v6.5.0:
NEW FEATURES
Backronym npm ci to npm clean-install.
Adds 'Homepage' to outdated --long output.
BUGFIXES
Fix sign-git-commit options. They were previously totally wrong.
Set lowercase headers for npm audit requests.
Fix npm edit handling of scoped packages.
Make summary output for npm ci go to stdout, not stderr.
Close the file descriptor during publish if exiting upload via an error. This will prevent strange error messages when the upload fails and make sure
cleanup happens correctly.
Version 10.15.0 'Dubnium' (LTS):
The 10.14.0 security release introduced some unexpected breakages on the 10.x release line. This is a special release to fix a regression in the HTTP binary upgrade response body and add a missing CLI flag to adjust the max header size of the http parser.
Notable Changes
cli:
add --max-http-header-size flag
http:
add maxHeaderSize property
A few patches to the configure script to recognise the combination of
NetBSD and aarch64, and a few changes to the Makefile to make sure we've
got the right combination of options for the PLIST. It now compiles on my
Pinebook.
header for NetBSD/powerpc, so that the macppc version builds.
Thanks to maya@ for the hint.
No revision bump, as this is only a build fix for NetBSD/powerpc.
1) bootstrap rustc adds -lgcc_s when linking
-> Dropped with a BUILDLINK_TRANSFORM
2) bootstrap rustc has shared linkage to libgcc_s.so.1
-> Until upstream changes this to static linkage, we look for
libgcc_s.so.1 in ${FILESDIR} where the user must place it manually.
3) newly built rustc adds -lstdc++ instead of -lc++ when linking llvm
-> fixed with patch-src_librustc__llvm_build.rs
4) newly built rustc adds -lgcc_s when linking
-> fixed with patch-src_libunwind_build.rs
uncompyle6 3.2.5:
- 3.7.2 Remove deprecation warning on regexp string that isn't raw
- main.main() parameter codes is not used - note that
- Improve Python 3.6+ control flow detection
- More complete fragment instruction annotation for imports
---------------------------------------------------------------------
--- erts-10.2.1 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.2.1 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
-- sasl-3.3 (first satisfied in OTP 21.2)
--- Fixed Bugs and Malfunctions ---
OTP-15485 Application(s): erts
Fixed bug on big endian architectures when changing
file permissions or ownership with file:change_mode,
change_owner, change_group or write_file_info. Bug
exists since OTP-21.0.
OTP-15486 Application(s): erts
Related Id(s): PR-2061
Fixed bug in atomics with option {signed,false} when
returned values are (1 bsl 63) or larger. Could cause
heap corruption leading to VM crash or other unpleasant
symptoms. Bug exists since OTP-21.2 when module atomics
was introduced.
OTP-15487 Application(s): erts
Related Id(s): ERL-804
Fixed bug in operator band of two negative operands
causing erroneous result if the absolute value of one
of the operands have the lowest N*W bits as zero and
the other absolute value is not larger than N*W bits. N
is an integer of 1 or larger and W is 32 or 64
depending on word size.
Full runtime dependencies of erts-10.2.1: kernel-6.1, sasl-3.3,
stdlib-3.5
---------------------------------------------------------------------
--- ssl-9.1.1 -------------------------------------------------------
---------------------------------------------------------------------
The ssl-9.1.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15489 Application(s): ssl
Related Id(s): ERL-308
Fixed renegotiation bug. Client did not handle server
initiated renegotiation correctly after rewrite to two
connection processes, due to ERL-622 commit
d87ac1c55188f5ba5cdf72384125d94d42118c18. This could
manifest it self as a " bad_record_mac" alert.
Also included are some optimizations
Full runtime dependencies of ssl-9.1.1: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.5, stdlib-3.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
--- ssh-4.7.3 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.7.3 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15397 Application(s): ssh
Related Id(s): ERL-801
Fixed port leakage if a ssh:daemon call failed.
Full runtime dependencies of ssh-4.7.3: crypto-4.2, erts-6.0,
kernel-3.0, public_key-1.5.2, stdlib-3.3
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
--- HIGHLIGHTS ------------------------------------------------------
---------------------------------------------------------------------
OTP-13468 Application(s): erts, sasl
New counters and atomics modules supplies access to
highly efficient operations on mutable fixed word sized
variables.
OTP-14669 Application(s): erts
Related Id(s): PR-1989
There is a new module persistent_term that implements a
term storage suitable for terms that are frequently
used but never or infrequently updated. Lookups are
done in constant time without copying the terms.
OTP-15094 Application(s): ssh
Related Id(s): OTP-15419
Added public key methods ssh-ed25519 and ssh-ed448.
Requires OpenSSL 1.1.1 or higher as cryptolib under the
OTP application crypto.
OTP-15449 Application(s): ssl
*** POTENTIAL INCOMPATIBILITY ***
ssl now uses active n internally to boost performance.
Old active once behavior can be restored by setting
application variable see manual page for ssl
application (man 6).
OTP-15475 Application(s): erts
Related Id(s): ERIERL-229
Add a new pollset that is made to handle sockets that
use {active, true} or {active, N}. The new pollset will
not be polled by a pollthread, but instead polled by a
normal scheduler.
This change was made because of the overhead associated
with constantly having to re-apply the ONESHOT
mechanism on fds that all input events were
interesting.
The new pollset is only active on platforms that
support concurrent kernel poll updates, i.e. Linux and
BSD.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-15364 Application(s): kernel
A new function, logger:update_handler_config/3 is
added, and the handler callback changing_config now has
a new argument, SetOrUpdate, which indicates if the
configuration change comes from set_handler_config/2,3
or update_handler_config/2,3.
This allows the handler to consistently merge the new
configuration with the old (if the change comes from
update_handler_config/2,3) or with the default (if the
change comes from set_handler_config/2,3).
The built-in handlers logger_std_h and
logger_disk_log_h are updated accordingly. A bug which
could cause inconsistency between the handlers'
internal state and the stored configuration is also
corrected.
OTP-15449 Application(s): ssl
*** HIGHLIGHT ***
ssl now uses active n internally to boost performance.
Old active once behavior can be restored by setting
application variable see manual page for ssl
application (man 6).
---------------------------------------------------------------------
--- asn1-5.0.8 ------------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.8 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15470 Application(s): asn1
Related Id(s): ERIERL-278
Handle erroneous length during decode (BER only)
without crashing.
Full runtime dependencies of asn1-5.0.8: erts-7.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- compiler-7.3 ----------------------------------------------------
---------------------------------------------------------------------
The compiler-7.3 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15400 Application(s): compiler
Related Id(s): ERL-759
Fixed a rare internal consistency failure caused by a
bug in the beam_jump pass. (Thanks to Simon Cornish for
reporting this bug.)
OTP-15435 Application(s): compiler
Related Id(s): ERL-778
The compiler could fail with an internal consistency
check failure when compiling code that used the
is_function/2 BIF.
OTP-15437 Application(s): compiler, stdlib
Related Id(s): ERL-762
When an external fun was used, warnings for unused
variables could be suppressed.
OTP-15481 Application(s): compiler
The compiler would crash when compiling an after block
that called erlang:raise/3 like this:
erlang:raise(Class, Stacktrace, Stacktrace)
--- Improvements and New Features ---
OTP-15245 Application(s): compiler, stdlib
Related Id(s): ERL-706
When specified, the +{source,Name} option will now
override the actual file name in stack traces, instead
of only affecting the return value of
Mod:module_info().
The +deterministic flag will also affect stack traces
now, omitting all path information except the file
name, fixing a long-standing issue where deterministic
builds required deterministic paths.
Full runtime dependencies of compiler-7.3: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- crypto-4.4 ------------------------------------------------------
---------------------------------------------------------------------
The crypto-4.4 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15302 Application(s): crypto
Updated the RSA options part in the crypto
application's C-code, documentation and tests.
--- Improvements and New Features ---
OTP-15419 Application(s): crypto, public_key
Related Id(s): OTP-15094
Added ed25519 and ed448 sign/verify.
Requires OpenSSL 1.1.1 or higher as cryptolib under the
OTP application crypto.
OTP-15467 Application(s): crypto
Fixed valgrind warnings.
Full runtime dependencies of crypto-4.4: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- erts-10.2 -------------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.2 application can *not* be applied independently of
other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
-- sasl-3.3 (first satisfied in OTP 21.2)
--- Fixed Bugs and Malfunctions ---
OTP-12242 Application(s): erts
Related Id(s): ERL-561
When a process was waiting for a TCP socket send
operation to complete, and another process closed the
socket during that send, the sending process could
hang. This bug has now been corrected.
OTP-15343 Application(s): erts, stdlib
Related Id(s): PR-1962
Document bit_size in match specifications and allow it
in ets:fun2ms.
OTP-15346 Application(s): erts
Fixed bug in ets:select_replace when called with a
fully bound key could cause a following call to
ets:next or ets:prev to crash the emulator or return
invalid result.
OTP-15360 Application(s): erts
When a module has been purged from memory, any literals
belonging to that module will be copied to all
processes that hold references to them. The max heap
size limit would be ignored in the garbage collection
initiated when copying literals to a process. If the
max heap size was exceeded, the process would typically
be terminated in the following garbage collection.
Corrected to terminate the process directly if copying
a literal would exceed the max heap size.
OTP-15389 Application(s): erts
Fix compilation of run_erl on Solaris 11.4 and later.
OTP-15436 Application(s): erts
Fixed a bug where lists:reverse/1-2 could use far too
many reductions. This bug was introduced in OTP 21.1.
OTP-15446 Application(s): erts
Related Id(s): PR-2024
Fixed a bug where a dirty scheduler could stay awake
forever if a distribution entry was removed as part of
a dirty GC.
OTP-15450 Application(s): erts
Related Id(s): ERIERL-229
Fix microstate accounting handing in various places.
Most importantly the GC states when the GC is run on a
dirty scheduler are now managed correctly.
OTP-15461 Application(s): erts
Related Id(s): ERL-784
Fixed bug in file:sendfile when the send operation
failed. For sockets in active modes it could cause
emulator crash or a hanging call. For sockets with
{active,false} an unexpected {inet_reply, _, _} message
could be sent to the calling process. The bug exists
since OTP-21.0.
OTP-15465 Application(s): erts
The erts configure script has been updated to reject
any CFLAGS that does not have -O. This in order to
prevent the common mistake of forgetting to add -O2 to
custom CFLAGS.
OTP-15474 Application(s): erts, stdlib
Related Id(s): ERIERL-229
Fix reduction count in lists:member/2
--- Improvements and New Features ---
OTP-13468 Application(s): erts, sasl
*** HIGHLIGHT ***
New counters and atomics modules supplies access to
highly efficient operations on mutable fixed word sized
variables.
OTP-14669 Application(s): erts
Related Id(s): PR-1989
*** HIGHLIGHT ***
There is a new module persistent_term that implements a
term storage suitable for terms that are frequently
used but never or infrequently updated. Lookups are
done in constant time without copying the terms.
OTP-15121 Application(s): erts, kernel
Related Id(s): ERIERL-189, PR-1974
A function inet:getifaddrs/1 that takes a list with a
namespace option has been added, for platforms that
support that feature, for example Linux (only?).
OTP-15357 Application(s): erts, kernel
Related Id(s): ERL-698
Added the nopush option for TCP sockets, which
corresponds to TCP_NOPUSH on *BSD and TCP_CORK on
Linux.
This is also used internally in file:sendfile to reduce
latency on subsequent send operations.
OTP-15371 Application(s): erts, stdlib
List subtraction (The -- operator) will now yield
properly on large inputs.
OTP-15471 Application(s): erts, kernel
Related Id(s): ERIERL-229
Optimize handling of send_delay for tcp sockes to
better work with the new pollthread implementation
introduced in OTP-21.
OTP-15472 Application(s): erts
Related Id(s): ERIERL-229
Optimize driver_set_timer with a zero timeout to
short-circuit and not create any timer structure, but
instead schedule the timer immediately.
OTP-15473 Application(s): erts
Related Id(s): ERIERL-229
Add erl_xcomp_code_model_small as a cross configure
variable in order to let the emulator be build with the
assumption that a small code model will be used on the
target machine.
OTP-15475 Application(s): erts
Related Id(s): ERIERL-229
*** HIGHLIGHT ***
Add a new pollset that is made to handle sockets that
use {active, true} or {active, N}. The new pollset will
not be polled by a pollthread, but instead polled by a
normal scheduler.
This change was made because of the overhead associated
with constantly having to re-apply the ONESHOT
mechanism on fds that all input events were
interesting.
The new pollset is only active on platforms that
support concurrent kernel poll updates, i.e. Linux and
BSD.
OTP-15478 Application(s): erts
Related Id(s): ERL-741
Fix bug where emulator would segfault if a literal
message was sent when sequence tracing was enabled.
Full runtime dependencies of erts-10.2: kernel-6.1, sasl-3.3,
stdlib-3.5
---------------------------------------------------------------------
--- et-1.6.4 --------------------------------------------------------
---------------------------------------------------------------------
The et-1.6.4 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15463 Application(s): et
Related Id(s): ERL-780
The scroll bar of the et_viewer window could not be
dragged all the way to the top of the window. It would
always stop at the second event. This is now corrected.
Full runtime dependencies of et-1.6.4: erts-9.0, kernel-5.3,
runtime_tools-1.10, stdlib-3.4, wx-1.2
---------------------------------------------------------------------
--- hipe-3.18.2 -----------------------------------------------------
---------------------------------------------------------------------
The hipe-3.18.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15482 Application(s): hipe
The code was updated to avoid causing a dialyzer
warning because of a tightened spec for
beam_lib:info/1.
Full runtime dependencies of hipe-3.18.2: compiler-5.0, erts-9.3,
kernel-5.3, stdlib-3.4, syntax_tools-1.6.14
---------------------------------------------------------------------
--- inets-7.0.3 -----------------------------------------------------
---------------------------------------------------------------------
The inets-7.0.3 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15338 Application(s): inets
Related Id(s): ERL-733
Fixed http client to not send 'content-length' header
in chunked encoded requests.
OTP-15339 Application(s): inets
Related Id(s): ERL-736
Fixed http client to not drop explicit 'Content-Type'
header in requests without a body such as requests with
the 'Content-Type' of
application/x-www-form-urlencoded.
Full runtime dependencies of inets-7.0.3: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- kernel-6.2 ------------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-6.2 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- erts-10.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-15364 Application(s): kernel
*** POTENTIAL INCOMPATIBILITY ***
A new function, logger:update_handler_config/3 is
added, and the handler callback changing_config now has
a new argument, SetOrUpdate, which indicates if the
configuration change comes from set_handler_config/2,3
or update_handler_config/2,3.
This allows the handler to consistently merge the new
configuration with the old (if the change comes from
update_handler_config/2,3) or with the default (if the
change comes from set_handler_config/2,3).
The built-in handlers logger_std_h and
logger_disk_log_h are updated accordingly. A bug which
could cause inconsistency between the handlers'
internal state and the stored configuration is also
corrected.
OTP-15388 Application(s): kernel
Related Id(s): PR-1983
Fix fallback when custom erl_epmd client does not
implement address_please.
OTP-15453 Application(s): kernel
Related Id(s): ERL-782
The logger ets table did not have the read_concurrency
option. This is now added.
OTP-15466 Application(s): kernel
Related Id(s): ERL-788
During system start, logger has a simple handler which
prints to stdout. After the kernel supervision is
started, this handler is removed and replaced by the
default handler. Due to a bug, logger earlier issued a
debug printout saying it received an unexpected
message, which was the EXIT message from the simple
handler's process. This is now corrected. The simple
handler's process now unlinks from the logger process
before terminating.
OTP-15469 Application(s): kernel
The logger handler logger_std_h would not re-create
it's log file if it was removed. Due to this it could
not be used with tools like 'logrotate'. This is now
corrected.
--- Improvements and New Features ---
OTP-15121 Application(s): erts, kernel
Related Id(s): ERIERL-189, PR-1974
A function inet:getifaddrs/1 that takes a list with a
namespace option has been added, for platforms that
support that feature, for example Linux (only?).
OTP-15357 Application(s): erts, kernel
Related Id(s): ERL-698
Added the nopush option for TCP sockets, which
corresponds to TCP_NOPUSH on *BSD and TCP_CORK on
Linux.
This is also used internally in file:sendfile to reduce
latency on subsequent send operations.
OTP-15471 Application(s): erts, kernel
Related Id(s): ERIERL-229
Optimize handling of send_delay for tcp sockes to
better work with the new pollthread implementation
introduced in OTP-21.
Full runtime dependencies of kernel-6.2: erts-10.1, sasl-3.0,
stdlib-3.5
---------------------------------------------------------------------
--- observer-2.8.2 --------------------------------------------------
---------------------------------------------------------------------
The observer-2.8.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15365 Application(s): observer
Related Id(s): ERL-722
Literals such as #{"one"=>1} dumped to a crash dump
would cause crashdump_viewer to crash.
OTP-15377 Application(s): observer
crashdump_viewer would sometimes crash when processing
a dump which was truncated in the literals area. This
is now corrected.
OTP-15391 Application(s): observer
Since OTP-20.2, crashdump_viewer was very slow when
opening a crash dump with many processes. An ets:select
per process could be removed, which improved the
performance a lot.
A bug when parsing heap data in a crashdump caused
crashdump_viewer to crash when multiple Yc lines
referenced the same reference counted binary. This is
now corrected.
Full runtime dependencies of observer-2.8.2: erts-7.0, et-1.5,
kernel-3.0, runtime_tools-1.8.14, stdlib-3.5, wx-1.2
---------------------------------------------------------------------
--- os_mon-2.4.7 ----------------------------------------------------
---------------------------------------------------------------------
The os_mon-2.4.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15387 Application(s): os_mon
Related Id(s): PR-1966
Due to /proc restrictions in newer Android releases
enforced by SELinux, cpu_sup is fixed so that it gets
some basic CPU stats using the sysinfo syscall rather
than reading /proc/loadavg.
Full runtime dependencies of os_mon-2.4.7: erts-6.0, kernel-3.0,
mnesia-4.12, otp_mibs-1.0.9, sasl-2.4, snmp-4.25.1, stdlib-2.0
---------------------------------------------------------------------
--- public_key-1.6.4 ------------------------------------------------
---------------------------------------------------------------------
The public_key-1.6.4 application can be applied independently of
other applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15419 Application(s): crypto, public_key
Related Id(s): OTP-15094
Added ed25519 and ed448 sign/verify.
Requires OpenSSL 1.1.1 or higher as cryptolib under the
OTP application crypto.
Full runtime dependencies of public_key-1.6.4: asn1-3.0, crypto-3.8,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- reltool-0.7.8 ---------------------------------------------------
---------------------------------------------------------------------
The reltool-0.7.8 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15454 Application(s): reltool
Reltool would earlier erroneously split paths like
"c:\foo" into ["c","\foo"] when reading the $ERL_LIBS
variable on windows. This is now corrected.
Full runtime dependencies of reltool-0.7.8: erts-7.0, kernel-3.0,
sasl-2.4, stdlib-3.4, tools-2.6.14, wx-1.2
---------------------------------------------------------------------
--- sasl-3.3 --------------------------------------------------------
---------------------------------------------------------------------
Note! The sasl-3.3 application can *not* be applied independently of
other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- erts-10.2 (first satisfied in OTP 21.2)
--- Improvements and New Features ---
OTP-13468 Application(s): erts, sasl
*** HIGHLIGHT ***
New counters and atomics modules supplies access to
highly efficient operations on mutable fixed word sized
variables.
Full runtime dependencies of sasl-3.3: erts-10.2, kernel-5.3,
stdlib-3.4, tools-2.6.14
---------------------------------------------------------------------
--- ssh-4.7.2 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.7.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15413 Application(s): ssh
Incompatibility with newer OpenSSH fixed. Previously
versions 7.8 and later could cause Erlang SSH to exit.
OTP-15416 Application(s): ssh
The 'exec' option for ssh daemons had wrong format in
the documentation.
--- Improvements and New Features ---
OTP-15094 Application(s): ssh
Related Id(s): OTP-15419
*** HIGHLIGHT ***
Added public key methods ssh-ed25519 and ssh-ed448.
Requires OpenSSL 1.1.1 or higher as cryptolib under the
OTP application crypto.
OTP-15312 Application(s): ssh
The SSH property tests are now adapted to the PropEr
testing tool.
OTP-15314 Application(s): ssh
The term "user" was not documented in the SSH app. A
new chapter with terminology is added to the User's
Manual where the term "user" is defined.
A reference manual page about the module ssh_file is
also added. This is the default callback module for
user's keys, host keys etc.
OTP-15424 Application(s): ssh
Host and user key checking is made more robust.
Full runtime dependencies of ssh-4.7.2: crypto-4.2, erts-6.0,
kernel-3.0, public_key-1.5.2, stdlib-3.3
---------------------------------------------------------------------
--- ssl-9.1 ---------------------------------------------------------
---------------------------------------------------------------------
The ssl-9.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15368 Application(s): ssl
PEM cache was not evicting expired entries due to due
to timezone confusion.
OTP-15384 Application(s): ssl
Related Id(s): ERL-756
Make sure an error is returned if a "transport_accept
socket" is used in some other call than ssl:handshake*
or ssl:controlling_process
OTP-15402 Application(s): ssl
Fix timestamp handling in the PEM-cache could cause
entries to not be invalidated at the correct time.
OTP-15412 Application(s): ssl
Related Id(s): ERL-731
Extend check for undelivered data at closing, could
under some circumstances fail to deliver all data that
was actually received.
OTP-15415 Application(s): ssl
Related Id(s): ERL-763
Correct signature check for TLS-1.2 that allows
different algorithms for signature of peer cert and
peer cert key. Not all allowed combinations where
accepted.
OTP-15418 Application(s): ssl
Related Id(s): ERL-770
Correct gen_statem return value, could cause
renegotiation to fail.
--- Improvements and New Features ---
OTP-15420 Application(s): ssl
Related Id(s): ERIERL-268
Add engine support for RSA key exchange
OTP-15449 Application(s): ssl
*** HIGHLIGHT ***
*** POTENTIAL INCOMPATIBILITY ***
ssl now uses active n internally to boost performance.
Old active once behavior can be restored by setting
application variable see manual page for ssl
application (man 6).
Full runtime dependencies of ssl-9.1: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.5, stdlib-3.5
---------------------------------------------------------------------
--- stdlib-3.7 ------------------------------------------------------
---------------------------------------------------------------------
The stdlib-3.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15343 Application(s): erts, stdlib
Related Id(s): PR-1962
Document bit_size in match specifications and allow it
in ets:fun2ms.
OTP-15378 Application(s): stdlib
Related Id(s): ERL-696
The beam() type in beam_lib is defined as module() |
file:filename() | binary(). The module() is misleading.
Giving the module name as an atom will only work if the
BEAM file is in a current directory.
To avoid confusion, module() has been removed from the
type. That means that there will be a Dialyzer warning
for code that call beam_lib with an atom as filename,
but the calls will still work.
OTP-15428 Application(s): stdlib
Related Id(s): ERL-777
unicode_util crashed on certain emoji grapheme clusters
in binary strings.
OTP-15437 Application(s): compiler, stdlib
Related Id(s): ERL-762
When an external fun was used, warnings for unused
variables could be suppressed.
OTP-15474 Application(s): erts, stdlib
Related Id(s): ERIERL-229
Fix reduction count in lists:member/2
--- Improvements and New Features ---
OTP-15245 Application(s): compiler, stdlib
Related Id(s): ERL-706
When specified, the +{source,Name} option will now
override the actual file name in stack traces, instead
of only affecting the return value of
Mod:module_info().
The +deterministic flag will also affect stack traces
now, omitting all path information except the file
name, fixing a long-standing issue where deterministic
builds required deterministic paths.
OTP-15371 Application(s): erts, stdlib
List subtraction (The -- operator) will now yield
properly on large inputs.
OTP-15464 Application(s): stdlib
calendar:system_time_to_rfc3339/1,2 no longer remove
trailing zeros from fractions.
Full runtime dependencies of stdlib-3.7: compiler-5.0, crypto-3.3,
erts-10.0, kernel-6.0, sasl-3.0
---------------------------------------------------------------------
--- tools-3.0.2 -----------------------------------------------------
---------------------------------------------------------------------
The tools-3.0.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15476 Application(s): tools
Remove emacs warnings and added more tests.
Full runtime dependencies of tools-3.0.2: compiler-5.0, erts-9.1,
kernel-5.4, runtime_tools-1.8.14, stdlib-3.4
---------------------------------------------------------------------
--- wx-1.8.6 --------------------------------------------------------
---------------------------------------------------------------------
The wx-1.8.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15426 Application(s): wx
Related Id(s): ERL-755
Fixed delayed delete bug which caused wx applications
to crash on Mojave.
Full runtime dependencies of wx-1.8.6: erts-6.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
Changes:
3.6.8
=====
Documentation
-------------
- bpo-35089: Remove mention of ``typing.io`` and ``typing.re``. Their types
should be imported from ``typing`` directly.
- bpo-35038: Fix the documentation about an unexisting `f_restricted`
attribute in the frame object. Patch by Stéphane Wirtel
- bpo-35035: Rename documentation for :mod:`email.utils` to
``email.utils.rst``.
- bpo-34967: Use app.add_object_type() instead of the deprecated Sphinx
function app.description_unit()
- bpo-33594: Document ``getargspec``, ``from_function`` and ``from_builtin``
as deprecated in their respective docstring, and include version since
deprecation in DeprecationWarning message.
- bpo-32613: Update the faq/windows.html to use the py command from PEP 397
instead of python.
Changes:
3.7.2
=====
Documentation
-------------
- bpo-35089: Remove mention of ``typing.io`` and ``typing.re``. Their types
should be imported from ``typing`` directly.
- bpo-35038: Fix the documentation about an unexisting `f_restricted`
attribute in the frame object. Patch by Stéphane Wirtel
- bpo-35044: Fix the documentation with the role ``exc`` for the
appropriated exception. Patch by Stéphane Wirtel
- bpo-35035: Rename documentation for :mod:`email.utils` to
``email.utils.rst``.
- bpo-34967: Use app.add_object_type() instead of the deprecated Sphinx
function app.description_unit()
- bpo-11233: Create availability directive for documentation. Original
patch by Georg Brandl.
- bpo-33594: Document ``getargspec``, ``from_function`` and ``from_builtin``
as deprecated in their respective docstring, and include version since
deprecation in DeprecationWarning message.
- bpo-32613: Update the faq/windows.html to use the py command from PEP 397
instead of python.
Python 3.7.2 final
Library
- bpo-31715: Associate .mjs file extension with application/javascript MIME Type.
Build
- bpo-35499: make profile-opt no longer replaces CFLAGS_NODIST with CFLAGS. It now adds profile-guided optimization (PGO) flags to CFLAGS_NODIST: existing CFLAGS_NODIST flags are kept.
- bpo-35257: Avoid leaking the linker flags from Link Time Optimizations (LTO) into distutils when compiling C extensions.
C API
- bpo-35259: Conditionally declare Py_FinalizeEx() (new in 3.6) based on Py_LIMITED_API.
Python 3.7.2 release candidate 1
Security
- bpo-34812: The -I command line option (run Python in isolated mode) is now also copied by the multiprocessing and distutils modules when spawning child processes. Previously, only -E and -s options (enabled by -I) were copied.
- bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.
Core and Builtins
- bpo-35444: Fixed error handling in pickling methods when fail to look up builtin “getattr”.
- bpo-35436: Fix various issues with memory allocation error handling. Patch by Zackery Spytz.
- bpo-35357: Internal attributes’ names of unittest.mock._Call and unittest.mock.MagicProxy (name, parent & from_kall) are now prefixed with _mock_ in order to prevent clashes with widely used object attributes. Fixed minor typo in test function name.
- bpo-35372: Fixed the code page decoder for input longer than 2 GiB containing undecodable bytes.
- bpo-35336: Fix PYTHONCOERCECLOCALE=1 environment variable: only coerce the C locale if the LC_CTYPE locale is “C”.
- bpo-33954: For str.format(), float.__format__() and complex.__format__() methods for non-ASCII decimal point when using the “n” formatter.
- bpo-35269: Fix a possible segfault involving a newly-created coroutine. Patch by Zackery Spytz.
- bpo-35214: Fixed an out of bounds memory access when parsing a truncated unicode escape sequence at the end of a string such as '\N'. It would read one byte beyond the end of the memory allocation.
- bpo-35214: The interpreter and extension modules have had annotations added so that they work properly under clang’s Memory Sanitizer. A new configure flag –with-memory-sanitizer has been added to make test builds of this nature easier to perform.
- bpo-35193: Fix an off by one error in the bytecode peephole optimizer where it could read bytes beyond the end of bounds of an array when removing unreachable code. This bug was present in every release of Python 3.6 and 3.7 until now.
- bpo-29341: Clarify in the docstrings of os methods that path-like objects are also accepted as input parameters.
- bpo-35050: socket: Fix off-by-one bug in length check for AF_ALG name and type.
- bpo-34974: bytes and bytearray constructors no longer convert unexpected exceptions (e.g. MemoryError and KeyboardInterrupt) to TypeError.
- bpo-34973: Fixed crash in bytes() when the list argument is mutated while it is iterated.
- bpo-34824: Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery Spytz.
- bpo-1621: Do not assume signed integer overflow behavior (C undefined behavior) when performing set hash table resizing.
Library
- bpo-35052: Fix xml.dom.minidom cloneNode() on a document with an entity: pass the correct arguments to the user data handler of an entity.
- bpo-35330: When a Mock instance was used to wrap an object, if side_effect is used in one of the mocks of it methods, don’t call the original implementation and return the result of using the side effect the same way that it is done with return_value.
- bpo-34172: Revert the fix for this issue previously released in 3.7.1 pending further investigation: Fix a reference issue inside multiprocessing.Pool that caused the pool to remain alive if it was deleted without being closed or terminated explicitly.
- bpo-10496: posixpath.expanduser() now returns the input path unchanged if the HOME environment variable is not set and the current user has no home directory (if the current user identifier doesn’t exist in the password database). This change fix the site module if the current user doesn’t exist in the password database (if the user has no home directory).
- bpo-35310: Fix a bug in select.select() where, in some cases, the file descriptor sequences were returned unmodified after a signal interruption, even though the file descriptors might not be ready yet. select.select() will now always return empty lists if a timeout has occurred. Patch by Oran Avraham.
- bpo-35380: Enable TCP_NODELAY on Windows for proactor asyncio event loop.
- bpo-35341: Add generic version of collections.OrderedDict to the typing module. Patch by Ismo Toijala.
- bpo-35371: Fixed possible crash in os.utime() on Windows when pass incorrect arguments.
- bpo-27903: Fix ResourceWarning in platform.dist() on SuSE and Caldera OpenLinux. Patch by Ville Skyttä.
- bpo-35308: Fix regression in webbrowser where default browsers may be preferred over browsers in the BROWSER environment variable.
- bpo-28604: locale.localeconv() now sets temporarily the LC_CTYPE locale to the LC_MONETARY locale if the two locales are different and monetary strings are non-ASCII. This temporary change affects other threads.
- bpo-35277: Update ensurepip to install pip 18.1 and setuptools 40.6.2.
- bpo-35226: Recursively check arguments when testing for equality of unittest.mock.call objects and add note that tracking of parameters used to create ancestors of mocks in mock_calls is not possible.
- bpo-29564: The warnings module now suggests to enable tracemalloc if the source is specified, the tracemalloc module is available, but tracemalloc is not tracing memory allocations.
- bpo-35189: Modify the following fnctl function to retry if interrupted by a signal (EINTR): flock, lockf, fnctl
- bpo-35062: Fix incorrect parsing of _io.IncrementalNewlineDecoder’s translate argument.
- bpo-35079: Improve difflib.SequenceManager.get_matching_blocks doc by adding ‘non-overlapping’ and changing ‘!=’ to ‘<’.
- bpo-35017: socketserver.BaseServer.serve_forever() now exits immediately if it’s shutdown() method is called while it is polling for new events.
- bpo-31047: Fix ntpath.abspath regression where it didn’t remove a trailing separator on Windows. Patch by Tim Graham.
- bpo-34794: Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to Tcl/Tk.
- bpo-35008: Fixed references leaks when call the __setstate__() method of xml.etree.ElementTree.Element in the C implementation for already initialized element.
- bpo-23420: Verify the value for the parameter ‘-s’ of the cProfile CLI. Patch by Robert Kuska
- bpo-33947: dataclasses now handle recursive reprs without raising RecursionError.
- bpo-16965: The 2to3 execfile fixer now opens the file with mode 'rb'. Patch by Zackery Spytz.
- bpo-34966: pydoc now supports aliases not only to methods defined in the end class, but also to inherited methods. The docstring is not duplicated for aliases.
- bpo-34941: Methods find(), findtext() and findall() of the Element class in the xml.etree.ElementTree module are now able to find children which are instances of Element subclasses.
- bpo-34936: Fix TclError in tkinter.Spinbox.selection_element(). Patch by Juliette Monsel.
- bpo-34866: Adding max_num_fields to cgi.FieldStorage to make DOS attacks harder by limiting the number of MiniFieldStorage objects created by FieldStorage.
- bpo-34022: The SOURCE_DATE_EPOCH environment variable no longer overrides the value of the invalidation_mode argument to py_compile.compile(), and determines its default value instead.
- bpo-34738: ZIP files created by distutils will now include entries for directories.
- bpo-31177: Fix bug that prevented using reset_mock on mock instances with deleted attributes
- bpo-34536: Enum._missing_: raise ValueError if None returned and TypeError if non-member is returned.
- bpo-34604: Fix possible mojibake in the error message of pwd.getpwnam and grp.getgrnam using string representation because of invisible characters or trailing whitespaces. Patch by William Grzybowski.
- bpo-34574: OrderedDict iterators are not exhausted during pickling anymore. Patch by Sergey Fedoseev.
- bpo-34052: sqlite3.Connection.create_aggregate(), sqlite3.Connection.create_function(), sqlite3.Connection.set_authorizer(), sqlite3.Connection.set_progress_handler() methods raises TypeError when unhashable objects are passed as callable. These methods now don’t pass such objects to SQLite API. Previous behavior could lead to segfaults. Patch by Sergey Fedoseev.
- bpo-29877: compileall: import ProcessPoolExecutor only when needed, preventing hangs on low resource platforms
- bpo-22005: Implemented unpickling instances of datetime, date and time pickled by Python 2. encoding='latin1' should be used for successful decoding.
Python 3.6.8 final
Library
- bpo-31715: Associate .mjs file extension with application/javascript MIME Type.
Build
- bpo-35499: make profile-opt no longer replaces CFLAGS_NODIST with CFLAGS. It now adds profile-guided optimization (PGO) flags to CFLAGS_NODIST: existing CFLAGS_NODIST flags are kept.
- bpo-35257: Avoid leaking the linker flags from Link Time Optimizations (LTO) into distutils when compiling C extensions.
C API
- bpo-35259: Conditionally declare Py_FinalizeEx() (new in 3.6) based on Py_LIMITED_API.
Python 3.6.8 release candidate 1
Security
- bpo-34812: The -I command line option (run Python in isolated mode) is now also copied by the multiprocessing and distutils modules when spawning child processes. Previously, only -E and -s options (enabled by -I) were copied.
- bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.
Core and Builtins
- bpo-35444: Fixed error handling in pickling methods when fail to look up builtin “getattr”.
- bpo-35436: Fix various issues with memory allocation error handling. Patch by Zackery Spytz.
- bpo-35357: Internal attributes’ names of unittest.mock._Call and unittest.mock.MagicProxy (name, parent & from_kall) are now prefixed with _mock_ in order to prevent clashes with widely used object attributes. Fixed minor typo in test function name.
- bpo-35372: Fixed the code page decoder for input longer than 2 GiB containing undecodable bytes.
- bpo-33954: For str.format(), float.__format__() and complex.__format__() methods for non-ASCII decimal point when using the “n” formatter.
- bpo-35214: Fixed an out of bounds memory access when parsing a truncated unicode escape sequence at the end of a string such as '\N'. It would read one byte beyond the end of the memory allocation.
- bpo-35214: The interpreter and extension modules have had annotations added so that they work properly under clang’s Memory Sanitizer. A new configure flag –with-memory-sanitizer has been added to make test builds of this nature easier to perform.
- bpo-35193: Fix an off by one error in the bytecode peephole optimizer where it could read bytes beyond the end of bounds of an array when removing unreachable code. This bug was present in every release of Python 3.6 until now.
- bpo-29341: Clarify in the docstrings of os methods that path-like objects are also accepted as input parameters.
- bpo-35050: socket: Fix off-by-one bug in length check for AF_ALG name and type.
- bpo-34974: bytes and bytearray constructors no longer convert unexpected exceptions (e.g. MemoryError and KeyboardInterrupt) to TypeError.
- bpo-34973: Fixed crash in bytes() when the list argument is mutated while it is iterated.
- bpo-34824: Fix a possible null pointer dereference in Modules/_ssl.c. Patch by Zackery Spytz.
- bpo-1621: Do not assume signed integer overflow behavior (C undefined behavior) when performing set hash table resizing.
Library
- bpo-35052: Fix xml.dom.minidom cloneNode() on a document with an entity: pass the correct arguments to the user data handler of an entity.
- bpo-35330: When a Mock instance was used to wrap an object, if side_effect is used in one of the mocks of it methods, don’t call the original implementation and return the result of using the side effect the same way that it is done with return_value.
- bpo-34172: Revert the fix for this issue previously released in 3.6.7 pending further investigation: Fix a reference issue inside multiprocessing.Pool that caused the pool to remain alive if it was deleted without being closed or terminated explicitly.
- bpo-10496: posixpath.expanduser() now returns the input path unchanged if the HOME environment variable is not set and the current user has no home directory (if the current user identifier doesn’t exist in the password database). This change fix the site module if the current user doesn’t exist in the password database (if the user has no home directory).
- bpo-35310: Fix a bug in select.select() where, in some cases, the file descriptor sequences were returned unmodified after a signal interruption, even though the file descriptors might not be ready yet. select.select() will now always return empty lists if a timeout has occurred. Patch by Oran Avraham.
- bpo-35380: Enable TCP_NODELAY on Windows for proactor asyncio event loop.
- bpo-35371: Fixed possible crash in os.utime() on Windows when pass incorrect arguments.
- bpo-27903: Fix ResourceWarning in platform.dist() on SuSE and Caldera OpenLinux. Patch by Ville Skyttä.
- bpo-28604: locale.localeconv() now sets temporarily the LC_CTYPE locale to the LC_MONETARY locale if the two locales are different and monetary strings are non-ASCII. This temporary change affects other threads.
- bpo-35277: Update ensurepip to install pip 18.1 and setuptools 40.6.2.
- bpo-35226: Recursively check arguments when testing for equality of unittest.mock.call objects and add note that tracking of parameters used to create ancestors of mocks in mock_calls is not possible.
- bpo-35189: Modify the following fnctl function to retry if interrupted by a signal (EINTR): flock, lockf, fnctl
- bpo-35062: Fix incorrect parsing of _io.IncrementalNewlineDecoder’s translate argument.
- bpo-35079: Improve difflib.SequenceManager.get_matching_blocks doc by adding ‘non-overlapping’ and changing ‘!=’ to ‘<’.
- bpo-35017: socketserver.BaseServer.serve_forever() now exits immediately if it’s shutdown() method is called while it is polling for new events.
- bpo-31047: Fix ntpath.abspath regression where it didn’t remove a trailing separator on Windows. Patch by Tim Graham.
- bpo-34794: Fixed a leak in Tkinter when pass the Python wrapper around Tcl_Obj back to Tcl/Tk.
- bpo-35008: Fixed references leaks when call the __setstate__() method of xml.etree.ElementTree.Element in the C implementation for already initialized element.
- bpo-23420: Verify the value for the parameter ‘-s’ of the cProfile CLI. Patch by Robert Kuska
- bpo-16965: The 2to3 execfile fixer now opens the file with mode 'rb'. Patch by Zackery Spytz.
- bpo-34966: pydoc now supports aliases not only to methods defined in the end class, but also to inherited methods. The docstring is not duplicated for aliases.
- bpo-34941: Methods find(), findtext() and findall() of the Element class in the xml.etree.ElementTree module are now able to find children which are instances of Element subclasses.
- bpo-34936: Fix TclError in tkinter.Spinbox.selection_element(). Patch by Juliette Monsel.
- bpo-34900: Fixed unittest.TestCase.debug() when used to call test methods with subtests. Patch by Bruno Oliveira.
- bpo-34866: Adding max_num_fields to cgi.FieldStorage to make DOS attacks harder by limiting the number of MiniFieldStorage objects created by FieldStorage.
- bpo-34738: ZIP files created by distutils will now include entries for directories.
- bpo-31177: Fix bug that prevented using reset_mock on mock instances with deleted attributes
- bpo-34604: Fix possible mojibake in the error message of pwd.getpwnam and grp.getgrnam using string representation because of invisible characters or trailing whitespaces. Patch by William Grzybowski.
- bpo-34574: OrderedDict iterators are not exhausted during pickling anymore. Patch by Sergey Fedoseev.
- bpo-34052: sqlite3.Connection.create_aggregate(), sqlite3.Connection.create_function(), sqlite3.Connection.set_authorizer(), sqlite3.Connection.set_progress_handler() methods raises TypeError when unhashable objects are passed as callable. These methods now don’t pass such objects to SQLite API. Previous behavior could lead to segfaults. Patch by Sergey Fedoseev.
- bpo-29877: compileall: import ProcessPoolExecutor only when needed, preventing hangs on low resource platforms
- bpo-22005: Implemented unpickling instances of datetime, date and time pickled by Python 2. encoding='latin1' should be used for successful decoding.
0.3.1:
- Bugfixes in the diff parser and keyword-only arguments
0.3.0:
- Rewrote the pgen2 parser generator.
0.2.1:
- A bugfix for the diff parser.
- Grammar files can now be loaded from a specific path.
0.2.0:
- f-strings are now parsed as a part of the normal Python grammar. This makes
it way easier to deal with them.
0.1.1:
- Fixed a few bugs in the caching layer
- Added support for Python 3.7
Pkgsrc changes:
* Sadly, I had to reinstate the "make tar files" rust code to make
it possible to build cross-compiled bootstrap kits.
* Add an adjustable "BUILD_TARGET", "dist" for cross-building
a bootstrap kit, "build" for a normal native build.
* New bootstrap kits built for NetBSD/powerpc, NetBSD/earmv7hf,
and NetBSD/sparc64 version 1.31.1.
* gcc-wrap script amended to also drop -Wl,--enable-new-dtags
(so it could be used outside pkgsrc)
* Worked around use of AtomicU64 in release build tool (ugly band-aid patch).
Some platforms lack support for that type and associated operations.
Upstream changes:
- [Fix Rust failing to build on `powerpc-unknown-netbsd`][56562]
- [Fix broken go-to-definition in RLS][rls/1171]
- [Fix infinite loop on hover in RLS][rls/1170]
[56562]: https://github.com/rust-lang/rust/pull/56562
[rls/1171]: https://github.com/rust-lang/rls/issues/1171
[rls/1170]: https://github.com/rust-lang/rls/pull/1170
CHICKEN is a Scheme-to-C compiler supporting most of the language
features as defined in the Revised^5 Report on Scheme. CHICKEN
generates quite portable C code, and files compiled by it (including
itself) should work without any changes on most platforms.
The whole package is distributed under a BSD license and as such free
to use and modify as long as you adhere to its terms (see the manual).
Linkage to C modules and C-library functions is straightforward, so
it's easy to access C from Scheme. Compiled code can be embedded into
existing C programs without problems. The generated code supports
full tail-recursion, first-class continuations, multiple values and
dynamic-wind.
Changes since chicken-4.13.0:
5.0.0
-----
- Runtime system
- Added support for the full numeric tower, including various new
procedures taken from the "numbers" egg. All calculations will
now return exact numbers where possible, so code relying on flonums
being returned may need to be changed if rational numbers do not
provide the desired performance.
- Port directionality has been generalized from a simple input/output
flag to a bitmap, to allow for multidirectional ports.
- Weak symbol GC is faster, simpler, and can now collect all
unreferenced symbols instead of a maximum of 997 per major GC.
- The -:w option has been removed; symbols are now always collected.
- Increased the "binary compatibility version" to 9.
- Continuations which discard additional values beyond the first now
also accept multiple values via direct invocation after being
captured through `call/cc`, not just via `values` (#1390)
- Removed the deprecated C_locative_ref and C_mutate2 C functions.
- The trace buffer no longer holds on to thread objects, allowing them to
be garbage collected sooner (#1356, thanks to Kristian Lein-Mathisen)
- On Cygwin and MinGW, the "build-platform" now corresponds to the
tool chain used (gnu, clang, unknown) like on *nix, while the
software-version is now "cygwin" or "mingw32" instead of "unknown".
This also means the features list will now contain the tool chain
on all platforms.
- Symbols starting with #% are no longer treated specially and need
to be quoted with pipes. This makes the "%" sign available for use
in custom/user-defined sharp-sign read syntax.
- Compiler
- Fixed an off by one allocation problem in generated C code for (list ...).
- The "-scrutinize" compiler option has been removed.
- The "-module" compiler option (aliased as "-m") now expects a module name.
- The generated C output of the compiler is now deterministic: it
will be bit-for-bit identical when compiling the same Scheme file
with the same version of the compiler.
- the "-consult-type-file" and "-emit-type-file" options have been renamed
to "-consult-types-file" and "-emit-types-file", respectively.
- Tools
- The new "-link" option to csc allows linking with objects from extensions.
- The new "-libdir" option to csc allows overriding the runtime library
directory.
- The ambiguous "-l<libname>" option for csc has been removed (#1193).
- Removed deprecated "-n" shorthand for "-emit-inline-file" from csc.
- Removed "chicken-bug" tool.
- Core libraries
- Removed support for memory-mapped files (posix), queues
(data-structures), binary-search (data-structures), scan-input-lines
(utils), group-information (posix) object-eviction (lolevel), and
compile-file (utils). These are now available as eggs.
- Removed the srfi-1, srfi-13, srfi-14, srfi-18, srfi-69, and utils
units. These are now available as eggs.
- Added the `executable-pathname` procedure for retrieving a path to
the currently-running executable.
- Removed all support for SWIG.
- Removed interrupts-enabled declaration specifier.
- `sleep` now suspends the current thread when threading is enabled,
otherwise it sleeps the process. The new `process-sleep` procedure
in unit posix can be used to sleep the process unconditionally.
- `with-error-output-to-port' from the ports module has been renamed
to the more common `with-error-to-port', and `with-error-to-string'
has been added for completeness (thanks to Michael Silver).
- A new `make-bidirectional-port' procedure has been added to the
ports unit that will combine separate input- and output- ports into
a single bidirectional port.
- New `input-port-open?` and `output-port-open?` procedures have been
added for testing whether a port is open in a specific direction.
- An `include-relative` form has been added to the (chicken base) module.
This works like `load-relative` but for textual inclusion.
- Keywords are now always written in "portable" style by WRITE, so
that the reader's keyword style doesn't need to match the writer's.
- The environment variable `CHICKEN_PREFIX` has been removed.
- Added the `glob->sre` procedure to the irregex library.
- Removed the `get-host-name' and `system-information' procedures.
These are available in the "system-information" egg.
- Removed the `eval-when`, `select` and `ensure` macros. These are
available in the "miscmacros" egg.
- Removed the require-extension-for-syntax macro.
- Renamed bit-set? to bit->boolean because of swapped argument order
with respect to SRFI-33 and SRFI-60, which was confusing (fixes
#1385, thanks to Lemonboy).
- file-{read,write,execute}-access will now raise an exception when
the file doesn't exist or some other non-access related problem is
detected (fixes#1386, thanks to Vasilij Schneidermann).
- `change-file-mode` was renamed to set-file-permissions! and SRFI-17
generalized set! support has been added for `file-permissions`.
This procedure now also accepts a file descriptor or a port.
- `file-permissions` now returns one value: the permission integer.
- `read-file` has been renamed to `read-list`.
- `read-all` was dropped, as `read-string` with #f as its NUM argument
is equivalent.
- `read-lines` and `read-all` no longer accept a string naming a file,
only ports.
- The procedures for random numbers have been reimplemented;
access to system-specific entropy is available, together with a reasonably
good pseudo random number generator (WELL512).
- `glob` now returns an empty list for non-existent or inaccessible
directories, instead of erroring out.
- `file-copy' and `file-move' have been renamed to `copy-file' and
`move-file', for consistency with `delete-file' and `rename-file'.
- `rename-file' now refuses to overwrite an existing file unless an
optional "clobber" argument is provided.
- The `r4rs` module no longer exports `eval`, which was not in R4RS.
- `process`, `process*` and `process-execute` now expect lists of the form
(("NAME" . "VALUE") ...) instead of the previous (("NAME=VALUE") ...)
as their environment argument.
- `repository-path` is now a parameter containing a list of strings instead
of a string, as the search path for libraries can now contain multiple
directories.
- `file-read-access?`, `file-write-access?` and `file-execute-access?` have
been renamed `file-readable?`, `file-writable?` and `file-executable?`
into the (chicken file) module.
- Module system
- The compiler has been modularised, for improved namespacing. This
means names from the compiler should not leak out into the compiled
program's (macro) namespace anymore.
- The core units have been converted to modules under the "chicken"
namespace.
- Added support for list-style library names.
- The "use" and "use-for-syntax" special forms have been removed
in favor of "import" and "import-for-syntax" to reduce confusion.
- Module imports are now lexically scoped: identifiers provided by
an (import ...) inside (let ...) won't be visible outside that let.
- Modules implementing an interface can now correctly export extra
identifiers (bug reported by Martin Schneeweis, fix by "megane").
- Syntax expander
- Removed support for (define-syntax (foo e r c) ...), which was
undocumented and not officially supported anyway.
- Removed support for normal "lambda" forms as syntax transformers,
which has been deprecated since 4.8.0.
- define and friends are now aggressively rejected in "expression
contexts" (i.e., anywhere but toplevel or as internal defines).
- define-record and define-record-type now create record types
which are tagged with the module in which they're defined, so
predicates no longer return #t for records with the same tag
defined in another module. This tag is now also available under
an identifier that matches the record type name (fixes#1342).
- `include` now splices included expressions in the context in which
the inclusion appears and does not treat the expressions as toplevel
expressions by default.
- Eggs management
- Egg-installation and building has been completely overhauled.
- .meta + .setup files have been merged into a single declarative
".egg" file.
- More static checks for egg descriptions, simplified generation
of OS-specific build + install commands that is (hopefully)
more practical for package maintainers.
- Egg sources are cached locally to reduce download and rebuild
times.
- Dropped many obscure or unimportant options and features from
`chicken-install`: (`-keep-installed`, `-reinstall`, `-proxy`,
`-no-install`, `-username`, `-password`, `-init`, `-deploy`,
`-keep-going`, `-scan`, `-csi`, `-show-depends`, `-show-foreign-depends`,
`-prefix`.
- Added new "-from-list" option to chicken-install.
- Eggs can now be installed and located in multiple directories,
using the `CHICKEN_REPOSITORY_PATH` +
`CHICKEN_INSTALL_REPOSITORY`
environment variables.
- Static compilation of eggs is now fully supported and static
versions of compiled eggs are available by default.
- In a statically built chicken, the egg-tools ("chicken-install", "...-status",
"...-uninstall") are still available, but only support static compilation
of eggs.
- Foreign function interface
- The foreign type specifier "ssize_t" is now accepted, and "size_t"
arguments now only accept positive integers. Return values of
type size_t are no longer truncated on 32-bit platforms.
go1.11.4 (released 2018/12/14) includes fixes to cgo, the compiler, linker,
runtime, documentation, go command, and the net/http and go/types packages. It
includes a fix to a bug introduced in Go 1.11.3 that broke go get for import
path patterns containing "...". See the Go 1.11.4 milestone on our issue
tracker for details.
go1.11.3 (released 2018/12/12) includes three security fixes to "go get" and
the crypto/x509 package. See the Go 1.11.3 milestone on our issue tracker for
details.
Changelog:
Most notable changes:
* Change the license from modified-bsd to apache-2.0.
* Require Java 8 or later.
* Support Java 9 or later.
* Fix a security bug, CVE-2017-15288,
sbt is a build tool for Scala, Java, and more.
Features of sbt
* Little or no configuration required for simple projects
* Scala-based build definition that can use the full flexibility of Scala
code
* Accurate incremental recompilation using information extracted from the
compiler
* Continuous compilation and testing with triggered execution
* Packages and publishes jars
* Generates documentation with scaladoc
* Supports mixed Scala/Java projects
* Supports testing with ScalaCheck, specs, and ScalaTest. JUnit is
supported by a plugin.
* Starts the Scala REPL with project classes and dependencies on
the classpath
* Modularization supported with sub-projects
* External project support (list a git repository as a dependency!)
* Parallel task execution, including parallel test execution
* Library management support: inline declarations, external Ivy or Maven
configuration files, or manual management
Add PHP 7.3.0 as php73.
PHP is a widely-used open source general-purpose scripting language
that is especially suited for web development and can be embedded
into HTML. It is modular, and object-oriented. Much of its syntax
is borrowed from C, Java and Perl with a couple of unique PHP-specific
features thrown in. The language is designed to allow web developers
to write dynamically generated pages quickly.
This package provides PHP version 7.3.x.
PHP 7.3.0 comes with numerous improvements and new features such as
* Flexible Heredoc and Nowdoc Syntax
* PCRE2 Migration
* Multiple MBString Improvements
* LDAP Controls Support
* Improved FPM Logging
* Windows File Deletion Improvements
* Several Deprecations
For source downloads of PHP 7.3.0 please visit our downloads page Windows
binaries can be found on the PHP for Windows site. The list of changes is
recorded in the ChangeLog.
PEAR 1.10.7
Release date: 2018-12-05 15:16 UTC
Release state: stable
Release uploaded by: ashnazg
Changelog:
* PR #79: Prevent Unable to find the wrapper "channel" Warning
* PR #80: fix Warning: "continue" targeting switch is equivalent to
"break". Did you mean to use "continue 2"
* PR #81: Add flags to PECL shell script for shared extensions
These releases include fixes to cgo, the compiler, linker, runtime,
documentation, go command, and the net/http and go/types packages.
They include a fix to a bug introduced in Go 1.11.3 and Go 1.10.6
that broke "go get" for import path patterns containing "...".
View the release notes for more information:
https://golang.org/doc/devel/release.html#go1.10.minor
Version 10.14.2 'Dubnium' (LTS)
This LTS release comes with 374 commits. This includes 165 which are test or benchmark related, 77 which are doc related, 29 which are build / tool related and 15 commits which update dependencies.
Notable Changes
* deps:
- upgrade to c-ares v1.15.0
* Windows:
- A crashing process will now show the names of stack frames if the node.pdb file is available.
Changelog:
New Features
security-libs/javax.net.ssl
➜ Support for Customization of Default Enabled Cipher Suites via System Properties
The system property jdk.tls.client.cipherSuites can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. In a similar way, the system property jdk.tls.server.cipherSuites can be used for customization on the server side.
The system properties contain a comma-separated list of supported cipher suite names that specify the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in properties are ignored. Explicit setting of enabled cipher suites will override the system properties.
Please refer to the "Java Cryptography Architecture Standard Algorithm Name Documentation" for the standard JSSE cipher suite names, and the "Java Cryptography Architecture Oracle Providers Documentation" for the cipher suite names supported by the SunJSSE provider.
Note that the actual use of enabled cipher suites is restricted by algorithm constraints.
Note also that these system properties are currently supported by the JDK Reference Implementation. They are not guaranteed to be supported by other implementations.
Warning: These system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
See JDK-8162362
Bug Fixes
This release contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see the JDK 8u192 Bug Fixes page.
Security bugs:
CVE-2018-3183
CVE-2018-3209
CVE-2018-3169
CVE-2018-3149
CVE-2018-3211
CVE-2018-3180
CVE-2018-3214
CVE-2018-3157
CVE-2018-3150
CVE-2018-13785
CVE-2018-3136
CVE-2018-3139
pkgsrc changes:
- Add patches/patch-src_os_pl-files.c to avoid overlapping `src'
and `dst' in srtcpy(3). It is an undefined behaviour and it leads to build
issue in swi-prolog-packages on platforms that uses SSP.
- readline dependency is no longer needed for swi-prolog-lite.
The readline functionality is now provided as a package via
swi-prolog-packages.
- Inject CFLAGS via COFLAGS and pass -fPIC via CMFLAGS so that
swi-prolog-jpl will link
- Add patches/patch-src_pl-rsort.c to use FreeBSD qsort_r(3)
instead of using nested functions. This is probably more portable
and has less problems (e.g. does not need for PaX MPROTECT).
Changes:
7.6.x
-----
Major release. Multi-argument indexing, better multi-threaded
performance, threaded global GC (atoms and clauses), mode-directed
tabling, restored same expand and directive semantics for initial
load and reloading files, cleaner initializatin and command line
handling.
7.4.x
-----
Major release. More robust and better scalable support for multi-core
hardware, tabling, engines. Many enhancements to the RDF, HTTP and
SSL libraries. This is the first release licensed under the Simplified
BSD (BSD-2) license.
7.2.x
-----
Major release, providing native key-value support by means of dicts,
native strings using "hello world" syntax, web-accessible Prolog
engines (Pengines) and a high level SQL library called CQL.
Please note that this is just a summary of the most important changes,
for more information please give a look to:
<http://www.swi-prolog.org/ChangeLog?branch=stable>
LLVM 7.0.0 Release
The release contains the work on trunk up to SVN revision 338536 plus
work on the release branch. It is the result of the community's work
over the past six months, including: function multiversioning in Clang
with the 'target' attribute for ELF-based x86/x86_64 targets, improved
PCH support in clang-cl, preliminary DWARF v5 support, basic support
for OpenMP 4.5 offloading to NVPTX, OpenCL C++ support, MSan, X-Ray
and libFuzzer support for FreeBSD, early UBSan, X-Ray and libFuzzer
support for OpenBSD, UBSan checks for implicit conversions, many
long-tail compatibility issues fixed in lld which is now production
ready for ELF, COFF and MinGW, new tools llvm-exegesis, llvm-mca and
diagtool. And as usual, many optimizations, improved diagnostics, and
bug fixes.
For more details, see the release notes:
https://llvm.org/releases/7.0.0/docs/ReleaseNotes.htmlhttps://llvm.org/releases/7.0.0/tools/clang/docs/ReleaseNotes.htmlhttps://llvm.org/releases/7.0.0/tools/clang/tools/extra/docs/ReleaseNotes.htmlhttps://llvm.org/releases/7.0.0/tools/lld/docs/ReleaseNotes.html
Changelog:
Version 1.31.0 (2018-12-06)
Language
This version marks the release of the 2018 edition of Rust.
New lifetime elision rules now allow for eliding lifetimes in functions and impl headers. E.g. impl<'a> Reader for BufReader<'a> {} can now be impl Reader for BufReader<'_> {}. Lifetimes are still required to be defined in structs.
You can now define and use const functions. These are currently a strict minimal subset of the const fn RFC. Refer to the language reference for what exactly is available.
You can now use tool lints, which allow you to scope lints from external tools using attributes. E.g. #[allow(clippy::filter_map)].
#[no_mangle] and #[export_name] attributes can now be located anywhere in a crate, not just in exported functions.
You can now use parentheses in pattern matches.
Compiler
Updated musl to 1.1.20
Libraries
You can now convert num::NonZero* types to their raw equivalvents using the From trait. E.g. u8 now implements From<NonZeroU8>.
You can now convert a &Option<T> into Option<&T> and &mut Option<T> into Option<&mut T> using the From trait.
You can now multiply (*) a time::Duration by a u32.
Stabilized APIs
slice::align_to
sl
ice::align_to_mut
slice::chunks_exact
slice::chunks_exact_mut
slice::rchunks
slice::rchunks_mut
slice::rchunks_exact
slice::rchunks_exact_mut
Option::replace
Cargo
Cargo will now download crates in parallel using HTTP/2.
You can now rename packages in your Cargo.toml We have a guide on how to use the package key in your dependencies.
We used to build PHP with its built-in, statically linked libsqlite3. When
used in an executable with dynamically looaded modules such as Apache, some
module may load a shared libsqlite3, which has the same symbols as PHP's
built-in libsqlite3. This causes unreliable cross-version calls and is
source of crashes.
The fix is to disable PHP's built-in libslite3 and always use an external,
shared libsqlite3.
what is new for perl v5.28.1:
Security
[CVE-2018-18311] Integer overflow leading to buffer overflow and segmentation fault
Integer arithmetic in "Perl_my_setenv()" could wrap when the combined length of the environment variable
name and value exceeded around 0x7fffffff. This could lead to writing beyond the end of an allocated buffer
with attacker supplied data.
[CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
A crafted regular expression could cause heap-buffer-overflow write during compilation, potentially allowing
arbitrary code execution.
Incompatible Changes
There are no changes intentionally incompatible with 5.28.0. If any exist, they are bugs, and we request
that you submit a report. See "Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20180622 to 5.20181129_28.
Selected Bug Fixes
o Perl 5.28 introduced an "index()" optimization when comparing to -1 (or indirectly, e.g. >= 0). When
this optimization was triggered inside a "when" clause it caused a warning ("Argument %s isn't numeric
in smart match"). This has now been fixed.
o Matching of decimal digits in script runs, introduced in Perl 5.28, had a bug that led to "1\N{THAI
DIGIT FIVE}" matching "/^(*sr:\d+)$/" when it should not. This has now been fixed.
o The new in-place editing code no longer leaks directory handles.
Vala 0.42.3
===========
* Various improvements and bug fixes:
- codegen:
+ Initialize internal temp-variables used as reference parameter
+ Improve ccode for fixed-length array parameters (#163)
+ Fix regex literal compile flags
+ Add prototype for *_register_type() function
+ Don't emit *_free() of derived compact classes
+ Add prototype for *_new() of abstact compact classes
- girwriter: Fix ctype of out/ref and array parameters
- ccode: Fix typo and actually check "end_decls" (#672)
- abstract syntax tree:
+ Always analyze nodes after they are inserted into the AST
+ Add source_reference to local variable of catch-clause
+ Add missing replace_expression() implementations
+ Fix several construction/parenting issues
+ DataType for GLib.Error should be should resolved as ErrorType
- libvaladoc: Add "unlock" to keywords in Highligher
- posix:
+ Add replacement for G_(BEGIN|END)_DECLS
+ Don't check for GLib.Variant casting
- testrunner: Reset $run_prefix before generating next test script
- build: Unconditionally add conditional VALAFLAGS to make bootstrap
- doc: Fix build of internal-api-docs
- manual: Update from wiki.gnome.org
* Bindings:
- glib-2.0: Computing length once is enough in string.to_utf8()/splice()
- glib-2.0: Add binding for g_test_add()
- glib-2.0: Add array length to string.skip (#695)
- gio-2.0: Result of DBusMessage.get_header() is unowned
- gobject-2.0,gtk+-*.0: Fix some GLib.Value out/ref parameters
- gstreamer: Update from 1.15+ git master
- gtk+-4.0: Update to 3.94.0+b4b30b49
Vala 0.42.2
===========
* Various improvements and bug fixes:
- codewriter: Prepend "yield" if is_yield_expression is set on
MethodCall and ObjectCreationExpression
- codegen: Fix typo in is_pure_ccode_expression() [#673]
- gobject-introspection: Fix use after free in scanner [#674]
- vala: Check if ArrayType supports its given element-type in analyzer pass
- valadoc: Fix some string escaping which gettext complains about
* Bindings:
- Update GIDL-based bindings to fix unsupported type-arguments
- glib-2.0: Add feature_test_macro details for Time struct's methods
- glib-2.0: Set DateTime.now () to use local time zone as the default
- gstreamer: Update from 1.15+ git master
- gtk+-4.0: Update to 3.94.0+d90e2733
- libxml-2.0: Add missing context parameter in OutputWriteCallback
- x11: Add binding for XCreateSimpleWindow
Vala 0.42.1
===========
* Various improvements and bug fixes:
- vapigen: Warn if the library argument doesn't match any package attribute
[#669]
* Bindings:
- glib-2.0: Add some 2.58 symbols
- gtk+-4.0: Update to 3.94.0+f3e6d00d
- Add gnome-desktop-3.0 bindings [#668]
- Remove libgda-4.0, libgda-report-4.0 bindings [#667]
- Update GIR-based bindings
Up to now, there was a central list of variable name patterns that
defined whether a variable was printed as a sorted list, as a list or as
a single value.
Now each variable group decides on its own which of the variables are
printed in which way, using the usual glob patterns. This is more
flexible since different files sometimes differ in their naming
conventions.
Two variable groups are added: license (for everything related to
LICENSE) and go (for lang/go).
Changes:
---------------------------------------------------------------------
--- kernel-6.1.1 ----------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-6.1.1 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- erts-10.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-15438 Application(s): kernel
Related Id(s): ERL-781
Fix bug causing net_kernel process crash on connection
attempt from node with name identical to local node.
Full runtime dependencies of kernel-6.1.1: erts-10.1, sasl-3.0,
stdlib-3.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
--- erts-10.1.3 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.1.3 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
--- Improvements and New Features ---
OTP-15430 Application(s): erts
Related Id(s): ERIERL-237
Added an optional ./configure flag to compile the
emulator with spectre mitigation:
--with-spectre-mitigation
Note that this requires a recent version of GCC with
support for spectre mitigation and the
--mindirect-branch=thunk flag, such as 8.1.
Full runtime dependencies of erts-10.1.3: kernel-6.1, sasl-3.0.1,
stdlib-3.5
---------------------------------------------------------------------
--- compiler-7.2.7 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.2.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15353 Application(s): compiler
Related Id(s): ERL-753
Fixed a bug where incorrect code was generated
following a binary match guard.
Full runtime dependencies of compiler-7.2.7: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- erts-10.1.2 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.1.2 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-15421 Application(s): erts
Fixed a rare bug where files could be closed on a
normal instead of an IO scheduler, resulting in system
instability if the operation blocked.
Full runtime dependencies of erts-10.1.2: kernel-6.1, sasl-3.0.1,
stdlib-3.5
---------------------------------------------------------------------
--- public_key-1.6.3 ------------------------------------------------
---------------------------------------------------------------------
The public_key-1.6.3 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15367 Application(s): public_key
Add DSA SHA2 oids in public_keys ASN1-spec and
public_key:pkix_sign_types/1
Full runtime dependencies of public_key-1.6.3: asn1-3.0, crypto-3.8,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
Trying to mix and match pkgsrc and bundled dependencies resulted in conflicts
between libgit and http-parser, such that cargo was unable to fetch indexes
from crates.io with spurious network error regarding Content-Type headers.
While here add a note about why these dependencies are currently disabled.
Bump PKGREVISION.
Version 10.14.0 'Dubnium' (LTS):
This is a security release. All Node.js users should consult the security release summary at:
https://nodejs.org/en/blog/vulnerability/november-2018-security-releases/
for details on patched vulnerabilities.
Fixes for the following CVEs are included in this release:
* Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
* Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122 / Node.js)
* Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
* OpenSSL: Timing vulnerability in DSA signature generation (CVE-2018-0734)
* OpenSSL: Timing vulnerability in ECDSA signature generation (CVE-2019-0735)
Notable Changes
* deps: Upgrade to OpenSSL 1.1.0j, fixing CVE-2018-0734 and CVE-2019-0735
* http:
- Headers received by HTTP servers must not exceed 8192 bytes in total to prevent possible Denial of Service attacks. Reported by Trevor Norris. (CVE-2018-12121 / Matteo Collina)
- A timeout of 40 seconds now applies to servers receiving HTTP headers. This value can be adjusted with server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. Reported by Jan Maybach (liebdich.com). (CVE-2018-12122 / Matteo Collina)
* url: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol.
Add type annotations to your Python programs, and use mypy to type check them.
Mypy is essentially a Python linter on steroids, and it can catch many
programming errors by analyzing your program, without actually having to run
it. Mypy has a powerful type system with features such as type inference,
gradual typing, generics and union types.
- use 'build' target for building, not 'dist'
- set jobs also for install target
- do not generate tarballs; we don't need them, but they take a lot of disk-space
- do not install 'src'
- do not generate 'install.log' nor 'uninstall.sh'
- on Darwin, use headerpad_max_install_names to be able to fix all dylibs
- make optimized bootstrap
- pkglint fixes
- get ready to depend on lang/llvm and devel/jemalloc
This allows users to simply install a "go" package and pull in the latest
version available for their host operating system without having to figure
out the name for the correct suffixed package.
isn't an upstream choice, but is likely a result of using bsd.prog.mk in
files/
At least one person had an issue with it, although it (mysteriously) builds
fine with GCC 6.5 and -Werror, even now.
PR pkg/48482
Version 10.13.0 'Dubnium' (LTS)
This release marks the transition of Node.js 10.x into Long Term Support (LTS) with the codename 'Dubnium'. The 10.x release line now moves in to "Active LTS" and will remain so until April 2020. After that time it will move in to "Maintenance" until end of life in April 2021.
Notable Changes
This release only includes minimal changes necessary to fix known regressions prior to LTS.
Version 10.12.0 (Current)
Notable changes
assert
* The diff output is now a tiny bit improved by sorting object properties when inspecting the values that are compared with each other.
cli
* The options parser now normalizes _ to - in all multi-word command-line flags, e.g. --no_warnings has the same effect as --no-warnings.
* Added bash completion for the node binary. To generate a bash completion script, run node --completion-bash. The output can be saved to a file which can be sourced to enable completion.
crypto
* Added support for PEM-level encryption.
* Added an API asymmetric key pair generation. The new methods crypto.generateKeyPair and crypto.generateKeyPairSync can be used to generate public and private key pairs. The API supports RSA, DSA and EC and a variety of key encodings (both PEM and DER).
fs
* Added a recursive option to fs.mkdir and fs.mkdirSync. If this option is set to true, non-existing parent folders will be automatically created.
http2
* Added a 'ping' event to Http2Session that is emitted whenever a non-ack PING is received.
* Added support for the ORIGIN frame.
* Updated nghttp2 to 1.34.0. This adds RFC 8441 extended connect protocol support to allow use of WebSockets over HTTP/2.
module
* Added module.createRequireFromPath(filename). This new method can be used to create a custom require function that will resolve modules relative to the filename path.
process
* Added a 'multipleResolves' process event that is emitted whenever a Promise is attempted to be resolved multiple times, e.g. if the resolve and reject functions are both called in a Promise executor.
url
* Added url.fileURLToPath(url) and url.pathToFileURL(path). These methods can be used to correctly convert between file: URLs and absolute paths.
util
* Added the sorted option to util.inspect(). If set to true, all properties of an object and Set and Map entries will be sorted in the returned string. If set to a function, it is used as a compare function.
The util.instpect.custom symbol is now defined in the global symbol registry as Symbol.for('nodejs.util.inspect.custom').
* Added support for BigInt numbers in util.format().
V8 API
* A number of V8 C++ APIs have been marked as deprecated since they have been removed in the upstream repository. Replacement APIs are added where necessary.
Windows
* The Windows msi installer now provides an option to automatically install the tools required to build native modules.
Workers
* Debugging support for Workers using the DevTools protocol has been implemented.
* The public inspector module is now enabled in Workers.
works and cabs*() handling is correct.
also:
- extract using bsdtar. saves about 4 minutes during extract for me.
- remove duplicated part of gcc/config/netbsd.h -- it's already
upstream by this version.
1. Enhancements
Elixir
[Kernel] Expand left..right at compile time in more cases, which leads to improved performance under different scenarios, especially on x in left..right expressions
Mix
[mix deps.loadpaths] Add --no-load-deps flag. This is useful for Rebar 3 compatibility
2. Bug fixes
Elixir
[Calendar] Fix for converting from negative iso days on New Year in a leap year
[Kernel] Ensure @spec, @callback, @type and friends can be read accordingly
[Module] Avoid warnings when using Module.eval_quoted in the middle of existing definitions
Mix
[mix archive.build] Unload previous archive versions before building
[mix format] Expand paths so mix format path\for\windows.ex works
[mix test] Ensure that --cover displays correct coverage in an umbrella app
changes in erlang/OTP 21.1.1:
---------------------------------------------------------------------
--- compiler-7.2.6 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.2.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15335 Application(s): compiler
Related Id(s): ERL-689, OTP-15219
In rare circumstances, the matched out tail of a binary
could be the entire original binary. (There was partial
correction to this problem in version 7.2.5 of the
compiler application.)
Full runtime dependencies of compiler-7.2.6: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- eldap-1.2.6 -----------------------------------------------------
---------------------------------------------------------------------
The eldap-1.2.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15342 Application(s): eldap
Related Id(s): ERIERL-242
A race condition at close could cause the eldap client
to exit with a badarg message as cause.
Full runtime dependencies of eldap-1.2.6: asn1-3.0, erts-6.0,
kernel-3.0, ssl-5.3.4, stdlib-2.0
---------------------------------------------------------------------
--- erts-10.1.1 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.1.1 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-14297 Application(s): erts
Related Id(s): OTP-15141
A bug where the socket option 'pktoptions' caused a
read of uninitialized memory has been fixed. Would
cause malfunction on FreeBSD.
OTP-15318 Application(s): erts
Fixed a memory leak on errors when reading files.
OTP-15333 Application(s): erts
Related Id(s): ERL-737
File access through UNC paths works again on Windows.
This regression was introduced in OTP 21.
Full runtime dependencies of erts-10.1.1: kernel-6.1, sasl-3.0.1,
stdlib-3.5
---------------------------------------------------------------------
--- ssl-9.0.3 -------------------------------------------------------
---------------------------------------------------------------------
The ssl-9.0.3 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15337 Application(s): ssl
Related Id(s): ERL-738
Correct alert handling with new TLS sender process,
from ssl-9.0.2. CLOSE ALERTS could under some
circumstances be encoded using an incorrect cipher
state. This would cause the peer to regard them as
unknown messages.
OTP-15348 Application(s): ssl
Related Id(s): ERL-747
Correct handling of socket packet option with new TLS
sender process, from ssl-9.0.2. When changing the
socket option {packet, 1|2|3|4} with ssl:setopts/2 the
option must internally be propagated to the sender
process as well as the reader process as this
particular option also affects the data to be sent.
Full runtime dependencies of ssl-9.0.3: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.5, stdlib-3.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
changes in erlang/OTP 21.1:
---------------------------------------------------------------------
--- HIGHLIGHTS ------------------------------------------------------
---------------------------------------------------------------------
OTP-15133 Application(s): ssh
Related Id(s): OTP-15240
The key exchange methods
'curve25519-sha256@libssh.org', 'curve25519-sha256' and
'curve448-sha512' are implemented. The last two are
defined in
https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves
They all depends on that OpenSSL 1.1.1 or higher is
used as cryptolib.
OTP-15134 Application(s): crypto, public_key
The typing in the CRYPTO and PUBLIC_KEY applications
are reworked and a few mistakes are corrected.
The documentation is now generated from the typing and
some clarifications are made.
A new chapter on Algorithm Details such as key sizes
and availability is added to the CRYPTO User's Guide.
OTP-15145 Application(s): erts, kernel
Related Id(s): ERIERL-187
The socket options recvtos, recvttl, recvtclass and
pktoptions have been implemented in the socket modules.
See the documentation for the gen_tcp, gen_udp and inet
modules. Note that support for these in the runtime
system is platform dependent. Especially for pktoptions
which is very Linux specific and obsoleted by the RFCs
that defined it.
OTP-15209 Application(s): ssh
Related Id(s): OTP-15164
The cipher 'chacha20-poly1305@openssh.com' is now
supported if OpenSSL 1.1.1 or higher is used as
cryptolib.
---------------------------------------------------------------------
--- asn1-5.0.7 ------------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-14440 Application(s): asn1
Related Id(s): ERIERL-220
A bug in ASN.1 BER decoding has been fixed. When
decoding a recursively enclosed term the length was not
propagated to that term decoding, so if the length of
the enclosed term was longer than the enclosing that
error was not detected.
A hard coded C stack limitation for decoding recursive
ASN.1 terms has been introduced. This is currently set
to 8 kWords giving a nesting depth of about 1000
levels. Deeper terms can not be decoded, which should
not be much of a real world limitation.
Full runtime dependencies of asn1-5.0.7: erts-7.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- common_test-1.16.1 ----------------------------------------------
---------------------------------------------------------------------
The common_test-1.16.1 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15307 Application(s): common_test
The Logger handler cth_log_redirect earlier called the
report callback (report_cb) before calling the logger
formatter. In some cases this would fail, since
cth_log_redirect could not handle report callbacks with
two arguments. This is now corrected, so only the
formatter will call the report callback.
Full runtime dependencies of common_test-1.16.1: compiler-6.0,
crypto-3.6, debugger-4.1, erts-7.0, ftp-1.0.0, inets-6.0, kernel-4.0,
observer-2.1, runtime_tools-1.8.16, sasl-2.4.2, snmp-5.1.2, ssh-4.0,
stdlib-3.5, syntax_tools-1.7, tools-2.8, xmerl-1.3.8
---------------------------------------------------------------------
--- compiler-7.2.5 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.2.5 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15186 Application(s): compiler
Related Id(s): ERL-665
Fixed a bug that prevented certain variable-sized
binary comprehensions from compiling.
OTP-15188 Application(s): compiler
Related Id(s): ERL-658
When compiling from Core Erlang, funs created in
certain expressions that were only used for their
side-effects were subtly broken.
OTP-15218 Application(s): compiler
Related Id(s): ERL-684
There could be an internal consistency failure when a
receive was nested in a try/catch.
OTP-15219 Application(s): compiler
Related Id(s): ERL-689
In rare circumstances, the matched out tail of a binary
could be the entire original binary.
OTP-15227 Application(s): compiler
Related Id(s): ERL-699
When is_map_key/2 was used in a guard together with the
not/1 or or/2 operators, the error behavior could be
wrong when is_map_key/2 was passed a non-map as the
second argument.
In rare circumstances, compiling code that uses
is_map_key/2 could cause an internal consistency check
failure.
OTP-15235 Application(s): compiler
Related Id(s): ERL-703
The compiler could crash when compiling a function with
multiple receives in multiple clauses.
Full runtime dependencies of compiler-7.2.5: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- crypto-4.3.3 ----------------------------------------------------
---------------------------------------------------------------------
The crypto-4.3.3 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15212 Application(s): crypto
Related Id(s): ERL-675, PR1899, PR838
The RSA options rsa_mgf1_md, rsa_oaep_md, and
rsa_oaep_label were always disabled. They will now be
enabled when a suitable cryptolib is used.
They are still experimental and may change without
prior notice.
OTP-15283 Application(s): crypto
The ciphers aes_ige256 and blowfish_cbc had naming
issues in crypto:next_iv/2.
OTP-15303 Application(s): crypto
the RSA_SSLV23_PADDING is disabled if LibreSSL is used
as cryptlib. This is due to compilation problems.
This will be investigated further in the future.
--- Improvements and New Features ---
OTP-14717 Application(s): crypto
Related Id(s): OTP-15244
The supported named elliptic curves are now reported in
crypto:supports/0 in a new entry tagged by 'curves'.
The function crypto:ec_curves/0 is kept for
compatibility.
OTP-15134 Application(s): crypto, public_key
*** HIGHLIGHT ***
The typing in the CRYPTO and PUBLIC_KEY applications
are reworked and a few mistakes are corrected.
The documentation is now generated from the typing and
some clarifications are made.
A new chapter on Algorithm Details such as key sizes
and availability is added to the CRYPTO User's Guide.
OTP-15153 Application(s): crypto
Support for SHA3 both as a separate hash and in HMAC is
now available if OpenSSL 1.1.1 or higher is used as
cryptolib.
Available lengths are reported in the 'hashs' entry in
crypto:supports/0 as sha3_*.
OTP-15164 Application(s): crypto
Related Id(s): OTP-15209
The mac algorithm poly1305 and the cipher algorithm
chacha20 are now supported if OpenSSL 1.1.1 or higher
is used as cryptolib.
OTP-15240 Application(s): crypto
Related Id(s): OTP-15133
The key exchange Edward curves x25519 and x448 are now
supported if OpenSSL 1.1.1 or higher is used as
cryptolib.
OTP-15260 Application(s): crypto
The supported RSA options for sign/verify and
encrypt/decrypt are now reported in crypto:supports/0
in a new entry tagged by 'rsa_opts'.
The exakt set is still experimental and may change
without prior notice.
OTP-15286 Application(s): crypto
The cipher aes_ccm is added.
Full runtime dependencies of crypto-4.3.3: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- debugger-4.2.6 --------------------------------------------------
---------------------------------------------------------------------
The debugger-4.2.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of debugger-4.2.6: compiler-5.0, erts-9.0,
kernel-5.3, stdlib-3.4, wx-1.2
---------------------------------------------------------------------
--- dialyzer-3.3.1 --------------------------------------------------
---------------------------------------------------------------------
The dialyzer-3.3.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15268 Application(s): dialyzer
Related Id(s): ERL-680
Optimize Dialyzer's handling of left-associative use of
andalso and orelse in guards.
Full runtime dependencies of dialyzer-3.3.1: compiler-7.0, erts-9.0,
hipe-3.16.1, kernel-5.3, stdlib-3.4, syntax_tools-2.0, wx-1.2
---------------------------------------------------------------------
--- diameter-2.1.6 --------------------------------------------------
---------------------------------------------------------------------
The diameter-2.1.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15198 Application(s): diameter
Related Id(s): ERIERL-213
Fix function_clause when sending an outgoing request
after DPA has been sent in response to an incoming DPR.
The caused the diameter_peer_fsm gen_server associated
with the peer connection to fail, which could then
result in the transport connection being reset before
the peer closed it upon reception of DPA.
Full runtime dependencies of diameter-2.1.6: erts-10.0, kernel-3.2,
ssl-9.0, stdlib-2.4
---------------------------------------------------------------------
--- edoc-0.9.4 ------------------------------------------------------
---------------------------------------------------------------------
The edoc-0.9.4 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of edoc-0.9.4: erts-6.0, inets-5.10,
kernel-3.0, stdlib-2.5, syntax_tools-1.6.14, xmerl-1.3.7
---------------------------------------------------------------------
--- eldap-1.2.5 -----------------------------------------------------
---------------------------------------------------------------------
The eldap-1.2.5 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of eldap-1.2.5: asn1-3.0, erts-6.0,
kernel-3.0, ssl-5.3.4, stdlib-2.0
---------------------------------------------------------------------
--- erl_docgen-0.8.1 ------------------------------------------------
---------------------------------------------------------------------
The erl_docgen-0.8.1 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-14406 Application(s): erl_docgen
Indexing for the online search function has been
corrected for CREF documents.
Full runtime dependencies of erl_docgen-0.8.1: edoc-0.7.13, erts-9.0,
stdlib-3.4, xmerl-1.3.7
---------------------------------------------------------------------
--- erl_interface-3.10.4 --------------------------------------------
---------------------------------------------------------------------
The erl_interface-3.10.4 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15161 Application(s): erl_interface
Related Id(s): ERIERL-191
Make ei_connect and friends also accept state
ok_simultaneous during handshake, which means the other
node has initiated a connection setup that will be
cancelled in favor of this connection.
OTP-15171 Application(s): erl_interface
Fixed bug in ei_receive_msg, ei_xreceive_msg,
ei_receive_msg_tmo and ei_xreceive_msg_tmo. The
x->index was set to entire buffer size instead of the
number of bytes actually received.
OTP-15191 Application(s): erl_interface
Fixed bug in ei_connect_init which could be provoked if
called by concurrent threads. ei_connect_init called
posix interface gethostbyname which is documented as
not thread safe.
OTP-15277 Application(s): erl_interface
Related Id(s): PR-1929
Fixed bug in erl_compare_ext() ignoring the tail of
lists of otherwise equal content. Example: [a | b] and
[a | c] compared equal and {[a], b} and {[a], c}
compared equal.
---------------------------------------------------------------------
--- erts-10.1 -------------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.1 application can *not* be applied independently of
other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-15038 Application(s): erts
Related Id(s): ERL-602
Fix the seq_trace token to not be cleared when a
process receives messages sent by erts. Some examples
of when this could happen is all port BIFs, i.e.
open_port, port_command etc etc.
Fix so that messages sent by nifs can be traced using
normal and seq_trace tracing.
OTP-15180 Application(s): erts
Related Id(s): ERL-648
Fixed specs and documentation for process_info item
monitored_by to include port identifiers and nif
resources as possible types.
OTP-15181 Application(s): erts
Fix bug in generation of erl_crash.dump, which could
cause VM to crash.
Bug exist since erts-9.2 (OTP-20.2).
OTP-15205 Application(s): erts
Fix bug where ctrl-break or ctrl-c would not trigger
the break mode properly on Windows. This bug was
introduced in erts-10.0 (OTP-21).
OTP-15206 Application(s): erts
Fix a performance bug for reception of UDP packages,
where a memory buffer would be reallocated when it
should not have been.
Introduce a limit on the maximum automatic increase of
the UDP user-space buffer to the theoretical max of the
network PATH, i.e. 65535.
OTP-15208 Application(s): erts
Related Id(s): ERL-677, PR-1897
Fix alignment of erts allocator state internally in
erts. With the improper alignment the emulator would
refuse to start when compiled with clang on 32-bit
systems.
OTP-15210 Application(s): erts
Fix bug where too many concurrent calls to
erlang:open_port({spawn,"cmd"},...) would result in the
emulator terminating with the reason "Failed to write
to erl_child_setup: ". After this fix the open_port
call will throw an emfile exception instead.
OTP-15217 Application(s): erts
Upgraded the ERTS internal PCRE library from version
8.41 to version 8.42. See
http://pcre.org/original/changelog.txt for information
about changes made to PCRE. This library implements
major parts of the re regular expressions module.
OTP-15236 Application(s): erts
Related Id(s): ERL-692
Fix open_port({fd,X,Y}, ...) to release the file
descriptors from the pollset when closing the port.
Without this fix the same file descriptor number could
not be reused when doing multiple open_port and
port_close sequences.
OTP-15276 Application(s): erts
Related Id(s): PR-1920
Fixed bug in float_to_list/2 and float_to_binary/2 with
options [{decimals,0},compact] causing totally wrong
results. Bug exists since OTP-21.0.
OTP-15278 Application(s): erts
Fixed bug in erlang:memory causing ets to report too
much. This small false memory leak (16 bytes each time)
can only happen when a specific race condition occurs
between scheduler threads on a table with option
write_concurrency.
OTP-15282 Application(s): erts
Minor configure test fixes
OTP-15297 Application(s): erts, kernel
Related Id(s): OTP-15279, OTP-15280
Improved robustness of distribution connection setup.
In OTP-21.0 a truly asynchronous connection setup was
introduced. This is further improvement on that work to
make the emulator more robust and also be able to
recover in cases when involved Erlang processes
misbehave.
--- Improvements and New Features ---
OTP-15145 Application(s): erts, kernel
Related Id(s): ERIERL-187
*** HIGHLIGHT ***
The socket options recvtos, recvttl, recvtclass and
pktoptions have been implemented in the socket modules.
See the documentation for the gen_tcp, gen_udp and inet
modules. Note that support for these in the runtime
system is platform dependent. Especially for pktoptions
which is very Linux specific and obsoleted by the RFCs
that defined it.
Full runtime dependencies of erts-10.1: kernel-6.1, sasl-3.0.1,
stdlib-3.5
---------------------------------------------------------------------
--- et-1.6.3 --------------------------------------------------------
---------------------------------------------------------------------
The et-1.6.3 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of et-1.6.3: erts-9.0, kernel-5.3,
runtime_tools-1.10, stdlib-3.4, wx-1.2
---------------------------------------------------------------------
--- eunit-2.3.7 -----------------------------------------------------
---------------------------------------------------------------------
The eunit-2.3.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of eunit-2.3.7: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- ftp-1.0.1 -------------------------------------------------------
---------------------------------------------------------------------
The ftp-1.0.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of ftp-1.0.1: erts-7.0, kernel-6.0,
stdlib-3.5
---------------------------------------------------------------------
--- hipe-3.18.1 -----------------------------------------------------
---------------------------------------------------------------------
The hipe-3.18.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of hipe-3.18.1: compiler-5.0, erts-9.3,
kernel-5.3, stdlib-3.4, syntax_tools-1.6.14
---------------------------------------------------------------------
--- inets-7.0.2 -----------------------------------------------------
---------------------------------------------------------------------
The inets-7.0.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15192 Application(s): inets
Enhance error handling, that is mod_get will return 403
if a path is a directory and not a file.
OTP-15241 Application(s): inets
Do not use chunked-encoding with 1xx, 204 and 304
responses when using mod_esi. Old behavior was not
compliant with HTTP/1.1 RFC and could cause clients to
hang when they received 1xx, 204 or 304 responses that
included an empty chunked-encoded body.
OTP-15242 Application(s): inets
Add robust handling of chunked-encoded HTTP responses
with an empty body (1xx, 204, 304). Old behavior could
cause the client to hang when connecting to a faulty
server implementation.
Full runtime dependencies of inets-7.0.2: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- jinterface-1.9.1 ------------------------------------------------
---------------------------------------------------------------------
The jinterface-1.9.1 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
---------------------------------------------------------------------
--- kernel-6.1 ------------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-6.1 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- erts-10.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-15143 Application(s): kernel
The values all and none are documented as valid value
for the Kernel configuration parameter logger_level,
but would cause a crash during node start. This is now
corrected.
OTP-15162 Application(s): kernel
Related Id(s): ERIERL-191
Fix some potential buggy behavior in how ticks are sent
on inter node distribution connections. Tick is now
sent to c-node even if there are unsent buffered data,
as c-nodes need ticks in order to send reply ticks. The
amount of sent data was also calculated wrongly when
ticks were suppressed due to unsent buffered data.
OTP-15170 Application(s): kernel
Non semantic change in dist_util.erl to silence
dialyzer warning.
OTP-15182 Application(s): kernel
Related Id(s): ERL-643
Fixed net_kernel:connect_node(node()) to return true
(and do nothing) as it always has before OTP-21.0. Also
documented this successful "self connect" as the
expected behavior.
OTP-15228 Application(s): kernel
The single_line option on logger_formatter would in
some cases add an unwanted comma after the association
arrows in a map. This is now corrected.
OTP-15297 Application(s): erts, kernel
Related Id(s): OTP-15279, OTP-15280
Improved robustness of distribution connection setup.
In OTP-21.0 a truly asynchronous connection setup was
introduced. This is further improvement on that work to
make the emulator more robust and also be able to
recover in cases when involved Erlang processes
misbehave.
--- Improvements and New Features ---
OTP-15132 Application(s): kernel
A new macro, ?LOG(Level,...), is added. This is
equivalent to the existing ?LOG_<LEVEL>(...) macros.
A new variant of Logger report callback is added, which
takes an extra argument containing options for size
limiting and line breaks. Module proc_lib in STDLIB
uses this for crash reports.
Logger configuration is now checked a bit more for
errors.
OTP-15145 Application(s): erts, kernel
Related Id(s): ERIERL-187
*** HIGHLIGHT ***
The socket options recvtos, recvttl, recvtclass and
pktoptions have been implemented in the socket modules.
See the documentation for the gen_tcp, gen_udp and inet
modules. Note that support for these in the runtime
system is platform dependent. Especially for pktoptions
which is very Linux specific and obsoleted by the RFCs
that defined it.
OTP-15146 Application(s): kernel
Add logger:set_application_level/2 for setting the
logger level of all modules in one application.
Full runtime dependencies of kernel-6.1: erts-10.1, sasl-3.0,
stdlib-3.5
---------------------------------------------------------------------
--- megaco-3.18.4 ---------------------------------------------------
---------------------------------------------------------------------
The megaco-3.18.4 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of megaco-3.18.4: asn1-3.0, debugger-4.0,
erts-7.0, et-1.5, kernel-3.0, runtime_tools-1.8.14, stdlib-2.5
---------------------------------------------------------------------
--- mnesia-4.15.5 ---------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.15.5 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15201 Application(s): mnesia
Related Id(s): PR-1881
Fixed type spec for mnesia:change_config/2.
OTP-15221 Application(s): mnesia
Related Id(s): ERIERL-217
When master node is set do not force a load from
ram_copies replica when there are no available
disc_copies, since that would load an empty table. Wait
until a disk replica is available or until user
explicitly force_loads the table.
OTP-15226 Application(s): mnesia
Related Id(s): ERIERL-221
Allow to add replicas even if all other replicas are
down when the other replicas are not stored on disk.
OTP-15231 Application(s): mnesia
Related Id(s): PR-1858
Fixed mnesia:delete_object/1 bug, where delete_object
was deleting the record if it was written in the same
transaction even if it was written to a different
value.
OTP-15243 Application(s): mnesia
Fixed a bug where the bag table index data was not
deleted when objects were deleted.
Full runtime dependencies of mnesia-4.15.5: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- observer-2.8.1 --------------------------------------------------
---------------------------------------------------------------------
The observer-2.8.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of observer-2.8.1: erts-7.0, et-1.5,
kernel-3.0, runtime_tools-1.8.14, stdlib-3.5, wx-1.2
---------------------------------------------------------------------
--- odbc-2.12.2 -----------------------------------------------------
---------------------------------------------------------------------
The odbc-2.12.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of odbc-2.12.2: erts-6.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- os_mon-2.4.6 ----------------------------------------------------
---------------------------------------------------------------------
The os_mon-2.4.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of os_mon-2.4.6: erts-6.0, kernel-3.0,
mnesia-4.12, otp_mibs-1.0.9, sasl-2.4, snmp-4.25.1, stdlib-2.0
---------------------------------------------------------------------
--- otp_mibs-1.2.1 --------------------------------------------------
---------------------------------------------------------------------
The otp_mibs-1.2.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of otp_mibs-1.2.1: erts-6.0, kernel-3.0,
mnesia-4.12, snmp-4.25.1, stdlib-2.0
---------------------------------------------------------------------
--- parsetools-2.1.8 ------------------------------------------------
---------------------------------------------------------------------
The parsetools-2.1.8 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of parsetools-2.1.8: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
--- public_key-1.6.2 ------------------------------------------------
---------------------------------------------------------------------
The public_key-1.6.2 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15284 Application(s): public_key
Removed #DSAPrivateKey{} as acceptable input to
public_key:verify/5.
--- Improvements and New Features ---
OTP-15134 Application(s): crypto, public_key
*** HIGHLIGHT ***
The typing in the CRYPTO and PUBLIC_KEY applications
are reworked and a few mistakes are corrected.
The documentation is now generated from the typing and
some clarifications are made.
A new chapter on Algorithm Details such as key sizes
and availability is added to the CRYPTO User's Guide.
Full runtime dependencies of public_key-1.6.2: asn1-3.0, crypto-3.8,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- reltool-0.7.7 ---------------------------------------------------
---------------------------------------------------------------------
The reltool-0.7.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of reltool-0.7.7: erts-7.0, kernel-3.0,
sasl-2.4, stdlib-3.4, tools-2.6.14, wx-1.2
---------------------------------------------------------------------
--- runtime_tools-1.13.1 --------------------------------------------
---------------------------------------------------------------------
The runtime_tools-1.13.1 application can be applied independently of
other applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15163 Application(s): runtime_tools
Related Id(s): PR-1844
Optimize observer by using new system_info(ets_count)
instead of more expensive length(ets:all()).
Full runtime dependencies of runtime_tools-1.13.1: erts-8.0,
kernel-5.0, mnesia-4.12, stdlib-3.0
---------------------------------------------------------------------
--- sasl-3.2.1 ------------------------------------------------------
---------------------------------------------------------------------
The sasl-3.2.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of sasl-3.2.1: erts-9.0, kernel-5.3,
stdlib-3.4, tools-2.6.14
---------------------------------------------------------------------
--- snmp-5.2.12 -----------------------------------------------------
---------------------------------------------------------------------
The snmp-5.2.12 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15287 Application(s): snmp
Related Id(s): ERIERL-206
Conversion of (agent) Audit Trail Log (ATL) failed due
to invalid log entries.
The conversion aborted completely midway because the
ATL contained invalid entries. The conversion has been
improved so that it now firstly handles encountered
errors and write an informative message (into the
converted stream) and secondly keeps count of the
number of successful or failed entry conversions. See
log_to_txt for more info.
The reason the ATL contained invalid entries have also
been fixed. The reason was that for some outgoing
messages (not response):
-- encrypted (v3 messages)
Was logged "as is" (encrypted) without the info to
decrypt, making conversion impossible (which was the
reason the log contained bad entries).
-- un-encrypted
Was not logged at all.
OTP-15290 Application(s): snmp
[compiler] Spurious version message removed. The snmp
mib compiler printed an spurious version message if the
'version' option was provided.
Full runtime dependencies of snmp-5.2.12: crypto-3.3, erts-6.0,
kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5
---------------------------------------------------------------------
--- ssh-4.7.1 -------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.7.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15020 Application(s): ssh
Extended the undocumented ssh_dbg debug module with an
api for a circular trace buffer. This makes it easy to
record the last low-level events before an error is
detected. It is intended for solving difficult errors.
OTP-15133 Application(s): ssh
Related Id(s): OTP-15240
*** HIGHLIGHT ***
The key exchange methods
'curve25519-sha256@libssh.org', 'curve25519-sha256' and
'curve448-sha512' are implemented. The last two are
defined in
https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves
They all depends on that OpenSSL 1.1.1 or higher is
used as cryptolib.
OTP-15209 Application(s): ssh
Related Id(s): OTP-15164
*** HIGHLIGHT ***
The cipher 'chacha20-poly1305@openssh.com' is now
supported if OpenSSL 1.1.1 or higher is used as
cryptolib.
Full runtime dependencies of ssh-4.7.1: crypto-4.2, erts-6.0,
kernel-3.0, public_key-1.5.2, stdlib-3.3
---------------------------------------------------------------------
--- ssl-9.0.2 -------------------------------------------------------
---------------------------------------------------------------------
The ssl-9.0.2 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15122 Application(s): ssl
Use separate processes for sending and receiving
application data for TLS connections to avoid potential
deadlock that was most likely to occur when using TLS
for Erlang distribution. Note does not change the API.
OTP-15168 Application(s): ssl
Correct handling of empty server SNI extension
OTP-15172 Application(s): ssl
Correct PSK cipher suite handling and add
selected_cipher_suite to connection information
OTP-15173 Application(s): ssl
Adopt to the fact that cipher suite sign restriction
are relaxed in TLS-1.2
OTP-15174 Application(s): ssl
Enhance error handling of non existing PEM files
OTP-15216 Application(s): ssl
Correct close handling of transport accepted sockets in
the error state
OTP-15224 Application(s): ssl
Correct PEM cache to not add references to empty
entries when PEM file does not exist.
OTP-15285 Application(s): ssl
Correct handling of all PSK cipher suites
Before only some PSK suites would be correctly
negotiated and most PSK ciphers suites would fail the
connection.
--- Improvements and New Features ---
OTP-12983 Application(s): ssl
TLS will now try to order certificate chains if they
appear to be unordered. That is prior to TLS 1.3,
тАЬcertificate_listтАЭ ordering was required to be strict,
however some implementations already allowed for some
flexibility. For maximum compatibility, all
implementations SHOULD be prepared to handle
potentially extraneous certificates and arbitrary
orderings from any TLS version.
OTP-15060 Application(s): ssl
TLS will now try to reconstructed an incomplete
certificate chains from its local CA-database and use
that data for the certificate path validation. This
especially makes sense for partial chains as then the
peer might not send an intermediate CA as it is
considered the trusted root in that case.
OTP-15193 Application(s): ssl
Option keyfile defaults to certfile and should be
trumped with key. This failed for engine keys.
OTP-15234 Application(s): ssl
Error message improvement when own certificate has
decoding issues, see also issue ERL-668.
OTP-15281 Application(s): ssl
Correct dialyzer spec for key option
Full runtime dependencies of ssl-9.0.2: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.5, stdlib-3.5
---------------------------------------------------------------------
--- stdlib-3.6 ------------------------------------------------------
---------------------------------------------------------------------
The stdlib-3.6 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15252 Application(s): stdlib
Related Id(s): ERL-667
The specs of filename:basedir/2,3 are corrected.
--- Improvements and New Features ---
OTP-15253 Application(s): stdlib
Related Id(s): ERL-55, OTP-13229
Let dets:open_file() exit with a badarg message if
given a raw file name (a binary).
OTP-15304 Application(s): stdlib
The Format argument of the formatting functions in
modules io and io_lib is accepted even if it is, for
example, a list of binaries. This is how it used to be
before Erlang/OTP 21.0.
Full runtime dependencies of stdlib-3.6: compiler-5.0, crypto-3.3,
erts-10.0, kernel-6.0, sasl-3.0
---------------------------------------------------------------------
--- syntax_tools-2.1.6 ----------------------------------------------
---------------------------------------------------------------------
The syntax_tools-2.1.6 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15207 Application(s): syntax_tools
Related Id(s): PR-1888
Fix the TypeName type in erl_syntax_lib.
OTP-15291 Application(s): syntax_tools
Related Id(s): ERL-719
Correct unfolding of the stacktrace variable.
OTP-15294 Application(s): syntax_tools
Correct erl_syntax:revert/1 bug regarding the types
map() and tuple().
--- Improvements and New Features ---
OTP-15165 Application(s): syntax_tools
Related Id(s): PR-1842
Support bitstrings as literals in module erl_syntax.
Full runtime dependencies of syntax_tools-2.1.6: compiler-7.0,
erts-9.0, kernel-5.0, stdlib-3.4
---------------------------------------------------------------------
--- tftp-1.0.1 ------------------------------------------------------
---------------------------------------------------------------------
The tftp-1.0.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of tftp-1.0.1: kernel-6.0, stdlib-3.5
---------------------------------------------------------------------
--- tools-3.0.1 -----------------------------------------------------
---------------------------------------------------------------------
The tools-3.0.1 application can be applied independently of other
applications on a full OTP 21 installation.
--- Improvements and New Features ---
OTP-15213 Application(s): tools
Related Id(s): PR-1807
The HTML pages generated by cover:analyse_to_file/1 and
related functions is improved for readability.
OTP-15239 Application(s): tools
Related Id(s): PR-1728
Add alignment functionality in emacs.
Full runtime dependencies of tools-3.0.1: compiler-5.0, erts-9.1,
kernel-5.4, runtime_tools-1.8.14, stdlib-3.4
---------------------------------------------------------------------
--- wx-1.8.5 --------------------------------------------------------
---------------------------------------------------------------------
The wx-1.8.5 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15230 Application(s): wx
Related Id(s): PR-1860
Fixed compilation warning on Darwin.
Full runtime dependencies of wx-1.8.5: erts-6.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- xmerl-1.3.18 ----------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.18 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15190 Application(s): debugger, edoc, eldap, et, eunit, ftp,
hipe, jinterface, megaco, observer, odbc, os_mon,
otp_mibs, parsetools, reltool, sasl, tftp, xmerl
Improved documentation.
Full runtime dependencies of xmerl-1.3.18: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
08 Nov 2018, PHP 7.2.12
- Core:
. Fixed bug #76846 (Segfault in shutdown function after memory limit error).
(Nikita)
. Fixed bug #76946 (Cyclic reference in generator not detected). (Nikita)
. Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
(Peter Kokot)
. Fixed bug #77041 (buildconf should output error messages to stderr)
(Mizunashi Mana)
- Date:
. Upgraded timelib to 2017.08. (Derick)
. Fixed bug #75851 (Year component overflow with date formats "c", "o", "r"
and "y"). (Adam Saponara)
. Fixed bug #77007 (fractions in `diff()` are not correctly normalized).
(Derick)
- FCGI:
. Fixed#76948 (Failed shutdown/reboot or end session in Windows). (Anatol)
. Fixed bug #76954 (apache_response_headers removes last character from header
name). (stodorovic)
- FTP:
. Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
(Manuel Mausz)
- intl:
. Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH). (anthrax at unixuser dot org)
- Reflection:
. Fixed bug #76936 (Objects cannot access their private attributes while
handling reflection errors). (Nikita)
. Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with
object scope). (Nikita)
- Sodium:
. Some base64 outputs were truncated; this is not the case any more.
(jedisct1)
. block sizes >= 256 bytes are now supposed by sodium_pad() even
when an old version of libsodium has been installed. (jedisct1)
. Fixed bug #77008 (sodium_pad() could read (but not return nor write)
uninitialized memory when trying to pad an empty input). (jedisct1)
- Standard:
. Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
(Pierrick)
- Tidy:
. Fixed bug #77027 (tidy::getOptDoc() not available on Windows). (cmb)
- XML:
. Fixed bug #30875 (xml_parse_into_struct() does not resolve entities). (cmb)
. Add support for getting SKIP_TAGSTART and SKIP_WHITE options. (cmb)
- XMLRPC:
. Fixed bug #75282 (xmlrpc_encode_request() crashes). (cmb)
go1.11.2 (released 2018/11/02) includes fixes to the compiler, linker,
documentation, go command, and the database/sql and go/types packages. See the
Go 1.11.2 milestone on our issue tracker for details.
go1.10.5 (released 2018/11/02) includes fixes to the go command, linker,
runtime and the database/sql package. See the Go 1.10.5 milestone on our issue
tracker for details.
