This allows rust-bin and rust to coexist in bulk builds (for testing, etc),
but the packages still may not be installed at the same time.
rust.mk as a solution for picking the correct rust variant was suggested
by gdt@. It is intended to be included directly by packages that do not
use cargo.mk, and indirectly by packages that do use cargo.mk.
rust.mk provides one user-settable variable:
RUST_TYPE
as before, whether to bootstrap rust from source or use
official binaries. may be "src" or "bin"
And two package-settable variables:
RUST_REQ
the minimum version of Rust required by the package.
defaults to "1.20.0"
RUST_RUNTIME
whether Rust is a runtime dependency, may be "yes" or "no"
The condition had been the same as in Makefile before 1.174.
Testing for OPSYS was unnecessary since that is included in
MACHINE_PLATFORM as well.
The ${VAR} syntax is easier readable since the number of exclamation
marks matches the number of negations, contrary to !empty, which is
effectively a positive test.
Swapped the order of the conditions since it is easier to read
"generally, but not" than "not this and the general case".
Changelog:
# RETRO 2019.7
This is the changelog for the development builds of Retro.
The version number is likely to change; I'm targetting an
early July window for this release.
## Bug Fixes
- all
- strl* functions now renamed, included on all builds
- `d:add-header` is extended by retro.forth to remap
spaces back to underscores when creating headers
- fix overflow issue with `n:MIN`, `n:MAX`
- build
- fix compile issue under Solaris
- retro-unix
- `clock:year` corrected
- `clock:month` corrected
- examples
- fixed issue in mail.forth
## Build
- Merged Linux & BSD Makefiles
## Core Language
- new words
- `a:fetch`
- `a:store`
- `s:replace-all`
- renamed
- `a:nth` to `a:th`
- `v:update-using` to `v:update`
- performance improvements
- `times`
- `times<with-index>`
- `while`
- `until`
## Documentation
- merged BSD, Linux, macOS build instructions
- updated Starting instructions
- added implementation notes on arrays
- updated the initial word table in rx.muri
- added a man page for retro-describe
## Toolchain
- fixed a bug in the glossary server
## Examples
- new examples
- bury.forth
- compat.forth
- gopher.forth
- magic-8th-ball.forth
- mandelbrot.forth
- RFC865.forth
- RFC867.forth
- safety-net.retro
- shell.forth
- sqlite3 wrapper
- unix-does-user-exist.forth
- improved examples
- 99bottles.forth
- edit.forth
- other
- publish-examples.forth now uses `retro-document`
to generate glossaries
## General
- reorganized directory tree
## I/O
- retro-unix (rre)
- added `clock:utc:` namespace
- remove gopher downloader
- add sockets interface
- add `unix:slurp-pipe`
## Interfaces
- retro-compiler
- runtime now supports scripting arguments
- retro-unix
- remove FullScreenListener
- ok prompt now a hook
- rewrite the listener
- retro-c#
- restored this to the source tree
- native
- better `0x` prefix handling
## Notes for the future:
In a future release, the examples will start using a `.retro`
file name extension rather than `.forth` to avoid possible
confusion with other systems that use `.forth` (e.g., MPE).
Reference the commits that fixed the (a?) problem and the pullup to
9. Note that no pullup to 8 has occured, and add a \todo to explain
the plan.
Thanks to Martin for pointers and explanation.
The previous conditional was never true. Assume that it meant to
apply to NetBSD <= 9 and not apply to current. Add comments
explaining the reason, with \todo for aspects that are unclear,
partially rescued from CVS history, and partially from tech-pkg
discussion.
Use EARLY_PRINT_PLIST_AWK instead of PRINT_PLIST_AWK so all the transformations
are done before the file/directory lists generated as part of print-PLIST are
sorted.
Discussed on tech-pkg@:
<https://mail-index.NetBSD.org/tech-pkg/2020/05/27/msg023249.html>
Vala 0.48.6
===========
* Regression and bug fixes:
- codegen:
+ Correctly handle cast-expression of real struct to nullable struct [#991]
+ Use loop index instead of get_ccode_pos() for ellipsis parameter [#995]
- vala:
+ Allow node_ref being null in SemanticAnalyzer.get_instance_base_type()
+ SemanticAnalyzer.get_instance_base_type() is not allowed to return null
+ params-array parameter is not allowed in abstract/virtual method [#985]
+ Use stable hash for methods in HashMap of implicit_implementations [#990]
and Use "str_equal" as equal_func for ArrayList<string> instances
+ Set value_type of undefined member-access to avoid further criticals
+ Transform cast from floating-type to boxed-type [#991]
+ Transform cast from integer-type to boxed-type [#992]
+ Explicit "new" method may be incompatible with a posssible base method
- valadoc: Add implicit "Posix" using-directive for POSIX profile
- girparser: Add support for boolean "new" argument for methods
* Bindings:
- gtk4: Update to 3.98.3+028942c8
This was getting unwieldly and didn't support changing multiple checksums in
the same file (required for illumos support in 1.44.0). It was also hiding
potential bugs, with entries for vendor/rand which do not exist.
It's likely this should be in vendor/rand_os as that's what we're actually
patching, but perhaps that crate is no longer used as it appears we've never
had a checksum fix for it.
Version 10.21.0 'Dubnium' (LTS)
Notable changes
This is a security release.
Vulnerabilities fixed:
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
CVE-2020-10531: ICU-20958 Prevent SEGV_MAPERR in append (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
Commits
- deps: fix OPENSSLDIR on Windows
- deps: backport ICU-20958 to fix CVE-2020-10531
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability
Version 12.18.0 'Erbium' (LTS)
Notable changes
This is a security release.
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
Commits
- crypto: update root certificates
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability
- tls: emit session after verifying certificate
- tools: update certdata.txt
Version 14.4.0 (Current)
Notable changes
This is a security release.
Vulnerabilities fixed:
CVE-2020-8172: TLS session reuse can lead to host certificate verification bypass (High).
CVE-2020-11080: HTTP/2 Large Settings Frame DoS (Low).
CVE-2020-8174: napi_get_value_string_*() allows various kinds of memory corruption (High).
Commits
- crypto: update root certificates
- (SEMVER-MINOR) deps: update nghttp2 to 1.41.0
- (SEMVER-MINOR) http2: implement support for max settings entries
- napi: fix memory corruption vulnerability
- tls: emit session after verifying certificate
- tools: update certdata.txt
perl v5.30.3
Security
[CVE-2020-10543] Buffer overflow caused by a crafted regular expression
A signed "size_t" integer overflow in the storage space calculations for nested regular expression
quantifiers could cause a heap buffer overflow in Perl's regular expression compiler that overwrites memory
allocated after the regular expression storage space with attacker supplied data.
The target system needs a sufficient amount of memory to allocate partial expansions of the nested
quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64-bit systems.
[CVE-2020-10878] Integer overflow via malformed bytecode produced by a crafted regular expression
Integer overflows in the calculation of offsets between instructions for the regular expression engine could
cause corruption of the intermediate language state of a compiled regular expression. An attacker could
abuse this behaviour to insert instructions into the compiled form of a Perl regular expression.
[CVE-2020-12723] Buffer overflow caused by a crafted regular expression
Recursive calls to "S_study_chunk()" by Perl's regular expression compiler to optimize the intermediate
language representation of a regular expression could cause corruption of the intermediate language state of
a compiled regular expression.
Additional Note
An application written in Perl would only be vulnerable to any of the above flaws if it evaluates regular
expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be
dangerous since the regular expression engine does not protect against denial of service attacks in this
usage scenario.
Incompatible Changes
There are no changes intentionally incompatible with Perl 5.30.2.
Modules and Pragmata
Updated Modules and Pragmata
o Module::CoreList has been upgraded from version 5.20200314 to 5.20200601_30.
