mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
e29819df6e
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to indicate whether OpenSSL runs in FIPS mode. test/openssl/test_pkey_dh.rb: Generate 256 bit keys for non-FIPS installations to improve test performance (e.g. for rubyci). test/openssl/utils.rb: Replace DSS1 as certificate signature digest with SHA1 for FIPS installations when using DSA by introducing TestUtils::DSA_SIGNATURE_DIGEST. test/openssl/test_x509cert.rb: test/openssl/test_x509crl.rb: test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST NEWS: Introduce OpenSSL::OPENSSL_FIPS These changes allow running the OpenSSL tests in FIPS mode while keeping a high performance for non-FIPS installations. Introduction of OpenSSL::OPENSSL_FIPS allows for applications to react to special requirements when using OpenSSL in FIPS mode. [Feature #6946] [ruby-core:47345] - Diese und die folgenden Zeilen werden ignoriert -- M ext/openssl/extconf.rb M ext/openssl/ossl.c M NEWS M ChangeLog M test/openssl/utils.rb M test/openssl/test_x509crl.rb M test/openssl/test_x509req.rb M test/openssl/test_x509cert.rb M test/openssl/test_pkey_dh.rb git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
207 lines
7.4 KiB
Text
207 lines
7.4 KiB
Text
# -*- rd -*-
|
|
= NEWS
|
|
|
|
This document is a list of user visible feature changes made between
|
|
releases except for bug fixes.
|
|
|
|
Note that each entry is kept so brief that no reason behind or
|
|
reference information is supplied with. For a full list of changes
|
|
with all sufficient information, see the ChangeLog file.
|
|
|
|
== Changes since the 1.9.3 release
|
|
|
|
=== C API updates
|
|
* NUM2SHORT() and NUM2USHORT() added. They are similar to NUM2INT, but short.
|
|
|
|
=== Library updates (outstanding ones only)
|
|
|
|
* builtin classes
|
|
|
|
* Enumerable
|
|
* added method:
|
|
* added Enumerable#lazy method for lazy enumeration.
|
|
|
|
* ENV
|
|
* aliased method:
|
|
* ENV.to_h is a new alias for ENV.to_hash
|
|
|
|
* Hash
|
|
* added method:
|
|
* added Hash#to_h as explicit conversion method, like Array#to_a.
|
|
* extended method:
|
|
* Hash#default_proc= can be passed nil to clear the default proc.
|
|
|
|
* Kernel
|
|
* added method:
|
|
* added Kernel#Hash conversion method like Array() or Float().
|
|
* extended method:
|
|
* Kernel#warn accepts multiple args in like puts.
|
|
* Kernel#caller accepts second optional argument `n' which specify
|
|
required caller size.
|
|
* incompatible changes:
|
|
* system() and exec() closes non-standard file descriptors
|
|
(The default of :close_others option is changed to true by default.)
|
|
* respond_to? against a protected method now returns false unless
|
|
the second argument is true.
|
|
* __callee__ has returned to the original behavior, and now
|
|
returns the called name but not the original name in an
|
|
aliased method.
|
|
* Kernel#inspect does not call #to_s anymore
|
|
(it used to call redefined #to_s).
|
|
|
|
* LoadError
|
|
* added method:
|
|
* added LoadError#path method to return the file name that could not be
|
|
loaded.
|
|
|
|
* Module
|
|
* added method:
|
|
* added Module#prepend which is similar to Module#include,
|
|
however a method in the prepended module overrides the
|
|
corresponding method in the prepending module.
|
|
* extended method:
|
|
* Module#define_method accepts a UnboundMethod from a Module.
|
|
|
|
* NilClass
|
|
* added method:
|
|
* added nil.to_h which returns {}
|
|
|
|
* Signal
|
|
* incompatible changes:
|
|
* Signal.trap raises ArgumentError when :SEGV, :BUS, :ILL, :FPE, :VTALRM
|
|
are specified.
|
|
|
|
* Struct
|
|
* added method:
|
|
* added Struct#to_h returning values with keys corresponding to the
|
|
instance variable names.
|
|
|
|
* Time
|
|
* change return value:
|
|
* Time#to_s returned encoding defaults to US-ASCII but automatically
|
|
transcodes to Encoding.default_internal if it is set.
|
|
|
|
* Fiber
|
|
* incompatible changes:
|
|
* Fiber#resume cannot resume a fiber which invokes "Fiber#transfer".
|
|
|
|
* net/http
|
|
* new features:
|
|
* Proxies are now automatically detected from the http_proxy environment
|
|
variable. See Net::HTTP::new for details.
|
|
* gzip and deflate compression are now requested for all requests by
|
|
default. See Net::HTTP for details.
|
|
* SSL sessions are now reused across connections for a single instance.
|
|
This speeds up connection by using a previously negotiated session.
|
|
* new methods:
|
|
* Net::HTTP#local_host
|
|
* Net::HTTP#local_host=
|
|
* Net::HTTP#local_port
|
|
* Net::HTTP#local_port=
|
|
* extended method:
|
|
* Net::HTTP#connect uses local_host and local_port if specified.
|
|
|
|
* net/imap
|
|
* new methods:
|
|
* Net::IMAP.default_port
|
|
* Net::IMAP.default_imap_port
|
|
* Net::IMAP.default_tls_port
|
|
* Net::IMAP.default_ssl_port
|
|
* Net::IMAP.default_imaps_port
|
|
|
|
* ostruct
|
|
* new methods:
|
|
* OpenStruct#to_h converts the struct to a hash.
|
|
|
|
* pathname
|
|
* extended method:
|
|
* Pathname#find returns an enumerator if no block is given.
|
|
|
|
* resolv
|
|
* new methods:
|
|
* Resolv::DNS#timeouts=
|
|
* Resolv::DNS::Config#timeouts=
|
|
|
|
* shellwords
|
|
* Shellwords#shellescape() now stringifies the given object using to_s.
|
|
* Shellwords#shelljoin() accepts non-string objects in the given
|
|
array, each of which is stringified using to_s.
|
|
|
|
* syslog
|
|
* Added Syslog::Logger which provides a Logger API atop Syslog.
|
|
* Syslog::Priority, Syslog::Level, Syslog::Option and Syslog::Macros
|
|
are introduced for easy detection of available constants on a
|
|
running system.
|
|
|
|
* lib/tmpdir.rb
|
|
* incompatible changes:
|
|
* Dir.mktmpdir uses FileUtils.remove_entry instead of
|
|
FileUtils.remove_entry_secure. This means that applications should not
|
|
change the permission of the created temporary directory to make
|
|
accessible from other users.
|
|
|
|
* zlib
|
|
* Added streaming support for Zlib::Inflate and Zlib::Deflate. This allows
|
|
processing of a stream without the use of large amounts of memory.
|
|
* Added support for the new deflate strategies Zlib::RLE and Zlib::FIXED.
|
|
* Zlib streams are now processed without the GVL. This allows gzip, zlib and
|
|
deflate streams to be processed in parallel.
|
|
|
|
* openssl
|
|
* Consistently raise an error when trying to encode nil values. All instances
|
|
of OpenSSL::ASN1::Primitive now raise TypeError when calling to_der on an
|
|
instance whose value is nil. All instances of OpenSSL::ASN1::Constructive
|
|
raise NoMethodError in the same case. Constructing such values is still
|
|
permitted.
|
|
* TLS 1.1 & 1.2 support by setting OpenSSL::SSL::SSLContext#ssl_version to
|
|
:TLSv1_2, :TLSv1_2_server, :TLSv1_2_client or :TLSv1_1, :TLSv1_1_server
|
|
:TLSv1_1_client. The version being effectively used can be queried
|
|
with OpenSSL::SSL#ssl_version. Furthermore, it is also possible to
|
|
blacklist the new TLS versions with OpenSSL::SSL:OP_NO_TLSv1_1 and
|
|
OpenSSL::SSL::OP_NO_TLSv1_2.
|
|
* Added OpenSSL::SSL::SSLContext#renegotiation_cb. A user-defined callback
|
|
may be set which gets called whenever a new handshake is negotiated. This
|
|
also allows to programmatically decline (client) renegotiation attempts.
|
|
* Support for "0/n" splitting of records as BEAST mitigation via
|
|
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.
|
|
* OpenSSL requires passwords for decrypting PEM-encoded files to be at least
|
|
four characters long. This led to awkward situations where an export with
|
|
a password with fewer than four characters was possible, but accessing the
|
|
file afterwards failed. OpenSSL::PKey::RSA, OpenSSL::PKey::DSA and
|
|
OpenSSL::PKey::EC therefore now enforce the same check when exporting a
|
|
private key to PEM with a password - it has to be at least four characters
|
|
long.
|
|
* SSL/TLS support for the Next Protocol Negotiation extension. Supported
|
|
with OpenSSL 1.0.1 and higher.
|
|
* OpenSSL::OPENSSL_FIPS allows client applications to detect whether OpenSSL
|
|
is running in FIPS mode and to react to the special requirements this
|
|
might impy.
|
|
|
|
* yaml
|
|
* Syck has been removed. YAML now completely depends on libyaml being
|
|
installed.
|
|
|
|
=== Language changes
|
|
|
|
* Added %i and %I for symbol list creation (similar to %w and %W).
|
|
|
|
=== Compatibility issues (excluding feature bug fixes)
|
|
|
|
* Signal.trap
|
|
|
|
See above.
|
|
|
|
* Merge Onigmo.
|
|
https://github.com/k-takata/Onigmo
|
|
|
|
* The :close_others option is true by default for system() and exec().
|
|
Also, the close-on-exec flag is set by default for all new file descriptors.
|
|
This means file descriptors doesn't inherit to spawned process unless
|
|
explicitly requested such as system(..., fd=>fd).
|
|
|
|
* Kernel#respond_to? against a protected method now returns false
|
|
unless the second argument is true.
|
|
|
|
* Dir.mktmpdir in lib/tmpdir.rb
|
|
|
|
See above.
|