_by_deterministic utility function
0.27.0 (2014-10-14)
^^^^^^^^^^^^^^^^^^^
- Added EncryptedType
0.26.17 (2014-10-07)
^^^^^^^^^^^^^^^^^^^^
- Added explain and explain_analyze expressions
- Added analyze function
Version 8.4.2 [v8-stable] 2014-10-02
- bugfix: the fix for CVE-2014-3634 did not handle all cases. This is
corrected now. see also: CVE-2014-3683
- fixed a build problem on some platforms. Thanks to Olaf for the patch
- behaviour change: "msg" of messages with invalid PRI set to "rawmsg"
When the PRI is invalid, the rest of the header cannot be valid. So
we move all of it to MSG and do not try to parse it out. Note that
this is not directly related to the security issue but rather done
because it makes most sense.
Version 8.4.1 [v8-stable] 2014-09-30
- imudp: add for bracketing mode, which makes parsing stats easier
- permit at-sign in variable names
closes: https://github.com/rsyslog/rsyslog/issues/110
- bugfix: fix syntax error in anon_cc_numbers.py script
Thanks to github user anthcourtney for the patch.
closes: https://github.com/rsyslog/rsyslog/issues/109
- bugfix: ompgsql: don't loose uncomitted data on retry
Thanks to Jared Johnson and Axel Rau for the patch.
- bugfix: imfile: if a state file for a different file name was set,
that different file (name) was monitored instead of the configured
one. Now, the state file is deleted and the correct file monitored.
closes: https://github.com/rsyslog/rsyslog/issues/103
- bugfix: omudpspoof: source port was invalid
Thanks to Pavel Levshin for the patch
- bugfix: build failure on systems which don't have json_tokener_errors
Older versions of json-c need to use a different API (which don't
exists on newer versions, unfortunately...)
Thanks to Thomas D. for reporting this problem.
- bugfix: omelasticsearch does not work with broken/changed ES 1.0+ API
closes: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: mmanon did not properly anonymize IP addresses starting with '9'
Thanks to defa-at-so36.net for reporting this problem.
closes: http://bugzilla.adiscon.com/show_bug.cgi?id=529
- bugfix: build problems on SuSe Linux
Thanks Andreas Stieger for the patch
- bugfix: omelasticsearch error file did not work correctly on ES 1.0+
due to a breaking change in the ElasticSearch API.
see also: https://github.com/rsyslog/rsyslog/issues/104
- bugfix: potential abort when a message with PRI > 191 was processed
if the "pri-text" property was used in active templates, this could be
abused to a remote denial of service from permitted senders
see also: CVE-2014-3634
