Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This workaround didn't help. NetBSD is supposedly fixed now.
|
|
Remove php71 (PHP 7.1.x) support.
|
|
Remove php71 pacakge since PHP 7.1.x is EOL.
|
|
|
|
Clean up php languages.
* Clean up php/phpversions.mk a little.
* Add php/replace.mk to provide common shebang line replace for PHP.
* Define USE_TOOLS before including <bsd.prefs.mk>.
* Fix most warnings of pkglint.
No functional change should be done.
|
|
|
|
Update included pear pacakges in this package.
Bump PKGREVISION.
Archive_Tar 1.4.9 2019-12-04 07:13 UTC
Changelog:
* Implement Feature #23861: Add option to disallow symlinks [mrook]
XML_Util 1.4.4 2019-12-05 14:09 UTC
Changelog:
* PR #11: fix phplint warning
|
|
Update "used by" lines in comment.
|
|
|
|
Add php74 version 7.4.0 pacakge based on php73.
PHP is a widely-used open source general-purpose scripting language
that is especially suited for web development and can be embedded
into HTML. It is modular, and object-oriented. Much of its syntax
is borrowed from C, Java and Perl with a couple of unique PHP-specific
features thrown in. The language is designed to allow web developers
to write dynamically generated pages quickly.
PHP 7.4 comes with numerous improvements and new features such as
* Typed Properties
* Arrow Functions
* Limited Return Type Covariance and Argument Type Contravariance
* Unpacking Inside Arrays
* Numeric Literal Separator
* Weak References
* Allow Exceptions from __toString()
* Opcache Preloading
* Several Deprecations
* Extensions Removed from the Core
|
|
Add support for PHP 7.4.
|
|
Change default vesion of Ruby from 2.4.x to 2.6.x.
* Ruby 2.7 will be released within this year.
* Ruby 2.6.x is stable enough and actively maintained.
* Ryby 2.5.x will be in security maintenance phase after
release of Ruby 2.7.
* Ruby 2.4.x will be EOL after 31th March 2020.
|
|
|
|
|
|
go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where
the non-notarized installer and binaries were being rejected by Gatekeeper.
Only macOS users who hit this issue need to update.
go1.12.14 (released 2019/12/04) includes a fix to the runtime. See the Go
1.12.14 milestone on our issue tracker for details.
|
|
|
|
Some SunOS variants provide an older version of (default path) sed that
doesn't support the -i option. (My previous build fix had completed
successfully on OmniOS, on which /usr/bin/sed is the FreeBSD variant,
which does support -i.) For simplicity's sake, just require gsed.
|
|
This fixes CVE-2019-19720.
Notable changes:
- Add dependency on devel/libffi
- Reset MAINTAINER, email address does not exist anymore
- Update LICENSE, Yabasic is now MIT licensed since version 2.77.1
ChangeLog:
Version 2.86.2 (December 12, 2019)
- Another fix for heap-buffer-offerflow found with address sanitizer
Version 2.86.1 (December 8, 2019)
- Fix for heap-buffer-offerflow
Version 2.86.0 (November 28, 2019)
- Added new functions bitnot
- Fixes for bit-arithmetic (signes/unsigned)
Version 2.85.0 (November 16, 2019)
- Added new functions shl, shr and round
- Introduced binary literals preceeded by 0b
- Fixes for hex literals
- The error-command no longer adds a line number
Version 2.84.3 (November 3, 2019)
- Better debugging for library path
- Clean builds for Windows setup-program
Version 2.84.2 (October 6, 2019)
- Fixed some potential stackoverflows
- Removed empty dir related with nano
- Tests with tmux only within the Rakefile
Version 2.84.1 (July 20, 2019)
- Make unload_library after call the default for foreign_functions
- Fixes to docu
- Requiring libffi for build (unless specified other by configure-option)
- explicit error no longer unwinds call-stack
Version 2.84.0 (July 12, 2019)
- New command foreign_buffer_set_buffer
Version 2.83.3 (June 30, 2019)
- Documentation
Version 2.83.2 (June 30, 2019)
- Allow specifying null-pointer for foreign functions
Version 2.83.1 (June 26, 2019)
- Fix for line-numbers in errors after import
- Updating the manual
Version 2.83.0 (April 29, 2019)
- Unix: Added a syntax-file for the nano-editor;
contributed by Stephan Muesse
- Made parentheses around condition in while and until optional
- Better error messages on misaligned control structures
- New family of functions and commands foreign_* to invoke functions
from external c-libraries
- Fixes for line-numbers in error messages
- Revised and updated the documentation
Version 2.82.1 (March 11, 2019)
- Allowing comments after import statement
- Fixes regarding error messages
Version 2.82.0 (February 17, 2019)
- Advanced version of autoconf and other tools
- Fix in tests
- Fixed nested import of libraries
- Libraries can now be found in the directory of the main file too
- Error messages try to show and mark the offending part of the code
- Hexadecimal numerical literals are supported, e.g. print 0xff
Version 2.81.4 (January 27, 2019)
- Fixed error with inkey$ and clear screen
- Fixed fatal error with inkey$ and upper case letters
Version 2.81.3 (January 13, 2019)
- Fixed a compile-problem on macos
- Corrected a rendering problem on www.yabasic.de, which had cut off the
bottom-lines of many pages
Version 2.81.2 (January 2, 2019)
- Fixed a problem under netbsd, which prevented yabasic from finding
its own executable
- Fix on macos for curses-initialization e.g. during "clear screen"
- Fix that allows libraries to start with a comment introduced by
a hash or a single quote
- Made the prior "Guide into the guts" available again as "Some
remarks on changing Yabasic"; see www.yabasic.de
- Document options for unix and windows in the same chapter
Version 2.81.1 (November 1, 2018)
- Fix: Allow yabasic to run from within a script
Version 2.81.0 (October 27, 2018)
- New function chomp$
- Added new peek "interpreter_path"
- Fixed a sporadic issue with bound programs
Version 2.80.0 (September 8, 2018)
- Added functions floor() and ceil()
- Checking for function clock_gettime during configure
|
|
Mypy 0.750 was released. This release has better support for self-types, improved stub generator, experimental static inference of annotations, and other improvements and bug fixes. Read the blog post for more details.
|
|
3.6.0:
The main focus in this release was more accurate decompilation especially for 3.7 and 3.8. However there are some improvments to Python 2.x as well, including one of the long-standing problems of detecting the difference between try ... and try else ....
With this release we now rebase Python 3.7 on off of a 3.7 base; This is also as it is (now) in decompyle3. This facilitates removing some of the cruft in control-flow detection in the 2.7 uncompyle2 base.
Alas, decompilation speed for 3.7 on is greatly increased. Hopefull this is temporary (cough, cough) until we can do a static control flow pass.
Finally, runing in 3.9-dev is tolerated. We can disassemble, but no parse tables yet.
|
|
6.13.2:
BUG FIXES
* fix docs target typo
* fix(packageRelativePath): fix 'where' for file deps
* Revert "windows: Add preliminary WSL support for npm and npx"
* remove unnecessary package.json read when reading shrinkwrap
* fix(fund): open url for string shorthand
* Don't log error message if git tagging is disabled
* Warn the user that it is uninstalling npm-install
|
|
|
|
Moved nodejs to nodejs10 - version 10.17.0
Version 12.13.1 'Erbium' (LTS):
Notable changes
Experimental support for building Node.js with Python 3 is improved.
ICU time zone data is updated to version 2019c. This fixes the date offset in Brazil.
|
|
Version 13.3.0:
Notable Changes
fs:
Reworked experimental recursive rmdir()
The maxBusyTries option is renamed to maxRetries, and its default is set to 0. The emfileWait option has been removed, and EMFILE errors use the same retry logic as other errors. The retryDelay option is now supported. ENFILE errors are now retried.
http:
Make maximum header size configurable per-stream or per-server
http2:
Make maximum tolerated rejected streams configurable
Allow to configure maximum tolerated invalid frames
wasi:
Introduce initial WASI support
|
|
Update examples to php73 in comment.
|
|
Change default version of php from 7.1.x to 7.3.x.
* PHP 7.1.x is now EOL after 1st Dec 2019.
* PHP 7.3.x is actively maintained release.
|
|
|
|
It's not always possible to include go-package.mk earlier than bsd.prefs.mk
in a package, for example if the package defines its own do-install target,
so move out the *_SUPPORTED variables that need to be included first.
|
|
Curiously, the only thing stopping this from building was the second
accept4() test in the configure script, which doesn't supply the
necessary linker arguments. Elsewhere, the build configuration does
correctly set those same arguments. On current members of the SunOS
family, this meant it would falsely think accept4() wasn't defined
when it really was, which would then lead to a signature mismatch
during compilation.
|
|
I forgot to include this file in the go113 commit, thanks wiz@ for
notifying me!
|
|
|
|
The Go programming language is an open source project to make
programmers more productive.
Go is expressive, concise, clean, and efficient. Its concurrency
mechanisms make it easy to write programs that get the most out of
multicore and networked machines, while its novel type system enables
flexible and modular program construction. Go compiles quickly to
machine code yet has the convenience of garbage collection and the power
of run-time reflection. It's a fast, statically typed, compiled language
that feels like a dynamically typed, interpreted language.
|
|
This makes it easier to run the Go compiler from within the build
environment created by "bmake build-env".
|
|
fixes GCC-8 arm64 systems.
|
|
Fixes PLIST install failures on Darwin.
|
|
|
|
|
|
This release fixes one bug in erts.
--- Fixed Bugs and Malfunctions ---
OTP-16301 Application(s): erts
Related Id(s): ERL-1079
Large amounts of quickly executed dirty work could
cause heavy contention on an internal spin lock. The
spin lock was replaced by a mutex which behaves much
better under these conditions.
|
|
Some packages using cargo.mk have distfiles not from
crates.io.
|
|
Update pear to 1.10.10 contains two pear pacakge updates:
o PEAR 1.10.10
o Console_Getopt 1.4.3
PEAR 1.10.10 (2019-11-19)
Changelog:
* PR #89: Fix scripts/* include paths
* PR #90: Non-interactive configureoption answers
* PR #91: Added missing preg quote
* PR #92: handle "lib64" case for glibc detection
* PR #93: Fix PHP Notice: Trying to access array offset on value of type bool with 7.4
* PR #94: Updated logic in useLocalCache to reuse getCacheId
* PR #95: Fix manpage warning
* PR #96: Implement the SOURCE_DATE_EPOCH specification
* PR #97: Fix PHP 7.4 deprecation: array/string curly braces access
* PR #98: Fix use of null/false as array
* PR #99: Fix Travis builds on PHP 5.4 and 5.5
* PR #100: Honor PHP temp directory config
* PR #101: Fix documentation: the `--force` is required
Console_Getopt 1.4.3 (2019-11-20)
Changelog:
* PR #4: Fix PHP 7.4 deprecation: array/string curly braces access
* PR #5: fix phplint warnings
|
|
With these values, a Rust package downloads its own distfile from
crates.io by default, and shares dependancy crate distfiles with other
Rust packages to avoid multiple downloads.
|
|
See:
https://mail-index.netbsd.org/pkgsrc-changes/2019/12/02/msg201958.html
|
|
Avoid to use ifunc on NetBSD. Fix build problem on NetBSD current, 9.99.x.
|
|
* NetBSD base has no root CA certificate, depend on mozilla-rootcerts-openssl.
|
|
Switch to use ".tar.xz" distfiles instead of ".tar.bz2".
No functional change.
|
|
v6.13.1:
fix(fund): support funding string shorthand
should not publish tap-snapshot folder
Add preliminary WSL support for npm and npx
print quick audit report for human output
v6.13.0:
add fund command
delete ps1 files on package removal
update supported node list to remove v6.0, v6.1, v9.0 - v9.2
v6.12.1:
add node v13 as a supported version
Fix regression in lockfile repair for sub-deps
resolve circular dependency in pack.js
v6.12.0:
Now npm ci runs prepare scripts for git dependencies, and respects the --no-optional argument. Warnings for engine mismatches are printed again. Various other fixes and cleanups.
|
|
Version 8.16.2 'Carbon' (LTS):
Notable changes
deps: upgrade openssl sources to 1.0.2s
Version 8.16.1 'Carbon' (LTS):
Notable changes
This is a security release.
Node.js, as well as many other implementations of HTTP/2, have been found
vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.
Vulnerabilities fixed:
CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.
Version 8.16.0 'Carbon' (LTS):
Notable Changes
n-api:
add API for asynchronous functions
mark thread-safe function as stable
|
|
Version 10.17.0 'Dubnium' (LTS):
Notable changes
crypto:
- add support for chacha20-poly1305 for AEAD
- increase maxmem range from 32 to 53 bits
deps:
- update npm to 6.11.3
- upgrade openssl sources to 1.1.1d
dns: remove dns.promises experimental warning
fs: remove experimental warning for fs.promises
http: makes response.writeHead return the response
http2: makes response.writeHead return the response
n-api:
- make func argument of napi_create_threadsafe_function optional
- mark version 5 N-APIs as stable
- implement date object
process: add --unhandled-rejections flag
stream:
- implement Readable.from async iterator utility
- make Symbol.asyncIterator support stable
|
|
|