LLVM versions >= 12 cannot currently correctly compile gcc stage 1 because
GCC assumes references to certain symbols like "ix86_isa_flags" will be
optimized away.
Details: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255760
Mypy 0.910 released
22 Jun 2021: Mypy 0.910 was released. This release includes the --non-interactive command-line option to install stubs without user interaction, plus other fixes and improvements. Python 3.5 is now deprecated. Read the blog post for the details.
Mypy 0.901 released
8 Jun 2021: Mypy 0.901 was released. This release moves third-party library stubs to stub packages, allowing newer stubs to be easily used without updating mypy. Mypy now supports pyproject.toml and type guards, and ships wheels for Apple Silicon. Plus, there are many other features and bug fixes. Read the blog post for the details.
Version 14.17.1 'Fermium' (LTS)
Notable Changes
- deps: update ICU to 69.1 (Michaël Zasso)
- errors: align source-map stacks with spec (Benjamin Coe)
Commits
- assert: refactor to use more primordials (Antoine du Hamel)
- assert: refactor to avoid unsafe array iteration (Antoine du Hamel)
- async_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel)
- async_hooks,doc: replace process.stdout.fd with 1 (Darshan Sen)
- benchmark: avoid using console.log() (Antoine du Hamel)
- benchmark: use process.hrtime.bigint() (Antoine du Hamel)
- buffer: remove TODOs in atob / btoa (Khaidi Chu)
- buffer: remove unreachable code (Rongjian Zhang)
- buffer: make FastBuffer safe to construct (Antoine du Hamel)
- buffer: refactor to use primordials instead of Array#reduce (Antoine du Hamel)
- buffer: refactor to use more primordials (Antoine du Hamel)
- build: work around bug in MSBuild v16.10.0 (Michaël Zasso)
- build: add workaround for V8 builds (Richard Lau)
- build: remove dependency on distutils.spawn (Richard Lau)
- build: fix make test-npm (Ruy Adorno)
- child_process: reduce abort handler code duplication (Rich Trott)
- child_process: treat already-aborted controller as aborting (Rich Trott)
- child_process: refactor to use more primordials (Antoine du Hamel)
- deps: update to cjs-module-lexer@1.2.1 (Guy Bedford)
- deps: update ICU to 69.1 (Michaël Zasso)
- deps: V8: cherry-pick 035c305ce776 (Michaël Zasso)
- deps: V8: cherry-pick dfcdf7837e23 (Benjamin Coe)
- deps: V8: cherry-pick 86991d0587a1 (Benjamin Coe)
- deps: V8: cherry-pick 530080c44af2 (Milad Fa)
- dgram: extract cluster lazy loading method to make it testable (Rongjian Zhang)
- dgram: refactor to use more primordials (Antoine du Hamel)
- dns: refactor to use more primordials (Antoine du Hamel)
- doc: cleanup events.md structure (James M Snell)
- doc: fix JS flavor selection (Antoine du Hamel)
- doc: use HEAD instead of master for links (Antoine du Hamel)
- doc: remove import.meta.resolve parent URL type (Kevin Locke)
- doc: document buffer.kStringMaxLength (Tobias Nießen)
- doc: clarify synchronous blocking of Worker stdio (James M Snell)
- doc: update contact info (Gabriel Schulhof)
- doc: change color of doctag on night mode (Qingyu Deng)
- doc: clarify DiffieHellmanGroup class docs (Nitzan Uziely)
- doc: use AIX instead of Aix in fs.md (Rich Trott)
- doc: remove extraneous dash from flag prefix (Rodolfo Carvalho)
- doc: document 'secureConnect' event limitation (James M Snell)
- doc: mark querystring api as legacy (James M Snell)
- doc: add arguments for stream event of Http2Server and Http2SecureServer (Qingyu Deng)
- doc: indicate that abort tests do not generate core files (Rich Trott)
- doc: add try/catch in http2 respondWithFile example (Matteo Collina)
- doc: note the system requirements for V8 tests (DeeDeeG)
- doc: minor clarification to pathObject (James M Snell)
- doc: document new TCP_KEEPCNT and TCP_KEEPINTVL socket option defaults (Arnold Zokas)
- doc: do not mention TCP in the allowHalfOpen option description (Luigi Pinca)
- doc: update message to match actual output (Rich Trott)
- doc: request default snap track be updated for LTS (Rod Vagg)
- doc: mark process.hrtime() as legacy (Antoine du Hamel)
- doc: fix version history for "exports" patterns (Antoine du Hamel)
- doc: fix package.json "imports" field history (Antoine du Hamel)
- doc: fix typo in buffer.md (divlo)
- doc: add nodejs-sec email template (Daniel Bevenius)
- doc: update TSC members list with three new members (Rich Trott)
- doc: use foo.prototype.bar notation in buffer.md (Voltrex)
- doc: internal/test/binding for testing (Bradley Meck)
- doc: add missing events.on metadata (Anna Henningsen)
- doc: fix wording in outgoingMessage.write (Tobias Nießen)
- doc: fix grammar errors in http document (Qingyu Deng)
- doc: add document for http.OutgoingMessage (Qingyu Deng)
- doc: remove generated from dsaEncoding description (Marko Kaznovac)
- doc: document how to register external bindings for snapshot (Joyee Cheung)
- doc: document the NO_COLOR and FORCE_COLOR env vars (James M Snell)
- doc: clarify event.isTrusted text (Rich Trott)
- doc: expand openssl instructions (Michael Dawson)
- doc: document ABORT_ERR code (Benjamin Gruenbaum)
- doc: document changes for */promises alias modules (ExE Boss)
- errors: align source-map stacks with spec (Benjamin Coe)
- errors: refactor to use more primordials (Antoine du Hamel)
- errors: display original symbol name (Benjamin Coe)
- errors: refactor to use more primordials (Antoine du Hamel)
- errors: refactor to use more primordials (Antoine du Hamel)
- events: refactor to use optional chaining (ZiJian Liu)
- events: refactor to use more primordials (Antoine du Hamel)
- fs: fix error when writing buffers > INT32_MAX (Zach Bjornson)
- Revert "http: make HEAD method to work with keep-alive" (Michaël Zasso)
- http2: treat non-EOF empty frames like other invalid frames (Anna Henningsen)
- http2: fix setting options before handle exists (Anna Henningsen)
- http2: add support for TypedArray to getUnpackedSettings (Antoine du Hamel)
- https: refactor to use more primordials (Antoine du Hamel)
- inspector: remove redundant method for connection check (Yash Ladha)
- inspector: refactor to use more primordials (Antoine du Hamel)
- lib: revert primordials in a hot path (Antoine du Hamel)
- lib: make IterableWeakMap safe to iterate (Antoine du Hamel)
- lib: fix and improve os typings (Akhil Marsonya)
- lib: add URI handling functions to primordials (Antoine du Hamel)
- lib: fix WebIDL object and dictionary type conversion (ExE Boss)
- lib: refactor to use optional chaining in internal/options.js (raisinten)
- lib: support returning Safe collections from C++ (ExE Boss)
- lib: expose primordials object (Antoine du Hamel)
- lib: refactor source_map to use more primordials (Antoine du Hamel)
- lib: refactor source_map to avoid unsafe array iteration (Antoine du Hamel)
- lib: simplify primordials.uncurryThis (ExE Boss)
- lib: remove v8_prof_polyfill from eslint ignore list (Antoine du Hamel)
- lib: remove unused code (Brian White)
- lib: refactor to use more primordials in internal/encoding.js (raisinten)
- lib: refactor to use primordials in internal/priority_queue.js (ZiJian Liu)
- lib: add primordials.SafeStringIterator (Antoine du Hamel)
- lib: make safe primordials safe to construct (Antoine du Hamel)
- lib: make safe primordials safe to iterate (Antoine du Hamel)
- lib: refactor to use more primordials in internal/histogram.js (raisinten)
- lib: add uncurried accessor properties to primordials (ExE Boss)
- lib: refactor primordials.uncurryThis (Antoine du Hamel)
- lib: refactor to use more primordials (Antoine du Hamel)
- lib: add %TypedArray% abstract constructor to primordials (ExE Boss)
- lib: use Object static properties from primordials (Michaël Zasso)
- lib,tools: enforce access to prototype from primordials (Antoine du Hamel)
- meta: add v8 team (Jiawen Geng)
- meta: post comment when pr labeled fast-track (James M Snell)
- module: clarify CJS global-like variables not defined error message (Antoine du Hamel)
- module: refactor NativeModule to avoid unsafe array iteration (Antoine du Hamel)
- module: simplify tryStatSync with throwIfNoEntry option (Antoine du Hamel)
- module: refactor to use more primordials (Antoine du Hamel)
- module: refactor to use more primordials (Antoine du Hamel)
- module: refactor to use iterable-weak-map (Benjamin Coe)
- net: refactor to use more primordials (Antoine du Hamel)
- node-api: faster threadsafe_function (Fedor Indutny)
- node-api: fix shutdown crashes (Michael Dawson)
- node-api: make reference weak parameter an indirect link to references (Chengzhong Wu)
- os: refactor to use more primordials (Antoine du Hamel)
- path: inline conditions (Voltrex)
- path: refactor to use more primordials (Akhil Marsonya)
- path: refactor to use more primordials (Antoine du Hamel)
- perf_hooks: throw ERR_INVALID_ARG_VALUE if histogram.percentile param is NaN (ZiJian Liu)
- perf_hooks: refactor to avoid unsafe array iteration (Antoine du Hamel)
- perf_hooks: refactor to use more primordials (Antoine du Hamel)
- policy: refactor to use more primordials (Antoine du Hamel)
- querystring: refactor to use more primordials (Antoine du Hamel)
- readline: refactor to use more primordials (Antoine du Hamel)
- repl: document top level await limitation with const/let (James M Snell)
- repl: display prompt once after error callback (Anna Henningsen)
- src: fix multiple AddLinkedBinding() calls (Anna Henningsen)
- src: update cares_wrap OpenBSD defines (Anna Henningsen)
- src: remove extra semi after member fn (Shelley Vohr)
- src: make workers messaging more resilient (Juan José Arboleda)
- src: fix validation of negative offset to avoid abort (James M Snell)
- src: use %progbits instead of @progbits (Stephen Gallagher)
- src: fix setting Converter sub char length (James M Snell)
- src: avoid deferred gc/cleanup for Buffer.from (James M Snell)
- src: indent long help text properly (David Glasser)
- src: fix ETW_WRITE_EMPTY_EVENT macro (Michaël Zasso)
- src: disable unfixable MSVC warnings (Michaël Zasso)
- src: avoid implicit type conversions (take 2) (Michaël Zasso)
- src: fix compiler warnings in node_buffer.cc (Darshan Sen)
- src: fix compiler warning in env.cc (Anna Henningsen)
- src: add check against non-weak BaseObjects at process exit (Anna Henningsen)
- src: use transferred consistently (Daniel Bevenius)
- src: fix label indentation (Rich Trott)
- stream: fix multiple Writable.destroy() calls (Robert Nagy)
- stream: the position of _read() is wrong (helloyou2012)
- stream: only use legacy close listeners if not willEmitClose (Robert Nagy)
- stream: fix legacy pipe error handling (Robert Nagy)
- string_decoder: throw ERR_STRING_TOO_LONG for UTF-8 (Michaël Zasso)
- string_decoder: refactor to use more primordials (Antoine du Hamel)
- test: improve coverage of lib/_http_client.js (Rongjian Zhang)
- test: improve coverage of lib/os.js (Rongjian Zhang)
- test: call functions internally (Voltrex)
- test: complete coverage of querystring (Rongjian Zhang)
- test: increase coverage for AbortController (ZiJian Liu)
- test: run message and pseudo-tty tests in parallel (Richard Lau)
- test: move test-net-connect-econnrefused from pummel to sequential (Rich Trott)
- test: fix common.mustCall length and name properties (Antoine du Hamel)
- test: address deprecation warning (Rich Trott)
- test: move abort test from pummel to abort directory (Rich Trott)
- test: skip some pummel tests on slower machines (Rich Trott)
- test: add ancestor package.json checks for tmpdir (Richard Lau)
- test: replace function with arrow function and remove unused argument (Andres)
- test: use .test domain for not found address (Richard Lau)
- test: increase fs promise coverage (Emil Sivervik)
- test: increase timeout on ASAN Action (Antoine du Hamel)
- test: improve coverage of SourceTextModule getters (Juan José Arboleda)
- test: improve coverage for Module getters (Juan José Arboleda)
- test: improve coverage on worker threads (Juan José Arboleda)
- test: improve coverage at lib/internal/vm/module.js (Juan José Arboleda)
- test: guard large string decoder allocation (Michaël Zasso)
- test: add already-aborted-controller test for spawn() (Rich Trott)
- test: add test for reused AbortController with execfile() (Rich Trott)
- test: add Actions annotation output (Mary Marchini)
- test: use .then(common.mustCall()) for all async IIFEs (Anna Henningsen)
- test,doc,lib: adjust object literal newlines for lint rule (Rich Trott)
- test,readline: improve tab completion coverage (Antoine du Hamel)
- timers: fix unsafe array iteration (Darshan Sen)
- timers: reject with AbortError on cancellation (Benjamin Gruenbaum)
- timers: refactor to use more primordials (Antoine du Hamel)
- timers: cleanup abort listener on awaitable timers (James M Snell)
- tls: validate ticket keys buffer (Antoine du Hamel)
- tls: fix session and keylog add listener segfault (Nitzan Uziely)
- tools: refloat 7 Node.js patches to cpplint.py (Rich Trott)
- tools: bump cpplint to 1.5.4 (Rich Trott)
- tools: refloat 7 Node.js patches to cpplint.py (Rich Trott)
- tools: bump cpplint to 1.5.3 (Rich Trott)
- tools: refloat 7 Node.js patches to cpplint.py (Rich Trott)
- tools: bump cpplint.py to 1.5.2 (Rich Trott)
- tools: update ESLint to 7.27.0 (Luigi Pinca)
- tools: update ESLint to 7.26.0 (Colin Ihrig)
- tools: update ESLint to 7.25.0 (Colin Ihrig)
- tools: update ESLint to 7.24.0 (Colin Ihrig)
- tools: update ESLint to 7.23.0 (Luigi Pinca)
- tools: update ESLint to 7.22.0 (Colin Ihrig)
- tools: make update-eslint.sh work with npm@7 (Luigi Pinca)
- tools: add support for mjs and cjs JS snippet linting (Antoine du Hamel)
- tools: update eslint-plugin-markdown configuration (Colin Ihrig)
- tools: enable object-curly-newline in ESLint rules (Rich Trott)
- tools: make GH Actions workflows work if default branch is not master (Antoine du Hamel)
- tools: use mktemp to create the workspace directory (Luigi Pinca)
- tools: use a shallow clone of the npm/cli repository (Luigi Pinca)
- tools: remove fixer for non-ascii-character ESLint custom rule (Rich Trott)
- tools: fix doc generation when version info is not available (Antoine du Hamel)
- tools: add _depot_tools to PATH (for V8 tests) (DeeDeeG)
- tools: fix type mismatch in test runner (Richard Lau)
- tools: simplify eslint comma-dangle configuration (tools) (Rich Trott)
- tools: simplify eslint comma-dangle configuration (Rich Trott)
- tools: run doctool tests on GitHub Actions CI (Antoine du Hamel)
- tools: refactor prefer-primordials (Antoine du Hamel)
- tools: update ESLint to 7.21.0 (Luigi Pinca)
- tools: update ESLint to 7.20.0 (Colin Ihrig)
- tools: update ESLint to 7.19.0 (Colin Ihrig)
- tools: update ESLint to 7.18.0 (Colin Ihrig)
- tools: update gyp-next to v0.7.0 (Michaël Zasso)
- tools: update ESLint to 7.17.0 (Colin Ihrig)
- tools: update ESLint to 7.16.0 (Yongsheng Zhang)
- tools: enable no-unsafe-optional-chaining lint rule (Colin Ihrig)
- tools: update ESLint to 7.15.0 (Colin Ihrig)
- tools: enable no-unused-expressions lint rule (Michaël Zasso)
- tools: enable no-nonoctal-decimal-escape lint rule (Colin Ihrig)
- tools: update ESLint to 7.14.0 (Colin Ihrig)
- tools: add linting rule for async IIFEs (Anna Henningsen)
- tools: update ESLint to 7.13.0 (Luigi Pinca)
- tools: update ESLint to 7.12.1 (Colin Ihrig)
- tools: update ESLint to 7.12.0 (Colin Ihrig)
- tools: update ESLint to 7.11.0 (Colin Ihrig)
- tools: add new ESLint rule: prefer-primordials (Leko)
- tools,doc: add support for several flavors of JS code snippets (Antoine du Hamel)
- tools,lib: recommend using safe primordials (Antoine du Hamel)
- tools,lib: tighten prefer-primordials rules for Error statics (Antoine du Hamel)
- tty: refactor to avoid unsafe array iteration (Antoine du Hamel)
- tty: refactor to use more primordials (Zijian Liu)
- typings: add JSDoc typings for util (Rohit Gohri)
- url: refactor to use more primordials (Antoine du Hamel)
- util: simplify constructor retrieval in inspect() (Rich Trott)
- v8: refactor to use more primordials (Antoine du Hamel)
- v8: refactor to use more primordials (Antoine du Hamel)
- vm: refactor to avoid unsafe array iteration (Antoine du Hamel)
- wasi: refactor to avoid unsafe array iteration (Antoine du Hamel)
- Revert "worker: remove ERR_CLOSED_MESSAGE_PORT" (Juan José Arboleda)
- worker: refactor to avoid unsafe array iteration (Antoine du Hamel)
- worker: refactor to use more primordials (Antoine du Hamel)
- zlib: fix brotli flush range (Khaidi Chu)
- zlib: refactor to avoid unsafe array iteration (Antoine du Hamel)
- zlib: refactor to use primordial instead of <string>.startsWith (Rohan Chougule)
- zlib: refactor to use more primordials (Antoine du Hamel)
The NetBSD i386 Rust 1.50 builds introduced two different targets (i586
and i686), where previously there was only one (i686). Unfortunately,
the upstream mozjs78 configuration script that narrows to the
appropriate compiler target is confused by this, since it was receiving
"i486" from pkgsrc tooling and didn't know how to pick from more than
one potential approximate match. I'm addressing it this (kludgy) way
for now, as I don't have time to go through Mozilla's scripting and
make adjustments, and I would like this building in the 2021Q2 branch.
If someone else feels there's a better way, please have at it. With
this tweak in place, I'm able to build the xfce4 meta package for
NetBSD/i386 9.2.
Better patch for src/tools/rust-installer/install-template.sh
- remove one path component after share/doc/ as the original code does
- do not change spacing for HACK: section
Bump PKGREVISION.
# cpp11 0.2.7
* Fix a transient memory leak for functions that return values from
`cpp11::unwind_protect()` and `cpp11::safe` (#154)
# cpp11 0.2.6
* `cpp_register()` now uses symbols exclusively in the `.Call()`
interface. This allows it to be more robust in interactive use with
the pkgload package.
# cpp11 0.2.5
* `cpp_source()` gains a `cxx_std` argument to control which C++
standard is used. This allows you to use code from `C++14` and
later standards with cpp_source(). (#100)
* The cpp11 knitr engine now allows you to set the `cxx_std` chunk
option to control the C++ standard used.
* `cpp_source()` now has much more informative error messages when
compilation fails (#125, #139)
* `cpp_source()` now uses a unique name for the DLL, so works when run
multiple times on the same source file on Windows (#143)
* `writable::list_of<T>` now supports modification of vectors as
intended (#131).
* Errors when running
`tools::package_native_routine_registration_skeleton()` are no
longer swallowed (#134)
* `cpp_source()` can now accept a source file called `cpp11.cpp`
(#133)
* `named_arg` now explicitly protect their values, avoiding protection
issues when using large
inputs. [tidyverse/readr#1145](https://github.com/tidyverse/readr/issues/1145)
* `r_string(std::string)` now uses `Rf_mkCharLenCE()` instead of
`Rf_mkChar()`, which avoids the performance cost of checking the
string length.
* Writable vector classes now properly set their lengths as intended
when being copied to a read only class (#128).
Also, pull over the patched install.sh script from the main package,
for quite a lot faster installation, also for the benefit of the
upstream-delivered binaries. (Fix submitted upstream.)
Use the nb1 version suffix on the NetBSD binaries (one-time job for
1.52.1, to be removed on next go-around), but they still extract to
the non-nb1 work directory, so some adjustment needed for that.
Bump PKGREVISION.
New in version 2.1.5
* minor incompatible change: on x86-64, the backend instruction
encoders for movzx and for string opcodes have changed their
semantics.
* platform support:
* compatibility: support the latest MinGW on x86. (#1923325,
thanks to Alexis Rivera)
* bug fix: on x86-64, fix instruction encoding for TEST on
RIP-relative addresses. (#1925808, reported by Shinmera on
#sbcl, thanks also to 3b)
* bug fix: on x86-64, loading all-1s into an AVX2 register no
longer causes an error. (thanks to Marco Heisig)
* bug fix: on arm64, improve disassembly of ADD with constant
0 as MOV
* enhancement: on arm64, support debugger commands
RETURN-FROM-FRAME and RESTART-FRAME more efficiently.
* enhancement: on x86-64, add support for vshuf* AVX2
instructions. (reported by Bela Pecsek)
* optimization: faster function calls on arm64.
* optimization: (SETF SBIT) is faster on x86-64.
* bug fix: INTEGER-DECODE-FLOAT was computing the wrong answer for
denormal double floats. (#1926383, reported by Stavros Macrakis)
* bug fix: RANDOM on a floating point argument now does not
cons. (reported by Tito Latini)
* bug fix: fix a compiler crash in type derivation of
LOGTEST. (#1928243)
* bug fix: fix a compiler failure when a declared function type
contains a literal structure with a valid MAKE-LOAD-FORM
method. (#1929160, thanks to Yurii Hryhorenko)
* optimization: FBOUNDP on a constant symbol is now faster.
* optimization: file compilation now produces smaller fasls for
files which reference package literals.
* optimization: derive the type of calls to FLOAT-SIGN.
Vala 0.52.4
===========
* Various improvements and bug fixes:
- codegen:
+ GArray, GByteArray and GPtrArray are reference counted
+ Replace wrongly hard coded usage of G_OBJECT_GET_CLASS
+ Don't add errornous cast for unknown type_symbol
+ Mark entry point method implementation "_vala_main" as static
+ Improve check for GLib.Source derived classes
- vala: Parameter following params-array parameter is not allowed
- doc: Update man page to include more information on profiles
* Bindings:
- glib-2.0: Add missing has_typedef attributes on SourceFuncs delegates
- gstreamer: Update from 1.19.0+ git master
- gtk+-3.0: Update to 3.24.29+f9fe28ce
- gtk4: Update to 4.3.0+24f0ae1d
- pango: Mark language parameter of AttrIterator.get_font() as out
- vapi: Update GIR-based bindings
Better patch for src/tools/rust-installer/install-template.sh
- remove one path component after share/doc/ as the original code does
- do not change spacing for HACK: section
## 1.16.0 - 2021-05-30
- Add color documentation to the `doc` macro - enable/disable with `(dyn :doc-color)`.
- Remove simpler HTML docs from distribution - use website or built-in documentation instead.
- Add compiler warnings and deprecation levels.
- Add `as-macro` to make using macros within quasiquote easier to do hygienically.
- Expose `JANET_OUT_OF_MEMORY` as part of the Janet API.
- Add `native-deps` option to `decalre-native` in `jpm`. This lets native libraries link to other
native libraries when building with jpm.
- Remove the `tarray` module. The functionality of typed arrays will be moved to an external module
that can be installed via `jpm`.
- Add `from-pairs` to core.
- Add `JPM_OS_WHICH` environment variable to jpm to allow changing auto-detection behavior.
- The flychecker will consider any top-level calls of functions that start with `define-` to
be safe to execute and execute them. This allows certain patterns (like spork/path) to be
better processed by the flychecker.
go1.16.5 (released 2021-06-03) includes security fixes to the archive/zip, math
/big, net, and net/http/httputil packages, as well as bug fixes to the linker,
the go command, and the net/http package. See the Go 1.16.5 milestone on our
issue tracker for details.
The SetString and UnmarshalText methods of math/big.Rat
<https://pkg.go.dev/math/big#Rat> may cause a panic or an unrecoverable
fatal error if passed inputs with very large exponents.
This is issue <https://github.com/golang/go/issues/44910> and
CVE-2021-33198.
Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel
Odeke for reporting it.
ReverseProxy in net/http/httputil <https://pkg.go.dev/net/http/httputil> could
be made to forward certain hop-by-hop headers, including Connection. In
case the target of the ReverseProxy was itself a reverse proxy, this would
let an attacker drop arbitrary headers, including those set by the
ReverseProxy.Director.
This is issue <https://github.com/golang/go/issues/46313> and
CVE-2021-33197.
Thanks to Mattias Grenfeldt (https://grenfeldt.dev) and Asta Olofsson for
reporting this issue.
The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in
net <https://pkg.go.dev/net>, and their respective methods on the Resolver
<https://pkg.go.dev/net#Resolver> type may return arbitrary values
retrieved from DNS which do not follow the established RFC 1035
<https://datatracker.ietf.org/doc/html/rfc1035>rules for domain names. If
these names are used without further sanitization, for instance unsafely
included in HTML, they may allow for injection of unexpected content. Note
that LookupTXT may still return arbitrary values that could require
sanitization before further use.
This is issue <https://github.com/golang/go/issues/46241> and
CVE-2021-33195.
Thanks to Philipp Jeitner and Haya Shulman from Fraunhofer SIT for
reporting this issue.
The NewReader and OpenReader functions in archive/zip
<https://pkg.go.dev/archive/zip> can cause a panic or an unrecoverable
fatal error when reading an archive that claims to contain a large number
of files, regardless of its actual size.
This is issue <https://github.com/golang/go/issues/46242>and
CVE-2021-33196.
Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel
Odeke for reporting it.
go1.15.13 (released 2021-06-03) includes security fixes to the archive/zip,
math/big, net, and net/http/httputil packages, as well as bug fixes to the
linker, the go command, and the math/big and net/http packages. See the Go
1.15.13 milestone on our issue tracker for details.
The SetString and UnmarshalText methods of math/big.Rat
<https://pkg.go.dev/math/big#Rat> may cause a panic or an unrecoverable
fatal error if passed inputs with very large exponents.
This is issue <https://github.com/golang/go/issues/44910> and
CVE-2021-33198.
Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel
Odeke for reporting it.
ReverseProxy in net/http/httputil <https://pkg.go.dev/net/http/httputil> could
be made to forward certain hop-by-hop headers, including Connection. In
case the target of the ReverseProxy was itself a reverse proxy, this would
let an attacker drop arbitrary headers, including those set by the
ReverseProxy.Director.
This is issue <https://github.com/golang/go/issues/46313> and
CVE-2021-33197.
Thanks to Mattias Grenfeldt (https://grenfeldt.dev) and Asta Olofsson for
reporting this issue.
The LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in
net <https://pkg.go.dev/net>, and their respective methods on the Resolver
<https://pkg.go.dev/net#Resolver> type may return arbitrary values
retrieved from DNS which do not follow the established RFC 1035
<https://datatracker.ietf.org/doc/html/rfc1035>rules for domain names. If
these names are used without further sanitization, for instance unsafely
included in HTML, they may allow for injection of unexpected content. Note
that LookupTXT may still return arbitrary values that could require
sanitization before further use.
This is issue <https://github.com/golang/go/issues/46241> and
CVE-2021-33195.
Thanks to Philipp Jeitner and Haya Shulman from Fraunhofer SIT for
reporting this issue.
The NewReader and OpenReader functions in archive/zip
<https://pkg.go.dev/archive/zip> can cause a panic or an unrecoverable
fatal error when reading an archive that claims to contain a large number
of files, regardless of its actual size.
This is issue <https://github.com/golang/go/issues/46242>and
CVE-2021-33196.
Thanks to the OSS-Fuzz project for discovering this issue and to Emmanuel
Odeke for reporting it.
Changelog:
Version 1.4.8 released
25 May 2021 The Nim Team
The Nim team is happy to announce version 1.4.8, our fourth patch release for
Nim 1.4.
Version 1.4.8 is a result of one month of hard work, and it contains 23 commits
, fixing the most important bugs and bringing additional improvements to our
ORC memory management.
We would recommend to all of our users to upgrade and use version 1.4.8.
Release highlights
* Just like our devel branch, v1.4.8 is built using csources_v1, which means
you can use it on Apple M1 chips.
* Version 1.4.6 triggered some false positives with several antivirus
softwares. Based on our testing, this shouldn't happen with v1.4.8.
* Now you can use -d:release and -d:danger in your config files, no need to
manually write these flags on the command line anymore.
* Additional improvements to our ORC memory management. Use --gc:orc to
compile your projects with it.
Version 1.4.6
Version 1.4.6 is our third patch release for Nim 1.4 and it brings several
fixes since version 1.4.4, released two month ago.
Bugfixes since 1.4.4
* Fixed GC crash resulting from inlining of the memory allocation procs (link
)
* Fixed isolate doesn't work (#17264)
* Fixed regression since 1.4.2: vm crash with lists.SinglyLinkedRing (#
16384)
* Fixed Generics sandwiched between two modules don't mixin their
scope symbols properly (#11225)
* Fixed json.% raises Defect for uint64 (#17383)
* Fixed memory allocation during {.global.} init breaks GC (#17085)
* Fixed incorrect raises effect for $(NimNode) (#17454)
Full changelog since v1.4.4 contains 19 commits.
2.8.1 (2021-05-14)
* Wait for STDOUT to be flushed before exiting the node runtime
2.8.0 (2021-05-12)
* Fix Ruby 3.0 compatibility on Windows
* Undefine console, process and other globals. See #43
* Removed the RubyRacer runtime as it is no longer maintained and broken on
recent rubies.
* Node runtime look for node before nodejs.
PR pkg/55997
Internal stat() function for perl stores inode number as string, if it
cannot be represented by host's integer. However, unfortunately, some
components compare them as integer.
Therefore, if 64-bit integers are not supported, files cannot be handled,
whose inode number is larger than UINT32_MAX.
Usually, inode numbers on real filesystems are well below UINT32_MAX. But,
inode numbers larger than UINT32_MAX are assigned for tmpfs on LP64 kernels.
This results in build failures for perl on COMPAT_NETBSD32 if working
directory is tmpfs, and perl-64bitint and friends are not specified.
Now, inode numbers are compared as string, which works just fine even if
64-bit integers are not supported.
Cherry-picked from upstream. See https://github.com/Perl/perl5/pull/18788
and related pull-requests for more details.
From: https://github.com/rakudo/rakudo/releases
(from 2020.12 to now is two lengthy, only 2021.04 to 2021.05 listed:
New in 2021.05:
* Additions:
+ Add support for ? and ? as aliases for ? and ? [d00c7e3]
* Changes:
+ Make lc, uc, tc, tclc, fc, flip methods on Allomorph return Str
instance
to make it consistent on subclassing [bb069a9]
* Efficiency:
+ Make infix (elem) operator about 30x as fast on native arrays [e6a7bfe]
+ Make DateTime.posix about 12x as fast [17c55f3,ec8b1ae7]
* Fixes:
+ Fix $*EXECUTABLE with non _m suffix executables and on Windows with
raku, raku-debug, rakuw [b13542e,a37f9790]
+ Fix copying of empty shaped array [0bf10e2,ede453e1]
+ Fix substr_rw method on Allomorph [1d8d05f]
+ Improve error messages text [5c78fb7,5331a1d8]
* Internals:
+ Replace use of P6EX hllsym with Metamodel::Configuration.throw_or_die
method [ca2753b,a524c3de,8427afe9,2c4a0062]
+ Remove special cases for hash constants for JVM [4dab840]
+ Move opening of standard handles into Rakudo::Internals [b1e4350]
+ Fix a test for reproducible builds [21a60e1]
+ Use "#!/usr/bin/env rakudo" instead of perl6 in module scripts [adc89e2
]
+ Add tests for REPL correctly handling junctions and incomplete regexes
[45e8e8d,cbf12d22,21100c91]
The following people contributed to this release:
Nicholas Clark, Elizabeth Mattijsen, Stoned Elipot, Christian Bartolom?us,
Stefan Seifert, Daniel Green, Alexander Kiryuhin, Patrick B?ker, Vadim Belman,
Will "Coke" Coleda, Juan Juli?n Merelo Guerv?s, Tom Browder, Fernando
Santagata,
Suman Khanal, karl yerkes, Andreas Voegele, Jonathan Worthington,
Maxim Kolodyazhny, Tony O'Dell, Will Coleda, raydiak, rir
This release implements 6.c and 6.d versions of the Raku specification.
6.c version of the language is available if you use the use v6.c
version pragma, otherwise 6.d is the default.
Upcoming releases in 2021 will include new functionality that is not
part of 6.c or 6.d specifications, available with a lexically scoped
pragma. Our goal is to ensure that anything that is tested as part of
6.c and 6.d specifications will continue to work unchanged. There may
be incremental spec releases this year as well.
If you would like to contribute or get more information, visit
https://raku.org, https://rakudo.org/community, ask on the
perl6-compiler@perl.org mailing list, or ask on IRC #raku on freenode.
Additionally, we invite you to make a donation to The Perl Foundation
to sponsor Raku development: https://donate.perlfoundation.org/
(put ?Raku Core Development Fund? in the ?Purpose? text field)
The next release of Rakudo (#147), is tentatively scheduled for 2021-06-19.
A list of the other planned release dates is available in the
?docs/release_guide.pod? file.
The development team appreciates feedback! If you?re using Rakudo, do
get back to us. Questions, comments, suggestions for improvements, cool
discoveries, incredible hacks, or any other feedback ? get in touch with
us through (the above-mentioned) mailing list or IRC channel. Enjoy!
Please note that recent releases have known issues running on the JVM.
We are working to get the JVM backend working again but do not yet have
an estimated delivery date.
[^1]: See https://raku.org/
Assets 4
rakudo-2021.05.tar.gz 5.46 MB
rakudo-2021.05.tar.gz.asc 833 Bytes
Source code (zip)
Source code (tar.gz)
* 2021.04
* 33c589c
* Verified
This tag was signed with the committer?s verified signature.
[5764435] Altai-man
GPG key ID: DE8F8F5E97A8FCDE Learn about vigilant mode.
* Compare
Choose a tag to compare
[ ]
Search for a tag
19.0.3 (2021-05-24)
Fixed
* MDG files must use the .feature.md extension.
* Data Tables and Examples Tables in Markdown must be indented 2-5 spaces in
order to be recognised.
Some patch(1) implementations, such as OpenBSD patch and GNU patch,
choose the file name with the fewest path components if neither the
old or new file exist. This missing slash causes the old name
(compiler/rustc_target/src/speci586_unknown_netbsd.rs.orig) to have
fewer components, so it is created instead of the new name as
intended.
This results in build error when one of these patch(1) implementations
is used:
error[E0583]: file not found for module `i586_unknown_netbsd`
