1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2022-11-09 12:17:21 -05:00
ruby--ruby/NEWS
emboss e29819df6e * ext/openssl/extconf.rb: Detect OpenSSL_FIPS macro
ext/openssl/ossl.c: Expose OpenSSL::OPENSSL_FIPS constant to
  indicate whether OpenSSL runs in FIPS mode.
  test/openssl/test_pkey_dh.rb: Generate 256 bit keys for
  non-FIPS installations to improve test performance (e.g. for
  rubyci).
  test/openssl/utils.rb: Replace DSS1 as certificate signature
  digest with SHA1 for FIPS installations when using DSA by
  introducing TestUtils::DSA_SIGNATURE_DIGEST.
  test/openssl/test_x509cert.rb: 
  test/openssl/test_x509crl.rb:
  test/openssl/test_x509req.rb: Use DSA_SIGNATURE_DIGEST
  NEWS: Introduce OpenSSL::OPENSSL_FIPS
  
  These changes allow running the OpenSSL tests in FIPS mode
  while keeping a high performance for non-FIPS installations.
  Introduction of OpenSSL::OPENSSL_FIPS allows for applications
  to react to special requirements when using OpenSSL in FIPS mode.
  [Feature #6946] [ruby-core:47345]
- Diese und die folgenden Zeilen werden ignoriert --

M    ext/openssl/extconf.rb
M    ext/openssl/ossl.c
M    NEWS
M    ChangeLog
M    test/openssl/utils.rb
M    test/openssl/test_x509crl.rb
M    test/openssl/test_x509req.rb
M    test/openssl/test_x509cert.rb
M    test/openssl/test_pkey_dh.rb


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@36884 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2012-09-03 01:14:26 +00:00

207 lines
7.4 KiB
Text

# -*- rd -*-
= NEWS
This document is a list of user visible feature changes made between
releases except for bug fixes.
Note that each entry is kept so brief that no reason behind or
reference information is supplied with. For a full list of changes
with all sufficient information, see the ChangeLog file.
== Changes since the 1.9.3 release
=== C API updates
* NUM2SHORT() and NUM2USHORT() added. They are similar to NUM2INT, but short.
=== Library updates (outstanding ones only)
* builtin classes
* Enumerable
* added method:
* added Enumerable#lazy method for lazy enumeration.
* ENV
* aliased method:
* ENV.to_h is a new alias for ENV.to_hash
* Hash
* added method:
* added Hash#to_h as explicit conversion method, like Array#to_a.
* extended method:
* Hash#default_proc= can be passed nil to clear the default proc.
* Kernel
* added method:
* added Kernel#Hash conversion method like Array() or Float().
* extended method:
* Kernel#warn accepts multiple args in like puts.
* Kernel#caller accepts second optional argument `n' which specify
required caller size.
* incompatible changes:
* system() and exec() closes non-standard file descriptors
(The default of :close_others option is changed to true by default.)
* respond_to? against a protected method now returns false unless
the second argument is true.
* __callee__ has returned to the original behavior, and now
returns the called name but not the original name in an
aliased method.
* Kernel#inspect does not call #to_s anymore
(it used to call redefined #to_s).
* LoadError
* added method:
* added LoadError#path method to return the file name that could not be
loaded.
* Module
* added method:
* added Module#prepend which is similar to Module#include,
however a method in the prepended module overrides the
corresponding method in the prepending module.
* extended method:
* Module#define_method accepts a UnboundMethod from a Module.
* NilClass
* added method:
* added nil.to_h which returns {}
* Signal
* incompatible changes:
* Signal.trap raises ArgumentError when :SEGV, :BUS, :ILL, :FPE, :VTALRM
are specified.
* Struct
* added method:
* added Struct#to_h returning values with keys corresponding to the
instance variable names.
* Time
* change return value:
* Time#to_s returned encoding defaults to US-ASCII but automatically
transcodes to Encoding.default_internal if it is set.
* Fiber
* incompatible changes:
* Fiber#resume cannot resume a fiber which invokes "Fiber#transfer".
* net/http
* new features:
* Proxies are now automatically detected from the http_proxy environment
variable. See Net::HTTP::new for details.
* gzip and deflate compression are now requested for all requests by
default. See Net::HTTP for details.
* SSL sessions are now reused across connections for a single instance.
This speeds up connection by using a previously negotiated session.
* new methods:
* Net::HTTP#local_host
* Net::HTTP#local_host=
* Net::HTTP#local_port
* Net::HTTP#local_port=
* extended method:
* Net::HTTP#connect uses local_host and local_port if specified.
* net/imap
* new methods:
* Net::IMAP.default_port
* Net::IMAP.default_imap_port
* Net::IMAP.default_tls_port
* Net::IMAP.default_ssl_port
* Net::IMAP.default_imaps_port
* ostruct
* new methods:
* OpenStruct#to_h converts the struct to a hash.
* pathname
* extended method:
* Pathname#find returns an enumerator if no block is given.
* resolv
* new methods:
* Resolv::DNS#timeouts=
* Resolv::DNS::Config#timeouts=
* shellwords
* Shellwords#shellescape() now stringifies the given object using to_s.
* Shellwords#shelljoin() accepts non-string objects in the given
array, each of which is stringified using to_s.
* syslog
* Added Syslog::Logger which provides a Logger API atop Syslog.
* Syslog::Priority, Syslog::Level, Syslog::Option and Syslog::Macros
are introduced for easy detection of available constants on a
running system.
* lib/tmpdir.rb
* incompatible changes:
* Dir.mktmpdir uses FileUtils.remove_entry instead of
FileUtils.remove_entry_secure. This means that applications should not
change the permission of the created temporary directory to make
accessible from other users.
* zlib
* Added streaming support for Zlib::Inflate and Zlib::Deflate. This allows
processing of a stream without the use of large amounts of memory.
* Added support for the new deflate strategies Zlib::RLE and Zlib::FIXED.
* Zlib streams are now processed without the GVL. This allows gzip, zlib and
deflate streams to be processed in parallel.
* openssl
* Consistently raise an error when trying to encode nil values. All instances
of OpenSSL::ASN1::Primitive now raise TypeError when calling to_der on an
instance whose value is nil. All instances of OpenSSL::ASN1::Constructive
raise NoMethodError in the same case. Constructing such values is still
permitted.
* TLS 1.1 & 1.2 support by setting OpenSSL::SSL::SSLContext#ssl_version to
:TLSv1_2, :TLSv1_2_server, :TLSv1_2_client or :TLSv1_1, :TLSv1_1_server
:TLSv1_1_client. The version being effectively used can be queried
with OpenSSL::SSL#ssl_version. Furthermore, it is also possible to
blacklist the new TLS versions with OpenSSL::SSL:OP_NO_TLSv1_1 and
OpenSSL::SSL::OP_NO_TLSv1_2.
* Added OpenSSL::SSL::SSLContext#renegotiation_cb. A user-defined callback
may be set which gets called whenever a new handshake is negotiated. This
also allows to programmatically decline (client) renegotiation attempts.
* Support for "0/n" splitting of records as BEAST mitigation via
OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS.
* OpenSSL requires passwords for decrypting PEM-encoded files to be at least
four characters long. This led to awkward situations where an export with
a password with fewer than four characters was possible, but accessing the
file afterwards failed. OpenSSL::PKey::RSA, OpenSSL::PKey::DSA and
OpenSSL::PKey::EC therefore now enforce the same check when exporting a
private key to PEM with a password - it has to be at least four characters
long.
* SSL/TLS support for the Next Protocol Negotiation extension. Supported
with OpenSSL 1.0.1 and higher.
* OpenSSL::OPENSSL_FIPS allows client applications to detect whether OpenSSL
is running in FIPS mode and to react to the special requirements this
might impy.
* yaml
* Syck has been removed. YAML now completely depends on libyaml being
installed.
=== Language changes
* Added %i and %I for symbol list creation (similar to %w and %W).
=== Compatibility issues (excluding feature bug fixes)
* Signal.trap
See above.
* Merge Onigmo.
https://github.com/k-takata/Onigmo
* The :close_others option is true by default for system() and exec().
Also, the close-on-exec flag is set by default for all new file descriptors.
This means file descriptors doesn't inherit to spawned process unless
explicitly requested such as system(..., fd=>fd).
* Kernel#respond_to? against a protected method now returns false
unless the second argument is true.
* Dir.mktmpdir in lib/tmpdir.rb
See above.