The current i386 bootstrap is built for NetBSD 8.x, and so is linked
against libstdc++.so.8. NetBSD 9.x still requires compat80 for it to
run.
This isn't a complete workaround, as builds still fail in a sandboxed
environment that doesn't have compat80 installed outside it. Dealing
with that would require another workaround somewhat like the one used
for ghc*, but a little different.
Vala 0.52.1
===========
* Various improvements and bug fixes:
- codegen:
+ Improve handling of ellipsis parameter in get_ccode_name()
+ Fix default value of get_ccode_destroy_notify_pos()
+ Don't override valid target/destroy of previous lambda argument [#59]
+ Don't call *_instance_init() in compact class chainup
- vala: Mark tranformed static member-access as qualified [#270]
- parser: Stricter mode for chained member initializer with --keep-going [#1158]
- girwriter: namespace expects "c:symbol-prefixes" attribute [#1038]
- girwriter: Don't use instance-parameter inside callback [#1167]
- girparser,libvaladoc/girimporter: Don't guess length of xml header, iterate
forward to <repository>
- libvaladoc/girimporter: parse_constant() use "c:identifier" attribute first
* Bindings:
- gsl: Add BLAS module [#1149]
- rest-0.7: Fix OAuthProxyAuthCallback binding
- gtk+-3.0: Fix ModuleInitFunc binding
- gio-2.0: Fix TlsPassword.get_value() binding
- Fix several bindings which lead to invalid code by using them in:
javascriptcoregtk-4.0, libusb, libusb-1.0, pixman-1,
webkit2gtk-web-extension-4.0, x11, zlib,
Vala 0.52.0
===========
* Various improvements and bug fixes:
- codegen: Include "glib.h" for deprecated symbols (GOBJECT) [#1155]
- vala: Improve error for incompatible expressions in conditional expression
- vala: Check for unused attributes unconditionally
- girparser: Allow overriding of "Compact" attribute for classes
- girparser: Handle empty "<type/>" element and report an error
- girparser: Add support for NoWrapper metadata for methods
- build: Add --enable-test-asan configure option
* Bindings:
- gio-2.0: Add some missing NoWrapper and CCode.has_typedef attributes
- gnutls: Fix some binding errors
- gsl: Fix some binding errors
- gstreamer: Update from 1.19.0+ git master
- gtk4: Add Gtk.INVALID_LIST_POSITION [#1151]
- gtk4-unix-print: Switch to gir
- gtk4: Update to 4.1.2
- linux: Provide Input.Event.input_event_sec/input_event_usec fields [#1152]
- vapi: Fix a couple of attribute typos
- webkit2gtk-4.0: Update to 2.31.91
Vala 0.51.91
============
* Various improvements and bug fixes:
- codegen:
+ Error for missing type-arguments of HashTable (de)serialization [#1147]
+ Free intermediate temp-variables of postcondition expression [#80]
+ Use the one available source_reference for internal error [#436]
+ Fix access to captured generics in async method of interfaces [#537]
+ Don't ever create null-aware free macro for GenericType
+ Don't add generics arguments/parameters to async finish method
+ Drop inner casts before converting between generics and integers
- vala:
+ Add missing null-check in DataType.get_type_signature()
+ Check array type of declarations for errornous type-arguments
+ Check (optional) type-arguments of array creation expression
+ Replace all type parameter occurances in parameters for signal delegate
* Bindings:
- glib-2.0,gio-2.0: Add some missing type-arguments
- vapi: Update GIR-based bindings
Vala 0.51.90
============
* Various improvements and bug fixes:
- codegen:
+ More use of get_ccode_type_name()
+ "_first_array" parameter for params-array is variadic too
+ Inherit GType from base struct of SimpleType structs
- vala:
+ Report warning if --target-glib=auto was not evaluated successfully
+ Fix ownership inheritance of "unowned var" in foreach statement
+ Use pre-resolved symbol/type of SemanticAnalyzer if possible
- gdbus: Don't leak memory of deserialized arguments on error in wrapper method
- girparser: Reuse populated Node.gtype_struct_for instead of resolving again
- girparser: Evaluate "glib:type-struct" twice to pick up reparented structs
- testrunner: Include Gio-2.0/gio-2.0 for GIR tests too
* Bindings:
- gtk4: Update to 4.1.1+f8f90d85
Vala 0.51.3
===========
* Various improvements and bug fixes:
- codegen:
+ Don't use volatile modifier in glib API when targetting >= 2.68 [glib!1719]
+ CCodeBaseModule.get_type_id_expression () won't return null
+ Don't wrongly emit declaration for default-handler of signals
+ Include "string.h" for strcmp() (POSIX)
- vala:
+ Generics value holding struct pointer requires casting on access [#347]
+ Infer needle type for "in" expression on enum [#1138]
+ Don't allow "in" operation with different enum types [#1139]
+ Improve context check whether property is writeable on assignments
+ Include "stdlib.h" for Enum.to_string() (POSIX) [#1143]
+ Set proper source_reference for implicit "this" and "result" variables
+ Report error for invalid inner operand of unary expressions
- girwriter: Output default handler of signals
* Bindings:
- glib-2.0: Add new symbols from 2.68
- webkit2gtk-4.0: Update to 2.31.90
- vapi: Update GIR-based bindings
Vala 0.51.2
===========
* Various improvements and bug fixes:
- vala:
+ Check type-arguments in base-types/prerequisites of class/interface [#404]
+ Include type-checks in preconditions of methods for type narrowing [#894]
+ Capturing va_list parameters/variables is not allowed [#1136]
+ Properly parse and handle chained initialization of members [#1137]
- codewriter: Output valid vala syntax for LoopStatement and don't write
trailing ";" after body of WithStatement
* Bindings:
+ gstreamer: Update from 1.19.0+ git master
+ vapi: Update GIR-based bindings
Vala 0.51.1
===========
* Highlights:
- Support "binding" to bind GtkCallback to class of given property [#1093]
- Add support for type narrowing [#894]
- Support chain up to simple generics constructor [#342]
- Perform runtime version check of libvala [#88]
- girparser: Handle anonymous delegate not backed by virtual-method or signal
- Add support for 'opaque' compact classes [#1129]
- Add further support for params arrays in constructors [#128]
- Improve handling of "NoWrapper" attribute
- Improve support of SimpleType struct constructors
- Use __attribute__ instead of G_GNUC_* in POSIX profile
- Add SDL 2.x bindings [#1032] amd drop SDL 1.x
* Various improvements and bug fixes:
- codegen:
+ Improve GValueModule.visit_cast_expression()
+ Drop obsolete dedicated handling of property value-parameter
+ Apply CCodeModifiers.PRINTF to "string_printf" (POSIX)
+ Allow CCode.type_cname for classes and use get_ccode_type_name()
+ Always use G_TYPE_INSTANCE_GET_CLASS/INTERFACE for external symbols
+ Also check array type of variable argument for ref parameters
+ Don't leak array memory after it was implicitly copied
+ Use g_boxed_free in free-wrapper for heap-allocated GLib.Value
+ Don't leak GLib.Value when implicitly unboxing it
+ Don't leak memory moving heap-allocated struct to stack
+ Chain up to base struct destroy function
+ Use g_memdup2 if target glib >= 2.68 is set
+ Replace "g_memdup" with "_vala_memdup2" for target glib < 2.68
+ Correctly retrieve symbol_reference of nested cast expressions [#1134]
+ Strip all nested occurances of CCodeCastExpression [#1134]
- vala:
+ Improve detection of duplicate package source files
+ GtkChild fields/properties must be declared as unowned [#1121]
+ Don't allow assigning GtkChild fields/properties [#1121]
+ Apply stricter condition for lambda to delegate assignment
+ Don't allow disposable SimpleType structs
+ Rename Loop to LoopStatement and introduce a common base class
+ GLib.Value unboxing returns unowned value
+ Don't allow GLib.Value casting to nullable struct/simple types
+ Add Block.unreachable_exit and have it set by FlowAnalyzer [#838]
+ Convert Report.*() to real printf-like functions
+ Avoid taking extra reference of foreach collection for index iteration
+ Make sure parent_symbol for special async parameters is available
+ Require a valid DataType instance for every TargetValue
- girparser:
+ Minor improvement to field getter detection
+ Apply "delegate_target" metadata for methods and parameters
+ Apply "destroy_notify_cname" metadata for fields
+ Apply "type_get_function" metadata for classes and inferfaces
+ Set CCode.type_cname for classes if it doesn't match our default
- girwriter: Infer gir_namespace/version from target GIR filename [#606]
- girwriter: Write instance-parameter elements [#1128]
- libvaladoc/html: Don't sort struct fields to keep their original order
- libvaladoc: Correctly retrieve value for Api.Class.is_compact
- libvaladoc: Add wrapper for "agedge" of graphviz
- valadoc: Correctly set verbose flag on CodeContext
- valadoc: Replace png icons with elementary's svg version
* Bindings:
- Add enchant-2 bindings for Enchant 2.x
- Add gnu.vapi with binding for getopt_long() and some other GNU APIs
- Add libunwind-generic binding
- Fix several bindings which lead to invalid code by using them in:
cairo, gobject-2.0, pango, goocanvas-2.0, curses, alsa, bzlib, sqlite3,
libgvc, posix, gstreamer-1.0, gdk-3.0, gdk-x11-3.0, gtk+-3.0, gtk4,
fuse, libxml-2.0
- curses: Remove initial “w” from some Window method names for consistency
- gdk-pixbuf-2.0: Fix Pixbuf.save_to_streamv_async()
- gdk-pixbuf-2.0: Update to 2.42.3~
- gio-2.0: Fix binding of PollableOutputStream.write*_nonblocking()
- gio-2.0,gtk+-3.0,gtk4: Drop explicit c-type attributes of va_list parameters
- gio-2.0: Pick up missing invoker for some AppInfo/File.*() methods
- gio-2.0: Update to 2.67.3
- glib-2.0: Add GLib.[S]List.is_empty() convenience methods for non-null
- glib-2.0: Add new symbols from 2.68
- glib-2.0: Bind assert_cmp* functions [#395]
- glib-2.0: Improve type of OptionEntry.flags field
- glib-2.0: Make PtrArray a subclass of GenericArray
- gobject-2.0: Add new symbols from 2.68
- gstreamer-1.0: Set CCode.type_id of MiniObject to G_TYPE_BOXED [#1133]
- gstreamer: Update from 1.19.0+ git master
- gtk+-2.0,javascriptcoregtk-4.0: Wrong usage of CCode.type_cname attribute
- gtk+-3.0,gtk4: Fix some delegate return values and parameters
- gtk4: Update to 4.1.0+2712f536
- posix: Add POSIX, GNU and BSD Regex APIs
- webkit2gtk-4.0: Update to 2.31.1
Real changes are in devel/devel/ruby-activestorage61 only.
## Rails 6.1.3.1 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage60 only.
## Rails 6.0.3.6 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage52 only.
## Rails 5.2.5 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print margins. This
matches the behavior of the MuPDF previewer.
*Vincent Robert*
Ruby 3.0.1 Released (2021-04-05)
Ruby 3.0.1 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-28965: XML round-trip vulnerability in REXML
* CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
Ruby 2.7.3 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-28965: XML round-trip vulnerability in REXML
* CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
Ruby 2.6.7 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in
WEBrick
* CVE-2021-28965: XML round-trip vulnerability in REXML
See the commit logs for details.
By this release, we end the normal maintenance phase of Ruby 2.6, and Ruby
2.6 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.6 except security fixes. The term
of the security maintenance phase is scheduled for a year. Ruby 2.6 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 2.7
or 3.0.
This release introduces fixes for better support of Erlang/OTP 24+.
1. Enhancements
Elixir
[Kernel] Update formatting when printing warnings and errors from Erlang/OTP 24+
[Kernel] Support float-16 on bitstrings
Mix
[mix local.rebar] This task will now install rebar3 version 3.14.4, compiled with Erlang/OTP 21
Version 14.16.1 'Fermium' (LTS)
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
Version 12.22.1 'Erbium' (LTS)
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
Version 12.22.0 'Erbium' (LTS)
Notable changes
The legacy HTTP parser is runtime deprecated
The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) at the end of April 2021. It will now warn on use but otherwise continue to function and may be removed in a future Node.js 12.x release.
The default HTTP parser based on llhttp is not affected. By default it is stricter than the now deprecated legacy HTTP parser. If interoperability with HTTP implementations that send invalid HTTP headers is required, the HTTP parser can be started in a less secure mode with the --insecure-http-parser command line option.
ES Modules
ES Modules are now considered stable.
node-api
Updated to node-api version 8 and added an experimental API to allow retrieval of the add-on file name.
New API's to control code coverage data collection
v8.stopCoverage() and v8.takeCoverage() have been added.
New API to monitor event loop utilization by Worker threads
worker.performance.eventLoopUtilization() has been added.
Version 10.24.1 'Dubnium' (LTS)
This is a security release.
Notable Changes
Vulerabilties fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
these were disabled in the pkgsrc infrastructure some time ago because
they cannot be built cleanly with older compilers while gcc6 can.
this all seems to be separate from the ada bits in gcc-5-aux which may
still be useful.
Python 3.9.4
Core and Builtins
bpo-43710: Reverted the fix for https://bugs.python.org/issue42500 as it changed the PyThreadState struct size and broke the 3.9.x ABI in the 3.9.3 release (visible on 32-bit platforms using binaries compiled using an earlier version of Python 3.9.x headers).
Library
bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.
Key off BUILD_TARGET instead of whether we're cross-building,
as bootstrap kits *can* be built natively (yes, the former state
was my suggestion, but on second thought this is more correct).
Python 3.9.3 final
Security
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.
Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.
Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
bpo-43555: Report the column offset for SyntaxError for invalid line continuation characters. Patch by Pablo Galindo.
bpo-43517: Fix misdetection of circular imports when using from pkg.mod import attr, which caused false positives in non-trivial multi-threaded code.
bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
bpo-42500: Improve handling of exceptions near recursion limit. Converts a number of Fatal Errors in RecursionErrors.
Library
bpo-43433: xmlrpc.client.ServerProxy no longer ignores query and fragment in the URL of the server.
bpo-35930: Raising an exception raised in a “future” instance will create reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
bpo-43521: ast.unparse can now render NaNs and empty sets.
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.
Also fixes bug with the test for smtpd.
bpo-43332: Improves the networking efficiency of http.client when using a proxy via set_tunnel(). Fewer small send calls are made during connection setup.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.
Documentation
bpo-43199: Answer “Why is there no goto?” in the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ‘yield from <expr>’ works with any iterable, not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as “will be removed in 4.0” to “3.12”. See PEP 623 for detail.
Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.
bpo-43288: Fix test_importlib to correctly skip Unicode file tests if the fileystem does not support them.
Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.
macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.
IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLE’s Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.
Python 3.8.9 final
Security
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.
Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.
Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
Library
bpo-35930: Raising an exception raised in a “future” instance will create reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.
Also fixes bug with the test for smtpd.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.
Documentation
bpo-43199: Answer “Why is there no goto?” in the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ‘yield from <expr>’ works with any iterable, not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as “will be removed in 4.0” to “3.12”. See PEP 623 for detail.
Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.
Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.
macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.
IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLE’s Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.
use of these packages was disabled in the pkgsrc infrastructure in
january because they were causing problems on platforms with older
compilers that can build gcc6 just fine:
glibc + FORTIFY + gcc48,gcc49,gcc5 = build failures.
gcc48 and newer require a c++98 compiler, same as all gcc versions up
to 11, so are not useful for bootstrapping.
gcc5 has additional Ada bits, someone needs to determine if they're
useful before it can go.
The final compiler will be dynamically linked with OpenSSL and curl,
but this is undesirable in the case of bootstraps where it might be
built against a version incompatible with version the user has.
Discussed with he@.
upstream changes:
-----------------
Patch Package: OTP 23.3.1
Git Tag: OTP-23.3.1
Date: 2021-03-30
Trouble Report Id: OTP-17279
Seq num:
System: OTP
Release: 23
Application: ssh-4.11.1
Predecessor: OTP 23.3
Check out the git tag OTP-23.3.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- ssh-4.11.1 ------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.11.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17279 Application(s): ssh
The idle_time timer was not cancelled when a channel
was opened within the timeout time on an empty
connection that have had channels previously.
Full runtime dependencies of ssh-4.11.1: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
Changes for 23.3 are at https://erlang.org/download/OTP-23.3.README
