| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
joyent/pkgsrc#457.
|
|
component in get_makefile_filename() to reflect the former change.
|
|
(accidentially commented out condition).
now bump pkgrevision.
|
|
* Always include a platform string in a config directory name
|
|
sysconfig.get_makefile_filename() works again.
|
|
builds without Command Line Tools.
|
|
should help failing CentOS builds.
|
|
non-amd64 (i386, SPARC - at least). disable it until PHP, add note that
it's mostly relevant for PCRE1 8.38, so if PHP updates to PCRE2 as they
plan, it will be irrelevant.
From Joern Clausen / cmb@php
|
|
non-amd64 (i386, SPARC - at least). disable it until PHP, add note that
it's mostly relevant for PCRE1 8.38, so if PHP updates to PCRE2 as they
plan, it will be irrelevant.
From Joern Clausen / cmb@php
|
|
|
|
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017, PHP 5.6.30
- EXIF:
. Fixed bug #73737 (FPE when parsing a tag format). (Stas)
- GD:
. Fixed bug #73549 (Use after free when stream is passed to imagepng). (cmb)
. Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
. Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
- Intl:
. Fixed bug #68447 (grapheme_extract take an extra trailing character).
(SATŌ Kentarō)
- Phar:
. Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
. Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
. Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
- SQLite3:
. Reverted fix for bug #73530 (Unsetting result set may reset other result
set). (cmb)
- Standard:
. Fixed bug #70213 (Unserialize context shared on double class lookup).
(Taoguang Chen)
. Fixed bug #73825 (Heap out of bounds read on unserialize in
finish_nested_data()). (Stas)
|
|
pkgsrc changes:
- Switch MASTER_SITES to https://www.python.org/ftp/python/doc/${VERS}/
Unlike previous MASTER_SITES the documentation there is not regenerated
periodically (so it will avoid possible changes in the distfiles).
Changes (from the `Documentation' section of the Python 3.5.3 Changelog):
- Issue #28513: Documented command-line interface of zipfile.
|
|
MASTER_SITES= site1 \
site2
style continuation lines to be simple repeated
MASTER_SITES+= site1
MASTER_SITES+= site2
lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
accordingly.
|
|
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017 PHP 7.0.15
- Core:
. Fixed bug #73792 (invalid foreach loop hangs script). (Dmitry)
. Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created
with list()). (Laruence)
. Fixed bug #73585 (Logging of "Internal Zend error - Missing class
information" missing class name). (Laruence)
. Fixed bug #73753 (unserialized array pointer not advancing). (David Walker)
. Fixed bug #73825 (Heap out of bounds read on unserialize in
finish_nested_data()). (Stas)
. Fixed bug #73831 (NULL Pointer Dereference while unserialize php object).
(Stas)
. Fixed bug #73832 (Use of uninitialized memory in unserialize()). (Stas)
. Fixed bug #73092 (Unserialize use-after-free when resizing object's
properties hash table). (Nikita)
. Fixed bug #69425 (Use After Free in unserialize()). (Nikita)
. Fixed bug #72731 (Type Confusion in Object Deserialization). (Nikita)
- COM:
. Fixed bug #73679 (DOTNET read access violation using invalid codepage).
(Anatol)
- DOM:
. Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks)
- EXIF:
. Bug bug #73737 (FPE when parsing a tag format). (Stas)
- GD:
. Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
. Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
- GMP:
. Fixed bug #70513 (GMP Deserialization Type Confusion Vulnerability).
(Nikita)
- Mysqli:
. Fixed bug #73462 (Persistent connections don't set $connect_errno).
(darkain)
- Mysqlnd:
. Fixed issue with decoding BIT columns when having more than one rows in the
result set. 7.0+ problem. (Andrey)
. Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
(vanviegen)
- PCRE:
. Fixed bug #73612 (preg_*() may leak memory). (cmb)
- PDO_Firebird:
. Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning
statement). (Dorin Marcoci)
- Phar:
. Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
. Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
. Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
- Phpdbg:
. Fixed bug #73615 (phpdbg without option never load .phpdbginit at startup).
(Bob)
. Fixed issue getting executable lines from custom wrappers. (Bob)
. Fixed bug #73704 (phpdbg shows the wrong line in files with shebang). (Bob)
- Reflection:
. Fixed bug #46103 (ReflectionObject memory leak). (Nikita)
- Streams:
. Fixed bug #73586 (php_user_filter::$stream is not set to the stream the
filter is working on). (Dmitry)
- SQLite3:
. Reverted fix for bug #73530 (Unsetting result set may reset other result
set). (cmb)
- Standard:
. Fixed bug #73594 (dns_get_record does not populate $additional out
parameter). (Bruce Weirdan)
. Fixed bug #70213 (Unserialize context shared on double class lookup).
(Taoguang Chen)
. Fixed bug #73154 (serialize object with __sleep function crash). (Nikita)
. Fixed bug #70490 (get_browser function is very slow). (Nikita)
. Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage).
(Nikita)
. Fixed bug #31875 (get_defined_functions additional param to exclude
disabled functions). (willianveiga)
- Zlib:
. Fixed bug #73373 (deflate_add does not verify that output was not truncated).
(Matt Bonneau)
|
|
PHP NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
19 Jan 2017, PHP 7.1.1
- Core:
. Fixed bug #73792 (invalid foreach loop hangs script). (Dmitry)
. Fixed bug #73686 (Adding settype()ed values to ArrayObject results in
references). (Nikita, Laruence)
. Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created
with list()). (Laruence)
. Fixed bug #73727 (ZEND_MM_BITSET_LEN is "undefined symbol" in
zend_bitset.h). (Nikita)
. Fixed bug #73753 (unserialized array pointer not advancing). (David Walker)
. Fixed bug #73783 (SIG_IGN doesn't work when Zend Signals is enabled).
(David Walker)
. Fixed bug #73825 (Heap out of bounds read on unserialize in
finish_nested_data()). (Stas)
. Fixed bug #73831 (NULL Pointer Dereference while unserialize php object).
(Stas)
. Fixed bug #73832 (Use of uninitialized memory in unserialize()). (Stas)
- CLI:
. Fixed bug #72555 (CLI output(japanese) on Windows). (Anatol)
- COM:
. Fixed bug #73679 (DOTNET read access violation using invalid codepage).
(Anatol)
- DOM:
. Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks)
- EXIF:
. Bug bug #73737 (FPE when parsing a tag format). (Stas)
- GD:
. Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
. Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
- Mbstring:
. Fixed bug #73646 (mb_ereg_search_init null pointer dereference).
(Laruence)
- Mysqli:
. Fixed bug #73462 (Persistent connections don't set $connect_errno).
(darkain)
- Mysqlnd:
. Optimized handling of BIT fields - less memory copies and lower memory
usage. (Andrey)
. Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
(vanviegen)
- Opcache:
. Fixed bug #73789 (Strange behavior of class constants in switch/case block).
(Laruence)
. Fixed bug #73746 (Method that returns string returns UNKNOWN:0 instead).
(Laruence)
. Fixed bug #73654 (Segmentation fault in zend_call_function). (Nikita)
. Fixed bug #73668 ("SIGFPE Arithmetic exception" in opcache when divide by
minus 1). (Nikita)
. Fixed bug #73847 (Recursion when a variable is redefined as array). (Nikita)
- PDO_Firebird:
. Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning
statement). (Dorin Marcoci)
- Phar:
. Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
. Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
. Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
- phpdbg:
. Fixed bug #73794 (Crash (out of memory) when using run and # command
separator). (Bob)
. Fixed bug #73704 (phpdbg shows the wrong line in files with shebang). (Bob)
- SQLite3:
. Reverted fix for bug #73530 (Unsetting result set may reset other result
set). (cmb)
- Standard:
. Fixed bug #73594 (dns_get_record does not populate $additional out
parameter). (Bruce Weirdan)
. Fixed bug #70213 (Unserialize context shared on double class lookup).
(Taoguang Chen)
. Fixed bug #73154 (serialize object with __sleep function crash). (Nikita)
. Fixed bug #70490 (get_browser function is very slow). (Nikita)
. Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage).
(Nikita)
. Add subject to mail log. (tomsommer)
. Fixed bug #31875 (get_defined_functions additional param to exclude
disabled functions). (willianveiga)
- Zlib
. Fixed bug #73373 (deflate_add does not verify that output was not truncated).
(Matt Bonneau)
|
|
Upstream changes:
What's New in Python 3.5.3?
===========================
Release date: 2017-01-16
There were no code changes between 3.5.3rc1 and 3.5.3 final.
What's New in Python 3.5.3 release candidate 1?
===============================================
Release date: 2017-01-02
Core and Builtins
-----------------
- Issue #29073: bytearray formatting no longer truncates on first null byte.
- Issue #28932: Do not include <sys/random.h> if it does not exist.
- Issue #28147: Fix a memory leak in split-table dictionaries: setattr()
must not convert combined table into split table.
- Issue #25677: Correct the positioning of the syntax error caret for
indented blocks. Based on patch by Michael Layzell.
- Issue #29000: Fixed bytes formatting of octals with zero padding in alternate
form.
- Issue #28512: Fixed setting the offset attribute of SyntaxError by
PyErr_SyntaxLocationEx() and PyErr_SyntaxLocationObject().
- Issue #28991: functools.lru_cache() was susceptible to an obscure reentrancy
bug caused by a monkey-patched len() function.
- Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X
when decode astral characters. Patch by Xiang Zhang.
- Issue #19398: Extra slash no longer added to sys.path components in case of
empty compile-time PYTHONPATH components.
- Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug
build.
- Issue #23782: Fixed possible memory leak in _PyTraceback_Add() and exception
loss in PyTraceBack_Here().
- Issue #28379: Added sanity checks and tests for PyUnicode_CopyCharacters().
Patch by Xiang Zhang.
- Issue #28376: The type of long range iterator is now registered as Iterator.
Patch by Oren Milman.
- Issue #28376: The constructor of range_iterator now checks that step is not 0.
Patch by Oren Milman.
- Issue #26906: Resolving special methods of uninitialized type now causes
implicit initialization of the type instead of a fail.
- Issue #18287: PyType_Ready() now checks that tp_name is not NULL.
Original patch by Niklas Koep.
- Issue #24098: Fixed possible crash when AST is changed in process of
compiling it.
- Issue #28350: String constants with null character no longer interned.
- Issue #26617: Fix crash when GC runs during weakref callbacks.
- Issue #27942: String constants now interned recursively in tuples and frozensets.
- Issue #21578: Fixed misleading error message when ImportError called with
invalid keyword args.
- Issue #28203: Fix incorrect type in error message from
``complex(1.0, {2:3})``. Patch by Soumya Sharma.
- Issue #27955: Fallback on reading /dev/urandom device when the getrandom()
syscall fails with EPERM, for example when blocked by SECCOMP.
- Issue #28131: Fix a regression in zipimport's compile_source(). zipimport
should use the same optimization level as the interpreter.
- Issue #25221: Fix corrupted result from PyLong_FromLong(0) when
Python is compiled with NSMALLPOSINTS = 0.
- Issue #25758: Prevents zipimport from unnecessarily encoding a filename
(patch by Eryk Sun)
- Issue #28189: dictitems_contains no longer swallows compare errors.
(Patch by Xiang Zhang)
- Issue #27812: Properly clear out a generator's frame's backreference to the
generator to prevent crashes in frame.clear().
- Issue #27811: Fix a crash when a coroutine that has not been awaited is
finalized with warnings-as-errors enabled.
- Issue #27587: Fix another issue found by PVS-Studio: Null pointer check
after use of 'def' in _PyState_AddModule().
Initial patch by Christian Heimes.
- Issue #26020: set literal evaluation order did not match documented behaviour.
- Issue #27782: Multi-phase extension module import now correctly allows the
``m_methods`` field to be used to add module level functions to instances
of non-module types returned from ``Py_create_mod``. Patch by Xiang Zhang.
- Issue #27936: The round() function accepted a second None argument
for some types but not for others. Fixed the inconsistency by
accepting None for all numeric types.
- Issue #27487: Warn if a submodule argument to "python -m" or
runpy.run_module() is found in sys.modules after parent packages are
imported, but before the submodule is executed.
- Issue #27558: Fix a SystemError in the implementation of "raise" statement.
In a brand new thread, raise a RuntimeError since there is no active
exception to reraise. Patch written by Xiang Zhang.
- Issue #27419: Standard __import__() no longer look up "__import__" in globals
or builtins for importing submodules or "from import". Fixed handling an
error of non-string package name.
- Issue #27083: Respect the PYTHONCASEOK environment variable under Windows.
- Issue #27514: Make having too many statically nested blocks a SyntaxError
instead of SystemError.
- Issue #27473: Fixed possible integer overflow in bytes and bytearray
concatenations. Patch by Xiang Zhang.
- Issue #27507: Add integer overflow check in bytearray.extend(). Patch by
Xiang Zhang.
- Issue #27581: Don't rely on wrapping for overflow check in
PySequence_Tuple(). Patch by Xiang Zhang.
- Issue #27443: __length_hint__() of bytearray iterators no longer return a
negative integer for a resized bytearray.
- Issue #27942: Fix memory leak in codeobject.c
Library
-------
- Issue #15812: inspect.getframeinfo() now correctly shows the first line of
a context. Patch by Sam Breese.
- Issue #29094: Offsets in a ZIP file created with extern file object and modes
"w" and "x" now are relative to the start of the file.
- Issue #13051: Fixed recursion errors in large or resized
curses.textpad.Textbox. Based on patch by Tycho Andersen.
- Issue #29119: Fix weakrefs in the pure python version of
collections.OrderedDict move_to_end() method.
Contributed by Andra Bogildea.
- Issue #9770: curses.ascii predicates now work correctly with negative
integers.
- Issue #28427: old keys should not remove new values from
WeakValueDictionary when collecting from another thread.
- Issue 28923: Remove editor artifacts from Tix.py.
- Issue #28871: Fixed a crash when deallocate deep ElementTree.
- Issue #19542: Fix bugs in WeakValueDictionary.setdefault() and
WeakValueDictionary.pop() when a GC collection happens in another
thread.
- Issue #20191: Fixed a crash in resource.prlimit() when pass a sequence that
doesn't own its elements as limits.
- Issue #28779: multiprocessing.set_forkserver_preload() would crash the
forkserver process if a preloaded module instantiated some
multiprocessing objects such as locks.
- Issue #28847: dbm.dumb now supports reading read-only files and no longer
writes the index file when it is not changed.
- Issue #25659: In ctypes, prevent a crash calling the from_buffer() and
from_buffer_copy() methods on abstract classes like Array.
- Issue #28732: Fix crash in os.spawnv() with no elements in args
- Issue #28485: Always raise ValueError for negative
compileall.compile_dir(workers=...) parameter, even when multithreading is
unavailable.
- Issue #28387: Fixed possible crash in _io.TextIOWrapper deallocator when
the garbage collector is invoked in other thread. Based on patch by
Sebastian Cufre.
- Issue #27517: LZMA compressor and decompressor no longer raise exceptions if
given empty data twice. Patch by Benjamin Fogle.
- Issue #28549: Fixed segfault in curses's addch() with ncurses6.
- Issue #28449: tarfile.open() with mode "r" or "r:" now tries to open a tar
file with compression before trying to open it without compression. Otherwise
it had 50% chance failed with ignore_zeros=True.
- Issue #23262: The webbrowser module now supports Firefox 36+ and derived
browsers. Based on patch by Oleg Broytman.
- Issue #27939: Fixed bugs in tkinter.ttk.LabeledScale and tkinter.Scale caused
by representing the scale as float value internally in Tk. tkinter.IntVar
now works if float value is set to underlying Tk variable.
- Issue #28255: calendar.TextCalendar().prmonth() no longer prints a space
at the start of new line after printing a month's calendar. Patch by
Xiang Zhang.
- Issue #20491: The textwrap.TextWrapper class now honors non-breaking spaces.
Based on patch by Kaarle Ritvanen.
- Issue #28353: os.fwalk() no longer fails on broken links.
- Issue #25464: Fixed HList.header_exists() in tkinter.tix module by addin
a workaround to Tix library bug.
- Issue #28488: shutil.make_archive() no longer add entry "./" to ZIP archive.
- Issue #24452: Make webbrowser support Chrome on Mac OS X.
- Issue #20766: Fix references leaked by pdb in the handling of SIGINT
handlers.
- Issue #26293: Fixed writing ZIP files that starts not from the start of the
file. Offsets in ZIP file now are relative to the start of the archive in
conforming to the specification.
- Issue #28321: Fixed writing non-BMP characters with binary format in plistlib.
- Issue #28322: Fixed possible crashes when unpickle itertools objects from
incorrect pickle data. Based on patch by John Leitch.
- Fix possible integer overflows and crashes in the mmap module with unusual
usage patterns.
- Issue #1703178: Fix the ability to pass the --link-objects option to the
distutils build_ext command.
- Issue #28253: Fixed calendar functions for extreme months: 0001-01
and 9999-12.
Methods itermonthdays() and itermonthdays2() are reimplemented so
that they don't call itermonthdates() which can cause datetime.date
under/overflow.
- Issue #28275: Fixed possible use after free in the decompress()
methods of the LZMADecompressor and BZ2Decompressor classes.
Original patch by John Leitch.
- Issue #27897: Fixed possible crash in sqlite3.Connection.create_collation()
if pass invalid string-like object as a name. Patch by Xiang Zhang.
- Issue #18893: Fix invalid exception handling in Lib/ctypes/macholib/dyld.py.
Patch by Madison May.
- Issue #27611: Fixed support of default root window in the tkinter.tix module.
- Issue #27348: In the traceback module, restore the formatting of exception
messages like "Exception: None". This fixes a regression introduced in
3.5a2.
- Issue #25651: Allow falsy values to be used for msg parameter of subTest().
- Issue #27932: Prevent memory leak in win32_ver().
- Fix UnboundLocalError in socket._sendfile_use_sendfile.
- Issue #28075: Check for ERROR_ACCESS_DENIED in Windows implementation of
os.stat(). Patch by Eryk Sun.
- Issue #25270: Prevent codecs.escape_encode() from raising SystemError when
an empty bytestring is passed.
- Issue #28181: Get antigravity over HTTPS. Patch by Kaartic Sivaraam.
- Issue #25895: Enable WebSocket URL schemes in urllib.parse.urljoin.
Patch by Gergely Imreh and Markus Holtermann.
- Issue #27599: Fixed buffer overrun in binascii.b2a_qp() and binascii.a2b_qp().
- Issue #19003:m email.generator now replaces only \r and/or \n line
endings, per the RFC, instead of all unicode line endings.
- Issue #28019: itertools.count() no longer rounds non-integer step in range
between 1.0 and 2.0 to 1.
- Issue #25969: Update the lib2to3 grammar to handle the unpacking
generalizations added in 3.5.
- Issue #14977: mailcap now respects the order of the lines in the mailcap
files ("first match"), as required by RFC 1542. Patch by Michael Lazar.
- Issue #24594: Validates persist parameter when opening MSI database
- Issue #17582: xml.etree.ElementTree nows preserves whitespaces in attributes
(Patch by Duane Griffin. Reviewed and approved by Stefan Behnel.)
- Issue #28047: Fixed calculation of line length used for the base64 CTE
in the new email policies.
- Issue #27445: Don't pass str(_charset) to MIMEText.set_payload().
Patch by Claude Paroz.
- Issue #22450: urllib now includes an "Accept: */*" header among the
default headers. This makes the results of REST API requests more
consistent and predictable especially when proxy servers are involved.
- lib2to3.pgen3.driver.load_grammar() now creates a stable cache file
between runs given the same Grammar.txt input regardless of the hash
randomization setting.
- Issue #27570: Avoid zero-length memcpy() etc calls with null source
pointers in the "ctypes" and "array" modules.
- Issue #22233: Break email header lines *only* on the RFC specified CR and LF
characters, not on arbitrary unicode line breaks. This also fixes a bug in
HTTP header parsing.
- Issue 27988: Fix email iter_attachments incorrect mutation of payload list.
- Issue #27691: Fix ssl module's parsing of GEN_RID subject alternative name
fields in X.509 certs.
- Issue #27850: Remove 3DES from ssl module's default cipher list to counter
measure sweet32 attack (CVE-2016-2183).
- Issue #27766: Add ChaCha20 Poly1305 to ssl module's default ciper list.
(Required OpenSSL 1.1.0 or LibreSSL).
- Issue #26470: Port ssl and hashlib module to OpenSSL 1.1.0.
- Remove support for passing a file descriptor to os.access. It never worked but
previously didn't raise.
- Issue #12885: Fix error when distutils encounters symlink.
- Issue #27881: Fixed possible bugs when setting sqlite3.Connection.isolation_level.
Based on patch by Xiang Zhang.
- Issue #27861: Fixed a crash in sqlite3.Connection.cursor() when a factory
creates not a cursor. Patch by Xiang Zhang.
- Issue #19884: Avoid spurious output on OS X with Gnu Readline.
- Issue #27706: Restore deterministic behavior of random.Random().seed()
for string seeds using seeding version 1. Allows sequences of calls
to random() to exactly match those obtained in Python 2.
Patch by Nofar Schnider.
- Issue #10513: Fix a regression in Connection.commit(). Statements should
not be reset after a commit.
- A new version of typing.py from https://github.com/python/typing:
- Collection (only for 3.6) (Issue #27598)
- Add FrozenSet to __all__ (upstream #261)
- fix crash in _get_type_vars() (upstream #259)
- Remove the dict constraint in ForwardRef._eval_type (upstream #252)
- Issue #27539: Fix unnormalised ``Fraction.__pow__`` result in the case
of negative exponent and negative base.
- Issue #21718: cursor.description is now available for queries using CTEs.
- Issue #2466: posixpath.ismount now correctly recognizes mount points which
the user does not have permission to access.
- Issue #27773: Correct some memory management errors server_hostname in
_ssl.wrap_socket().
- Issue #26750: unittest.mock.create_autospec() now works properly for
subclasses of property() and other data descriptors.
- In the curses module, raise an error if window.getstr() or window.instr() is
passed a negative value.
- Issue #27783: Fix possible usage of uninitialized memory in
operator.methodcaller.
- Issue #27774: Fix possible Py_DECREF on unowned object in _sre.
- Issue #27760: Fix possible integer overflow in binascii.b2a_qp.
- Issue #27758: Fix possible integer overflow in the _csv module for large
record lengths.
- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
that the script is in CGI mode.
- Issue #27656: Do not assume sched.h defines any SCHED_* constants.
- Issue #27130: In the "zlib" module, fix handling of large buffers
(typically 4 GiB) when compressing and decompressing. Previously, inputs
were limited to 4 GiB, and compression and decompression operations did not
properly handle results of 4 GiB.
- Issue #27533: Release GIL in nt._isdir
- Issue #17711: Fixed unpickling by the persistent ID with protocol 0.
Original patch by Alexandre Vassalotti.
- Issue #27522: Avoid an unintentional reference cycle in email.feedparser.
- Issue #26844: Fix error message for imp.find_module() to refer to 'path'
instead of 'name'. Patch by Lev Maximov.
- Issue #23804: Fix SSL zero-length recv() calls to not block and not raise
an error about unclean EOF.
- Issue #27466: Change time format returned by http.cookie.time2netscape,
confirming the netscape cookie format and making it consistent with
documentation.
- Issue #26664: Fix activate.fish by removing mis-use of ``$``.
- Issue #22115: Fixed tracing Tkinter variables: trace_vdelete() with wrong
mode no longer break tracing, trace_vinfo() now always returns a list of
pairs of strings, tracing in the "u" mode now works.
- Fix a scoping issue in importlib.util.LazyLoader which triggered an
UnboundLocalError when lazy-loading a module that was already put into
sys.modules.
- Issue #27079: Fixed curses.ascii functions isblank(), iscntrl() and ispunct().
- Issue #26754: Some functions (compile() etc) accepted a filename argument
encoded as an iterable of integers. Now only strings and byte-like objects
are accepted.
- Issue #27048: Prevents distutils failing on Windows when environment
variables contain non-ASCII characters
- Issue #27330: Fixed possible leaks in the ctypes module.
- Issue #27238: Got rid of bare excepts in the turtle module. Original patch
by Jelle Zijlstra.
- Issue #27122: When an exception is raised within the context being managed
by a contextlib.ExitStack() and one of the exit stack generators
catches and raises it in a chain, do not re-raise the original exception
when exiting, let the new chained one through. This avoids the PEP 479
bug described in issue25782.
- [Security] Issue #27278: Fix os.urandom() implementation using getrandom() on
Linux. Truncate size to INT_MAX and loop until we collected enough random
bytes, instead of casting a directly Py_ssize_t to int.
- Issue #26386: Fixed ttk.TreeView selection operations with item id's
containing spaces.
- [Security] Issue #22636: Avoid shell injection problems with
ctypes.util.find_library().
- Issue #16182: Fix various functions in the "readline" module to use the
locale encoding, and fix get_begidx() and get_endidx() to return code point
indexes.
- Issue #27392: Add loop.connect_accepted_socket().
Patch by Jim Fulton.
- Issue #27930: Improved behaviour of logging.handlers.QueueListener.
Thanks to Paulo Andrade and Petr Viktorin for the analysis and patch.
- Issue #21201: Improves readability of multiprocessing error message. Thanks
to Wojciech Walczak for patch.
- Issue #27456: asyncio: Set TCP_NODELAY by default.
- Issue #27906: Fix socket accept exhaustion during high TCP traffic.
Patch by Kevin Conway.
- Issue #28174: Handle when SO_REUSEPORT isn't properly supported.
Patch by Seth Michael Larson.
- Issue #26654: Inspect functools.partial in asyncio.Handle.__repr__.
Patch by iceboy.
- Issue #26909: Fix slow pipes IO in asyncio.
Patch by INADA Naoki.
- Issue #28176: Fix callbacks race in asyncio.SelectorLoop.sock_connect.
- Issue #27759: Fix selectors incorrectly retain invalid file descriptors.
Patch by Mark Williams.
- Issue #28368: Refuse monitoring processes if the child watcher has
no loop attached.
Patch by Vincent Michel.
- Issue #28369: Raise RuntimeError when transport's FD is used with
add_reader, add_writer, etc.
- Issue #28370: Speedup asyncio.StreamReader.readexactly.
Patch by ▒<9A>о▒<80>енбе▒<80>г ▒<9C>а▒<80>к.
- Issue #28371: Deprecate passing asyncio.Handles to run_in_executor.
- Issue #28372: Fix asyncio to support formatting of non-python coroutines.
- Issue #28399: Remove UNIX socket from FS before binding.
Patch by ▒<9A>о▒<80>енбе▒<80>г ▒<9C>а▒<80>к.
- Issue #27972: Prohibit Tasks to await on themselves.
- Issue #26923: Fix asyncio.Gather to refuse being cancelled once all
children are done.
Patch by Johannes Ebke.
- Issue #26796: Don't configure the number of workers for default
threadpool executor.
Initial patch by Hans Lawrenz.
- Issue #28600: Optimize loop.call_soon().
- Issue #28613: Fix get_event_loop() return the current loop if
called from coroutines/callbacks.
- Issue #28639: Fix inspect.isawaitable to always return bool
Patch by Justin Mayfield.
- Issue #28652: Make loop methods reject socket kinds they do not support.
- Issue #28653: Fix a refleak in functools.lru_cache.
- Issue #28703: Fix asyncio.iscoroutinefunction to handle Mock objects.
- Issue #24142: Reading a corrupt config file left the parser in an
invalid state. Original patch by Florian Höch.
- Issue #28990: Fix SSL hanging if connection is closed before handshake
completed.
(Patch by HoHo-Ho)
IDLE
----
- Issue #15308: Add 'interrupt execution' (^C) to Shell menu.
Patch by Roger Serwy, updated by Bayard Randel.
- Issue #27922: Stop IDLE tests from 'flashing' gui widgets on the screen.
- Add version to title of IDLE help window.
- Issue #25564: In section on IDLE -- console differences, mention that
using exec means that __builtins__ is defined for each statement.
- Issue #27714: text_textview and test_autocomplete now pass when re-run
in the same process. This occurs when test_idle fails when run with the
-w option but without -jn. Fix warning from test_config.
- Issue #25507: IDLE no longer runs buggy code because of its tkinter imports.
Users must include the same imports required to run directly in Python.
- Issue #27452: add line counter and crc to IDLE configHandler test dump.
- Issue #27365: Allow non-ascii chars in IDLE NEWS.txt, for contributor names.
- Issue #27245: IDLE: Cleanly delete custom themes and key bindings.
Previously, when IDLE was started from a console or by import, a cascade
of warnings was emitted. Patch by Serhiy Storchaka.
C API
-----
- Issue #28808: PyUnicode_CompareWithASCIIString() now never raises exceptions.
- Issue #26754: PyUnicode_FSDecoder() accepted a filename argument encoded as
an iterable of integers. Now only strings and bytes-like objects are accepted.
Documentation
-------------
- Issue #28513: Documented command-line interface of zipfile.
Tests
-----
- Issue #28950: Disallow -j0 to be combined with -T/-l/-M in regrtest
command line arguments.
- Issue #28666: Now test.support.rmtree is able to remove unwritable or
unreadable directories.
- Issue #23839: Various caches now are cleared before running every test file.
- Issue #28409: regrtest: fix the parser of command line arguments.
- Issue #27787: Call gc.collect() before checking each test for "dangling
threads", since the dangling threads are weak references.
- Issue #27369: In test_pyexpat, avoid testing an error message detail that
changed in Expat 2.2.0.
Tools/Demos
-----------
- Issue #27952: Get Tools/scripts/fixcid.py working with Python 3 and the
current "re" module, avoid invalid Python backslash escapes, and fix a bug
parsing escaped C quote signs.
- Issue #27332: Fixed the type of the first argument of module-level functions
generated by Argument Clinic. Patch by Petr Viktorin.
- Issue #27418: Fixed Tools/importbench/importbench.py.
Windows
-------
- Issue #28251: Improvements to help manuals on Windows.
- Issue #28110: launcher.msi has different product codes between 32-bit and
64-bit
- Issue #25144: Ensures TargetDir is set before continuing with custom
install.
- Issue #27469: Adds a shell extension to the launcher so that drag and drop
works correctly.
- Issue #27309: Enabled proper Windows styles in python[w].exe manifest.
Build
-----
- Issue #29080: Removes hard dependency on hg.exe from PCBuild/build.bat
- Issue #23903: Added missed names to PC/python3.def.
- Issue #10656: Fix out-of-tree building on AIX. Patch by Tristan Carel and
Michael Haubenwallner.
- Issue #26359: Rename --with-optimiations to --enable-optimizations.
- Issue #28444: Fix missing extensions modules when cross compiling.
- Issue #28248: Update Windows build and OS X installers to use OpenSSL 1.0.2j.
- Issue #28258: Fixed build with Estonian locale (python-config and distclean
targets in Makefile). Patch by Arfrever Frehtes Taifersar Arahesis.
- Issue #26661: setup.py now detects system libffi with multiarch wrapper.
- Issue #28066: Fix the logic that searches build directories for generated
include files when building outside the source tree.
- Issue #15819: Remove redundant include search directory option for building
outside the source tree.
- Issue #27566: Fix clean target in freeze makefile (patch by Lisa Roach)
- Issue #27705: Update message in validate_ucrtbase.py
- Issue #27983: Cause lack of llvm-profdata tool when using clang as
required for PGO linking to be a configure time error rather than
make time when --with-optimizations is enabled. Also improve our
ability to find the llvm-profdata tool on MacOS and some Linuxes.
- Issue #26307: The profile-opt build now applies PGO to the built-in modules.
- Issue #26359: Add the --with-optimizations configure flag.
- Issue #27713: Suppress spurious build warnings when updating importlib's
bootstrap files. Patch by Xiang Zhang
- Issue #25825: Correct the references to Modules/python.exp and ld_so_aix,
which are required on AIX. This updates references to an installation path
that was changed in 3.2a4, and undoes changed references to the build tree
that were made in 3.5.0a1.
- Issue #27453: CPP invocation in configure must use CPPFLAGS. Patch by
Chi Hsuan Yen.
- Issue #27641: The configure script now inserts comments into the makefile
to prevent the pgen and _freeze_importlib executables from being cross-
compiled.
- Issue #26662: Set PYTHON_FOR_GEN in configure as the Python program to be
used for file generation during the build.
- Issue #10910: Avoid C++ compilation errors on FreeBSD and OS X.
Also update FreedBSD version checks for the original ctype UTF-8 workaround.
- Issue #28676: Prevent missing 'getentropy' declaration warning on macOS.
Patch by Gareth Rees.
|
|
According to Python 3.6 changelog:
The undocumented IN, CDROM, DLFCN, TYPES, CDIO, and STROPTS modules have been
removed. They had been available in the platform specific Lib/plat-*/
directories, but were chronically out of date, inconsistently available across
platforms, and unmaintained. The script that created these modules is still
available in the source distribution at Tools/scripts/h2py.py.
No PKGREVISION bump since they failed to install on these platforms.
TODO: PLIST.IRIX entries seems to still contains plat-* modules but the ones
TODO: contained are not explicitly documented in the changelog, so they can
TODO: maybe still installed.
Pointed out by Joyent's Linux and SmartOS bulk builds and thanks to <jperkin>
for testing it!
|
|
pkgsrc changes:
- Switch MASTER_SITES to https://www.python.org/ftp/python/doc/${VERS}/
Unlike previous MASTER_SITES the documentation there is not regenerated
periodically (so it will avoid possible changes in the distfiles).
Changes:
Unfortunately no changelog is available. However, the documentation
is now synced with the lang/python34 version available in pkgsrc.
|
|
Upstream changes:
Version 2.77.3, December 29, 2016
Fixed insecure usage of strcpy
Better logging for windows installer
Spelling corrections
Version 2.77.2, December 17, 2016
Fixes for coloured text under windows as reported by TheMeq
msvcr140.dll is no longer required under Windows
Several spelling corrections contributed by ginggs
Updated and fixed man-page under linux
Version 2.77.1, November 13, 2016
Adopted the MIT License for yabasic
Switched to semantic versioning; the new schema is MajorRelease.MinorRelease.Patchlevel
New peek$ for version, documented all peeks
Various bugfixes
Setup program now offers to start the demo
Redid the development process for yabasic; you may now participate in the development of yabasic itself via github: https://github.com/marcIhm/yabasic. However, the main site for programming in yabasic is still https://www.yabasic.de
|
|
Upstream changes:
CHANGES FROM 3.00 to 3.10
* Implements most of the following BASIC dialects:
OPTION VERSION DARTMOUTH ' Dartmouth DTSS BASIC
OPTION VERSION MARK-I ' GE 265 Mainframe BASIC
OPTION VERSION MARK-II ' GE 435 Mainframe BASIC
OPTION VERSION SYSTEM-360 ' IBM System/360 BASIC
OPTION VERSION SYSTEM-370 ' IBM System/370 BASIC
OPTION VERSION CBASIC-II ' CBASIC-II for CP/M
OPTION VERSION ECMA-55 ' ANSI Minimal BASIC
OPTION VERSION HANDBOOK1 ' The BASIC Handbook, 1st Edition
OPTION VERSION HANDBOOK2 ' The BASIC Handbook, 2nd Edition
OPTION VERSION TRS-80 ' TRS-80 Model I/III/4 LBASIC
OPTION VERSION BASIC-80 ' Microsoft BASIC-80 for Xenix
OPTION VERSION ECMA-116 ' ANSI Full BASIC
* from Howard Wulf, AF5NE
|
|
Upstream changes:
What's New in Python 3.4.6?
===========================
Release date: 2017-01-16
There were no changes between 3.4.6rc1 and 3.4.6 final.
What's New in Python 3.4.6rc1?
==============================
Release date: 2017-01-02
Core and Builtins
-----------------
- Issue #28648: Fixed crash in Py_DecodeLocale() in debug build on Mac OS X
when decode astral characters. Patch by Xiang Zhang.
- Issue #28426: Fixed potential crash in PyUnicode_AsDecodedObject() in debug
build.
Library
-------
- Issue #28563: Fixed possible DoS and arbitrary code execution when handle
plural form selections in the gettext module. The expression parser now
supports exact syntax supported by GNU gettext.
- In the curses module, raise an error if window.getstr() or window.instr() is
passed a negative value.
- Issue #27783: Fix possible usage of uninitialized memory in operator.methodcaller.
- Issue #27774: Fix possible Py_DECREF on unowned object in _sre.
- Issue #27760: Fix possible integer overflow in binascii.b2a_qp.
- Issue #27758: Fix possible integer overflow in the _csv module for large record
lengths.
- Issue #27568: Prevent HTTPoxy attack (CVE-2016-1000110). Ignore the
HTTP_PROXY variable when REQUEST_METHOD environment is set, which indicates
that the script is in CGI mode.
- Issue #27759: Fix selectors incorrectly retain invalid file descriptors.
Patch by Mark Williams.
Build
-----
- Issue #28248: Update Windows build to use OpenSSL 1.0.2j.
Tests
-----
- Issue #27369: In test_pyexpat, avoid testing an error message detail that
changed in Expat 2.2.0.
|
|
The previous commit ended up with two different specifications for libtool
on Darwin. One was the OS-specific version of CMAKE_ARGS introduced in the
previous commit; the other was inside a conditional to detect Darwin introduced in the commit prior. The former seems cleaner so it has been left.
|
|
This fixes bugs relating to unrecognized libtool options on Darwin.
|
|
don't mention netbsd things, development snapshots, etc.
|
|
Changelog:
Changes from 4.1.3 to 4.1.4
---------------------------
1. Updated to GNU autoconf 2.69, automake 1.15, gettext 0.19.7,
texinfo 6.1, texinfo.tex 2016-02-05.07, libtool 2.4.6.
2. z/OS support updated.
3. At the beginning of each statement, the debugger now checks and
reports watchpoints that have fired before checking for breakpoints.
This gives more natural behavior to the user.
4. The "exit" command has been added to the debugger as an alias
for "quit".
5. AIX 7.1 should pass the test suite now. Similar for Minix.
6. VMS support has been updated.
7. The profiler / pretty-printer now chains else-if statements instead
of causing cascading elses.
8. The return value of system() has been enhanced to convey more information.
See the doc.
9. Attempting to write to the "to" end of a two-way pipe that has been
closed is now a fatal error. Similarly, so is reading from the "from"
end that has been closed.
10. MinGW support has been updated.
11. The -d option now allows -d- to print to standard output.
12. Error messages for --help and in other instances should now get
translated correctly.
13. A new environment variable GAWK_LOCALE_DIR may be set to locate the .mo
file for gawk itself.
14. The DJGPP port is now officially deprecated.
15. A number of bugs have been fixed. See the ChangeLog.
|
|
|
|
|
|
this to build for NetBSD/powerpc:
* need a cast in one place (in the renamed patch)
* an overcautious assert() is incompatible with top/down VM layout in NetBSD
This still doesn't work on NetBSD/powerpc, though, and I ran out of time.
The build produces a mono-boehm.core file the first time through the build
(for some reason not the subsequent attempts, sigh!), and I have problems
reconstructing the CLI to run the mono-boehm executable under gdb, and the
core file says it got a segv in opendir() which must be nonsensical.
|
|
|
|
|
|
while I didn't complete the build, it is likely necessary, as pkgsrc llvm
is 3.9 and doesn't match this test.
|
|
This is a special release that contains 0 commits. While promoting
additional platforms for v6.9.3 after the release, the tarballs on the
release server were overwritten and now have different shasums. In order
to remove any ambiguity around the release we have opted to do a semver
patch release with no changes.
|
|
This is a special release that contains 0 commits. While promoting
additional platforms for v4.7.1 after the release, the tarballs on
the release server were overwritten and now have different shasums.
In order to remove any ambiguity around the release we have opted
to do a semver patch release with no changes.
|
|
Bump py-curses.
|
|
|
|
|
|
|
|
The LLVMContext gains a new runtime check (see LLVMContext::discardValueNames()) that can be set to discard Value names (other than GlobalValue). This is intended to be used in release builds by clients that are interested in saving CPU/memory as much as possible.
There is no longer a “global context” available in LLVM, except for the C API.
The autoconf build system has been removed in favor of CMake. LLVM 3.9 requires CMake 3.4.3 or later to build. For information about using CMake please see the documentation on Building LLVM with CMake. For information about the CMake language there is also a CMake Primer document available.
C API functions LLVMParseBitcode, LLVMParseBitcodeInContext, LLVMGetBitcodeModuleInContext and LLVMGetBitcodeModule having been removed. LLVMGetTargetMachineData has been removed (use LLVMGetDataLayout instead).
The C API function LLVMLinkModules has been removed.
The C API function LLVMAddTargetData has been removed.
The C API function LLVMGetDataLayout is deprecated in favor of LLVMGetDataLayoutStr.
The C API enum LLVMAttribute and associated API is deprecated in favor of the new LLVMAttributeRef API. The deprecated functions are LLVMAddFunctionAttr, LLVMAddTargetDependentFunctionAttr, LLVMRemoveFunctionAttr, LLVMGetFunctionAttr, LLVMAddAttribute, LLVMRemoveAttribute, LLVMGetAttribute, LLVMAddInstrAttribute, LLVMRemoveInstrAttribute and LLVMSetInstrParamAlignment.
TargetFrameLowering::eliminateCallFramePseudoInstr now returns an iterator to the next instruction instead of void. Targets that previously did MBB.erase(I); return; now probably want return MBB.erase(I);.
SelectionDAGISel::Select now returns void. Out-of-tree targets will need to be updated to replace the argument node and remove any dead nodes in cases where they currently return an SDNode * from this interface.
Added the MemorySSA analysis, which hopes to replace MemoryDependenceAnalysis. It should provide higher-quality results than MemDep, and be algorithmically faster than MemDep. Currently, GVNHoist (which is off by default) makes use of MemorySSA.
The minimum density for lowering switches with jump tables has been reduced from 40% to 10% for functions which are not marked optsize (that is, compiled with -Os).
|
|
Notable changes
- buffer:
- Improve performance of Buffer allocation by ~11%.
- Improve performance of Buffer.from() by ~50%.
- events: Improve performance of EventEmitter.once() by ~27%.
- fs: Allow passing Uint8Array to fs methods where Buffers are supported.
- http: Improve performance of http server by ~7%.
- npm: Upgrade to v4.0.5
|
|
|
|
|
|
Notable Changes
- build: shared library support is now working for AIX builds
- repl: Passing options to the repl will no longer overwrite
defaults
- timers: Re canceling a cancelled timers will no longer throw
|
|
Notable Changes
- build: shared library support is now working for AIX builds
- deps:
- npm: upgrade npm to 3.10.10
- V8: Destructuring of arrow function arguments via computed property
no longer throws
- inspector: /json/version returns object, not an object wrapped
in an array
- module: using --debug-brk and --eval together now works as expected
- process: improve performance of nextTick up to 20%
- repl:
- the division operator will no longer be accidentally parsed as regex
- improved support for generator functions
- timers: Re canceling a cancelled timers will no longer throw
|
|
|
|
Notable changes
buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
cluster:
- disconnect() now returns a reference to the disconnected worker.
crypto:
- The built-in list of Well-Known CAs (Certificate Authorities) can
now be extended via a NODE_EXTRA_CA_CERTS environment variable.
http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive.
tls:
- Allow obvious key/passphrase combinations.
url:
- Including base argument in URL.originFor() to meet specification
compliance.
- Improve URLSearchParams to meet specification compliance.
|
|
|
|
Erlang/OTP 19.2 is the second service release for the 19 major release.
The service release contains mostly bug fixes and characteristics
improvements.
Some highlights for 19.2
* STDLIB: The new behaviour gen_statem has been improved with 3 new
features: the possibility to use old style non-proxy timeouts
for gen_statem:call/2,3, state entry code, and state
timeouts. These are backwards compatible. Minor code and
documentation improvements has been performed including a
borderline semantics correction of timeout zero handling.
* SSL: Experimental version of DTLS. It is runnable but not complete
and cannot be considered reliable for production usage. To use
DTLS add the option {protocol, dtls} to ssl:connect and ssl:listen.
* SSH: Extended the option silently_accept_hosts for ssh:connect to
make it possible for the client to check the SSH host key
fingerprint string. Se the reference manual for SSH.
* ~40 contributions since the previous service release OTP 19.1
You can find the README and the full listing of changes for this
service release at
http://www.erlang.org/download/otp_src_19.2.readme
|
|
|
|
WINDOW structure.
Include <term.h> when needed and rename lines and columns vars to avoid
conflicts.
Builds and works with NetBSD-8 curses, so use mk/curses.buildlink3.mk
and test for getsyx(3) in curses rather than indescriminately linking
to ncurses.
|
|
This matches tnn's change to lang/libLLVM. No PKGREVISION; no change
on !i386 and on i386 this did not build before.
|
