The following bugs have been fixed (from http://www.lua.org/bugs.html):
1. string.format("%f") can cause a buffer overflow (only when
'lua_Number' is long double!).
reported by Roberto on 13 Jan 2015. existed since 5.3. fixed in
5.3.1.
2. debug.getlocal on a coroutine suspended in a hook can crash the
interpreter.
reported by on 11 Feb 2015. existed since 5.2. fixed in 5.3.1.
Example: See
http://lua-users.org/lists/lua-l/2015-02/msg00146.html.
3. Suspended __le metamethod can give wrong result.
reported by Eric Zhong on 07 Apr 2015. existed since 5.2. fixed in
5.3.1.
Example:
mt = {__le = function (a,b) coroutine.yield("yield"); return a.x <= b.x end}
t1 = setmetatable({x=1}, mt)
t2 = {x=2}
co = coroutine.wrap(function (a,b) return t2 <= t1 end)
co()
print(co()) --> true (should be false)
4. Return hook may not see correct values for active local variables
when function returns.
reported by Philipp Janda and Peng Yi on 19 May 2015. existed since
5.0. fixed in 5.3.1.
Example: See
http://lua-users.org/lists/lua-l/2015-05/msg00376.html.
Complete list of changes since 3.7.1:
- doc: add 1233044, 1232179 in 3.7.2 release-notes
- features/bitrot: fix fd leak in truncate (stub)
- doc: add release notes for 3.7.2
- libgfchangelog: Fix crash in gf_changelog_process
- glusterd: Fix snapshot of a volume with geo-rep
- cluster/ec: Avoid parallel executions of the same state machine
- quota: fix double accounting with rename operation
- cluster/dht: Prevent use after free bug
- cluster/ec: Wind unlock fops at all cost
- glusterd: Buffer overflow causing crash for glusterd
- NFS-Ganesha: Automatically export vol that was exported before vol restart
- common-ha: cluster HA setup sometimes fails
- cluster/ec: Prevent double unwind
- quota/glusterd: porting to new logging framework.
- bitrot/glusterd: gluster volume set command for bitrot should not supported
- tests: fix spurious failure in bug-857330/xml.t
- features/bitrot: tuanble object signing waiting time value for bitrot
- quota: don't log error when disk quota exceeded
- protocol/client : porting log messages to new framework
- cluster/afr: Do not attempt entry self-heal if the last lookup on entry
failed on src
- changetimerecorder : port log messages to a new framework
- tier/volume set: Validate volume set option for tier
- glusterd/tier: glusterd crashed with detach-tier commit force
- rebalance,store,glusterd/glusterd: porting to new logging framework.
- libglusterfs: Enabling the fini() in cleanup_and_exit()
- sm/glusterd: Porting messages to new logging framework
- nfs: Authentication performance improvements
- common-ha: cluster HA setup sometimes fails
- glusterd: subvol_count value for replicate volume should be calculate
correctly
- common-ha : Clean up cib state completely
- NFS-Ganesha : Return correct return value
- glusterd: Porting messages to new logging framework.
- glusterd: Stop tcp/ip listeners during glusterd exit
- storage/posix: Handle MAKE_INODE_HANDLE failures
- cluster/ec: Prevent Null dereference in dht-rename
- doc: fix markdown formatting
- upcall: prevent busy loop in reaper thread
- protocol/server : port log messages to a new framework
- nfs.c nfs3.c: port log messages to a new framework
- logging: log "Stale filehandle" on the client as Debug
- snapshot/scheduler: Modified main() function to take arguments.
- tools/glusterfind: print message for good cases
- geo-rep: ignore symlink and harlink errors in geo-rep
- tools/glusterfind: ignoring deleted files
- spec/geo-rep: Add rsync as dependency for georeplication rpm
- features/changelog: Do htime setxattr without XATTR_REPLACE flag
- tools/glusterfind: Cleanup glusterfind dir after a volume delete
- tools/glusterfind: Cleanup session dir after delete
- geo-rep: Validate use_meta_volume option
- spec: correct the vendor string in spec file
- tools/glusterfind: Fix GFID to Path conversion for dir
- libglusterfs: update glfs-message header for reserved segments
- features/qemu-block: Don't unref root inode
- features/changelog: Avoid setattr fop logging during rename
- common-ha: handle long node names and node names with '-' and '.' in them
- features/marker : Pass along xdata to lower translator
- tools/glusterfind: verifying volume is online
- build: fix compiling on older distributions
- snapshot/scheduler: Handle OSError in os. callbacks
- snapshot/scheduler: Check if GCRON_TASKS exists before
- features/quota: Fix ref-leak
- tools/glusterfind: verifying volume presence
- stripe: fix use-after-free
- Upcall/cache-invalidation: Ignore fops with frame->root->client not set
- rpm: correct date and order of entries in the %changelog
- nfs: allocate and return the hashkey for the auth_cache_entry
- doc: add release notes for 3.7.1
- snapshot: Fix finding brick mount path logic
- glusterd/snapshot: Return correct errno in events of failure - PATCH 2
- rpc: call transport_unref only on non-NULL transport
- heal : Do not invoke glfs_fini for glfs-heal commands
- Changing log level from Warning to Debug
- features/shard: Handle symlinks appropriately in fops
- cluster/ec: EC_XATTR_DIRTY doesn't come in response
- worm: Let lock, zero xattrop calls succeed
- bitrot/glusterd: scrub option should be disabled once bitrot option is
reset
- glusterd/shared_storage: Provide a volume set option to create and mount
the shared storage
- dht: Add lookup-optimize configuration option for DHT
- glusterfs.spec.in: move libgf{db,changelog}.pc from -api-devel to -devel
- fuse: squash 64-bit inodes in readdirp when enable-ino32 is set
- glusterd: do not show pid of brick in volume status if brick is down.
- cluster/dht: fix incorrect dst subvol info in inode_ctx
- common-ha: fix race between setting grace and virt IP fail-over
- heal: Do not call glfs_fini in final builds
- dht/rebalance : Fixed rebalance failure
- cluster/dht: Fix dht_setxattr to follow files under migration
- meta: implement fsync(dir)
- socket: throttle only connected transport
- contrib/timer-wheel: fix deadlock in del_timer()
- snapshot/scheduler: Return proper error code in case of failure
- quota: retry connecting to quotad on ENOTCONN error
- features/quota: prevent statfs frame loss when an error happens during
ancestry
- features/quota : Make "quota-deem-statfs" option "on" by default, when
quota is enabled
- cluster/dht: pass a destination subvol to fop2 variants to avoid races.
- cli: Fix incorrect parse logic for volume heal commands
- glusterd: Bump op version and max op version for 3.7.2
- cluster/dht: Don't rely on linkto xattr to find destination subvol
- afr: honour selfheal enable/disable volume set options
- features/shard: Fix incorrect parameter to get_lowest_block()
- libglusterfs: Copy d_len and dict as well into dst dirent
- features/quota : Do unwind if postbuf is NULL
- cluster/ec: Fix incorrect check for iatt differences
- features/shard: Fix issue with readdir(p) fop
- glusterfs.spec.in: python-gluster should be 'noarch'
- glusterd: Bump op version and max op version for 3.7.1
- glusterd: fix repeated connection to nfssvc failed msgs
problems that are fixed by using the pkgsrc version, and no platform
other than Cygwin tries to use a native version.
Consensus is that due to the limited impact and clear benefit this is
ok to go in during the freeze despite being an infrastructure change.
The ${PREFIX}/include/ansidecl.h installed by devel/binutils is not
necessarily compatible (E.g. binutils-2.25 does not define PARAMS). Adjust
the include path priority so the internal ansidecl.h gets precedence, allowing
cp-demangle.c to use libiberty.h without compilation errors.
pgoyette reported:
E [17/Jun/2015:07:12:52 +0800] Directory "/usr/pkg/libexec/cups/cgi-bin" has
insecure permissions (040775/uid=0/gid=0).
While here, remove --enable-openssl since the configure script does
not recognize it any longer.
Bump PKGREVISION.
necessarily compatible (E.g. binutils-2.25 does not define PARAMS). Adjust
the include path priority so the internal ansidecl.h gets precedence, allowing
cp-demangle.c to use libiberty.h without compilation errors.
At https://www.cups.org/str.php?L4609 upstream describes a privilege
escalation attack. The patch is against 2.0.2, but applies to 1.5
without trouble.
From Edgar Fuß via tech-pkg.
This release primarily fixes issues not successfully fixed in prior releases. It should be applied as soon as possible all users of major versions 9.3 and 9.4. Other users should apply at the next available downtime.
Crash Recovery Fixes:
Earlier update releases attempted to fix an issue in PostgreSQL 9.3 and 9.4 with "multixact wraparound", but failed to account for issues doing multixact cleanup during crash recovery. This could cause servers to be unable to restart after a crash. As such, all users of 9.3 and 9.4 should apply this update as soon as possible.
timeout of unicorn process to 60s instead of 30s. Problems with the lower
timeouts will become apparent if you have a local mail server throttling
connections and you do something like update >=10 issues simultaneously. Install
some helper shell scripts to ease with Redmine configuration and management.
Install a sample secrets.yml file for usage with the application. This package
will be renamed to ruby-redmine after the freeze and its files installed with
${RUBY_PKGPREFIX} to enable the usage and testing of different Ruby versions
with Redmine. This package has been tested heavily in production and is known to
work well in its current state; though, we will want to change the way it uses
gems when pkgsrc gets rails-4.x. Discussed with maintainter previously.
From Changelog:
3.0.3 (2015-05-10)
Defect #18580: Can't bulk edit own time entries with "Edit own time entries"
Defect #19731: Issue validation fails if % done field is deactivated
Defect #19735: Email addresses with slashes are not linked correctly
Patch #19655: Set a back_url when forcing new login after session expiration
Patch #19706: Issue show : optimizations
Patch #19793: Adding flash messages to files_controller#create
3.0.2 (2015-04-26)
Defect #19297: Custom fields with hidden/read-only combination displayed in Issue Edit Form
Defect #19400: Possibility of having 2 (or more) repositories with empty identifier
Defect #19444: Fix typo in wiki_syntax_detailed.html
Defect #19538: Keywords in commit messages: journal entries are created even if nothing was changed
Defect #19569: Field permissions not working properly with inherited memberships
Defect #19580: "Required" and "Read-only" rules on "Fields Permissions" screen are not colored
Defect #13583: Space between lines in nested lists not equal
Defect #19161: 500 Internal error: sorting for column mail at Administration/User
Defect #19163: Bulk edit form shows additional custom fields
Defect #19168: Activity: changes made to tickets are shown multiple times
Defect #19185: Update Install/Upgrade guide for 3.x version and get gid of DEPRECATION WARNING: You didn't set config.secret_key_base
Defect #19276: Creating new issues with invalid project_id should return 422 instead of 403 error
Defect #19405: Setting config.logger.level in additional_environment.rb has no effect
Defect #19464: Possible to log time on project without time tracking
Defect #19482: Custom field (long text format) displayed even if empty
Defect #19537: Broken HTML sanitizer refence breaks email receiving
Defect #19544: Malformed SQL query with SQLServer when grouping issues
Defect #19553: When create by copying the issue, status can not be changed to default
Defect #19558: Mail handler should not ignore emails with x-auto-response-suppress header
Defect #19606: Issue Estimated Time not updated on tracker change
Feature #19437: Upgrade to Rails 4.2.1
Feature #19489: Translation for Spanish Panama
Patch #19570: Spanish translation updated
Drupal 7.38, 2015-06-17
-----------------------
- Fixed security issues (multiple vulnerabilities). See SA-CORE-2015-002.
Drupal 7.37, 2015-05-07
-----------------------
- Fixed a regression in Drupal 7.36 which caused certain kinds of content types
to become disabled if they were defined by a no-longer-enabled module.
- Removed a confusing description regarding automatic time zone detection from
the user account form (minor UI and data structure change).
- Allowed custom HTML tags with a dash in the name to pass through filter_xss()
when specified in the list of allowed tags.
- Allowed hook_field_schema() implementations to specify indexes for fields
based on a fixed-length column prefix (rather than the entire column), as was
already allowed in hook_schema() implementations.
- Fixed PDO exceptions on PostgreSQL when accessing invalid entity URLs.
- Added a sites/all/libraries folder to the codebase, with instructions for
using it.
- Added a description to the "Administer text formats and filters" permission
on the Permissions page (string change).
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
Drupal 7.36, 2015-04-01
-----------------------
- Added a 'file_public_schema' variable which allows modules that define
publicly-accessible streams in hook_stream_wrappers() to bypass file download
access checks when processing managed file upload fields.
- Fixed a bug that caused database query tags not to be added to search-related
database queries under many circumstances, and which prevented the
corresponding hook_query_TAG_alter() implementations from being called.
- Fixed the "for" attribute on managed file upload field labels to improve
accessibility (minor markup change).
- Added a 'javascript_always_use_jquery' variable which can be set to FALSE by
sites that may not need jQuery loaded on all pages, and a 'requires_jquery'
option to drupal_add_js() which modules can set to FALSE when adding
JavaScript files that have no dependency on jQuery (API addition:
https://www.drupal.org/node/2462717).
- Fixed incorrect foreign keys in the User module's role_permission and
users_roles database tables.
- Changed permission descriptions throughout Drupal core to consistently link
to relevant administrative pages, regardless of whether the user viewing the
Permissions page can view the page being linked to (minor UI change).
- Fixed the drupal_add_region_content() function so that it actually adds
content to the page.
- Added an 'image_suppress_itok_output' variable to allow sites already using
the existing 'image_allow_insecure_derivatives' variable to also prevent
security tokens from appearing in image derivative URLs.
- Fixed double-escaping of theme names in the Block module administrative
interface (minor string change).
- Added basic support for Xdebug when running automated tests.
- Fixed a bug which caused previewing a node to remove elements from the node
being edited. With this fix, calling node_preview() will no longer modify the
passed-in node object (minor API change).
- Added a user_has_role() function to check whether a user has a particular
role (API addition: https://www.drupal.org/node/2462411).
- Fixed installation failures when an opcode cache is enabled.
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused private
files to be inaccessible.
- Fixed a bug in the Drupal 6 to Drupal 7 upgrade path which caused user
pictures to be lost.
- Fixed missing language code in hook_field_attach_view_alter() when it is
invoked from field_view_field().
- Stopped sending ETag and Last-Modified headers for uncached page requests,
since they break caching for certain Varnish and Nginx configurations.
- Changed the Simpletest module to allow PSR-4 test classes to be used in
Drupal 7.
- Fixed a fatal error that occurred when using the Comment module's "Unpublish
comment containing keyword(s)" action.
- Changed the "lang" attribute on language links to "xml:lang" so it validates
as XHTML (minor markup change).
- Prevented the form API from allowing arrays to be submitted for various form
elements, such as textfields, textareas, and password fields (API change:
https://www.drupal.org/node/2462723).
- Fixed a bug in the Contact module which caused the global user object to have
the incorrect name and e-mail address during the remainder of the page
request after the contact form is submitted.
- Numerous small bug fixes.
- Numerous API documentation improvements.
- Additional automated test coverage.
(Because of the partitioning into client and server packages, the man
pages have to be partitioned to match; this interferes with the
configure script's handling of them so the list of pages ends up
hardcoded in these patches. And it seems the lists haven't been
updated since the first mysql 5.x package.)
