| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Security Fixes
* Fixed an integer overflow inside chunk_split() (by Gerhard Wagner, CVE-2007-2872)
* Fixed possible infinite loop in imagecreatefrompng. (by Xavier Roche, CVE-2007-2756)
* Fixed ext/filter Email Validation Vulnerability (MOPB-45 by Stefan Esser, CVE-2007-1900)
* Fixed bug #41492 (open_basedir/safe_mode bypass inside realpath()) (by bugs dot php dot net at chsc dot dk)
* Improved fix for CVE-2007-1887 to work with non-bundled sqlite2 lib.
* Added mysql_set_charset() to allow runtime altering of connection encoding.
* Upgraded bundled SQLite 3 to version 3.3.17. (Ilia)
* Fixed gd build when used with freetype 1.x (Pierre, Tony)
And a fair few bugs fixed, see: http://www.php.net/ChangeLog-5.php#5.2.3
for all the details.
|
|
pkgrevision.
|
|
JamVM 1.4.5 released on 4th February 2007
=========================================
A summary of changes since 1.4.4:
- Support for Java 1.5 Annotations. This includes the following
methods for reflection access to Annotations:
- VMClass.getDeclaredAnnotations
- java.lang.reflect.Field.getDeclaredAnnotations
- java.lang.reflect.Constructor
- getAnnotation, getDeclaredAnnotations, getParameterAnnotations
- java.lang.reflect.Method
- getDefaultValue, getAnnotation, getDeclaredAnnotations,
getParameterAnnotations
- Class sun.misc.Unsafe implemented, providing VM support for
JSR-166 (Concurrency Utilities).
- Ported to the mipsel architecture. This is a full port, with hand-
coded assembler to handle the construction of a call-frame for calling
JNI native methods. This supports the O32 ABI (for other ABIs libffi
can be used).
- Bug fix in registering references external to the heap with the GC.
The table should be locked for references registered after VM
initialisation.
- Bug fix when expanding the heap and the free-list is empty.
- Fixed race-condition when rewriting OPC_NEW in the indirect-threaded
interpreter (by default the direct-threaded interpreter is used).
- Bug fix in the GC compaction phase. The class-loader references
within the loaded DLL hashtable must be updated when the class-loader
is moved during compaction. This is a regression introduced in
JamVM 1.4.3 (DLL unloading), seen while running Eclipse.
- Bug fix in JNI_GetStringUTFLength. The reported length should not
include space for a NULL terminator.
- Various compile fixes for uClibc. Support for the JNI invocation
API requires glibc features not implemented in uClibc.
- Command line option -fullversion implemented.
JamVM 1.4.4 released on 2nd November 2006
=========================================
A summary of changes since 1.4.3:
- Full JNI Invocation API implemented, enabling JamVM to be linked into
another program.
- JNI_CreateJavaVM, DestroyJavaVM, AttachCurrentThread,
- AttachCurrentThreadAsDaemon, DetachCurrentThread
- JNI_GetDefaultJavaVMInitArgs
- JamVM is now also built as a shared library (lib/libjvm.so).
- The executable (bin/jamvm) is statically linked with this library
instead of being a wrapper. This is because the shared library
runs slower than static linking on some architectures. As JamVM
is small this is not a problem.
- Improved class-loader and shared library support
- When a class-loader (and all its classes) is unloaded all shared
libraries loaded by the class-loader are unloaded and JNI_OnUnload
called (if defined)
- A shared library can no longer be opened by two class-loaders
at once
- A class can only resolve native methods defined in shared libraries
opened by its defining class-loader
- Major re-working of thread/locking code to support additional Java 1.5
functionality
- Thread.getState() implemented
- correct thread states and their transistions (e.g. BLOCKING,
WAITING, TIMED_WAITING, etc.)
- native support for the ThreadMXBean thread system management API
- thread creation statistics (count of live, started and
peak threads)
- Information about a thread (ThreadInfo)
- execution information (thread state, stack backtrace to
a particular depth, object upon which the thread is blocked
or waiting to be notified)
- synchronization statistics (counts of the times the thread
has been blocked or waited for notification)
- Thread.interrupt() re-implemented fixing several bugs
- if a thread was waiting on a monitor, previous implementation
required the monitor lock to be obtained. If a 3rd thread
was holding this, the interrupt could not occur to avoid
deadlock. New thread-code does not require lock to be obtained.
- in rare circumstances another thread waiting on the monitor
could be notified (when there was pending notifications,
and then an interrupt, and subsequent threads waiting on the
monitor).
- a thread waiting on a thin-lock (waiting for inflation)
could erroneously report an InterruptedException
- GC bug fix for class-unloading when only using the compactor
(-Xcompactalways). The compactor in some circumstances could move
objects ontop of the object holding the native class-loader VM data
before it was freed leading to a SEGV.
- Bug fix for abstract methods which fell through previous
AbstractMethodError checks (using a stub method)
- AbstractMethodError now also gives the method name
- Bug fix to not allow abstract classes to be instantiated
- Bug fix for NULL in identityHashCode (a regression in JamVM 1.4.3)
- Bug fix for NULL in JNI method GetStringUTFLength|Chars
- Bug fix for $ in native method names
- FirstNonNullClassLoader implemented
- Access-checking bug fix. In reflection method/field access, also
check class access in addition to method/field.
- Ensure created threads have a native stack size of at least 2MB. This
fixes SEGVs due to stack overflow seen on OpenBSD/Darwin
(default 512KB).
- Property sun.boot.class.path is now also defined in addition to
java.boot.classpath. Certain applications look for the Sun property
(e.g. Dacapo bloat benchmark).
- Extra bootclasspath command line options
- bootclasspath/v overrides the default VM classes path
- bootclasspath/c overrides the default GNU Classpath classes path
- java.endorsed.dirs support added
- directories are scanned and any jar/zip files are added to the
boot classpath.
- Improved thread dump (produced via ctrl-\). Now shows thread state.
- JamVM by default now installs in its own directory (/usr/local/jamvm)
JamVM 1.4.3 released on 21st May 2006
=====================================
A summary of changes since 1.4.2:
- Heap compaction implemented. Previously on some programs the object
allocation pattern could lead to a highly fragmented heap (lots of
small holes). This caused early heap expansion, and in some cases
an OutOfMemory exception (a result of repeated heap expansion until
heap fully expanded).
JamVM now includes a mark/compact collector in addition to the
mark/sweep GC. This is normally ran after forced finalisation, and
before heap expansion. It removes fragmentation by sliding the objects
to the bottom of the heap, closing the holes.
Two new command line options can be used to control compaction :
-Xnocompact : don't do compaction and just use the mark/sweep
collector. This is equivalent to JamVM 1.4.2 behaviour.
-Xcompactalways : do compaction on every garbage-collection. In
some cases this may lead to less collections, but
the compactor is slower than the sweeper.
- The interned String table is now garbage-collected (JamVM uses its
own interned String hashtable).
- Additional Java 1.5 support
- New methods within VMClass implemented
- isMemberClass, isLocalClass, isAnonymousClass,
getEnclosingClass, getEnclosingMethod,
getEnclosingConstructor, getClassSignature.
- Generic signature support in reflection classes (Constructor, Method
Field).
- getTypeParameters, getSignature, getGenericExceptionTypes,
getGenericParameterTypes, toGenericString, getGenericType,
getGenericReturnType
- Uncaught exceptions will now use the thread's uncaughtExceptionHandler
(if available).
- Fix for Non-ASCII characters in class name parameter
- affected methods Class.ForName, ClassLoader.defineClass
- Use getcwd() instead of PWD enviroment variable for user.dir
property. This fixes problems seen on some applications.
- Fix in VMClass.defineClass on 64-bit machines (protection domain
parameter assumed to be 4 bytes).
- Minor interpreter optimisation in direct-mode with handler
prefetch (reload of handler address in aload_0/getfield pair).
- Command line options -version and -showversion now prints a "Java
compatible" version number. This is to work with shell scripts which
parse the output to get the Java version.
- Set the java.home property to the JAVA_HOME environment variable if set.
- Ported to Mac OS X on Intel.
- Runtime.availableProcessors implemented (Linux, Mac OS X and BSD
systems).
- Updated to be compatible with Classpath 0.91.
- Merged in changes to GNU Classpath's VM reference classes and
JamVM's classes.
- Various compiler warnings.
|
|
(guile-oops is included in newer guile, guile-gtk replaces guile14-gtk).
|
|
|
|
lang/guile to 1.8.1. This package will be available for those which will
not work with guile-1.8.x.
|
|
* Minor bugfixes
|
|
|
|
|
|
databases/zope-mysql
lang/py-extclass
textproc/py-dtml
www/py-pcgi
www/py-zpublisher
www/zope
No objection from pkgsrc-users.
cVS: ----------------------------------------------------------------------
|
|
filename clash with "Makefile".
|
|
|
|
|
|
|
|
From Sergey Svishchev.
|
|
|
|
1.5.4
MAJOR SECURITY BUGFIX RELEASE
arbitrary file execution
see http://pear.php.net/news/vulnerability2.php
* Fix Bug #10865: using --packagingroot regression [tias/cellog]
* Fix Bug #10873: pear channel-discover broken - pear temp directories not writeable [cellog]
1.5.3
* Fix Bug #10311: use clearContents to delete bundledPackages [cellog]
* Fix Bug #10602: notice on line 157 PEAR/REST/11.php [cellog]
* Fix Bug #10620: use \z instead of $ in regexes [cellog]
* Fix Bug #10621: channel-info does not handle mirrors properly [cellog]
* Fix Bug #10645: Patch for verbose sign command [cweiske]
* Fix Bug #10647: no mktempdir but config temp_dir in Channels.php [tias]
* Fix Bug #10656: no userConfirm() check in Frontend::setFrontendObject [tias]
* Fix Bug #10661: Failure to install local package [cellog]
* Fix Bug #10676: tmpdir() search variables in wrong order. [cellog]
* Fix Bug #10690: RunTest.php parses HTTP headers for non-CGI tests [jstump]
* Fix Bug #10720: Notice: Undefined variable: group in PEAR/Downloader/Package.php on line 698 [cellog]
* Fix Bug #10733: Validator cannot handle invalid package2.xml file [cellog]
* Fix Bug #10768: if a package is not installed, upgrade will not install it [cellog]
* Fix Bug #10771: upgrade-all/upgrade will not upgrade non-PEAR channels [cellog]
|
|
just for root.
Spotted by joerg@'s bulk builds
PKGREVISION++
|
|
From David H. Gutteridge in PR 36321.
|
|
pkgsrc, in preparation for gnome1-libs removal(*).
There was no feedback for keeping these packages after my
HEADS UP mail to pkgsrc-users a week ago.
(*) More to come before that can happen, though.
|
|
|
|
|
|
|
|
* Fixed CVE-2007-1001, GD wbmp used with invalid image size (by Ivan Fratric)
* Fixed asciiz byte truncation inside mail() (MOPB-33 by Stefan Esser)
* Fixed a bug in mb_parse_str() that can be used to activate register_globals
(MOPB-26 by Stefan Esser)
* Fixed unallocated memory access/double free in in array_user_key_compare()
(MOPB-24 by Stefan Esser)
* Fixed a double free inside session_regenerate_id() (MOPB-22 by Stefan Esser)
* Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
(MOPB-21 by Stefan Esser).
* Limit nesting level of input variables with max_input_nesting_level as fix for
(MOPB-03 by Stefan Esser)
* Fixed CRLF injection inside ftp_putcmd(). (by loveshell[at]Bug.Center.Team)
* Fixed a possible super-global overwrite inside import_request_variables().
(by Stefano Di Paola, Stefan Esser)
* Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc
library. (by Stanislav Malyshev)
* Fixed a header injection via Subject and To parameters to the mail() function
(MOPB-34 by Stefan Esser)
* Fixed wrong length calculation in unserialize S type (MOPB-29 by Stefan Esser)
* Fixed substr_compare and substr_count information leak
(MOPB-14 by Stefan Esser) (Stas, Ilia)
* Fixed a remotely trigger-able buffer overflow inside make_http_soap_request()
(by Ilia Alshanetsky)
* Fixed a buffer overflow inside user_filter_factory_create().
(by Ilia Alshanetsky)
|
|
Bump package revision.
|
|
|
|
Fix the PHP call to include the default include path for PEAR
|
|
|
|
* the PEAR installer, for creating, distributing and installing packages
* the PEAR_Exception PHP5 error handling mechanism
* the PEAR_ErrorStack advanced error handling mechanism
* the PEAR_Error error handling mechanism
* the OS_Guess class for retrieving info about the OS where PHP is running on
* the System class for quick handling of common operations with files and
directories
* the PEAR base class
|
|
|
|
"ruby" followed by a version number.
|
|
mail.
|
|
Many, many bugs have been fixed relative to 6.6. Far too many to list here.
The other changes in this release are:
* GHC works on Windows Vista.
* GHC can now be used to compile C++ files.
* There is an --install-signal-handlers=<yes|no> RTS flag. The main use is
to stop GHC installing signal handlers when you are putting your code in
a DLL.
* Newtypes can now be defined using GADT syntax.
* Linear implicit parameters are no longer accepted.
* There is a manpage for ghc and ghci.
* The building guide has been moved to the wiki.
* GHC now comes with the filepath library.
|
|
|
|
readable).
Patch will be in 5.2.2, so this patch can be removed once it has been
released.
|
|
Give away to pkgsrc-users.
|
|
(I might be able to pick this up again in the future, but cannot guarantee it.)
|
|
|
|
Change:
- Sun OS compilation patch.
|
|
|
|
Changes since 1.4.2_13:
- Some zone information (zi) files changed.
|
|
|
|
|
|
|
|
Based on patch provided in PR 36157, update to 0.4.10.
New in 0.4.11
- Compilers:
+ IMCC: added documentation for C-based Parrot Calling Conventions,
refactorings and bug fixes
+ PGE: new perl6regex front end reflecting recent S05 syntax changes
+ PIRC: new prototype PIR parser
- Languages:
+ Updated Lua, PHP ("Plumhead"), BASIC, pynie
+ Lua implements environment
- Design:
+ PDD15 "Objects" - details added, and draft approved
- Documentation:
+ Added guidelines for PMC documentation
- Implementation:
+ PDD15 implementation is largely complete, including role-based composition,
introspection, and C3 method resolution order
+ new Exporter PMC for importing globals between namespaces
+ new string utilities for radix conversion
+ PCCINVOKE and Parrot_PCCINVOKE allow calling using the full Parrot Calling
Conventions from PMCs and C code respectively
- Build:
+ Refactorings and improvements in test coverage for 'Configure.pl'
- Misc:
+ many bugfixes, enhancements, and code cleanup
+ added example subversion config file
+ extended support for gcc, icc, and other compilers
+ extended support for Solaris and other platforms
New in 0.4.10
- Compilers:
+ IMCC: Parrot calling conventions now available between two C PMCs (PMINVOKE)
+ PGE: Match object improvements
+ smop: added Attribute and Class PMCs
+ HLLCompiler: improvements for interactive mode
- PAST:
+ extended binding to a list of variables
- Languages:
+ Updated Lua, PHP ("Plumhead"), Tcl ("ParTcl"), Ruby ("Cardinal")
+ Update PIR, regex, Zcode
+ New language: Pynie - a Python compiler for Parrot
+ Lua implements require and many other ops, improved regex support
+ Remove parakeet
- Design:
+ PDD01 "Overview" - updated architecture and platform information
+ PDD15 "Objects" - details on roles, objects, and classes added
+ PDD22 "I/O" - added async ops and Status PMC details
- Documentation:
+ Added guides for Metacommitter, Relase Manager, and Cage Cleaner roles
- Implementation:
+ Object, Class, Role, and Attribute PMC implementation has begun
+ Perl 5 module "Parrot::Embed" now compiles and links on all platforms
- Build:
+ Major improvements in test coverage for 'ops2c.pl'
- Misc:
+ New utility: Crow, a template processor
+ New library module: Config/JSON for reading/writing JSON files
+ many bugfixes, enhancements, and coding standard updates, code cleanup
New in 0.4.9
- Compilers:
+ IMCC: Parrot calling conventions now available in C PMCs, allowing
named, optional, slurpy, and flat parameter passing
+ PGE: extended support for Perl 5 Regexes
+ smop: prototype object model implementation
+ hllcompiler: refactored to run a configurable set of compilation stages
- PAST:
+ redesigned assign/binding to support Perl 6 binding semantics
- Languages:
+ Updated Lua, PHP ("Plumhead"), Tcl ("ParTcl"), perl6, perl5
+ New language: PIR - a PGE-based implementation of Parrot PIR
+ perl6 now supports binding (':=') and 'join'
+ lua generates tail calls, and supports its own regex flavor (PGE-based)
+ Pheme still works, huzzah!
- Design:
+ PDD21 "Objects" - rewritten
+ PDD22 "I/O" - updated and 'TODO' tests added
- Documentation:
+ Interface stability classification standards approved
+ Roles and Responsibilities documented approved
+ Official 'drafts' directory created (was 'clip')
- Implementation:
+ More NameSpace and OS PMC methods implemented
+ Parrot executable fullname and basename now available in PIR/PASM code
+ new 'chomp' library function
- Build:
+ Major improvements in test coverage for 'ops2pm.pl'
- Misc:
+ many bugfixes, enhancements, and coding standard updates
+ extended support for Sun Workshop Compilers
+ Parrot now builds on PocketPC platform
New in 0.4.8
- Compilers:
+ HLLCompiler: added tracing options, modified api
+ PGE & TGE bugfixes and updates
- PAST:
+ added global and lexical variable support
+ added looping constructs, arrays, hashes
- Languages:
+ Updated PHP ("Plumhead"), Tcl ("ParTcl"),
forth, perl6, lua, abc, APL, WMLScript, punie
+ ParTcl is passing > 24.9% of Tcl cvs-latest test suite
+ perl6 now supports hashes, arrays, method calls, arity-based
multisubs, quoted terms, ranges (non-lazy), try blocks, $!
- Design:
+ PDD01 "Overview" - updated
+ PDD22 "I/O" - rewritten and approved
- Test Suite:
+ Converted Perl 5 Regex tests to PIR, with notable speedup
+ Added tests for opcodes, compilers, languages, and coding standards
- Build:
+ Major improvements in test coverage for 'pmc2c.pl'
- Misc:
+ many bugfixes, enhancements, and coding standard updates
+ extended support for non-core platforms including Cygwin, Tru64
New in 0.4.7
- New languages: PHP ("Plumhead"), Forth
- Updated languages: Ruby ("Cardinal"), Tcl, Lua
- Remove old Python implementation from Parrot repository; the new Python
language code is hosted at http://pirate.tangentcode.com
- Compilers:
+ PGE updated with more expressions, latest changes to S05
+ new Perl6 grammar compiler
- Integration:
+ Perl 5 module "Parrot::Embed" allows easy embedding of a Parrot
runtime into a Perl 5 program
- PIR:
+ new :init pragma for subs that must run before the main function
+ new :vtable pragma to identify subs that override PMC vtable methods,
eliminating the need for special subroutine names
+ PIR parser/compiler does not stop on first syntax error
+ Vanilla register allocator ("register alligator") greatly improves
performance compiling large functions
+ Eliminated limit on number of PIR macros
- PMCs:
+ hash lookups return null instead of None for missing keys
- Design:
+ PDD13 "Bytecode files: format and manipulation" - new
+ PDD10 "Embedding" - new
+ PDD25 "Concurrency" - rewritten
+ PDD15 "Objects" - new section on redesign requirements
+ PDD07 "Coding standards" - significant updates and automated tests
- Test Suite:
+ Many many more new tests
- Build Process:
+ autoconf compatible install options
- Misc:
+ Namespace refinements
+ Coroutine improvements
+ An impressive swarm of other bugfixes and enhancements
New in 0.4.6
- New languages: Ruby ("Cardinal"), Javascript ("ecmascript")
- Updated languages: Tcl, dotnet, bc, Pheme, Punie, WMLScript
- Updated compilers: PGE, TGE
- IMCC updates:
+ ".loadlib" directive expresses dependencies
+ ".namespace" with no parameter goes to HLL root
+ lexer is reentrant (reentrant grammar in progress)
- Namespace improvements:
+ new suite of opcodes to access namespaces and globals
("find_global" and "store_global" will be phased out)
+ namespace '' no longer means HLL root
- Design document updates:
namespaces (pdd23), basic types (pdd17), embedding
- Updated tool requirements for developers:
flex 2.5.33, bison 2.1, perl 5.6.1
- New to-do list for people new to Parrot:
cage/todo.pod
- The usual plethora of bugfixes and enhancements
New in 0.4.5
- unicode subroutine names
- hierarchical class names finished including MMD support
- new dotnet CLI to PIR translator
- improved TGE code and compiler
- APL: vector handling
- new STM branch in the svn repository
- the usual bugfixes and enhancements
New in 0.4.4
- hierarchical class names
- APL compiler
- under development
- understands simple vector ops, strings
- demonstrates use of Unicode in Parrot
- pgc, a compiler for rules and operator precedence parsers
- Major redesign and improvements for PGE
- compilers understand named parameter options
- :ratchet option implemented to support non-backtracking quantifiers
- TGE (tree grammar engine) for tree transformations
- tgc, tree grammar compiler
- perl6 compiler
- support for many operators, lexical scalars, regex matches
- new pheme (Parrot scheme) compiler
New in 0.4.3
- namespaces partially implemented
- rulec, Perl6 rule compiler
- PGE improvements including return values for closure
- parts of a Perl6 parser based on PGE
- complex trigonometric methods
- type of Sub PMC is now overridable by HLL
- NetBSD support
- many bug fixes and improvements
New in 0.4.2
- improved PPC and x86 JIT support including JIT compilation
of very simple PASM/PIR subroutines
- preliminary libreadline support
- better trace and debug features
- pkgconfig support
- META.yml to support proper indexing on CPAN
- new opcode: hcf (in "my_ops" in dynamic op library)
- new File pmc for file specific ops (is_dir, is_file, copy, rename...)
- named arguments and parameters (both :named("") and => syntaxes)
- ongoing config improvements
- tons of bug fixes and other small improvements - too much to list all
|
|
Based on patch provided by Alaric Snell-Pym in pkgsrc-users@.
Things changed since the last release (2.5):
- Many bugfixes
- Better support for Sun's C compiler
- Input-performance has been improved
- PCRE (Perl compatible regular expressions) by Philip Hazel is now
bundled with CHICKEN
- Static linking of extensions is now possible (when supported by
the egg)
- The interpreter warns about references to potentially unbound variables
in loaded code and expressions entered on the REPL
- The expansion process is traced during compilation and interpretation
to give (slightly) more usable syntactic context in error messages
- library:
* added `any?`, `bit-set?' and `on-exit'
- eval:
* new procedure `set-parameterized-read-syntax!'
- posix:
* SRFI-17 setters for `file-position`, `current-user-id',
`current-group-id', `process-group-id'; the respective setter-procedures
are still available but have been deprecated
* `file-stat' returns more information (including device info)
* added `process*'
- extras:
* added `read-string!'
- utils:
* `apropos' and `apropos-list' procedures
- srfi-4:
* added `read-u8vector', `read-u8vector!' and `write-u8vector'
- srfi-18:
* added `time->milliseconds' and `milliseconds->time'
- csi:
* `-ss SCRIPTNAME' option
- csc:
* accepts options given in the environment variable `CSC_OPTIONS'
* new options `-static-extensions' and `-host'
- chicken/csc:
* new option `-keep-shadowed-macros'
- chicken-setup:
* accepts options given in the environment variable `CHICKEN_SETUP_OPTIONS'
* allows retrieval and installation of eggs from subversion a repository
and the local filesystem
* new options `-tree FILENAME', `-svn', `-local', `-revision' and
`-destdir PATHNAME'
* added helper procedures `required-chicken-version' and
`required-extension-version'
- Lots of improvements in the CMake build
|
|
newer pear packages.
* Fix the case where an extra slash would be appended to the file path in the
PLIST.
* Both fixes from from Loic Hoguin and tested by Loic and myself.
|
|
Import package from Jaap Boender
This fixes PR pkg/35949
|
|
such as types and values, natively in OCaml programs.
The goal of the OCamlDuce project is to extend the OCaml language with features
to make it easier to write safe and efficient complex applications that need to
deal with XML documents. In particular, it relies on a notion of types and
patterns to guarantee statically that all the possible input documents are
correctly processed, and that only valid output documents are produced.
WWW: http://www.cduce.org/ocaml
|
|
|
