upstream changes:
-----------------
Patch Package: OTP 23.3.3
Git Tag: OTP-23.3.3
Date: 2021-05-06
Trouble Report Id: OTP-16607, OTP-16930, OTP-17347, OTP-17357,
OTP-17358, OTP-17361
Seq num: ERL-1371, ERL-1439, ERL-ERL-610, GH-3480,
GH-4396, GH-4774
System: OTP
Release: 23
Application: common_test-1.20.2, compiler-7.6.8,
erl_interface-4.0.3, kernel-7.3.1,
runtime_tools-1.16.1
Predecessor: OTP 23.3.2
Check out the git tag OTP-23.3.3, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.20.2 ----------------------------------------------
---------------------------------------------------------------------
The common_test-1.20.2 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17347 Application(s): common_test
Related Id(s): ERL-1439, GH-3480
Before this change Config leaked between test groups in
case of a subgroup was skipped (GH-3480).
Full runtime dependencies of common_test-1.20.2: compiler-6.0,
crypto-3.6, debugger-4.1, erts-7.0, ftp-1.0.0, inets-6.0, kernel-4.0,
observer-2.1, runtime_tools-1.8.16, sasl-2.4.2, snmp-5.1.2, ssh-4.0,
stdlib-3.5, syntax_tools-1.7, tools-2.8, xmerl-1.3.8
---------------------------------------------------------------------
--- compiler-7.6.8 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.6.8 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17357 Application(s): compiler
Related Id(s): GH-4774
Fixed a bug in the validator that could cause it to
reject valid code.
Full runtime dependencies of compiler-7.6.8: crypto-3.6, erts-11.0,
hipe-3.12, kernel-7.0, stdlib-3.13
---------------------------------------------------------------------
--- erl_interface-4.0.3 ---------------------------------------------
---------------------------------------------------------------------
The erl_interface-4.0.3 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17358 Application(s): erl_interface
Related Id(s): ERL-ERL-610
Fix bug where sending of large data with
ei_send_*/ei_rpc with infinite timeout could fail when
the tcp buffer becomes full.
Fault has existed since OTP-21.
--- Known Bugs and Problems ---
OTP-16607 Application(s): erl_interface
Related Id(s): OTP-16608
The ei API for decoding/encoding terms is not fully
64-bit compatible since terms that have a
representation on the external term format larger than
2 GB cannot be handled.
---------------------------------------------------------------------
--- kernel-7.3.1 ----------------------------------------------------
---------------------------------------------------------------------
The kernel-7.3.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17361 Application(s): kernel
A bug in the Erlang DNS resolver has been fixed, where
it could be made to bring down the kernel supervisor
and thereby the whole node, when getting an incorrect
(IN A reply to an IN CNAME query) reply from the DNS
server and used the reply record's value without
verifying its type.
Full runtime dependencies of kernel-7.3.1: erts-11.0, sasl-3.0,
stdlib-3.13
---------------------------------------------------------------------
--- runtime_tools-1.16.1 --------------------------------------------
---------------------------------------------------------------------
The runtime_tools-1.16.1 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16930 Application(s): runtime_tools
Related Id(s): ERL-1371, GH-4396
The function dbg:n/1 used a local fun to set up a
tracer on a remote node. This works fine as long as the
remote node is running exactly the same version of
Erlang/OTP but does not work at all otherwise. This is
fixed by exporting the relevant function and by calling
this function on the remote node to set up remote
tracing.
Full runtime dependencies of runtime_tools-1.16.1: erts-11.0,
kernel-7.0, mnesia-4.12, stdlib-3.13
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
Module-based builds are the default way to build software in Go as of Go
1.16. go-package.mk implements the older GOPATH-based build type, which
will go away in one of the next Go releases (probably in early 2022).
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
Real changes are in www/ruby-actionpack60 only.
## Rails 6.0.3.7 (May 05, 2021) ##
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
go1.16.3 (released 2021/04/01) includes fixes to the compiler, linker, runtime,
the go command, and the testing and time packages. See the Go 1.16.3 milestone
on our issue tracker for details.
go1.16.4 (released 2021/05/06) includes a security fix to the net/http package,
as well as bug fixes to the runtime, the compiler, and the archive/zip, time,
and syscall packages. See the Go 1.16.4 milestone on our issue tracker for
details.
go1.15.11 (released 2021/04/01) includes fixes to cgo, the compiler, linker,
runtime, the go command, and the database/sql and net/http packages. See the Go
1.15.11 milestone on our issue tracker for details.
go1.15.12 (released 2021/05/06) includes a security fix to the net/http
package, as well as bug fixes to the runtime and the time package. See the Go
1.15.12 milestone on our issue tracker for details.
Python 3.9.5 final
Security
bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.
bpo-43882: The presence of newline or tab characters in parts of a URL could allow some forms of attacks.
Following the controlling specification for URLs defined by WHATWG urllib.parse() now removes ASCII newlines and tabs from URLs, preventing such attacks.
bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module.
bpo-36384: ipaddress module no longer accepts any leading zeros in IPv4 address strings. Leading zeros are ambiguous and interpreted as octal notation by some libraries. For example the legacy function socket.inet_aton() treats leading zeros as octal notatation. glibc implementation of modern inet_pton() does not accept any leading zeros. For a while the ipaddress module used to accept ambiguous leading zeros.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
bpo-42800: Audit hooks are now fired for frame.f_code, traceback.tb_frame, and generator code/frame attribute access.
Core and Builtins
bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations.
bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string).
Library
bpo-43993: Update bundled pip to 21.1.1.
bpo-43937: Fixed the turtle module working with non-default root window.
bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate.
bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.
bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module’s _syscmd_ver private function to return an accurate version.
bpo-42248: [Enum] ensure exceptions raised in _missing__ are released
bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)
bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second time when first call has signaled an error condition.
bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL’s text file with error codes.
bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window.
bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window.
bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL.
bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError.
bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error.
bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin.
bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.
bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz.
Documentation
bpo-43959: The documentation on the PyContextVar C-API was clarified.
bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError.
bpo-43755: Update documentation to reflect that unparenthesized lambda expressions can no longer be the expression part in an if clause in comprehensions and generator expressions since Python 3.9.
bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type.
Tests
bpo-43961: Fix test_logging.test_namer_rotator_inheritance() on Windows: use os.replace() rather than os.rename(). Patch by Victor Stinner.
bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner.
bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing.
bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.
Windows
bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an invalid filename.
bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing slash, rather than falling back to the parent directory’s metadata. This implicitly affected os.path.exists() and os.path.isdir().
bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and socket.gethostbyname_ex().
bpo-40432: Updated pegen regeneration script on Windows to find and use Python 3.8 or higher. Prior to this, pegen regeneration already required 3.8 or higher, but the script may have used lower versions of Python.
bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases were mislabelled and actually included 1.1.1i again.
bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.
macOS
bpo-42119: Fix check for macOS SDK paths when building Python. Narrow search to match contents of SDKs, namely only files in /System/Library, /System/IOSSupport, and /usr other than /usr/local. Previously, anything under /System was assumed to be in an SDK which causes problems with the new file system layout in 10.15+ where user file systems may appear to be mounted under /System. Paths in /Library were also incorrectly treated as SDK locations.
bpo-44009: Provide “python3.x-intel64” executable to allow reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs. This can be useful for testing or when universal2 wheels are not yet available.
bpo-43492: Update macOS installer to use SQLite 3.35.4.
IDLE
bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window.
Python 3.8.10 final
Security
bpo-43434: Creating a sqlite3.Connection object now also produces a sqlite3.connect auditing event. Previously this event was only produced by sqlite3.connect() calls. Patch by Erlend E. Aasland.
bpo-43472: Ensures interpreter-level audit hooks receive the cpython.PyInterpreterState_New event when called through the _xxsubinterpreters module.
bpo-43075: Fix Regular Expression Denial of Service (ReDoS) vulnerability in urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable regex has quadratic worst-case complexity and it allows cause a denial of service when identifying crafted invalid RFCs. This ReDoS issue is on the client side and needs remote attackers to control the HTTP server.
Core and Builtins
bpo-43105: Importlib now resolves relative paths when creating module spec objects from file locations.
bpo-42924: Fix bytearray repetition incorrectly copying data from the start of the buffer, even if the data is offset within the buffer (e.g. after reassigning a slice at the start of the bytearray to a shorter byte string).
Library
bpo-43993: Update bundled pip to 21.1.1.
bpo-43937: Fixed the turtle module working with non-default root window.
bpo-43930: Update bundled pip to 21.1 and setuptools to 56.0.0
bpo-43920: OpenSSL 3.0.0: load_verify_locations() now returns a consistent error message when cadata contains no valid certificate.
bpo-43607: urllib can now convert Windows paths with \\?\ prefixes into URL paths.
bpo-43284: platform.win32_ver derives the windows version from sys.getwindowsversion().platform_version which in turn derives the version from kernel32.dll (which can be of a different version than Windows itself). Therefore change the platform.win32_ver to determine the version using the platform module’s _syscmd_ver private function to return an accurate version.
bpo-42248: [Enum] ensure exceptions raised in _missing__ are released
bpo-43799: OpenSSL 3.0.0: define OPENSSL_API_COMPAT 1.1.1 to suppress deprecation warnings. Python requires OpenSSL 1.1.1 APIs.
bpo-43794: Add ssl.OP_IGNORE_UNEXPECTED_EOF constants (OpenSSL 3.0.0)
bpo-43789: OpenSSL 3.0.0: Don’t call the password callback function a second time when first call has signaled an error condition.
bpo-43788: The header files for ssl error codes are now OpenSSL version-specific. Exceptions will now show correct reason and library codes. The make_ssl_data.py script has been rewritten to use OpenSSL’s text file with error codes.
bpo-43655: tkinter dialog windows are now recognized as dialogs by window managers on macOS and X Window.
bpo-43534: turtle.textinput() and turtle.numinput() create now a transient window working on behalf of the canvas window.
bpo-43522: Fix problem with hostname_checks_common_name. OpenSSL does not copy hostflags from struct SSL_CTX to struct SSL.
bpo-42967: Allow bytes separator argument in urllib.parse.parse_qs and urllib.parse.parse_qsl when parsing str query strings. Previously, this raised a TypeError.
bpo-43176: Fixed processing of a dataclass that inherits from a frozen dataclass with no fields. It is now correctly detected as an error.
bpo-34463: Fixed discrepancy between traceback and the interpreter in formatting of SyntaxError with lineno not set (traceback was changed to match interpreter).
bpo-41735: Fix thread locks in zlib module may go wrong in rare case. Patch by Ma Lin.
bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.
bpo-36470: Fix dataclasses with InitVars and replace(). Patch by Claudiu Popa.
bpo-28577: The hosts method on 32-bit prefix length IPv4Networks and 128-bit prefix IPv6Networks now returns a list containing the single Address instead of an empty list.
bpo-32745: Fix a regression in the handling of ctypes’ ctypes.c_wchar_p type: embedded null characters would cause a ValueError to be raised. Patch by Zackery Spytz.
Documentation
bpo-43959: The documentation on the PyContextVar C-API was clarified.
bpo-43938: Update dataclasses documentation to express that FrozenInstanceError is derived from AttributeError.
bpo-43739: Fixing the example code in Doc/extending/extending.rst to declare and initialize the pmodule variable to be of the right type.
Tests
bpo-43842: Fix a race condition in the SMTP test of test_logging. Don’t close a file descriptor (socket) from a different thread while asyncore.loop() is polling the file descriptor. Patch by Victor Stinner.
bpo-43811: Tests multiple OpenSSL versions on GitHub Actions. Use ccache to speed up testing.
bpo-43791: OpenSSL 3.0.0: Disable testing of legacy protocols TLS 1.0 and 1.1. Tests are failing with TLSV1_ALERT_INTERNAL_ERROR.
Windows
bpo-35306: Avoid raising errors from pathlib.Path.exists() when passed an invalid filename.
bpo-38822: Fixed os.stat() failing on inaccessible directories with a trailing slash, rather than falling back to the parent directory’s metadata. This implicitly affected os.path.exists() and os.path.isdir().
bpo-26227: Fixed decoding of host names in socket.gethostbyaddr() and socket.gethostbyname_ex().
bpo-43745: Actually updates Windows release to OpenSSL 1.1.1k. Earlier releases were mislabelled and actually included 1.1.1i again.
bpo-43492: Upgrade Windows installer to use SQLite 3.35.5.
macOS
bpo-44009: Provide “python3.x-intel64” executable to allow reliably forcing macOS universal2 framework builds to run under Rosetta 2 Intel-64 emulation on Apple Silicon Macs. This can be useful for testing or when universal2 wheels are not yet available.
bpo-41100: As of 3.8.10, Python now supports building and running on macOS 11 (Big Sur) and on Apple Silicon Macs (based on the ARM64 architecture). A new universal build variant, universal2, is also available to natively support both ARM64 and Intel 64 in one set of executables. This backport from Python 3.9 does not include support for “weaklinking”; to support a range of macOS versions, continue to target for and build on the oldest version in the range; for 3.8.x, the universal2 variant is only useful on macOS 11 or later.
bpo-43492: Update macOS installer to use SQLite 3.35.4.
IDLE
bpo-43655: IDLE dialog windows are now recognized as dialogs by window managers on macOS and X Window.
C API
bpo-43962: _PyInterpreterState_IDIncref() now calls _PyInterpreterState_IDInitref() and always increments id_refcount. Previously, calling _xxsubinterpreters.get_current() could create an id_refcount inconsistency when a _xxsubinterpreters.InterpreterID object was deallocated. Patch by Victor Stinner.
Vala 0.52.3
===========
* Various improvements and bug fixes:
- codegen:
+ Apply gconstpointer to gpointer cast to GenericType only
+ Fix access to captured generics in async method of interfaces (2)
+ Use if-clause for is_in_destructor() condition to be more clear
+ Add missing "_return" label and "_inner_error*_" declaration in dtors
+ Don't use G_GNUC_INTERNAL on implicit type specific fields
- vala:
+ length-type of arrays must not be nullable
+ Report a warning for unhandled errors in destructors
- parser:
+ Minor semantic checks to improve error messages
+ Allow empty member-initializer and accept trailing comma
+ Include INTERR token in source_reference of parsed types
Our tool wrappers don't look into response files, so common mistakes
such as forgetting to declare dependencies have been overlooked by
our buildlink framework. With the change that will no longer happen.
29 Apr 2021, PHP 8.0.5
- Core:
. Fixed bug #75776 (Flushing streams with compression filter is broken). (cmb)
. Fixed bug #80811 (Function exec without $output but with $restult_code
parameter crashes). (Nikita)
. Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space
available for static Thread Local Storage). (Dmitry)
. Changed PowerPC CPU registers used by Zend VM to work around GCC bug.
Old registers (r28/r29) might be clobbered by _restgpr routine used for
return from C function compiled with -Os. (Dmitry)
- Dba:
. Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN). (cmb)
- DOM:
. Fixed bug #66783 (UAF when appending DOMDocument to element). (cmb)
- FFI:
. Fixed bug #80847 (CData structs with fields of type struct can't be passed
as C function argument). (Nickolas Daniel da Silva, Dmitry)
- FPM:
. Fixed bug #80024 (Duplication of info about inherited socket after pool
removing). (Jakub Zelenka)
- FTP:
. Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open). (cmb, Jakub
Zelenka)
- IMAP:
. Fixed bug #80800 (imap_open() fails when the flags parameter includes
CL_EXPUNGE). (girgias)
. Fixed bug #80710 (imap_mail_compose() header injection). (cmb, Stas)
- Intl:
. Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
(cmb)
- LibXML:
. Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8). (cmb)
. Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers). (cmb)
- MySQLnd:
. Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an
error). (Kamil Tekiela)
- Opcache:
. Fixed bug #80839 (PHP problem with JIT). (Dmitry)
. Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
(Dmitry)
. Fixed bug #80786 (PHP crash using JIT). (Nikita)
. Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1). (Dmitry)
- Pcntl:
. Fixed bug #79812 (Potential integer overflow in pcntl_exec()). (cmb)
- PCRE:
. Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has
0-width fullstring match). (Kamil Tekiela)
- PDO_ODBC:
. Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
(cmb)
- PDO_pgsql:
. Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
(Matteo)
- Session:
. Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
(cmb)
. Fixed bug #80774 (session_name() problem with backslash). (cmb)
- SOAP:
. Fixed bug #69668 (SOAP special XML characters in namespace URIs not
encoded). (cmb)
- Standard:
. Fixed bug #80915 (Taking a reference to $_SERVER hides its values from
phpinfo()). (Rowan Tommins)
. Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
(Rowan Tommins)
. Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI). (cmb)
. Fixed bug #78719 (http wrapper silently ignores long Location headers).
(cmb)
. Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
(manuelm)
- Zip:
. Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).
(cmb)
New in version 2.1.4
* platform support:
* work around address-space randomization causing instability
on new versions of MinGW. (#1921141)
* bug fix: RANDOM on floats returns values strictly less than the
float argument.
* bug fix: compiler error on x86-64 resulting from attempting to
zero a memory location with xor. (reported by Eric Marsden)
* optimization: extended loops updating iteration variables with
THEN can perform specialized arithmetic for those updates.
* optimization: in some cases, the jump table resulting from a
compilation of TYPECASE is simpler.
* optimization: on x86-64, IF BOUNDP followed by SYMBOL-VALUE can
elide some memory loads and tests.
New in version 2.1.3
* minor incompatible change: support for the
:SB-SAFEPOINT-STRICTLY, :SB-THRUPTION, and :SB-WTIMER build
features has been removed
* platform support:
* support for :SB-CORE-COMPRESSION on Darwin/ARM64
* support ARM v8.1 atomic and compare-and-swap instructions
* x86, x86-64: microoptimizations in multiple type-checking routines
* bug fix: structures and conditions are now TYPEP all
classes in the class precedence list of their
class. (reported by Luis Oliveira)
* bug fix: derivation of the result type from subtraction
sometimes erroneously excluded zero. (#1916895)
* bug fix: reduce the number of places where the system
permissively accepts the symbol * as a type specifier where
it should not be accepted. (#1860919)
* bug fix: the code-walker used by the system's
implementation of CLOS can handle defuns declared
inline. (reported by Don Cohen)
* optimization: EQUALP on specialized vectors and arrays is faster.
* optimization: support routines for EQUALP hash tables
generate less garbage.
New in version 2.1.2
* platform support:
* support for ARM64 macOS;
* improvement in coverage mark implementation on non-x86oid backends,
approaching the existing x86oid support;
* more empirically-robust retrieval of the program counter from
illegal instruction traps on SPARC;
* retain fewer dead objects when saving cores with precise collectors.
* incompatible change: MAP-ALL-SAMPLES and MAP-TRACE-SAMPLES
are no longer present in the SB-SPROF contrib module.
* minor incompatible change: SB-SPROF:WITH-PROFILING defaults
to all threads. SB-SPROF:START-PROFILING no longer accepts
a :SAMPLING keyword.
* enhancement: the sb-introspect contrib now supports finding
the lambda lists of method combinations. (thanks to Didier
Verna)
* enhancement: short-form DEFSETF now stores a source-location.
* bug fix: canonical unions of CONS types were being
incorrectly computed. (#1912863, reported by James
Kalenius)
* bug fix: better understanding of array simplicity (or
otherwise) in the type system. (#1903241)
* bug fix: unions of rational and integer types now have a
single canonical form, allowing more correct reasoning
about them in the type system.
* bug fix: less likely to overclaim certainty about type
equality of union types. (#1916040)
* bug fix: HANDLER-BIND evaluates the forms producing handler
functions only once. (#1916302, reported by Christophe
Junke)
* optimization: FIND on constant sequences can be compiled
into a jump table, in a similar manner to POSITION
* optimization: the compiler's awareness of numeric contagion
rules for operations on pairs of floating point numbers is
improved. (#1914094, thanks to Andrew Berkley)
New in version 2.1.1
* platform support:
* restore non-threaded NetBSD builds;
* adjust how the finalizer thread is started; (#1906571, #1907872)
* fix the encoding of PEXTR on x86-64;
* minor incompatible change: emit warnings for list iteration
forms when the object being iterated over is known not to be a
list. (#1908819, reported by Michael Fiano)
* bug fix: detect 2 or 1 as an invalid number of arguments passed
to optimized slot reading or writing effective method
respectively. (#1909659, reported by Michal Herda)
* bug fix: division by zero errors were in some cases not being
signalled. (#1910098, reported by il71)
* bug fix: erroneous coercions in the type system could lose
precision. (#1910294)
* bug fix: literal (read-time evaluated) NaNs in source code no
longer cause compiler crashes. (#1909881, reported by Michal
Herda)
* bug fix: detect more erroneous syntax in method
bodies. (#1912362, reported by Paul M. Rodriguez)
* optimization: the compiler's understanding of EXPT is improved,
reducing the introduction of COMPLEX types. (#1908830, reported
by Michael Fiano)
* optimization: the compiler is better at computing numeric
contagion when (COMPLEX FLOAT) types are involved.
* micro-optimizations:
* moving from slightly-bigger-than-fixnum ranges is more
efficient on x86-64;
* encode character comparisons with smaller operands on x86-64;
* truncating (and related operations) on floats can be inlined
in more cases on 64-bit platforms;
* rounding can use specialized instructions on ARM64 and on
x86-64 when SSE4 is available;
Our binary packages have been broken because of bad "REQUIRES"
entries: GHC uses $ORIGIN in rpath but mk/pkgformat/pkg/metadata.mk
uses ldd(1) to extract the list of required .so objects, which causes
them to be wrongly expanded.
- Libraries and binaries don't have the .note.GNU-stack section stripped
anymore. Previously, "make strip" would strip that section, which
would sometimes (depending on the toolchain) cause binaries to be
incorrectly tagged as needing an executable stack. This is not a
security issue in itself, but an executable stack makes it easier for
an attacker to turn bugs into exploits, so it should be avoided
whenever possible. Thanks to Xavier Stonestreet for reporting and
finding the cause of the problem.
- Link tests are now performed with a regular file as their
output, instead of /dev/null, which makes them more portable to
old/buggy linkers.
Bump default BUILDLINK_API_DEPENDS to match.
most of these simply extend matching from "aarch64" to "aarch64eb"
in various forms of code. most remaining uses in pkgsrc of
"MACHINE_ARCH == aarch64" are because of missing aarch64eb support,
such as most of the binary-bootstrap requiring languages like rust,
go, and java.
no pkg-bump because this shouldn't change packages on systems that
could already build all of these.
- Fix malformed preprocessor directive: ``#ifdef FOO && BAR''
- Use V8_OS_NETBSD instead of defined(__NetBSD__) consistently where appropriate
XXX
Unfortunately, nodejs does not work for aarch64eb yet.
We need to add big-endian support to built-in assembler.
1.3.0.1: Released 2021-02-06
* Fixed build with GHC 9.0.1 (Simon Jakobi).
* Improved test-suite; fixed memory leaks in some tests.
* Moved CI to GitHub Actions.
1.3.0: Released 2020-10-16
* Upgrade included Lua version to new bug-fix release 5.3.6. See the
upstream documentation https://www.lua.org/bugs.html#5.3.5 for the
bugs which have been fixed.
* Stop exporting c_loaded_table and c_prelad_table from module
Foreign.Lua.Raw.Auxiliary. Both values are defined only if the flag
HARDCODE_REG_KEYS is disabled, leading to compilation errors when
the flag is enabled.
* Add new function peekStringy to Peek module. It allows to peek a
value of any IsString type from an UTF-8 encoded string.
* Various improvements to the continuous integration setup, including
cleanup of the config files, version bumps to the ghc/cabal versions
used for testing, and running the linter in a dedicated GitHub
Action.
1.2.0: Released 2020-08-15
* New module Foreign.Lua.Call: the module offers an alternative method
of exposing Haskell functions to Lua. The focus is on
maintainability: types and marshaling methods are made explicit; the
possibility of adding documentation and parameter names improves
error messages and allows for automatic documentation extraction.
Work on this module is ongoing; the interface is likely to
change. Suggestions and feedback are welcome.
* New types Module, Field, and new functions registerModule,
preloadModule, pushModule, and render exported from
Foreign.Lua.Module: this builds on the new Call module and allows
the creation of documented modules as well as automatic generation
of Markdown-formatted module documentation.
* Export new items nth and top from Foreign.Lua.Core and
Foreign.Lua. They are short-hands for nthFromTop and stackTop.
* Performance improvements: Calling of Lua functions and creation of
Haskell data wrapping userdata has been sped up by about 10%. This
is mostly due to using of previously missed optimization
opportunities.
* All foreign imports have been moved to into the new Foreign.Lua.Raw
module. This module will replace the current Foreign.Lua.Core module
in the future and will be distributed as a separate package (likely
starting with the 2.0 release); the remaining parts of the current
Core module will be promoted one level in the module hierarchy.
* The Raw module can be used whenever the full power of HsLua is not
needed.
* Error-signaling of API wrapper functions has been changed: instead
of returning special integer values, functions now take an
additional pointer argument, which is set to the status result of
the computation.
* The Failable type in Core.Error is no longer needed and has been
removed.
* CI builds now include GHC 8.8 and GHC 8.10, ensuring that all GHC
8.* versions are supported.
1.1.2: Released 2020-06-27
* Revert signature of function pushList to it's proper 1.1 value. This
fixes a mistake which caused the 1.1.1 release to be in violation of
the PVP versioning policy.
* Module Foreign.Lua.Peek: add function pushKeyValuePairs (Alex
Loomis).
1.1.1: Released 2020-06-02
WARNING: This version does not conform to the PVP versioning policy,
due to a unintended signature change of function pushList. It is
recommended not to use this version.
* New module Foreign.Lua.Push: provides functions which marshal and
push Haskell values onto Lua's stack.
* Most functions in Foreign.Lua.Types.Pushable are now defined using
functions from this module.
* New module Foreign.Lua.Peek: provides functions which unmarshal and
retrieve Haskell values from Lua's stack. Contrary to peek from
Foreign.Lua.Types.Peekable, the peeker functions in this module will
never throw errors, but use an Either type to signal retrieval
failure.
* The error type PeekError should not be considered final and will
likely be subject to change in later versions.
* Module Foreign.Lua.Utf8: never throw errors when decoding UTF-8
strings. Invalid UTF-8 input bytes no longer cause exceptions, but
are replaced with the Unicode replacement character U+FFFD.
* Fixed missing and faulty Haddock documentation.
* Fixed a bug which caused unnecessary use of strings to represent
floating point numbers under certain configurations.
1.1.0: Released 2020-03-25.
WARNING: The changes in this release are experimental. It is
recommended to skip this release unless the newly introduced features
are required.
* Allow custom error handling: conversion of Lua errors to Haskell
exceptions and back is made configurable. Users can define their own
exception/error handling strategies, even opening up the option to
pass arbitrary exceptions through Lua.
- New types exported from Foreign.Lua.Types:
* ErrorConversion: defines the ways in which exceptions and errors
are handled and converted.
* LuaEnvironment: environment in which Lua computations are
evaluated. Contains the Lua interpreter state and the error
conversion strategy.
- The environment of the Lua type is changed from a plain Lua State
to the above mentioned LuaEnvironment.
- New functions run' is exported from Foreign.Lua.Util and
Foreign.Lua: it is analogous to run, but allows to run
computations with a custom error conversion strategy.
- New function runWithConverter exported from Foreign.Lua.Core.Types
and Foreign.Lua.Core; like run', but takes a custom state.
- New function unsafeRunWith exported from Foreign.Lua.Core.Types
and Foreign.Lua.Core; runs a computation without proper error
handling.
- New function errorConversion exported from Foreign.Lua.Core.Types
and Foreign.Lua.Core: extract the error conversion strategy from
the Lua type.
- New function throwErrorAsException exported from
Foreign.Lua.Core.Error and Foreign.Lua.Core: throws a Lua error as
Haskell exception, using the current error conversion strategy.
- Function runWith is moved from module Foreign.Lua.Core to
Foreign.Lua.Util.
- The module Foreign.Lua.Utf8 is now exported.
GHC has stopped requiring perl since 8.2.1 release. The last component
written in Perl was the evil splitter (-fsplit-objs), which has been
superseded by -fsplit-sections. Hooray!
Now that allocateExec() in rts/sm/Storage.c uses libffi to map executable
pages, we no longer have to disable these protections unless the RTS linker
is to be used.
Version 1.68.0
--------------
- Closed bugs and merge requests:
* 40.rc session crashes in gjs on unlocking (sometimes) [#387, !588, Marco
Trevisan]
* 40.rc: installed-tests installed despite explicitly disabled [#388, !589,
Philip Chimento]
Version 1.67.3
--------------
- Closed bugs and merge requests:
* System.exit() doesn't work inside signal handler [#19, !565, Evan Welsh]
* GdkEvent subtypes trigger assert in Gtk4 [#365, !566, Evan Welsh]
* Replace g_memdup [#375, !567, Philip Chimento]
* 1.67.2: build fails with gcc 11 [#376, !568, Philip Chimento]
* Warnings introspecting array of boxed type as signal argument. [#377, !569,
Carlos Garnacho]
* Add list command to debugger [!571, Nasah Kuma]
* Assertion failure in enqueuePromiseJob [#349, !572, Philip Chimento]
* in interpreter Ctrl-c should exit inner shell if stuck [#98, !574, Philip
Chimento]
* Compiler ambiguity in enum-utils.h on operator overloading [#368, !576,
Chun-wei Fan]
* Fix GJS_DISABLE_JIT not fully disabling JIT [!575, Ivan Molodetskikh]
* Error running gjs built with prefix: g_object_new_is_valid_property: object
class 'GjsContext' has no property named 'program-path' [#381, !577, Sonny
Piers]
* Various maintenance [!578, !586, Philip Chimento]
* Add some profiling labels [!579, Ivan Molodetskikh]
* Some installed tests (introspection) segfault when GTK isn't available
[#383, !580, Olivier Tilloy]
* Installed tests do not install the js/modules subdir [#384, !581, Olivier
Tilloy]
* Installed tests fail because expected path doesn't include project name
[#385, !582, Olivier Tilloy]
* 1.67.2: Regress test hangs / timeouts on i686 [#379, !583, Marco Trevisan]
* object: Do not call any function on disposed GObject pointers [!585, Marco
Trevisan]
Version 1.67.2
--------------
- New language features: Importing ES modules is now supported, both statically
with import statements and dynamically with the import() function. For more
information on how to use modules, see:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/import
Four built-in modules exist: cairo, gettext, gi, and system. Except for gi,
they work similarly to the old-style modules imports.cairo, imports.gettext,
and imports.system. Consult the documentation in doc/Modules.md on how to use
them.
- The debugger now has a "list" command which works very similarly to its GDB
equivalent.
- New API: GObject.ParamSpec.jsobject() works like the other GObject.ParamSpec
types, and allows you to have a GObject property whose value is a JavaScript
object (plain object, Date, Array, etc.)
- New API: System.programPath is the name of the JS program that GJS is running,
or null if there isn't one (for example, in the interactive interpreter.)
- New API: System.programArgs is an array of arguments given to the JS program.
It is the same as ARGV but is consistently always present. (ARGV was not
defined in the interactive interpreter or when embedding GJS in a C program.)
- Closed bugs and merge requests:
* Support Native JSObject GType for Signals and Properties [!305, Marco
Trevisan, Philip Chimento]
* Add 'system.programPath' API. [!443, Evan Welsh]
* ESM: Enable static imports. (Part 3) [!450, Evan Welsh, Philip Chimento]
* Refactor ARGV handling and add `system.programArgs` [!455, Evan Welsh,
Philip Chimento]
* Function make the object more C++ friendly [!514, Marco Trevisan]
* ESM: Enable dynamic imports. [!525, Evan Welsh, Philip Chimento]
* Remove JSClass macros from Ns, GType, and Cairo types [!549, Philip
Chimento]
* various documentation improvements [!551, Sonny Piers]
* Replace remaining mentions of window with globalThis [!552, Sonny Piers]
* add .editorconfig file [!553, Sonny Piers]
* Display current line of source code when displaying current frame in
debugger [!554, Nasah Kuma]
* doc: add Clapper and Flatseal to thirty party applications written in GJS
[!555, Sonny Piers]
* Multiline template literals are missing newlines when entered at interactive
prompt [#371, !556, Ales Huzik]
* function: Remove JSClass macros [!558, Philip Chimento, Marco Trevisan]
* Missing classes on global. [#372, !559, Philip Chimento]
* arg: fix build failure with glib main branch [!560, Michael Catanzaro]
* Update to Jasmine 2.9.1 [!561, Evan Welsh]
* Various maintenance [!562, Philip Chimento]
* Add list command to debugger [!563, Nasah Kuma]
* Upgrade to Jasmine 3.6.0 [!564, Evan Welsh]
- Various refactors in preparation for BigInt support in gobject-introspection
[Marco Trevisan]
Version 1.67.1
--------------
- The debugger now has a "backtrace full" command which works very similarly to
its GDB equivalent.
- The GObject.ParamFlags.CONSTRUCT_ONLY flag is now correctly enforced, when
using it on GObject classes defined in JavaScript. This might break code that
was incorrectly trying to set a property that it had previously defined as
construct-only. The workaround is to remove the CONSTRUCT_ONLY flag.
- Fixed exception when calling GObject.Type().
- Several performance improvements.
- Progress on ES Modules.
- Closed bugs and merge requests:
* gobject: Handle CONSTRUCT_ONLY flag [!377, Florian Müllner]
* Add native module registry to global (Part 2) [!456, Evan Welsh]
* testGIMarshalling: Expand test coverage for flags [!479, Simon McVittie]
* Private Objects: Use native allocators and structs [!494, Marco Trevisan]
* Pass-by-reference GValue arguments do not work right [#74, !496, !507, Marco
Trevisan]
* Templated-data-only GjsAutoPointer (and use it more around) [!504, Marco
Trevisan]
* Error in function "_init()" in module "modules/overrides/GObject.js" [#238,
!508, Nina Pypchenko]
* fails to build on 32-bit [#357, !511, Michael Catanzaro]
* Revert "arg-cache: Save space by not caching GType" [!512, Jonas Dreßler]
* gi/wrapperutils: Move gjs_get_string_id() into resolve() implementations
[!513, Jonas Dreßler]
* updates on eslint configuration [!517, Nasah Kuma]
* Update CONTRIBUTING.md about the runner system failure [!518, Nasah Kuma]
* Switch to eslint-plugin-jsdoc and remove lint-condo [!520, #359, Evan Welsh,
Philip Chimento]
* gi: Check property before access [!521, Florian Müllner]
* testGIMarshalling: Actually run the GPtrArray utf8 tests [!522, Marco
Trevisan]
* Add more documents for "imports" and "imports.gi" [!526, wsgalaxy]
* overrides/Gtk: Set BuilderScope in class init [!527, Florian Müllner]
* gi/arg-cache: Only skip array length parameter once [!528, Florian Müllner]
* Copyright conformance with Reuse Software spec [!529, Philip Chimento, Evan
Welsh]
* Remove JSClass macros [!530, !533, !537, Philip Chimento]
* Avoid pulling from DockerHub in CI [!531, Philip Chimento, Marco Trevisan]
* Use GNOME-specific rules with cppcheck [!532, Philip Chimento]
* Fedora 33 CI images [!535, Philip Chimento]
* Fix IWYU bugs [!536, Philip Chimento]
* Reduce bandwidth usage in CI, and pick a more accurate base for diff checks
[!538, Philip Chimento]
* debugger: Make '$$' mean the last value [!539, Philip Chimento]
* Add codespell CI job [#362, !540, !541, !547, Björn Daase]
* Various maintenance [!542, !548, Philip Chimento]
* fix readline build on certain systems [!543, Jakub Kulík]
* build: Require gobject-introspection 1.66.0 [!546, Philip Chimento]
* Add backtrace full command to debugger [#208, !550, Nasah Kuma]
- Various refactors for type safety [Marco Trevisan]
- Various maintenance [Philip Chimento]
Version 1.66.2
--------------
- Performance improvements and crash fixes backported from the development
branch.
- Bug fixes enabling use of GTK 4.
- Closed bugs and merge requests:
* Error in function "_init()" in module "modules/overrides/GObject.js" [#238,
!508, Nina Pypchenko]
* Revert "arg-cache: Save space by not caching GType" [!512, Jonas Dreßler]
* gi/wrapperutils: Move gjs_get_string_id() into resolve() implementations
[!513, Jonas Dreßler]
* overrides/Gtk: Set BuilderScope in class init [!527, Florian Müllner]
* fix readline build on certain systems [!543, Jakub Kulík]
This appears to no longer be needed.
I could swear I had done a successful re-build before the previous commit,
so not sure how that happened.
Build fix, so no revision bump.
Changelog:
* Bugfixes.
Target Specific Changes
AArch64
A bug with the Random Number intrinsics in the arm_acle.h header
that resulted in an incorrect status result being returned has
been fixed.
GCC now supports the Fujitsu A64FX. The associated -mcpu and
-mtune options are -mcpu=a64fx and -mtune=a64fx respectively.
In particular, -mcpu=a64fx generates code for Armv8.2-A with
SVE and tunes the code for the A64FX. This includes tuning the
SVE code, although by default the code is still length-agnostic
and so works for all SVE implementations. Adding -msve-vector-bits=512
makes the code specific to 512-bit SVE.
The current i386 bootstrap is built for NetBSD 8.x, and so is linked
against libstdc++.so.8. NetBSD 9.x still requires compat80 for it to
run.
This isn't a complete workaround, as builds still fail in a sandboxed
environment that doesn't have compat80 installed outside it. Dealing
with that would require another workaround somewhat like the one used
for ghc*, but a little different.
Vala 0.52.1
===========
* Various improvements and bug fixes:
- codegen:
+ Improve handling of ellipsis parameter in get_ccode_name()
+ Fix default value of get_ccode_destroy_notify_pos()
+ Don't override valid target/destroy of previous lambda argument [#59]
+ Don't call *_instance_init() in compact class chainup
- vala: Mark tranformed static member-access as qualified [#270]
- parser: Stricter mode for chained member initializer with --keep-going [#1158]
- girwriter: namespace expects "c:symbol-prefixes" attribute [#1038]
- girwriter: Don't use instance-parameter inside callback [#1167]
- girparser,libvaladoc/girimporter: Don't guess length of xml header, iterate
forward to <repository>
- libvaladoc/girimporter: parse_constant() use "c:identifier" attribute first
* Bindings:
- gsl: Add BLAS module [#1149]
- rest-0.7: Fix OAuthProxyAuthCallback binding
- gtk+-3.0: Fix ModuleInitFunc binding
- gio-2.0: Fix TlsPassword.get_value() binding
- Fix several bindings which lead to invalid code by using them in:
javascriptcoregtk-4.0, libusb, libusb-1.0, pixman-1,
webkit2gtk-web-extension-4.0, x11, zlib,
Vala 0.52.0
===========
* Various improvements and bug fixes:
- codegen: Include "glib.h" for deprecated symbols (GOBJECT) [#1155]
- vala: Improve error for incompatible expressions in conditional expression
- vala: Check for unused attributes unconditionally
- girparser: Allow overriding of "Compact" attribute for classes
- girparser: Handle empty "<type/>" element and report an error
- girparser: Add support for NoWrapper metadata for methods
- build: Add --enable-test-asan configure option
* Bindings:
- gio-2.0: Add some missing NoWrapper and CCode.has_typedef attributes
- gnutls: Fix some binding errors
- gsl: Fix some binding errors
- gstreamer: Update from 1.19.0+ git master
- gtk4: Add Gtk.INVALID_LIST_POSITION [#1151]
- gtk4-unix-print: Switch to gir
- gtk4: Update to 4.1.2
- linux: Provide Input.Event.input_event_sec/input_event_usec fields [#1152]
- vapi: Fix a couple of attribute typos
- webkit2gtk-4.0: Update to 2.31.91
Vala 0.51.91
============
* Various improvements and bug fixes:
- codegen:
+ Error for missing type-arguments of HashTable (de)serialization [#1147]
+ Free intermediate temp-variables of postcondition expression [#80]
+ Use the one available source_reference for internal error [#436]
+ Fix access to captured generics in async method of interfaces [#537]
+ Don't ever create null-aware free macro for GenericType
+ Don't add generics arguments/parameters to async finish method
+ Drop inner casts before converting between generics and integers
- vala:
+ Add missing null-check in DataType.get_type_signature()
+ Check array type of declarations for errornous type-arguments
+ Check (optional) type-arguments of array creation expression
+ Replace all type parameter occurances in parameters for signal delegate
* Bindings:
- glib-2.0,gio-2.0: Add some missing type-arguments
- vapi: Update GIR-based bindings
Vala 0.51.90
============
* Various improvements and bug fixes:
- codegen:
+ More use of get_ccode_type_name()
+ "_first_array" parameter for params-array is variadic too
+ Inherit GType from base struct of SimpleType structs
- vala:
+ Report warning if --target-glib=auto was not evaluated successfully
+ Fix ownership inheritance of "unowned var" in foreach statement
+ Use pre-resolved symbol/type of SemanticAnalyzer if possible
- gdbus: Don't leak memory of deserialized arguments on error in wrapper method
- girparser: Reuse populated Node.gtype_struct_for instead of resolving again
- girparser: Evaluate "glib:type-struct" twice to pick up reparented structs
- testrunner: Include Gio-2.0/gio-2.0 for GIR tests too
* Bindings:
- gtk4: Update to 4.1.1+f8f90d85
Vala 0.51.3
===========
* Various improvements and bug fixes:
- codegen:
+ Don't use volatile modifier in glib API when targetting >= 2.68 [glib!1719]
+ CCodeBaseModule.get_type_id_expression () won't return null
+ Don't wrongly emit declaration for default-handler of signals
+ Include "string.h" for strcmp() (POSIX)
- vala:
+ Generics value holding struct pointer requires casting on access [#347]
+ Infer needle type for "in" expression on enum [#1138]
+ Don't allow "in" operation with different enum types [#1139]
+ Improve context check whether property is writeable on assignments
+ Include "stdlib.h" for Enum.to_string() (POSIX) [#1143]
+ Set proper source_reference for implicit "this" and "result" variables
+ Report error for invalid inner operand of unary expressions
- girwriter: Output default handler of signals
* Bindings:
- glib-2.0: Add new symbols from 2.68
- webkit2gtk-4.0: Update to 2.31.90
- vapi: Update GIR-based bindings
Vala 0.51.2
===========
* Various improvements and bug fixes:
- vala:
+ Check type-arguments in base-types/prerequisites of class/interface [#404]
+ Include type-checks in preconditions of methods for type narrowing [#894]
+ Capturing va_list parameters/variables is not allowed [#1136]
+ Properly parse and handle chained initialization of members [#1137]
- codewriter: Output valid vala syntax for LoopStatement and don't write
trailing ";" after body of WithStatement
* Bindings:
+ gstreamer: Update from 1.19.0+ git master
+ vapi: Update GIR-based bindings
Vala 0.51.1
===========
* Highlights:
- Support "binding" to bind GtkCallback to class of given property [#1093]
- Add support for type narrowing [#894]
- Support chain up to simple generics constructor [#342]
- Perform runtime version check of libvala [#88]
- girparser: Handle anonymous delegate not backed by virtual-method or signal
- Add support for 'opaque' compact classes [#1129]
- Add further support for params arrays in constructors [#128]
- Improve handling of "NoWrapper" attribute
- Improve support of SimpleType struct constructors
- Use __attribute__ instead of G_GNUC_* in POSIX profile
- Add SDL 2.x bindings [#1032] amd drop SDL 1.x
* Various improvements and bug fixes:
- codegen:
+ Improve GValueModule.visit_cast_expression()
+ Drop obsolete dedicated handling of property value-parameter
+ Apply CCodeModifiers.PRINTF to "string_printf" (POSIX)
+ Allow CCode.type_cname for classes and use get_ccode_type_name()
+ Always use G_TYPE_INSTANCE_GET_CLASS/INTERFACE for external symbols
+ Also check array type of variable argument for ref parameters
+ Don't leak array memory after it was implicitly copied
+ Use g_boxed_free in free-wrapper for heap-allocated GLib.Value
+ Don't leak GLib.Value when implicitly unboxing it
+ Don't leak memory moving heap-allocated struct to stack
+ Chain up to base struct destroy function
+ Use g_memdup2 if target glib >= 2.68 is set
+ Replace "g_memdup" with "_vala_memdup2" for target glib < 2.68
+ Correctly retrieve symbol_reference of nested cast expressions [#1134]
+ Strip all nested occurances of CCodeCastExpression [#1134]
- vala:
+ Improve detection of duplicate package source files
+ GtkChild fields/properties must be declared as unowned [#1121]
+ Don't allow assigning GtkChild fields/properties [#1121]
+ Apply stricter condition for lambda to delegate assignment
+ Don't allow disposable SimpleType structs
+ Rename Loop to LoopStatement and introduce a common base class
+ GLib.Value unboxing returns unowned value
+ Don't allow GLib.Value casting to nullable struct/simple types
+ Add Block.unreachable_exit and have it set by FlowAnalyzer [#838]
+ Convert Report.*() to real printf-like functions
+ Avoid taking extra reference of foreach collection for index iteration
+ Make sure parent_symbol for special async parameters is available
+ Require a valid DataType instance for every TargetValue
- girparser:
+ Minor improvement to field getter detection
+ Apply "delegate_target" metadata for methods and parameters
+ Apply "destroy_notify_cname" metadata for fields
+ Apply "type_get_function" metadata for classes and inferfaces
+ Set CCode.type_cname for classes if it doesn't match our default
- girwriter: Infer gir_namespace/version from target GIR filename [#606]
- girwriter: Write instance-parameter elements [#1128]
- libvaladoc/html: Don't sort struct fields to keep their original order
- libvaladoc: Correctly retrieve value for Api.Class.is_compact
- libvaladoc: Add wrapper for "agedge" of graphviz
- valadoc: Correctly set verbose flag on CodeContext
- valadoc: Replace png icons with elementary's svg version
* Bindings:
- Add enchant-2 bindings for Enchant 2.x
- Add gnu.vapi with binding for getopt_long() and some other GNU APIs
- Add libunwind-generic binding
- Fix several bindings which lead to invalid code by using them in:
cairo, gobject-2.0, pango, goocanvas-2.0, curses, alsa, bzlib, sqlite3,
libgvc, posix, gstreamer-1.0, gdk-3.0, gdk-x11-3.0, gtk+-3.0, gtk4,
fuse, libxml-2.0
- curses: Remove initial “w” from some Window method names for consistency
- gdk-pixbuf-2.0: Fix Pixbuf.save_to_streamv_async()
- gdk-pixbuf-2.0: Update to 2.42.3~
- gio-2.0: Fix binding of PollableOutputStream.write*_nonblocking()
- gio-2.0,gtk+-3.0,gtk4: Drop explicit c-type attributes of va_list parameters
- gio-2.0: Pick up missing invoker for some AppInfo/File.*() methods
- gio-2.0: Update to 2.67.3
- glib-2.0: Add GLib.[S]List.is_empty() convenience methods for non-null
- glib-2.0: Add new symbols from 2.68
- glib-2.0: Bind assert_cmp* functions [#395]
- glib-2.0: Improve type of OptionEntry.flags field
- glib-2.0: Make PtrArray a subclass of GenericArray
- gobject-2.0: Add new symbols from 2.68
- gstreamer-1.0: Set CCode.type_id of MiniObject to G_TYPE_BOXED [#1133]
- gstreamer: Update from 1.19.0+ git master
- gtk+-2.0,javascriptcoregtk-4.0: Wrong usage of CCode.type_cname attribute
- gtk+-3.0,gtk4: Fix some delegate return values and parameters
- gtk4: Update to 4.1.0+2712f536
- posix: Add POSIX, GNU and BSD Regex APIs
- webkit2gtk-4.0: Update to 2.31.1
Real changes are in devel/devel/ruby-activestorage61 only.
## Rails 6.1.3.1 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage60 only.
## Rails 6.0.3.6 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
Real changes are in devel/ruby-activestorage52 only.
## Rails 5.2.5 (March 26, 2021) ##
* Marcel is upgraded to version 1.0.0 to avoid a dependency on GPL-licensed
mime types data.
*George Claghorn*
* The Poppler PDF previewer renders a preview image using the original
document's crop box rather than its media box, hiding print margins. This
matches the behavior of the MuPDF previewer.
*Vincent Robert*
Ruby 3.0.1 Released (2021-04-05)
Ruby 3.0.1 has been released.
This release includes security fixes. Please check the topics below
for details.
* CVE-2021-28965: XML round-trip vulnerability in REXML
* CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
Ruby 2.7.3 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2021-28965: XML round-trip vulnerability in REXML
* CVE-2021-28966: Path traversal in Tempfile on Windows
See the commit logs for details.
Ruby 2.6.7 Released (2021-04-05)
This release includes security fixes. Please check the topics below for
details.
* CVE-2020-25613: Potential HTTP Request Smuggling Vulnerability in
WEBrick
* CVE-2021-28965: XML round-trip vulnerability in REXML
See the commit logs for details.
By this release, we end the normal maintenance phase of Ruby 2.6, and Ruby
2.6 enters the security maintenance phase. This means that we will no
longer backport any bug fixes to Ruby 2.6 except security fixes. The term
of the security maintenance phase is scheduled for a year. Ruby 2.6 reaches
EOL and its official support ends by the end of the security maintenance
phase. Therefore, we recommend that you start to plan upgrade to Ruby 2.7
or 3.0.
This release introduces fixes for better support of Erlang/OTP 24+.
1. Enhancements
Elixir
[Kernel] Update formatting when printing warnings and errors from Erlang/OTP 24+
[Kernel] Support float-16 on bitstrings
Mix
[mix local.rebar] This task will now install rebar3 version 3.14.4, compiled with Erlang/OTP 21
Version 14.16.1 'Fermium' (LTS)
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
Version 12.22.1 'Erbium' (LTS)
This is a security release.
Notable Changes
Vulnerabilities fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
Version 12.22.0 'Erbium' (LTS)
Notable changes
The legacy HTTP parser is runtime deprecated
The legacy HTTP parser, selected by the --http-parser=legacy command line option, is deprecated with the pending End-of-Life of Node.js 10.x (where it is the only HTTP parser implementation provided) at the end of April 2021. It will now warn on use but otherwise continue to function and may be removed in a future Node.js 12.x release.
The default HTTP parser based on llhttp is not affected. By default it is stricter than the now deprecated legacy HTTP parser. If interoperability with HTTP implementations that send invalid HTTP headers is required, the HTTP parser can be started in a less secure mode with the --insecure-http-parser command line option.
ES Modules
ES Modules are now considered stable.
node-api
Updated to node-api version 8 and added an experimental API to allow retrieval of the add-on file name.
New API's to control code coverage data collection
v8.stopCoverage() and v8.takeCoverage() have been added.
New API to monitor event loop utilization by Worker threads
worker.performance.eventLoopUtilization() has been added.
Version 10.24.1 'Dubnium' (LTS)
This is a security release.
Notable Changes
Vulerabilties fixed:
CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (High)
This is a vulnerability in OpenSSL which may be exploited through Node.js. You can read more about it in https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
CVE-2020-7774: npm upgrade - Update y18n to fix Prototype-Pollution (High)
This is a vulnerability in the y18n npm module which may be exploited by prototype pollution. You can read more about it in https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
these were disabled in the pkgsrc infrastructure some time ago because
they cannot be built cleanly with older compilers while gcc6 can.
this all seems to be separate from the ada bits in gcc-5-aux which may
still be useful.
Python 3.9.4
Core and Builtins
bpo-43710: Reverted the fix for https://bugs.python.org/issue42500 as it changed the PyThreadState struct size and broke the 3.9.x ABI in the 3.9.3 release (visible on 32-bit platforms using binaries compiled using an earlier version of Python 3.9.x headers).
Library
bpo-26053: Fixed bug where the pdb interactive run command echoed the args from the shell command line, even if those have been overridden at the pdb prompt.
Key off BUILD_TARGET instead of whether we're cross-building,
as bootstrap kits *can* be built natively (yes, the former state
was my suggestion, but on second thought this is more correct).
Python 3.9.3 final
Security
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.
Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.
Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
bpo-43555: Report the column offset for SyntaxError for invalid line continuation characters. Patch by Pablo Galindo.
bpo-43517: Fix misdetection of circular imports when using from pkg.mod import attr, which caused false positives in non-trivial multi-threaded code.
bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
bpo-42500: Improve handling of exceptions near recursion limit. Converts a number of Fatal Errors in RecursionErrors.
Library
bpo-43433: xmlrpc.client.ServerProxy no longer ignores query and fragment in the URL of the server.
bpo-35930: Raising an exception raised in a “future” instance will create reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
bpo-43521: ast.unparse can now render NaNs and empty sets.
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.
Also fixes bug with the test for smtpd.
bpo-43332: Improves the networking efficiency of http.client when using a proxy via set_tunnel(). Fewer small send calls are made during connection setup.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.
Documentation
bpo-43199: Answer “Why is there no goto?” in the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ‘yield from <expr>’ works with any iterable, not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as “will be removed in 4.0” to “3.12”. See PEP 623 for detail.
Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.
bpo-43288: Fix test_importlib to correctly skip Unicode file tests if the fileystem does not support them.
Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.
macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.
IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLE’s Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.
Python 3.8.9 final
Security
bpo-42988: CVE-2021-3426: Remove the getfile feature of the pydoc module which could be abused to read arbitrary files on the disk (directory traversal vulnerability). Moreover, even source code of Python modules can contain sensitive data like passwords. Vulnerability reported by David Schwörer.
bpo-43285: ftplib no longer trusts the IP address value returned from the server in response to the PASV command by default. This prevents a malicious FTP server from using the response to probe IPv4 address and port combinations on the client network.
Code that requires the former vulnerable behavior may set a trust_server_pasv_ipv4_address attribute on their ftplib.FTP instances to True to re-enable it.
bpo-43439: Add audit hooks for gc.get_objects(), gc.get_referrers() and gc.get_referents(). Patch by Pablo Galindo.
Core and Builtins
bpo-43660: Fix crash that happens when replacing sys.stderr with a callable that can remove the object while an exception is being printed. Patch by Pablo Galindo.
bpo-35883: Python no longer fails at startup with a fatal error if a command line argument contains an invalid Unicode character. The Py_DecodeLocale() function now escapes byte sequences which would be decoded as Unicode characters outside the [U+0000; U+10ffff] range.
bpo-43406: Fix a possible race condition where PyErr_CheckSignals tries to execute a non-Python signal handler.
Library
bpo-35930: Raising an exception raised in a “future” instance will create reference cycles.
bpo-43577: Fix deadlock when using ssl.SSLContext debug callback with ssl.SSLContext.sni_callback().
bpo-43423: subprocess.communicate() no longer raises an IndexError when there is an empty stdout or stderr IO buffer during a timeout on Windows.
bpo-27820: Fixed long-standing bug of smtplib.SMTP where doing AUTH LOGIN with initial_response_ok=False will fail.
The cause is that SMTP.auth_login _always_ returns a password if provided with a challenge string, thus non-compliant with the standard for AUTH LOGIN.
Also fixes bug with the test for smtpd.
bpo-43399: Fix ElementTree.extend not working on iterators when using the Python implementation
bpo-43316: The python -m gzip command line application now properly fails when detecting an unsupported extension. It exits with a non-zero exit code and prints an error message to stderr.
bpo-43260: Fix TextIOWrapper can not flush internal buffer forever after very large text is written.
bpo-42782: Fail fast in shutil.move() to avoid creating destination directories on failure.
bpo-37193: Fixed memory leak in socketserver.ThreadingMixIn introduced in Python 3.7.
Documentation
bpo-43199: Answer “Why is there no goto?” in the Design and History FAQ.
bpo-43407: Clarified that a result from time.monotonic(), time.perf_counter(), time.process_time(), or time.thread_time() can be compared with the result from any following call to the same function - not just the next immediate call.
bpo-27646: Clarify that ‘yield from <expr>’ works with any iterable, not just iterators.
bpo-36346: Update some deprecated unicode APIs which are documented as “will be removed in 4.0” to “3.12”. See PEP 623 for detail.
Tests
bpo-37945: Fix test_getsetlocale_issue1813() of test_locale: skip the test if setlocale() fails. Patch by Victor Stinner.
bpo-41561: Add workaround for Ubuntu’s custom OpenSSL security level policy.
Build
bpo-43631: Update macOS, Windows, and CI to OpenSSL 1.1.1k.
bpo-43617: Improve configure.ac: Check for presence of autoconf-archive package and remove our copies of M4 macros.
macOS
bpo-41837: Update macOS installer build to use OpenSSL 1.1.1j.
IDLE
bpo-42225: Document that IDLE can fail on Unix either from misconfigured IP masquerage rules or failure displaying complex colored (non-ascii) characters.
bpo-43283: Document why printing to IDLE’s Shell is often slower than printing to a system terminal and that it can be made faster by pre-formatting a single string before printing.
use of these packages was disabled in the pkgsrc infrastructure in
january because they were causing problems on platforms with older
compilers that can build gcc6 just fine:
glibc + FORTIFY + gcc48,gcc49,gcc5 = build failures.
gcc48 and newer require a c++98 compiler, same as all gcc versions up
to 11, so are not useful for bootstrapping.
gcc5 has additional Ada bits, someone needs to determine if they're
useful before it can go.
The final compiler will be dynamically linked with OpenSSL and curl,
but this is undesirable in the case of bootstraps where it might be
built against a version incompatible with version the user has.
Discussed with he@.
upstream changes:
-----------------
Patch Package: OTP 23.3.1
Git Tag: OTP-23.3.1
Date: 2021-03-30
Trouble Report Id: OTP-17279
Seq num:
System: OTP
Release: 23
Application: ssh-4.11.1
Predecessor: OTP 23.3
Check out the git tag OTP-23.3.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- ssh-4.11.1 ------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.11.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17279 Application(s): ssh
The idle_time timer was not cancelled when a channel
was opened within the timeout time on an empty
connection that have had channels previously.
Full runtime dependencies of ssh-4.11.1: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
Changes for 23.3 are at https://erlang.org/download/OTP-23.3.README
Havard would like all rusts to be built with rust-cargo-static,
because this makes it easier to produce working bootstaps.
In order to do this, we need to handle the OpenSSL and curl
dependencies in older bootstrap kits properly.
This means, for the remaining bootstraps that do not yet have
cargo with static/vendored dependencies:
- depend on base 8.0 openssl (compat80) on i386.
- depend on pkgsrc curl on aarch64 and earmv7.
the armv7 bootstrap is built for 9.0 so does not need compat80.
the aarch64 bootstrap is built for 8.99.50 so does not need compat80.
This reduces the external dynamic dependencies, because this
bootstrap kit is built with the --enable-cargo-native-static
option, and is verified to fix the build for martin@
* Move PRINT_PLIST_AWK for ${RUBY_SUFFIX} from gem.mk to rubyversion.mk.
It was previously committed in gem.mk.
* Add support ${RUBY_SUFFIX} to online manual.
0.20.0 (released 2021-01-25)
==============================
Removals
------------------------------
* Python 3.5 is no longer supported.
New Features
------------------------------
* `let` macro now supports extended iterable unpacking syntax.
* New contrib module `pprint`, a Hy equivalent of `python.pprint`.
Bug Fixes
------------------------------
* Fixed a bug that made `hy.eval` from Python fail on `require`.
* Fixed a bug that prevented pickling of keyword objects.
* Fixed a compiler crash from `setv` with an odd number of arguments in
`defclass`.
0.19.0 (released 2020-07-16)
==============================
Breaking Changes
------------------------------
* `parse-args` is no longer implemented with `eval`; so e.g. you should
now say `:type int` instead of `:type 'int`.
New Features
------------------------------
* Python 3.9 is now supported.
Bug Fixes
------------------------------
* Improved support for nesting anaphoric macros by only applying
symbol replacement where absolutely necessary.
* Quoted f-strings are no longer evaluated prematurely.
* Fixed a regression in the production of error messages for empty
expressions.
* Fixed a scoping bug for code executed with `hy -c`.
* Fixed a bug in the compilation of multiple `require`\s.
* Fixed various bugs in command-line option parsing.
