| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
generate patches.
|
|
These changes aren't necessary, but on the day when guile-2.0.x is
no longer the primary, then the switch to using a non-default
installation prefix should be seamless.
|
|
If Guile installs into a non-default installation prefix, then
use ${GUILE_PREFIX}/info and ${GUILE_PREFIX}/man as the locations
for the installed GNU info files and manpages. This avoids needing
to do a lot of fixes to the PLISTs.
|
|
Modify project makefile patch to set MANDIR to point to the correct
location for installed manpages under ${PKGMANDIR}.
|
|
Pass "--mandir=<dir>" to the configure script to set the correct
location for installed manpages.
|
|
Modify the Makefile patch to set MANDIR, the location of the
installed manpages, to point to ${PKGMANDIR}.
|
|
Changelog:
Security fixes and bug fixes.
|
|
|
|
|
|
|
|
Bug fixes.
|
|
Update lang/nodejs to 8.4.0.
## 2017-08-15, Version 8.4.0 (Current), @addaleax
- HTTP2
- Experimental support for the built-in `http2` has been added via the
`--expose-http2` flag.
- Inspector
- `require()` is available in the inspector console now.
- Multiple contexts, as created by the `vm` module, are supported now.
- N-API
- New APIs for creating number values have been introduced.
- Stream
- For `Duplex` streams, the high water mark option can now be set
independently for the readable and the writable side.
- Util
- `util.format` now supports the `%o` and `%O` specifiers for printing
objects.
## 2017-08-09, Version 8.3.0 (Current), @addaleax
The V8 engine has been upgraded to version 6.0, which has a significantly
changed performance profile.
- DNS
- Independent DNS resolver instances are supported now, with support for
cancelling the corresponding requests.
- N-API
- Multiple N-API functions for error handling have been changed to support
assigning error codes.
- REPL
- Autocompletion support for `require()` has been improved.
- Utilities
- The WHATWG Encoding Standard (`TextDecoder` and `TextEncoder`) has
been implemented as an experimental feature.
|
|
Security
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.
|
|
Security
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
|
|
* Support build and run under NetBSD PaX MPROTECT environment
Changelog:
Many bugfixes and security bugfixes
|
|
* pkgsrc change: enable readline PKG_OPTIONS default.
03 Aug 2017, PHP 7.1.8
- Core:
. Fixed bug #74832 (Loading PHP extension with already registered function
name leads to a crash). (jpauli)
. Fixed bug #74780 (parse_url() broken when query string contains colon).
(jhdxr)
. Fixed bug #74761 (Unary operator expected error on some systems). (petk)
. Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic)
. Fixed bug #74923 (Crash when crawling through network share). (Anatol)
. Fixed bug #74913 (fixed incorrect poll.h include). (petk)
. Fixed bug #74906 (fixed incorrect errno.h include). (petk)
- Date:
. Fixed bug #74852 (property_exists returns true on unknown DateInterval
property). (jhdxr)
- OCI8:
. Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)
- Opcache:
. Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier).
(nikic)
- OpenSSL:
. Fixed bug #74798 (pkcs7_en/decrypt does not work if \x0a is used in content).
(Anatol)
. Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug
#71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362
(OpenSSL Blowfish encryption is incorrect for short keys). (Jakub Zelenka)
- PDO:
. Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam
Baratz)
- SPL:
. Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)
- SQLite3:
. Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception
with invalid flags). (Anatol)
- Wddx:
. Fixed bug #73173 (huge memleak when wddx_unserialize).
(tloi at fortinet dot com)
- zlib:
. Fixed bug #73944 (dictionary option of inflate_init() does not work).
(wapmorgan)
|
|
* pkgsrc change: enable readline PKG_OPTIONS default.
03 Aug 2017 PHP 7.0.22
- Core:
. Fixed bug #74832 (Loading PHP extension with already registered function
name leads to a crash). (jpauli)
. Fixed bug #74780 (parse_url() borken when query string contains colon).
(jhdxr)
. Fixed bug #74761 (Unary operator expected error on some systems). (petk)
. Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic)
. Fixed bug #74913 (fixed incorrect poll.h include). (petk)
. Fixed bug #74906 (fixed incorrect errno.h include). (petk)
- Date:
. Fixed bug #74852 (property_exists returns true on unknown DateInterval
property). (jhdxr)
- OCI8:
. Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)
- Opcache:
. Fixed bug #74840 (Opcache overwrites argument of GENERATOR_RETURN within
finally). (Bob)
- PDO:
. Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam
Baratz)
- SPL:
. Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)
- SQLite3:
. Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception
with invalid flags). (Anatol)
- Wddx:
. Fixed bug #73173 (huge memleak when wddx_unserialize).
(tloi at fortinet dot com)
- zlib:
. Fixed bug #73944 (dictionary option of inflate_init() does not work).
(wapmorgan)
|
|
Welliver in PR pkg/52453.
|
|
8.2.1
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
8.2.0
- Async Hooks
- Multiple improvements to Promise support in `async_hooks` have
been made.
- Build
- The compiler version requirement to build Node with GCC has been
raised to GCC 4.9.4.
- Cluster
- Users now have more fine-grained control over the inspector port
used by individual cluster workers. Previously, cluster workers were
restricted to incrementing from the master's debug port.
- DNS
- The server used for DNS queries can now use a custom port.
- Support for `dns.resolveAny()` has been added.
- npm
- The `npm` CLI has been updated to version 5.3.0. In particular, it
now comes with the `npx` binary, which is also shipped with Node.
|
|
### Notable Changes
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
|
|
|
|
|
|
|
|
This is a bugfix release so no buildlink change.
ChangeLog:
New Features in Qore
* added broken-logic-precedence warning.
Bug Fixes in Qore
* fixed documentation regarding escaping of characters in
strings and added a parse exception in case of trying
to escape octal values in range 400-777 (issue 50)
* fixed a crashing bug where Datasource::getConfigString()
was called without a connection, also could crash in an
implicit internal call to this method with the
DatasourcePool class when connections were lost and the
warning callback should be called (issue 1992)
* fixed a bug where Datasource::getConfigHash() returned
different values depending on if the object was
connected or not (issue 1994)
|
|
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
|
|
|
|
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
|
|
|
|
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
|
|
best runtime available to evaluate your JavaScript program.
|
|
Fixes RELRO for most binaries, except for libgcc_s.so.
|
|
by wiz@ via private mail.
The problem exists basic use of auto variable.
|
|
|
|
Fixes RELRO build on NetBSD.
|
|
|
|
(versioned as 6.33.20160609 based on the tarball date)
Version 6.33-6.12.1 (6 June 2016)
=================================
* Inform version is now 6.33, with Inform7-related patches and new features.
* The Inform Library is 6.12.1 with lots of bugfixes and enhancements.
* Package version scheme changed to indicate both compiler and library
versions included.
* Include files trimmed to those known to be freely redistributable and
checked to make sure they work.
* DM4 removed due to license incompatibilities.
* Added a manpage.
* Added pblorb.pl and scanblorb.pl utilities for dealing with Blorb files.
Version 6.32.1 (16 July 2012)
=============================
* Inform version is now 6.32, with more patches for use with Inform 7.
* The Inform program is now distributed under the Artistic License 2.0.
* The advent.inf example is now at release 9.
drop nathanw's maintainership by his request
tested by wes fraizer
|
|
The install would presumably fail outright for user shells like tcsh, so we
need to set SHELL regardless. But technically install-sh has a quoting bug
in the exit trap, which even results in SHELL=zsh failing.
|
|
go14 has no relro support AFAICT.
go-1.8.3 has if you use -buildmode=pie, but it claims it's not supported
on Linux.
Disable relro checking for go packages until bsiegert has time to
look at this.
|
|
use else if in our long conditional macro for symmetry
blind commit that may help freebsd builds
|
|
|
|
issues seen since the RELRO patches caused by broken ksh on SunOS.
|
|
|
|
|
|
it consistent with all other analogous variables, which are used in the
process of selecting an appropriate version of gcc.
|
|
Bump PKGREVISION.
|
|
|
|
initially released in 2016-12 to great interest. With the release of 3.6.2, we are now providing the second set of bugfixes and documentation updates to 3.6. Detailed information about the changes made in 3.6.2 can be found in its change log.
|
