| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
* Port from NetBSD src
Fix __stack_chk_fail_local undefined reference error
from "gcc test.c -fstack-protector-all -fPIE".
* As a result, pkgsrc/www/firefox build under NetBSD/i386 7.1 is fixed
|
|
|
|
|
|
New features in Qore:
* Input/Output stream APIs
* Vastly improved type system with complex type support
* Improved operators; list, string, binary slice operators,
the ".." range operator, improved new, cast<>, and instanceof
operators, lazy evaluation of functional and list operators
* Improved encryption support including AES encryption,
encryption/decryption streams, support for AAD and MACs
* Improved HTTPS and SSL security support with addition X.509
certificate support including automatic certificate
verification in client and server contexts
* Universal connection API
* Support for binding output placeholder buffers for result sets
that return an SQLStatement object for more efficient piecewise
processing of DB stored procedure/function calls that return
very large result sets
* Strong encapsulation support (ex: private:internal)
* Deterministic garbage collection performance improvements with
large cycles
* Debugging support and APIs including remote network debugging
* Language Server Protocol support for Qore in the new astparser
module for rich language support in IDEs such as the
Visual Studio Code Qore Extension
Bug Fixes in Qore:
* fixed a bug causing AbstractQuantifiedBidirectionalIterator not
being available (issue 968)
* BulkSqlUtil module fixes:
-fixed the module to work properly even with DB drivers that
do not support parameter array binding (issue 1154)
* CsvUtil module fixes:
-fixed a bug in an error message validating input data
(issue 1062)
-added an exception when detected headers do not match the
fields option (issue 2179)
* HttpServer module fixes:
-added logic to attempt to mask passwords in log messages
(issue 1086)
* HttpServerUtil module fixes:
-fixed a bug where the msg arg to AbstractAuthenticator::do401()
was ignored (issue 1047)
* RestHandler module fixes:
-added logic to allow sensitive data to be masked in log messages
(issue 1086)
* SqlUtil module fixes:
-fixed a bug in update and upsert statement generation when the
given data does not have enough columns to use the unique index
found, an error message is generated that contains all the
columns names instead of just the column names required by the
index (issue 1013)
* WebSocketClient module fixes:
-fixed a thread lock starvation race condition (issue 2130)
* UTF-16 fixes:
-fixed a bug comparing strings in UTF-16 encodings (issue 1579)
-fixed Qore::substr() and <string>::substr() with strings in
UTF-16 encodings (issue 1586)
-fixed Qore::trim(), Qore::ltrim(), Qore::rtrim() and the trim
operator with strings with UTF-16 encodings (issue 1775)
* fixed a bug where break and continue statements were accepted
outside of loops (issue 976)
* fixed a bug compiling on Solaris SPARC with g++ where
MPFR_DECL_INIT() is compiled incorrectly with -O1 or greater
(issue 958)
* fixed a bug causing an infinite loop in decompression functions
(issue 966)
* fixed an issue where an internal C++ API
(QoreProgram::parseCmdLineDefines()) performed a needless copy
of a data structure (issue 1099)
* fixed a stack corruption bug with asynchronous I/O on UNIX
systems with ReadOnlyFile methods (issue 1106)
* fixed bugs with inconsistent conversions of int, float, and
boolean values to date/time values, now they are all converted
uniformly to relative date/time values (issue 1156)
* fixed a bug where Qore allowed code to be declared both public
and private without a warning (issue 1187)
* fixed a bug where the instanceof operator would return True with
objects that did not publically inherit the given class or where
the given class is not accessible (issue 1191)
* fixed a bug in qpp support of the 'final' class flag (issue 1222)
* fixed a bug where the + operator provided access to private
members from outside the class (issue 1209)
* fixed a bug where different overloaded method variant resolution
rules were used at parse time (best match in hierarchy) and
runtime (best match in first matching class) in a class hierarchy
(issue 1229)
* fixed a bug where exceptions in base class constructor calls did
not reflect the actual source location (issue 1230)
* fixed a bug where runtime function/method variant matching was
incorrectly biased towards default matches for missing arguments
(issue 1231)
* fixed bugs where calls to Socket::upgradeClientToSSL() and
Socket::upgradeServerToSSL() were ignored with no exception
thrown if the socket was not connected (issue 1258)
* fixed a bug where a closure created in an object scope could not be
called if the object had been deleted, even if the closure did not
refer to the object (issue 1303)
* fixed a bug where ord() would return negative numbers for bytes
with the high bit set with compilers where char is the same as
signed char (issue 1385)
* fixed a bug where int(number) returned rounded value instead of the
integer part (while int(float) behaved correctly; also
cf. initializing a softint value from a number vs. from a float)
(issue 1463)
* File::read() now uses character semantics for the length argument
(issue 1548)
* fixed a bug with strongly-typed lvalue assignments with classes
created in different Program objects (issue 1551)
* fixed a bug where an ASCII string and the same string in a different
encoding and with diacritics could incorrectly be marked as equal
(issue 1579)
* fixed bugs in HTTPClient methods where string message bodies were
not converted to the object's character encoding before transmission
(issue 1813)
* fixed a bug in the reference and *reference assignment restrictions;
previously any value was accepted, now only references are accepted
as the initial assignment values (issue 1819)
* fixed a bug in handling the SqlUtil::BLOB type in the FreetdsSqlUtil
module (issue 1852)
* fixed a bug in overloaded call variant matching where missing
arguments were counted towards the match (issue 1897)
* fixed many bugs where parse-time errors could be reported at an
incorrect source location; parse-time error location reporting has
been completely overhauled and reimplemented for correctness
(issue 1930)
* fixed a bug where code signatures would accept parameter variables
without "$" signs even when %allow-bare-refs was not in effect
(issue 1941)
* fixed memory leaks in the scanner related to EOF conditions
(issue 1976)
* rewrote Qore functions gethostbyname(), gethostbyname_long() and
gethostbyaddr() to use standard C functions getaddrinfo(3) and
getnameinfo(3) internally instead of the deprecated gethostbyname(3)
and gethostbyaddr(3) (issue 1952)
* fixed cmake builds on Darwin (issue 1980)
* fixed a bug where immediate date-time values were not marked with
their type at parse time (issue 2001)
* fixed a bug where the *data type restriction would allow all types
to be assigned at runtime (issue 2002)
* Qore::RangeIterator::constructor(int) and Qore::xrange(int) were
updated; the second arguments were removed to avoid ambiguity with
the other overloaded variants (issue 2016)
* fixed a bug where Qore::replace() could get in an infinite loop
with arguments with embededed nulls (issue 2098)
* fixed a bug in regular expression extraction where an infinite loop
could occur (issue 2083)
* fixed a bug where a call reference to an object method that crosses
Program boundaries could result in a core dump when called due to an
error managing thread-local data (issue 2145)
* fixed crashes in scanner due to EOF in comments (issue 2175)
|
|
deps:
- update npm to 5.4.2
- upgrade libuv to 1.15.0
- update V8 to 6.1.534.42
dgram:
- support for setting dgram socket buffer size
fs:
- add support O_DSYNC file open constant
util:
- deprecate obj.inspect for custom inspection
tools, build:
- there is a fancy new macOS installer
|
|
A similar set of changes has been sent upstream.
OK by jaapb@
|
|
it's been carried over from php 5.x times
|
|
|
|
|
|
|
|
|
|
Two security-related issues were recently reported.
To address this issue, we have just released Go 1.8.4 and Go 1.9.1.
We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.9.1).
The issues addressed by these releases are:
By nesting a git checkout inside another version control repository, it was
possible for an attacker to trick the "go get" command into executing arbitrary
code. The go command now refuses to use version control checkouts found inside
other version control systems, with an exception for git submodules (git inside
git).
The issue is tracked as https://golang.org/issue/22125 (Go 1.8.4) and
https://golang.org/issue/22131 (Go 1.9.1). Fixes are linked from the issues.
Thanks to Simon Rawet for the report.
In the smtp package, PlainAuth is documented as sending credentials only over
authenticated, encrypted TLS connections, but it was changed in Go 1.1 to also
send credentials on non-TLS connections when the remote server advertises that
PLAIN authentication is supported. The change was meant to allow use of PLAIN
authentication on localhost, but it has the effect of allowing a
man-in-the-middle attacker to harvest credentials. PlainAuth now requires
either TLS or a localhost connection before sending credentials, regardless of
what the remote server claims.
This issue is tracked as https://golang.org/issue/22134 (Go 1.8.4) and
https://golang.org/issue/22133 (Go 1.9.1). Fixes are linked from the issues.
Thanks to Stevie Johnstone for the report.
|
|
Python 3.6.3 final
Library
* bpo-31641: Re-allow arbitrary iterables in concurrent.futures.as_completed(). Fixes regression in 3.6.3rc1.
Build
* bpo-31662: Fix typos in Windows uploadrelease.bat script. Fix Windows Doc build issues in Doc/make.bat.
* bpo-31423: Fix building the PDF documentation with newer versions of Sphinx.
More here https://docs.python.org/3.6/whatsnew/changelog.html
|
|
|
|
|
|
- net: support passing undefined to listen() to match behavior
in v4.x and v8.x
|
|
Fixes SSP build of crypto_callback library. Bump PKGREVISION.
|
|
Pkgsrc changes:
* Remove patch which has been integrated upstream
Upstream changes:
NAME
perldelta - what is new for perl v5.26.1
DESCRIPTION
This document describes differences between the 5.26.0 release and the
5.26.1 release.
If you are upgrading from an earlier release such as 5.24.0, first read
perl5260delta, which describes differences between 5.24.0 and 5.26.0.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
<https://rt.perl.org/Public/Bug/Display.html?id=131582>
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway. [perl #131665]
<https://rt.perl.org/Public/Bug/Display.html?id=131665>
Incompatible Changes
There are no changes intentionally incompatible with 5.26.0. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
* base has been upgraded from version 2.25 to 2.26.
The effects of dotless @INC on this module have been limited by the
introduction of a more refined and accurate solution for removing
'.' from @INC while reducing the false positives.
* charnames has been upgraded from version 1.44 to 1.45.
* Module::CoreList has been upgraded from version 5.20170530 to
5.20170922_26.
Platform Support
Platform-Specific Notes
FreeBSD
* Building with g++ on FreeBSD-11.0 has been fixed. [perl
#131337]
<https://rt.perl.org/Public/Bug/Display.html?id=131337>
Windows
* Support for compiling perl on Windows using Microsoft Visual
Studio 2017 (containing Visual C++ 14.1) has been added.
* Building XS modules with GCC 6 in a 64-bit build of Perl failed
due to incorrect mapping of "strtoll" and "strtoull". This has
now been fixed. [perl #131726]
<https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
#121683]
<https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
#122353]
<https://rt.cpan.org/Public/Bug/Display.html?id=122353>
Selected Bug Fixes
* Several built-in functions previously had bugs that could cause
them to write to the internal stack without allocating room for the
item being written. In rare situations, this could have led to a
crash. These bugs have now been fixed, and if any similar bugs are
introduced in future, they will be detected automatically in
debugging builds. [perl #131732]
<https://rt.perl.org/Public/Bug/Display.html?id=131732>
* Using a symbolic ref with postderef syntax as the key in a hash
lookup was yielding an assertion failure on debugging builds.
[perl #131627]
<https://rt.perl.org/Public/Bug/Display.html?id=131627>
* List assignment ("aassign") could in some rare cases allocate an
entry on the mortal stack and leave the entry uninitialized. [perl
#131570] <https://rt.perl.org/Public/Bug/Display.html?id=131570>
* Attempting to apply an attribute to an "our" variable where a
function of that name already exists could result in a NULL pointer
being supplied where an SV was expected, crashing perl. [perl
#131597] <https://rt.perl.org/Public/Bug/Display.html?id=131597>
* The code that vivifies a typeglob out of a code ref made some false
assumptions that could lead to a crash in cases such as $::{"A"} =
sub {}; \&{"A"}. This has now been fixed. [perl #131085]
<https://rt.perl.org/Public/Bug/Display.html?id=131085>
* "my_atof2" no longer reads beyond the terminating NUL, which
previously occurred if the decimal point is immediately before the
NUL. [perl #131526]
<https://rt.perl.org/Public/Bug/Display.html?id=131526>
* Occasional "Malformed UTF-8 character" crashes in "s//" on utf8
strings have been fixed. [perl #131575]
<https://rt.perl.org/Public/Bug/Display.html?id=131575>
* "perldoc -f s" now finds "s///". [perl #131371]
<https://rt.perl.org/Public/Bug/Display.html?id=131371>
* Some erroneous warnings after utf8 conversion have been fixed.
[perl #131190]
<https://rt.perl.org/Public/Bug/Display.html?id=131190>
* The "jmpenv" frame to catch Perl exceptions is set up lazily, and
this used to be a bit too lazy. The catcher is now set up earlier,
preventing some possible crashes. [perl #105930]
<https://rt.perl.org/Public/Bug/Display.html?id=105930>
* Spurious "Assuming NOT a POSIX class" warnings have been removed.
[perl #131522]
<https://rt.perl.org/Public/Bug/Display.html?id=131522>
Acknowledgements
Perl 5.26.1 represents approximately 4 months of development since Perl
5.26.0 and contains approximately 8,900 lines of changes across 85
files from 23 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 990 lines of changes to 38 .pm, .t, .c and .h files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.26.1:
Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs'
Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David Mitchell, E.
Choroba, Eric Herman, Father Chrysostomos, Jacques Germishuys, James E
Keenan, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,
Matthew Horsfall, Ricardo Signes, Sawyer X, Steve Hay, Tony Cook, Yves
Orton, Zefram.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
Reporting Bugs
If you find what you think is a bug, you might check the perl bug
database at <https://rt.perl.org/> . There may also be information at
<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down to a
tiny but sufficient test case. Your bug report, along with the output
of "perl -V", will be sent off to perlbug@perl.org to be analysed by
the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
how to report the issue.
Give Thanks
If you wish to thank the Perl 5 Porters for the work we had done in
Perl 5, you can do so by running the "perlthanks" program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of
thanks.
SEE ALSO
The Changes file for an explanation of how to view exhaustive details
on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
|
|
|
|
|
|
The checksums in the files built vary by build environment.
|
|
Vala 0.38.1
===========
* Various bug fixes:
- valadoc: Don't use 'stderr' as variable name [#787305]
- codegen: Try to use a more unique internal define for properties [#787436]
- vala: Update list of used attributes
- method: Use prototype-string for error-reports of return-type mismatches
* Bindings:
- glib-2.0: Fix MainContext.check(),
OptionEntry[] params are null-terminated,
Bind g_convert_with_fallback() and g_convert_with_iconv()
Vala 0.38.0
===========
* Various bug fixes:
- Improve error output for incompatible method signatures
(Add CallableType as base for DelegateType, MethodType, SignalType)
- codegen:
+ Initialize temp-variable for fixed-size arrays to zero first [#787152]
+ Add support for "type-func" in ui-files [#787033]
* Bindings:
- gtk+-3.0,gtk+-4.0: Update
- libxml-2.0: Bind xmlLastElementChild and xmlPreviousElementSibling
- pangocairo: CairoFontMap.set_default() is not an instance method
- gio-2.0: Application.set_default() is not an instance method
Vala 0.37.91
============
* Various bug fixes:
- codegen:
+ Actually write declaration for GNodeTraverseFunc wrapper [#786845]
+ Don't transfer ownership of variable if target-type is unknown [#736774]
+ Adjust format-index for printf/scanf-methods which throw errors [#781061]
+ Use given dup_function for structs
- libvaladoc: Fix some -Wincompatible-pointer-types warnings
- tests: Fix some syntax issues [#786652]
- Add .editorconfig file [#786620]
* GIR parser:
- Better support of "cprefix" argument in metadata
- Support "cname" argument in metadata
* Bindings:
- Add javascriptcoregtk-4.0 and avoid skips in webkit2gtk*-4.0
- Update GIR-based bindings
- gtk+-3.0: Update to 3.22.19
Vala 0.37.90
============
* Various bug fixes:
- Fix some build-system problem
+ valadoc/tests: Add the source vapi directory to driver-test [#786505],
Add ./vala/.libs rather than ./gee/.libs to LD_LIBRARY_PATH
+ Explicitly link doclets against libvala-*.la [#786534]
+ Add missing include of Makefile.common
- vapigen: Mark given source-files as such and force girparser to handle them
- codegen: Include glib-object.h for Enums/Structs with type_id
* Bindings:
- gtk+-4.0: Make Gsk.Texturer.for_*() static factory methods
Vala 0.37.2
===========
* Various bug fixes:
- libvaladoc: Keep bootstrap-support with valac >= 0.16.1
- valadoc: Fix tests while bootstapping with valac < 0.31/32
* Bindings:
- glib-2.0: Update Unicode symbols
- gobject-2.0: Add required type_id attributes to all ParamSpec subclasses
- libgdata: Make Authorizer.reauth_* methods virtual [#779229]
- libxml-2.0: Update Xml.ParserOption [#785585]
- gtk+-4.0: Update to 3.91.2
- webkit2gtk-4.0: Update to 2.17.90
Vala 0.37.1
===========
* Highlights
- Don't warn about deprecated symbols if installed_version is older
- Add --gresourcesdir option [#783133]
- Install libvala-0.xx.vapi to "global" vapi directory
- Require and target GLib >= 2.40
- build: Make ccode and codegen private API
- build: Use --use-header for vala's libraries
- compiler: Add --color=WHEN option
- codegen: Use g_object_notify_by_pspec() to notify property-changes
- codegen: Use *_free_full to free GLib.List, GLib.SList and GLib.Queue
- codegen: Support renamed signals [#731547]
- Optimize (de)serialization of arrays with type-signature "ay" [#772426]
- Merge valadoc - Consider valadoc a part of vala's toolchain and
therefore let it live in the main repository (adds graphviz to the
build-requirements)
* Various bug fixes:
- Fix finally blocks with async yields [#741929]
- Handle non-null in coalescing expression [#611223]
- Make the task_complete flag for < 2.44 more similar to >= 2.44 [#783543]
- Nullable ValueType requires POINTER as marshaller signature [#783897]
- NoAccessorMethod attribute is allowed for gobject-properties only
- girparser: Fix parsing of delegate-alias without target
- compiler: Use API_VERSION instead of stripping PACKAGE_SUFFIX
- girwriter: Write length-parameters of arrays with rank > 1 [#758019]
- gdbus: Don't leak nested HashTable on deserialization [#782719]
- codewriter: Update timestamps of generated c-files if needed [#683286]
- tests: Use dbus-run-session instead of dbus-launch [#771455]
- codegenerator: Add source_reference parameter to CodeGenerator.store_*()
- Don't allow assigning delegate if no target/closure is available [#598869]
- gee: Add some useful symbols from gee-0.8
* Bindings:
- gio-2.0: Add DBusConnection 'closed' signal as 'on_closed' [#684358]
- gio-2.0: Use default 'length = null' for DataInputStream.read_line_utf8*
[#783351]
- glib-2.0,gobject-2.0: Updates from 2.53.x
- poppler-glib: Update to 0.54.0
- webkit2gtk-4.0: Update to 2.17.4
- gstreamer-1.0: Update to 1.13.0+
- libgvc: Add WITH_CGRAPH conditionals
|
|
These binary files were built without RELRO support, so disable
the check.
|
|
Some highlights for 20.1:
- crypto, public_key: Extend crypto and public_key functions sign and
verify with:
- support for RSASSA-PS padding for signatures and for saltlength
setting
- X9.31 RSA padding.
- sha, sha224, sha256, sha384, and sha512 for dss signatures as
mentioned in NIST SP 800-57 Part 1.
- ripemd160 to be used for rsa signatures.
- A new tuple in crypto:supports/0 reports supported MAC algorithms.
- diameter:
- Add service option decode_format to allow incoming messages to be
decoded into maps instead of records.
- Decode performance has been improved.
- Add service/transport option avp_dictionaries to give better
support for dictionaries only defining AVPs.
- erts: Upgraded the ERTS internal PCRE library from version 8.40 to
version 8.41.
- erts, kernel, tools: Profiling with lock counting can now be fully
toggled at runtime in the lock counting emulator (-emu_type lcnt).
- erts: The zlib module has been refactored and all its operations
will now yield appropriately, allowing them to be used freely in
concurrent applications.
- erts, tools: Add erlang:iolist_to_iovec/1, which converts an
iolist() to an erlang:iovec(), which is suitable for use with
enif_inspect_iovec().
- erts: Add new nif API functions for managing an I/O Queue.
- observer/crashdump_viewer:
- Reading of crash dumps with many binaries is optimized.
- A progress bar is shown when the detail view for a process is
opened.
- The cdv script now sets ERL_CRASH_DUMP_SECONDS=0 to avoid
generating a new crash dump from the node running the Crashdump
Viewer.
- observer: Add system statistics and limits to frontpage in observer.
- public_key, ssl**: Improved error propagation and reports
- ssh: A new option modify_algorithms is implemented. It enables
specifying changes on the default algorithms list.
- tools/xref: The predefined Xref analysis locals_not_used now
understands the -on_load() attribute and does not report unused
functions.
- tools/fprof: When sampling multiple processes and analyzing with
totals set to true, the output now sums together all caller and
callee entries which concerns the same function.
|
|
|
|
28 Sep 2017, PHP 7.1.10
- Core:
. Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
- BCMath:
. Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
. Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
. Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
. Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
- CLI server:
. Fixed bug #70470 (Built-in server truncates headers spanning over TCP
packets). (bouk)
- CURL:
. Fixed bug #75093 (OpenSSL support not detected). (Remi)
- GD:
. Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
. Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
- Gettext:
. Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
- Intl:
. Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent
class). (tpunt)
. Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
- PDO_OCI:
. Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
before PHP-FPM sets it up). (Ingmar Runge)
- SPL:
. Fixed bug #75155 (AppendIterator::append() is broken when appending another
AppendIterator). (Nikita)
. Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
(jhdxr)
- Standard:
. Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
. Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
|
|
28 Sep 2017 PHP 7.0.24
- Core:
. Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
- BCMath:
. Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
. Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
. Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
. Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
- CLI server:
. Fixed bug #70470 (Built-in server truncates headers spanning over TCP
packets). (bouk)
- CURL:
. Fixed bug #75093 (OpenSSL support not detected). (Remi)
- GD:
. Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
. Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
- Gettext:
. Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
- Intl:
. Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent
class). (tpunt)
. Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
- PDO_OCI:
. Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized
before PHP-FPM sets it up). (Ingmar Runge)
- SPL:
. Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
(jhdxr)
- Standard:
. Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)
|
|
Version 5.0.2:
Correct handling of import in child thread
Correct handling of “dis” module with Python 3.5.1
Correct handling of “multiprocess.process” module
Correct attempt to assign variable to an empty list
Improved README
Add hook for pythonnet package
Add hook for sqlite3 and improve win32file hook
Add FAQ entry
|
|
|
|
* Disable SunOS/Solaris support because newer bootstrap is not available
* Include Rust libraries and Cargo
Changelog:
Version 1.20.0 (2017-08-31)
Language
Associated constants are now stabilised.
A lot of macro bugs are now fixed.
Compiler
Struct fields are now properly coerced to the expected field type.
Enabled wasm LLVM backend WASM can now be built with the wasm32-experimental-emscripten target.
Changed some of the error messages to be more helpful.
Add support for RELRO(RELocation Read-Only) for platforms that support it.
rustc now reports the total number of errors on compilation failure previously this was only the number of errors in the pass that failed.
Expansion in rustc has been sped up 29x.
added msp430-none-elf target.
rustc will now suggest one-argument enum variant to fix type mismatch when applicable
Fixes backtraces on Redox
rustc now identifies different versions of same crate when absolute paths of different types match in an error message.
Libraries
Relaxed Debug constraints on {HashMap,BTreeMap}::{Keys,Values}.
Impl PartialEq, Eq, PartialOrd, Ord, Debug, Hash for unsized tuples.
Impl fmt::{Display, Debug} for Ref, RefMut, MutexGuard, RwLockReadGuard, RwLockWriteGuard
Impl Clone for DefaultHasher.
Impl Sync for SyncSender.
Impl FromStr for char
Fixed how {f32, f64}::{is_sign_negative, is_sign_positive} handles NaN.
allow messages in the unimplemented!() macro. ie. unimplemented!("Waiting for 1.21 to be stable")
pub(restricted) is now supported in the thread_local! macro.
Upgrade to Unicode 10.0.0
Reimplemented {f32, f64}::{min, max} in Rust instead of using CMath.
Skip the main thread's manual stack guard on Linux
Iterator::nth for ops::{Range, RangeFrom} is now done in O(1) time
#[repr(align(N))] attribute max number is now 2^31 - 1. This was previously 2^15.
{OsStr, Path}::Display now avoids allocations where possible
Stabilized APIs
CStr::into_c_string
CString::as_c_str
CString::into_boxed_c_str
Chain::get_mut
Chain::get_ref
Chain::into_inner
Option::get_or_insert_with
Option::get_or_insert
OsStr::into_os_string
OsString::into_boxed_os_str
Take::get_mut
Take::get_ref
Utf8Error::error_len
char::EscapeDebug
char::escape_debug
compile_error!
f32::from_bits
f32::to_bits
f64::from_bits
f64::to_bits
mem::ManuallyDrop
slice::sort_unstable_by_key
slice::sort_unstable_by
slice::sort_unstable
str::from_boxed_utf8_unchecked
str::as_bytes_mut
str::as_bytes_mut
str::from_utf8_mut
str::from_utf8_unchecked_mut
str::get_mut
str::get_unchecked_mut
str::get_unchecked
str::get
str::into_boxed_bytes
Cargo
Cargo API token location moved from ~/.cargo/config to ~/.cargo/credentials.
Cargo will now build main.rs binaries that are in sub-directories of src/bin. ie. Having src/bin/server/main.rs and src/bin/client/main.rs generates target/debug/server and target/debug/client
You can now specify version of a binary when installed through cargo install using --vers.
Added --no-fail-fast flag to cargo to run all benchmarks regardless of failure.
Changed the convention around which file is the crate root.
The include/exclude property in Cargo.toml now accepts gitignore paths instead of glob patterns. Glob patterns are now deprecated.
Compatibility Notes
Functions with 'static in their return types will now not be as usable as if they were using lifetime parameters instead.
The reimplementation of {f32, f64}::is_sign_{negative, positive} now takes the sign of NaN into account where previously didn't.
Version 1.19.0 (2017-07-20)
Language
Numeric fields can now be used for creating tuple structs. RFC 1506 For example struct Point(u32, u32); let x = Point { 0: 7, 1: 0 };.
Macro recursion limit increased to 1024 from 64.
Added lint for detecting unused macros.
loop can now return a value with break. RFC 1624 For example: let x = loop { break 7; };
C compatible unions are now available. RFC 1444 They can only contain Copy types and cannot have a Drop implementation. Example: union Foo { bar: u8, baz: usize }
Non capturing closures can now be coerced into fns, RFC 1558 Example: let foo: fn(u8) -> u8 = |v: u8| { v };
Compiler
Add support for bootstrapping the Rust compiler toolchain on Android.
Change arm-linux-androideabi to correspond to the armeabi official ABI. If you wish to continue targeting the armeabi-v7a ABI you should use --target armv7-linux-androideabi.
Fixed ICE when removing a source file between compilation sessions.
Minor optimisation of string operations.
Compiler error message is now aborting due to previous error(s) instead of aborting due to N previous errors This was previously inaccurate and would only count certain kinds of errors.
The compiler now supports Visual Studio 2017
The compiler is now built against LLVM 4.0.1 by default
Added a lot of new error codes
Added target-feature=+crt-static option RFC 1721 Which allows libraries with C Run-time Libraries(CRT) to be statically linked.
Fixed various ARM codegen bugs
Libraries
String now implements FromIterator<Cow<'a, str>> and Extend<Cow<'a, str>>
Vec now implements From<&mut [T]>
Box<[u8]> now implements From<Box<str>>
SplitWhitespace now implements Clone
[u8]::reverse is now 5x faster and [u16]::reverse is now 1.5x faster
eprint! and eprintln! macros added to prelude. Same as the print! macros, but for printing to stderr.
Stabilized APIs
OsString::shrink_to_fit
cmp::Reverse
Command::envs
thread::ThreadId
Cargo
Build scripts can now add environment variables to the environment the crate is being compiled in. Example: println!("cargo:rustc-env=FOO=bar");
Subcommands now replace the current process rather than spawning a new child process
Workspace members can now accept glob file patterns
Added --all flag to the cargo bench subcommand to run benchmarks of all the members in a given workspace.
Updated libssh2-sys to 0.2.6
Target directory path is now in the cargmetadata
Cargo no longer checks out a local working directory for the crates.io index This should provide smaller file size for the registry, and improve cloning times, especially on Windows machines.
Added an --exclude option for excluding certai using the --all option
Cargo will now automatically retry when receiving a 5xx error from crates.io
The --features option now accepts multiple comma or space delimited values.
Added support for custom target specific runners
Misc
Added ow prefer to download rust packages with XZ compression over GZip packages.
Added the ability to escape # in rust documentation By adding additional #'s ie. ## is now #
Compatibility Notes
MutexGuard<T> may only be Sync if T is Sync.
-Z flagning for a year previous to this.
As a result of the -Z flag change, the cargo-check plugin no longer works. Users should migrate to the built-in check command, which has been available since 1.16.
Ending a float literal with ._ is now a hard erro use ::self::foo; is now a hard error. self paths are always relative while the :: prefix makes a path absolute, but was ignored and the path was relative regardless.
Floating point constants in match patterns is now a hard error This was previously ts that don't derive PartialEq & Eq used match patterns is now a hard error This was previously a warning.
Lifetimes named '_ are no longer allowed. This was previously a warning.
From the pound escape, lines consisting of multiple #s are now visible
It is an error to reexport private enum variants. This is known to break a number of crates that depend on an older version of mustache.
On Windows, if VCINSTALLDIR is set incorrectly, rustc will try to use it to find the linker, and the build will fail where it did not previously
Version 1.18.0 (2017-06-08)
Language
Stabilize pub(restricted) pub can now accept a module path to make the item visible to just that module tree. Also accepts the keyword crate to make something public to the whole crate but not users of the library. Example: pub(crate) mod utils;. RFC 1422.
Stabilize #![windows_subsystem] attribute conservative exposure of the /SUBSYSTEM linker flag on Windows platforms. RFC 1665.
Refactor of trait object type parsing Now ty in macros can accept types like Write + Send, trailing + are now supported in trait objects, and better error reporting for trait objects starting with ?Sized.
0e+10 is now a valid floating point literal
Now warns if you bind a lifetime parameter to 'static
Tuples, Enum variant fields, and structs with no repr attribute or with #[repr(Rust)] are reordered to minimize padding and produce a smaller representation in some cases.
Compiler
rustc can now emit mir with --emit mir
Improved LLVM IR for trivial functions
Added explanation for E0090(Wrong number of lifetimes are supplied)
rustc compilation is now 15%-20% faster Thanks to optimisation opportunities found through profiling
Improved backtrace formatting when panicking
Libraries
Specialized Vec::from_iter being passed vec::IntoIter if the iterator hasn't been advanced the original Vec is reassembled with no actual iteration or reallocation.
Simplified HashMap Bucket interface provides performance improvements for iterating and cloning.
Specialize Vec::from_elem to use calloc
Fixed Race condition in fs::create_dir_all
No longer caching stdio on Windows
Optimized insertion sort in slice insertion sort in some cases 2.50%~ faster and in one case now 12.50% faster.
Optimized AtomicBool::fetch_nand
Stabilized APIs
Child::try_wait
HashMap::retain
HashSet::retain
PeekMut::pop
TcpStream::peek
UdpSocket::peek
UdpSocket::peek_from
Cargo
Added partial Pijul support Pijul is a version control system in Rust. You can now create new cargo projects with Pijul using cargo new --vcs pijul
Now always emits build script warnings for crates that fail to build
Added Android build support
Added --bins and --tests flags now you can build all programs of a certain type, for example cargo build --bins will build all binaries.
Added support for haiku
Misc
rustdoc can now use pulldown-cmark with the --enable-commonmark flag
Added rust-winbg script for better debugging on Windows
Rust now uses the official cross compiler for NetBSD
rustdoc now accepts # at the start of files
Fixed jemalloc support for musl
Compatibility Notes
Changes to how the 0 flag works in format! Padding zeroes are now always placed after the sign if it exists and before the digits. With the # flag the zeroes are placed after the prefix and before the digits.
Due to the struct field optimisation, using transmute on structs that have no repr attribute or #[repr(Rust)] will no longer work. This has always been undefined behavior, but is now more likely to break in practice.
The refactor of trait object type parsing fixed a bug where + was receiving the wrong priority parsing things like &for<'a> Tr<'a> + Send as &(for<'a> Tr<'a> + Send) instead of (&for<'a> Tr<'a>) + Send
Overlapping inherent impls are now a hard error
PartialOrd and Ord must agree on the ordering.
rustc main.rs -o out --emit=asm,llvm-ir Now will output out.asm and out.ll instead of only one of the filetypes.
calling a function that returns Self will no longer work when the size of Self cannot be statically determined.
rustc now builds with a "pthreads" flavour of MinGW for Windows GNU this has caused a few regressions namely:
Changed the link order of local static/dynamic libraries (respecting the order on given rather than having the compiler reorder).
Changed how MinGW is linked, native code linked to dynamic libraries may require manually linking to the gcc support library (for the native code itself)
Version 1.17.0 (2017-04-27)
Language
The lifetime of statics and consts defaults to 'static. RFC 1623
Fields of structs may be initialized without duplicating the field/variable names. RFC 1682
Self may be included in the where clause of impls. RFC 1647
When coercing to an unsized type lifetimes must be equal. That is, there is no subtyping between T and U when T: Unsize<U>. For example, coercing &mut [&'a X; N] to &mut [&'b X] requires 'a be equal to 'b. Soundness fix.
Values passed to the indexing operator, [], automatically coerce
Static variables may contain references to other statics
Compiler
Exit quickly on only --emit dep-info
Make -C relocation-model more correctly determine whether the linker creates a position-independent executable
Add -C overflow-checks to directly control whether integer overflow panics
The rustc type checker now checks items on demand instead of in a single in-order pass. This is mostly an internal refactoring in support of future work, including incremental type checking, but also resolves RFC 1647, allowing Self to appear in impl where clauses.
Optimize vtable loads
Turn off vectorization for Emscripten targets
Provide suggestions for unknown macros imported with use
Fix ICEs in path resolution
Strip exception handling code on Emscripten when panic=abort
Add clearer error message using &str + &str
Stabilized APIs
Arc::into_raw
Arc::from_raw
Arc::ptr_eq
Rc::into_raw
Rc::from_raw
Rc::ptr_eq
Ordering::then
Ordering::then_with
BTreeMap::range
BTreeMap::range_mut
collections::Bound
process::abort
ptr::read_unaligned
ptr::write_unaligned
Result::expect_err
Cell::swap
Cell::replace
Cell::into_inner
Cell::take
Libraries
BTreeMap and BTreeSet can iterate over ranges
Cell can store non-Copy types. RFC 1651
String implements FromIterator<&char>
Box implements a number of new conversions: From<Box<str>> for String, From<Box<[T]>> for Vec<T>, From<Box<CStr>> for CString, From<Box<OsStr>> for OsString, From<Box<Path>> for PathBuf, Into<Box<str>> for String, Into<Box<[T]>> for Vec<T>, Into<Box<CStr>> for CString, Into<Box<OsStr>> for OsString, Into<Box<Path>> for PathBuf, Default for Box<str>, Default for Box<CStr>, Default for Box<OsStr>, From<&CStr> for Box<CStr>, From<&OsStr> for Box<OsStr>, From<&Path> for Box<Path>
ffi::FromBytesWithNulError implements Error and Display
Specialize PartialOrd<A> for [A] where A: Ord
Slightly optimize slice::sort
Add ToString trait specialization for Cow<'a, str> and String
Box<[T]> implements From<&[T]> where T: Copy, Box<str> implements From<&str>
IpAddr implements From for various arrays. SocketAddr implements From<(I, u16)> where I: Into<IpAddr>
format! estimates the needed capacity before writing a string
Support unprivileged symlink creation in Windows
PathBuf implements Default
Implement PartialEq<[A]> for VecDeque<A>
HashMap resizes adaptively to guard against DOS attacks and poor hash functions.
Cargo
Add cargo check --all
Add an option to ignore SSL revocation checking
Add cargo run --package
Add required_features
Assume build.rs is a build script
Find workspace via workspace_root link in containing member
Misc
Documentation is rendered with mdbook instead of the obsolete, in-tree rustbook
The "Unstable Book" documents nightly-only features
Improve the style of the sidebar in rustdoc output
Configure build correctly on 64-bit CPU's with the armhf ABI
Fix MSP430 breakage due to i128
Preliminary Solaris/SPARCv9 support
rustc is linked statically on Windows MSVC targets, allowing it to run without installing the MSVC runtime.
rustdoc --test includes file names in test names
This release includes builds of std for sparc64-unknown-linux-gnu, aarch64-unknown-linux-fuchsia, and x86_64-unknown-linux-fuchsia.
Initial support for aarch64-unknown-freebsd
Initial support for i686-unknown-netbsd
This release no longer includes the old makefile build system. Rust is built with a custom build system, written in Rust, and with Cargo.
Add Debug implementations for libcollection structs
TypeId implements PartialOrd and Ord
--test-threads=0 produces an error
rustup installs documentation by default
The Rust source includes NatVis visualizations. These can be used by WinDbg and Visual Studio to improve the debugging experience.
Compatibility Notes
Rust 1.17 does not correctly detect the MSVC 2017 linker. As a workaround, either use MSVC 2015 or run vcvars.bat.
When coercing to an unsized type lifetimes must be equal. That is, disallow subtyping between T and U when T: Unsize<U>, e.g. coercing &mut [&'a X; N] to &mut [&'b X] requires 'a be equal to 'b. Soundness fix.
format! and Display::to_string panic if an underlying formatting implementation returns an error. Previously the error was silently ignored. It is incorrect for write_fmt to return an error when writing to a string.
In-tree crates are verified to be unstable. Previously, some minor crates were marked stable and could be accessed from the stable toolchain.
Rust git source no longer includes vendored crates. Those that need to build with vendored crates should build from release tarballs.
Fix inert attributes from proc_macro_derives
During crate resolution, rustc prefers a crate in the sysroot if two crates are otherwise identical. Unlikely to be encountered outside the Rust build system.
Fixed bugs around how type inference interacts with dead-code. The existing code generally ignores the type of dead-code unless a type-hint is provided; this can cause surprising inference interactions particularly around defaulting. The new code uniformly ignores the result type of dead-code.
Tuple-struct constructors with private fields are no longer visible
Lifetime parameters that do not appear in the arguments are now considered early-bound, resolving a soundness bug (#32330). The hr_lifetime_in_assoc_type future-compatibility lint has been in effect since April of 2016.
rustdoc: fix doctests with non-feature crate attributes
Make transmuting from fn item types to pointer-sized types a hard error
|
|
under NetBSD. Bump PKGREVISION
Rust language 1.20.0 uses these options and Rust build system uses it
as '-l tinfo' and our wrapper does not handle this.
|
|
As announced in
https://mail-index.netbsd.org/pkgsrc-users/2017/09/11/msg025563.html
This still leaves emacs20, emacs21, and the current version, emacs25.
|
|
nodejs 8.6.0
============
crypto
- Support for multiple ECDH curves.
dgram
- Added setMulticastInterface() API.
- Custom lookup functions are now supported.
n-api
- The command-line flag is no longer required to use N-API.
tls
- Docs-only deprecation of parseCertString().
nodejs 8.5.0
============
build
- Snapshots are now re-enabled in V8
console
- Implement minimal console.group().
deps
- upgrade libuv to 1.14.1
- update nghttp2 to v1.25.0
dns
- Add verbatim option to dns.lookup(). When true, results from the DNS
resolver are passed on as-is, without the reshuffling that Node.js
otherwise does that puts IPv4 addresses before IPv6 addresses.
fs
- add fs.copyFile and fs.copyFileSync which allows for more efficient
copying of files.
inspector
- Enable async stack traces
module
- Add support for ESM. This is currently behind the
--experimental-modules flag and requires the .mjs extension. node
--experimental-modules index.mjs
napi
- implement promise
os
- Add support for CIDR notation to the output of the networkInterfaces()
method.
perf_hooks
- An initial implementation of the Performance Timing API for Node.js.
This is the same Performance Timing API implemented by modern browsers
with a number of Node.js specific properties. The User Timing mark()
and measure() APIs are implemented.
tls
- multiple PFX in createSecureContext
|
|
Build fix on NetBSD 6 applying upstream update.
|
|
|
|
|
|
|
|
dead upstream, last release from 2005, sometimes hangs in bulk builds
|
|
SPARC
Support for the SPARC M8 processor has been added.
The switches -mfix-ut700 and -mfix-gr712rc have been added to work around an erratum in LEON3FT processors.
Use of the Floating-point Multiply Single to Double (FsMULd) instruction can now be controlled by the -mfsmuld and -fno-fsmuld options.
RTEMS
The Ada run-time support uses now thread-local storage (TLS).
Support for RISC-V has been added.
Support for 64-bit PowerPC using the ELFv2 ABI with 64-bit long double has been added.
Bug fixes: https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=7.2
|
|
Set HOMEPAGE to github one, even though that is just a 10 year old
import of the sources. On the other hand, the last release is from 2005...
|
|
CVE-2017-12837: heap buffer overflow in regular expression compiler
CVE-2017-12883: buffer over-read in regular expression parser
From upstream commits:
https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
bump PKGREVISION
|
|
|
|
|
|
Add a PRINT_PLIST_AWK to help avoid this being removed again in the future,
though with all the PLIST_VARS used it's still difficult to keep updated. It
is probably worth splitting the vars into individual PLIST files instead.
|
|
|
|
1.11.0:
- Pull request 178: `with_metaclass` now properly proxies `__prepare__` to the
underlying metaclass.
- Pull request 191: Allow `with_metaclass` to work with metaclasses implemented
in C.
- Pull request 203: Add parse_http_list and parse_keqv_list to moved
urllib.request.
- Pull request 172 and issue 171: Add unquote_to_bytes to moved urllib.parse.
- Pull request 167: Add `six.moves.getoutput`.
- Pull request 80: Add `six.moves.urllib_parse.splitvalue`.
- Pull request 75: Add `six.moves.email_mime_image`.
- Pull request 72: Avoid creating reference cycles through tracebacks in
`reraise`.
|
|
|
|
1.4.1
Fixed arguments of module-level functions.
Fixed bug of execution with pipe.
Fixed wrong excption is raised.
|
|
Python 2.7.14:
Core and Builtins
- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape.
- bpo-27945: Fixed various segfaults with dict when input collections are
mutated during searching, inserting or comparing. Based on patches by
Duane Griffin and Tim Mitchell.
- bpo-25794: Fixed type.__setattr__() and type.__delattr__() for
non-interned or unicode attribute names. Based on patch by Eryk Sun.
- bpo-29935: Fixed error messages in the index() method of tuple and list
when pass indices of wrong type.
- bpo-28598: Support __rmod__ for subclasses of str being called before
str.__mod__. Patch by Martijn Pieters.
- bpo-29602: Fix incorrect handling of signed zeros in complex constructor for
complex subclasses and for inputs having a __complex__ method. Patch
by Serhiy Storchaka.
- bpo-29347: Fixed possibly dereferencing undefined pointers
when creating weakref objects.
- Issue 14376: Allow sys.exit to accept longs as well as ints. Patch
by Gareth Rees.
- Issue 29028: Fixed possible use-after-free bugs in the subscription of the
buffer object with custom index object.
- Issue 29145: Fix overflow checks in string, bytearray and unicode.
Patch by jan matejek and Xiang Zhang.
- Issue 28932: Do not include <sys/random.h> if it does not exist.
Extension Modules
- bpo-31170: Update vendorized expat to 2.2.4.
- Issue 29169: Update zlib to 1.2.11.
|
