# --- ext/date/all ---
# make[2]: make[2]: don't know how to make ../../.ext/common/date. Stop
# make[2]: stopped in .../lang/ruby193-base/work/ruby-1.9.3-p550/ext/date
Ruby 2.1.4 is released
Ruby 2.1.4 has been released.
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial Of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
See tickets and ChangeLog for details.
Ruby 2.1.3 Released
We are pleased to announce the release of Ruby 2.1.3. This is a patchlevel
release of the stable 2.1 series.
This release contains a change of full GC timing to reduce memory consumption
(see Bug #9607), and many bugfixes.
See tickets and ChangeLog for details.
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
Ruby 1.9.3-p550 Released
We are pleased to announce the release of Ruby 1.9.3-p550.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, in addition, bandled jQuery for darkfish template of RDoc is also
updated.
Fixes "go get code.google.com/p/..." for me, once security/mozilla-rootcerts
installed and configured (with the default settings).
Bumps PKGREVISION, since the package is modified.
ok bsiegert@
also upstream changelog):
Language features:
- Attributes and extension nodes
- Generative functors
- Module aliases
* Alternative syntax for string literals {id|...|id} (can break comments)
- Separation between read-only strings (type string) and read-write byte
sequences (type bytes). Activated by command-line option -safe-string.
Build system for the OCaml distribution:
- Use -bin-annot when building.
- Use GNU make instead of portable makefiles.
- Updated build instructions for 32-bit Mac OS X on Intel hardware.
Shedding weight:
* Removed Camlp4 from the distribution, now available as third-party software.
* Removed Labltk from the distribution, now available as a third-party library.
Type system:
* Keep typing of pattern cases independent in principal mode
- Allow opening a first-class module or applying a generative functor
in the body of a generative functor. Allow it also in the body of
an applicative functor if no types are created
* Module aliases are now typed in a specific way, which remembers their
identity. In particular this changes the signature inferred by
"module type of"
- Slight change in the criterion to distinguish private
abbreviations and private row types: create a private abbreviation for
closed objects and fixed polymorphic variants.
* Compare first class module types structurally rather than
nominally. Value subtyping allows module subtyping as long as the internal
representation is unchanged.
Compilers:
- More aggressive constant propagation, including float and
int32/int64/nativeint arithmetic. Constant propagation for floats
can be turned off with option -no-float-const-prop, for codes that
change FP rounding modes at run-time.
- New back-end optimization pass: common subexpression elimination (CSE).
(Reuses results of previous computations instead of recomputing them.)
- New back-end optimization pass: dead code elimination.
(Removes arithmetic and load instructions whose results are unused.)
- Optimization of sequences of string patterns
- Experimental native code generator for AArch64 (ARM 64 bits)
- Optimization of integer division and modulus by constant divisors
- Add "-open" command line flag for opening a single module before typing
* "-o" now sets module name to the output file name up to the first "."
(it also applies when "-o" is not given, i.e. the module name is then
the input file name up to the first ".")
* better sharing of structured constants
- new flag to keep locations in cmi files
- issue warning 3 when referring to a value marked with
the [@@ocaml.deprecated] attribute
- a new format implementation based on GADTs
* Constant exception constructors no longer allocate
- avoid unnecessary boxing in let
- Better compilation of optional arguments with default values
- ocamlopt -opaque option for incremental native compilation
Toplevel interactive system:
- New "#show_*" directives
Runtime system:
- New configure option "-no-naked-pointers" to improve performance by
avoiding page table tests during block darkening and the marking phase
of the major GC. In this mode, all out-of-heap pointers must point at
things that look like OCaml values: in particular they must have a valid
header. The colour of said headers should be black.
- Fixed bug in native code version of [caml_raise_with_string] that could
potentially lead to heap corruption.
- Blocks initialized by [CAMLlocal*] and [caml_alloc] are now filled with
[Val_unit] rather than zero.
- Fixed a major performance problem on large heaps (~1GB) by making heap
increments proportional to heap size by default
- Structural equality treats exception specifically
- efficient comparison/indexing of exceptions
- avoid using unsafe C library functions (strcpy, strcat, sprintf)
- An ISO C99-compliant C compiler and standard library is now assumed.
(Plus special exceptions for MSVC.) In particular, emulation code for
64-bit integer arithmetic was removed, the C compiler must support a
64-bit integer type.
Standard library:
* Add new modules Bytes and BytesLabels for mutable byte sequences.
- add List.sort_uniq and Set.of_list
- a faster version of "raise" which does not maintain the backtrace
- support "Unix.kill pid Sys.sigkill" under Windows
- speed improvement for Buffer
- efficient creation of uninitialized float arrays
- Improve documentation regarding finalisers and multithreading
- Trigger warning 3 for all values marked as deprecated in the documentation.
Changelog:
7.0.67: http://www.oracle.com/technetwork/java/javase/7u67-relnotes-2251330.html
Bug Fixes
The following bug fix is included in this release:
Area: deploy/plugin
Synopsis: regression - java_arguments not accepted after update to 7u65
The regression is addressed in this release.
See 8050875.
7.0.65: http://www.oracle.com/technetwork/java/javase/7u65-relnotes-2229169.html
IANA Data 2014c
JDK 7u65 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
New Features and Changes
New Java Control Panel option to disable sponsors
Currently, to disable sponsor offers at the time of installation, the user can de-select the option during installation or can pass SPONSORS=0 as a commandline option.
In this release, a new Java Control Panel(JCP) option to disable sponsors is available. To use this option, go to JCP's "Advanced" tab, and check or uncheck "Suppress sponsor offers when updating Java".
This option is applicable to 32 and 64 bit Windows operating systems.
New JAXP processing limit property - maxElementDepth
A new property, maxElementDepth, is added to provide applications the ability to set limit on maximum element depth in an xml file that they parse. This may be helpful for applications that may use too much resources when processing an xml file with excessive element depth.
Name: http://java.sun.com/xml/jaxp/properties/maxElementDepth
Definition: Limit the maximum element depth
Value: A positive integer. 0 is treated as no limit. Negative numbers are treated as 0.
Defaule value: 0
System property: jdk.xml.maxElementDepth
For more details, see Processing Limits from JAXP tutorial trail.
See 8031541 (not public).
Bug Fixes
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
For a list of bug fixes included in this release, see JDK 7u65 Bug Fixes page.
The following are some of the notable bug fixes in this release:
Area: client-libs/AWT
Synopsis: Using RMI from a restricted environment may cause a NullPointerException.
If an application uses RMI and runs in a restricted environment (ie. Java Plugin, Java Web Start), it may not work. In particular, if you run a UI from an RMI callback, a NullPointerException is likely to be thrown.
See 8019274.
Area: other-libs/corba
Synopsis: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader
The system property org.omg.CORBA.ORBSingletonClass is used to configure the system-wide/singleton ORB. The handling of this system property was changed in the 7u55 release to require that the system wide/singleton ORB be visible to the system class loader.
In this release, the handling of this system property has been reverted to match the behavior found in JDK versions prior to 7u55 release, i.e. the singleton ORB is once again located using the thread context class loader of the first thread, to call the no-argument ORB.init method. The change is made to support applications which depend on this behavior.
Note that this change is applicable to 8u20, 7u65, 6u85 and 5.0u75 releases. For JDK 9, the new behavior, where the system wide/singleton ORB needs to be visible to the system class loader, will continue.
See 8046603.
Known Issues
Area: xml/jax-ws
Synopsis: JAF initialization in SAAJ clashing with the one in javax.mail
After initialization of SAAJ components, the javax.mail library may fail to work under certain circumstances, which in turn could break the javax.mail's JAF setup.
A possible workaround is to re-add the javax.mail handler before using javax.mail API:
MailcapCommandMap mailMap = (MailcapCommandMap) CommandMap.getDefaultCommandMap();
mailMap.addMailcap("multipart/mixed;;x-java-content-handler=com.sun.mail.handlers.multipart_mixed");
See 8043129.
Changes include performance enhancements and various bug fixes.
Perl 5.20.1 represents approximately 4 months of development since Perl 5.20.0 and contains approximately 12,000 lines of changes across 170 files from 36 authors.
We've just released Go version 1.3.2, a minor point release.
This release includes bug fixes to cgo and the crypto/tls package.
https://golang.org/doc/devel/release.html#go1.3.minor
The crpyto/tls fix addresses a security bug that affects programs
that use crypto/tls to implement a TLS server from Go 1.1 onwards.
If the server enables TLS client authentication using certificates
(this is rare) and explicitly sets SessionTicketsDisabled to true
in the tls.Config, then a malicious client can falsely assert
ownership of any client certificate it wishes. This issue was
discovered internally and there is no evidence of exploitation.
