| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Note that this release includes a non-backward compatible change
to address a security issue. This change increases the version
of the LTS v4.x line to v4.3.0. There will be no further updates
to v4.2.x.
- http: fix defects in HTTP header parsing for requests and
responses that can allow request smuggling (CVE-2016-2086)
or response splitting (CVE-2016-2216). HTTP header parsing
now aligns more closely with the HTTP spec including
restricting the acceptable characters.
- http-parser: upgrade from 2.5.0 to 2.5.1
- openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against
the Logjam attack, TLS clients now reject Diffie-Hellman
handshakes with parameters shorter than 1024-bits, up from
the previous limit of 768-bits.
- introduce new --security-revert={cvenum} command line flag
for selective reversion of specific CVE fixes
- allow the fix for CVE-2016-2216 to be selectively reverted
using --security-revert=CVE-2016-2216
|
|
- http: fix defects in HTTP header parsing for requests and responses
that can allow request smuggling (CVE-2016-2086) or response
splitting (CVE-2016-2216). HTTP header parsing now aligns more
closely with the HTTP spec including restricting the acceptable
characters.
- http-parser: upgrade from 2.6.0 to 2.6.1
- npm: upgrade npm from 3.3.12 to 3.6.0 (Rebecca Turner) #4958
- openssl: upgrade from 1.0.2e to 1.0.2f. To mitigate against the
Logjam attack, TLS clients now reject Diffie-Hellman handshakes
with parameters shorter than 1024-bits, up from the previous
limit of 768-bits.
|
|
Changelog:
Fix following security vulnerabilities:
CVE-2016-0499
CVE-2015-4925
CVE-2016-0472
CVE-2015-4921
CVE-2016-0467
CVE-2016-0461
CVE-2015-4923
Bug fixes:
Bug Id Category Subcategory Description
JDK-8133917 client-libs Please backport X11FontManager refactor to Java 8!
JDK-8130136 client-libs 2d Swing window sometimes fails to repaint partially when it becomes exposed
JDK-8132850 client-libs 2d java.lang.ArrayIndexOutOfBoundsException during text rendering with many fonts installed
JDK-8137106 client-libs 2d EUDC (End User Defined Characters) are not displayed on Windows with Java 8u60+
JDK-8065081 client-libs demo Intermittent NPE in Java2Demo applet on Stop/Restart in appletviewer
JDK-8081485 client-libs java.awt EDT auto shutdown is broken in case of new event queue usage
JDK-8081787 client-libs java.awt [macosx] MalformedURLException is thrown during reading data for application/x-java-url;class=java.net.URL flavor
JDK-8086038 client-libs java.awt [macosx] No available data flavors when copying from Microsoft Word for Mac
JDK-8130776 client-libs java.awt Remove EmbeddedFrame.requestFocusToEmbedder() method
JDK-8132382 client-libs java.awt [macosx] Crash during JMC or JavaFX execution when NSApplication is controlled by SWT or JavaFX libraries
JDK-8136763 client-libs java.awt [macosx] java always returns only one value for "text/uri-list" dataflavor even if several files were copied
JDK-8134828 client-libs javax.swing Scrollbar thumb disappears with Nimbus L&F
JDK-8134917 client-libs javax.swing [macosx] JOptionPane doesn't receive mouse events when opened from a drop event
JDK-8134356 core-libs {@code} tag contains < and > sequences
JDK-8134569 core-libs Add tests for prototype callsites
JDK-8134939 core-libs Improve toString method of Dynalink DynamicMethod objects
JDK-8133249 core-libs java.io Occasional SIGSEGV: non thread-safe use of strerr in getLastErrorString
JDK-8073644 core-libs java.lang.invoke Assertion in LambdaFormEditor.bindArgumentType is too strict
JDK-8030785 core-libs java.lang:reflect Missing "since 1.8" javadoc for java.lang.reflect.Method:getParameterCount
JDK-8072466 core-libs java.net Deadlock when initializing MulticastSocket and DatagramSocket
JDK-8087190 core-libs java.net Regression in sun.net.util.IPAddressUtil.isIPv4LiteralAddress(String)
JDK-8133015 core-libs java.net InetAddress.isReachable(tmout) returning wrong value on Windows for IPv6
JDK-8143397 core-libs java.net It looks like InetAddress.isReachable(timeout) works incorrectly
JDK-6857566 core-libs java.nio (bf) DirectByteBuffer garbage creation can outpace reclamation
JDK-8029516 core-libs java.nio (fs) WatchKey cancel unreliable on Windows
JDK-8034057 core-libs java.nio Files.getFileStore and Files.isWritable do not work with SUBST'ed drives (win)
JDK-8080115 core-libs java.nio (fs) Crash in libgio when calling Files.probeContentType(path) from parallel threads
JDK-8130274 core-libs java.nio java/nio/file/FileStore/Basic.java fails when two successive stores in an iteration are determined to be equal
JDK-8133232 core-libs java.nio [fs] Regex has redundant | in the char class
JDK-8133647 core-libs java.nio (ch) Test java/nio/channels/AsynchronousSocketChannel/StressLoopback.java fails for Windows XP
JDK-8137121 core-libs java.nio (fc) Infinite loop FileChannel.truncate
JDK-8138819 core-libs java.nio (se) File descriptor leak when Selector.open fails
JDK-8081794 core-libs java.text ParsePosition getErrorIndex returns 0 for TimeZone parsing problem
JDK-8074032 core-libs java.time Instant.ofEpochMilli(millis).toEpochMilli() can throw arithmetic overflow in toEpochMilli()
JDK-8133022 core-libs java.time Instant.toEpochMilli() silently overflows
JDK-8139107 core-libs java.time DateTimeFormatter with Locale.UK throw a NullPointerException when parsing zone
JDK-6907252 core-libs java.util.jar ZipFileInputStream Not Thread-Safe
JDK-8038502 core-libs java.util.jar Deflater.needsInput() should use synchronization
JDK-8134505 core-libs java.util:i18n Cleanup of "TimeZone_md.c"
JDK-8129957 core-libs javax.naming Deadlock in JNDI LDAP implementation when closing the LDAP context
JDK-8027137 core-libs jdk.nashorn Merge ScriptFunction and ScriptFunctionImpl
JDK-8055917 core-libs jdk.nashorn jdk.nashorn.internal.codegen.CompilationPhase$N should be renamed to proper classes
JDK-8068901 core-libs jdk.nashorn Surprising behavior with more than one functional interface on a class
JDK-8068903 core-libs jdk.nashorn Can't invoke vararg @FunctionalInterface methods
JDK-8073613 core-libs jdk.nashorn Here documents: how to avoid string interpolation?
JDK-8073733 core-libs jdk.nashorn TypeError messages with "call" and "new" could be improved
JDK-8087292 core-libs jdk.nashorn nashorn should have a "fail-fast" option for scripting, analog to bash "set -e"
JDK-8087312 core-libs jdk.nashorn PropertyMapWrapper.equals should compare className
JDK-8114838 core-libs jdk.nashorn Anonymous functions escape to surrounding scope when defined under "with" statement
JDK-8129950 core-libs jdk.nashorn Wrong condition for checking absence of logger in MethodHandleFactory
JDK-8129959 core-libs jdk.nashorn DebugLogger has unnecessary API methods
JDK-8130234 core-libs jdk.nashorn Get rid of JSType.isNegativeZero
JDK-8130307 core-libs jdk.nashorn improve Nashorn Javadoc target
JDK-8130424 core-libs jdk.nashorn if directory specified with --dest-dir does not exist, only .class files are dumped and .js files are not
JDK-8130476 core-libs jdk.nashorn Remove unused methods in Global.java
JDK-8130663 core-libs jdk.nashorn 6 fields can be static fields in Global class
JDK-8130853 core-libs jdk.nashorn Non-extensible global is not handled property
JDK-8131039 core-libs jdk.nashorn after adding a function property to Object.prototype, JSON.parse with reviver function goes into infinite loop
JDK-8131340 core-libs jdk.nashorn Varargs function is recompiled each time it is linked
JDK-8131683 core-libs jdk.nashorn Delete fails over multiple scopes
JDK-8133119 core-libs jdk.nashorn Error message associated with TypeError for call and new should include stringified Node
JDK-8133300 core-libs jdk.nashorn Ensure symbol table immutability in Nashorn AST
JDK-8133785 core-libs jdk.nashorn SharedScopeCall should be enabled for non-optim call sites even with optimistic compilation
JDK-8134150 core-libs jdk.nashorn Make Nashorn Timing class both threadsafe and efficient
JDK-8134484 core-libs jdk.nashorn disallow backquotes as heredoc end marker delimiters
JDK-8134488 core-libs jdk.nashorn0 core-libs jdk.nashorn Dead var statement evacuation incorrectly descends into nested functions
JDK-8134502 core-libs jdk.nashorn introduce abstraction for basic NodeVisitor usage
JDK-8134609 core-libs jdk.nashorn Allow constructors with same prototoype e-libs jdk.nashorn Defer stack trace walking of NashornException for extracting line number and file name
JDK-8134931 core-libs jdk.nashorn jdk.nashorn.internal.codegen.TypeMap should not use Map
JDK-8134973 core-libs jdk.nashorn Control flow exceptions s
JDK-8135075 core-libs jdk.nashorn Reorder short-circuit tests in ApplySpecialization to run cheapest first
JDK-8135190 core-libs jdk.nashorn Method code too large in Babel browser.js script
JDK-8135262 core-libs jdk.nashorn Sanitize CodeInstaller and ComJDK-8135337 core-libs jdk.nashorn NativeDebug.dumpCounters with incorrect scope count
JDK-8136349 core-libs jdk.nashorn Typos patch for nashorn sources submitted on Sep 10, 2015
JDK-8136544 core-libs jdk.nashorn Call site switching to megamorphic causes incorrect property read
JDK-8136694 core-libs jdk.nashorn Megemorphic scope access does not throw ReferenceError when property is missing
JDK-8137258 core-libs jdk.nashorn JSObjectLinker and BrowserJSObjectLinker should not expose internal JS objects
JDK-8137281 core-libs jdk.nashorn OutOfMemoryError with large numeric keys in JSON.parse
JDK-8137333 core-libs jdk.nashorn Boundless soft caching of property map histories causes high memory pressure
JDK-8138616 core-libs jdk.nashorn invokeFunction fails if function calls a function defined in GLOBAL_SCOPE
JDK-8138632 core-libs jdk.nashorn Sparse array does not handle growth of underlying dense array
JDK-8074696 core-svc debugger Remote debugging session hangs for several minutes when calling findBootType
JDK-8074368 core-svc java.lang.management ThreadMXBean.getThreadInfo() corrupts memory when called with empty array for thread ids
JDK-8133666 core-svc java.lang.management OperatingSystemMXBean reports abnormally high machine CPU consumption on Linux
JDK-8075773 core-svc tools jps running as root fails after the fix of JDK-8050807
JDK-8139613 deploy push of backport of JDK-8081846 broke build
JDK-8138650 deploy packager Packager cannot bundle Mac App Store Apps because JavaFX WebKit uses apple private APIs
JDK-8133985 deploy plugin "Apply" button is permanently disabled in JCP, after roaming profile option is changed
JDK-8134109 deploy plugin Applet2Manager.getMainDeploymentRuleSet ignores jar version.
JDK-8134495 deploy plugin Cannot enable debugging on JNLP applet with java-vm-args params
JDK-7156268 deploy webstart app is stuck when launching with javaagent if there is no jre info in deployment.properties
JDK-8055464 deploy webstart Add a URL scheme handler to reliably launch .jnlp files - java part
JDK-8056013 deploy webstart Web Start looks in currently directory for all classes prior to jars - slow
JDK-8077380 deploy webstart JNLPSigning exception when signed jnlp is launched from local tomcat server
JDK-8081846 deploy webstart Add a URL scheme handler to reliably launch .jnlp files - Windows registration part
JDK-8135115 deploy webstart DRS1.3: App is not blocked when there is a invalid attribute in jnlp-checksum
JDK-8135227 deploy webstart DRS 1.3 enhancements doesn't work as expected when load no href jnlp by "javaws <local_path_of_jnlp_file>"
JDK-8136906 deploy webstart Extreme Application Startup Time due to frequent requests for the jnlp-6.0.dtd
JDK-8139323 deploy webstart JNLPSignedResourcesHelperTest shows regression caused by JDK-8129600
JDK-8140264 deploy webstart create junit test for JDK-8136906
JDK-8140740 deploy webstart Test jnlp_file/applicationDesc/index.html\#args is failing
JDK-8011858 hotspot compiler Use Compile::live_nodes() instead of Compile::unique() in appropriate places
JDK-8058737 hotspot compiler CodeCache::find_blob fails with 'unsafe access to zombie method'
JDK-8075805 hotspot compiler Crash while trying to release CompiledICHolder
JDK-8134031 hotspot compiler Incorrect JIT compilation of complex code with inlining and escape analysis
JDK-8134493 hotspot compiler Cleaning inline caches of unloaded nmethods should be done in sweeper
JDK-8133193 hotspot gc Memory leak in G1 because G1RootProcessor doesn't have desctructor
JDK-8029453 hotspot runtime java/util/concurrent/locks/ReentrantLock/TimeoutLockLoops.java failed by timeout
JDK-8135002 hotspot runtime Fix or remove broken links in objectMonitor.cpp comments
JDK-8139150 hotspot runtime ClassVerifier frees exception message while it's still in use
JDK-8140249 hotspot runtime JVM Crashing During startUp If Flight Recording is enabled
JDK-7194452 security-libs java.security Remove "Reverse" PKIX CertPathBuilder implementation
JDK-8130875 security-libs java.security Ucrypto library leaks memory when null output buffer is specified
JDK-8136534 security-libs java.security Loading JKS keystore using non-null InputStream results in closed stream
JDK-8132551 security-libs javax.crypto:pkcs11 Initialize local variables before returning them in p11_convert.c
JDK-8067422 tools javac Lambda method names are unnecessarily unstable
JDK-8071291 tools javac Compiler crashes trying to cast UnionType to IntersectionClassType
JDK-8073519 xml jaxb schemagen does not report errors while generating xsd files
|
|
Fix graphics/cairo build failure (ssp.h not found error) as outer compiler.
|
|
long, so I will not include it here, but details can be found in the
CHANGES file in the source. (the previous version was V8.4.)
|
|
ocaml.mk. It was becoming more trouble than it was worth: only a minority
of packages used it, and it only made Makefiles more confusing.
(I've left out some packages: these will be updated forthwith)
|
|
location to load CA certificates from in the "ssl" module.
HTTPS requests to a site with a valid certificate now work out of the box
(even without the "mozilla-rootcerts-openssl").
|
|
4.2.1 / 2015-12-22
Bug fixes
* Fixed infinite loop with CR #339 by @nobu
* Allow rdoc run with disable-gems #340 by @luizluca
* Don't store full path in GZipped js files #341 by @voxik
* Fix relative path names for drive letters #367 by @nobu
* Fix for valid syntax `class C end` parsing #368 by @nobu
|
|
04 Feb 2016 PHP 7.0.3
- Core:
. Added support for new HTTP 451 code. (Julien)
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
. Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via
ob_start). (hugh at allthethings dot co dot nz)
. Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
(Anatol)
. Fixed Bug #71275 (Bad method called on cloning an object having a trait).
(Bob)
. Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
. Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
. Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71336 (Wrong is_ref on properties as exposed via
get_object_vars()). (Laruence)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- CURL:
. Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
. Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with
reference to CURLFile). (Laruence)
- Interbase:
. Fixed Bug #71305 (Crash when optional resource is omitted).
(Laruence, Anatol)
- LDAP:
. Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string
"Array"). (Laruence)
- mbstring:
. Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
- OpenSSL:
. Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- SOAP:
. Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
(Laruence)
. Fixed bug #71202 (Autoload function registered by another not activated
immediately). (Laruence)
. Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject,
unserialize)). (Sean Heelan)
. Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage,
unserialize)). (Sean Heelan)
- Standard:
. Fixed bug #71287 (Error message contains hexadecimal instead of decimal
number). (Laruence)
. Fixed bug #71264 (file_put_contents() returns unexpected value when
filesystem runs full). (Laruence)
. Fixed bug #71245 (file_get_contents() ignores "header" context option if
it's a reference). (Laruence)
. Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start).
(hugh at allthethings dot co dot nz)
. Fixed bug #71190 (substr_replace converts integers in original $search
array to strings). (Laruence)
. Fixed bug #71188 (str_replace converts integers in original $search array
to strings). (Laruence)
. Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
|
04 Feb 2016, PHP 5.6.18
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
. Added support for new HTTP 451 code. (Julien)
. Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
(Anatol)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- Apache2handler:
. Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)
- Opcache:
. Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
. Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32
on the same server). (Anatol)
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- Session:
. Fixed bug #69111 (Crash in SessionHandler::read()). (Anatol)
- SOAP:
. Fixed bug #70979 (crash with bad soap request). (Anatol)
- SPL:
. Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
(Laruence)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
|
04 Feb 2016, PHP 5.5.32
- Core:
. Fixed bug #71039 (exec functions ignore length but look for NULL termination).
(Anatol)
. Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its
input). (Leo Gaspard)
. Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
- GD:
. Improved the fix for bug #70976. (Remi)
- PCRE:
. Upgraded pcrelib to 8.38.
- Phar:
. Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
. Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
(Stas)
. Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
- WDDX:
. Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)
|
|
|
|
in case it'll change in some later version of the package.
|
|
Vala 0.30.0
===========
* Binding updates.
Vala 0.29.3
===========
* Add --shared-library option for GIR files.
* Bug fixes and binding updates.
Vala 0.29.2
===========
* Bug fixes and binding updates.
Vala 0.29.1
===========
* Binding updates.
|
|
changes in sbcl-1.3.2 relative to sbcl-1.3.1:
* enhancement: {READ,WRITE}-SEQUENCE are much faster for some combinations
of short sequences and stream types
* enhancement: MAKE-LIST's result can be stack-allocated on x86-64
* bug fix: WRITE-SEQUENCE no longer fails to write lists containing integers
to bivalent streams
* bug fix: LOGTEST (and hence ODDP) no longer conses when given fixnum
arguments and small bit positions. (lp#1277690)
* bug fix: READ-FROM-STRING compiler-macro does not permute its arguments
* bug fix: DEFUN of a function name that collides with a system-generated
structure accessor does not confuse the runtime. (lp#540063)
* bug fix: heap corruption from miscompiled RESTART-BIND. (lp#1530390)
|
|
Also tweak _RAILS_{MAJOR,MINOR,TEENY} variable definition.
|
|
PR pkg/50690.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Fix regression in debugger and profiler functionality
|
|
|
|
Previously there were at least 5 different ways MACHINE_ARCH could be set,
some statically and some at run time, and in many cases these settings
differed, leading to issues at pkg_add time where there was conflict
between the setting encoded into the package and that used by pkg_install.
Instead, move to a single source of truth where the correct value based on
the host and the chosen (or default) ABI is determined in the bootstrap
script. The value can still be overridden in mk.conf if necessary, e.g.
for cross-compiling.
ABI is now set by default and if unset a default is calculated based on
MACHINE_ARCH. This fixes some OS, e.g. Linux, where the wrong default was
previously chosen.
As a result of the refactoring there is no need for LOWER_ARCH, with
references to it replaced by MACHINE_ARCH. SPARC_TARGET_ARCH is also
removed.
|
|
Prevented the error message "*** Error 1 (ignored) ***" during installation
by using || instead of &&.
Shell commands are hidden during normal operation.
Go packages can be tested using "bmake test".
ok @bsiegert
|
|
|
|
* OS X PLIST is not verified.
Changelog:
The following vulnerabilities are fixed.
CVE-2016-0494
CVE-2015-8126
CVE-2016-0483
CVE-2016-0475
CVE-2016-0402
CVE-2016-0466
CVE-2016-0448
CVE-2015-7575
And some bugfixes:
See http://www.oracle.com/technetwork/java/javase/8u72-bugfixes-2775805.html
|
|
Same issue as seen in older php:
https://mail-index.netbsd.org/pkgsrc-bugs/2015/09/13/msg057792.html
|
|
|
|
are generated and various features end up disabled. Bump PKGREVISION.
|
|
|
|
are generated and various features end up disabled. Bump PKGREVISION.
|
|
* events: make sure console functions exist (Dave) #4479
* fs: add autoClose option to fs.createWriteStream (Saquib) #3679
* http: improves expect header handling (Daniel Sellers) #4501
* node: allow preload modules with -i (Evan Lucas) #4696
* v8,src: expose statistics about heap spaces (v8.getHeapSpaceStatistics())
(Ben Ripkens) #4463
* Minor performance improvements:
- lib: Use arrow functions instead of bind where possible (Minwoo Jung)
#3622.
- module: cache stat() results more aggressively (Ben Noordhuis) #4575
- querystring: improve parse() performance (Brian White) #4675
|
|
* assert
- accommodate ES6 classes that extend Error (Rich Trott) #4166
* build
- add "--partly-static" build options (Super Zheng) #4152
* deps
- backport 066747e from upstream V8 (Ali Ijaz Sheikh) #4655
- backport 200315c from V8 upstream (Vladimir Kurchatkin) #4128
- upgrade libuv to 1.8.0 (Saúl Ibarra Corretgé)
* docs
- various updates landed in 70 different commits!
* repl
- attach location info to syntax errors (cjihrig) #4013
- display error message when loading directory (Prince J Wesley) #4170
* tests
- various updates landed in over 50 commits
* tools
- add tap output to cpplint (Johan Bergstrom) #3448
* util
- allow lookup of hidden values (cjihrig) #3988
|
|
- Minor performance improvements:
- module: move unnecessary work for early return (Andres Suarez) #3579
- Various bug fixes
- Various doc fixes
- Various test improvements
|
|
This is the MicroPython project, which aims to put an implementation
of Python 3.x on microcontrollers and small embedded systems.
WARNING: this project is in beta stage and is subject to changes of
the code-base, including project-wide name changes and API changes.
MicroPython implements the entire Python 3.4 syntax (including
exceptions, "with", "yield from", etc.). The following core datatypes
are provided: str (including basic Unicode support), bytes,
bytearray, tuple, list, dict, set, frozenset, array.array,
collections.namedtuple, classes and instances. Builtin modules
include sys, time, and struct. Note that only subset of Python 3.4
functionality is implemented for the data types and modules.
|
|
abuse and a bunch of other warnings. Defensively bump revision.
|
|
|
|
This is a security-related release, it fixes CVE-2015-8618 that was
partically patched in 1.5.2nb1.
See full release notes for a description:
https://groups.google.com/d/msg/golang-announce/MEATuOi_ei4/JsndUuZwEAAJ
|
|
|
|
Changelog:
Major changes in 3.7.1
======================
* 3.7.0 was released with an inadvertent change to the signature of the C
API function: LLVMBuildLandingPad, which made the C API incompatible with
prior releases. This has been corrected in LLVM 3.7.1.
As a result of this change, 3.7.0 is not ABI compatible with 3.7.1.
+----------------------------------------------------------------------------+
| History of the LLVMBuildLandingPad() function |
+===========================+================================================+
| 3.6.2 and prior releases | LLVMBuildLandingPad(LLVMBuilderRef, |
| | LLVMTypeRef, |
| | LLVMValueRef, |
| | unsigned, const char*) |
+---------------------------+------------------------------------------------+
| 3.7.0 | LLVMBuildLandingPad(LLVMBuilderRef, |
| | LLVMTypeRef, |
| | unsigned, const char*) |
+---------------------------+------------------------------------------------+
| 3.7.1 and future releases | LLVMBuildLandingPad(LLVMBuilderRef, |
| | LLVMTypeRef, |
| | LLVMValueRef, |
| | unsigned, const char*) |
+---------------------------+------------------------------------------------+
|
|
07 Jan 2016 PHP 7.0.2
- Core:
. Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
(y dot uchiyama dot 1015 at gmail dot com)
. Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence)
. Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). (Laruence)
. Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence)
. Fixed bug memleak in header_register_callback. (Laruence)
. Fixed bug #71067 (Local object in class method stays in memory for each
call). (Laruence)
. Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
. Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
(Francois Laupretre)
. Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
. Fixed bug #71086 (Invalid numeric literal parse error within
highlight_string() function). (Nikita)
. Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse).
(Nikita)
. Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea)
. Fixed bug #66179 (var_export() exports float as integer). (Andrea)
. Fixed bug #70804 (Unary add on negative zero produces positive zero).
(Andrea)
- CURL:
. Fixed bug #71144 (Sementation fault when using cURL with ZTS).
(Michael Maroszek, Laruence)
- DBA:
. Fixed key leak with invalid resource. (Laruence)
- Filter:
. Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia)
- FTP:
. Implemented FR #55651 (Option to ignore the returned FTP PASV address).
(abrender at elitehosts dot com)
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- Mbstring:
. Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV,
Segmentation fault). (Laruence)
- Opcache:
. Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
- PCRE:
. Fixed bug #71178 (preg_replace with arrays creates [0] in replace array
if not already set). (Laruence)
- Readline:
. Fixed bug #71094 (readline_completion_function corrupts static array on
second TAB). (Nikita)
- Session:
. Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo)
- SPL:
. Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns
wrong number of parameters). (Laruence)
. Fixed bug #71153 (Performance Degradation in ArrayIterator with large
arrays). (Nikita)
- Standard:
. Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
(emmanuel dot law at gmail dot com)
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
(Julien)
|
|
07 Jan 2016, PHP 5.6.17
- Core:
. Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
. Fixed bug #70958 (Invalid opcode while using ::class as trait method
paramater default value). (Laruence)
. Fixed bug #70957 (self::class can not be resolved with reflection for
abstract class). (Laruence)
. Fixed bug #70944 (try{ } finally{} can create infinite chains of
exceptions). (Laruence)
. Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol:
php_register_internal_extensions). (Lior Kaplan)
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- Mysqlnd:
. Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
(Laruence)
- SOAP:
. Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
- Standard:
. Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number
of parameters). (Laruence)
- PDO_Firebird:
. Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
|
|
07 Jan 2015, PHP 5.5.31
- FPM:
. Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (Stas)
- GD:
. Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index
Out of Bounds). (emmanuel dot law at gmail dot com).
- WDDX:
. Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
(taoguangchen at icloud dot com)
. Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion
Vulnerability). (taoguangchen at icloud dot com)
- XMLRPC:
. Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).
(Julien)
|
|
|
|
http:
- A new status code was added: 451 - "Unavailable For Legal Reasons"
- Idle sockets that have been kept alive now handle errors
This release also includes several minor performance improvements:
- assert: deepEqual is now speedier when comparing TypedArrays
- lib: Use arrow functions instead of bind where possible
- node: Improved accessor perf of process.env
- node: Improved performance of process.hrtime()
- node: Improved GetActiveHandles performance
- util: Use faster iteration in util.format()
|
|
|
|
|
