| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Packaged for wip by Kamel Ibn Aziz Derouiche and myself.
Csmith is a tool that can generate random C programs that statically
and dynamically conform to the C99 standard. Thus, it is useful for
stress-testing compilers, static analyzers, and other tools that
process C code.
|
|
The full gamut of security fixes for this release is unknown, but, at
minimum, CVE-2020-16042 is addressed. (A full change log seems elusive:
the package's README points to a broken link, Mozilla advisories about
"memory safety hazards" can point to bug reports that can't be viewed,
etc.) This is the most current version that Debian has integrated,
which is where our package points to.
Successful build tests on:
NetBSD amd64/9.2_STABLE (with both Rust 1.52.1 and 1.54)
NetBSD i386/9.2_STABLE
OmniOS r151036
Fedora Linux 34 was not testable, as our packaging of LLVM 12.0.1 fails
to build on it. The upstream configuration continues to cap macOS build
support at 10.15.4. I updated our existing patch to allow 10.15.7, but
have no ability to test that OS, and no idea if 11.x would work.
This is effectively a minor leaf package now, and may best be removed
in future. I've updated this just in case issues emerge with the polkit
switch to duktape, which will first appear in our 2021Q3 branch. (That
is, I'm not aware of any issues, and definitely prefer duktape from a
packaging perspective.)
|
|
The previous change only worked for the build of go itself, any dependencies
that used the same go code were broken. Fixes www/gitea and others.
Needs to be fixed properly by creating a native illumos bootstrap kit.
|
|
|
|
|
|
Requested by gdt@, taken from wip, any mismerges are mine and I'll follow up.
While here pull in an additional fix from newer wip to disable the docs (they
are absolutely huge and not all that useful).
Version 1.54.0 (2021-07-29)
============================
Language
-----------------------
- [You can now use macros for values in built-in attribute macros.][83366]
While a seemingly minor addition on its own, this enables a lot of
powerful functionality when combined correctly. Most notably you can
now include external documentation in your crate by writing the following.
```rust
#![doc = include_str!("README.md")]
```
You can also use this to include auto-generated modules:
```rust
#[path = concat!(env!("OUT_DIR"), "/generated.rs")]
mod generated;
```
- [You can now cast between unsized slice types (and types which contain
unsized slices) in `const fn`.][85078]
- [You can now use multiple generic lifetimes with `impl Trait` where the
lifetimes don't explicitly outlive another.][84701] In code this means
that you can now have `impl Trait<'a, 'b>` where as before you could
only have `impl Trait<'a, 'b> where 'b: 'a`.
Compiler
-----------------------
- [Rustc will now search for custom JSON targets in
`/lib/rustlib/<target-triple>/target.json` where `/` is the "sysroot"
directory.][83800] You can find your sysroot directory by running
`rustc --print sysroot`.
- [Added `wasm` as a `target_family` for WebAssembly platforms.][84072]
- [You can now use `#[target_feature]` on safe functions when targeting
WebAssembly platforms.][84988]
- [Improved debugger output for enums on Windows MSVC platforms.][85292]
- [Added tier 3\* support for `bpfel-unknown-none`
and `bpfeb-unknown-none`.][79608]
Libraries
-----------------------
- [`panic::panic_any` will now `#[track_caller]`.][85745]
- [Added `OutOfMemory` as a variant of `io::ErrorKind`.][84744]
- [ `proc_macro::Literal` now implements `FromStr`.][84717]
- [The implementations of vendor intrinsics in core::arch have been
significantly refactored.][83278] The main user-visible changes are
a 50% reduction in the size of libcore.rlib and stricter validation
of constant operands passed to intrinsics. The latter is technically
a breaking change, but allows Rust to more closely match the C vendor
intrinsics API.
Stabilized APIs
---------------
- [`BTreeMap::into_keys`]
- [`BTreeMap::into_values`]
- [`HashMap::into_keys`]
- [`HashMap::into_values`]
- [`arch::wasm32`]
- [`VecDeque::binary_search`]
- [`VecDeque::binary_search_by`]
- [`VecDeque::binary_search_by_key`]
- [`VecDeque::partition_point`]
Cargo
-----
- [Added the `--prune <spec>` option to `cargo-tree` to remove a package from
the dependency graph.][cargo/9520]
- [Added the `--depth` option to `cargo-tree` to print only to a certain depth
in the tree ][cargo/9499]
- [Added the `no-proc-macro` value to `cargo-tree --edges` to hide procedural
macro dependencies.][cargo/9488]
- [A new environment variable named `CARGO_TARGET_TMPDIR` is available.][cargo/9375]
This variable points to a directory that integration tests and benches
can use as a "scratchpad" for testing filesystem operations.
Compatibility Notes
-------------------
- [Mixing Option and Result via `?` is no longer permitted in closures for inferred types.][86831]
- [Previously unsound code is no longer permitted where different constructors in branches
could require different lifetimes.][85574]
- As previously mentioned the [`std::arch` instrinsics now uses stricter const checking][83278]
than before and may reject some previously accepted code.
- [`i128` multiplication on Cortex M0+ platforms currently unconditionally causes overflow
when compiled with `codegen-units = 1`.][86063]
Version 1.53.0 (2021-06-17)
============================
Language
-----------------------
- [You can now use unicode for identifiers.][83799] This allows multilingual
identifiers but still doesn't allow glyphs that are not considered characters
such as `~W~F` or `~_~@`. More specifically you can now use any identifier that
matches the UAX #31 "Unicode Identifier and Pattern Syntax" standard. This
is the same standard as languages like Python, however Rust uses NFC
normalization which may be different from other languages.
- [You can now specify "or patterns" inside pattern matches.][79278]
Previously you could only use `|` (OR) on complete patterns. E.g.
```rust
let x = Some(2u8);
// Before
matches!(x, Some(1) | Some(2));
// Now
matches!(x, Some(1 | 2));
```
- [Added the `:pat_param` `macro_rules!` matcher.][83386] This matcher
has the same semantics as the `:pat` matcher. This is to allow `:pat`
to change semantics to being a pattern fragment in a future edition.
Compiler
-----------------------
- [Updated the minimum external LLVM version to LLVM 10.][83387]
- [Added Tier 3\* support for the `wasm64-unknown-unknown` target.][80525]
- [Improved debuginfo for closures and async functions on Windows MSVC.][83941]
Libraries
-----------------------
- [Abort messages will now forward to `android_set_abort_message` on
Android platforms when available.][81469]
- [`slice::IterMut<'_, T>` now implements `AsRef<[T]>`][82771]
- [Arrays of any length now implement `IntoIterator`.][84147]
Currently calling `.into_iter()` as a method on an array will
return `impl Iterator<Item=&T>`, but this may change in a
future edition to change `Item` to `T`. Calling `IntoIterator::into_iter`
directly on arrays will provide `impl Iterator<Item=T>` as expected.
- [`leading_zeros`, and `trailing_zeros` are now available on all
`NonZero` integer types.][84082]
- [`{f32, f64}::from_str` now parse and print special values
(`NaN`, `-0`) according to IEEE RFC 754.][78618]
- [You can now index into slices using `(Bound<usize>, Bound<usize>)`.][77704]
- [Add the `BITS` associated constant to all numeric types.][82565]
Stabilised APIs
---------------
- [`AtomicBool::fetch_update`]
- [`AtomicPtr::fetch_update`]
- [`BTreeMap::retain`]
- [`BTreeSet::retain`]
- [`BufReader::seek_relative`]
- [`DebugStruct::non_exhaustive`]
- [`Duration::MAX`]
- [`Duration::ZERO`]
- [`Duration::is_zero`]
- [`Duration::saturating_add`]
- [`Duration::saturating_mul`]
- [`Duration::saturating_sub`]
- [`ErrorKind::Unsupported`]
- [`Option::insert`]
- [`Ordering::is_eq`]
- [`Ordering::is_ge`]
- [`Ordering::is_gt`]
- [`Ordering::is_le`]
- [`Ordering::is_lt`]
- [`Ordering::is_ne`]
- [`OsStr::is_ascii`]
- [`OsStr::make_ascii_lowercase`]
- [`OsStr::make_ascii_uppercase`]
- [`OsStr::to_ascii_lowercase`]
- [`OsStr::to_ascii_uppercase`]
- [`Peekable::peek_mut`]
- [`Rc::decrement_strong_count`]
- [`Rc::increment_strong_count`]
- [`Vec::extend_from_within`]
- [`array::from_mut`]
- [`array::from_ref`]
- [`cmp::max_by_key`]
- [`cmp::max_by`]
- [`cmp::min_by_key`]
- [`cmp::min_by`]
- [`f32::is_subnormal`]
- [`f64::is_subnormal`]
Cargo
-----------------------
- [Cargo now supports git repositories where the default `HEAD` branch is not
"master".][cargo/9392] This also includes a switch to the version 3 `Cargo.lock` format
which can handle default branches correctly.
- [macOS targets now default to `unpacked` split-debuginfo.][cargo/9298]
- [The `authors` field is no longer included in `Cargo.toml` for new
projects.][cargo/9282]
Rustdoc
-----------------------
- [Added the `rustdoc::bare_urls` lint that warns when you have URLs
without hyperlinks.][81764]
Compatibility Notes
-------------------
- [Implement token-based handling of attributes during expansion][82608]
- [`Ipv4::from_str` will now reject octal format IP addresses in addition
to rejecting hexadecimal IP addresses.][83652] The octal format can lead
to confusion and potential security vulnerabilities and [is no
longer recommended][ietf6943].
- [The added `BITS` constant may conflict with external definitions.][85667]
In particular, this was known to be a problem in the `lexical-core` crate,
but they have published fixes for semantic versions 0.4 through 0.7. To
update this dependency alone, use `cargo update -p lexical-core`.
- Incremental compilation remains off by default, unless one uses the
`RUSTC_FORCE_INCREMENTAL=1` environment variable added in 1.52.1.
Internal Only
-------------
These changes provide no direct user facing benefits, but represent significant
improvements to the internals and overall performance of rustc and
related tools.
- [Rework the `std::sys::windows::alloc` implementation.][83065]
- [rustdoc: Don't enter an infer_ctxt in get_blanket_impls for impls that aren't blanket impls.][82864]
- [rustdoc: Only look at blanket impls in `get_blanket_impls`][83681]
- [Rework rustdoc const type][82873]
|
|
|
|
Re-do my previous Linux packaging fix in r. 1.26. FreeBSD and NetBSD
both don't need a particular code block that runs patchelf; doing so
only mangles the resulting binaries, so things can be simplified.
|
|
|
|
|
|
Python 3.7.12 final
Security
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
Library
bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.
|
|
Python 3.6.15 final
Security
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
Library
bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.
Tests
bpo-38965: Fix test_faulthandler on GCC 10. Use the “volatile” keyword in faulthandler._stack_overflow() to prevent tail call optimization on any compiler, rather than relying on compiler specific pragma.
|
|
I ran a bulk build and found three packages that broke. Two are fixed.
I don't know how to fix net/amazon-ecs-cli, but it did not build for me on
Go 1.16 either, so it is not a direct regression.
|
|
# cpp11 0.3.1
# cpp11 0.3.0
## New functions and features
* New `x.empty()` method to check if a vector is empty (@sbearrows, #182)
* New `x.named()` method to check if a vector is named (@sbearrows, #186)
* New `na()` free function to return the NA sentinels for R objects
(@sbearrows, #17 9)
## Major fixes
* Memory no longer inadvertently leaks when move constructing vectors
(#173)
## minor improvements and fixes
* Incorrectly formatted cpp11 decorators now output a more informative
error message (@sbearrows, #127)
* Generated registration code now uses C collation to avoid spurious
changes from `tools::package_native_routine_registration_skeleton()`
(@sbearrows, #171)
* Makevars files which include filenames now handle spaces in paths
properly (@klmr, #160)
|
|
New in 2021.08:
+ Additions:
+ Enable rendering of nested blocks in the `Pod::To::Text` module
[07517164][27f7924e][36de39f6]
+ Changes:
+ Raise priority of `let` and `temp` operators compared to `.=`, `.` and
auto-increment, making `let $foo .= &{ Nil }` work more intuitively compared to
`(let $foo) .= &{ Nil }` as was necessary before [ca40fca0][723e7488]
+ Change the `Scalar.WHICH` method implementation, fixing the semantics to reflect
that `Scalar` is not a value object [56fce9e7]
+ Efficiency:
+ Make the `&&`, `||` and `//` operators about 2x as fast for the
`+@a` candidates [db441c2c]
+ Improve performance of smartmatching between two `Signature` objects [66ae8612]
+ Fixes:
+ Fix some occurrences of hash-related concurrency issues [58ae9394]
+ Fix the `List.reduce` method when used with `&infix:<&&>`
[ea389d66][db441c2c]
+ Fix matching of native types against roles `Numeric`, `Real` and
`Stringy` [a8a78132]
+ Make `Pointer.Numeric` and `Pointer.Int` methods return 0
instead of resulting in an error [681e3b5e]
+ Fix a race in the `ClassHOW.new_type` method [08f5448d][83b0bca7]
+ Internal:
+ Make checking for Windows cheaper [89df7f4b]
+ Simplify `Rakudo::Iterator::While` iterator code [ffde2ba2]
+ Fix location of the `Proc.status` deprecation message [54f1b7a5]
+ Add tests to make sure float and double `NaN` can be passed to native code
via NativeCall using the Raku `NaN` value [8ae6f394]
|
|
|
|
|
|
Catch up with newer library versions from pkgsrc and the additional rust bin
directory, and ensure everything is running under set -e to catch failures.
|
|
|
|
Python 3.9.7 final
Security
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.
bpo-41180: Add auditing events to the marshal module, and stop raising code.__init__ events for every unmarshalled code object. Directly instantiated code objects will continue to raise an event, and audit event handlers should inspect or collect the raw marshal data. This reduces a significant performance overhead when loading from .pyc files.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
Core and Builtins
bpo-45018: Fixed pickling of range iterators that iterated for over 2**32 times.
bpo-44962: Fix a race in WeakKeyDictionary, WeakValueDictionary and WeakSet when two threads attempt to commit the last pending removal. This fixes asyncio.create_task and fixes a data loss in asyncio.run where shutdown_asyncgens is not run
bpo-44954: Fixed a corner case bug where the result of float.fromhex('0x.8p-1074') was rounded the wrong way.
bpo-44947: Refine the syntax error for trailing commas in import statements. Patch by Pablo Galindo.
bpo-44698: Restore behaviour of complex exponentiation with integer-valued exponent of type float or complex.
bpo-44885: Correct the ast locations of f-strings with format specs and repeated expressions. Patch by Pablo Galindo
bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).
bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.
bpo-25782: Fix bug where PyErr_SetObject hangs when the current exception has a cycle in its context chain.
bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.
bpo-44698: Fix undefined behaviour in complex object exponentiation.
bpo-44562: Remove uses of PyObject_GC_Del() in error path when initializing types.GenericAlias.
bpo-44523: Remove the pass-through for hash() of weakref.proxy objects to prevent unintended consequences when the original referred object dies while the proxy is part of a hashable object. Patch by Pablo Galindo.
bpo-44472: Fix ltrace functionality when exceptions are raised. Patch by Pablo Galindo
bpo-44184: Fix a crash at Python exit when a deallocator function removes the last strong reference to a heap type. Patch by Victor Stinner.
bpo-39091: Fix crash when using passing a non-exception to a generator’s throw() method. Patch by Noah Oxer
Library
bpo-41620: run() now always return a TestResult instance. Previously it returned None if the test class or method was decorated with a skipping decorator.
bpo-43913: Fix bugs in cleaning up classes and modules in unittest:
Functions registered with addModuleCleanup() were not called unless the user defines tearDownModule() in their test module.
Functions registered with addClassCleanup() were not called if tearDownClass is set to None.
Buffering in TestResult did not work with functions registered with addClassCleanup() and addModuleCleanup().
Errors in functions registered with addClassCleanup() and addModuleCleanup() were not handled correctly in buffered and debug modes.
Errors in setUpModule() and functions registered with addModuleCleanup() were reported in wrong order.
And several lesser bugs.
bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.
bpo-44449: Fix a crash in the signal handler of the faulthandler module: no longer modify the reference count of frame objects. Patch by Victor Stinner.
bpo-44955: Method stopTestRun() is now always called in pair with method startTestRun() for TestResult objects implicitly created in run(). Previously it was not called for test methods and classes decorated with a skipping decorator.
bpo-38956: argparse.BooleanOptionalAction’s default value is no longer printed twice when used with argparse.ArgumentDefaultsHelpFormatter.
bpo-44581: Upgrade bundled pip to 21.2.3 and setuptools to 57.4.0
bpo-44849: Fix the os.set_inheritable() function on FreeBSD 14 for file descriptor opened with the O_PATH flag: ignore the EBADF error on ioctl(), fallback on the fcntl() implementation. Patch by Victor Stinner.
bpo-44605: The @functools.total_ordering() decorator now works with metaclasses.
bpo-44822: sqlite3 user-defined functions and aggregators returning strings with embedded NUL characters are no longer truncated. Patch by Erlend E. Aasland.
bpo-44815: Always show loop= arg deprecations in asyncio.gather() and asyncio.sleep()
bpo-44806: Non-protocol subclasses of typing.Protocol ignore now the __init__ method inherited from protocol base classes.
bpo-44667: The tokenize.tokenize() doesn’t incorrectly generate a NEWLINE token if the source doesn’t end with a new line character but the last line is a comment, as the function is already generating a NL token. Patch by Pablo Galindo
bpo-42853: Fix http.client.HTTPSConnection fails to download >2GiB data.
bpo-44752: rcompleter does not call getattr() on property objects to avoid the side-effect of evaluating the corresponding method.
bpo-44720: weakref.proxy objects referencing non-iterators now raise TypeError rather than dereferencing the null tp_iternext slot and crashing.
bpo-44704: The implementation of collections.abc.Set._hash() now matches that of frozenset.__hash__().
bpo-44666: Fixed issue in compileall.compile_file() when sys.stdout is redirected. Patch by Stefan Hölzl.
bpo-40897: Give priority to using the current class constructor in inspect.signature(). Patch by Weipeng Hong.
bpo-44608: Fix memory leak in _tkinter._flatten() if it is called with a sequence or set, but not list or tuple.
bpo-41928: Update shutil.copyfile() to raise FileNotFoundError instead of confusing IsADirectoryError when a path ending with a os.path.sep does not exist; shutil.copy() and shutil.copy2() are also affected.
bpo-44566: handle StopIteration subclass raised from @contextlib.contextmanager generator
bpo-44558: Make the implementation consistency of indexOf() between C and Python versions. Patch by Dong-hee Na.
bpo-41249: Fixes TypedDict to work with typing.get_type_hints() and postponed evaluation of annotations across modules.
bpo-44461: Fix bug with pdb’s handling of import error due to a package which does not have a __main__ module
bpo-42892: Fixed an exception thrown while parsing a malformed multipart email by email.message.EmailMessage.
bpo-27827: pathlib.PureWindowsPath.is_reserved() now identifies a greater range of reserved filenames, including those with trailing spaces or colons.
bpo-34266: Handle exceptions from parsing the arg of pdb’s run/restart command.
bpo-27334: The sqlite3 context manager now performs a rollback (thus releasing the database lock) if commit failed. Patch by Luca Citi and Erlend E. Aasland.
bpo-43853: Improved string handling for sqlite3 user-defined functions and aggregates:
It is now possible to pass strings with embedded null characters to UDFs
Conversion failures now correctly raise MemoryError
Patch by Erlend E. Aasland.
bpo-43048: Handle RecursionError in TracebackException’s constructor, so that long exceptions chains are truncated instead of causing traceback formatting to fail.
bpo-41402: Fix email.message.EmailMessage.set_content() when called with binary data and 7bit content transfer encoding.
bpo-32695: The compresslevel and preset keyword arguments of tarfile.open() are now both documented and tested.
bpo-34990: Fixed a Y2k38 bug in the compileall module where it would fail to compile files with a modification time after the year 2038.
bpo-38840: Fix test___all__ on platforms lacking a shared memory implementation.
bpo-30256: Pass multiprocessing BaseProxy argument manager_owned through AutoProxy.
bpo-27513: email.utils.getaddresses() now accepts email.header.Header objects along with string values. Patch by Zackery Spytz.
bpo-33349: lib2to3 now recognizes async generators everywhere.
bpo-29298: Fix TypeError when required subparsers without dest do not receive arguments. Patch by Anthony Sottile.
Documentation
bpo-44903: Removed the othergui.rst file, any references to it, and the list of GUI frameworks in the FAQ. In their place I’ve added links to the Python Wiki page on GUI frameworks.
bpo-44756: Reverted automated virtual environment creation on make html when building documentation. It turned out to be disruptive for downstream distributors.
bpo-44693: Update the definition of __future__ in the glossary by replacing the confusing word “pseudo-module” with a more accurate description.
bpo-35183: Add typical examples to os.path.splitext docs
bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.
bpo-44561: Update of three expired hyperlinks in Doc/distributing/index.rst: “Project structure”, “Building and packaging the project”, and “Uploading the project to the Python Packaging Index”.
bpo-42958: Updated the docstring and docs of filecmp.cmp() to be more accurate and less confusing especially in respect to shallow arg.
bpo-44558: Match the docstring and python implementation of countOf() to the behavior of its c implementation.
bpo-44544: List all kwargs for textwrap.wrap(), textwrap.fill(), and textwrap.shorten(). Now, there are nav links to attributes of TextWrap, which makes navigation much easier while minimizing duplication in the documentation.
bpo-38062: Clarify that atexit uses equality comparisons internally.
bpo-43066: Added a warning to zipfile docs: filename arg with a leading slash may cause archive to be un-openable on Windows systems.
bpo-27752: Documentation of csv.Dialect is more descriptive.
bpo-44453: Fix documentation for the return type of sysconfig.get_path().
bpo-39498: Add a “Security Considerations” index which links to standard library modules that have explicitly documented security considerations.
bpo-33479: Remove the unqualified claim that tkinter is threadsafe. It has not been true for several years and likely never was. An explanation of what is true may be added later, after more discussion, and possibly after patching _tkinter.c,
Tests
bpo-25130: Add calls of gc.collect() in tests to support PyPy.
bpo-45011: Made tests relying on the _asyncio C extension module optional to allow running on alternative Python implementations. Patch by Serhiy Storchaka.
bpo-44949: Fix auto history tests of test_readline: sometimes, the newline character is not written at the end, so don’t expect it in the output.
bpo-44852: Add ability to wholesale silence DeprecationWarnings while running the regression test suite.
bpo-40928: Notify users running test_decimal regression tests on macOS of potential harmless “malloc can’t allocate region” messages spewed by test_decimal.
bpo-44734: Fixed floating point precision issue in turtle tests.
bpo-44708: Regression tests, when run with -w, are now re-running only the affected test methods instead of re-running the entire test file.
bpo-30256: Add test for nested queues when using multiprocessing shared objects AutoProxy[Queue] inside ListProxy and DictProxy
Build
bpo-44535: Enable building using a Visual Studio 2022 install on Windows.
bpo-43298: Improved error message when building without a Windows SDK installed.
Windows
bpo-45007: Update to OpenSSL 1.1.1l in Windows build
bpo-44572: Avoid consuming standard input in the platform module
bpo-40263: This is a follow-on bug from https://bugs.python.org/issue26903. Once that is applied we run into an off-by-one assertion problem. The assert was not correct.
macOS
bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.
bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.
Tools/Demos
bpo-44756: In the Makefile for documentation (Doc/Makefile), the build rule is dependent on the venv rule. Therefore, html, latex, and other build-dependent rules are also now dependent on venv. The venv rule only performs an action if $(VENVDIR) does not exist. Doc/README.rst was updated; most users now only need to type make html.
|
|
Python 3.8.12 final
Security
bpo-42278: Replaced usage of tempfile.mktemp() with TemporaryDirectory to avoid a potential race condition.
bpo-44394: Update the vendored copy of libexpat to 2.4.1 (from 2.2.8) to get the fix for the CVE-2013-0340 “Billion Laughs” vulnerability. This copy is most used on Windows and macOS.
bpo-43124: Made the internal putcmd function in smtplib sanitize input for presence of \r and \n characters to avoid (unlikely) command injection.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros.
Core and Builtins
bpo-44872: Use new trashcan macros (Py_TRASHCAN_BEGIN/END) in frameobject.c instead of the old ones (Py_TRASHCAN_SAFE_BEGIN/END).
bpo-33930: Fix segmentation fault with deep recursion when cleaning method objects. Patch by Augusto Goulart and Pablo Galindo.
bpo-44856: Fix reference leaks in the error paths of update_bases() and __build_class__. Patch by Pablo Galindo.
Library
bpo-45001: Made email date parsing more robust against malformed input, namely a whitespace-only Date: header. Patch by Wouter Bolsterlee.
Documentation
bpo-30511: Clarify that shutil.make_archive() is not thread-safe due to reliance on changing the current working directory.
Windows
bpo-45007: Update to OpenSSL 1.1.1l in Windows build
macOS
bpo-45007: Update macOS installer builds to use OpenSSL 1.1.1l.
bpo-44689: ctypes.util.find_library() now works correctly on macOS 11 Big Sur even if Python is built on an older version of macOS. Previously, when built on older macOS systems, find_library was not able to find macOS system libraries when running on Big Sur due to changes in how system libraries are stored.
|
|
|
|
20.0.1 (2021-07-19)
* Update messages to v17.0.1
20.0.0 (2021-07-08)
Changed
* Update messages to v17.0.0
* Update rule polish translation (#1579 l310)
* Add US Texan translations. (#1625 willmac321)
* [Ruby] Usage of Message DTOs instead of plain ruby hashes (#1603)
Fixed
* [Ruby] Rules weren't inheriting the relevant tags during the Gherkin Query
stage (Where it caches the NodeID) (#1593 luke-hill)
|
|
26 Aug 2021, PHP 7.3.30
- Phar:
. Fixed bug #81211: Symlinks are followed when creating PHAR archive (cmb)
|
|
26 Aug 2021, PHP 8.0.10
- Core:
. Fixed bug #72595 (php_output_handler_append illegal write access). (cmb)
. Fixed bug #66719 (Weird behaviour when using get_called_class() with
call_user_func()). (Nikita)
. Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
(cmb)
- BCMath:
. Fixed bug #78238 (BCMath returns "-0"). (cmb)
- CGI:
. Fixed bug #80849 (HTTP Status header truncation). (cmb)
- Date:
. Fixed bug #64975 (Error parsing when AM/PM not at the end). (Derick)
. Fixed bug #78984 (DateTimeZone accepting invalid UTC timezones). (Derick)
. Fixed bug #79580 (date_create_from_format misses leap year). (Derick)
. Fixed bug #80409 (DateTime::modify() loses time with 'weekday' parameter).
(Derick)
- GD:
. Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
- MySQLi:
. Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
johannes)
- Opcache:
. Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
(Dmitry)
. Fixed bug #81249 (Intermittent property assignment failure with JIT
enabled). (Dmitry)
. Fixed bug #81206 (Multiple PHP processes crash with JIT enabled). (cmb,
Nikita)
. Fixed bug #81272 (Segfault in var[] after array_slice with JIT). (Nikita)
. Fixed Bug #81255 (Memory leak in PHPUnit with functional JIT). (Dmitry)
. Fixed Bug #80959 (infinite loop in building cfg during JIT compilation)
(Nikita, Dmitry)
. Fixed bug #81226 (Integer overflow behavior is different with JIT
enabled). (Dmitry)
- OpenSSL:
. Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb)
- PDO_ODBC:
. Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL). (cmb)
- Phar:
. Fixed bug #81211: Symlinks are followed when creating PHAR archive (cmb)
- Shmop:
. Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita)
- SimpleXML:
. Fixed bug #81325 (Segfault in zif_simplexml_import_dom). (remi)
- Standard:
. Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
. Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
(George Dietrich)
. Fixed bug #74960 (Heap buffer overflow via str_repeat). (cmb, Dmitry)
- Streams:
. Fixed bug #81294 (Segfault when removing a filter). (cmb)
|
|
26 Aug 2021, PHP 7.4.23
- Core:
. Fixed bug #72595 (php_output_handler_append illegal write access). (cmb)
. Fixed bug #66719 (Weird behaviour when using get_called_class() with
call_user_func()). (Nikita)
. Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
(cmb)
- BCMath:
. Fixed bug #78238 (BCMath returns "-0"). (cmb)
- CGI:
. Fixed bug #80849 (HTTP Status header truncation). (cmb)
- GD:
. Fixed bug #51498 (imagefilledellipse does not work for large circles). (cmb)
- MySQLi:
. Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()). (cmb,
johannes)
- OpenSSL:
. Fixed bug #81327 (Error build openssl extension on php 7.4.22). (cmb)
- PDO_ODBC:
. Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL). (cmb)
- Phar:
. Fixed bug #81211: Symlinks are followed when creating PHAR archive.(cmb)
- Shmop:
. Fixed bug #81283 (shmop can't read beyond 2147483647 bytes). (cmb, Nikita)
- Standard:
. Fixed bug #72146 (Integer overflow on substr_replace). (cmb)
. Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
(George Dietrich)
. Fixed bug #74960 (Heap buffer overflow via str_repeat). (cmb, Dmitry)
- Streams:
. Fixed bug #81294 (Segfault when removing a filter). (cmb)
|
|
Some upstream-provided binaries weren't covered in a code block that
uses patch-elf to tinker with their RPATH entries. There's also an
extra binary provided vs. the NetBSD package, and possibly those for
other OSes. (I don't have Darwin or FreeBSD test environments; those
OSes could need tweaking for this, too.)
|
|
go115 became EOL upstream as soon as 1.17 was released.
|
|
Some relevant changes:
- new register-based calling convention (not on NetBSD though IIUC)
- new language feature to cast slices into array pointers
- the usual amount of bugfixes
|
|
Update Ruby on Rails 6.1 pacakges to 6.1.4.1.
Real changes are in Action Pack (www/ruby-actionpack61).
## Rails 6.1.4.1 (August 19, 2021) ##
* [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware.
Specially crafted "X-Forwarded-Host" headers in combination with certain
"allowed host" formats can cause the Host Authorization middleware in Action
Pack to redirect users to a malicious website.
|
|
Update Ruby on Rails 6.0 pacakges to 6.0.4.1.
Real changes are in Action Pack (www/ruby-actionpack60).
## Rails 6.0.4.1 (August 19, 2021) ##
* [CVE-2021-22942] Fix possible open redirect in Host Authorization middleware.
Specially crafted "X-Forwarded-Host" headers in combination with certain
"allowed host" formats can cause the Host Authorization middleware in Action
Pack to redirect users to a malicious website.
|
|
Build fix for Linux distros that don't ship pax by default.
|
|
|
|
|
|
New in 2021.07:
• Additions:
□ Make cmp routine work properly on Iterator, Seq, Uni, native arrays and
empty Lists
[efb3116][f3ff062][76714ca][39ba888]
□ Add the ACCEPTS(Uni) method on Uni candidate [6b6459f]
□ Implement last and next with a value for 6.e language revision
[402ea05][2542a0a][a5d8135][0761d4b][47ebc86][a2faac4]
[e777fc4][4f19087][2157642]
□ Properly support nearly all HTML5 entities in Pod E<> formatting code [
910179d]
□ Allow Ctrl-C to stop entry in REPL [cf7b4f1]
□ Add ⩶ and ⩵ as Unicode synonyms for === and == [eab780f]
• Deprecations:
□ Deprecate the status method on Proc in place of exitcode and signal
methods
[249fdba][2fd458c]
• Build System:
□ Tidy and improve cleanup rules [e771bd8]
□ Support creating an MSI installer [4e93b84]
• Changes:
□ Allow add method on IO::Path to take multiple values (e.g. "foo".IO.add
(<bar baz>)) [b4d3398]
• Efficiency:
□ Optimize calls to map [a8f144c][38626c6]
□ Optimize loops without phasers for one and two arguments case [265888c]
□ Make for / map with 2+ arguments up to 2x as fast [4c417f3][4f5fb9e][
bfa6b29]
□ Make List cmp List about 25% faster [50bd171]
□ Reduce overhead of loops with phasers by at least 5% [5ecc830][7a1b729]
□ Make the grep(Callable) method about 3% faster [52ffc12][bb09bbb][
71f6bad]
• Fixes:
□ Fix rakuw.exe to be a non-console app [57885f6]
□ Fix CURI probing and installation edge case issue on Windows [2839cef][
d668d99]
□ Clean up sockets created by IO::Socket::INET.new on error [bee5c7a][
271f17b]
□ Fix freezes caused by concurrently produced iterators
[8eae05b][2d396ae][6e66c2e][24b0df8]
□ Fix unimatch for non-base properties [0a1256a]
• Internal:
□ Implement support for moar::hllincludes config variable [a96bfdc][
552f281]
□ Fix binary release set-env.* scripts with space in path [a4a46e3]
□ Rakudo::Iterator::UnendingValue no longer a PredictiveIterator [917d674
]
□ Separate Rakudo::Iterator::IntRange into two classes [03aef65]
□ PredictiveIterator provides own push-until-lazy [7cf3927]
□ Various internal fixes and improvements
[5976e30][bdc5092][1bd0411][f2959ad][ddc7c9f][9c69b7d]
[941349d][eae82f0][2efe430][7f5f60e][22f78f4][9bf1e1c]
|
|
|
|
(still doesn't build for me after that; there's something wrong with the
docs processing)
|
|
|
|
PEAR 1.10.13 (2021-08-10 18:32 UTC)
Changelog:
* PR #114: unsupported protocol - use --force to continue
* PR #117: Add $this operator to _determineIfPowerpc calls
|
|
This minor release includes a security fix according to the new security
policy.
A net/http/httputil ReverseProxy can panic due to a race condition if its
Handler aborts with ErrAbortHandler, for example due to an error in copying the
response body. An attacker might be able to force the conditions leading to the
race condition.
This is issue https://golang.org/issue/46866 and CVE-2021-36221. Thanks to
Andrew Crump (VMware) for reporting this issue.
|
|
This minor release includes a security fix according to the new security
policy.
A net/http/httputil ReverseProxy can panic due to a race condition if its
Handler aborts with ErrAbortHandler, for example due to an error in copying the
response body. An attacker might be able to force the conditions leading to the
race condition.
This is issue https://golang.org/issue/46866 and CVE-2021-36221. Thanks to
Andrew Crump (VMware) for reporting this issue.
|
|
The mix of i586-unknown-netbsd and i686-unknown-netbsd targets
leads partial misdetection of external llvm from lang/llvm.
It adds -DLLVM_RUSTLLVM to CFLAGS and -DLLVM_RUSTLLVM breaks
PassWrapper.c build with external llvm.
Fix PR pkg/56304.
|
|
## 1.16.1 - 2021-06-09
- Add `maclintf` - a utility for adding linting messages when inside macros.
- Print source code of offending line on compiler warnings and errors.
- Fix some issues with linting and re-add missing `make docs`.
- Allow controlling linting with dynamic bindings `:lint-warn`, `:lint-error`, and `:lint-levels`.
- Add `-w` and `-x` command line flags to the `janet` binary to set linting thresholds.
linting thresholds are as follows:
- :none - will never be trigger.
- :relaxed - will only trigger on `:relaxed` lints.
- :normal - will trigger on `:relaxed` and `:normal` lints.
- :strict - will trigger on `:strict`, `:normal`, and `:relaxed` lints. This will catch the most issues
but can be distracting.
|
|
1. Bug fixes
Elixir
[Kernel] Ensure deprecated macros emit warnings
Mix
[mix deps] Ensure unconstrained rebar deps generate valid mix specifications
2. Enhancements
Elixir
[elixirc] Change the output of --profile time to make it easier to detect outliers
[Application] Do not add compile time deps on args to Application.compile_env/2 and Application.compile_env!/2
[Enum] Optimize Enum.into/3 and Map.new/2
Mix
[mix compile] Compile most recently changed files first
[mix compile, mix run, mix test] Speed up the time taken to load dependencies. This should make the usage of Mix inside projects quite more responsive
|
|
New in version 2.1.7
* incompatible change: on certain platforms (currently just
x86-64), dynamic-extent arrays specialized on character and
numeric types and created without either :INITIAL-ELEMENT or
:INITIAL-CONTENTS will reflect previous contents of the stack
instead of #\null (or 0) in all elements.
* minor incompatible change: SB-SPROF:START-PROFILING no longer
silently does nothing if the clock is already running. It
instead stop and restarts with the newly provided options, and
warns.
* minor incompatible change: the system attempts to refer to the
supplied pathname in compiler diagnostics, if relevant, rather
than the truename.
* enhancement: new contrib module sb-graph producing graphical
visualizations of Intermediate Representations of SBCL
compilation data structures.
* platform support:
* improved code generation for unary minus in modular contexts
on arm64.
* make the disassembler annotations slightly more robust on arm64.
* release space back to the Operating System on Windows.
* improve the test for whether pages need to be committed on Windows.
* fix a bug in the use of the VPCMPEQD opcode on
x86-64. (#1928516, thanks to Marco Heisig)
* optimization: the type of (LOOP ... COLLECT ...), and the type
of COLLECT INTO variables, is derived as LIST. (#1934577,
reported by SATO shinichi)
New in version 2.1.6
* minor incompatible change: COMPILE-FILE does not merge the input
file's pathname-directory into the output path if :OUTPUT-FILE
was specified and has a directory that is not :UNSPECIFIC.
* platform support:
* improvements to unwind code generation on arm64.
* on x86-64, accept three operands for vshufpd. (reported by
Bela Pecsek)
* on x86-64, improvements to use of popcount
* improve exception handling on 64-bit Windows. (thanks to
Luis Borges de Oliveira)
* bug fix: allow use of macros with improper argument
list. (#1929623, thanks to Sean Maher)
* bug fix: COERCE no longer attempts to guess what the user meant
if they provide a type specifier of a union of types other than
STRING. (#1929614)
* bug fix: print a single trailing zero after the decimal point
for FORMAT ~E if there are no digits remaining to be printed and
the width allows it. (#883520)
|
|
|
|
libjsound.so on NetBSD uses PREFIX/lib/libasound.so and add PREFIX/lib
to rpath of libjsound.so.
Fix confusion against devel/libnet.
Reported by manu@ on tech-pkg@.
Bump PKGREVISON.
|
|
Version 14.17.4 'Fermium' (LTS)
This is a security release.
Notable Changes
CVE-2021-22930: Use after free on close http2 on stream canceling (High)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
This releases also fixes some regressions with internationalization introduced by the ICU updates in Node.js 14.17.0 and 14.17.1.
|
|
29 Jul 2021, PHP 8.0.9
- Core:
. Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
(cmb, Nikita)
. Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
(krakjoe)
. Fixed bug #81159 (Object to int warning when using an object as a string
offset). (girgias)
. Fixed bug #80728 (PHP built-in web server resets timeout when it can kill
the process). (Calvin Buckley)
. Fixed bug #73630 (Built-in Weberver - overwrite $_SERVER['request_uri']).
(cmb)
. Fixed bug #80173 (Using return value of zend_assign_to_variable() is not
safe). (Nikita)
. Fixed bug #73226 (--r[fcez] always return zero exit code). (cmb)
- Intl:
. Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
(cmb)
. Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone). (cmb)
. Fixed bug #74264 (grapheme_strrpos() broken for negative offsets). (cmb)
- OpenSSL:
. Fixed bug #52093 (openssl_csr_sign truncates $serial). (cmb)
- PCRE:
. Fixed bug #81101 (PCRE2 10.37 shows unexpected result). (Anatol)
. Fixed bug #81243 (Too much memory is allocated for preg_replace()). (cmb)
- Reflection:
. Fixed bug #81208 (Segmentation fault while create newInstance from
attribute). (Nikita)
- Standard:
. Fixed bug #81223 (flock() only locks first byte of file). (cmb)
|
