| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
PHP 5.3.6 Released!
[17-Mar-2011]
The PHP development team would like to announce the immediate availability
of PHP 5.3.6. This release focuses on improving the stability of the PHP
5.3.x branch with over 60 bug fixes, some of which are security related.
Security Enhancements and Fixes in PHP 5.3.6:
* Enforce security in the fastcgi protocol parsing with fpm SAPI.
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty
archive). (CVE-2011-0421)
Key enhancements in PHP 5.3.6 include:
* Upgraded bundled Sqlite3 to version 3.7.4.
* Upgraded bundled PCRE to version 8.11.
* Added ability to connect to HTTPS sites through proxy with basic
authentication using stream_context/http/header/Proxy-Authorization.
* Added options to debug backtrace functions.
* Changed default value of ini directive serialize_precision from 100 to 17.
* Fixed Bug #53971 (isset() and empty() produce apparently spurious
runtime error).
* Fixed Bug #53958 (Closures can't 'use' shared variables by value and
by reference).
* Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir
with a trailing forward slash).
* Over 60 other bug fixes.
|
|
changes: Bug fixes and binding updates
|
|
support (__thread) exists. Should fix PR/44725
|
|
Uncomment that stuff to make the test target work again.
From Kai-Uwe Eckhardt.
|
|
From Kai-Uwe Eckhardt.
|
|
|
|
ok@ wiz
|
|
|
|
variable settings affecting binary packages.
From Aleksey Cheusov in PR 44695.
|
|
changes: Bug fixes and binding updates.
|
|
|
|
|
|
|
|
|
|
(uses giflib now per default)
bump PKGREV
|
|
copy in python26.
|
|
Changes in sbcl-1.0.46 relative to sbcl-1.0.45:
* enhancement: largefile support on Solaris.
* enhancement: SB-PROFILE:REPORT now supports :LIMIT and :PRINT-NO-CALL-LIST
arguments (lp#710017)
* enhancement: SB-PCL:+SLOT-UNBOUND+ is exported, making it possible to
distinguish unbound instance slots when using STANDARD-INSTANCE-ACCESS
&co. (lp#718039)
* optimization: ERROR and CERROR are approximately 5 times faster.
* optimization: optimized constructors are used for MAKE-INSTANCE of classes
with applicable non-standard (SETF SLOT-VALUE-USING-CLASS),
SLOT-BOUNDP-USING-CLASS, and INITIALIZE-INSTANCE :AROUND methods, speeding
up instance creation in those cases.
* optimization: arithmetic operations with multiple constant arguments in now
have them reduced at compile-time. (lp#676414)
* optimization: determining current character position on string-streams for
pretty-printing was overly slow.
* bug fix: local tail calls to DYNAMIC-EXTENT functions can no longer cause
lifetime analysis to overwrite closed-over variables (lp#681092).
* bug fix: encoding errors from some multibyte external formats such as EUC-JP
were not handled correctly (lp#713063).
* bug fix: printing waitqueue objects without setting *PRINT-CIRCLE* to T is now
safe (lp#673630).
* bug fix: Solaris/x86-64 wasn't getting built with lutex support by
mistake. (lp#667297).
* bug fix: CONSTANTLY generated functions had bogus lambda-lists. (lp#713626)
* bug fix: RUN-PROGRAM :PTY option was racy on OpenBSD. (lp#669485)
* bug fix: UNINTERN takes a symbol, not a symbol designator -- could previously
unintern the wrong symbol with the same name. (lp#693796)
* bug fix: COPY-PPRINT-DISPATCH always has access to a pristine table,
making it possible to restore the initial table if it has been messed up.
(lp#678409)
|
|
From Kozachuk Oleksandr <oleksandr@kozachuk.info> in private mail.
|
|
Patches came from Kai-Uwe Eckhardt.
|
|
in PR 44653. Bump PKGREVISION.
Set LICENSE.
|
|
o New here is that we can now drop the DragonFly patch.
|
|
Console_GetOpt and Structures_Graph.
PEAR 1.9.2:
Release date: 2011-02-28 18:58 UTC
Changelog:
Important! This is a security fix release. The advisory can be found at
http://pear.php.net/advisory-20110228.txt
Bugs:
* Fixed Bug #17463: Regression: On Windows, svntag [patch by doconnor]
* Fixed Bug #17641: pecl-list doesn't sort packages by name [dufuz]
* Fixed Bug #17781: invalid argument warning on foreach due to an
empty optional dependencie [dufuz]
* Fixed Bug #17801: PEAR run-tests wrongly detects php-cgi [patch by
David Jean Louis (izi)]
* Fixed Bug #17839: pear svntag does not tag package.xml file [dufuz]
* Fixed Bug #17986: PEAR Installer cannot handle files moved between
packages [dufuz]
* Fixed Bug #17997: Strange output if directories are not writeable [dufuz]
* Fixed Bug #18001: PEAR/RunTest coverage fails [dufuz]
* Fixed Bug #18056 [SECURITY]: Symlink attack in PEAR install [dufuz]
* Fixed Bug #18218: "pear package" does not allow the use of late
static binding [dufuz and Christer Edvartsen]
* Fixed Bug #18238: Wrong return code from "pear help" [till]
* Fixed Bug #18308: Broken error message about missing channel
validator [yunosh]
This feature is implemented as a result of #18056
* Implemented Request #16648: Use TMPDIR for builds instead of /var/tmp [dufuz]
Console_GetOpt 1.3.0
Release date: 2010-12-11 21:23 UTC
Changelog:
* Implement Request #13140: [PATCH] to skip unknown parameters.
[patch by rquadling, improved on by dufuz]
Structures_Graph 1.0.4
Release date: 2010-10-26 04:10 UTC
Changelog:
Bugfix Release:
* Bug #17108 BasicGraph::test_directed_degree fails on PHP 5 [clockwerx]
|
|
taken from the Python SVN repository.
|
|
|
|
Solaris 11 Express, too).
Changes 4.4.5:
The GNU project and the GCC developers are pleased to announce the
release of GCC 4.4.5.
This release is a bug-fix release, containing fixes for regressions in
GCC 4.4.4 relative to previous releases of GCC.
|
|
Impetus to upgrade from Matthias Rampke.
Pkgsrc changes:
o Changed package name to not include upstream version number (ouch!)
Upstream changes:
o Lots of fixes; list of changes not easily available.
o The main supported architectures are i386 and amd64; other targets
have "less functionality".
Please help in testing this; report bugs via http://pcc.ludd.ltu.se/jira.
|
|
works with python-2.7.
|
|
|
|
|
|
|
|
|
|
|
|
Python 2.7 is intended to be the last major release in the 2.x series.
The Python maintainers are planning to focus their future efforts on
the Python 3.x series.
This means that 2.7 will remain in place for a long time, running
production systems that have not been ported to Python 3.x.
Two consequences of the long-term significance of 2.7 are:
* It's very likely the 2.7 release will have a longer period of
maintenance compared to earlier 2.x versions. Python 2.7 will
continue to be maintained while the transition to 3.x continues, and
the developers are planning to support Python 2.7 with bug-fix
releases beyond the typical two years.
* A policy decision was made to silence warnings only of interest to
developers. :exc:`DeprecationWarning` and its
descendants are now ignored unless otherwise requested, preventing
users from seeing warnings triggered by an application. This change
was also made in the branch that will become Python 3.2. (Discussed
on stdlib-sig and carried out in :issue:`7319`.)
In previous releases, :exc:`DeprecationWarning` messages were
enabled by default, providing Python developers with a clear
indication of where their code may break in a future major version
of Python.
However, there are increasingly many users of Python-based
applications who are not directly involved in the development of
those applications. :exc:`DeprecationWarning` messages are
irrelevant to such users, making them worry about an application
that's actually working correctly and burdening application developers
with responding to these concerns.
You can re-enable display of :exc:`DeprecationWarning` messages by
running Python with the :option:`-Wdefault <-W>` (short form:
:option:`-Wd <-W>`) switch, or by setting the :envvar:`PYTHONWARNINGS`
environment variable to ``"default"`` (or ``"d"``) before running
Python. Python code can also re-enable them
by calling ``warnings.simplefilter('default')``.
|
|
Add Add patches to fix SA43328.
|
|
|
|
|
|
Bump PKGREVISION.
|
|
|
|
|
|
There are ABI incompatibility amaong Ruby 1.8.7 patchlevel 302, 330 and 334,
So it would be handle if such problem in future.
|
|
* The FileUtils Vulnerability
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
* Add a patch r30779 from repository; a bug of utf-8 string handling.
For more detail changes of Ruby 1.9.2pl180, please refer:
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_180/ChangeLog
|
|
* The FileUtils Vulnerability
http://www.ruby-lang.org/en/news/2011/02/18/fileutils-is-vulnerable-to-symlink-race-attacks/
* The $SAFE Vulnerability
Fri Feb 18 21:18:55 2011 Shugo Maeda <shugo@ruby-lang.org>
* test/ruby/test_exception.rb (TestException::test_to_s_taintness_propagation):
Test for below.
Fri Feb 18 21:18:55 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* error.c (exc_to_s): untainted strings can be tainted via
Exception#to_s, which enables attackers to overwrite sane strings.
Reported by: Yusuke Endoh <mame at tsg.ne.jp>.
* error.c (name_err_to_s): ditto.
Fri Feb 18 21:17:22 2011 Shugo Maeda <shugo@ruby-lang.org>
* lib/fileutils.rb (FileUtils::remove_entry_secure): there is a
race condition in the case where the given path is a directory,
and some other user can move that directory, and create a
symlink while this method is executing.
Reported by: Nicholas Jefferson <nicholas at pythonic.com.au>
Fri Feb 18 19:46:46 2011 NAKAMURA Usaku <usa@ruby-lang.org>
* win32/win32.c (init_stdhandle): backport mistake of r29382.
some code are needless in ruby 1.8.
[ruby-core:34579]
Fri Feb 18 19:22:17 2011 URABE Shyouhei <shyouhei@ruby-lang.org>
* configure.in: revert revision r29854. This revision introduced
binary incompatibilities on some circumstances. The bug that
revision was fixing gets reopened by this reversion.
[ruby-dev:43152] cf. [Bug #2553]
|
|
* Remove redundant GEM_HOME definition from PLIST.
|
|
Java SE 6 Update 24
* OlsonData 2010o
* Java DB 10.6.2.1
* Bug Fixes, include following security fix.
CVE-2010-4422
CVE-2010-4447
CVE-2010-4448
CVE-2010-4450
CVE-2010-4451
CVE-2010-4452
CVE-2010-4454
CVE-2010-4462
CVE-2010-4463
CVE-2010-4465
CVE-2010-4466
CVE-2010-4467
CVE-2010-4468
CVE-2010-4469
CVE-2010-4470
CVE-2010-4471
CVE-2010-4472
CVE-2010-4473
CVE-2010-4474
CVE-2010-4475
CVE-2010-4476
Java SE 6 Update 23
* OlsonData 2010l
* Java Hotspot VM 19.0
* Java VisualVM 1.3.1
* Menu Item Corrections for Right-to-Left Languages
* Additional Languages Support in Linux Systems
* Bug Fixes
|
|
ok@ wiz
|
|
Pkgsrc changes:
o Adapt to changes in installed files
o One of the files which are patched have changed location
Upstream changes:
New in 3.1.0
- Core
+ Exception PMCs are now subclassable from PIR
+ IPv6 is now supported and tested
+ Added Parrot_ext_try function to extend API (experimental), to
allow implementation of try .. catch construcs in C extensions.
+ We now have a YAML library called YAML::Tiny, a port of YAML::Tiny
from Perl 5
+ Deprecated/experimental features are now stored in api.yaml in
an easy-to-parse format, which will allow automated tools easy
access to this data. This replaces DEPRECATED.pod, which no
longer exists.
+ Improved GC latency
+ Improved GC performance on low-memory systems
+ Improved packfile annotation lookup complexity
+ Removal of unused code and SVN based code
- NQP
+ A repository for a new NQP version which has a new object model is
created at http://github.com/perl6/nqp
- Languages
+ Cardinal (Ruby on Parrot) now compiles and passes it's test suite on master
and is looking for developers : https://github.com/parrot/cardinal
+ Cardinal can send smoke reports with "rake smoke" or "parrot
setup.pir smoke"
+ Jaspers, an implementation of Javascript on Parrot, now has a Github repo
and is looking for developers: https://github.com/leto/jaspers
- Community
+ The following Parrot Google Code-In students were grand prize winners:
Fernando Brito, Brazil
David Czech, Canada
Nolan Lum, United States
Matt Rajca, United States
Tony Young, New Zealand
Daniel Kang, United States
We are very proud of them for their fine work and congratulate
them for achieving top finalist status! For more info, see:
http://google-opensource.blogspot.com/2011/02/google-code-in-grand-prize...
- Documentation
+ Many new Parrot-related terms were added to docs/glossary.pod
+ Removal of most remaining references to SVN
+ Internal project documentation is included in html output
- Tests
+ Test suite now passes on NetBSD 5.1
+ Test coverage increased greatly for the Embed/Extend subsystem,
thanks to a TPF grant:
http://leto.net/dukeleto.pl/2011/01/parrot-embed-grant-update-2.html
|
|
|
|
|
|
are linked to pthread (like mysql.so).
|
|
|
