Some of the key changes include:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the
tempnam() function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
* Fixed a number of crashes in the DOM, SOAP and PDO extensions.
* Upgraded bundled PCRE library to version 6.6
* The use of the var keyword to declare properties no longer raises
a deprecation E_STRICT.
* FastCGI interface was completely reimplemented.
* Multitude of improvements to the SPL, SimpleXML, GD, CURL and
Reflection extensions.
* Over 120 various bug fixes.
See release annoucement on:
http://www.php.net/release_5_1_3.php
And ChangeLog:
http://www.php.net/ChangeLog-5.php#5.1.3
in declarations when compiling C++ code. Patch the perl.h and XSUB.h
headers to avoid using this attribute if using GCC<3.4 and building
C++ modules. This fixes PR pkg/33403 by OBATA Akio.
Bump PKGREVISION to 2.
* Win NT/XP: unicode console support taken back out.
* ${prefix}/share addition to ::tcl_pkgPath undone.
* Warning message for packages with incorrect index scripts silenced.
* Correct syntax error in configure script (bash 3.1 exposes it).
* Tk incompatibilities with SCIM resolved.
* Improved [file writable] support of Windows conventions.
* Tcl_GetIndexFromObj() support for exact matching of empty key.
* Tk Portuguese localization support (pt.msg).
* Tk more robust when X server does not recognize color name "Black".
* Tk_PhotoPutBlock() performance improvement.
* [lsearch -start $pastEnd] no longer finds match at end of list.
* Correct [expr abs($LONG_MIN)] result.
* Correct [string range] failures on some strings containing \x00.
* TCL_EVAL_GLOBAL and [uplevel 0] agreement when traces or [unknown] active.
* Corrections to context of auto-loading the target of an interp alias.
* Corrected some interference between enter and enterstep traces.
* Correct [$img configure -data] failure to change X display.
* Tk_GetBitmapFromData() thread safety.
* Crashes in [grid] for some invalid index arguments.
* Crash when all content of a [text] is elided.
* Crash in [$text edit undo/redo].
* Crash in animated GIF display with variable frame size.
* Crash related to pipe usage in thread-enabled Tcl on Windows.
* Crash when [$text dump -command] changes contents while dumping.
* Crash reading utf-8 when multibyte char spans multiple buffers at EOF.
* Several finalization crashes corrected.
Changes from 3.09.1:
----
Bug fixes:
- Makefile: problem with "make world.opt"
- compilers: problem compiling several modules with one command line
- compilers,ocamldoc: error message that Emacs cannot parse
- compilers: crash when printing type error
- compilers: -dtypes wrong for monomorphic type variables
- compilers: wrong warning on optional arguments
- compilers: crash when wrong use of type constructor in let rec
- compilers: better wording of "statement never returns" warning
- runtime: inefficiency of signal handling
- runtime: crashes with I/O in multithread programs
- camlp4: empty file name in error messages
- camlp4: stack overflow
- otherlibs/labltk: ocamlbrowser ignores its command line options
- otherlibs/unix: Unix.times wrong under Mac OS X
- otherlibs/unix: wrong doc for execvp and execvpe
- otherlibs/win32unix: random crash in Unix.stat
- stdlib: update_mod not found under Windows
- stdlib: Filename.dirname/basename wrong on Win32
- stdlib: incomplete documentation of Pervasives.abs
- stdlib: Printf bugs
- tools/checkstack.c missing include
- yacc: crash when given argument "-"
New features:
- ported to MacOS X on Intel
- configure: added support for GNU Hurd
sablevm) as noted by Gary Duzan in PR pkg/30137
Fix PLIST issues, to properly deintall
Fix AWK snippets for print-PLIST
Bump PKGREVISION for sablevm and sablevm-classpath
PKGLOCALEDIR and which install their locale files directly under
${PREFIX}/${PKGLOCALEDIR} and sort the PLIST file entries. From now
on, pkgsrc/mk/plist/plist-locale.awk will automatically handle
transforming the PLIST to refer to the correct locale directory.
JamVM is a new Java Virtual Machine which conforms to the JVM specification
version 2 (blue book). In comparison to most other VM's (free and commercial)
it is extremely small, with a stripped executable on PowerPC of only ~135K,
and Intel 100K. However, unlike other small VMs (e.g. KVM) it is designed to
support the full specification, and includes support for object finalisation,
the Java Native Interface (JNI) and the Reflection API.
This fixes PR pkg/30022
(selected parts of changelog)
* Version 1.13
- Updated the class library to the GNU Classpath 0.19 release.
- Fixed internal libffi on ia64.
- Fixed possible interpeter crashes on ia64.
- Other small bugfixes.
* Version 1.12
- Fixed write barriers for generational garbage collector.
- Imported GNU Classpath 0.16 release (plus later fixes).
- Disabled inlined engine on alpha.
- Added jar-sablevm wrapper for fastjar.
- Fixed NaN -> int conversion.
- Improved AIX support.
- Improved Cygwin support (but not in SableVM SDK).
* Version 1.11
- Fixed many important bugs of version 1.1.10.
- Imported GNU Classpath CVS snapshot as of March 12, 2005.
- Added assertions to check that the env pointer is valid in JNI calls.
- Implemented non-blocking locking, and used it to solve a hashcode bug.
- Solved many subtle bugs resulting in incompletely initialized
threads and stack corruption.
- Added creation of rt.jar symlink to libclasspath.jar.
* Version 1.1.10
- Imported the code of GNU Classpath 0.14.
- Implemented most of the missing JNI 1.2 functions.
- Implemented the new JNI 1.4 nio related functions.
- Fixed the java-sablevm wrapper to better handle LD_LIBRARY_PATH,
-Djava.library.path and CLASSPATH setting.
- Disabled the timezone setting in java-sablevm wrapper - classpath
should now do it on its own.
- Fixed Object.wait() when timeout is specified. This fixes Ant pauses.
- Changed _svmm_fatal_error() to actually print the function name,
when possible.
- Added thread IDs to verbose instruction output
- Implemented Java_java_lang_VMRuntime_[free|total|max]Memory().
- Implemented basic JDK home support.
- Fixed various bugs.
* Version 1.1.9
- Added the necessary support to run both Eclipse 2 and Eclipse 3
without using external libraries. Instructions are available
at http://sablevm.org/wiki/Eclipse .
- Merged code from GNU Classpath 0.13 release.
- Improved error messages related to exceptions at bootstrap (ie.
binding to non-existant native methods).
- Implemented some missing JNI functions.
- Added some missing system-dependant Java properties.
- Enabled "real life brokenness" option by default to better handle
native code not adhering to the Java specs.
- Improved cross-compiliation support.
* Version 1.1.8
- Imported a new GNU Classpath CVS snapshot as of December 28, 2004.
- Implemented some missing JNI functions needed by qt/java.
- Set BOOTCLASSPATH in java-sablevm to help jikes find our libs.
- Wrapped the exception thrown by a constructor or a method invoked
through reflection in an InvocationTargetException instance.
- Added ProtectionDomain handling for classes loaded via j.l.ClassLoader.
- Started to use URLClassLoader instead of gnu.j.l.SystemClassLoader,
which apparently was used by us exclusively.
- Enabled GCC unused and long-long warnings, then fixed tons of warnings.
- Implemented [Get|Release]PrimitiveArrayCritical.
- Solved a class loading related deadlock.
- Fixed a VMThread.sleep bug.
- Passed the class name as a parameter to LinkageError and
ClassCircularityError in java.lang.ClassLoader.
- Added function name as message to UnsatisfiedLinkError for missing
native functions.
* Version 1.1.7
- Imported new GNU Classpath CVS snapshot as of Sun Oct 10 18:00:00 UTC 2004.
- Added handling of Jar/Zip files on boot classpath (closes BUG:2).
- Provided user-friendly failure messages for bootstrap problems. This
should get rid of the hated "sablevm: cannot create vm".
- Allowed for multiple elements and prepending/appending to boot class path.
- Added --with-profiling switch to make most functions non-"static".
- Made sablevm-classpath install its files in more standard locations.
- Explicitely disallowed compilation of classpath with gcj or kjc (it
never worked reliably).
- Made jikes and gcc be less verbose by default (to avoid confusion).
- Removed some obsolete code from various places.
- Added new Generational Garbage Collector ("experimental", available on
request, by passing --with-gc=gencopy to configure).
- Made several bugfixes of:
- JNI methods not returning NULL on errors (closes BUG:12).
- IsInstanceOf always returning JNI_FALSE (closes BUG:63).
- A copy&paste mistake in PopLocalFrame (closes BUG:62).
- Several JNI methods not returning NULL on errors (closes BUG:12).
- IsInstanceOf always returning JNI_FALSE (closes BUG:63).
- "New array" memory allocation size overflow (closes BUG:8).
- Out-of-source builds (closes BUG:55).
- Handling of 'double' values on ARM.
- FPU in 64-bit precision mode on Linux / Intel x86 (closes BUG:1).
- F2L, F2I, D2L, D2I not checking for overflows (closes BUG:54).
- SIGPIPE killing the VM (closes BUG:51).
- GNU make detection on non-GNU/Linux platforms.
- Case-insensitive grepping for "Main-Class:" string in MANIFEST.MF.
* Version 1.1.6
- Synchronized sablevm-classpath with the latest GNU Classpath CVS
(post 0.10 release) as of July 10, 2004.
- Improved AWT and Swing support.
- Added additional checks to autogen.sh for FreeBSD.
- Added new DecoderUS_ASCII, Spring and SpringLayout classes.
- Added a sablevm.verbose.synchronization (DEBUG) option to help
debugging deadlocks.
- Improved TimeZone handling.
- Added useful additional information in stack dumps.
* Version 1.1.5
- Synchronized sablevm-classpath with the latest GNU Classpath CVS as of May 29, 2004.
- Improved the support for Ant 1.6.
- Switched to libtool handling to find the right library suffixes.
This helps some platforms like OpenBSD and Cygwin.
- Fixed a corner case problem with class loading.
- Made some other small bug fixes.
* Version 1.1.4
- Updated sablevm-classpath with the recent GNU Classpath 0.09 release
and later GNU Classpath CVS changes as of May 4, 2004.
- Improved support for AWT and Swing.
- Eliminated the dependency lt_dlopen(NULL) which seem broken on some
platforms such as Cygwin and some *BSD.
- Switched to new, complete implementation of VMProcess/Process from
GNU Classpath instead of using our own previous partial
implementation.
- Added x86_64 (AMD64) support to the already supported 8 other
architectures of Debian GNU/Linux (alpha, hppa, i386, ia64, m68k,
powerpc, s390, sparc). The support for the remaining mips and
mipsel architectures of Debian is apparently implemented but it has
not yet been confirmed.
- Improved autodetection of build parameters on non-GNU/Linux systems.
This includes selection of dynamic libraries, availability of m4
preprocessor and auto-disabling "signals for exceptions" on
platforms that don't seem to support signals.
New in release 0.90 (March 6, 2006)
* Many Swing improvements
* AWT. Improved support for mixing "lightweight" and "heavyweight"
Components in Containers. Better support for dynamically updated
menus. Better 1.0 event model support for Scrollbars. Better class
documentation of gtk+ awt peers.
* GNU Crypto and Jessie have been merged into GNU Classpath; this
provides Classpath with a wide array of cryptographic algorithms
(ciphers, message digests, etc.) and implementations of SSL version
3 and TLS version 1. These roughly complement the public
`java.security.' `javax.crypto,' and `javax.net.ssl' packages, and
are service providers implementing the underlying algorithms.
* Updated HTTP and FTP URLConnection protocol handlers. HTTPS support
out of the box.
* Unicode 4.0.0 is supported. Character now includes support for using
ether a char or an int to identify code points.
* The new folder tools includes GIOP and RMI stub and tie source code
generators, IOR parser and both transient and persistent GIOP naming
services.
* XML validaton support for RELAX NG and W3C XML schema namespace
URIs. RELAX NG pluggable XML schema datatype library API and an
implementation for XML Schema Datatypes
(http://www.w3.org/TR/xmlschema-2/).
* Updated StAX implementaton to be compatible with final JSWDP 2.0.
* gnu.regexp updated from GNU/Posix syntax to support util.regex
syntax including various Unicode blocks, categories and properties.
Runtime interface changes:
* A new class, VMMath, is now available which separates the native
mathematical functions from java.lang.Math. The previous fdlibm
implementation now forms the reference material for this class.
* Updated VMObjectInputStream class to return Thread context class
loader if no other class loader is found.
* Updated documentation on InstrumentationImpl in vmintegration guide.
And of course all the implovements from the previous releases
them between "not critical" and "less critical".
Fix CVE-2006-0996, CVE-2006-1494, CVE-2006-1608, CVE-2006-1490.
See:
http://secunia.com/advisories/19383/http://secunia.com/advisories/19599/
Patches were extracted from CVS. I had to translate the one for
CVE-2006-1608 on php4 because it has not made its way to the php4.4 branch
(I don't know why; I can confirm it fixes the issue).
While here, add PATCHDIR to the list of variables php5's Makefile.php
defines. That way, ap-php gets patched too...
MIT/GNU Scheme is an extension of standard Scheme, which is the
language defined by the document Revised^4 Report on the Algorithmic
Language Scheme, by William Clinger, Jonathan Rees, et al., or by
IEEE Std. 1178-1990, IEEE Standard for the Scheme Programming
Language.
on DragonFly. Since that version is used e.g. as part of the file name
for python eggs, it makes handling easier to match normal pkgsrc
platform policy. Bump revisions of all Python packages.
