Age | Commit message (Collapse) | Author | Files | Lines |
|
lang/moscow_ml: security patch
Revisions pulled up:
- lang/moscow_ml/Makefile 1.29
- lang/moscow_ml/distinfo 1.6
- lang/moscow_ml/patches/patch-mosmlyac_main_c 1.1
---
Module Name: pkgsrc
Committed By: dholland
Date: Tue Nov 8 12:41:30 UTC 2011
Modified Files:
pkgsrc/lang/moscow_ml: Makefile distinfo
Added Files:
pkgsrc/lang/moscow_ml/patches: patch-mosmlyac_main_c
Log Message:
Fix PR 45558 (aka CVE-2011-4119) which also turns out to affect Moscow ML.
Credit to Florian Weimer for noticing this.
|
|
lang/caml-light: security patch
Revisions pulled up:
- lang/caml-light/Makefile 1.13
- lang/caml-light/distinfo 1.9
- lang/caml-light/patches/patch-yacc_main_c 1.1
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: dholland
Date: Sun Nov 6 19:32:07 UTC 2011
Modified Files:
pkgsrc/lang/caml-light: Makefile distinfo
Added Files:
pkgsrc/lang/caml-light/patches: patch-yacc_main_c
Log Message:
Fix insecure-temp-files, PR 45558
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/lang/caml-light/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/lang/caml-light/distinfo
cvs rdiff -u -r0 -r1.1 pkgsrc/lang/caml-light/patches/patch-yacc_main_c
|
|
lang/perl5: security patch
Revisions pulled up:
- lang/perl5/Makefile.common 1.12
- lang/perl5/distinfo 1.79
- lang/perl5/patches/patch-cpan_Digest_Digest.pm 1.1
---
Module Name: pkgsrc
Committed By: spz
Date: Sun Oct 16 20:09:42 UTC 2011
Modified Files:
pkgsrc/lang/perl5: Makefile.common distinfo
Added Files:
pkgsrc/lang/perl5/patches: patch-cpan_Digest_Digest.pm
Log Message:
apply the changes to just Digest.pm from:
http://perl5.git.perl.org/perl.git/commitdiff/a2fa999d41c94d622051667d897fedca90be1828
2011-10-02 Gisle Aas <gisle@ActiveState.com>
Release 1.17.
Gisle Aas (6):
Less noisy 'git status' output
Merge pull request #1 from schwern/bug/require_eval
Don't clobber $@ in Digest->new [RT#50663]
More meta info added to Makefile.PL
Fix typo in RIPEMD160 [RT#50629]
Add schwern's test files
Michael G. Schwern (5):
Turn on strict.
Convert tests to use Test::More
Untabify
Turn Digest::Dummy into a real file which exercises the Digest->new() require logic.
Close the eval "require $module" security hole in Digest->new($algorithm)
|
|
lang/sun-jdk6: security update
lang/sun-jre6: security update
Revisions pulled up:
- lang/sun-jdk6/Makefile 1.27
- lang/sun-jdk6/distinfo 1.16
- lang/sun-jre6/Makefile 1.33
- lang/sun-jre6/distinfo 1.19
---
Module Name: pkgsrc
Committed By: obache
Date: Thu Oct 20 12:28:09 UTC 2011
Modified Files:
pkgsrc/lang/sun-jdk6: Makefile distinfo
pkgsrc/lang/sun-jre6: Makefile distinfo
Log Message:
Update sun-{jdk,jre}6 to 6.0.29, aka, 6u29.
Changes:
[Olson Data 2011g]
Java SE 6u29 contains Olson time zone data version 2011g. For more information,
refer to Timezone Data Versions in the JRE Software .
[Skipped Version Number]
Release Java SE 6u29 follows release Java SE 6u27. There is no publicly
available Java SE 6u28 release. Oracle used release version 6u28 for an internal
build, which was not necessary once the fixes delivered on Java SE 6u29 were
released.
[Blacklist Entries]
This update release includes the following new entries to the Blacklist:
* Cisco AnyConnect Mobility Client
* Microsoft UAG Client
[RMI Registry Issue]
A bug in the rmiregistry command included in this release may cause unintended
exceptions to be thrown when an RMI server attempts to bind an exported object
which includes codebase annotations using the "file:" URL scheme. The RMI
servers most likely to be effected are those which are invoked only by RMI
clients executing on the same host as the server.
RMI annotates codebase information as part of the serialized state of a remote
object reference to assist RMI clients in loading the required classes and
interfaces associated with the object at runtime. Exported objects which are
looked up in the RMI registry and invoked by RMI clients running on hosts other
than the server are usually annotated with codebase URL schemes, such as
"http:" or "ftp:" and these should continue to work correctly.
As a workaround, RMI servers can set the java.rmi.server.codebase property to
use codebase URLs other than the "file:" scheme for the objects they export.
[Bug Fixes]
This release contains fixes for security vulnerabilities. For more information,
please see Oracle Java SE Critical Patch Update advisory.
|
|
lang/php53 security update
Revisions pulled up:
- lang/php53/Makefile 1.18
- lang/php53/Makefile.php 1.9-1.10
- lang/php53/distinfo 1.23-1.26
- lang/php53/patches/patch-Zend_zend__builtin__functions.c 1.1-1.2
- lang/php53/patches/patch-as 1.1
---
Module Name: pkgsrc
Committed By: jklos
Date: Thu Oct 6 05:34:00 UTC 2011
Modified Files:
pkgsrc/lang/php53: distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-as
Log Message:
Atomic operations via gcc are not supported on many archs. Allow them only
on amd64, powerpc, i386 and alpha.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 20 12:38:24 UTC 2011
Modified Files:
pkgsrc/lang/php53: Makefile.php distinfo
Log Message:
Re-add suhosin-patch to distinfo.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 20 12:39:33 UTC 2011
Modified Files:
pkgsrc/lang/php53: Makefile.php
Log Message:
Revert accidental commit with previous commit.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 20 13:32:20 UTC 2011
Modified Files:
pkgsrc/lang/php53: Makefile distinfo
Added Files:
pkgsrc/lang/php53/patches: patch-Zend_zend__builtin__functions.c
Log Message:
Add fix for 2011-3379 from r317183 from PHP's repository.
Bump PKGREVISION.
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 20 14:30:55 UTC 2011
Modified Files:
pkgsrc/lang/php53: distinfo
pkgsrc/lang/php53/patches: patch-Zend_zend__builtin__functions.c
Log Message:
A small correction in comment text of the patch.
|
|
lang/python24: build fix
lang/python25: build fix
lang/python26: build fix
lang/python27: build fix
lang/python31: build fix
security/cyrus-sasl: build fix
Revisions pulled up:
- lang/python24/distinfo 1.36
- lang/python24/patches/patch-am 1.7
- lang/python25/distinfo 1.18
- lang/python25/patches/patch-am 1.8
- lang/python26/distinfo 1.39
- lang/python26/patches/patch-am 1.17
- lang/python27/distinfo 1.10
- lang/python27/patches/patch-am 1.4
- lang/python31/distinfo 1.4
- lang/python31/patches/patch-am 1.3
- security/cyrus-sasl/Makefile 1.58
---
Module Name: pkgsrc
Committed By: sbd
Date: Tue Oct 18 21:59:19 UTC 2011
Modified Files:
pkgsrc/lang/python24: distinfo
pkgsrc/lang/python24/patches: patch-am
pkgsrc/lang/python25: distinfo
pkgsrc/lang/python25/patches: patch-am
pkgsrc/lang/python26: distinfo
pkgsrc/lang/python26/patches: patch-am
pkgsrc/lang/python27: distinfo
pkgsrc/lang/python27/patches: patch-am
pkgsrc/lang/python31: distinfo
pkgsrc/lang/python31/patches: patch-am
pkgsrc/security/cyrus-sasl: Makefile
Log Message:
Deal with the fact that if /usr/include/ndbm.h exists on Linux it probably
belongs to gdbm_compat. I.E. _don't_ use ndbm on Linux.
|
|
the linkage of the package and gives me a non-broken liblua.so on
current. The one I had around from sometime last year had broken
compatibility references in it.
|
|
awkwardly, leading to Python 2.6 failing to build.
Python 2.7 builds ok, because it has been taught to deal with this.
This patch retro-fits the 2.7 code into 2.6, and allows 2.6 to build on
Ubuntu 11.04.
Ok'd by wiz@
|
|
It is not a leaf package, but the changes affect Mac OS X only.
Test builds on 10.5/i386, 10.7/i386 and 10.7/x86_64 (thanks ryoon@).
|
|
It is not a leaf package, but the changes affect Mac OS X only.
Test builds on 10.5/i386, 10.6/i386 (thanks tron@), 10.7/i386 and
10.7/x86_64 (thanks ryoon@).
|
|
Scala 2.9.1 from 2.8.1. PR pkg/45379
Scala 2.9.0 final
The Scala 2.9.0 codebase includes several additions, notably the new
Parallel Collections, but it also introduces improvements on many
existing features, and contains many bug fixes:
* Parallel Collections
* The App Trait
* The DelayedInit Trait
* Repl Improvements
* Scala Runner
* Java Interop
* Generalized try-catch-finally
* New packages: scala.sys and scala.sys.process, which are imported
from sbt.Process.
* New methods in collections: collectFirst, maxBy, minBy, span, inits,
tails, permutations, combinations, subsets
* AnyRef specialization:
See http://www.scala-lang.org/node/9483 for more details.
Scala 2.9.1 final
The 2.9.1 release of Scala includes many bug fixes and improvements,
in particular to the interpreter: most of the interpreter changes
available in the development mainline have been ported to the 2.9.x
release branch.
See http://www.scala-lang.org/node/10780 for more details.
Note: the interpreter option '-i' may behave incorrectly in this
version. In case you require it, please just add the option
'-Yrepl-sync' to your command line as well.
|
|
* File::Glob::bsd_glob() memory error with GLOB_ALTDIRFUNC (CVE-2011-2728).
* Encode decode_xs n-byte heap-overflow (CVE-2011-2939)
|
|
|
|
result e.g. in intmax_t getting defined only in namespace std and broke
the festival build.
|
|
|
|
Fixes build on Ubuntu 11.04. Unlikely to have an effect on platforms that
already built, so no PKGREVISION bump.
Ok'd in freeze by wiz@
|
|
Tested on NetBSD/i386 5.99.55, Darwin/11.0.1, and NetBSD/i386 5.1.
|
|
provide a separate library so compilation fails. Add a hints file to
correct the list of libraries used on NetBSD.
|
|
|
|
|
|
|
|
- Replace the HOMEPAGE with the url used in the document
such as README etc.
- Drop minoura@ from MAINTAINER as per his request on twitter.
Brief summary of Gauche 0.9.2:
[New Features]
* Case mapping and character properties are fully supported,
compatible to R6RS and R7RS draft (both based on Unicode
standard). Character-wise case mapping (char-upcase etc.) and
property queries (char-alphabetic?, char-general-category,
etc.) are built-in. Context-aware string case mapping
(string-upcase etc.) is provided in the new text.unicode
module. (Note: srfi-13's string-upcase etc. are unchanged;
they are defined to use simple case mappings.) The text.unicode
module also provides conversion between utf-8/utf-16 and
Unicode codepoints.
* Windows binary distribution is now in MS installer (*.msi)
format, created with WiX. It's safer than the previous *.exe
format created by NSIS, which had a bug that smashes PATH
settings when it is too long.
* A convenient wrapper for atomic execution is added in
gauche.threads. See this intro post.
* Benchmarking utilities resembles to Perl's Benchmark module is
now available in gauche.time. See this post for an
introduction.
* with-lock-file: A long-awaited feature to use lock files
conveniently. It is in file.util module.
* Added full support of srfi-60, integer bitwise operations.
* gauche.cgen: Some API that Gauche uses to generate C code
become public. See the manual for the details.
[Incompatibile Changes]
* control.thread-pool: add-job! now takes timeout argument. If it
is omitted and the job queue is full, add-job! blocks. It is a
change from 0.9.1, in which add-job! returns immediately in
such case. To get the same behavior, pass 0 explicitly to the
timeout argument. The argument order of wait-all is also
changed to take timeout optional argument first. In 0.9.1 it
never timeouts.
* If --enable-multibyte flag is given to ./configure without
explicit encoding, we now assume utf-8. It used to be
euc-jp. This is for the consistency. We don't think this change
affects many, for the document has always been told to give
explicit encoding name for this option.
* The --enable-ipv6 configure option is turned on by default. It
shouldn't cause problems on modern OSes. If you ever get a compile
error in gauche.net module on a platform that lacks modern API,
specify --disable-ipv6 option to ./configure.
* (This is an internal change of undocumented feature. We mention
it just in case if some extension packages depend on this.) In
the initialization code generated by genstub or precomp, it
used to be possible to refer to the current module by mod. Now
you should use Scm_CurrentModule() instead. Also,
gauche.cgen.unit now doesn't include <gauche.h> automatically.
[Improvements]
* The compiler is improved to avoid creating a closure at
execution time when it doesn't close local environment. For
example, (map (^x (* x x)) lis) doesn't create a closure;
instead, the internal lambda is compiled as if it is a
toplevel-defined procedure. (Yeah, it's a simple lambda
lifting. We didn't do it since it could slow down the
compiler. Now the compiler is efficient enough to handle it.)
* Supports zero or multi-argument unquote/unquote-splicing, as
defined in R6RS.
* sys-exec and sys-fork-and-exec now supports :detached keyword
argument to make the child process detached from the parent's
process group.
* Buliltin reverse and reverse! takes optional list-tail
argument.
* A new builtin procedure map* that can deal with dotted list.
* Common Lisp-like ecase macro is added.
* The extended lambda formals (:key, :optional, etc) are now
available in define-method as well.
* New built-in function sys-clearenv, useful to fork subprocess
securely.
* rxmatch-case accepts (else => proc) form, just like case.
* Socket address objects (e.g. <sockaddr-un>) can now be compared
by equal? based on its content. Useful to put them in a
hashtable, for example.
* gauche.uvector: A new procedure uvector-copy! that can copy any
type of uvectors.
* gauche.test: A new test expected result constructor test-one-of
allows to check if the test result matches any one of possible
outcomes.
* control.thread-pool: Now a pool raises <thread-pool-shut-down>
condition if the pool has already be shut down and no longer
accepting new jobs. terminate-all now takes :cancel-queued-jobs
keyword argument to stop the pool immediately, instead of
waiting for all the jobs to be finished. Canceled jobs are
marked as killed . New APIs: thread-pool-results,
thread-pool-shut-down?.
* rfc.json: Allow construct-json to take optional output port for
the consistency.
* rfc.uri: A new procedure uri-merge that can be resolve a
relative uri in regart to a base uri.
* rfc.cookie: Recognize :http-only cookie attribute introduced in
RFC6265.
* Now the tilde `~' expansion of sys-normalize-pathname works on
Windows as well to refer to the current user's home directory;
it tries environment variables heuristically to find it. To
refer to other user's home directory by ~user is still only
available on Unix platforms, though.
* util.combinations: combinations is optimized to handle leaf
cases efficiently.
[Bux fixes]
* Fixed a bug that the number parser hangs when reading
2.2250738585072012e-308.
* Integer multiplication routine had a code that depended on
undefined behavior of C; it worked on gcc but revealed the bug
on clang-llvm.
* Fixed a module bug on the visibility of bindings of extended
modules.
* gauche.parameter: Fixed a couple of bugs on parameter objects.
* Numeric comparison procedures such as < didn't work correctly
when more than four arguments were given. The bug was
introduced by incorrect optimization.
* Fixed bugs in lognot, logand, logior and logxor, which crashed
when non-integer ratinoal numbers are passed.
* port->string, port->string-list: These procedures returned
prematurely when the input contains an illegal byte sequence
for internal encoding. Now they return an incomplete string
instead.
* srfi-1: Some srfi-1 procedures that are built-in were not
exported, causing errors when you wanted to import them
selectively, e.g. (use srfi-1 :only (fold)).
* util.queue: Fixed list->queue to work.
* binary.pack: Fixed a bug that the result may be truncated if
the input contains byte sequences that can be interpreted as
invalid character multibyte sequences.
* srfi-42: Fixed a hygiene bug; the previous versions failed when
only toplevel macros are imported using :only import option.
* rfc.json: Fixed a bug that didn't escape double-quotes in the
string, and didn't handle empty array.
* Coding-aware ports didn't count lines correctly in CR-only or
CRLF line endings.
* Fixed a problem that caused crash after changing metaclasses of
a class metaobject. An additional protection mechanism is in
place in the class metaobject so that it won't be in an
inconsistent state unexpectedly.
* Fixed sys-setenv in which you couldn't omit the overwrite
argument, even if it was described optional.
* Fixed build problem of gauche.net on Solaris.
* Fixed a bug in gauche-package that caused an error when
*load-path* contained a nonexistent path.
* Fixed a bug in string comparison routine that surfaces in a
special architecture.
* The printed output of <time> was incorrect when its value was
negative.
* There was a bug in the reader it reads ().() incorrectly.
* Fixed a bug in format to allow ~* to position after the last
argument.
* Fixed GC compliation problem on OSX Lion.
|
|
|
|
|
|
pyconfig.h weirdness.
|
|
|
|
|
|
|
|
|
|
|
|
And a little documentation clean up.
|
|
* Add support for deleting dependency to a ruby gem.
|
|
building the select module.
Reviewed by Bernd Ernesti and Jörg Sonnenberger.
|
|
updated databases/freetds.
|
|
Highlights
This update release contains important enhancements for java applications:
* improved performance and stability
* Certification for Firefox 5
Olson Data 2011g
|
|
PR pkg/45345 by Pierre Allegraud.
Bump PKGREVISION.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This fixes parallel builds.
|
|
=== 3.9.4 / 2011-08-26
* Bug fixes
* Applied typo and grammar fixes from Luke Gruber. Ruby bug #5203
|
|
(From rubygem's repository, 6ff4e0eed52ef066fe33.)
Bump PKGREVISION.
|
|
build, since the bootstrap VM crashes with Stack Overflow error.
|
|
unicodedata for reasons not completely understood. It doesn't really
make sense for the compiler, so just don't use it.
|
|
|
|
fiddle should become a separate package like ruby-curses and ruby-gdbm.
|
|
Pkgsrc changes:
o Adapt to changes in installed contents.
Upstream changes:
Parrot 3.6.0:
- Core
+ Class.add_vtable_override now allows you to overwrite an override
+ Integers, floats and strings can now be stored in lexical variables.
Previously, only PMCs could be stored in lexicals.
+ VTABLE_substr has been removed. VTABLE_substr_str has been renamed to
VTABLE_substr
+ Added a new PackfileView PMC type, an intended replacement for
the deprecated Eval PMC.
+ The is_integer vtable on the String PMC now works for all string encodings.
+ Unicode error messages on Win32 now work correctly.
+ A memory leak in IMCC was fixed.
- Languages
+ The snaphost of Winxed included with Parrot was updated to version 1.0.0
+ Winxed has migrated to Github: https://github.com/NotFound/winxed
Pore
+ Added mem_sys_strndup function.
+ Added new load_bytecode_p_s opcode as an eventual replacement for
load_bytecode_s
+ Added new :tag() syntax to IMCC for PIR
+ Improved configuration support for msys
+ known-buggy parrot_debugger is no longer installed
- Languages
+ Winxed
- Updated snapshot to version 1.1.0
- multi functions and methods
- cast to var
- load_packfile builtin
- __NAMESPACE__ and __CLASS__ predefined constants
- Documentation
+ The Archive::Tar and Archive::Zip libraries now have POD docs
|