8.2.1
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
8.2.0
- Async Hooks
- Multiple improvements to Promise support in `async_hooks` have
been made.
- Build
- The compiler version requirement to build Node with GCC has been
raised to GCC 4.9.4.
- Cluster
- Users now have more fine-grained control over the inspector port
used by individual cluster workers. Previously, cluster workers were
restricted to incrementing from the master's debug port.
- DNS
- The server used for DNS queries can now use a custom port.
- Support for `dns.resolveAny()` has been added.
- npm
- The `npm` CLI has been updated to version 5.3.0. In particular, it
now comes with the `npx` binary, which is also shipped with Node.
### Notable Changes
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
This is a bugfix release so no buildlink change.
ChangeLog:
New Features in Qore
* added broken-logic-precedence warning.
Bug Fixes in Qore
* fixed documentation regarding escaping of characters in
strings and added a parse exception in case of trying
to escape octal values in range 400-777 (issue 50)
* fixed a crashing bug where Datasource::getConfigString()
was called without a connection, also could crash in an
implicit internal call to this method with the
DatasourcePool class when connections were lost and the
warning callback should be called (issue 1992)
* fixed a bug where Datasource::getConfigHash() returned
different values depending on if the object was
connected or not (issue 1994)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
(versioned as 6.33.20160609 based on the tarball date)
Version 6.33-6.12.1 (6 June 2016)
=================================
* Inform version is now 6.33, with Inform7-related patches and new features.
* The Inform Library is 6.12.1 with lots of bugfixes and enhancements.
* Package version scheme changed to indicate both compiler and library
versions included.
* Include files trimmed to those known to be freely redistributable and
checked to make sure they work.
* DM4 removed due to license incompatibilities.
* Added a manpage.
* Added pblorb.pl and scanblorb.pl utilities for dealing with Blorb files.
Version 6.32.1 (16 July 2012)
=============================
* Inform version is now 6.32, with more patches for use with Inform 7.
* The Inform program is now distributed under the Artistic License 2.0.
* The advent.inf example is now at release 9.
drop nathanw's maintainership by his request
tested by wes fraizer
The install would presumably fail outright for user shells like tcsh, so we
need to set SHELL regardless. But technically install-sh has a quoting bug
in the exit trap, which even results in SHELL=zsh failing.
go14 has no relro support AFAICT.
go-1.8.3 has if you use -buildmode=pie, but it claims it's not supported
on Linux.
Disable relro checking for go packages until bsiegert has time to
look at this.
PHP uniqid() relies on microsecond-precise system clock to produce an
unique identifier. In order to avoid using the same value, it first
calls usleep(1) to wait for the next microsecond.
Unfortunately, usleep() specification says "The suspension time may be
longer than requested due to the scheduling of other activity by the
system." Indeed, the pause may as as long as an entire execution slice,
causing a uniqid() call to last more than 10 ms.
This is fixed by replacing the usleep() call by time polling using
gettimeofday() until the microscecond change. Since the getttimeoday()
system call lasts around a microsecond, only a small time is wasted
calling multiple gettimeofday. On the benefit side, uniqid() performance
in increased 10000 fold without changing its behavior.
Submitted upstream as https://bugs.php.net/bug.php?id=74851
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record.
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record.
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record. (David Drysdale)
Pkgsrc changes:
* Add required macros for accessing ucontext for NetBSD/powerpc
* Omit files from PLIST.opt which are in PLIST.natdynlink.
So far macppc doesn't do "natdynlink", tests are failing.
* Adapt Makefile to features enabled on NetBSD/powerpc.
* Bump PKGREVISION.
The self-test results are nearly the same as on NetBSD/i386, with one
test failing, difference is one unexpected failure related to native
dynlink which I thought I had not enabled, and which obviously needs
more attention since it tries to reference a Linux linker script.
...
Summary:
637 tests passed
13 tests skipped
1 tests failed
1 unexpected errors
652 tests considered
List of failed tests:
tests/tool-ocamldoc-man/Inline_records.mli
List of unexpected errors:
tests/lib-dynlink-native
...
Changes include:
Camlp5 Version 7.01:
--------------------
* [26 Jun 17] Fixed bug in associativity of entry levels in extensible
grammars; was introduced by an old experiment, resulting a failure
in Coq test-suite/success/rewrite_strat.v.
* [26 Jun 17] Fixed bug: compilation failed while using OCaml versions
between 3.05 and 4.01.1, and jocaml versions.
Camlp5 Version 7.00:
--------------------
* [26 Jun 17] Release number is 7.00 instead of 6.18 because of big
improvements on extensible grammars which can use now limited and
full backtracking algorithms on demand.
* [16 Jun 17] Entry.parse_token has been renamed Entry.parse_token_stream.
* [04 Jun 17] Added limited backtracking (functional streams) to extensible
grammars. Can be set with "Grammar.parse_algorithm Functional" or by
setting the environment variable CAMLP5PARAM=f.
* [01 Jun 17] Backtrack parsing seems to work well now. Camlp5 and Coq can
be compiled using it by setting CAMLP5PARAM=b.
* [31 May 17] Fixed bug: Entry.parse_token did not accept backtrack parsing.
* [31 May 17] Fixed ocaml parsing for case of record {foo () with ...}.
* [31 May 17] Fixed bug backtrack parsing for function Entry.of_parser.
* [28 Apr 17] Updated for ocaml 4.04.2 which was missing.
* [07 Apr 17] Updated for ocaml trunk 4.06.0
* [19 Feb 17] Fixed bug: locations of all identifiers were missing
resulting of error messages giving "<none>" as source file name
and no line and column number in the source.
* [04 Jan 17] Updated for ocaml trunk 4.05.0
* [09 Dec 16] Fixed bug: was not compatible with ocaml compiled with
option -safe-string.
* [09 Dec 16] Fixed bug: make uninstall did not take DESTDIR into account.
* [07 Dec 16] Fixed bug virtual methods in signatures generated syntax
tree of virtual val. Bug notified by Kakadu.
Ex: "class foo : object method virtual bar : bool end"
* [07 Dec 16] Fixed bug not separated idents were not allowed in
'let open' constructs. Bug notified by Kakadu.
Ex: "let open Mod1.Mod2.Mod3 in ..."
* [06 Dec 16] Fixed bug dumping module definitions with constraints.
Bug notified by Kakadu.
Ex:
module type Item = sig type t end
module type Sig = sig type t module Node : Item end
module Make (S : Sig) : Sig with module Node = S.Node and type t = S.t
* [06 Dec 16] Fixed bug extra option word during pr_dump for optional args.
Bug notified by Kakadu.
Ex: "class t : ?name:string -> object end"
* [05 Dec 16] Fixed bug dumping of open object types. Bug notified by Kakadu.
Ex: "type t = <f:int; .. >"
* [05 Dec 16] Fixed bug dump parsetree without throughing away module type
annotation. Bug notified by Kakadu.
Ex: "module rec A : sig end = struct end"
