crypto:
- Support building with both 1.1.0 and 1.0.2
fs:
- fs.realpathSync.native and fs.realpath.native are now exposed
process:
- expose process.ppid
While MACHINE_ARCH can be earmv6hf on NetBSD, configure has to match
what config.guess outputs, which is armv6. For now, leave the old
earmv6/7 tokens, because this code inexplicably succeeded on earmv7hf.
With this, ocaml builds and builds a working unison, on earmv6hf
(RPI3).
PHP 7.2.x builds upon 7.1.x, adding new features:
* Argument type declarations
* Object return type declarations
* Parameter Type Widening
* Trailing commas in list syntax
* Argon2 in password hash
* Libsodium as part of PHP Core
* Deprecated: __autoload, $php_errormsg, create_function(),
mbstring.func_overload, parse_str() without second argument,
gmp_random(), each(), assert(), $errcontext
* uniqid() patch to avoid usleep() integrated, 10000x improvement on NetBSD,
about 10x on Linux
This should be the last part of the renaming operation for print/cups to
print/cups-base.
Rationale: packages depending on CUPS but not relying on a functional
printing setup only need to depend on print/cups-base (equivalent to the
former print/cups). The new print/cups now depends on print/cups-base
and on print/cups-filters, thus directly providing a functional printing
setup. This bump reflects this change of dependency.
As discussed on tech-pkg@
This is with the notable exception of meta-pkgs/desktop-gnome, which I
believe implies a fully functional cups.
This is still missing revision bumps - I'll be right there (first time I
am doing this on so many packages at a time).
As discussed on tech-pkg@
assert:
- assert.fail() can now take one or two arguments
crypto:
- add sign/verify support for RSASSA-PSS
deps:
- upgrade openssl sources to 1.0.2m
- upgrade libuv to 1.15.0
fs:
- Add support for fs.write/fs.writeSync(fd, buffer, cb) and
fs.write/fs.writeSync(fd, buffer, offset, cb) as documented
inspector:
- enable --inspect-brk
process:
- add --redirect-warnings command line argument
src:
- allow CLI args in env with NODE_OPTIONS
- --abort-on-uncaught-exception in NODE_OPTIONS
- allow --tls-cipher-list in NODE_OPTIONS
- use SafeGetenv() for NODE_REDIRECT_WARNINGS
test:
- remove common.fail()
CLI:
- NODE_OPTIONS now supports the --stack-trace-limit option. #16495
deps:
- OpenSSL is upgraded to 1.0.2m #16691
http:
- A 'connect' event handler leak has been fixed. #16725
- The 103 Early Hints status code is now supported. #16644
Common logic that can be used by packages that depend on cargo crates
from crates.io. This lets existing pkgsrc infrastructure fetch and verify
cargo crates instead of using the rust package manager in the build phase.
Inspired by cargo.mk from FreeBSD ports.
- run install.sh instead of manually moving around directories
- allow user to set RUST_BOOTSTRAP_PATH (and RUST_ARCH if needed)
in mk.conf to use a locally installed bootstrap toolchain.
Includes many improvements and bugfixes (none that seem to be breaking
backwards compatibility though), see the CHANGELOG.
For packaging:
- camlp4 support removed, package now uses camlp5 exclusively
- fix for PR pkg/52651
### Notable Changes
- Async hooks: Older experimental APIs have been removed.
- Improvements have been made to `buffer` module error messages.
- Child Processes: Errors are emitted on process nextTick.
- Domains: The long-deprecated `.dispose()` method has been removed.
- fs
- The `fs.ReadStream` and `fs.WriteStream` classes now use `destroy()`.
- `fs` module callbacks are now invoked with an undefined context.
- HTTP/1
- A 400 Bad Request response will now be sent when parsing fails.
- Socket timeout will be set when the socket connects.
- A bug causing the request `'error'` event to fire twice was fixed
- HTTP clients may now use generic `Duplex` streams in addition
to `net.Socket`.
- Intl
- The deprecated `Intl.v8BreakIterator` has been removed.
- OS
- The `os.EOL` property is now read-only
- Timers
- `setTimeout()` will emit a warning if the timeout is larger that
the maximum 32-bit unsigned integer.
Changes since nodejs 8.8.1:
- doc: add Gibson Fahnestock to Release team
- deps: update npm to 5.5.1
- http2: The exposed http2 socket is no longer manipulatable
- module: support custom paths to require.resolve()
- util: util.TextEncoder and util.TextDecoder are no longer experimental.
There will no longer be a warning when they are used
Reviewed and thanks to <agc>!
Changes:
=========================
Duktape 2.1 release notes
=========================
Release overview
================
Main changes in this release (see RELEASES.rst for full details):
* Performance, footprint, and portability improvements.
* API additions for more convenient handling of optional arguments:
duk_opt_xxx() and duk_get_xxx_default().
* Allow duk_push_heapptr() for objects which have become unreachable and
are pending finalization. In such a case a duk_push_heapptr() cancels
the pending finalizer call and automatically rescues the object.
* ES2015 additions like String.prototype.{startsWith,endsWith,includes}()
and HTML comment syntax. Non-standard shebang ("#!...") comment support.
* Finalizer handling rework for reference counting and mark-and-sweep to fix
a few "side effect" bugs. Also improved torture test coverage for ensuring
side effects are handled correctly in Duktape internals.
* DUK_VERSION is now visible to duk_config.h so it's possible for duk_config.h
to support multiple Duktape versions. For example, some config options may be
disabled prior to a certain patch level.
Upgrading from Duktape 2.0
==========================
No action (other than recompiling) should be needed for most users to upgrade
from Duktape v2.0.x. Note the following:
* The Duktape thread used for finalizer calls is now always the initial thread
(heap_thread), for both reference counting and mark-and-sweep triggered
finalization. This should be taken into account in finalizer functions;
in particular, if there are multiple global environments, finalizers will
execute in the first global environment created for the heap.
Prior to 2.1 the finalizer thread could also be heap_thread but usually the
current thread would be used.
=========================
Duktape 2.0 release notes
=========================
Release overview
================
Main changes in this release (see RELEASES.rst for full details):
* New tools/configure.py frontend tool replaces genconfig.py for configuring
and preparing Duktape sources for build.
* Buffer handling has been simplified: Duktape.Buffer has been removed and is
replaced by Uint8Array, plain buffers now behave like Uint8Array objects.
Node.js Buffer behavior aligned with more recent Node.js Buffer API.
* Implement more ES2015 and ES2016 functionality, and align some ES5.1
semantics with ES2015/ES2016. Implement WHATWG Encoding API with
TextEncoder() and TextDecoder() bindings.
* Some incompatible API changes, and several API additions. API and config
changes to avoid I/O dependencies (such as printf() and fopen()) in core
Duktape code to simplify porting.
* More configuration flexibility in dropping Duktape specific functionality
from build, e.g. coroutines and finalization.
* Disabled Ecmascript bindings are no longer present (instead of being present
but throwing a TypeError).
* Built-in functionality moved to optional extras: print/alert bindings,
logging, and module loader. New optional extras include a Node.js-like
module loader and a 'console' binding.
* Bug fixes, performance and footprint improvements.
The release has API incompatible changes, see upgrading notes below.
Upgrading from Duktape 1.x
==========================
There are API incompatible changes in this release. Whenever possible the
incompatible changes cause a compilation error (or warning) so that fixing
call sites should be straightforward. Below are instructions on how to
migrate from 1.x to 2.0.0. There are also bug fixes and other minor
behavioral changes which may affect some applications, see ``RELEASES.rst``
for details.
There are backwards compatible providers for some removed/modified API calls
in ``extras/duk-v1-compat``.
Known issues
============
* Some non-compliant behavior for array indices near 2G or 4G elements.
* RegExp parser is strict and won't accept some real world RegExps which
are technically not compliant with Ecmascript E5/E5.1 specification
but allowed in ES2015 Annex B.
* Final mantissa bit rounding issues in the internal number-to-string
conversion.
=========================
Duktape 1.6 release notes
=========================
Release overview
================
Main changes in this release (see RELEASES.rst for full details):
* Add duk_suspend() and duk_resume() API calls, backported from Duktape 2.0.
Upgrading from Duktape 1.5.x
============================
No action (other than recompiling) should be needed for most users to upgrade
from Duktape v1.5.x.
Known issues
============
This release has the following known issues worth noting:
* Non-compliant behavior for array indices near 2G or 4G elements.
* RegExp parser is strict and won't accept some real world RegExps which
are technically not compliant with Ecmascript E5/E5.1 specification.
* Final mantissa bit rounding issues in the internal number-to-string
conversion.
* On FreeBSD 10.x (at least 10.1 and 10.2): Clang with ``-m32`` generates
incorrect code for union assignments needed by Duktape's 8-byte packed
value encoding (see
https://github.com/svaarala/duktape/blob/master/misc/clang_aliasing.c).
The issue can be detected by defining ``DUK_OPT_SELF_TESTS``. A workaround
is to avoid packed types in this case by defining ``DUK_OPT_NO_PACKED_TVAL``.
This release includes fixes to the compiler, linker, runtime, documentation,
go command, and the crypto/x509, database/sql, log, and net/smtp packages. It
includes a fix to a bug introduced in Go 1.9.1 that broke "go get"
of non-Git repositories under certain conditions.
The asttokens module annotates Python abstract syntax trees (ASTs) with the
positions of tokens and text in the source code that generated them.
It makes it possible for tools that work with logical AST nodes to find the
particular text that resulted in those nodes, for example for automated
refactoring or highlighting.
zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with
windowBits set to 8. On some versions this crashes Node and you cannot
recover from it, while on some versions it throws an exception.
Node.js will now gracefully set windowBits to 9 replicating the legacy
behavior to avoid a DOS vector.
zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes an
error to be raised when a raw deflate stream is initialized with
windowBits set to 8. On some versions this crashes Node and you cannot
recover from it, while on some versions it throws an exception.
Node.js will now gracefully set windowBits to 9 replicating the legacy
behavior to avoid a DOS vector.
crypto:
- expose ECDH class
http2:
- http2 is now exposed by default without the need for a flag
- a new environment variable NODE_NO_HTTP2 has been added to allow
userland http2 to be required
- support has been added for generic Duplex streams
module:
- resolve and instantiate loader pipeline hooks have been added
to the ESM lifecycle
zlib:
- CVE-2017-14919 - In zlib v1.2.9, a change was made that causes
an error to be raised when a raw deflate stream is initialized
with windowBits set to 8. On some versions this crashes Node and
you cannot recover from it, while on some versions it throws an
exception. Node.js will now gracefully set windowBits to 9
replicating the legacy behavior to avoid a DOS vector.
force passing asprintf test which is incorrectly not found due to FORTIFY
pass LIBRARY_PATH so crtn.o and crti.o are found on Ubuntu & friends
Note many reporters need to install g++-multilib as a package to overcome
the errors they reported in the bugs (missing <sys/cdefs.h>)
PR pkg/51198, PR pkg/51690, PR pkg/52116
for different Python versions (in multiple Python versions). Parso is also
able to list multiple syntax errors in your python file.
Parso has been battle-tested by jedi. It was pulled out of jedi to be useful
for other projects as well.
Parso consists of a small API to parse Python and analyse the syntax tree.
* Port from NetBSD src
Fix __stack_chk_fail_local undefined reference error
from "gcc test.c -fstack-protector-all -fPIE".
* As a result, pkgsrc/www/firefox build under NetBSD/i386 7.1 is fixed
New features in Qore:
* Input/Output stream APIs
* Vastly improved type system with complex type support
* Improved operators; list, string, binary slice operators,
the ".." range operator, improved new, cast<>, and instanceof
operators, lazy evaluation of functional and list operators
* Improved encryption support including AES encryption,
encryption/decryption streams, support for AAD and MACs
* Improved HTTPS and SSL security support with addition X.509
certificate support including automatic certificate
verification in client and server contexts
* Universal connection API
* Support for binding output placeholder buffers for result sets
that return an SQLStatement object for more efficient piecewise
processing of DB stored procedure/function calls that return
very large result sets
* Strong encapsulation support (ex: private:internal)
* Deterministic garbage collection performance improvements with
large cycles
* Debugging support and APIs including remote network debugging
* Language Server Protocol support for Qore in the new astparser
module for rich language support in IDEs such as the
Visual Studio Code Qore Extension
Bug Fixes in Qore:
* fixed a bug causing AbstractQuantifiedBidirectionalIterator not
being available (issue 968)
* BulkSqlUtil module fixes:
-fixed the module to work properly even with DB drivers that
do not support parameter array binding (issue 1154)
* CsvUtil module fixes:
-fixed a bug in an error message validating input data
(issue 1062)
-added an exception when detected headers do not match the
fields option (issue 2179)
* HttpServer module fixes:
-added logic to attempt to mask passwords in log messages
(issue 1086)
* HttpServerUtil module fixes:
-fixed a bug where the msg arg to AbstractAuthenticator::do401()
was ignored (issue 1047)
* RestHandler module fixes:
-added logic to allow sensitive data to be masked in log messages
(issue 1086)
* SqlUtil module fixes:
-fixed a bug in update and upsert statement generation when the
given data does not have enough columns to use the unique index
found, an error message is generated that contains all the
columns names instead of just the column names required by the
index (issue 1013)
* WebSocketClient module fixes:
-fixed a thread lock starvation race condition (issue 2130)
* UTF-16 fixes:
-fixed a bug comparing strings in UTF-16 encodings (issue 1579)
-fixed Qore::substr() and <string>::substr() with strings in
UTF-16 encodings (issue 1586)
-fixed Qore::trim(), Qore::ltrim(), Qore::rtrim() and the trim
operator with strings with UTF-16 encodings (issue 1775)
* fixed a bug where break and continue statements were accepted
outside of loops (issue 976)
* fixed a bug compiling on Solaris SPARC with g++ where
MPFR_DECL_INIT() is compiled incorrectly with -O1 or greater
(issue 958)
* fixed a bug causing an infinite loop in decompression functions
(issue 966)
* fixed an issue where an internal C++ API
(QoreProgram::parseCmdLineDefines()) performed a needless copy
of a data structure (issue 1099)
* fixed a stack corruption bug with asynchronous I/O on UNIX
systems with ReadOnlyFile methods (issue 1106)
* fixed bugs with inconsistent conversions of int, float, and
boolean values to date/time values, now they are all converted
uniformly to relative date/time values (issue 1156)
* fixed a bug where Qore allowed code to be declared both public
and private without a warning (issue 1187)
* fixed a bug where the instanceof operator would return True with
objects that did not publically inherit the given class or where
the given class is not accessible (issue 1191)
* fixed a bug in qpp support of the 'final' class flag (issue 1222)
* fixed a bug where the + operator provided access to private
members from outside the class (issue 1209)
* fixed a bug where different overloaded method variant resolution
rules were used at parse time (best match in hierarchy) and
runtime (best match in first matching class) in a class hierarchy
(issue 1229)
* fixed a bug where exceptions in base class constructor calls did
not reflect the actual source location (issue 1230)
* fixed a bug where runtime function/method variant matching was
incorrectly biased towards default matches for missing arguments
(issue 1231)
* fixed bugs where calls to Socket::upgradeClientToSSL() and
Socket::upgradeServerToSSL() were ignored with no exception
thrown if the socket was not connected (issue 1258)
* fixed a bug where a closure created in an object scope could not be
called if the object had been deleted, even if the closure did not
refer to the object (issue 1303)
* fixed a bug where ord() would return negative numbers for bytes
with the high bit set with compilers where char is the same as
signed char (issue 1385)
* fixed a bug where int(number) returned rounded value instead of the
integer part (while int(float) behaved correctly; also
cf. initializing a softint value from a number vs. from a float)
(issue 1463)
* File::read() now uses character semantics for the length argument
(issue 1548)
* fixed a bug with strongly-typed lvalue assignments with classes
created in different Program objects (issue 1551)
* fixed a bug where an ASCII string and the same string in a different
encoding and with diacritics could incorrectly be marked as equal
(issue 1579)
* fixed bugs in HTTPClient methods where string message bodies were
not converted to the object's character encoding before transmission
(issue 1813)
* fixed a bug in the reference and *reference assignment restrictions;
previously any value was accepted, now only references are accepted
as the initial assignment values (issue 1819)
* fixed a bug in handling the SqlUtil::BLOB type in the FreetdsSqlUtil
module (issue 1852)
* fixed a bug in overloaded call variant matching where missing
arguments were counted towards the match (issue 1897)
* fixed many bugs where parse-time errors could be reported at an
incorrect source location; parse-time error location reporting has
been completely overhauled and reimplemented for correctness
(issue 1930)
* fixed a bug where code signatures would accept parameter variables
without "$" signs even when %allow-bare-refs was not in effect
(issue 1941)
* fixed memory leaks in the scanner related to EOF conditions
(issue 1976)
* rewrote Qore functions gethostbyname(), gethostbyname_long() and
gethostbyaddr() to use standard C functions getaddrinfo(3) and
getnameinfo(3) internally instead of the deprecated gethostbyname(3)
and gethostbyaddr(3) (issue 1952)
* fixed cmake builds on Darwin (issue 1980)
* fixed a bug where immediate date-time values were not marked with
their type at parse time (issue 2001)
* fixed a bug where the *data type restriction would allow all types
to be assigned at runtime (issue 2002)
* Qore::RangeIterator::constructor(int) and Qore::xrange(int) were
updated; the second arguments were removed to avoid ambiguity with
the other overloaded variants (issue 2016)
* fixed a bug where Qore::replace() could get in an infinite loop
with arguments with embededed nulls (issue 2098)
* fixed a bug in regular expression extraction where an infinite loop
could occur (issue 2083)
* fixed a bug where a call reference to an object method that crosses
Program boundaries could result in a core dump when called due to an
error managing thread-local data (issue 2145)
* fixed crashes in scanner due to EOF in comments (issue 2175)
deps:
- update npm to 5.4.2
- upgrade libuv to 1.15.0
- update V8 to 6.1.534.42
dgram:
- support for setting dgram socket buffer size
fs:
- add support O_DSYNC file open constant
util:
- deprecate obj.inspect for custom inspection
tools, build:
- there is a fancy new macOS installer
Two security-related issues were recently reported.
To address this issue, we have just released Go 1.8.4 and Go 1.9.1.
We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.9.1).
The issues addressed by these releases are:
By nesting a git checkout inside another version control repository, it was
possible for an attacker to trick the "go get" command into executing arbitrary
code. The go command now refuses to use version control checkouts found inside
other version control systems, with an exception for git submodules (git inside
git).
The issue is tracked as https://golang.org/issue/22125 (Go 1.8.4) and
https://golang.org/issue/22131 (Go 1.9.1). Fixes are linked from the issues.
Thanks to Simon Rawet for the report.
In the smtp package, PlainAuth is documented as sending credentials only over
authenticated, encrypted TLS connections, but it was changed in Go 1.1 to also
send credentials on non-TLS connections when the remote server advertises that
PLAIN authentication is supported. The change was meant to allow use of PLAIN
authentication on localhost, but it has the effect of allowing a
man-in-the-middle attacker to harvest credentials. PlainAuth now requires
either TLS or a localhost connection before sending credentials, regardless of
what the remote server claims.
This issue is tracked as https://golang.org/issue/22134 (Go 1.8.4) and
https://golang.org/issue/22133 (Go 1.9.1). Fixes are linked from the issues.
Thanks to Stevie Johnstone for the report.
Python 3.6.3 final
Library
* bpo-31641: Re-allow arbitrary iterables in concurrent.futures.as_completed(). Fixes regression in 3.6.3rc1.
Build
* bpo-31662: Fix typos in Windows uploadrelease.bat script. Fix Windows Doc build issues in Doc/make.bat.
* bpo-31423: Fix building the PDF documentation with newer versions of Sphinx.
More here https://docs.python.org/3.6/whatsnew/changelog.html
Pkgsrc changes:
* Remove patch which has been integrated upstream
Upstream changes:
NAME
perldelta - what is new for perl v5.26.1
DESCRIPTION
This document describes differences between the 5.26.0 release and the
5.26.1 release.
If you are upgrading from an earlier release such as 5.24.0, first read
perl5260delta, which describes differences between 5.24.0 and 5.26.0.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
<https://rt.perl.org/Public/Bug/Display.html?id=131582>
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway. [perl #131665]
<https://rt.perl.org/Public/Bug/Display.html?id=131665>
Incompatible Changes
There are no changes intentionally incompatible with 5.26.0. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
* base has been upgraded from version 2.25 to 2.26.
The effects of dotless @INC on this module have been limited by the
introduction of a more refined and accurate solution for removing
'.' from @INC while reducing the false positives.
* charnames has been upgraded from version 1.44 to 1.45.
* Module::CoreList has been upgraded from version 5.20170530 to
5.20170922_26.
Platform Support
Platform-Specific Notes
FreeBSD
* Building with g++ on FreeBSD-11.0 has been fixed. [perl
#131337]
<https://rt.perl.org/Public/Bug/Display.html?id=131337>
Windows
* Support for compiling perl on Windows using Microsoft Visual
Studio 2017 (containing Visual C++ 14.1) has been added.
* Building XS modules with GCC 6 in a 64-bit build of Perl failed
due to incorrect mapping of "strtoll" and "strtoull". This has
now been fixed. [perl #131726]
<https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
#121683]
<https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
#122353]
<https://rt.cpan.org/Public/Bug/Display.html?id=122353>
Selected Bug Fixes
* Several built-in functions previously had bugs that could cause
them to write to the internal stack without allocating room for the
item being written. In rare situations, this could have led to a
crash. These bugs have now been fixed, and if any similar bugs are
introduced in future, they will be detected automatically in
debugging builds. [perl #131732]
<https://rt.perl.org/Public/Bug/Display.html?id=131732>
* Using a symbolic ref with postderef syntax as the key in a hash
lookup was yielding an assertion failure on debugging builds.
[perl #131627]
<https://rt.perl.org/Public/Bug/Display.html?id=131627>
* List assignment ("aassign") could in some rare cases allocate an
entry on the mortal stack and leave the entry uninitialized. [perl
#131570] <https://rt.perl.org/Public/Bug/Display.html?id=131570>
* Attempting to apply an attribute to an "our" variable where a
function of that name already exists could result in a NULL pointer
being supplied where an SV was expected, crashing perl. [perl
#131597] <https://rt.perl.org/Public/Bug/Display.html?id=131597>
* The code that vivifies a typeglob out of a code ref made some false
assumptions that could lead to a crash in cases such as $::{"A"} =
sub {}; \&{"A"}. This has now been fixed. [perl #131085]
<https://rt.perl.org/Public/Bug/Display.html?id=131085>
* "my_atof2" no longer reads beyond the terminating NUL, which
previously occurred if the decimal point is immediately before the
NUL. [perl #131526]
<https://rt.perl.org/Public/Bug/Display.html?id=131526>
* Occasional "Malformed UTF-8 character" crashes in "s//" on utf8
strings have been fixed. [perl #131575]
<https://rt.perl.org/Public/Bug/Display.html?id=131575>
* "perldoc -f s" now finds "s///". [perl #131371]
<https://rt.perl.org/Public/Bug/Display.html?id=131371>
* Some erroneous warnings after utf8 conversion have been fixed.
[perl #131190]
<https://rt.perl.org/Public/Bug/Display.html?id=131190>
* The "jmpenv" frame to catch Perl exceptions is set up lazily, and
this used to be a bit too lazy. The catcher is now set up earlier,
preventing some possible crashes. [perl #105930]
<https://rt.perl.org/Public/Bug/Display.html?id=105930>
* Spurious "Assuming NOT a POSIX class" warnings have been removed.
[perl #131522]
<https://rt.perl.org/Public/Bug/Display.html?id=131522>
Acknowledgements
Perl 5.26.1 represents approximately 4 months of development since Perl
5.26.0 and contains approximately 8,900 lines of changes across 85
files from 23 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 990 lines of changes to 38 .pm, .t, .c and .h files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.26.1:
Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs'
Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David Mitchell, E.
Choroba, Eric Herman, Father Chrysostomos, Jacques Germishuys, James E
Keenan, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,
Matthew Horsfall, Ricardo Signes, Sawyer X, Steve Hay, Tony Cook, Yves
Orton, Zefram.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
Reporting Bugs
If you find what you think is a bug, you might check the perl bug
database at <https://rt.perl.org/> . There may also be information at
<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down to a
tiny but sufficient test case. Your bug report, along with the output
of "perl -V", will be sent off to perlbug@perl.org to be analysed by
the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
how to report the issue.
Give Thanks
If you wish to thank the Perl 5 Porters for the work we had done in
Perl 5, you can do so by running the "perlthanks" program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of
thanks.
SEE ALSO
The Changes file for an explanation of how to view exhaustive details
on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
Vala 0.38.1
===========
* Various bug fixes:
- valadoc: Don't use 'stderr' as variable name [#787305]
- codegen: Try to use a more unique internal define for properties [#787436]
- vala: Update list of used attributes
- method: Use prototype-string for error-reports of return-type mismatches
* Bindings:
- glib-2.0: Fix MainContext.check(),
OptionEntry[] params are null-terminated,
Bind g_convert_with_fallback() and g_convert_with_iconv()
Vala 0.38.0
===========
* Various bug fixes:
- Improve error output for incompatible method signatures
(Add CallableType as base for DelegateType, MethodType, SignalType)
- codegen:
+ Initialize temp-variable for fixed-size arrays to zero first [#787152]
+ Add support for "type-func" in ui-files [#787033]
* Bindings:
- gtk+-3.0,gtk+-4.0: Update
- libxml-2.0: Bind xmlLastElementChild and xmlPreviousElementSibling
- pangocairo: CairoFontMap.set_default() is not an instance method
- gio-2.0: Application.set_default() is not an instance method
Vala 0.37.91
============
* Various bug fixes:
- codegen:
+ Actually write declaration for GNodeTraverseFunc wrapper [#786845]
+ Don't transfer ownership of variable if target-type is unknown [#736774]
+ Adjust format-index for printf/scanf-methods which throw errors [#781061]
+ Use given dup_function for structs
- libvaladoc: Fix some -Wincompatible-pointer-types warnings
- tests: Fix some syntax issues [#786652]
- Add .editorconfig file [#786620]
* GIR parser:
- Better support of "cprefix" argument in metadata
- Support "cname" argument in metadata
* Bindings:
- Add javascriptcoregtk-4.0 and avoid skips in webkit2gtk*-4.0
- Update GIR-based bindings
- gtk+-3.0: Update to 3.22.19
Vala 0.37.90
============
* Various bug fixes:
- Fix some build-system problem
+ valadoc/tests: Add the source vapi directory to driver-test [#786505],
Add ./vala/.libs rather than ./gee/.libs to LD_LIBRARY_PATH
+ Explicitly link doclets against libvala-*.la [#786534]
+ Add missing include of Makefile.common
- vapigen: Mark given source-files as such and force girparser to handle them
- codegen: Include glib-object.h for Enums/Structs with type_id
* Bindings:
- gtk+-4.0: Make Gsk.Texturer.for_*() static factory methods
Vala 0.37.2
===========
* Various bug fixes:
- libvaladoc: Keep bootstrap-support with valac >= 0.16.1
- valadoc: Fix tests while bootstapping with valac < 0.31/32
* Bindings:
- glib-2.0: Update Unicode symbols
- gobject-2.0: Add required type_id attributes to all ParamSpec subclasses
- libgdata: Make Authorizer.reauth_* methods virtual [#779229]
- libxml-2.0: Update Xml.ParserOption [#785585]
- gtk+-4.0: Update to 3.91.2
- webkit2gtk-4.0: Update to 2.17.90
Vala 0.37.1
===========
* Highlights
- Don't warn about deprecated symbols if installed_version is older
- Add --gresourcesdir option [#783133]
- Install libvala-0.xx.vapi to "global" vapi directory
- Require and target GLib >= 2.40
- build: Make ccode and codegen private API
- build: Use --use-header for vala's libraries
- compiler: Add --color=WHEN option
- codegen: Use g_object_notify_by_pspec() to notify property-changes
- codegen: Use *_free_full to free GLib.List, GLib.SList and GLib.Queue
- codegen: Support renamed signals [#731547]
- Optimize (de)serialization of arrays with type-signature "ay" [#772426]
- Merge valadoc - Consider valadoc a part of vala's toolchain and
therefore let it live in the main repository (adds graphviz to the
build-requirements)
* Various bug fixes:
- Fix finally blocks with async yields [#741929]
- Handle non-null in coalescing expression [#611223]
- Make the task_complete flag for < 2.44 more similar to >= 2.44 [#783543]
- Nullable ValueType requires POINTER as marshaller signature [#783897]
- NoAccessorMethod attribute is allowed for gobject-properties only
- girparser: Fix parsing of delegate-alias without target
- compiler: Use API_VERSION instead of stripping PACKAGE_SUFFIX
- girwriter: Write length-parameters of arrays with rank > 1 [#758019]
- gdbus: Don't leak nested HashTable on deserialization [#782719]
- codewriter: Update timestamps of generated c-files if needed [#683286]
- tests: Use dbus-run-session instead of dbus-launch [#771455]
- codegenerator: Add source_reference parameter to CodeGenerator.store_*()
- Don't allow assigning delegate if no target/closure is available [#598869]
- gee: Add some useful symbols from gee-0.8
* Bindings:
- gio-2.0: Add DBusConnection 'closed' signal as 'on_closed' [#684358]
- gio-2.0: Use default 'length = null' for DataInputStream.read_line_utf8*
[#783351]
- glib-2.0,gobject-2.0: Updates from 2.53.x
- poppler-glib: Update to 0.54.0
- webkit2gtk-4.0: Update to 2.17.4
- gstreamer-1.0: Update to 1.13.0+
- libgvc: Add WITH_CGRAPH conditionals
Some highlights for 20.1:
- crypto, public_key: Extend crypto and public_key functions sign and
verify with:
- support for RSASSA-PS padding for signatures and for saltlength
setting
- X9.31 RSA padding.
- sha, sha224, sha256, sha384, and sha512 for dss signatures as
mentioned in NIST SP 800-57 Part 1.
- ripemd160 to be used for rsa signatures.
- A new tuple in crypto:supports/0 reports supported MAC algorithms.
- diameter:
- Add service option decode_format to allow incoming messages to be
decoded into maps instead of records.
- Decode performance has been improved.
- Add service/transport option avp_dictionaries to give better
support for dictionaries only defining AVPs.
- erts: Upgraded the ERTS internal PCRE library from version 8.40 to
version 8.41.
- erts, kernel, tools: Profiling with lock counting can now be fully
toggled at runtime in the lock counting emulator (-emu_type lcnt).
- erts: The zlib module has been refactored and all its operations
will now yield appropriately, allowing them to be used freely in
concurrent applications.
- erts, tools: Add erlang:iolist_to_iovec/1, which converts an
iolist() to an erlang:iovec(), which is suitable for use with
enif_inspect_iovec().
- erts: Add new nif API functions for managing an I/O Queue.
- observer/crashdump_viewer:
- Reading of crash dumps with many binaries is optimized.
- A progress bar is shown when the detail view for a process is
opened.
- The cdv script now sets ERL_CRASH_DUMP_SECONDS=0 to avoid
generating a new crash dump from the node running the Crashdump
Viewer.
- observer: Add system statistics and limits to frontpage in observer.
- public_key, ssl**: Improved error propagation and reports
- ssh: A new option modify_algorithms is implemented. It enables
specifying changes on the default algorithms list.
- tools/xref: The predefined Xref analysis locals_not_used now
understands the -on_load() attribute and does not report unused
functions.
- tools/fprof: When sampling multiple processes and analyzing with
totals set to true, the output now sums together all caller and
callee entries which concerns the same function.
Version 5.0.2:
Correct handling of import in child thread
Correct handling of “dis” module with Python 3.5.1
Correct handling of “multiprocess.process” module
Correct attempt to assign variable to an empty list
Improved README
Add hook for pythonnet package
Add hook for sqlite3 and improve win32file hook
Add FAQ entry
* Disable SunOS/Solaris support because newer bootstrap is not available
* Include Rust libraries and Cargo
Changelog:
Version 1.20.0 (2017-08-31)
Language
Associated constants are now stabilised.
A lot of macro bugs are now fixed.
Compiler
Struct fields are now properly coerced to the expected field type.
Enabled wasm LLVM backend WASM can now be built with the wasm32-experimental-emscripten target.
Changed some of the error messages to be more helpful.
Add support for RELRO(RELocation Read-Only) for platforms that support it.
rustc now reports the total number of errors on compilation failure previously this was only the number of errors in the pass that failed.
Expansion in rustc has been sped up 29x.
added msp430-none-elf target.
rustc will now suggest one-argument enum variant to fix type mismatch when applicable
Fixes backtraces on Redox
rustc now identifies different versions of same crate when absolute paths of different types match in an error message.
Libraries
Relaxed Debug constraints on {HashMap,BTreeMap}::{Keys,Values}.
Impl PartialEq, Eq, PartialOrd, Ord, Debug, Hash for unsized tuples.
Impl fmt::{Display, Debug} for Ref, RefMut, MutexGuard, RwLockReadGuard, RwLockWriteGuard
Impl Clone for DefaultHasher.
Impl Sync for SyncSender.
Impl FromStr for char
Fixed how {f32, f64}::{is_sign_negative, is_sign_positive} handles NaN.
allow messages in the unimplemented!() macro. ie. unimplemented!("Waiting for 1.21 to be stable")
pub(restricted) is now supported in the thread_local! macro.
Upgrade to Unicode 10.0.0
Reimplemented {f32, f64}::{min, max} in Rust instead of using CMath.
Skip the main thread's manual stack guard on Linux
Iterator::nth for ops::{Range, RangeFrom} is now done in O(1) time
#[repr(align(N))] attribute max number is now 2^31 - 1. This was previously 2^15.
{OsStr, Path}::Display now avoids allocations where possible
Stabilized APIs
CStr::into_c_string
CString::as_c_str
CString::into_boxed_c_str
Chain::get_mut
Chain::get_ref
Chain::into_inner
Option::get_or_insert_with
Option::get_or_insert
OsStr::into_os_string
OsString::into_boxed_os_str
Take::get_mut
Take::get_ref
Utf8Error::error_len
char::EscapeDebug
char::escape_debug
compile_error!
f32::from_bits
f32::to_bits
f64::from_bits
f64::to_bits
mem::ManuallyDrop
slice::sort_unstable_by_key
slice::sort_unstable_by
slice::sort_unstable
str::from_boxed_utf8_unchecked
str::as_bytes_mut
str::as_bytes_mut
str::from_utf8_mut
str::from_utf8_unchecked_mut
str::get_mut
str::get_unchecked_mut
str::get_unchecked
str::get
str::into_boxed_bytes
Cargo
Cargo API token location moved from ~/.cargo/config to ~/.cargo/credentials.
Cargo will now build main.rs binaries that are in sub-directories of src/bin. ie. Having src/bin/server/main.rs and src/bin/client/main.rs generates target/debug/server and target/debug/client
You can now specify version of a binary when installed through cargo install using --vers.
Added --no-fail-fast flag to cargo to run all benchmarks regardless of failure.
Changed the convention around which file is the crate root.
The include/exclude property in Cargo.toml now accepts gitignore paths instead of glob patterns. Glob patterns are now deprecated.
Compatibility Notes
Functions with 'static in their return types will now not be as usable as if they were using lifetime parameters instead.
The reimplementation of {f32, f64}::is_sign_{negative, positive} now takes the sign of NaN into account where previously didn't.
Version 1.19.0 (2017-07-20)
Language
Numeric fields can now be used for creating tuple structs. RFC 1506 For example struct Point(u32, u32); let x = Point { 0: 7, 1: 0 };.
Macro recursion limit increased to 1024 from 64.
Added lint for detecting unused macros.
loop can now return a value with break. RFC 1624 For example: let x = loop { break 7; };
C compatible unions are now available. RFC 1444 They can only contain Copy types and cannot have a Drop implementation. Example: union Foo { bar: u8, baz: usize }
Non capturing closures can now be coerced into fns, RFC 1558 Example: let foo: fn(u8) -> u8 = |v: u8| { v };
Compiler
Add support for bootstrapping the Rust compiler toolchain on Android.
Change arm-linux-androideabi to correspond to the armeabi official ABI. If you wish to continue targeting the armeabi-v7a ABI you should use --target armv7-linux-androideabi.
Fixed ICE when removing a source file between compilation sessions.
Minor optimisation of string operations.
Compiler error message is now aborting due to previous error(s) instead of aborting due to N previous errors This was previously inaccurate and would only count certain kinds of errors.
The compiler now supports Visual Studio 2017
The compiler is now built against LLVM 4.0.1 by default
Added a lot of new error codes
Added target-feature=+crt-static option RFC 1721 Which allows libraries with C Run-time Libraries(CRT) to be statically linked.
Fixed various ARM codegen bugs
Libraries
String now implements FromIterator<Cow<'a, str>> and Extend<Cow<'a, str>>
Vec now implements From<&mut [T]>
Box<[u8]> now implements From<Box<str>>
SplitWhitespace now implements Clone
[u8]::reverse is now 5x faster and [u16]::reverse is now 1.5x faster
eprint! and eprintln! macros added to prelude. Same as the print! macros, but for printing to stderr.
Stabilized APIs
OsString::shrink_to_fit
cmp::Reverse
Command::envs
thread::ThreadId
Cargo
Build scripts can now add environment variables to the environment the crate is being compiled in. Example: println!("cargo:rustc-env=FOO=bar");
Subcommands now replace the current process rather than spawning a new child process
Workspace members can now accept glob file patterns
Added --all flag to the cargo bench subcommand to run benchmarks of all the members in a given workspace.
Updated libssh2-sys to 0.2.6
Target directory path is now in the cargmetadata
Cargo no longer checks out a local working directory for the crates.io index This should provide smaller file size for the registry, and improve cloning times, especially on Windows machines.
Added an --exclude option for excluding certai using the --all option
Cargo will now automatically retry when receiving a 5xx error from crates.io
The --features option now accepts multiple comma or space delimited values.
Added support for custom target specific runners
Misc
Added ow prefer to download rust packages with XZ compression over GZip packages.
Added the ability to escape # in rust documentation By adding additional #'s ie. ## is now #
Compatibility Notes
MutexGuard<T> may only be Sync if T is Sync.
-Z flagning for a year previous to this.
As a result of the -Z flag change, the cargo-check plugin no longer works. Users should migrate to the built-in check command, which has been available since 1.16.
Ending a float literal with ._ is now a hard erro use ::self::foo; is now a hard error. self paths are always relative while the :: prefix makes a path absolute, but was ignored and the path was relative regardless.
Floating point constants in match patterns is now a hard error This was previously ts that don't derive PartialEq & Eq used match patterns is now a hard error This was previously a warning.
Lifetimes named '_ are no longer allowed. This was previously a warning.
From the pound escape, lines consisting of multiple #s are now visible
It is an error to reexport private enum variants. This is known to break a number of crates that depend on an older version of mustache.
On Windows, if VCINSTALLDIR is set incorrectly, rustc will try to use it to find the linker, and the build will fail where it did not previously
Version 1.18.0 (2017-06-08)
Language
Stabilize pub(restricted) pub can now accept a module path to make the item visible to just that module tree. Also accepts the keyword crate to make something public to the whole crate but not users of the library. Example: pub(crate) mod utils;. RFC 1422.
Stabilize #![windows_subsystem] attribute conservative exposure of the /SUBSYSTEM linker flag on Windows platforms. RFC 1665.
Refactor of trait object type parsing Now ty in macros can accept types like Write + Send, trailing + are now supported in trait objects, and better error reporting for trait objects starting with ?Sized.
0e+10 is now a valid floating point literal
Now warns if you bind a lifetime parameter to 'static
Tuples, Enum variant fields, and structs with no repr attribute or with #[repr(Rust)] are reordered to minimize padding and produce a smaller representation in some cases.
Compiler
rustc can now emit mir with --emit mir
Improved LLVM IR for trivial functions
Added explanation for E0090(Wrong number of lifetimes are supplied)
rustc compilation is now 15%-20% faster Thanks to optimisation opportunities found through profiling
Improved backtrace formatting when panicking
Libraries
Specialized Vec::from_iter being passed vec::IntoIter if the iterator hasn't been advanced the original Vec is reassembled with no actual iteration or reallocation.
Simplified HashMap Bucket interface provides performance improvements for iterating and cloning.
Specialize Vec::from_elem to use calloc
Fixed Race condition in fs::create_dir_all
No longer caching stdio on Windows
Optimized insertion sort in slice insertion sort in some cases 2.50%~ faster and in one case now 12.50% faster.
Optimized AtomicBool::fetch_nand
Stabilized APIs
Child::try_wait
HashMap::retain
HashSet::retain
PeekMut::pop
TcpStream::peek
UdpSocket::peek
UdpSocket::peek_from
Cargo
Added partial Pijul support Pijul is a version control system in Rust. You can now create new cargo projects with Pijul using cargo new --vcs pijul
Now always emits build script warnings for crates that fail to build
Added Android build support
Added --bins and --tests flags now you can build all programs of a certain type, for example cargo build --bins will build all binaries.
Added support for haiku
Misc
rustdoc can now use pulldown-cmark with the --enable-commonmark flag
Added rust-winbg script for better debugging on Windows
Rust now uses the official cross compiler for NetBSD
rustdoc now accepts # at the start of files
Fixed jemalloc support for musl
Compatibility Notes
Changes to how the 0 flag works in format! Padding zeroes are now always placed after the sign if it exists and before the digits. With the # flag the zeroes are placed after the prefix and before the digits.
Due to the struct field optimisation, using transmute on structs that have no repr attribute or #[repr(Rust)] will no longer work. This has always been undefined behavior, but is now more likely to break in practice.
The refactor of trait object type parsing fixed a bug where + was receiving the wrong priority parsing things like &for<'a> Tr<'a> + Send as &(for<'a> Tr<'a> + Send) instead of (&for<'a> Tr<'a>) + Send
Overlapping inherent impls are now a hard error
PartialOrd and Ord must agree on the ordering.
rustc main.rs -o out --emit=asm,llvm-ir Now will output out.asm and out.ll instead of only one of the filetypes.
calling a function that returns Self will no longer work when the size of Self cannot be statically determined.
rustc now builds with a "pthreads" flavour of MinGW for Windows GNU this has caused a few regressions namely:
Changed the link order of local static/dynamic libraries (respecting the order on given rather than having the compiler reorder).
Changed how MinGW is linked, native code linked to dynamic libraries may require manually linking to the gcc support library (for the native code itself)
Version 1.17.0 (2017-04-27)
Language
The lifetime of statics and consts defaults to 'static. RFC 1623
Fields of structs may be initialized without duplicating the field/variable names. RFC 1682
Self may be included in the where clause of impls. RFC 1647
When coercing to an unsized type lifetimes must be equal. That is, there is no subtyping between T and U when T: Unsize<U>. For example, coercing &mut [&'a X; N] to &mut [&'b X] requires 'a be equal to 'b. Soundness fix.
Values passed to the indexing operator, [], automatically coerce
Static variables may contain references to other statics
Compiler
Exit quickly on only --emit dep-info
Make -C relocation-model more correctly determine whether the linker creates a position-independent executable
Add -C overflow-checks to directly control whether integer overflow panics
The rustc type checker now checks items on demand instead of in a single in-order pass. This is mostly an internal refactoring in support of future work, including incremental type checking, but also resolves RFC 1647, allowing Self to appear in impl where clauses.
Optimize vtable loads
Turn off vectorization for Emscripten targets
Provide suggestions for unknown macros imported with use
Fix ICEs in path resolution
Strip exception handling code on Emscripten when panic=abort
Add clearer error message using &str + &str
Stabilized APIs
Arc::into_raw
Arc::from_raw
Arc::ptr_eq
Rc::into_raw
Rc::from_raw
Rc::ptr_eq
Ordering::then
Ordering::then_with
BTreeMap::range
BTreeMap::range_mut
collections::Bound
process::abort
ptr::read_unaligned
ptr::write_unaligned
Result::expect_err
Cell::swap
Cell::replace
Cell::into_inner
Cell::take
Libraries
BTreeMap and BTreeSet can iterate over ranges
Cell can store non-Copy types. RFC 1651
String implements FromIterator<&char>
Box implements a number of new conversions: From<Box<str>> for String, From<Box<[T]>> for Vec<T>, From<Box<CStr>> for CString, From<Box<OsStr>> for OsString, From<Box<Path>> for PathBuf, Into<Box<str>> for String, Into<Box<[T]>> for Vec<T>, Into<Box<CStr>> for CString, Into<Box<OsStr>> for OsString, Into<Box<Path>> for PathBuf, Default for Box<str>, Default for Box<CStr>, Default for Box<OsStr>, From<&CStr> for Box<CStr>, From<&OsStr> for Box<OsStr>, From<&Path> for Box<Path>
ffi::FromBytesWithNulError implements Error and Display
Specialize PartialOrd<A> for [A] where A: Ord
Slightly optimize slice::sort
Add ToString trait specialization for Cow<'a, str> and String
Box<[T]> implements From<&[T]> where T: Copy, Box<str> implements From<&str>
IpAddr implements From for various arrays. SocketAddr implements From<(I, u16)> where I: Into<IpAddr>
format! estimates the needed capacity before writing a string
Support unprivileged symlink creation in Windows
PathBuf implements Default
Implement PartialEq<[A]> for VecDeque<A>
HashMap resizes adaptively to guard against DOS attacks and poor hash functions.
Cargo
Add cargo check --all
Add an option to ignore SSL revocation checking
Add cargo run --package
Add required_features
Assume build.rs is a build script
Find workspace via workspace_root link in containing member
Misc
Documentation is rendered with mdbook instead of the obsolete, in-tree rustbook
The "Unstable Book" documents nightly-only features
Improve the style of the sidebar in rustdoc output
Configure build correctly on 64-bit CPU's with the armhf ABI
Fix MSP430 breakage due to i128
Preliminary Solaris/SPARCv9 support
rustc is linked statically on Windows MSVC targets, allowing it to run without installing the MSVC runtime.
rustdoc --test includes file names in test names
This release includes builds of std for sparc64-unknown-linux-gnu, aarch64-unknown-linux-fuchsia, and x86_64-unknown-linux-fuchsia.
Initial support for aarch64-unknown-freebsd
Initial support for i686-unknown-netbsd
This release no longer includes the old makefile build system. Rust is built with a custom build system, written in Rust, and with Cargo.
Add Debug implementations for libcollection structs
TypeId implements PartialOrd and Ord
--test-threads=0 produces an error
rustup installs documentation by default
The Rust source includes NatVis visualizations. These can be used by WinDbg and Visual Studio to improve the debugging experience.
Compatibility Notes
Rust 1.17 does not correctly detect the MSVC 2017 linker. As a workaround, either use MSVC 2015 or run vcvars.bat.
When coercing to an unsized type lifetimes must be equal. That is, disallow subtyping between T and U when T: Unsize<U>, e.g. coercing &mut [&'a X; N] to &mut [&'b X] requires 'a be equal to 'b. Soundness fix.
format! and Display::to_string panic if an underlying formatting implementation returns an error. Previously the error was silently ignored. It is incorrect for write_fmt to return an error when writing to a string.
In-tree crates are verified to be unstable. Previously, some minor crates were marked stable and could be accessed from the stable toolchain.
Rust git source no longer includes vendored crates. Those that need to build with vendored crates should build from release tarballs.
Fix inert attributes from proc_macro_derives
During crate resolution, rustc prefers a crate in the sysroot if two crates are otherwise identical. Unlikely to be encountered outside the Rust build system.
Fixed bugs around how type inference interacts with dead-code. The existing code generally ignores the type of dead-code unless a type-hint is provided; this can cause surprising inference interactions particularly around defaulting. The new code uniformly ignores the result type of dead-code.
Tuple-struct constructors with private fields are no longer visible
Lifetime parameters that do not appear in the arguments are now considered early-bound, resolving a soundness bug (#32330). The hr_lifetime_in_assoc_type future-compatibility lint has been in effect since April of 2016.
rustdoc: fix doctests with non-feature crate attributes
Make transmuting from fn item types to pointer-sized types a hard error
under NetBSD. Bump PKGREVISION
Rust language 1.20.0 uses these options and Rust build system uses it
as '-l tinfo' and our wrapper does not handle this.
nodejs 8.6.0
============
crypto
- Support for multiple ECDH curves.
dgram
- Added setMulticastInterface() API.
- Custom lookup functions are now supported.
n-api
- The command-line flag is no longer required to use N-API.
tls
- Docs-only deprecation of parseCertString().
nodejs 8.5.0
============
build
- Snapshots are now re-enabled in V8
console
- Implement minimal console.group().
deps
- upgrade libuv to 1.14.1
- update nghttp2 to v1.25.0
dns
- Add verbatim option to dns.lookup(). When true, results from the DNS
resolver are passed on as-is, without the reshuffling that Node.js
otherwise does that puts IPv4 addresses before IPv6 addresses.
fs
- add fs.copyFile and fs.copyFileSync which allows for more efficient
copying of files.
inspector
- Enable async stack traces
module
- Add support for ESM. This is currently behind the
--experimental-modules flag and requires the .mjs extension. node
--experimental-modules index.mjs
napi
- implement promise
os
- Add support for CIDR notation to the output of the networkInterfaces()
method.
perf_hooks
- An initial implementation of the Performance Timing API for Node.js.
This is the same Performance Timing API implemented by modern browsers
with a number of Node.js specific properties. The User Timing mark()
and measure() APIs are implemented.
tls
- multiple PFX in createSecureContext
SPARC
Support for the SPARC M8 processor has been added.
The switches -mfix-ut700 and -mfix-gr712rc have been added to work around an erratum in LEON3FT processors.
Use of the Floating-point Multiply Single to Double (FsMULd) instruction can now be controlled by the -mfsmuld and -fno-fsmuld options.
RTEMS
The Ada run-time support uses now thread-local storage (TLS).
Support for RISC-V has been added.
Support for 64-bit PowerPC using the ELFv2 ABI with 64-bit long double has been added.
Bug fixes: https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=7.2
Add a PRINT_PLIST_AWK to help avoid this being removed again in the future,
though with all the PLIST_VARS used it's still difficult to keep updated. It
is probably worth splitting the vars into individual PLIST files instead.
1.11.0:
- Pull request 178: `with_metaclass` now properly proxies `__prepare__` to the
underlying metaclass.
- Pull request 191: Allow `with_metaclass` to work with metaclasses implemented
in C.
- Pull request 203: Add parse_http_list and parse_keqv_list to moved
urllib.request.
- Pull request 172 and issue 171: Add unquote_to_bytes to moved urllib.parse.
- Pull request 167: Add `six.moves.getoutput`.
- Pull request 80: Add `six.moves.urllib_parse.splitvalue`.
- Pull request 75: Add `six.moves.email_mime_image`.
- Pull request 72: Avoid creating reference cycles through tracebacks in
`reraise`.
Python 2.7.14:
Core and Builtins
- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape.
- bpo-27945: Fixed various segfaults with dict when input collections are
mutated during searching, inserting or comparing. Based on patches by
Duane Griffin and Tim Mitchell.
- bpo-25794: Fixed type.__setattr__() and type.__delattr__() for
non-interned or unicode attribute names. Based on patch by Eryk Sun.
- bpo-29935: Fixed error messages in the index() method of tuple and list
when pass indices of wrong type.
- bpo-28598: Support __rmod__ for subclasses of str being called before
str.__mod__. Patch by Martijn Pieters.
- bpo-29602: Fix incorrect handling of signed zeros in complex constructor for
complex subclasses and for inputs having a __complex__ method. Patch
by Serhiy Storchaka.
- bpo-29347: Fixed possibly dereferencing undefined pointers
when creating weakref objects.
- Issue 14376: Allow sys.exit to accept longs as well as ints. Patch
by Gareth Rees.
- Issue 29028: Fixed possible use-after-free bugs in the subscription of the
buffer object with custom index object.
- Issue 29145: Fix overflow checks in string, bytearray and unicode.
Patch by jan matejek and Xiang Zhang.
- Issue 28932: Do not include <sys/random.h> if it does not exist.
Extension Modules
- bpo-31170: Update vendorized expat to 2.2.4.
- Issue 29169: Update zlib to 1.2.11.
Changes in version 1.5.0
Enhancements
------------
* [r14934] ABCL-INTROSPECT a contrib for accessing ABCL compiler
information (Alan).
* [r14907] ABCL-AIO all-in-one jar target creates dist/abcl-aio.jar (Alan).
* [r15009] Rework ABCL-BUILD as a contrib which uses UIOP machinery to
invoke Ant on <file:build.xml>, unifying all build mechanisms to a single
prescriptive source artifact external to Common-Lisp.
* [r14911] [r14955] [r14914] Source recording on SYS:SOURCE plist
PRECOMPILER possibly beta reduce form with function
position lambda, record arglist during Build
* [r14912] [r14922] Re-write the ASDF descriptions using secondary systems
* [r14917] build: 'abcl.clean.application.fasls' now cleans only ABCL fasls
* [r14923] Added Dockerfile to package ABCL in Docker
* [r14927] Build add ability to download Maven from Ant
* [r14931] Bless EXT:GET-PID as the offical way to get process id
* [r14947] JSS syntax for access Java fields (Alan)
* [r14962] JSS:J2LIST as a convenience method for turning "anything"
in Java to an appropriate Lisp list.
* [r14967] (Provisional) ABCL-ASDF JDK-JAR ASDF class to describe JDK
path locations (Alan).
* [r14969] Add QUICKLISP-ABCL:*QUICKLISP-PARENT-DIR* special (Alan).
* [r14978] Implement MAKE-LOAD-FORM for Java fields (Alan).
* [r15013] Restore the ability SYSTEM:CHOOSE-ASSEMBLER to use Objectweb
* [r15018] Enable use of MVN-MODULE in ASDF definitions (Alan).
* [r15019] Add NAMED-READTABLES from <https://github.com/melisgl/named-readtables>
* [r15062] ABCL-INTROSPECT 'javaparser.asd' definition adds a
SHARPSIGN-ONE-QUOTATION_MARK macro to evaluate arbitrary Java expressions
Fixes
-----
* [r14902] Fix CL:OPEN for :DIRECTION :INPUT (pipping)
* [r14903] JNEW-RUNTIME-CLASS Make static functions and :int
parameters work. Fix return conversion for null. Ensure that the
same classloader is used (olof).
* [r14905] ABCL-ASDF uses the value of the reported Maven home to look
for libraries, fixing loading CFFI under FreeBSD 11-RELEASE.
* [r14906] JSS:LOOKUP-CLASSNAME would return allcaps class name if not
found (alan).
* [r14909] QUICKLISP-ABCL simplify load/compile logic.
* [r14918] JAVA Remove generic Throwable handler from JAVA:JFIELD innards
* [r14919] ABCL-ASDF fix finding Maven on Fedora
* [r14926] ABCL-ASDF fix problems with test suite's reliance on PROVE
* [r14921] CL:DIRECTORY no longer errors on files containing asterisk characters
* [r14950] Fix restart calculation for compiled closures (Alan)
* [r14952] Guard printing of large Java objects (Alan)
* [r14953] Fix debugging frames which don't have a pathname (Alan)
* [r14956] Show function documentation in describe (Alan)
* [r14966] JAVA:CHAIN returns last value of computation (Alan)
* [r14973] ABCL-ASDF probes for "mvn" and "mvn.cmd" under Windows
* [r14974] Standardize the use of CL:*LOAD-VERBOSE* to control loading
verbosity.
* [r14976] Fix CL:GET-OUTPUT-STREAM-STRING to reset underlying buffer
* [r14979] Fix JavaObject.getParts() for Java arrays (Alan).
* [r14980] Fix SETF for EXT:URL-PATHNAME-FRAGMENT
* [r14987] Fix CL:MAKE-PATHNAME for explicitly nil HOST
* [r14996] Correctly implement 'time-of-the-time' daylight savings
semantics (Scott).
* [r15001] Fix signalling simple error with #\~ in CL:FORMAT string
(Alan).
* [r15002] Fix problems with SHARED-INITIALIZE (Olof).
* [r15003] Fix ENSURE-GENERIC-FUNCTION when removing definition (Olof).
* [r15004] Fix DESTRUCTURING-BIND with &rest arguments (Olof)
* [r15024] Optimise LOGCOUNT (Olof).
* [r15026] Support bignum argument for FILE-POSITION (Olof).
* [r15032] Better directory validation; handle :UNSPECIFIC (Olof).
* [r15033] Fix LOOP code size estimation (Olof).
* [r15034] Fix NTH inlining type mismatch (Olof).
* [r15035] Fix byte code verification error in edge case (Olof).
* [r15036] Fix PACKAGE-ERROR-PACKAGE behaviour (Olof).
* [r15037] Fix MAX type derivation (Olof).
* [r15038] Fix NPE if directory can't be accessed (Olof).
* [r15044] Documentation renders less/greater-than characters correctly (Olof).
Updates
-------
* ASDF 3.2.1
New in version 1.3.21
- minor incompatible change: the CLOBBER-IT restart for defstruct
redefintion has been removed after a 15 year deprecation cycle.
Use the new name, RECKLESSLY-CONTINUE. Note also that this restart
is hidden if deemed unsafe due to altered placement of untagged slots
in the structure.
- enhancement: the assignment of -DSBCL_PREFIX= in src/runtime/GNUmakefile
can be removed as a local patch, which results in an sbcl executable
that finds its core file relative to itself by looking in "../lib/sbcl".
- enhancement: backends using the generational GC are able to relocate
dynamic space anywhere the operating system places it. This feature
can be disabled by removing :relocatable-heap from the build configuration.
Not supported on Windows.
- enhancement: DEFMETHOD no longer signals IMPLICIT-GENERIC-FUNCTION-WARNING.
- enhancement: better type conflict detection for high order functions,
e.g. (find x "123" :test #'=)
- enhancement: the tabular output of ROOM is aligned dynamically,
preventing misaligned tables for larger sizes or counts.
- enhancement: ROOM reports on immobile space if applicable.
- optimization: optimized external-format routines.
- bug fix: SB-INTROSPECT:ALLOCATION-INFORMATION returns :IMMOBILE
instead of :FOREIGN for objects in immobile space.
- bug fix: dotted lists in special forms and function call forms signal
an appropriate error
- bug fix: EQUALP hash tables with pathname keys now ignore internal slots.
(#1712944, reported by Jason Miller)
New in version 1.3.20
- minor incompatible change: DEF{GENERIC,METHOD} no longer accept
some illegal lambda lists such as (defgeneric bar (foo &key foo))
or (defgeneric baz (t)) that were accepted before.
- optimization: a valueless &AUX binding in a BOA constructor does not
force all slots reads in safe code to perform a full type check.
- optimization: ATOMIC-PUSH and ATOMIC-POP generate better code
- bug fix: the low-level debugger would erroneously print - or not print
as the case may be - "(bad-address)" for some objects depending whether
the --dynamic-space-size argument was used at Lisp startup
- bug fix: a DEFCONSTANT with a non non-eql-comparable object as the value
could cause miscompilation if that constant appeared as the default
expression for an &OPTIONAL binding
- bug fix: generic function lambda lists are now checked for repeated
and otherwise illegal entries. (#1704114)
- bug fix: setting gencgc_verbose = 1 could cause deadlock in fprintf()
depending on the platform's stdio implementation. The relevant code
has been changed to use snprintf() and write() instead.
New in version 1.3.19
- enhancement: specialized arrays can be printed readably without using
*read-eval*
- enhancement: SB-DEBUG:PRINT-BACKTRACE truncates huge string arguments.
The full string remains available for inspection via (SB-DEBUG:ARG).
- bug fix: backtracing from several threads at once could fail
- bug fix: floating-point infinities could not be used as keys in EQUALP
hash tables. (#1696274)
- bug fix: random sb-fasteval failures. (#1642708)
- bug fix: align the stack in callback wrappers to defend against C compiler
over-aggressive use of SIMD. (#1697528)
- bug fix: don't try to find the class when reporting that a class does not
exist for a primitive type. (#1697226)
Ruby 2.4.2 Released Posted by nagachika on 14 Sep 2017
We are pleased to announce the release of Ruby 2.4.2. This release contains
some security fixes.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docod
* CVE-2017-14064: Heap exposure in generating JSON
* Multiple vulnerabilities in RubyGems
* Update bundled libyaml to version 0.1.7.
There are also many bug-fixes. See commit logs for more details.
ruby23 packages to 2.3.5.
pkgsrc change: clean up PLIST.
Ruby 2.3.5 Released Posted by usa on 14 Sep 2017
Ruby 2.3.5 has been released.
This release includes about 70 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* Multiple vulnerabilities in RubyGems
* Updated bundled libyaml to version 0.1.7
See the ChangeLog for details.
pkgsrc change: clean up PILST.
Ruby 2.2.8 Released Posted by usa on 14 Sep 2017
Ruby 2.2.8 has been released. This release includes several security
fixes. Please check the topics below for details.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* Multiple vulnerabilities in RubyGems
* Updated bundled libyaml to version 0.1.7
Ruby 2.2 is now under the state of the security maintenance phase, until the
endo of the March of 2018. After the date, maintenance of Ruby 2.2 will be
ended. We recommend you start planning migration to newer versions of Ruby,
such as 2.4 or 2.3.
- Fix#5380: Default colors for CoqIDE are actually applied.
- Fix plugin warnings
- Document named evars (including Show ident)
- Fix Bug #5574, document function scope
- Adding a test case as requested in bug 5205.
- Fix Bug #5568, no dup notation warnings on repeated module imports
- Fix documentation of Typeclasses eauto :=
- Refactor documentation of records.
- Protecting from warnings while compiling 8.6
- Fixing an inconsistency between configure and configure.ml
- Add test-suite checks for coqchk with constraints
- Fix bug #5019 (looping zify on dependent types)
- Fix bug 5550: "typeclasses eauto with" does not work with section variables.
- Bug 5546, qualify datatype constructors when needed in Show Match
- Bug #5535, test for Show with -emacs
- Fix bug #5486, don't reverse ids in tuples
- Fixing #5522 (anomaly with free vars of pat)
- Fix bug #5526, don't check for nonlinearity in notation if printing only
- Fix bug #5255
- Fix bug #3659: -time should understand multibyte encodings.
- FIx bug #5300: Anomaly: Uncaught exception Not_found" in "Print Assumptions".
- Fix outdated description in RefMan.
- Repairing `Set Rewriting Schemes`
- Fixing #5487 (v8.5 regression on ltac-matching expressions with evars).
- Fix description of command-line arguments for Add (Rec) LoadPath
- Fix bug #5377: @? patterns broken.
- add XML protocol doc
- Fix anomaly when doing [all:Check _.] during a proof.
- Correction of bug #4306
- Fix#5435: [Eval native_compute in] raises anomaly.
- Instances should obey universe binders even when defined by tactics.
- Intern names bound in match patterns
- funind: Ignore missing info for current function
- Do not typecheck twice the type of opaque constants.
- show unused intro pattern warning
- [future] Be eager when "chaining" already resolved future values.
- Opaque side effects
- Fix#5132: coq_makefile generates incorrect install goal
- Run non-tactic comands without resilient_command
- Univs: fix bug #5365, generation of u+k <= v constraints
- make `emit' tail recursive
- Don't require printing-only notation to be productive
- Fix the way setoid_rewrite handles bindings.
- Fix for bug 5244 - set printing width ignored when given enough space
- Fix bug 4969, autoapply was not tagging shelved subgoals correctly
Package changes: PLIST cleanup, and added some options for native
compilation.
Changes from ocaml 4.04.2 include (MPR and GPR changed to M and G to not
trigger our CVS hooks):
(Changes that can break existing programs are marked with a "*")
### Language features:
### Code generation and optimizations:
- M#7201, G#954: Correct wrong optimisation of "0 / <expr>"
and "0 mod <expr>" in the case when <expr> was a non-constant
evaluating to zero
(Mark Shinwell, review by Gabriel Scherer, Leo White and Xavier Leroy)
- M#7357, G#832: Improve compilation time for toplevel
include(struct ... end : sig ... end)
(Alain Frisch, report by Hongbo Zhang, review by Jacques Garrigue)
- M#7533, G#1173: Correctly perform side effects for certain
cases of "/" and "mod"
(Mark Shinwell, report by Jan Mitgaard)
- G#504: Instrumentation support for fuzzing with afl-fuzz.
(Stephen Dolan, review by Alain Frisch, Pierre Chambart, Mark
Shinwell, Gabriel Scherer and Damien Doligez)
- G#863, G#1068, G#1069: Optimise matches with constant
results to lookup tables.
(Stephen Dolan, review by Gabriel Scherer, Pierre Chambart,
Mark Shinwell, and bug report by Gabriel Scherer)
- G#1150: Fix typo in arm64 assembler directives
(KC Sivaramakrishnan)
### Runtime system:
- M#385, G#953: Add caml_startup_exn
(Mark Shinwell)
- M#7423, G#946: expose new exception-raising functions
`void caml_{failwith,invalid_argument}_value(value msg)`
in addition to
`void caml_{failwith,invalid_argument}(char const *msg)`.
The previous functions would not free their message argument, so
were inconvient for dynamically-allocated messages; the messages
passed to the new functions are handled by the garbage collector.
(Gabriel Scherer, review by Mark Shinwell, request by Immanuel Litzroth)
- M#7557, G#1213: More security for getenv
(Damien Doligez, reports by Seth Arnold and Eric Milliken, review by
Xavier Leroy, David Allsopp, Stephen Dolan, Hannes Mehnert)
- G#795: remove 256-character limitation on Sys.executable_name
(Xavier Leroy)
- G#891: Use -fno-builtin-memcmp when building runtime with gcc.
(Leo White)
### Type system:
- M#6608, G#901: unify record types when overriding all fields
(Tadeu Zagallo and Gabriel Scherer, report by Jeremy Yallop,
review by David Allsopp, Jacques Garrigue)
* M#7414, G#929: Soundness bug with non-generalized type variables and
functors.
(compatibility: some code using module-global mutable state will
fail at compile-time and is fixed by adding extra annotations;
see the Mantis and Github discussions.)
(Jacques Garrigue, report by Leo White)
### Compiler user-interface and warnings:
- M#7050, G#748 G#843 G#864: new `-args/-args0 <file>` parameters to
provide extra command-line arguments in a file -- see documentation.
User programs may implement similar options using the new `Expand`
constructor of the `Arg` module.
(Bernhard Schommer, review by J?r?mie Dimino, Gabriel Scherer
and Damien Doligez, discussion with Alain Frisch and Xavier Leroy,
feature request from the Coq team)
- M#7137, G#960: "-open" command line flag now accepts
a module path (not a module name)
(Arseniy Alekseyev and Leo White)
- M#7172, G#970: add extra (ocamlc -config) options
int_size, word_size, ext_exe
(Gabriel Scherer, request by Daniel B?nzli)
- M#7315, G#736: refine some error locations
(Gabriel Scherer and Alain Frisch, report by Matej Ko??k)
- M#7473, G#1025: perform proper globbing for command-line arguments on
Windows
(Jonathan Protzenko)
- M#7479: make sure "ocamlc -pack" is only given .cmo and .cmi files,
and that "ocamlopt -pack" is only given .cmx and .cmi files.
(Xavier Leroy)
- G#796: allow compiler plugins to declare their own arguments.
(Fabrice Le Fessant)
- G#829: better error when opening a module aliased to a functor
(Alain Frisch)
- G#911: ocamlc/ocamlopt do not pass warnings-related options to C
compiler when called to compile third-party C source files
(S?bastien Hinderer, review by Adrien Nader and David Allsopp)
- G#915: fix -dsource (pprintast.ml) bugs
(Runhang Li, review by Alain Frisch)
* G#933: ocamlopt -p now reports an error on platforms that do not
support profiling with gprof; dummy profiling libraries are no longer
installed on such platforms.
This can be tested with ocamlopt -config
(S?bastien Hinderer)
- G#1009: "ocamlc -c -linkall" and "ocamlopt -c -linkall" can now be used
to set the "always link" flag on individual compilation units. This
controls linking with finer granularity than "-a -linkall", which sets
the "always link" flag on all units of the given library.
(Xavier Leroy)
- G#1015: add option "-plugin PLUGIN" to ocamldep too. Use compilerlibs
to build ocamldep. Add option "-depend" to ocamlc/ocamlopt to behave
as ocamldep. Remove any use of ocamldep to build the distribution.
(Fabrice Le Fessant)
- G#1027: various improvements to -dtimings, mostly including time
spent in subprocesses like preprocessors
(Valentin Gatien-Baron, review by Gabriel Scherer)
- G#1098: the compiler now takes the boolean "OCAML_COLOR" environment
variable into account if "-color" is not provided. This allows users
to override the default behaviour without modifying invocations of ocaml
manually.
(Hannes Mehnert, Guillaume Bury,
review by Daniel B?nzli, Gabriel Scherer, Damien Doligez)
### Standard library:
- M#6975, G#902: Truncate function added to stdlib Buffer module
(Dhruv Makwana, review by Alain Frisch and Gabriel Scherer)
- M#7279, G#710: `Weak.get_copy` `Ephemeron.*_copy` doesn't copy
custom blocks anymore
(Fran?ois Bobot, Alain Frisch, bug reported by Martin R. Neuh?u?er,
review by Thomas Braibant and Damien Doligez)
* M#7500, G#1081: Remove Uchar.dump
(Daniel B?nzli)
- G#760: Add a functions List.compare_lengths and
List.compare_length_with to avoid full list length computations
(Fabrice Le Fessant, review by Leo White, Josh Berdine and Gabriel Scherer)
- G#778: Arg: added option Expand that allows to expand a string
argument to a string array of new arguments
(Bernhard Schommer, review by Gabriel Scherer and J?r?mie Dimino)
- G#849: Expose a Spacetime.enabled value
(Leo White)
- G#885: Option-returning variants of stdlib functions
(Alain Frisch, review by David Allsopp and Bart Jacobs)
- G#869: Add find_first, find_first_opt, find_last, find_last_opt to
maps and sets. Find the first or last binding or element
satisfying a monotonic predicate.
(Gabriel de Perthuis, with contributions from Alain Frisch, review by
Hezekiah M. Carty and Simon Cruanes, initial report by Gerd Stolpmann)
- G#875: Add missing functions to ArrayLabels, BytesLabels,
ListLabels, MoreLabels, StringLabels so they are compatible with
non-labeled counterparts. Also add missing @@ocaml.deprecated attributes
in StringLabels and BytesLabels.
(Roma Sokolov, review by Gabriel Scherer, Jacques Garrigue,
Gabriel Radanne, Alain Frisch)
- G#999: Arg, do not repeat the usage message thrice when reporting an error
(this was a regression in 4.03)
(Florian Angeletti, review by Gabriel Scherer)
- G#1042: Fix escaping of command-line arguments in
Unix.create_process{,_env} under Windows. Arguments with tabs should now
be received verbatim by the child process.
(Nicolas Ojeda Bar, Andreas Hauptmann review by Xavier Leroy)
### Debugging and profiling:
- M#7258: ocamldebug's "install_printer" command had problems with
module aliases
(Xavier Leroy)
- G#378: Add [Printexc.raise_with_backtrace] to raise an exception using
an explicit backtrace
(Fran?ois Bobot, review by Gabriel Scherer, Xavier Leroy, Damien Doligez,
Fr?d?ric Bour)
### Manual and documentation:
- M#6597, G#1030: add forward references to language extensions
that extend non-terminal symbols in the language reference section.
(Florian Angeletti, review by Gabriel Scherer)
- M#7497, G#1095: manual, enable numbering for table of contents
(Florian Angeletti, request by Daniel B?nzli)
- M#7539, G#1181: manual, update dead links in ocamldoc chapter
(Florian Angeletti)
- G#633: manpage and manual documentation for the `-opaque` option
(Konstantin Romanov, Gabriel Scherer, review by Mark Shinwell)
- G#751, G#925: add a HACKING.adoc file to contain various
tips and tricks for people hacking on the repository. See also
CONTRIBUTING.md for advice on sending contributions upstream.
(Gabriel Scherer and Gabriel Radanne, review by David Allsopp,
inspired by John Whitington)
- G#916: new tool lintapidiff, use it to update the manual with
@since annotations for API changes introduced between 4.00-4.05.
(Edwin T?r?k, review by Gabriel Scherer, discussion with Alain Frisch,
David Allsopp, S?bastien Hinderer, Damien Doligez and Xavier Leroy)
- G#939: activate the caml_example environment in the language
extensions section of the manual. Convert some existing code
examples to this format.
(Florian Angeletti)
- G#1082: clarify that the use of quoted string for preprocessed
foreign quotations still requires the use of an extension node
[%foo ...] to mark non-standard interpretation.
(Gabriel Scherer, request by Matthew Wahab in G#1066,
review by Florian Angeletti)
### Other libraries:
- M#7158: Event.sync, Mutex.create, Condition.create cause too many GCs.
The fix is to no longer consider mutexes and condition variables
as rare kernel resources.
(Xavier Leroy)
- M#7264: document the different behaviors of Unix.lockf under POSIX
and under Win32.
(Xavier Leroy, report by David Allsopp)
- M#7339, G#787: Support the '0 dimension' case for bigarrays
(see Bigarray documentation)
(Laurent Mazare,
review by Gabriel Scherer, Alain Frisch and Hezekiah M. Carty)
* M#7342, G#797: fix Unix.read on pipes with no data left on Windows
it previously raised an EPIPE error, it now returns 0 like other OSes
(Jonathan Protzenko, review by Andreas Hauptmann and Damien Doligez)
- G#650: in the Unix library, add `?cloexec:bool` optional arguments to
functions that create file descriptors (`dup`, `dup2`, `pipe`, `socket`,
`socketpair`, `accept`). Implement these optional arguments in the
most atomic manner provided by the operating system to set (or clear)
the close-on-exec flag at the same time the file descriptor is created,
reducing the risk of race conditions with `exec` or `create_process`
calls running in other threads, and improving security. Also: add a
`O_KEEPEXEC` flag for `openfile` by symmetry with `O_CLOEXEC`.
(Xavier Leroy, review by Mark Shinwell, David Allsopp and Alain Frisch,
request by Romain Beauxis)
- G#996: correctly update caml_top_of_stack in systhreads
(Fabrice Le Fessant)
- G#997, G#1077: Deprecate Bigarray.*.map_file and add Unix.map_file as a
first step towards moving Bigarray to the stdlib
(J?r?mie Dimino and Xavier Leroy)
### Toplevel:
- M#7060, G#1035: Print exceptions in installed custom printers
(Tadeu Zagallo, review by David Allsopp)
### Tools:
- M#5163: ocamlobjinfo, dump globals defined by bytecode executables
(St?phane Glondu)
- M#7333: ocamldoc, use the first sentence of text file as
a short description in overviews.
(Florian Angeletti)
- G#848: ocamldoc, escape link targets in HTML output
(Etienne Millon, review by Gabriel Scherer, Florian Angeletti and
Daniel B?nzli)
- G#986: ocamldoc, use relative paths in error message
to solve ocamlbuild+doc usability issue (ocaml/ocamlbuild#79)
(Gabriel Scherer, review by Florian Angeletti, discussion with Daniel B?nzli)
- G#1017: ocamldoc, add an option to detect code fragments that could be
transformed into a cross-reference to a known element.
(Florian Angeletti, review and suggestion by David Allsopp)
- clarify ocamldoc text parsing error messages
(Gabriel Scherer)
### Compiler distribution build system:
- M#7377: remove -std=gnu99 for newer gcc versions
(Damien Doligez, report by ygrek)
- M#7452, G#1228: tweak GCC options to try to avoid the
Skylake/Kaby lake bug
(Damien Doligez, review by David Allsopp, Xavier Leroy and Mark Shinwell)
- G#693: fail on unexpected errors or warnings within caml_example
environment.
(Florian Angeletti)
- G#803: new ocamllex-based tool to extract bytecode compiler
opcode information from C headers.
(Nicolas Ojeda Bar)
- G#827: install missing mli and cmti files, new make target
install-compiler-sources for installation of compiler-libs ml files
(Hendrik Tews)
- G#887: allow -with-frame-pointers if clang is used as compiler on Linux
(Bernhard Schommer)
- G#898: fix locale-dependence of primitive list order,
detected through reproducible-builds.org.
(Hannes Mehnert, review by Gabriel Scherer and Ximin Luo)
- G#907: Remove unused variable from the build system
(S?bastien Hinderer, review by whitequark, Gabriel Scherer, Adrien Nader)
- G#911: Clarify the use of C compiler related variables in the build system.
(S?bastien Hinderer, review by Adrien Nader, Alain Frisch, David Allsopp)
- G#919: use clang as preprocessor assembler if clang is used as compiler
(Bernhard Schommer)
- G#927: improve the detection of hashbang support in the configure script
(Arma?l Gu?neau)
- G#932: install ocaml{c,lex}->ocaml{c,lex}.byte symlink correctly
when the opt target is built but opt.opt target is not.
(whitequark, review by Gabriel Scherer)
- G#935: allow build in Android's termux
(ygrek, review by Gabriel Scherer)
- G#984: Fix compilation of compiler distribution when Spacetime
enabled
(Mark Shinwell)
- G#991: On Windows, fix installation when native compiler is not
built
(S?bastien Hinderer, review by David Allsopp)
- G#1033: merge Unix and Windows build systems in the root directory
(S?bastien Hinderer, review by Damien Doligez and Adrien Nader)
- G#1047: Make .depend files generated for C sources more portable
(S?bastien Hinderer, review by Xavier Leroy and David Allsopp)
- G#1076: Simplify ocamlyacc's build system
(S?bastien Hinderer, review by David Allsopp)
### Compiler distribution build system: Makefile factorization
The compiler distribution build system (the set of Makefiles used to
build the compiler distribution) traditionally had separate Makefiles
for Unix and Windows, which lead to some amount of duplication and
subtle differences and technical debt in general -- for people working
on the compiler distribution, but also cross-compilation or porting to
new systems. During the 4.05 development period, S?bastien Hinderer
worked on harmonizing the build rules and merging the two build
systems.
* Some changes were made to the config/Makefile file which
is exported as $(ocamlc -where)/Makefile.config, and on
which some advanced users might rely. The changes are
as follows:
- a BYTERUN variable was added that points to the installed ocamlrun
- the PARTIALLD variable was removed (PACKLD is more complete)
- the always-empty DLLCCCOMPOPTS was removed
- the SHARED variable was removed; its value is "shared" or "noshared",
which duplicates the existing and more convenient
SUPPORTS_SHARED_LIBRARIES variable whose value is "true" or "false".
Note that Makefile.config may change further in the future and relying
on it is a bit fragile. We plan to make `ocamlc -config` easier to use
for scripting purposes, and have a stable interface there. If you rely
on Makefile.config, you may want to get in touch with S?bastien Hinderer
or participate to M#7116 (Allow easy retrieval of Makefile.config's values)
or M#7172 (More information in ocamlc -config).
The complete list of changes is listed below.
- G#705: update Makefile.nt so that ocamlnat compiles
for non-Cygwin Windows ports.
(S?bastien Hinderer, review by Alain Frisch)
- G#729: Make sure ocamlnat is built with a $(EXE) extension, merge
rules between Unix and Windows Makefiles
(S?bastien Hinderer, review by Alain Frisch)
- G#762: Merge build systems in the yacc/ directory.
(S?bastien Hinderer, review by David Allsopp, Alain Frisch)
- G#764: Merge build systems in the debugger/ directory.
(S?bastien Hinderer, review by Alain Frisch)
- G#785: Merge build systems in otherlibs/systhreads/
(S?bastien Hinderer, review by Alain Frisch, David Allsopp,
testing and regression fix by J?r?mie Dimino)
- G#788: Merge build systems in subdirectories of otherlibs/.
(S?bastien Hinderer, review by Alain Frisch)
- G#808, G#906: Merge Unix and Windows build systems
in the ocamldoc/ directory
(S?bastien Hinderer, review by Alain Frisch)
- G#812: Merge build systems in the tools/ subdirectory
(S?bastien Hinderer, review by Alain Frisch)
- G#866: Merge build systems in the stdlib/ directory
(S?bastien Hinderer, review by David Allsopp and Adrien Nader)
- G#941: Merge Unix and Windows build systems in the asmrun/ directory
(S?bastien Hinderer, review by Mark Shinwell, Adrien Nader,
Xavier Leroy, David Allsopp, Damien Doligez)
- G#981: Merge build systems in the byterun/ directory
(S?bastien Hinderer, review by Adrien Nader)
- G#1033, G#1048: Merge build systems in the root directory
(S?bastien Hinderer, review by Adrien Nader and Damien Doligez,
testing and regression fix by Andreas Hauptmann)
### Internal/compiler-libs changes:
- G#673: distinguish initialization of block fields from mutation in lambda.
(Fr?d?ric Bour, review by Xavier Leroy, Stephen Dolan and Mark Shinwell)
- G#744, G#781: fix duplicate self-reference in imported cmi_crcs
list in .cmti files + avoid rebuilding cmi_info record when creating
.cmti files
(Alain Frisch, report by Daniel B?nzli, review by J?r?mie Dimino)
- G#881: change `Outcometree.out_variant` to be more general.
`Ovar_name of out_ident * out_type list` becomes `Ovar_type of out_type`.
(Valentin Gatien-Baron, review by Leo White)
- G#908: refactor PIC-handling in the s390x backend
(Gabriel Scherer, review by Xavier Leroy and Mark Shinwell)
### Bug fixes
- M#5115: protect all byterun/fail.c functions against
uninitialized caml_global_data (only changes the bytecode behavior)
(Gabriel Scherer, review by Xavier Leroy)
- M#6136, G#967: Fix Closure so that overapplication evaluation order
matches the bytecode compiler and Flambda.
(Mark Shinwell, report by Jeremy Yallop, review by Fr?d?ric Bour)
- M#6550, G#1094: Allow creation of empty .cmxa files on macOS
(Mark Shinwell)
- M#6594, G#955: Remove "Istore_symbol" specific operation on x86-64.
This is more robust and in particular avoids assembly failures on Win64.
(Mark Shinwell, review by Xavier Leroy, testing by David Allsopp and
Olivier Andrieu)
- M#6903: Unix.execvpe doesn't change environment on Cygwin
(Xavier Leroy, report by Adrien Nader)
- M#6987: Strange error message probably caused by
universal variable escape (with polymorphic variants)
(Jacques Garrigue, report by Mikhail Mandrykin and Leo White)
- M#7216, G#949: don't require double parens in Functor((val x))
(Jacques Garrigue, review by Valentin Gatien-Baron)
- M#7331: ocamldoc, avoid infinite loop in presence of self alias,
i.e. module rec M:sig end = M
(Florian Angeletti, review Gabriel Scherer)
- M#7346, G#966: Fix evaluation order problem whereby expressions could
be incorrectly re-ordered when compiling with Flambda. This also fixes one
example of evaluation order in the native code compiler not matching the
bytecode compiler (even when not using Flambda)
(Mark Shinwell, Leo White, code review by Pierre Chambart)
- M#7348: Private row variables can escape their scope
(Jacques Garrigue, report by Leo White)
- M#7407: Two not-quite-standard C idioms rejected by SUNWSPro compilers
(Xavier Leroy)
- M#7421: Soundness bug with GADTs and lazy
(Jacques Garrigue, report by Leo White)
- M#7424: Typechecker diverges on unboxed type declaration
(Jacques Garrigue, report by Stephen Dolan)
- M#7426, G#965: Fix fatal error during object compilation (also
introduces new [Pfield_computed] and [Psetfield_computed] primitives)
(Mark Shinwell, report by Ulrich Singer)
- M#7427, G#959: Don't delete let bodies in Cmmgen
(Mark Shinwell, report by Valentin Gatien-Baron)
- M#7432: Linking modules compiled with -labels and -nolabels is not safe
(Jacques Garrigue, report by Jeremy Yallop)
- M#7437: typing assert failure with nonrec priv
(Jacques Garrigue, report by Anil Madhavapeddy)
- M#7438: warning +34 exposes #row with private types
(Alain Frisch, report by Anil Madhavapeddy)
- M#7443, G#990: spurious unused open warning with local open in patterns
(Florian Angeletti, report by Gabriel Scherer)
- M#7456, G#1092: fix slow compilation on source files containing a lot
of similar debugging information location entries
(Mark Shinwell)
- M#7504: fix warning 8 with unconstrained records
(Florian Angeletti, report by John Whitington)
- M#7511, G#1133: Unboxed type with unboxed argument should not be accepted
(Damien Doligez, review by Jeremy Yallop and Leo White)
- G#805, G#815, G#833: check for integer overflow in String.concat
(Jeremy Yallop,
review by Damien Doligez, Alain Frisch, Daniel B?nzli, Fabrice Le Fessant)
- G#881: short-paths did not apply to some polymorphic variants
(Valentin Gatien-Baron, review by Leo White)
- G#886: Fix Ctype.moregeneral's handling of row_name
(Leo White, review by Jacques Garrigue)
- G#934: check for integer overflow in Bytes.extend
(Jeremy Yallop, review by Gabriel Scherer)
- G#956: Keep possibly-effectful expressions when optimizing multiplication
by zero.
(Jeremy Yallop, review by Nicol?s Ojeda B?r, Xavier Leroy and Mark Shinwell)
- G#977: Catch Out_of_range in ocamldebug's "list" command
(Yunxing Dai)
- G#983: Avoid removing effectful expressions in Closure, and
eliminate more non-effectful ones
(Alain Frisch, review by Mark Shinwell and Gabriel Scherer)
- G#987: alloc_sockaddr: don't assume a null terminator. It is not inserted
on macOS by system calls that fill in a struct sockaddr (e.g. getsockname).
(Anton Bachin)
- G#998: Do not delete unused closures in un_anf.ml.
(Leo White, review by Mark Shinwell and Pierre Chambart)
- G#1019: Fix fatal error in Flambda mode "[functions] does not map set of
closures ID"
(Pierre Chambart, code review by Mark Shinwell and Leo White)
- G#1075: Ensure that zero-sized float arrays have zero tags.
(Mark Shinwell, Leo White, review by Xavier Leroy)
* G#1088: Gc.minor_words now returns accurate numbers.
(compatibility: the .mli declaration of `Gc.minor_words`
and `Gc.get_minor_free` changed, which may break libraries
re-exporting these values.)
(Stephen Dolan, review by Pierre Chambart and Xavier Leroy)
- build: Codesigning is fixed on macOS
- deps: Snapshots are turned back on!!!
- path: win32 volume-relative paths are working again!
- tools: v6.x can now build with ICU 59
NetBSD (8.99.2)'s "/bin/tar" fails to handle the extented headers
and extracts files into the wrong directory. This in turn least
to package list problems during the installation phase.
The latest Go release, version 1.9, arrives six months after Go 1.8 and
is the tenth release in the Go 1.x series. There are two changes to the
language: adding support for type aliases and defining when
implementations may fuse floating point operations. Most of the changes
are in the implementation of the toolchain, runtime, and libraries. As
always, the release maintains the Go 1 promise of compatibility. We
expect almost all Go programs to continue to compile and run as before.
The release adds transparent monotonic time support, parallelizes
compilation of functions within a package, better supports test helper
functions, includes a new bit manipulation package, and has a new
concurrent map type.
There are some instabilities on FreeBSD that are known but not
understood. These can lead to program crashes in rare cases. See issue
15658. Any help in solving this FreeBSD-specific issue would be
appreciated.
Go stopped running NetBSD builders during the Go 1.9 development cycle
due to NetBSD kernel crashes, up to and including NetBSD 7.1. As Go 1.9
is being released, NetBSD 7.1.1 is being released with a fix. However,
at this time we have no NetBSD builders passing our test suite. Any help
investigating the various NetBSD issues would be appreciated.
"The bitrot will continue until morale improves."
Go 1.4 is only used as a bootstrap helper to compile a more recent Go.
However, cgo in 1.4 no longer works with current binutils.
Prodded by Thomas Orgis on the mailing list.
correct order of the include files, and use this also for i386 and
amd64 as well. For alpha, move the Linux-specific settings into the
alpha/linux.h file.
Verified that this package now builds on powerpc.
This is largely the patches posted by maya@ on Jul 23, I just mirrored
the changes to include order to NetBSD/powerpc as well. Thanks!
Bump PKGREVISION, bump to gcc5-libs to follow shortly.
These changes aren't necessary, but on the day when guile-2.0.x is
no longer the primary, then the switch to using a non-default
installation prefix should be seamless.
If Guile installs into a non-default installation prefix, then
use ${GUILE_PREFIX}/info and ${GUILE_PREFIX}/man as the locations
for the installed GNU info files and manpages. This avoids needing
to do a lot of fixes to the PLISTs.
Update lang/nodejs to 8.4.0.
## 2017-08-15, Version 8.4.0 (Current), @addaleax
- HTTP2
- Experimental support for the built-in `http2` has been added via the
`--expose-http2` flag.
- Inspector
- `require()` is available in the inspector console now.
- Multiple contexts, as created by the `vm` module, are supported now.
- N-API
- New APIs for creating number values have been introduced.
- Stream
- For `Duplex` streams, the high water mark option can now be set
independently for the readable and the writable side.
- Util
- `util.format` now supports the `%o` and `%O` specifiers for printing
objects.
## 2017-08-09, Version 8.3.0 (Current), @addaleax
The V8 engine has been upgraded to version 6.0, which has a significantly
changed performance profile.
- DNS
- Independent DNS resolver instances are supported now, with support for
cancelling the corresponding requests.
- N-API
- Multiple N-API functions for error handling have been changed to support
assigning error codes.
- REPL
- Autocompletion support for `require()` has been improved.
- Utilities
- The WHATWG Encoding Standard (`TextDecoder` and `TextEncoder`) has
been implemented as an experimental feature.
Security
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-26657: Fix directory traversal vulnerability with http.server on Windows. This fixes a regression that was introduced in 3.3.4rc1 and 3.4.0rc1. Based on patch by Philipp Hagemeister.
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other invalid environment variables and command arguments.
Security
* bpo-30730: Prevent environment variables injection in subprocess on Windows. Prevent passing other environment variables and command arguments.
* bpo-30694: Upgrade expat copy from 2.2.0 to 2.2.1 to get fixes of multiple security vulnerabilities including: CVE-2017-9233 (External entity infinite loop DoS), CVE-2016-9063 (Integer overflow, re-fix), CVE-2016-0718 (Fix regression bugs from 2.2.0’s fix to CVE-2016-0718) and CVE-2012-0876 (Counter hash flooding with SipHash). Note: the CVE-2016-5300 (Use os- specific entropy sources like getrandom) doesn’t impact Python, since Python already gets entropy from the OS to set the expat secret using XML_SetHashSalt().
* bpo-30500: Fix urllib.parse.splithost() to correctly parse fragments. For example, splithost('//127.0.0.1#@evil.com/') now correctly returns the 127.0.0.1 host, instead of treating @evil.com as the host in an authentification (login@host).
* bpo-29591: Update expat copy from 2.1.1 to 2.2.0 to get fixes of CVE-2016-0718 and CVE-2016-4472. See https://sourceforge.net/p/expat/bugs/537/ for more information.
8.2.1
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
8.2.0
- Async Hooks
- Multiple improvements to Promise support in `async_hooks` have
been made.
- Build
- The compiler version requirement to build Node with GCC has been
raised to GCC 4.9.4.
- Cluster
- Users now have more fine-grained control over the inspector port
used by individual cluster workers. Previously, cluster workers were
restricted to incrementing from the master's debug port.
- DNS
- The server used for DNS queries can now use a custom port.
- Support for `dns.resolveAny()` has been added.
- npm
- The `npm` CLI has been updated to version 5.3.0. In particular, it
now comes with the `npx` binary, which is also shipped with Node.
### Notable Changes
- configure:
- add mips64el to valid_arch
- crypto:
- Updated root certificates based on NSS 3.30
- deps:
- upgrade OpenSSL to version 1.0.2.l
- http:
- parse errors are now reported when NODE_DEBUG=http
- Agent construction can now be envoked without `new`
- zlib:
- node will now throw an Error when zlib rejects the value of
windowBits, instead of crashing
This is a bugfix release so no buildlink change.
ChangeLog:
New Features in Qore
* added broken-logic-precedence warning.
Bug Fixes in Qore
* fixed documentation regarding escaping of characters in
strings and added a parse exception in case of trying
to escape octal values in range 400-777 (issue 50)
* fixed a crashing bug where Datasource::getConfigString()
was called without a connection, also could crash in an
implicit internal call to this method with the
DatasourcePool class when connections were lost and the
warning callback should be called (issue 1992)
* fixed a bug where Datasource::getConfigHash() returned
different values depending on if the object was
connected or not (issue 1994)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
Incorrect codegen from rdseed intrinsic use (CVE-2017-11671)
We should not expand call arguments in between flags reg setting and
flags reg using instructions, as it may expand with flags reg
clobbering insn (ADD in this case).
Attached patch moves expansion out of the link. Also, change
zero-extension to non-flags reg clobbering sequence in case we perform
zero-extension with and.
2017-03-25 Uros Bizjak
(versioned as 6.33.20160609 based on the tarball date)
Version 6.33-6.12.1 (6 June 2016)
=================================
* Inform version is now 6.33, with Inform7-related patches and new features.
* The Inform Library is 6.12.1 with lots of bugfixes and enhancements.
* Package version scheme changed to indicate both compiler and library
versions included.
* Include files trimmed to those known to be freely redistributable and
checked to make sure they work.
* DM4 removed due to license incompatibilities.
* Added a manpage.
* Added pblorb.pl and scanblorb.pl utilities for dealing with Blorb files.
Version 6.32.1 (16 July 2012)
=============================
* Inform version is now 6.32, with more patches for use with Inform 7.
* The Inform program is now distributed under the Artistic License 2.0.
* The advent.inf example is now at release 9.
drop nathanw's maintainership by his request
tested by wes fraizer
The install would presumably fail outright for user shells like tcsh, so we
need to set SHELL regardless. But technically install-sh has a quoting bug
in the exit trap, which even results in SHELL=zsh failing.
go14 has no relro support AFAICT.
go-1.8.3 has if you use -buildmode=pie, but it claims it's not supported
on Linux.
Disable relro checking for go packages until bsiegert has time to
look at this.
PHP uniqid() relies on microsecond-precise system clock to produce an
unique identifier. In order to avoid using the same value, it first
calls usleep(1) to wait for the next microsecond.
Unfortunately, usleep() specification says "The suspension time may be
longer than requested due to the scheduling of other activity by the
system." Indeed, the pause may as as long as an entire execution slice,
causing a uniqid() call to last more than 10 ms.
This is fixed by replacing the usleep() call by time polling using
gettimeofday() until the microscecond change. Since the getttimeoday()
system call lasts around a microsecond, only a small time is wasted
calling multiple gettimeofday. On the benefit side, uniqid() performance
in increased 10000 fold without changing its behavior.
Submitted upstream as https://bugs.php.net/bug.php?id=74851
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record.
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record.
- Disable V8 snapshots - The hashseed embedded in the snapshot is
currently the same for all runs of the binary. This opens node up to
collision attacks which could result in a Denial of Service. We have
temporarily disabled snapshots until a more robust solution is found
- CVE-2017-1000381 - The c-ares function ares_parse_naptr_reply(), which
is used for parsing NAPTR responses, could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. This patch checks that there is
enough data for the required elements of an NAPTR record (2 int16, 3
bytes for string lengths) before processing a record. (David Drysdale)
Pkgsrc changes:
* Add required macros for accessing ucontext for NetBSD/powerpc
* Omit files from PLIST.opt which are in PLIST.natdynlink.
So far macppc doesn't do "natdynlink", tests are failing.
* Adapt Makefile to features enabled on NetBSD/powerpc.
* Bump PKGREVISION.
The self-test results are nearly the same as on NetBSD/i386, with one
test failing, difference is one unexpected failure related to native
dynlink which I thought I had not enabled, and which obviously needs
more attention since it tries to reference a Linux linker script.
...
Summary:
637 tests passed
13 tests skipped
1 tests failed
1 unexpected errors
652 tests considered
List of failed tests:
tests/tool-ocamldoc-man/Inline_records.mli
List of unexpected errors:
tests/lib-dynlink-native
...
Changes include:
Camlp5 Version 7.01:
--------------------
* [26 Jun 17] Fixed bug in associativity of entry levels in extensible
grammars; was introduced by an old experiment, resulting a failure
in Coq test-suite/success/rewrite_strat.v.
* [26 Jun 17] Fixed bug: compilation failed while using OCaml versions
between 3.05 and 4.01.1, and jocaml versions.
Camlp5 Version 7.00:
--------------------
* [26 Jun 17] Release number is 7.00 instead of 6.18 because of big
improvements on extensible grammars which can use now limited and
full backtracking algorithms on demand.
* [16 Jun 17] Entry.parse_token has been renamed Entry.parse_token_stream.
* [04 Jun 17] Added limited backtracking (functional streams) to extensible
grammars. Can be set with "Grammar.parse_algorithm Functional" or by
setting the environment variable CAMLP5PARAM=f.
* [01 Jun 17] Backtrack parsing seems to work well now. Camlp5 and Coq can
be compiled using it by setting CAMLP5PARAM=b.
* [31 May 17] Fixed bug: Entry.parse_token did not accept backtrack parsing.
* [31 May 17] Fixed ocaml parsing for case of record {foo () with ...}.
* [31 May 17] Fixed bug backtrack parsing for function Entry.of_parser.
* [28 Apr 17] Updated for ocaml 4.04.2 which was missing.
* [07 Apr 17] Updated for ocaml trunk 4.06.0
* [19 Feb 17] Fixed bug: locations of all identifiers were missing
resulting of error messages giving "<none>" as source file name
and no line and column number in the source.
* [04 Jan 17] Updated for ocaml trunk 4.05.0
* [09 Dec 16] Fixed bug: was not compatible with ocaml compiled with
option -safe-string.
* [09 Dec 16] Fixed bug: make uninstall did not take DESTDIR into account.
* [07 Dec 16] Fixed bug virtual methods in signatures generated syntax
tree of virtual val. Bug notified by Kakadu.
Ex: "class foo : object method virtual bar : bool end"
* [07 Dec 16] Fixed bug not separated idents were not allowed in
'let open' constructs. Bug notified by Kakadu.
Ex: "let open Mod1.Mod2.Mod3 in ..."
* [06 Dec 16] Fixed bug dumping module definitions with constraints.
Bug notified by Kakadu.
Ex:
module type Item = sig type t end
module type Sig = sig type t module Node : Item end
module Make (S : Sig) : Sig with module Node = S.Node and type t = S.t
* [06 Dec 16] Fixed bug extra option word during pr_dump for optional args.
Bug notified by Kakadu.
Ex: "class t : ?name:string -> object end"
* [05 Dec 16] Fixed bug dumping of open object types. Bug notified by Kakadu.
Ex: "type t = <f:int; .. >"
* [05 Dec 16] Fixed bug dump parsetree without throughing away module type
annotation. Bug notified by Kakadu.
Ex: "module rec A : sig end = struct end"
OCaml 4.04.2 (23 Jun 2017):
---------------------------
### Security fix:
- Local privilege escalation issue with ocaml binaries.
(Damien Doligez, report by Eric Milliken, review by Xavier Leroy)
OCaml 4.04.1 (14 Apr 2017):
---------------------------
### Code generation and optimizations:
- Consider arrays of length zero as constants
when using Flambda.
(Pierre Chambart, review by Mark Shinwell and Leo White)
### Standard library:
- fix a bug in Set.map as introduced in 4.04.0
(Gabriel Scherer, report by Thomas Leonard)
### Tools:
- ocamldoc, avoid nested <pre> tags in module description.
(Florian Angeletti, report by user 'kosik')
- ocamldoc, wrong Latex output for variant types
with constructors without arguments.
(Florian Angeletti, report by Xavier Leroy)
### Build system:
- New flexlink target in Makefile.nt to bootstrap the
flexlink binary only, rather than the flexlink binary and the FlexDLL C
objects.
(David Allsopp)
### Bug fixes
- Str.regexp raises "Invalid_argument: index out of bounds"
(Damien Doligez, report by John Whitington)
- Fix ocamlmklib with bootstrapped FlexDLL. Bootstrapped
FlexDLL objects are now installed to a subdirectory flexdll of the Standard
Library which allows the compilers to pick them up explicitly and also
ocamlmklib to include them without unnecessarily adding the entire Standard
Library.
(David Allsopp)
- fix incorrect timestamps returned by Unix.stat on Windows
when either TZ is set or system date is in DST.
(David Allsopp, report and initial fix by Nicolás Ojeda Bär, review and
superior implementation suggestion by Xavier Leroy)
- s390x: Fix address of caml_raise_exn in native dynlink modules
(Richard Jones, review by Xavier Leroy)
- ensure 16 byte stack alignment inside caml_allocN on x86-64
for ocaml build with WITH_FRAME_POINTERS defined
(Christoph Cullmann)
- fix slow compilation on source files containing a lot
of similar debugging information location entries
(Mark Shinwell)
- a case of double free in the systhreads library (POSIX implementation)
(Xavier Leroy, report by Chet Murthy)
- catch uncaught exception when unknown files are passed
as argument (regression in 4.04.0)
(Bernhard Schommer, review by Florian Angeletti and Gabriel Scherer,
report by Stephen Dolan)
- Memory cannot be released after calling
Bigarray.Genarray.change_layout.
(Damien Doligez and Xavier Leroy, report by Liang Wang)
- Fix segfault in Unix.create_process on Windows caused by wrong header
configuration.
(David Allsopp)
- add dynlink options to ocamlbytecomp.cmxa to allow ocamlopt.opt
to load plugins. See http://github.com/OCamlPro/ocamlc-plugins for examples.
(Fabrice Le Fessant, review by David Allsopp)
- caml-types.el: Fix missing format argument, so that it can show kind
of call at point correctly.
(Chunhui He)
- Allow Windows CRLF line-endings in ocamlyacc on Unix and Cygwin.
(David Allsopp, review by Damien Doligez and Xavier Leroy)
- Fix segfault in Sys.runtime_parameters when exception backtraces
are enabled.
(Olivier Andrieu)
Allow -Wl,-z arguments into lddlflags.
Fixes RELRO build.
Bump PKGREVISION.
While here, remove bogus comment from patch and remove reference
to two non-existing files.
Potential Incompatibilities
---------------------------
- ERTS:
- The non SMP Erlang VM is deprecated and not built by default
- Remove deprecated erlang:hash/2
- erlang:statistics/1 with scheduler_wall_time now also includes
info about dirty CPU schedulers.
- The new purge strategy introduced in OTP 19.1 is mandatory and
slightly incompatible for processes holding funs
- The NIF library reload is not supported anymore.
- Atoms can now contain arbitrary unicode characters which means
that the DFLAG_UTF8_ATOMS capability in the distribution protocol
must be supported if an OTP 20 node should accept the connection
with another node or library.
- Asn1: Deprecated module and functions removed (asn1rt,
asn1ct:encode/3 and decode/3)
- Ssh: client only option in a call to start a daemon will now fail
Highlights
----------
- Erts:
- Dirty schedulers enabled and supported on VM with SMP support.
- support for "dirty" BIFs and "dirty" GC.
- erlang:garbage_collect/2 for control of minor or major GC
- Erlang literals are no longer copied when sending messages.
- Improved performance for large ETS tables, >256 entries (except
ordered_set)
- erlang:system_info/1 atom_count and atom_limit
- Reduced memory pressure by converting sub-binaries to
heap-binaries during GC
- enif_select, map an external event to message
- Improvements of timers internally in the VM resulting in reduced
memory consumption and more efficient administration for timers
- Compiler:
- Code generation for complicated guards is improved.
- Warnings for repeated identical map keys. #{'a'=>1, 'b'=>2,
'a'=>3} will warn for the repeated key a.
- By default there is now a warning when export_all is used. Can be
disabled
- Pattern matching for maps is optimized
- New option deterministic to omit path to source + options info the
BEAM file.
- Atoms may now contain arbitrary unicode characters.
- compile:file/2 has an option to include extra chunks in the BEAM
file.
- Misc other applications
- Significantly updated string module with unicode support and many
new functions
- crypto now supports OpenSSL 1.1
- Unnamed ets tables optimized
- gen_fsm is deprecated and replaced by gen_statem
- A new event manager to handle a subset of OS signals in Erlang
- Optimized sets add_element, del_element and union
- Added rand:jump/0-1
- When a gen_server crashes, the stacktrace for the client will be
printed to facilitate debugging.
- take/2 has been added to dict, orddict, and gb_trees.
- take_any/2 has been added to gb_trees
- erl_tar support for long path names and new file formats
- asn1: the new maps option changes the representation of SEQUENCE
to be maps instead of records
- A TLS client will by default call
public_key:pkix_verify_hostname/2 to verify the hostname
- ssl: DTLS documented in the API, experimental
- ssh: improving security, removing and adding algorithms
- New math:fmod/2
- Stream Two regressions with the stream module have been fixed:
- The finish event will now always be emitted after the error event
if one is emitted
- In object mode, readable streams can now use undefined again.
gnu99 but left an existing SunOS test to only check for iso9899:1999. This
resulted in CPPFLAGS not being set correctly for modules which require
native compilation - those should now all be fixed. Bump PKGREVISION.
(NetBSD/mips64 progress further with gsed)
Adding gsed as a tool creates circular dependencies if pkgsrc gcc is used
as the bootstrap compiler.
Pointed out by jperkin, sorry.
This is a somewhat blind commit. I've long had issues on various platforms
with libgcc getting misconfigured (on netbsd/mips,arm,powerpc), for example
build failures see:
http://mail-index.netbsd.org/port-mips/2017/06/21/msg000832.html
testing GCC 7.1 with netbsd/mips64el I got a lot further using it, but
still didn't complete the build. It took hours to reach this failure,
so I'd rather blindly commit the same change in the hopes it might help
other architectures.
and rails42.
* Rename RUBY_RAILS_VERSION to RAILS_VERSION.
* Remove detection of installed Ruby on Rails.
* Add ${RUBY_RAILS} to PKGBASE of each Ruby on Rails' pacakge.
NetBSD switched to n32 ABI for mips64el in NetBSD 6, and the build is
failing due to the default ABI mismatch between linker and newly built
compiler.
Default to n32 and backport n32 size definitions from newer GCC.
Small chance of a functional change for o32 builds (which should work), ride
previous PKGREVISION bump for it.
untested but obvious change. currently showing up as a build failure of
math/blas as it attempts to link with crtsavres which is a linux file.
Bump PKGREVISION as the build succeeds.
PHP 7.x on i386 crashes unless built with GCC >= 4.9. There
was the necessary tweak for the lang/php70 and lang/php71
packages, but not for dependencies such www/ap-php. As a
result, www/ap-php crashed during the build. We fix this by
moving the GCC_REQD to Makefile.php which is included
by dependent packages
