| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
This is a list of extra directories in which to look for go.mod files
when generating the output of show-go-modules.
|
|
This defaults to WRKSRC and allows packages that aren't primarily
written in rust, but have a rust component that needs to be built, to
support the correct operation of cargo within their source tree.
|
|
It's already added to bootstrap tools by mk, and adding it here actually
has the opposite effect of what's intended. It seems to confuse the
tools infrastructure and defer its dependency, i.e. until it's too late,
causing "digest: not found" errors if it's not already installed.
|
|
|
|
|
|
|
|
Python 3.10
Summary – Release highlights
New syntax features:
PEP 634, Structural Pattern Matching: Specification
PEP 635, Structural Pattern Matching: Motivation and Rationale
PEP 636, Structural Pattern Matching: Tutorial
bpo-12782, Parenthesized context managers are now officially allowed.
New features in the standard library:
PEP 618, Add Optional Length-Checking To zip.
Interpreter improvements:
PEP 626, Precise line numbers for debugging and other tools.
New typing features:
PEP 604, Allow writing union types as X | Y
PEP 613, Explicit Type Aliases
PEP 612, Parameter Specification Variables
Important deprecations, removals or restrictions:
PEP 644, Require OpenSSL 1.1.1 or newer
PEP 632, Deprecate distutils module.
PEP 623, Deprecate and prepare for the removal of the wstr member in PyUnicodeObject.
PEP 624, Remove Py_UNICODE encoder APIs
PEP 597, Add optional EncodingWarning
|
|
|
|
|
|
Bulk builds have been running for some time, and this is expected to be
fine.
|
|
|
|
|
|
Also apply the "cp -p" fix from other versions, removing the need for ln
workarounds on OmniOS.
|
|
|
|
Announce: Rakudo compiler, Release #150 (2021.09)
On behalf of the Rakudo development team, I?m very happy to announce the
September 2021 release of Rakudo #150. Rakudo is an implementation of the Raku^
1 language.
The source tarball for this release is available from https://rakudo.org/files/
rakudo. Pre-compiled archives will be available shortly.
New in 2021.09:
* Additions:
+ Introduce the safe-snapper module. It is a shorthand for loading
Telemetry and starting a snapper with control-c safety, allowing one to
stop the script with control-c and still get a report [87152eba]
+ Add ability to subtract an Instant value from a DateTime object and
vice versa [9a4af4b6]
+ Add Numeric coercer to DateTime [67138ec0]
* Changes:
+ Make the sprintf method show its format string on error [ea8a95e5]
[57841911]
+ The test named parameter of the dir routine now handles Junctions
[21a7117d]
+ Improve error message for the X::Pragma::CannotPrecomp exception
[a52f1f62][fe461d17]
* Efficiency:
+ Numerous small speed-ups and memory-related improvements [94462dfa]
[3aba9707][3c1c709c]
* Fixes:
+ Properly handle List of Lists in the List.fmt method [a86ec91e]
+ Don't lose concurrent modifications to %!conc_table [72bc5623]
+ Fix potential race in Metamodel::Concretization [d666dfe8]
+ Make the default scheduler properly see RAKUDO_MAX_THREADS env variable
[b14d404a]
* Internal:
+ Support ROAST_TIMING_SCALE in telemetry tests [9681a093]
+ Fix false positive in basic telemetry test [c0a6823b]
+ Pass along whether the Rakudo runner was called with --full-cleanup
[5492452b]
+ Update the concretization table more sparingly [b236dcfd]
|
|
|
|
Switch to new 8.8.4 bootstrap that has been rebuilt after recent changes,
fix hardlink usage, and pull in upstream patch for thread CPU time.
|
|
|
|
Fixes behaviour of "ln -f" when creating bootstrap kit on SunOS.
|
|
Version 14.18.0 'Fermium' (LTS)
Notable Changes
assert: change status of legacy asserts (James M Snell)
(SEMVER-MINOR) buffer: introduce Blob (James M Snell)
(SEMVER-MINOR) buffer: add base64url encoding option (Filip Skokan)
(SEMVER-MINOR) child_process: allow options.cwd receive a URL (Khaidi Chu)
(SEMVER-MINOR) child_process: add timeout to spawn and fork (Nitzan Uziely)
(SEMVER-MINOR) child_process: allow promisified exec to be cancel (Carlos Fuentes)
(SEMVER-MINOR) child_process: add 'overlapped' stdio flag (Thiago Padilha)
(SEMVER-MINOR) cli: add -C alias for --conditions flag (Guy Bedford)
(SEMVER-MINOR) cli: add --node-memory-debug option (Anna Henningsen)
(SEMVER-MINOR) dns: add "tries" option to Resolve options (Luan Devecchi)
(SEMVER-MINOR) dns: allow --dns-result-order to change default dns verbatim (Ouyang Yadong)
doc: refactor fs docs structure (James M Snell)
(SEMVER-MINOR) errors: remove experimental from --enable-source-maps (Benjamin Coe)
esm: deprecate legacy main lookup for modules (Guy Bedford)
(SEMVER-MINOR) fs: allow empty string for temp directory prefix (Voltrex)
(SEMVER-MINOR) fs: allow no-params fsPromises fileHandle read (Nitzan Uziely)
(SEMVER-MINOR) fs: add support for async iterators to fsPromises.writeFile (HiroyukiYagihashi)
fs: improve fsPromises readFile performance (Nitzan Uziely)
(SEMVER-MINOR) fs: add fsPromises.watch() (James M Snell)
(SEMVER-MINOR) fs: allow position parameter to be a BigInt in read and readSync (Darshan Sen)
(SEMVER-MINOR) http2: add support for sensitive headers (Anna Henningsen)
(SEMVER-MINOR) http2: allow setting the local window size of a session (Yongsheng Zhang)
inspector: mark as stable (Gireesh Punathil)
(SEMVER-MINOR) module: add support for URL to import.meta.resolve (Antoine du Hamel)
(SEMVER-MINOR) module: add support for node:‑prefixed require(…) calls (ExE Boss)
(SEMVER-MINOR) net: introduce net.BlockList (James M Snell)
(SEMVER-MINOR) node-api: allow retrieval of add-on file name (Gabriel Schulhof)
(SEMVER-MINOR) os: add os.devNull (Luigi Pinca)
(SEMVER-MINOR) perf_hooks: introduce createHistogram (James M Snell)
(SEMVER-MINOR) process: add api to enable source-maps programmatically (legendecas)
(SEMVER-MINOR) process: add 'worker' event (James M Snell)
(SEMVER-MINOR) process: add direct access to rss without iterating pages (Adrien Maret)
(SEMVER-MINOR) readline: add AbortSignal support to interface (Nitzan Uziely)
(SEMVER-MINOR) readline: add support for the AbortController to the question method (Mattias Runge-Broberg)
(SEMVER-MINOR) readline: add history event and option to set initial history (Mattias Runge-Broberg)
(SEMVER-MINOR) repl: add auto‑completion for node:‑prefixed require(…) calls (ExE Boss)
(SEMVER-MINOR) src: call overload ctor from the original ctor (Darshan Sen)
(SEMVER-MINOR) src: add a constructor overload for CallbackScope (Darshan Sen)
(SEMVER-MINOR) src: allow to negate boolean CLI flags (Michaël Zasso)
(SEMVER-MINOR) src: add --heapsnapshot-near-heap-limit option (Joyee Cheung)
(SEMVER-MINOR) src: add way to get IsolateData and allocator from Environment (Anna Henningsen)
(SEMVER-MINOR) src: allow preventing SetPrepareStackTraceCallback (Shelley Vohr)
(SEMVER-MINOR) src: add maybe versions of EmitExit and EmitBeforeExit (Anna Henningsen)
(SEMVER-MINOR) stream: add readableDidRead if has been read from (Robert Nagy)
(SEMVER-MINOR) stream: pipeline accept Buffer as a valid first argument (Nitzan Uziely)
(SEMVER-MINOR) tls: allow reading data into a static buffer (Andrey Pechkurov)
(SEMVER-MINOR) url: expose urlToHttpOptions utility (Yongsheng Zhang)
(SEMVER-MINOR) util: expose toUSVString (Robert Nagy)
(SEMVER-MINOR) v8: implement v8.stopCoverage() (Joyee Cheung)
(SEMVER-MINOR) v8: implement v8.takeCoverage() (Joyee Cheung)
(SEMVER-MINOR) worker: add setEnvironmentData/getEnvironmentData (James M Snell)
|
|
|
|
- Adaptation to skalibs-2.11.0.0.
- New binary: case. It compares a value against a series of regular
expressions, executing into another command line on the first match.
|
|
Vala 0.54.0
===========
* Various improvements and bug fixes:
- vala: Warn about unsupported cast to void and drop it [#1070]
- vala: Don't restrict element type of GLib.Array [#1227]
- valadoc: Correctly format background of inline @link's [#1226]
* Bindings:
- gio-2.0: Unhide a few usable symbols which are marked not introspectable [#1222]
Vala 0.53.2
===========
* Various improvements and bug fixes:
- codegen:
+ Fix property access inside opaque compact class
+ Add missing cast to access base-class members in class/static ctor [#1221]
* Bindings:
- glib-2.0: Current constants in GLib.Math are part of glib.h [#1220]
- glib-2.0: Add RefString since 2.58 [#723]
- gstreamer: Update from 1.19.0+ git master
- gtk4: Update to 4.5.0~e681fdd9
- vapi: Update GIR-based bindings
Vala 0.53.1
===========
* Highlights:
- Support explicit nullable var-type declarations [#1146]
- Add support for variadic delegates [#160]
- Add support for sealed classes [#278]
- Add support for null-safe access operator [#522]
- Emit external creation methods in bindings
- Introduce VALA_EXPORT for public symbols to improve portability
- girwriter:
+ Use "optional" and "nullable" instead of deprecated "allow-none"
+ Improve struct creation method binding
- girparser:
+ Improve instance method detection [#1210]
+ Never skip "function" elements
+ Add "move-to" value of functions as Version.replacement
* Various improvements and bug fixes:
- codegen:
+ Use ssize_t for length variables in common array helper functions
+ Fix support for public fields on GLib.Source subclasses
- vala:
+ Add Profile.LIBC as synonym for POSIX and accept "libc" profile
+ Improve semantic check of simple type structs
+ Refactor UnresolvedSymbol/Type constructors
+ Properly check GLib.Object naming convention for properties
+ Add foreach statement support for GLib.GenericArray
- build: Add "test-asan" make target for convenience
- build: Add --enable-test-ubsan configure option and "test-ubsan" make target
- build: Use jing to verify generated GIR file, if available
- testrunner: Allow checking generated C sources
* Bindings:
- Remove gedit-2.20 and webkit-1.0 bindings
- gio-2.0,glib-2.0: Add new symbols from 2.69.0
- gio-2.0: Improve DatagramBased.create_source() binding
- glib-2.0: Wrap TimeZone.identifier() constuctor for proper error support
- gstreamer-rtp-1.0: Fix some bindings errors [#1177]
- gstreamer: Update from 1.19.0+ git master
- javascriptcoregtk-4.0: Fix JSC.Class.add_property() binding
- linux: Add SocketCAN bindings, and ISOTP constants and options
- webkit2gtk-4.0: Update to 2.33.3
|
|
Otherwise I see (on -current):
./lisp.run -B . -N locale -E UTF-8 -Epathname 1:1 -Emisc 1:1 -norc -m 2MW -lp -x '(and (load "init.lisp") (sys::%saveinitmem) (ext::exit)) (ext::exit t)'
*** Signal 11
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Presumably there's a way to make this work, but it probably requires
changes to the bootstrap kits.
|
|
|
|
This is security release fixing CVE-2021-21706.
23 Sep 2021, PHP 7.4.24
- Core:
. Fixed bug #81302 (Stream position after stream filter removed). (cmb)
. Fixed bug #81346 (Non-seekable streams don't update position after write).
(cmb)
. Fixed bug #73122 (Integer Overflow when concatenating strings). (cmb)
-GD:
. Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
(cmb)
- Opcache:
. Fixed bug #81353 (segfault with preloading and statically bound closure).
(Nikita)
- Shmop:
. Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb)
- Standard:
. Fixed bug #71542 (disk_total_space does not work with relative paths). (cmb)
. Fixed bug #81400 (Unterminated string in dns_get_record() results). (cmb)
- SysVMsg:
. Fixed bug #78819 (Heap Overflow in msg_send). (cmb)
- XML:
. Fixed bug #81351 (xml_parse may fail, but has no error code). (cmb, Nikita)
- Zip:
. Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).
(CVE-2021-21706) (cmb)
|
|
* pkgsrc change: fix PLIST problem when php-embed PKG_OPTIONS is enabled.
* This release conintas security fix for CVE-2021-21706.
23 Sep 2021, PHP 8.0.11
- Core:
. Fixed bug #81302 (Stream position after stream filter removed). (cmb)
. Fixed bug #81346 (Non-seekable streams don't update position after write).
(cmb)
. Fixed bug #73122 (Integer Overflow when concatenating strings). (cmb)
-GD:
. Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
(cmb)
- Opcache:
. Fixed bug #81353 (segfault with preloading and statically bound closure).
(Nikita)
- Shmop:
. Fixed bug #81407 (shmop_open won't attach and causes php to crash). (cmb)
- Standard:
. Fixed bug #71542 (disk_total_space does not work with relative paths). (cmb)
. Fixed bug #81400 (Unterminated string in dns_get_record() results). (cmb)
- SysVMsg:
. Fixed bug #78819 (Heap Overflow in msg_send). (cmb)
- XML:
. Fixed bug #81351 (xml_parse may fail, but has no error code). (cmb, Nikita)
- Zip:
. Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword). (Remi)
. Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).
(cmb)
|
|
This is security release fixing CVE-2021-21706.
23 Sep 2021, PHP 7.3.31
- Zip:
. Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).
(cmb)
|
|
|
|
Not sure how that crept in...
|
|
the PLIST is target-specific and it's possible that files for multiple
targets are generated (this is the case on NetBSD/amd64). Since the
static PLIST can't support multiple targets currently, switch to a
generated one.
|
|
This release contains only bug fixes:
Elixir
* [Code] Make sure that bindings in the default context returned by
Code.eval_* functions are not returned as tagged tuples
* [Kernel] Do not crash when handling ambiguity errors
* [Range] Still match on old range patterns throughout the stdlib
IEx
* [IEx.Autocomplete] Do not error autocompletion with module
attribute
Mix
* [Mix] Rename inconsistent :exit_code option to :exit_status on
Mix.raise/2
|
|
Version 14.17.6 'Fermium' (LTS)
This is a security release.
Notable Changes
These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.
Version 14.17.5 'Fermium' (LTS)
This is a security release.
Notable Changes
CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.
|
|
Version 12.22.6 'Erbium' (LTS)
This is a security release.
Notable Changes
These are vulnerabilities in the node-tar, arborist, and npm cli modules which are related to the initial reports and subsequent remediation of node-tar vulnerabilities CVE-2021-32803 and CVE-2021-32804. Subsequent internal security review of node-tar and additional external bounty reports have resulted in another 5 CVE being remediated in core npm CLI dependencies including node-tar, and npm arborist.
Version 12.22.5 'Erbium' (LTS)
This is a security release.
Notable Changes
CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names (High)
Node.js was vulnerable to Remote Code Execution, XSS, application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library which can lead to the output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22931.
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js was vulnerable to a use after free attack where an attacker might be able to exploit memory corruption to change process behavior. This release includes a follow-up fix for CVE-2021-22930 as the issue was not completely resolved by the previous fix. You can read more about it at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930.
CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (Low)
If the Node.js HTTPS API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. You can read more about it at https://nvd.nist.gov/vuln/detail/CVE-2021-22939.
Version 12.22.4 'Erbium' (LTS)
This is a security release.
Notable Changes
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
|
|
go1.17.1 (released 2021-09-09) includes a security fix to the archive/zip
package, as well as bug fixes to the compiler, linker, the go command, and to
the crypto/rand, embed, go/types, html/template, and net/http packages.
|
|
go1.16.8 (released 2021-09-09) includes a security fix to the archive/zip
package, as well as bug fixes to the archive/zip, go/internal/gccgoimporter,
html/template, net/http, and runtime/pprof packages.
|
|
|
|
Packaged for wip by Kamel Ibn Aziz Derouiche and myself.
Csmith is a tool that can generate random C programs that statically
and dynamically conform to the C99 standard. Thus, it is useful for
stress-testing compilers, static analyzers, and other tools that
process C code.
|
|
The full gamut of security fixes for this release is unknown, but, at
minimum, CVE-2020-16042 is addressed. (A full change log seems elusive:
the package's README points to a broken link, Mozilla advisories about
"memory safety hazards" can point to bug reports that can't be viewed,
etc.) This is the most current version that Debian has integrated,
which is where our package points to.
Successful build tests on:
NetBSD amd64/9.2_STABLE (with both Rust 1.52.1 and 1.54)
NetBSD i386/9.2_STABLE
OmniOS r151036
Fedora Linux 34 was not testable, as our packaging of LLVM 12.0.1 fails
to build on it. The upstream configuration continues to cap macOS build
support at 10.15.4. I updated our existing patch to allow 10.15.7, but
have no ability to test that OS, and no idea if 11.x would work.
This is effectively a minor leaf package now, and may best be removed
in future. I've updated this just in case issues emerge with the polkit
switch to duktape, which will first appear in our 2021Q3 branch. (That
is, I'm not aware of any issues, and definitely prefer duktape from a
packaging perspective.)
|
|
The previous change only worked for the build of go itself, any dependencies
that used the same go code were broken. Fixes www/gitea and others.
Needs to be fixed properly by creating a native illumos bootstrap kit.
|
|
|
