Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Security fix with updating bundled RubyGems to 1.8.23 and several a few bug
fixes.
Fri Apr 20 12:40:19 2012 Eric Hodel <drbrain@segment7.net>
* lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem: Removed to avoid
conflict with ca-bundle.pem
* lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem:
ditto.
* lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem:
ditto.
Fri Apr 20 09:04:35 2012 Eric Hodel <drbrain@segment7.net>
* lib/rubygems: Apply the following security fixes to RubyGems 1.3.7:
RubyGems now disallows redirection from HTTPS to HTTP.
RubyGems now verifies SSL connections.
Patch by Hiroshi Nakamura.
* test/rubygems: ditto.
|
|
|
|
Security fix with updating bundled RubyGems to 1.8.23 and several bug fixes.
Please refer ChangeLog in detail:
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_3_194/ChangeLog
|
|
Three situations need it be handled:
1) Multilib support is unknowen, i.e. there is nothing in the options.mk
file to appropriately set ${MULTILIB_SUPPORTED} (currently all platforms
except Linux/x86_64). In this situation nothing should be done.
2) Multilib _is_ supported, in this situation the 'gcc-multilib' option
should be made available and the CONFIGURE_ARGS modified accordingly.
3) Multilib _is not_ supported, in this situation CONFIGURE_ARGS need to
be modified.
|
|
|
|
|
|
|
|
|
|
Changes since version 4.6.3 include various build system fixes,
iOS REPL improvements, addition of Xlib examples.
|
|
|
|
|
|
|
|
GCC 4.7.0 is a major release, containing substantial new
functionality not available in GCC 4.6.x or previous GCC releases.
GCC 4.7 features support for software transactional memory on
selected architectures. The C++ compiler supports a bigger
subset of the new ISO C++11 standard such as support for atomics
and the C++11 memory model, non-static data member initializers,
user-defined literals, alias-declarations, delegating constructors,
explicit override and extended friend syntax. The C compiler adds support
for more features from the new ISO C11 standard. GCC now supports
version 3.1 of the OpenMP specification for C, C++ and Fortran.
The link-time optimization (LTO) framework has seen improvements
with regards to scalability, stability and resource needs. Inlining
and interprocedural constant propagation have been improved.
GCC 4.7 now supports various new GNU extensions to the DWARF debugging
information format, like entry value and call site information, a typed
DWARF stack and a more compact macro representation.
Extending the widest support for hardware architectures in the
industry, GCC 4.7 gains support for Adapteva's Epiphany processor,
National Semiconductor's CR16, and TI's C6X as well as Tilera's
TILE-Gx and TILEPro families of processors. The x86
family support has been extended by the Intel Haswell and AMD Piledriver
architectures. ARM has gained support for the Cortex-A7 family.
See
http://gcc.gnu.org/gcc-4.7/changes.html
for more information about changes in GCC 4.7.
|
|
|
|
(CVE-2012-0845 is already fixed in pkgsrc)
What's New in Python 3.1.5?
===========================
*Release date: 2012-04-08*
Core and Builtins
-----------------
- Issue #13703: oCERT-2011-003: add -R command-line option and PYTHONHASHSEED
environment variable, to provide an opt-in way to protect against denial of
service attacks due to hash collisions within the dict and set types. Patch
by David Malcolm, based on work by Victor Stinner.
Library
-------
- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
table internal to the pyexpat module's copy of the expat library to avoid a
denial of service due to hash collisions. Patch by David Malcolm with some
modifications by the expat project.
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
- Issue #11603: Fix a crash when __str__ is rebound as __repr__. Patch by
Andreas Stührk.
|
|
(CVE-2012-0845, CVE-2012-1150 are alredy fixed in pkgsrc,
CVE-2012-0876 is not affect to pkgsrc, using external expat)
What's New in Python 2.6.8?
===========================
*Release date: 2012-04-10*
No changes since 2.6.8rc2.
What's New in Python 2.6.8 rc 2?
================================
*Release date: 2012-03-17*
Library
-------
- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
table internal to the pyexpat module's copy of the expat library to avoid a
denial of service due to hash collisions. Patch by David Malcolm with some
modifications by the expat project.
What's New in Python 2.6.8 rc 1?
================================
*Release date: 2012-02-23*
Core and Builtins
-----------------
- Issue #13703: oCERT-2011-003 CVE-2012-1150: add -R command-line
option and PYTHONHASHSEED environment variable, to provide an opt-in
way to protect against denial of service attacks due to hash
collisions within the dict and set types. Patch by David Malcolm,
based on work by Victor Stinner.
Library
-------
- Issue #14001: CVE-2012-0845: xmlrpc: Fix an endless loop in
SimpleXMLRPCServer upon malformed POST request.
- Issue #13885: CVE-2011-3389: the _ssl module would always disable the CBC
IV attack countermeasure.
|
|
* An ordered dictionary type
* New unittest features including test skipping, new assert methods, and test
discovery
* A much faster io module
* Automatic numbering of fields in the str.format() method
* Float repr improvements backported from 3.x
* Tile support for Tkinter
* A backport of the memoryview object from 3.x
* Set literals
* Set and dictionary comprehensions
* Dictionary views
* New syntax for nested with statements
* The sysconfig module
|
|
New in version 1.0.56
* bug fix: fix copy-structure. When copying from stack to heap,
garbage could end up in the heap making GC unhappy.
(Thanks to James Knight, #911027)
* enhancements
+ SBCL can now be built using Clang.
+ ASDF has been updated 2.20.
* bug fix: compiler errors when weakening hairy integer types. (#913232)
* bug fix: don't complain about a too-hairy lexical environment
for inlining when the function has never been requested for inlining.
(#963530)
|
|
- use options for language selection
- SunOS fixes
- reduced dependencies
|
|
math/mpcomplex together with gcc, as described at
http://gcc.gnu.org/install/prerequisites.html
|
|
along with gcc, as described at http://gcc.gnu.org/install/prerequisites.html
|
|
|
|
|
|
|
|
fixing the build.
Changes 3.12.0.0 -> 3.12.1.0:
- merge with OCaml 3.12.1
Changes 3.11.2.0 -> 3.12.0.0:
- merge with OCaml 3.12.0
- drop native ocamlducedoc
- fix memory leak issue in NS handling [Stefan Lampe]
Changes 3.11.1.0 -> 3.11.2.0:
- merge with OCaml 3.11.2
- build and install native-code plugin
- build ocamldoc library
- accept also ocaml_cmi_magic_number in objinfo
|
|
|
|
|
|
is always available, and update the PLIST accordingly. PKGREVISION -> 1.
Fixes build on Linux, where there's usually a native gdbm.
|
|
|
|
Presumably fixes PR pkg/46297
Changes in Erlang/OTP R15B01
Highlights:
* Added erlang:statistics(scheduler_wall_time) to ensure
correct determination of scheduler utilization. Measuring
scheduler utilization is strongly preferred over CPU
utilization, since CPU utilization gives very poor
indications of actual scheduler/vm usage.
* Changed ssh implementation to use the public_key application
for all public key handling. This is also a first step for
enabling a callback API for supplying public keys and
handling keys protected with password phrases. Additionally
the test suites where improved so that they do not copy the
users keys to test server directories as this is a security
liability. Also ipv6 and file access issues found in the
process has been fixed.
* When an escript ends now all printout to standard output and
standard error gets out on the terminal. This bug has been
corrected by changing the behaviour of erlang:halt/0,1,
which should fix the same problem for other escript-like
applications, i.e. that data stored in the output port
driver buffers got lost when printing on a TTY and exiting
through erlang:halt/0,1. The BIF:s erlang:halt/0,1 has
gotten improved semantics and there is a new BIF
erlang:halt/2 to accomplish something like the old
semantics. See the documentation.
* The DTrace source patch from Scott Lystig Fritchie is
integrated in the source tree. Using an emulator with dtrace
probe is still not supported for production use, but may be
a valuable debugging tool.
* Added Torbjörn Törnkvists LDAP client as a new application
called eldap.
* Added options for the ssh client to support user keys files
that are password protected.
Changes in Erlang/OTP R15B
Highlights:
* Line number and filename information are now included in
exception backtraces. This information will be
pretty-printed in the shell and used in crash reports etc.
In practice it will be much easier to find where something
failed.
* The driver interface has been changed to enable 64-bit aware
drivers. Most importantly the return types for ErlDrvEntry
callbacks 'call' and 'control' has been changed which
require drivers to be changed.
* New in this release is the support for 64 bit Windows.
The self extracting installer can be found here.
* CommonTest hooks are now in a final supported version.
* There is a new GUI tool in the observer application which
integrates pman, etop, appmon and tv into one tool. The tool
does also contain functions for activating tracing in an easy way.
* The Erlang distribution can now be run over the new SSL implementation.
Changes in Erlang/OTP R15A
Notable changes:
OTP-9468 'Line numbers in exceptions'
OTP-9451 'Parallel make'
OTP-4779 A new GUI for Observer. Integrating pman, etop and tv into
observer with tracing facilities.
OTP-7775 A number of memory allocation optimizations have been
implemented. Most optimizations reduce contention caused by
synchronization between threads during allocation and
deallocation of memory. Most notably:
Synchronization of memory management in scheduler
specific allocator instances has been rewritten to
use lock-free synchronization.
Synchronization of memory management in scheduler
specific pre-allocators has been rewritten to use
lock-free synchronization.
The 'mseg_alloc' memory segment allocator now use
scheduler specific instances instead of one
instance. Apart from reducing contention this also
ensures that memory allocators always create memory
segments on the local NUMA node on a NUMA system.
OTP-9632 An ERTS internal, generic, many to one, lock-free
queue for communication between threads has been
introduced. The many to one scenario is very common in
ERTS, so it can be used in a lot of places in the
future. Currently it is used by scheduling of certain
jobs, and the async thread pool, but more uses are
planned for the future.
Drivers using the driver_async functionality are not
automatically locked to the system anymore, and can be
unloaded as any dynamically linked in driver.
Scheduling of ready async jobs is now also interleaved
in between other jobs. Previously all ready async jobs
were performed at once.
OTP-9631 The ERTS internal system block functionality has been
replaced by new functionality for blocking the system.
The old system block functionality had contention
issues and complexity issues. The new functionality
piggy-backs on thread progress tracking functionality
needed by newly introduced lock-free synchronization
in the runtime system. When the functionality for
blocking the system isn't used, there is more or less
no overhead at all. This since the functionality for
tracking thread progress is there and needed anyway.
|
|
|
|
|
|
|
|
* Make gcc handle -fPIC properly.
from http://gcc.gnu.org/viewcvs/branches/csl-sol210-3_4-branch/gcc/config/sol2.h?r1=87927&r2=87928&pathrev=178719
|
|
|
|
${PLIST.eggfile} from PLISTs and support code from lang/python.
|
|
to "yes", so remove variable and code for "no".
|
|
Remove devel/py-ctypes (only needed by and supporting python24).
Remove PYTHON_VERSIONS_ACCEPTED and PYTHON_VERSIONS_INCOMPATIBLE
lines that just mirror defaults now.
Miscellaneous cleanup while editing all these files.
|
|
Suggested by Bug Hunting.
|
|
|
|
allowed in option names (pkglint has been updated).
---
Module Name: pkgsrc
Committed By: sbd
Date: Wed Apr 4 22:20:37 UTC 2012
Modified Files:
pkgsrc/lang/gcc46: options.mk
Log Message:
Rename option "gcc-c++" to "gcc-cpp" (with legacy support) as pkglint
complains with: "gcc-c++" is not a valid option name.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/lang/gcc46/options.mk
|
|
allowed in option names (pkglint has been updated).
---
Module Name: pkgsrc
Committed By: sbd
Date: Wed Apr 4 22:18:30 UTC 2012
Modified Files:
pkgsrc/lang/gcc44: options.mk
Log Message:
Rename option "gcc-c++" to "gcc-cpp" (with legacy support) as pkglint
complains with: "gcc-c++" is not a valid option name.
To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/lang/gcc44/options.mk
|
|
have failed. Also, gcc3 is obsolete.
|
|
attempts to fix it have failed.
|
|
From patch by Bug Hunting.
|
|
from PHP 5.4.0. This is a small security fix.
Bump PKGREVISION.
|
|
complains with: "gcc-c++" is not a valid option name.
|
|
Fix "make package" on FreeBSD 9.0.
|