New features:
Add configure support for *-*-linux-android. (@cferris1000, @jasone)
Add the --disable-syscall configure option, for use on systems that place security-motivated limitations on syscall(2). (@jasone)
Add support for Debian GNU/kFreeBSD. (@thesam)
Optimizations:
Add extent serial numbers and use them where appropriate as a sort key that is higher priority than address, so that the allocation policy prefers older extents. This tends to improve locality (decrease fragmentation) when memory grows downward. (@jasone)
Refactor madvise(2) configuration so that MADV_FREE is detected and utilized on Linux 4.5 and newer. (@jasone)
Mark partially purged arena chunks as non-huge-page. This improves interaction with Linux's transparent huge page functionality. (@jasone)
Bug fixes:
Fix size class computations for edge conditions involving extremely large allocations. This regression was first released in 4.0.0. (@jasone, @ingvarha)
Remove overly restrictive assertions related to the cactive statistic. This regression was first released in 4.1.0. (@jasone)
Implement a more reliable detection scheme for os_unfair_lock on macOS. (@jszakmeister)
From Jonathan Buschmann in PR pkg/51631
2016.12.12 - GNU nano 2.7.2 "Shemesh! Shemesh!" brings another feature:
the ability to complete with one keystroke (^] by default)
a fragment of a word to a full word existing elsewhere in
the current buffer. Besides, this release fixes two bugs
related to using line numbers in softwrap mode, allows to
use the PageUp and PageDown keys together with Shift on
VTE-based terminals, stops the help lines from flickering
during interactive replacing, makes a "set fill" override
an earlier "set nowrap", properly restores the selected
region after an external spell check, and improves a few
other tidbits. If you should find any more bugs, please
run 'man nano | grep bugs' and report them there.
This new release of the dummy Xorg video driver adds a few cleanups and
compatibility with xorg-server 1.19.
Aaron Plattner (1):
Remove pointless empty functions
Alan Coopersmith (2):
configure: Drop AM_MAINTAINER_MODE
autogen.sh: Honor NOCONFIGURE=1
Antoine Martin (2):
Honor DacSpeed setting in xorg.conf
remove dead code in dummy driver
Julien Cristau (2):
configure: require xorg-server 1.4.99.901
xf86-video-dummy 0.3.8
Peter Hutterer (1):
Switch to using dixChangeWindowProperty
* dovecot.list.index.log rotation sizes/times were changed so that
the .log file stays smaller and .log.2 is deleted sooner.
+ Added mail_crypt plugin that allows encryption of stored emails.
See http://wiki2.dovecot.org/Plugins/MailCrypt
+ stats: Global stats can be sent to Carbon server by setting
stats_carbon_server=ip:port
+ imap/pop3 proxy: If passdb returns proxy_not_trusted, don't send
ID/XCLIENT
+ Added generic hash modifier for %variables:
%{<hash algorithm>;rounds=<n>,truncate=<bits>,salt=s>:field}
Hash algorithm is any of the supported ones, e.g. md5, sha1, sha256.
Also "pkcs5" is supported using SHA256. For example: %{sha256:user}
or %{md5;truncate=32:user}.
+ Added support for SHA3-256 and SHA3-512 hashes.
+ config: Support DNS wildcards in local_name, e.g.
local_name *.example.com { .. } matches anything.example.com, but
not multiple.anything.example.com.
+ config: Support multiple names in local_name, e.g.
local_name "1.example.com 2.example.com" { .. }
- Fixed crash in auth process when auth-policy was configured and
authentication was aborted/failed without a username set.
- director: If two users had different tags but the same hash,
the users may have been redirected to the wrong tag's hosts.
- Index files may have been thought incorrectly lost, causing
"Missing middle file seq=.." to be logged and index rebuild.
This happened more easily with IMAP hibernation enabled.
- Various fixes to restoring state correctly in un-hibernation.
- dovecot.index files were commonly 4 bytes per email too large. This
is because 3 bytes per email were being wasted that could have been
used for IMAP keywords.
- Various fixes to handle dovecot.list.index corruption better.
- lib-fts: Fixed assert-crash in address tokenizer with specific input.
- Fixed assert-crash in HTML to text parsing with specific input
(e.g. for FTS indexing or snippet generation)
- doveadm sync -1: Fixed handling mailbox GUID conflicts.
- sdbox, mdbox: Perform full index rebuild if corruption is detected
inside lib-index, which runs index fsck.
- quota: Don't skip quota checks when moving mails between different
quota roots.
- search: Multiple sequence sets or UID sets in search parameters
weren't handled correctly. They were incorrectly merged together.
This is a security release recommended for all users.
Two distinct security vulnerabilities have been corrected in this
release. Either would let a remote attacker, controlling a device
that is already accepted by Syncthing, perform arbitrary reads and
writes to files outside the configured folders.
The first issue is that path validation was lacking in several
places, resulting in Syncthing accepting index entries for files
like "../../foo", thus resulting in a path above the configured
folder.
The second issue is that where path validation was correct, symlinks
could be used to trick Syncthing. An attacker could create a symlink
"foo -> ../../" and then request the contents of "foo/something",
again escaping the constraints of the folder.
Syncing symlinks between v0.14.14 and previous versions will not
work.
This is due to the fix to the above issue. Normal files and
directories will sync fine. To continue syncing symlinks, both
sides must be upgraded to v0.14.14.
Further resolved issues:
#3753: The build no longer requires Go 1.7.
#3769: The wording in the GUI around "last file received" is
now clearer.
from Jonathan Buschmann in PR pkg/51631
ok gson
Changelog :
4.3.1
Bug fixes:
Fix a severe virtual memory leak. This regression was first released in 4.3.0. (@interwq, @jasone)
Refactor atomic and prng APIs to restore support for 32-bit platforms that use pre-C11 toolchains, e.g. FreeBSD's mips. (@jasone)
4.3.0
This is the first release that passes the test suite for multiple Windows configurations, thanks in large part to @glandium setting up continuous integration via AppVeyor (and Travis CI for Linux and OS X).
New features:
Add "J" (JSON) support to malloc_stats_print(). (@jasone)
Add Cray compiler support. (@ronawho)
Optimizations:
Add/use adaptive spinning for bootstrapping and radix tree node initialization. (@jasone)
Bug fixes:
Fix large allocation to search starting in the optimal size class heap, which can substantially reduce virtual memory churn and fragmentation. This regression was first released in 4.0.0. (@mjp41, @jasone)
Fix stats.arenas..nthreads accounting. (@interwq)
Fix and simplify decay-based purging. (@jasone)
Make DSS (sbrk(2)-related) operations lockless, which resolves potential deadlocks during thread exit. (@jasone)
Fix over-sized allocation of radix tree leaf nodes. (@mjp41, @ogaun, @jasone)
Fix over-sized allocation of arena_t (plus associated stats) data structures. (@jasone, @interwq)
Fix EXTRA_CFLAGS to not affect configuration. (@jasone)
Fix a Valgrind integration bug. (@ronawho)
Disallow 0x5a junk filling when running in Valgrind. (@jasone)
Fix a file descriptor leak on Linux. This regression was first released in 4.2.0. (@vsarunas, @jasone)
Fix static linking of jemalloc with glibc. (@djwatson)
Use syscall(2) rather than {open,read,close}(2) during boot on Linux. This works around other libraries' system call wrappers performing reentrant allocation. (@kspinka, @Whissi, @jasone)
Fix OS X default zone replacement to work with OS X 10.12. (@glandium, @jasone)
Fix cached memory management to avoid needless commit/decommit operations during purging, which resolves permanent virtual memory map fragmentation issues on Windows. (@mjp41, @jasone)
Fix TSD fetches to avoid (recursive) allocation. This is relevant to non-TLS and Windows configurations. (@jasone)
Fix malloc_conf overriding to work on Windows. (@jasone)
Forcibly disable lazy-lock on Windows (was forcibly enabled). (@jasone)
mainly related to https://github.com/westes/flex/issues/113
"v2.6.2 introduces behavior change that is incompatible with previous versions"
This fixes at least doxygen
This adds a dependency on devel/colordiff.
Changelog for this version:
* Greatly improve speed for large archives by fixing O(n^2) complexity for
archive member lookup.
- There is still O(n^2) complexity for archive member extraction, but this
is less noticeable for various reasons and would require more complexity
to fix, so for now is left as a task for the future.
* Text output: add coloured diff support via colordiff(1).
* Html-dir output: add +/- buttons to fold sub-diffs (i.e. toggle their
visibility) as well as the whole diff itself. As with similar features in
other programs, the effect affects all descendants if you shift-click.
The complete list of changes between version 44 and 63 can be found at
https://anonscm.debian.org/git/reproducible/diffoscope.git/tree/debian/changelog
v 3.6.1
Bug fixes in custom HTTP methods.
Support for PEM files in SSL truststore / keystore configuration.
JS and CSS file content rendered with correct syntax highlighting.
v 3.6
#46#47 Added support for custom HTTP methods.
#48#50 option to ignore all SSL certificate warnings.
#49 GET now supports body.
Build moved to Gradle.
Incorrect multi-keyword mode cipherstring parsing.
Fixes CVE-2015-3276.
Submitted upstream as ITS#8543, it apparently wasn't already(!)
http://www.openldap.org/its/index.cgi/Incoming?id=8543
Bump PKGREVISION for both openldap, openldap-server and openldap-client
(to be on the safe side...)
I had intended to migrate the ada framework to use gcc6-aux instead of
lang/gcc5-aux, but unfortunately there's been a regression on NetBSD.
It builds and tests perfectly on DragonFly and FreeBSD, but it only
builds on NetBSD. All the ACAT tests that involve tasking fail, but
the cause is unclear. All the modifications used on gcc5-aux for NetBSD
are present in gcc6-aux but pthread destruction results in a segfault.
Since then gcc5-aux support has been improved, so I'm putting this away
for a while. NetBSD has been removed from the platform support list
for now, but I'll review any patches I get to fix NetBSD tasking.
This compiler is based on gcc 6.2 and is primarily used for the Ada
frontend.
Changes since 5.4.12:
* Added check for unintended # comments, especially in HOMEPAGE
* Added check for quotes in COMMENT
* Fixed hardcoded package versions for PHP, Python, Lua, etc.
* Code cleanup in the tests
Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege escalation. chown now can be used only when the target directory is /var/log. An incompatible change is that if the directory for the Unix socket file is missing, it is no longer created; instead, an error occurs. Due to these changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.
Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is /var/log or /var/lib.
* Unused systemd files for SLES were removed.
Bugs Fixed
Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege escalation. chown now can be used only when the target directory is /var/log. An incompatible change is that if the directory for the Unix socket file is missing, it is no longer created; instead, an error occurs. Due to these changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.
Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is /var/log or /var/lib.
* Unused systemd files for SLES were removed.
* MySQL Server now includes a plugin library that enables administrators to introduce an increasing delay in server response to clients after a certain number of consecutive failed connection attempts. This capability provides a deterrent that slows down brute force attacks that attempt to access MySQL user accounts. For more information, see The Connection-Control Plugin.
* OpenSSL is ending support for version 1.0.1 in December 2016; see https://www.openssl.org/policies/releasestrat.html. Consequently, MySQL Commercial Server builds now use version 1.0.2 rather than version 1.0.1, and the linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1 to version 1.0.2j. For a description of issues fixed in this version, see https://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
Functionality Added or Changed
------------------------------
* InnoDB: By default, InnoDB reads uncommitted data when calculating statistics. In the case of an uncommitted transaction that deletes rows from a table, InnoDB excludes records that are delete-marked when calculating row estimates and index statistics, which can lead to non-optimal execution plans for other transactions that are operating on the table concurrently using a transaction isolation level other than READ UNCOMMITTED. To avoid this scenario, a new configuration option, innodb_stats_include_delete_marked, can be enabled to ensure that InnoDB includes delete-marked records when calculating persistent optimizer statistics. (Bug 23333990)
* Unit testing now uses Google Mock 1.8. (Bug 24572381, Bug 82823)
Bugs Fixed
Compilation Notes
-----------------
For GCC versions higher than 4.4, -fno-expensive-optimizations was replaced with -ffp-contract=off, which has the effect of enabling more optimizations.
Security Notes
--------------
Incompatible Change: These changes were made to mysqld_safe:
* Unsafe use of rm and chown in mysqld_safe could result in privilege escalation. chown now can be used only when the target directory is /var/log. An incompatible change is that if the directory for the Unix socket file is missing, it is no longer created; instead, an error occurs. Due to these changes, /bin/bash is required to run mysqld_safe on Solaris. /bin/sh is still used on other Unix/Linux platforms.
* The --ledir option now is accepted only on the command line, not in option files.
* mysqld_safe ignores the current working directory.
Other related changes:
* Initialization scripts that invoke mysqld_safe pass --basedir explicitly.
* Initialization scripts create the error log file only if the base directory is /var/log or /var/lib.
* Unused systemd files for SLES were removed.
* MySQL Server now includes a plugin library that enables administrators to introduce an increasing delay in server response to clients after a certain number of consecutive failed connection attempts. This capability provides a deterrent that slows down brute force attacks that attempt to access MySQL user accounts. For more information, see The Connection-Control Plugin.
* OpenSSL is ending support for version 1.0.1 in December 2016; see https://www.openssl.org/policies/releasestrat.html. Consequently, MySQL Commercial Server builds now use version 1.0.2 rather than version 1.0.1, and the linked OpenSSL library for the MySQL Commercial Server has been updated from version 1.0.1 to version 1.0.2j. For a description of issues fixed in this version, see https://www.openssl.org/news/vulnerabilities.html.
This change does not affect the Oracle-produced MySQL Community build of MySQL Server, which uses the yaSSL library instead.
Common Changes
* CLDR 30.0.3
* Time zone database version 2016j
* ICU SVN repository structure change. See the note on the Source Code Access page for more information.
ICU4C Fixes
* 12815 uspoof_getSkeleton sets backwards-incompatible illegal argument exception
* 12822 digitlist.cpp won't compile on msvc under Node.js
* 12825 uspoof_check goes into an "infinite loop" when U+30FB is in an input string
* 12832 GreekUpper::toUpper skips the final character on a non-terminated UTF-8 string
* 12849 u_strToTitle returns incorrect length if destination is NULL
* 12868 uprv_convertToPosix() Windows bug
This way they got added as dependencies to sqlite3.so, while
only the sqlite3 binary really needs libreadline.
However, even without the LDFLAGS, the sqlite3 binary correctly
links the library in for me (on NetBSD).
Addresses PR 50776.
Bump PKGREVISION.
