DevHeads.net

Postings by Aaron Patterson

Rails 5.0.0.1, 4.2.7.1, and 3.2.22.3 have been released!

Happy Thursday everyone!

Rails 5.0.0.1, 4.2.7.2, and 3.2.22.3 have been released!
These release contain important security fixes, so please upgrade when you can.

Versions 5.0.0.1, 4.2.7.2, and 3.2.22.3 contain a fix for [CVE-2016-6316](https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE) which you can read about [here](https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE).
Version 4.2.7.2 also contains [CVE-2016-6317](https://groups.google.com/forum/#!topic/ruby-security-ann/WccgKSKiPZA) which you can read about [here](https://groups.google.com/forum/#!topi

Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, 3.2.22.1, and rails-html-sanitizer 1.0.3 have been released!

Hello everyone and happy Monday!

Rails 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1, and 3.2.22.1 have been released!

Rack 1.6.2 and 1.5.4 have been released!

Hi Everybody!

I've released Rack 1.6.2 and 1.5.4.

segvs after r48551

Hi,

I'm getting segvs when running this program:

$ ./ruby -e'puts Process::CLOCK_REALTIME'

The backtrace leads me to believe the symbol is getting GC'd:

Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000
0x00000001001dc057 in str_replace_shared_without_enc (str2=4320647240, str=0) at string.c:874
warning: Source file is more recent than executable.
874 if (RSTRING_LEN(str) <= RSTRING_EMBED_LEN_MAX) {
(gdb) bt
#0 0x00000001001dc057 in str_replace_shared_without_enc (str2=4320647240, str=0) at string.c:874
#1 0x00000001001e38fd in str_replace_shared (str2=4320647240, str

Rails 3.2.21, 4.0.12, and 4.1.8 have been released

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.21, 4.0.12, and 4.1.8 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file **will not** be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. This issue is similar to CVE-2014-7818, but is slightly different.

Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released

Hello everyone!!! It's that time again.

I would like to announce that Rails 3.2.20, 4.0.11, 4.1.7, and 4.2.0.beta3 have been released. These releases contain a security fix where the existence of arbitrary files on the file system can be leaked, but the contents of the file **will not** be leaked. The issue generally only impacts people who are using Rails to serve static assets, and will generally not impact people who use a proxy to serve static assets. You can read more about the issue [here (CVE-2014-7818)](https://groups.google.com/forum/#!topic/rubyonrails-security/dCp7duBiQgo).

Next release

Hi,

I was wondering when the next release of Ruby will be? This segv:

<a href="https://bugs.ruby-lang.org/issues/9592" title="https://bugs.ruby-lang.org/issues/9592">https://bugs.ruby-lang.org/issues/9592</a>

seems to be impact all of the released Rubys, and it would be nice to
have a released version that does not segv.

Thank you! :D

/cc @hone02

Building ext/openssl outside of trunk

Hi,

It looks like it's not possible to build ext/openssl outside of ruby
itself because ossl.c includes thread_native.h:

<a href="https://github.com/ruby/ruby/blob/8cacc6459067340d5ce76e017d0891162c0f31ef/ext/openssl/ossl.c#L469-L480" title="https://github.com/ruby/ruby/blob/8cacc6459067340d5ce76e017d0891162c0f31ef/ext/openssl/ossl.c#L469-L480">https://github.com/ruby/ruby/blob/8cacc6459067340d5ce76e017d0891162c0f31...</a>

@ko1, @emboss is there a way to do this without relying on Ruby
internals?

Thanks!

Rails 3.2.16 and 4.0.2 have been released

Hi everyone!

Rails 3.2.16 and 4.0.2 have been released!

These two releases contain important security fixes, so please upgrade as soon
as possible!

Ruby on Rails 3.2.15 has been released!

Hi everyone,

I am happy to announce that Rails 3.2.15 has been released. This is a bug fix
release and includes 56 commits.

This release also contains one security fix that you can read about [here](https://groups.google.com/forum/#!topic/ruby-security-ann/yvlR1Vx44c8).

Rails 3.2.15.rc3 has been released!

Let's hope this is the last RC! Yay!

We fixed a bug in 3.2.14 which caused a regression. We tried to fix the
regression, but it caused more issues in the release candidate.

Rails 3.2.15.rc2 has been released!

Hi everybody!

I've released another release candidate of Rails. This time it is
3.2.15.rc2. I like to call this release the "Happy Friday!" release.

If you find any regressions between this release and 3.2.14, please file
a ticket here:

<a href="https://github.com/rails/rails/issues" title="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Or send an email to the Ruby on Rails core mailing list.

Rails 3.2.15.rc1 has been released!

Hi everybody!

Rails 3.2.15.rc1 has been released. Please help us test the release
candidate before we do the actual release. If you find any regressions
between 3.2.14 and the 3.2.15 release candidate, please report them
here:

<a href="https://github.com/rails/rails/issues" title="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Or to the Ruby on Rails core mailing list.

You can find a list of the changes between 3.2.14 and 3.2.15.rc1 here:

<a href="https://github.com/rails/rails/compare/v3.2.14...v3.2.15.rc1" title="https://github.com/rails/rails/compare/v3.2.14...v3.2.15.rc1">https://github.com/rails/rails/compare/v3.2.14...v3.2.15.rc1</a>

Thanks!

Developer meeting 2013-09-20 at 23:00 UTC

Just a reminder about the upcoming developer meeting on September 20th
at 23:00 UTC. Please see the original announcement here: [ruby-core:56832].

If you have topics you want to discuss, please add them in the wiki:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130920" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130920">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130920</a>

If you're a Ruby implementation developer, and don't have access to
change the wiki, please let me know and I'll add you!

Thanks!

Developers Meeting 2013-09-20 @ 23:00UTC

Hi,

Lets have another Developers meeting!

When: September 20, 2013 at 23:00 UTC
Where: freenode in #ruby-implementers
Who: People developing Ruby implementations

If you plan to attend, please add yourself to the wiki. If there is
anything you would like to discuss, please add it to the wiki as well.
Adding redmine links to your agenda item is very helpful, so if there is
a redmine ticket, please add it.

The wiki is here:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130920" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130920">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130920</a>

I'll send a reminder email one week in advance. Thanks!

<3<3<3

Process.mach_absolute_time

Issue #8777 has been reported by tenderlovemaking (Aaron Patterson).

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:

Hi,

This is related to #8658. `mach_absolute_time` will give us a monotonic clock on OS X. I'm not sure if this fits in to `clock_gettime`, so I've added a new function for getting the absolute time and another function for converting the absolute time to nanoseconds.

/cc @akr

Next developer's meeting

Hi,

I'd like to try scheduling the next developer meeting. How about
September 21 or September 28, JST?

We have been meeting at 8am JST. Should we change the time? Most
people at the last meeting were in Japan, we had 2 in the US, and I
think Martin was in Germany.

Developers Meeting Summary for 2013-08-09

Meeting summary:

## Frozen string syntax (#8579)

A special syntax for string literals which would create frozen strings was
proposed. The new syntax would be something like `%f{ ... }` and `%F{ ... }`.
An alternative syntax using a suffix notation like `"..."f` or `%q(...)o` was
proposed. Matz was positive about adding this type of feature, but not sure
about specific notation, whether to have the `%f` syntax, a suffix, or both.

The idea should be presented at the next developers meeting for decision on
syntax.

Add offsets to method#source_location

Issue #8751 has been reported by tenderlovemaking (Aaron Patterson).

Author: tenderlovemaking (Aaron Patterson)
Status: Open
Priority: Normal
Assignee:
Category:
Target version:

Hello,

I would like to have byte offsets returned on the source_location for methods.

Reminder: Developer Meeting August 9th, 23:00 UTC

Hi everyone, this is just a reminder about the upcoming developer
meeting. If you plan to attend, please add yourself and any issues you
want to discuss to the wiki located here:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130809" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130809">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130809</a>

This is a good chance to talk about issues regarding Ruby 2.1. Thanks!

ANN: Developer Meeting

Hi,

We will hold another developer meeting on August 9th at 23:00 UTC.

Location: IRC (#ruby-implementers on freenode)

Time: August 9th, 23:00 UTC

Who: Various Ruby implementers. Please add yourself to the wiki here:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130809" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130809">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130809</a>

Lets talk about various proposals, issues, etc with Ruby. This is a
good opportunity to raise issues before 2.1 features are finalized.

Next developer's meeting

Hi,

I'd like to schedule the next developer meeting. I think it's important
that matz and naruse are at the next meeting (because naruse is doing
the 2.1 release management).

So, matz, naruse, what is your schedule like? Can we plan something
around August 10th (JST)?

Developers Meeting Summary for 2013-07-12

Summary of the meeting:

== Documentation hosting on ruby-lang.org

We discussed whether RDoc documentation should be hosted on ruby-lang.org.
Overall response was positive, but some questions were raised about what
domain to use (docs|rdoc|ref).ruby-lang.org.

zzak will file a ticket where we can get feedback.

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130712#Documentation-hosted-on-ruby-langorg-zzak" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130712#Documentation-hosted-on-ruby-langorg-zzak">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130712#...</a>

== Separating "documentation only" commits

Should documentation only commits be separated from regular commits? If so,
how?

Developer Meeting - 12-07-2013 at 23:00 UTC

Hi everyone!

Let's have an implementer meeting!

TL;DR: Meeting in #ruby-implementers on freenode on 12-07-2013 @ 23:00UTC

## WHO

People on any Ruby implementation team are invited. If you plan to
attend, please add your name to the wiki page:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130712" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130712">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130712</a>

If you don't have access to edit the page, please let me know and I'll
give you access.

## WHAT

Any topics you would like is fine, but please add the topic to the wiki
page (in the Agenda section) and make sure to include links to pertinent
redmine tickets.

Next Implementer Meeting

Hi everyone!

I would like to schedule our next implementer meeting. Matz, when do
you have free time? Last time, I think we did a Saturday morning (JST)
so that mame could attend. May I suggest July 13th, 7am or 8am (JST)?

When we figure out a date, I'll make a wiki page and "official"
announcement.

P.S. sorry for not scheduling this sooner. I'll try to figure out how I
can be more productive. orz.

Question about r39944

Hi,

@xibbar changed test/psych/** to do "require_relative 'helper'". Why?
The "test" directory should be on the load path, so `require_relative`
does not seem necessary.

Thanks!

Rails 3.2.13, 3.1.12, and 2.3.18 have been released!

Hi everyone!

Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes.

Rails 3.2.13.rc2

Hi everybody.

I'd like to announce that Rails 3.2.13.rc2 has been released.

Rails 3.2.13.rc2 contains fixes for regressions found in rc1. Please test out
rc2.

Implementer Meeting 2013-02-15

One more reminder everyone! We have an implementers meeting today at
23:00 UTC.

Details can be found here:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130215" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130215">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130215</a>

Implementer Meeting 2013-02-15

Hi everyone,

Yes, I'm a day late (I'm sorry). This is a reminder about the
implementers meeting coming up this week.

WHO: Ruby implementers
WHEN: Friday Feb 15th, 23:00 UTC
WHERE: IRC

Information about the meeting is posted here:

<a href="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130215" title="https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130215">https://bugs.ruby-lang.org/projects/ruby/wiki/DevelopersMeeting20130215</a>

If you are attending the meeting, please ping me or add yourself to the
wiki (if you can't add yourself to the wiki, ping me for access).

If you want to add an agenda item, put it in the wiki. I'll send
another reminder tomorrow! :-)