| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Use openjdk7-1.7.60 based bootstrap kits to avoid headlessawt related errors.
Confirmed under NetBSD/{amd64,i386} 5.2.2, NetBSD/{amd64,i386} 6.1.1,
NetBSD/{amd64,i386} 6.99.47, and DragonFly/amd64 {3.6.1,3.8.1}.
* Drop pre-3.6 DragonFly support.
* Drop unused distfiles from icedtea-extra.mk.
Changelog: for Oracle Java 7u65
From: http://www.oracle.com/technetwork/java/javase/7u65-relnotes-2229169.html
Java™ SE Development Kit 7, Update 65 (JDK 7u65)
The full version string for this update release is 1.7.0_65-b17 (where "b" means "build"), except for Windows, where the version string is 1.7.0_65-b20. The version number is 7u65.
Highlights
This update release contains the following enhancements and changes:
New Features and Changes
IANA Data 2014c
JDK 7u65 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baselines
The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 7u65 are specified in the following table:
JRE Family Version JRE Security Baseline
(Full Version String)
7 1.7.0_65
6 1.6.0_81
5.0 1.5.0_71
For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
JRE Expiration Date
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 7u65) will expire with the release of the next critical patch update scheduled for October 14, 2014.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 7u65) on November 15, 2014. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.
JavaFX Release Notes
This JDK release includes JavaFX version 2.2.65.
New Features and Changes
New Java Control Panel option to disable sponsors
Currently, to disable sponsor offers at the time of installation, the user can de-select the option during installation or can pass SPONSORS=0 as a commandline option.
In this release, a new Java Control Panel(JCP) option to disable sponsors is available. To use this option, go to JCP's "Advanced" tab, and check or uncheck "Suppress sponsor offers when updating Java".
This option is applicable to 32 and 64 bit Windows operating systems.
New JAXP processing limit property - maxElementDepth
A new property, maxElementDepth, is added to provide applications the ability to set limit on maximum element depth in an xml file that they parse. This may be helpful for applications that may use too much resources when processing an xml file with excessive element depth.
Name: http://java.sun.com/xml/jaxp/properties/maxElementDepth
Definition: Limit the maximum element depth
Value: A positive integer. 0 is treated as no limit. Negative numbers are treated as 0.
Defaule value: 0
System property: jdk.xml.maxElementDepth
For more details, see Processing Limits from JAXP tutorial trail.
See 8031541 (not public).
Bug Fixes
This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.
For a list of bug fixes included in this release, see JDK 7u65 Bug Fixes page.
The following are some of the notable bug fixes in this release:
Area: client-libs/AWT
Synopsis: Using RMI from a restricted environment may cause a NullPointerException.
If an application uses RMI and runs in a restricted environment (ie. Java Plugin, Java Web Start), it may not work. In particular, if you run a UI from an RMI callback, a NullPointerException is likely to be thrown.
See 8019274.
Area: other-libs/corba
Synopsis: org.omg.CORBA.ORBSingletonClass loading no longer uses context class loader
The system property org.omg.CORBA.ORBSingletonClass is used to configure the system-wide/singleton ORB. The handling of this system property was changed in the 7u55 release to require that the system wide/singleton ORB be visible to the system class loader.
In this release, the handling of this system property has been reverted to match the behavior found in JDK versions prior to 7u55 release, i.e. the singleton ORB is once again located using the thread context class loader of the first thread, to call the no-argument ORB.init method. The change is made to support applications which depend on this behavior.
Note that this change is applicable to 8u20, 7u65, 6u85 and 5.0u75 releases. For JDK 9, the new behavior, where the system wide/singleton ORB needs to be visible to the system class loader, will continue.
See 8046603.
Known Issues
Area: xml/jax-ws
Synopsis: JAF initialization in SAAJ clashing with the one in javax.mail
After initialization of SAAJ components, the javax.mail library may fail to work under certain circumstances, which in turn could break the javax.mail's JAF setup.
A possible workaround is to re-add the javax.mail handler before using javax.mail API:
MailcapCommandMap mailMap = (MailcapCommandMap) CommandMap.getDefaultCommandMap();
mailMap.addMailcap("multipart/mixed;;x-java-content-handler=com.sun.mail.handlers.multipart_mixed");
See 8043129.
|
|
* Use working bootstrap kits for DragonFly from DPorts.
* Borrow patches from DragonFly Dports.
Fix build under DragonFly 3.6.2 and 3.8.1.
|
|
foul of various path filters and transformations.
|
|
illumos releases and appears to cause issues there, seen most clearly in
qt3 uic segfaults.
Bump PKGREVISION of both gcc47 and gcc47-libs, gcc47-libs by more than one
as it has lagged behind and must be kept ahead of gcc47.
|
|
1.7.3
-----
- Issue #77: Fix import six on Python 3.4 with a custom loader.
- Issue #74: six.moves.xmlrpc_server should map to SimpleXMLRPCServer on Python
2 as documented not xmlrpclib.
|
|
|
|
Release 0.9.4
Major feature upgrade
* R7RS support
* Notable improvements
* A bunch of new procedures and enhancements
* Tons of bug fixes
+ Fixes that may break the compatibility
+ Miscellaneous fixes
R7RS support
Gauche now supports R7RS-small ( http://r7rs.org/ ). It can load R7RS libraries
and execute R7RS scripts seamlessly. (There are minor caveats; see ref:Standard
conformance). See also ref:Library modules - R7RS integration for the details
of how R7RS is integrated.
The backward compatibility to the legacy Gauche code is kept as much as
possible; in short, you can keep using existing Gauche code and write new code
in pretty much the same way.
It's up to you to write code in traditional Gauche way or R7RS way: If you plan
to make the code portable, you may want to stick with R7RS, but if you need to
depend on lots of Gauche-specific libraries, there's not much point to adopt
R7RS structure, for you can't run it in other implementations anyway.
Notable improvements
* REPL is slightly improved: You can access history (ref:Working in REPL).
And describe shows known bindings when called on symbols. The default
writer now do not show shared structures, for it confused newcomers; it
still shows circular structures in srfi:38 notation.
* data.random: Random data generators.
* math.prime module for lazy sequence of primes, testing primality, and prime
factorization.
* srfi-106: Basic socket interface.
* PIPE signal handling is changed. By default, Gauche effectively ignores
SIGPIPE; the system calls will generate EPIPE system-error instead. Since
the signal delivery timing differ in the Scheme world from C world,
handling SIGPIPE reasonably is difficult, while handling system error is
straightforward and synchronous. Note that EPIPE error from stdout and
stderr terminates the process immediately, so that the Gauche script don't
spit error messsages when used in command pipelines and the destination
command exits prematurely. See ref:Handling signals for the details.
* write and display is now R7RS; that is, they won't explode by circular
structures.
* On Windows, system interface functions now properly handles multibyte
filenames, command-line arguments and enviornment variables. Contribution
from SAITO Atsushi.
A bunch of new procedures and enhancements
* New numerical procedures:
+ On rationalization: rationalize, real->rational, continued-fraction;
see Gauche-blog:20120925-rationalize. As a bonus, now converting
flonums to exact number can produce more readable (simple) rational
numbers; see Gauche-blog:20120930-exact.
+ On integer operations: exact-integer? (r7rs) expt-mod, twos-exponent,
twos-exponent-factor,
+ Gamma functions: gamma, lgamma.
+ r7rs division operators floor/, floor-quotient, floor-remainder,
truncate/, truncate-quotient, truncate-remainder.
* expt now returns exact value if possible, even the exponent is non-integer
(but exact rational).
* New list and vector procedures: length<=?, list-set!, vector-map (r7rs),
vector-for-each (r7rs), vector-tabulate.
* New regex procedures: rxmatch-substrings, rxmatch-positions,
rxmatch-named-groups.
+ Also, regex objects now have read-write invariance.
* rfc.json: Now you can customize mappings between json array/object and
Scheme objects. Also parse-json* is added to parse multiple JSON objects
from a single source.
* gauche.generator: New procedures: gconcatenate, gmerge, gbuffer-filter.
* gauche.lazy: New procedure: lconcatenate
* gauche.uvector:
+ u8vector-multi-copy!, u8vector-append (and all other TAG variations).
+ string->u8vector etc.: Added immutable? optional argument to produce
immutable uvector, which avoids copying the string contents. u8vector->
string also avoids copying if the source vector is immutable.
* rfc.http: Support for basic authentication added.
* file.filter: file-filter may leave the destination file untouched if it
won't be changed, by :leave-unchanged option. Also added new procedures:
file-filter-for-each, file-filter-fold, file-filter-map.
* You can now load script from non-regular files (e.g. device files). Useful
for one-liner such as gosh -E... /dev/null.
* Char-set now adopts collection framework, and also they're applicable
object to test membership.
* Trie (util.trie) now adopts dictionary framework.
* make-tree-map accepts single compare argument instead of = and <.
* rfc.hmac: Pick appropriate block size according to the digest algorithm
metaclasses.
* string-split: Accept an optional argument to limit the number of the
result, much like Perl's similar operator.
* command-line (r7rs)
* include and include-ci (r7rs)
* util.sparse: sparse-vector-ref and sparse-table-ref now have generalized
setters.
* symbol=?, boolean=? (r7rs).
* Reader supports #true and #false for r7rs.
* Negative zeros (-0.0) are recognized when it matters.
* generator-find
* cond-expand supports library clause (r7rs).
* text.unicode: utf8->string, string->utf8 (r7rs); string-ci=? etc. that
handles Unicode full case mapping, as required by R7RS.
* dotimes and dolist now supports omission of variable.
* letrec* (r7rs).
* rfc.base64: base64-decode and base64-encode support :url-safe keyword
argument to use url-safe alternative characters.
* syntax-rules: Support r7rs enhancements.
* define-values: Made r7rs compliant.
* sys-errno->symbol, sys-symbol->errno.
* Built-in sort procedures now supports srfi-95. See ref:Comparison and
sorting.
* digit->integer, integer->digit: Extended to handle digit characters other
than [0-9]; Unicode defines a bunch of them.
* gauche.dictionary: Bimap can have default conflict resolution.
* os.windows: Console procedures are enhanced. Contribution from github.com/
Hamayama.
Tons of bug fixes
Fixes that may break the compatibility
* The reader syntax \xNN is now interpreted as R7RS-way by default
(semicolon-terminated, Unicode codepoint). If we don't find the terminating
semicolon, we interpret it as the legacy syntax. However, there are
ambiguous cases that lead to incompatible behavior. You can switch the
reader mode by reader-lexical-mode to make it fully comatiple to the old
Gauche.
* The hash function for char-set behaved poorly, so we changed it. If you
have saved the hash value of char-sets in the previous versions of Gauche,
you need to recalculate them.
* We no longer coerce the result to inexact when dividing an exact numebr by
exact zero; we used to return +inf.0, but that interpretation is no longer
allowed since R6RS. Now it raises an error.
* It is now an error to pass strings containing NUL characters to external
libraries that expects strings. For example, passing "foo.scm\0.exe" to
open-input-file throws an error. Allowing it would make potential security
issue. If you need to pass a byte array that may contain 0, consider using
u8vector instead of strings.
* copy-bit-field: The argument order is switched - Gauche was following the
old SLIB interface, but it was changed during SRFI-60 discussion. We now
comply the new argument order for the portability, and the old code that
uses this procedure need to be changed.
* rfc.uri: Use uppercase for percent-encoding of special chars, as
recommended in RFC3986. Watch out if the code relying on the case of
percent-encoding.
* srfi-13: Switched the argument order of string-filter and string-delete;
they are changed after finalization, to be in sync with srfi:13's reference
implementation. (Usually reference implementation is fixed to match the
spec, but in this case, quite a few Scheme implementations had been using
the reference implementation as it was, and changing it would have broken
existing code.) Fortunately we could support both order so that the
existing code will keep working, but we recommend to change the code to
match the new order if possible.
Miscellaneous fixes
* Fix: thread-terminate! caused SEGV when called on a thread that's not
running.
* Fix: Character reader produced incorrect values in some #\uxxxxx input.
* Fixed incorrect/missing stack traces, contributed from Vitaly Magerya.
* Fixed subtle bugs in conversion between rationals and flonums.
* util.match: Fixed match-define.
* force: Fixed leak, introduced between 0.9.2 and 0.9.3.
* write-ber-integer ignored the port argument.
* gauche.net: On Windows, the socket code had a fd leak.
* text.diff: diff ignored :equal keyword argument.
* rfc.tls: Fixed file descriptor leak.
* rfc.json: Propertly handles surrogate pairs.
* unwind-protect: The cleanup handler wasn't called properly if the process
exits within the body.
|
|
* Use fork instead of posix_spawn under NetBSD 5.
|
|
|
|
|
|
PEAR-1.9.5
The new version - three years after the last stable 1.9.4 and 2 weeks after
the preview - is a bugfix only release. 13 bugs have been fixed. Among them
are the following:
* #18466: Modifying paths during installation broken on Windows
* #20203: PEAR channels on github user pages do not work
* #20283: Report correct php.ini directive on xdebug installation (and every
other zend_extension)
Our plan is to work on a new version 1.10 that is E_STRICT and E_DEPRECATED
clean and ships a couple of new features.
XML_Util-1.2.3
* Bug #20293 Broken installation for 1.2.2
Changes to 1.2.2 is not available.
|
|
libLLVM-3.4.so soname fix.
PowerPC: Fix for 128-bit shifts.
R600: Shader calling convention fix.
|
|
|
|
|
|
PR pkg/48967
HTML Documentation for Python 3.4
|
|
PR pkg/48929.
HTML Documentation for Python 3.3
|
|
* prevent to use derecated doc/html hier.
* install whole contents, especially css and js are useful parts.
* use static PLIST.
Bump PKGREVISION.
|
|
* prevent to use deprecated doc/html hier.
* install whole contents, especially css and js are useful parts.
* use static PLIST.
Bump PKGREVISION.
|
|
While here,
* Add 2.7 to COMMENT.
* Use pkgsrc framework way for dynamic plist generation.
|
|
While here,
* Add 2.6 to COMMENT.
* Use pkgsrc framework way for dynamic plist generation.
|
|
brings numerous bugfixes, also the addition of unicode character support
|
|
|
|
|
|
|
|
|
|
Bump PKGREVISION.
|
|
Bump PKGREVISION.
|
|
|
|
instead.
|
|
|
|
|
|
* Add Java dependency, it is used with GUI server.
Changelog:
10.5.5 2013 November 20th, development release
Allow trailing , (comma) in JSON arrays. The new JSON ECMA-404 seems not
to allow it but the JavaScript standard ECMA-262 and many browsers do.
Added makefile_linux_openwrt for for TP-link TL-WR703N travel router
contributed by Dexter.
In arithmetik big integer operations + - * / % more than two operands
are allowed as in normal precision integer operations.
On Windows support UNIX conventions for formatting 64-bit integers.
I.e.: %lld %llu %llx %llX additionally to %I64d %I64u %I64x %I64X
Added ++, -- to qa-bigint. Fixed sign change on second operand of
bigint -- when second operand was negative.
Some cleanup in Cilk API when releasing resources.
The 'gcd' function now also works on big integers and > 2 operands.
On UBUNTU Linux decimal numbers can be formatted using a GNU extension
in libc, e.g: (format "%'d" 12345) => 12,345
The optional ' (single quote) after the % character causes thousands
to be separated with the appropiate character for the current locale.
Fixed a cell leak introduced in 10.5.5 when deleting contexts.
The default pretty-print float setting has been changed to "%1.15g".
'reset' now also cancels command line parameter processing.
A fix in 'round' when number is exacty 0.5.
'map', 'apply', 'stats', 'corr', 't-test' now also can take arrays
'bayes-query' with Fisher's Chi2 method calculated wrong probabilities
when training in more than two categories. When training in two
categories the result probabilities were swapped - reporting the
probability for the second category first. 'bayes-query' calculating
probabilities with the Chain Bayesian method - using the true flag -
was not affected.
Many documentation changes and corrections.
10.5.6 December 10th, 2013, development release
Since OSX 10.9 Maverick (format "%'d" 12345) => 12,345 will work too.
Will not work on any locale but works on en_US.UTF-8.
Fixed 'apply' for arrays introduced in 10.5.5 for a cell/memory leak.
When making hash trees using the predefined context 'Tree',
the default symbol in the new context is protected as is 'Tree:Tree'.
Default symbols in hash trees must be 'nil' in order for the hash
statement syntax for namespaces to work.
When copying symbols from a source context to a target contest using 'new'
or 'def-new', the 'protected?' property is copied too.
An empty list as index vector for a list or array yields the original
list or array as return value:
(set 'L '(1 2 (3 4)))
(L '()) => (1 2 (3 4))
(nth '() L) => (1 2 (3 4))
Many document changes, additions and corrections.
'int' can convert binarys numbers like (int "0b11111") => 31
This format is recognized by the code reader/loader since v.10.4.4.
Integers are accepted as hash keys. This allows creating sparse vectors:
(new Tree 'V)
(V 123 "hello")
(V 123) => "hello"
'reverse' can be used on arrays.
Anaphoric system variable $it is now set to the value of the conditional
expression in 'if'.
Speed improvements in evaluateExpression(). For this The -pendatic option
has been turned off in Linux to avoid ISO C90 mixed declaration warnings.
'length' on integers will return the number of digits, just like it already
does on bigint numbers, on floats returns the number of decimal digits before
the decimal separator.
10.5.7
Fixes for deprecated CYGWIN compile. See also makefile_cygwin for more info.
Clear potential error condition when doing 'import'.
In guiserver.jar: When adding columns with empty string headers, this will not
any more put the column number as header. This allows to add columns to
headerless tables, as possible when supplying empty string headers in the
initial gs:table statement.
Debugger will now always highlight the correct expression, not highlight
the first one if multiple instances exist.
Eliminated strncat() for BSD and better speed with memcpy() in most places.
Delay signal-behavior change in spawn after getting parameters. Makes better
error recovery.
In guiserver.jar: New table functions. Thanks to Ferry de Bruin.
gs:table-remove-row, gs:table-set-column-name and gs:table-set-row-count.
To avoid API naming confusions, the naming of old gs:table-set-row-number
is deprecated and should be called as gs:table-show-row-number.
The old naming will continue to work. Three new optional parameters for
'gs:scroll-pane' can specify colun header, row headers and a widget
for the top left corner of a table used in the scroll pane.
'find-all' should return an empty list as documented when nothing is found
on strings too.
Some renaming of functions and constants for better code readability and
some small refactoring in several files.
qa-bench has been redone with changes for Emscripten compiled newLISP.
Now calibrates for comparison with Mac OSX 9.1 on 2.3GHz Intel Core i5.
Fixed a crash bug when colon operator has missing or wrong-type args
on 64-bit compiles.
newLISP compiled to JavaSript with Emscripten
---------------------------------------------
Added makefile_emscripten_lib_utf8. For this
Must download and install the Emscripten-SDK from here:
https://github.com/kripken/emscripten/wiki/Emscripten-SDK
Tested on OSX 10.9 installing emsdk-portable.tar.gz v.1.7.8
The newlisp-js-lib.js is made using makefile_emscripten_lib_utf8.
The new function 'eval-string-js' takes a JavaSript string.
New 'display-html' can either replace the current page or display
a page in a new tab of the host browser. 'display-html' must be
defined in Emscripten appplication .html
Some functions (filter, index, clean, exists, forl-all) will not show
error messages under certain circumstanmces in the monitor, although
newLISP behaves correctly throwing the exception (setjmp/longjmp), they
just don't reach the Emscripten console (log). In this case, if the error
is not 'catch'ed newLISP exits without advising why. This problem goes away
when compiling with Emscriptem without any optimizations, but slows
everything down by a factor of 40 to 50. Normal performance is around
1.5 of native on Mac OSX when excluding all time/date related functions
and a few other outliers. Including outliers about 2.65.
See also here: https://github.com/kripken/emscripten/issues/810
(volatile declaration did not help)
All file and directory functions work (almost all did all the time),
but changes are lost after leaving the page or reloading the page.
Storage is 'session storage' only. No URLs are in allowed in file
functions as is on native compiled newLISP.
As editor, CodeMirror from codemirror.net is used and mode/newlisp.js
was created for syntax high-lighting.
10.5.8
'macro' is now a built-in primitive function working exactly as described
in the macro.lsp module, which is now obsolete. Macros cannot be redefined
using 'macro'. Macros can be nested. A symbol used as a macro can only be
used as a macro, even if changing the definition of it.
Another speed improvement for 'read-line' on file handles (the first speed
improvement happend in 10.3.10).
10.6.0
Eliminated emscripten-lib.c, gets handled by unix-lib.c.
A fix for 'file?' and 'directory?' predicates when applied to root
directories on Windows.
Updated examples/udp-server.lsp to nmake it work on Windows.
|
|
anyone had the old one. Also, add the "old" release distfile path to the
MASTER_SITES list.
|
|
|
|
snobol4.man from vanilla.tar.gz rather than from pm.exe within vanilla.zip;
as vanilla.zip is no longer distributed (and the change between these two
versions is very minimal). Due to distfile and packaging changes bump
PKGREVISION.
|
|
|
|
|
|
|
|
http://bugs.python.org/issue21766
Bump PKGREVISION.
|
|
|
|
http://bugs.python.org/issue21766
Bump PKGREVISION.
|
|
The openssl version bundled in the Windows installer has been updated.
A regression in the mimetypes module on Windows has been fixed.
A possible overflow in the buffer type has been fixed.
A bug in the CGIHTTPServer module which allows arbitrary execution of code in the server root has been patched.
A regression in the handling of UNC paths in os.path.join has been fixed
|
|
http://bugs.python.org/issue21766
Bump PKGREVISION.
|
|
likely, we don't lose very much.
|
|
|
|
variables become commons and don't get noticed, but on platforms
without commons or with commons disabled, this results in a multiply
defined symbol.
Should fix MacOS build.
|
|
doesn't.
|
|
or had a namespace pollution issue exposing time.h improperly. Should
fix the MacOS build.
XXX: on MacOS the configure script concludes that stdlib.h, unistd.h,
XXX: and string.h are all missing. I have no idea why this would be
XXX: but someone with access to config.log needs to investigate.
|
|
|
|
26 Jun 2014, PHP 5.5.14
- Core:
. Fixed BC break introduced by patch for bug #67072. (Anatol, Stas)
. Fixed bug #66622 (Closures do not correctly capture the late bound class
(static::) in some cases). (Levi Morrison)
. Fixed bug #67390 (insecure temporary file use in the configure script).
(CVE-2014-3981) (Remi)
. Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
. Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
(Stefan Esser)
- CLI server:
. Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
- Date:
. Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
(Adam)
. Fixed regression in fix for bug #67118 (constructor can't be called twice).
(Remi)
- Fileinfo:
. Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
(CVE-2014-0207)
. Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal
string size). (CVE-2014-3478) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary
check). (CVE-2014-3479) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
(CVE-2014-3480) (Francisco Alonso, Jan Kaluza, Remi)
. Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary
check). (CVE-2014-3487) (Francisco Alonso, Jan Kaluza, Remi)
- Intl:
. Fixed bug #67349 (Locale::parseLocale Double Free). (Stas)
. Fixed bug #67397 (Buffer overflow in locale_get_display_name and
uloc_getDisplayName (libicu 4.8.1)). (Stas)
- Network:
. Fixed bug #67432 (Fix potential segfault in dns_get_record()).
(CVE-2014-4049). (Sara)
- OPCache:
. Fixed issue #183 (TMP_VAR is not only used once). (Dmitry, Laruence)
- OpenSSL:
. Fixed bug #65698 (certificates validity parsing does not work past 2050).
(Paul Oehler)
. Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
(Paul Oehler)
- PDO-ODBC:
. Fixed bug #50444 (PDO-ODBC changes for 64-bit).
- SOAP:
. Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
- SPL:
. Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
. Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
. Fixed bug #67360 (Missing element after ArrayObject::getIterator). (Adam)
. Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type
Confusion). (CVE-2014-3515) (Stefan Esser)
. Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
. Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
. Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
- DOM:
. Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag,
not only the subset). (Anatol)
- Fileinfo:
. Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
. Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS) (CVE-2014-0238).
. Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation) (CVE-2014-0237).
- FPM:
. Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
(Julio Pintos)
- GD:
. Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
- PCRE:
. Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch
from the upstream). (Anatol)
- Phar:
. Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent
in its name). (PR #588)
|
