0.7.1
- Fixed a couple of smaller bugs (mostly syntax error detection in
``Grammar.iter_errors``)
This is going to be the last release that supports Python 2.7, 3.4 and 3.5.
- Import hints/darwin.sh patch from open pull request.
- The fenv test program in Configure caused warnings for not including
headers for printf() and exit(), causing the script to consider
fenv.h unusable.
Note that Big Sur identifies as 10.16 on Intel Macs, but as 11.0 on
Apple Silicon (ARM).
Python 3.8.5 final
Security
bpo-41304: Fixes python3x._pth being ignored on Windows, caused by the fix for bpo-29778 (CVE-2020-15801).
bpo-39603: Prevent http header injection by rejecting control characters in http.client.putrequest(…).
Core and Builtins
bpo-41295: Resolve a regression in CPython 3.8.4 where defining “__setattr__” in a multi-inheritance setup and calling up the hierarchy chain could fail if builtins/extension types were involved in the base types.
Library
bpo-41288: Unpickling invalid NEWOBJ_EX opcode with the C implementation raises now UnpicklingError instead of crashing.
bpo-39017: Avoid infinite loop when reading specially crafted TAR files using the tarfile module (CVE-2019-20907).
Documentation
bpo-37703: Updated Documentation to comprehensively elaborate on the behaviour of gather.cancel()
Build
bpo-41302: Enable building Python 3.8 with libmpdec-2.5.0 to ease maintenance for Linux distributions. Patch by Felix Yan.
macOS
bpo-40741: Update macOS installer to use SQLite 3.32.3.
IDLE
bpo-41300: Save files with non-ascii chars. Fix regression released in 3.9.0b4 and 3.8.4.
go1.14.5 (released 2020/07/14) includes security fixes to the crypto/x509 and
net/http packages. See the Go 1.14.5 milestone on our issue tracker for
details.
go1.14.6 (released 2020/07/16) includes fixes to the go command, the compiler,
the linker, vet, and the database/sql, encoding/json, net/http, reflect, and
testing packages. See the Go 1.14.6 milestone on our issue tracker for details.
go1.13.12 (released 2020/06/01) includes fixes to the runtime, and the go/types
and math/big packages. See the Go 1.13.12 milestone on our issue tracker for
details.
go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509 and
net/http packages. See the Go 1.13.13 milestone on our issue tracker for details.
go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the
database/sql, net/http, and reflect packages. See the Go 1.13.14 milestone
on our issue tracker for details.
pkglint 20.2.0 (and a bit earlier) does not insist on entries
for directories any longer that do not contain complete packages.
Remove them.
While here, fix security/Makefile that had two missing entries.
Python 3.8.4 final
Security
bpo-41162: Audit hooks are now cleared later during finalization to avoid missing events.
bpo-29778: Ensure python3.dll is loaded from correct locations when Python is embedded (CVE-2020-15523).
Core and Builtins
bpo-41247: Always cache the running loop holder when running asyncio.set_running_loop.
bpo-41252: Fix incorrect refcounting in _ssl.c’s _servername_callback().
bpo-41218: Python 3.8.3 had a regression where compiling with ast.PyCF_ALLOW_TOP_LEVEL_AWAIT would aggressively mark list comprehension with CO_COROUTINE. Now only list comprehension making use of async/await will tagged as so.
bpo-41175: Guard against a NULL pointer dereference within bytearrayobject triggered by the bytearray() + bytearray() operation.
bpo-39960: The “hackcheck” that prevents sneaking around a type’s __setattr__() by calling the superclass method was rewritten to allow C implemented heap types.
Library
bpo-41235: Fix the error handling in ssl.SSLContext.load_dh_params().
bpo-41193: The write_history() atexit function of the readline completer now ignores any OSError to ignore error if the filesystem is read-only, instead of only ignoring FileNotFoundError and PermissionError.
bpo-41043: Fixed the use of glob() in the stdlib: literal part of the path is now always correctly escaped.
bpo-39384: Fixed email.contentmanager to allow set_content() to set a null string.
IDLE
bpo-37765: Add keywords to module name completion list. Rewrite Completions section of IDLE doc.
bpo-41152: The encoding of stdin, stdout and stderr in IDLE is now always UTF-8.
Python 3.8.4 release candidate 1
Security
bpo-41004: The __hash__() methods of ipaddress.IPv4Interface and ipaddress.IPv6Interface incorrectly generated constant hash values of 32 and 128 respectively. This resulted in always causing hash collisions. The fix uses hash() to generate hash values for the tuple of (address, mask length, network address).
bpo-39073: Disallow CR or LF in email.headerregistry.Address arguments to guard against header injection attacks.
Core and Builtins
bpo-41094: Fix decoding errors with audit when open files with non-ASCII names on non-UTF-8 locale.
bpo-41056: Fixes a reference to deallocated stack space during startup when constructing sys.path involving a relative symlink when code was supplied via -c. (discovered via Coverity)
bpo-35975: Stefan Behnel reported that cf_feature_version is used even when PyCF_ONLY_AST is not set. This is against the intention and against the documented behavior, so it’s been fixed.
bpo-40957: Fix refleak in _Py_fopen_obj() when PySys_Audit() fails
bpo-40870: Raise ValueError when validating custom AST’s where the constants True, False and None are used within a ast.Name node.
bpo-40826: Fix GIL usage in PyOS_Readline(): lock the GIL to set an exception and pass the Python thread state when checking if there is a pending signal.
bpo-40824: Unexpected errors in calling the __iter__ method are no longer masked by TypeError in the in operator and functions contains(), indexOf() and countOf() of the operator module.
bpo-40663: Correctly generate annotations where parentheses are omitted but required (e.g: Type[(str, int, *other))].
Library
bpo-41138: Fixed the trace module CLI for Python source files with non-UTF-8 encoding.
bpo-31938: Fix default-value signatures of several functions in the select module - by Anthony Sottile.
bpo-41068: Fixed reading files with non-ASCII names from ZIP archive directly after writing them.
bpo-41058: pdb.find_function() now correctly determines the source file encoding.
bpo-41056: Fix a NULL pointer dereference within the ssl module during a MemoryError in the keylog callback. (discovered by Coverity)
bpo-41048: mimetypes.read_mime_types() function reads the rule file using UTF-8 encoding, not the locale encoding. Patch by Srinivas Reddy Thatiparthy.
bpo-40448: ensurepip now disables the use of pip cache when installing the bundled versions of pip and setuptools. Patch by Krzysztof Konopko.
bpo-40855: The standard deviation and variance functions in the statistics module were ignoring their mu and xbar arguments.
bpo-40807: Stop codeop._maybe_compile, used by code.InteractiveInterpreter (and IDLE). from from emitting each warning three times.
bpo-40834: Fix truncate when sending str object with_xxsubinterpreters.channel_send.
bpo-38488: Update ensurepip to install pip 20.1.1 and setuptools 47.1.0.
bpo-40767: webbrowser now properly finds the default browser in pure Wayland systems by checking the WAYLAND_DISPLAY environment variable. Patch contributed by Jérémy Attali.
bpo-40795: ctypes module: If ctypes fails to convert the result of a callback or if a ctypes callback function raises an exception, sys.unraisablehook is now called with an exception set. Previously, the error was logged into stderr by PyErr_Print().
bpo-30008: Fix ssl code to be compatible with OpenSSL 1.1.x builds that use no-deprecated and --api=1.1.0.
bpo-40614: ast.parse() will not parse self documenting expressions in f-strings when passed feature_version is less than (3, 8).
bpo-40626: Add h5 file extension as MIME Type application/x-hdf5, as per HDF Group recommendation for HDF5 formatted data files. Patch contributed by Mark Schwab.
bpo-25872: linecache could crash with a KeyError when accessed from multiple threads. Fix by Michael Graczyk.
bpo-40597: If text content lines are longer than policy.max_line_length, always use a content-encoding to make sure they are wrapped.
bpo-40515: The ssl and hashlib modules now actively check that OpenSSL is build with thread support. Python 3.7.0 made thread support mandatory and no longer works safely with a no-thread builds.
bpo-13097: ctypes now raises an ArgumentError when a callback is invoked with more than 1024 arguments.
bpo-40457: The ssl module now support OpenSSL builds without TLS 1.0 and 1.1 methods.
bpo-39830: Add zipfile.Path to __all__ in the zipfile module.
bpo-40025: Raise TypeError when _generate_next_value_ is defined after members. Patch by Ethan Onstott.
bpo-39244: Fixed multiprocessing.context.get_all_start_methods to properly return the default method first on macOS.
bpo-39040: Fix parsing of invalid mime headers parameters by collapsing whitespace between encoded words in a bare-quote-string.
bpo-35714: struct.error is now raised if there is a null character in a struct format string.
bpo-36290: AST nodes are now raising TypeError on conflicting keyword arguments. Patch contributed by Rémi Lapeyre.
bpo-29620: assertWarns() no longer raises a RuntimeException when accessing a module’s __warningregistry__ causes importation of a new module, or when a new module is imported in another thread. Patch by Kernc.
bpo-34226: Fix cgi.parse_multipart without content_length. Patch by Roger Duran
Tests
bpo-41085: Fix integer overflow in the array.array.index() method on 64-bit Windows for index larger than 2**31.
bpo-38377: On Linux, skip tests using multiprocessing if the current user cannot create a file in /dev/shm/ directory. Add the skip_if_broken_multiprocessing_synchronize() function to the test.support module.
bpo-41009: Fix use of support.require_{linux|mac|freebsd}_version() decorators as class decorator.
bpo-41003: Fix test_copyreg when numpy is installed: test.pickletester now saves/restores warnings filters when importing numpy, to ignore filters installed by numpy.
bpo-40964: Disable remote imaplib tests, host cyrus.andrew.cmu.edu is blocking incoming connections.
bpo-40055: distutils.tests now saves/restores warnings filters to leave them unchanged. Importing tests imports docutils which imports pkg_resources which adds a warnings filter.
bpo-34401: Make test_gdb properly run on HP-UX. Patch by Michael Osipov.
Build
bpo-40204: Pin Sphinx version to 2.3.1 in Doc/Makefile.
bpo-40653: Move _dirnameW out of HAVE_SYMLINK to fix a potential compiling issue.
Windows
bpo-41074: Fixed support of non-ASCII names in functions msilib.OpenDatabase() and msilib.init_database() and non-ASCII SQL in method msilib.Database.OpenView().
bpo-40164: Updates Windows OpenSSL to 1.1.1g
bpo-39631: Changes the registered MIME type for .py files on Windows to text/x-python instead of text/plain.
bpo-40677: Manually define IO_REPARSE_TAG_APPEXECLINK in case some old Windows SDK doesn’t have it.
bpo-40650: Include winsock2.h in pytime.c for timeval.
bpo-39148: Add IPv6 support to asyncio datagram endpoints in ProactorEventLoop. Change the raised exception for unknown address families to ValueError as it’s not coming from Windows API.
macOS
bpo-39580: Avoid opening Finder window if running installer from the command line. Patch contributed by Rick Heil.
bpo-41100: Fix configure error when building on macOS 11. Note that the current Python release was released shortly after the first developer preview of macOS 11 (Big Sur); there are other known issues with building and running on the developer preview. Big Sur is expected to be fully supported in a future bugfix release of Python 3.8.x and with 3.9.0.
bpo-41005: fixed an XDG settings issue not allowing macos to open browser in webbrowser.py
bpo-40741: Update macOS installer to use SQLite 3.32.2.
IDLE
bpo-41144: Make Open Module open a special module such as os.path.
bpo-39885: Make context menu Cut and Copy work again when right-clicking within a selection.
bpo-40723: Make test_idle pass when run after import.
Tools/Demos
bpo-40479: Update multissltest helper to test with latest OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0-alpha.
bpo-40163: Fix multissltest tool. OpenSSL has changed download URL for old releases. The multissltest tool now tries to download from current and old download URLs.
This needs pkg-config available in order to handle dependencies to
build its Freetype FT2Plugin component. This fixes the build under
NetBSD, though SunOS at least has other problems, too. (While here,
also tweak a variable reference to the common form, noted by pkglint.)
MoonScript is a dynamic scripting language that compiles into Lua. It gives
you the power of one of the fastest scripting languages combined with a rich
set of features.
MoonScript can either be compiled into Lua and run at a later time, or it
can be dynamically compiled and run using the moonloader. It's as simple as
require "moonscript" in order to have Lua understand how to load and run
any MoonScript file.
Because it compiles right into Lua code, it is completely compatible with
alternative Lua implementations like LuaJIT, and it is also compatible with
all existing Lua code and libraries.
The command line tools also let you run MoonScript directly from the command
line, like any first-class scripting language.
Update php72 to 7.2
09 Jul 2020, PHP 7.2.32
- Core:
. No source changes to this release.
Vesion number added for reproduction of Windows builds. (cmb)
14 May 2020, PHP 7.2.31
- Core:
. Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned).
(CVE-2019-11048) (cmb)
. Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp
files are not cleaned). (CVE-2019-11048) (cmb)
PR 55227
Pkgsrc changes: a newer version (5.2) of texinfo is required to build the documentation.
This updates breaks math/maxima when built with ecl (clisp is the default). Maxima
upstream has already fixed this in a later release.
From the CHANGELOG file:
** Announcement
Dear Community,
After more than three years of development, we are proud to announce a new
ECL release having the version tag `20.4.24`. During that time many
important improvements have been made including bug fixes, stability
enhancements and new features. Changes include but are not limited to:
- package local nicknames support
- atomic operations support
- specialized representations of complex float types
- a port to the iOS platform
- fixes for weak hash tables and weak pointers
- fixes for race conditions in the ECL internals
- hash table extensions (synchronization and custom test functions)
- better MOP conformance and improved meta-stability
- improvements to the manual
For more information please read the file CHANGELOG which is located in the
source code, and browse commits. We'd like to thank all people who made
this release possible by contributions of code, documentation, issue
reports, testing and others. Some of them are listed here (without any
particular order): Paul Ruetz, Karsten Poeck, Vadim Penzin, Roger Sen, Stas
Boukarev, Michael Fox, Erik Bray, Bo Yao, Jeremy Cooper, Florian Margaine,
Fabrizio Fabbri, Tomek Kurcz, Kris Katterjohn, Marcin Kolenda, Zhang Yuguo,
Sébastien Villemot, Moritz Petersen, Marius Gerbershagen and Daniel
Kochmański. We'd also like to thank the company Rigetti Computing for
sponsoring the work on specialized complex float representations.
We have another important announcement we'd like to make. Embeddable
Common-Lisp project has now two maintainers: Daniel Kochmański and Marius
Gerbershagen. After numerous contributions from Marius I've proposed him
this responsibility and to my rejoice he has accepted it. That reflects our
community growth.
This release is available for download in a form of a source code archive
(we do not ship prebuilt binaries):
- [ECL 20.4.24 tarball archive](https://common-lisp.net/project/ecl/static/files/release/ecl-20.4.24.tgz)
- [The ECL Manual](https://common-lisp.net/project/ecl/static/manual/)
Happy Hacking,
The ECL Developers
** Enhancements
- iOS support thanks to the help of P. Ruetz and gitlab user Whimse
- hash-table may now have a custom equivalence predicate
- ~make-load-form-with-slots~ works for structs even if slot names are not interned
- ~ext:weak-pointer-value~ returns two values (value and its presence)
- specialized complex float types based on C99 complex numbers have been
added, together with corresponding specialized array element types.
- support for atomic operations added with an interface similar to SBCL.
Currently (SBCL 1.4.12), it differs in the following points:
- the set of supported places is slightly different
- ~atomic-incf/decf~ always implement modular arithmetic with respect to
the width of a fixnum, instead of a width of 64 bits as for some places
in SBCL.
- Functions such as ~(cas foo)~ analogous to ~(setf foo)~ are not allowed
in ECL.
- The arguments of ~defcas~ are consistent with the short form of
~defsetf~ in contrast to SBCL, where they are different.
- compare-and-swap expansions can be removed with ~remcas~
- experimental support for serializing Lisp objects in compiled files
directly instead of using the reader for faster loading of .fas files
(configure option ~--enable-serialization~).
- improvements to C backtrace interface. Compile with CFLAGS+="-rdynamic"
./configure ... (Unix) or nmake ECL_USE_DBGHELP=yes ... (MSVC) to take
full advantage of this feature.
- better handling of fifo files (see man 7 fifo)
- unicode names are always linked for unicode builds (~--with-unicode-names~ removed)
- numerous bytecodes compiler enhancements
- ~ext:run-program~: process streams may be virtual streams (for instance
~*standard-output*~ in slime, or a string-output-stream)
- ~ext:run-program~: environ argument defaults to ~:default~, when NIL
passed empty environment is used
- compiler: when gcc fails ecl prints the failing command output
- ASDF has been updated to 3.1.8.8
- The Boehm-Demers-Weiser garbage collector has been updated to version 7.6.8
- libffi has been updated to version 3.3
- package local nicknames has been implemented (after SBCL)
- hash table extensions are documented in newdoc
- various cleanups performed in the compiler
- compiler is less verbose by default now
- ~ext:run-program~ has been rewritten (almost) from scratch
- improved documentation of operating system interface (newdoc)
- example of parsing arguments in standalone executable (newdoc)
- example of using shared libraries from C world (newdoc)
- reduced =format= directive tables size
- simplified ~atan2~ implementation by using c99 equivalent - now we
produce correct output for signed zeros, infinities and nans.
- configure script supports new options =--with-libgc-prefix=,
=--with-libgc-incdir= and =--with-libgc-libdir= (these flags work the
same as flags for =libffi= and =libgmp=)
** Issues fixed
- issues with type system revealed by sbcl bootstrapping are gone
- classes are not defined at compilation time
- weak hashtables mishandled weak values when keys were present
- gethash on weak hashtables returned the pointer instead of the value
- maphash on weak hashtables mapped over pointers instead of the values
- initarg caches are now invalidated when new methods are defined. Problem
found and fixed by Alexander Wood.
- ECL allocated too much space in lisp stack. Instead of the specified size
x in bytes, ECL allocated roughly x^2/p where p is defined in
LISP_PAGESIZE (2048 by default). If you're setting the value of
ECL_OPT_LISP_STACK_SIZE, please check whether you really have
set a high enough value.
- ~block/return-from~ fixed (didn't work across some closure boundaries)
- ~mp:semaphore-signal~ fixed (race when count was > 1)
- Multiple native threads issues fixed
- ASDF systems like foo/base and bar/base doesn't have conflicts in bundles
- interactive input stream in ext:run-program on Windows
- removed race condition between waitpid and sigchld handler on UNIX
- buildsystem parallel builds work (i.e make -j999)
- ECL builds on consoles with unusual encodings on Windows (i.e cp936)
** API changes
- ~LISP~ and ~USER~ package nicknames to ~COMMON-LISP~ and
~COMMON-LISP-USER~ are removed
- make-hash-table accepts a new keyword argument ~:hashing-function~
- no-op ~--enable-asmapply~ configure option has been removed
- ~profile~ and ~rt~ contribs are now deprecated and disabled by default
- thread-local variable support has been removed (~--with___thread~)
- deprecated configure option ~--enable-opcode8~ has been removed
- mk-defsystem is not build by default (enable by ~--with-defsystem=yes~)
- asdf:make-build accepts ~:init-name~ argument for libraries
this allows specifying human-memorable initialization function name to call
in C code
- package local nicknames protocol (documented in newdoc)
- make-hash-table accepts ~:synchronize~ flag for thread safe variant. New
predicate ~ext:hash-table-synchronized-p~ implemented
- make-hash-table ~:weakness~ argument new variant ~:key-or-value~
implemented
- No more explicit option in ~main.d~ to trap SIGCHLD asynchronously
- Zombie processes are cleaned in ~external-process~ finalizer. If process
is still referenced in the memory, it's programmer duty to call wait.
- The ECL_OPT_SIGALTSTACK_SIZE option has been removed, because it had no
effect.
- Non-standard package nicknames (USER for COMMON-LISP-USER and LISP for
COMMON-LISP) have been removed.
"Okay if you have tested it" from wiz@, tested mostly with math/maxima.
It's not really cross-compiled, it's just a different target name, but is
treated the same way. Once stabilised and crate support catches up we'll
switch over to it by default from x86_64-sun-solaris. Until then I'll
build bootstrap kits for both natively.
While here fix up a bunch of obvious pkglint warnings.
Changelog:
Vala 0.48.7
===========
* Various improvements and bug fixes:
- codegen:
+ Improve array-dup-wrapper for empty arrays [#999]
+ Don't call get_ccode_finish_instance() with non-async methods
+ Cast initializer-list to struct for non-constant/-array assignment [#1013]
+ Consistently use get_ccode_lower_case_prefix() for function names [#1008]
- vala:
+ Correctly handle qualified struct type in initializer list [#1004]
+ Reduce calls of CodeContext.get()
+ Fix value-type for ArrayCreationExpression used as argument [#1009]
+ Improve parameter check of "get" method used for foreach [#1017]
+ Don't carry floating reference into unknown target type expression [#1018]
- girparser: Actually respect given cprefix metadata for enumerations
- girwriter: Append symbol-attributes to callback field [#1006]
- parser: Avoid mitigation for missing token if it follows DOT or
DOUBLE_COLON [#987]
- libvaladoc/girimporter: Skip "function-macro" elements
- build: Update git-version-gen to latest upstream
- tests: Build typelib if g-ir-compiler is available
* Bindings:
- gstreamer-audio-1.0: Adjustments for Gst.Audio.Sink class extension
- gstreamer: Update from 1.17.1+ git master
- gtk+-3.0: Deprecated abstract methods are not required to be implemented
- gtk4: Prefix value names of PaintableFlags with "STATIC_" [#1011]
- gtk4: Mark optional methods of Gdk.Paintable interface as virtual [#1021]
- gtk4: Update to 3.98.5+fca2ba96
- harfbuzz-gobject: Update to 2.6.8
- pango: Update from 1.45.2
- webkit2gtk-4.0: Update to 2.29.2
- vapi: Update GIR-based bindings
## v1.10.4 (2020-07-04)
### 1. Bug fixes
#### Elixir
* [Kernel] Fix a bug where custom types were printed as built-in types
* [Kernel] Don't add compile-time dependency on `defdelegate`
* [Kernel] Add line numbers to warnings on deprecated imports
* [Kernel] Report the correct line number when raising inside a macro
* [Task] Include callers in translated Logger metadata for Task
* [Task] Fix Task PID and caller in Task Supervisor reports
#### ExUnit
* [ExUnit.Formatter] Avoid crashes when diffing guards when the pattern does not match
* [ExUnit.Formatter] Also blame exceptions that come from linked and trapped exits
#### IEx
* [IEx.Helpers] Do not crash when printing a type that cannot be code formatted
#### Mix
* [mix app.start] Fix reading `.app` file located in archives (`.ez` files)
* [mix local.hex] Provide more guidance when Hex can't be installed
* [mix release] Properly encode config in releases
Version 12.18.2 'Erbium' (LTS)
Notable changes
deps: V8: backport
Fixes memory leak in PrototypeUsers::Add
src: use symbol to store AsyncWrap resource
Fixes reported memory leak
Version 12.18.1 'Erbium' (LTS)
Notable Changes
deps:
V8: cherry-pick
update to uvwasi 0.0.9
upgrade to libuv 1.38.0
upgrade npm to 6.14.5
Make perl a run-time dependency to fix
ERROR: [check-interpreter.mk] The interpreter "/usr/pkg/bin/perl" of "/usr/pkg/bin/scan-build" does not exist.
ERROR: [check-interpreter.mk] The interpreter "/usr/pkg/bin/perl" of "/usr/pkg/libexec/c++-analyzer" does not exist.
ERROR: [check-interpreter.mk] The interpreter "/usr/pkg/bin/perl" of "/usr/pkg/libexec/ccc-analyzer" does not exist.
