Update lang/ruby26-base and lang/ruby26 to 2.6.4.
Ruby 2.6.4 (2019-08-28)
Ruby 2.6.4 has been released.
This release includes a security fix of rdoc. Please check the topics below
for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit logs for changes in detail.
Update ruby25-base/ruby25 to 2.5.6.
Ruby 2.5.6 (2019-08-28)
Ruby 2.5.6 has been released.
This release includes about 40 bug fixes after the previous release, and also includes a security fix. Please check the topics below for details.
* Multiple jQuery vulnerabilities in RDoc
See the commit log for details.
2.4.7 (2019-08-28)
Ruby 2.4.7 has been released.
This release includes a security fix. Please check the topics below for
details.
* Multiple jQuery vulnerabilities in RDoc
Ruby 2.4 is now under the state of the security maintenance phase, until
the end of March of 2020. After that date, maintenance of Ruby 2.4 will be
ended. We recommend you start planning the migration to newer versions of
Ruby, such as 2.6 or 2.5.
3.4.0:
The main change is to add a tree-transformation phase. This simplifies the
code a little and allows us to turn if ...: raise AssertionError into
assert, and many if ..: else if ... into if ... elif ..
Use options --show=before and --show=after to see the before the tree transformation phase and after the tree transformation phase.
The Mono Project is an open development initiative sponsored by Ximian
that is working to develop an open source, Unix version of the Microsoft
.NET development platform. Its objective is to enable Unix developers to
build and deploy cross-platform .NET Applications. The project will
implement various technologies developed by Microsoft that have now been
submitted to the ECMA for standardization.
4.08.1 is a bugfix release, fixing compilation failures in presence of the
-pack option, and dynlinking failures.
Highlights in 4.08.0 are:
* Binding operators (let*, let+, and*, etc). They can be used to
streamline monadic code.
* open now applies to arbitrary module expression in structures and to
applicative paths in signatures.
* A new notion of (user-defined) "alerts" generalizes the deprecated
warning.
* New modules in the standard library: Fun, Bool, Int, Option, Result.
* A significant number of new functions in Float, including FMA support,
and a new Float.Array submodule.
* Source highlighting for errors and warnings in batch mode.
* Many error messages were improved.
* Improved AFL instrumentation for objects and lazy values.
* GUI in Java was removed in 10.7.2 release.
* Fix build error related to readline with devel/readline. PR pkg/54484
Changelog:
10.7.2
Fixing out-of-sink of file positions when mixing 'search' and 'seek'
with 'read-line' on IO-streams introduced a new errror making
the newlisp-10.x.x/examples/upload.cgi script fail.
10.7.3
Supress loading of startup init.lsp when -h option is present. Before
only the -n and -x options supressed init.lsp.
Change in modules/gsl.lsp to make it work on locales using comma separator.
Ability to use 'open', 'rename-file', 'delete-file', 'make-dir' and
'remove-dir' with UTF16 filenames in UTF8 versions on Windows when
using the UTF8 version of newLISP. The functions 'file-info', 'file?',
'change-dir' and 'dir? already worked on UTF16 filenames when using the UTF8
version of newLISP on Windows.
Thanks to Michael Sabin who started the work a few years back writing the
win-path.c file with functions translating between UTF8 and UTF16.
When using the UTF8 version of newLISP on Windows in a command shell, that
command shell program also should be able to handle/display UTF8 (not UTF16).
On Windows and Linux the Java based frontend newLISP-GS handles UTF8.
On Mac OS the terminal program handles UTF8.
Fixed a wrong 'symbol protected message' when a protected symbol is
part of a nested espression, but not a symbol with its content to be
modified.
New modules/postscript.lsp changes description of ps:drawto.
Fixed flushing problem on 'print' to stdout on Mac OS and other BSDs.
'(read-key true)' with the 'true' parameter is now non-blocking.
(trim str) on some strings containing 0's would overrun memory and 0's
where not trimmed from the left. All character <= 32 (space) should
be trimmed from the left and right ends of the string buffer. When the
entire string is valid ASCII or UTF-8 with no 0s, ‘trim’ behaves
like in older versions.
10.7.4
When starting newlisp in -http-safe server mode HTTP_PUT and HTTP_DELETE
requests will not be served. This will cause 'write-file' and 'delete-file'
in url syntax, 'put-url' and 'delete-url' functions issued from a newLISP
client to return the text message "Server in safe mode".
New file qa-specific-tests/qa-share.lsp .
New guiserver.jar v 1.67 compiled with java 1.6
Still problems on macOS, some unrelated to change to image/icon load change
Added REQUEST_URI to environment variables in webserver mode.
Removed code introduced in 10.7.2 to syncronize file poisitons of C FILE stream
and raw file handle operations. Syncronization still seem s to work on cases
tested, but may not work in all cases mixing 'read-line' and 'seek'.
Changes for separately packaged Java Guiserver and elimination of installers.
(rotate theList -offsetOfRotation) was buggy
10.7.5
In getPutPostDeleteUrl(....) sock wasn't closed when returning with webError(..)
compareLists() in nl-math.c did not take list lengths into account. Also update
of qa-dot for relevant cases.
Version 10.16.3 'Dubnium' (LTS):
Notable changes
This is a security release.
Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information.
Vulnerabilities fixed:
CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.
net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
net/http and golang.org/x/net/http2 servers that accept direct connections from
untrusted clients could be remotely made to allocate an unlimited amount of
memory, until the program crashes. Servers will now close connections if the
send queue accumulates too many control messages.
The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.
This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of
golang.org/x/net/http2.
net/url: parsing validation issue
url.Parse would accept URLs with malformed hosts, such that the Host field
could have arbitrary suffixes that would appear in neither Hostname() nor
Port(), allowing authorization bypasses in certain applications. Note that URLs
with invalid, not numeric ports will now return an error from url.Parse.
The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me)
for discovering and reporting this issue.
net/http: Denial of Service vulnerabilities in the HTTP/2 implementation
net/http and golang.org/x/net/http2 servers that accept direct connections from
untrusted clients could be remotely made to allocate an unlimited amount of
memory, until the program crashes. Servers will now close connections if the
send queue accumulates too many control messages.
The issues are CVE-2019-9512 and CVE-2019-9514, and Go issue golang.org/issue/33606.
Thanks to Jonathan Looney from Netflix for discovering and reporting these issues.
This is also fixed in version v0.0.0-20190813141303-74dc4d7220e7 of
golang.org/x/net/http2.
net/url: parsing validation issue
url.Parse would accept URLs with malformed hosts, such that the Host field
could have arbitrary suffixes that would appear in neither Hostname() nor
Port(), allowing authorization bypasses in certain applications. Note that URLs
with invalid, not numeric ports will now return an error from url.Parse.
The issue is CVE-2019-14809 and Go issue golang.org/issue/29098.
Thanks to Julian Hector and Nikolai Krein from Cure53, and Adi Cohen (adico.me)
for discovering and reporting this issue.
This should help with some people's problems with the rust builds being
excessively long, and if we ever run into compatibility problems between
rust's llvm-current and our shipped version it should be easy to switch
on the internal LLVM by default again.
I've been using this for some time with Firefox without problems.
Bump PKGREVISION.
Changes between version 1.5.4 and version 1.5.5
* platform support: - SunOS: bug reports and patches from Richard Lowe
in sb-posix tests (#1837495), sb-concurrency tests (#1837817),
unencapsulated tracing (#1837307), float registers in interrupt
contexts (#1837168)
* bug fix: do not generate version.lisp-expr from git describe if the
git repository is not sbcl's own. (#1836663, thanks to Richard Lowe)
* bug fix: compiler crash related to VALUES-LIST on a &REST argument in
some contexts. (#1836096, reported by Samuel Jimenez)
* bug fix: compiler hang related to constraint propagation. (#1835599,
reported by Mark Cox)
* bug fix: the inspector showed the wrong array element type. (#1835934,
reported by Richard M Kreuter)
* optimization: numerous improvements to hash table access and rehashing
* optimization: ASSERT compiles into substantially more compact code.
(#1835221)
Changes between version 1.5.3 and version 1.5.4
* minor incompatible change: hash tables on 64-bit machines consume roughly
20% less memory but can only grow to hold 2^31 entries (theoretically)
due to use of 31-bit indices internally.
* platform support: - RISC-V: improve rotate-byte support (thanks to Philipp
Matthias Schaefer)
* bug fix: the system reasons more correctly regarding the array rank of
complicated array types. (reported by Bart Botta)
* bug fix: DOUBLE-FLOAT-P never gets weaked to NUMBERP. (reported by Bart
Botta)
* enhancement: the regression test suite can now benefit from paralellism,
completing much faster when enough compute power is available.
* optimization: readtables with non-base-char dispatch characters are less
inefficient.
* optimization: INTERN performs fewer redundant type checks.
* optimization: tests for PATHNAMEP and STRUCTURE-OBJECT (including in
computing hash functions) are faster.
Changes between version 1.5.2 and version 1.5.3
* platform support: - RISC-V: numerous bug fixes and improvements - all
platforms: better run-program performance when used from multiple threads.
* enhancement: (declaim (optimize (debug 2))) ensures compilation of
top-level forms, providing better debugging for simple forms that are
otherwise "byte-code interpreted" when compiled into FASLs.
* bug fix: use of finalizers could in rare circumstances cause a crash in
the garbage collector.
* bug fix: show extended function designators, e.g. (setf foo), in the
disassembler
* optimization: reduced overhead of calling NTH/NTHCDR.
* optimization: improved FLOAT-SIGN on DOUBLE-FLOATs on 64-bit platforms
Changes between version 1.5.1 and version 1.5.2
* enhancement: RISC-V support with the generational garbage collector.
* enhancement: command-line option "--tls-limit" can be used to alter
the maximum number of thread-local symbols from its default of 4096.
* enhancement: better muffling of redefinition and lambda-list warnings
* platform support: - OS X: use Grand Central Dispatch semaphores, rather
than Mach semaphores - Windows: remove non-functional definition of
make-listener-thread
* new feature: decimal reader syntax for rationals, using the R exponent
marker and/or *READ-DEFAULT-FLOAT-FORMAT* of RATIONAL.
* optimization: various Unicode tables have been packed more efficiently
Changes between version 1.5.0 and version 1.5.1
* enhancement: restarts for missing package errors.
* optimization: FIND-PACKAGE should be faster even when run in the context
of a package with local package-nicknames.
* optimization: fix TRUNCATE deftransform's results to have well-defined
signs
* bug fix: thread-safety problems in RUN-PROGRAM with :PTY.
* bug fix: SLEEP transform could never fire.
* build enhancement: defend against quirky host floating point implementation
* test enhancement: allow more parallelism in running the regression test
suite
Changes between version 1.4.16 and version 1.5.0
* enhancement: SB-COVER emulates IN-PACKAGE when recording source maps;
this makes it possible to generate coverage for forms that uses local
package nicknames, or otherwise must be read in the correct package.
* build enhancement: new host quirks mechanism, support for building
under ABCL and ECL (as well as CCL, CMUCL, CLISP and SBCL itself)
* optimization: (FIND-SYMBOL x "P") for constant "P" executes faster,
subject to "P" not being a package-local nickname of any package.
Similarly INTERN. (#1814924)
* optimization: bounds checks are elided when possible where the same
array is dereferenced multiple times.
* bug fix: initargs are now deduplicated when computing effective slots.
* bug fix: TREE-EQUAL with :TEST 'EQL now correctly computes its answer.
(reported by Bahodir Mansurov)
* bug fix: compiled (COERCE x 'FLOAT) no longer coerces double-floats into
single-floats. (reported by J. Gareth Williams)
Changes between version 1.4.15 and version 1.4.16
* minor incompatible change: ENSURE-DIRECTORIES-EXIST no longer
establishes a CONTINUE restart in case of an error.
* minor incompatible change: Defining macros (DEFVAR, etc) which require
a symbol as the name will fail to macroexpand if given a non-symbol.
* enhancement: the unexported restart names SB-{ALIEN,FASL,IMPL,PCL}::RETRY
have been replaced by SB-EXT:RETRY.
Changes between version 1.4.14 and version 1.4.15
* enhancement: added AVX2 instructions on x86-64, which can be used with
SB-SIMD-PACK.
* enhancement: specializer name parsing is less lenient and signals a
specific condition in case of syntax errors. (#1808681)
* enhancement: provide interactive restarts for some file-system errors.
* enhancement: COMPILE no longer acquires the world lock. (fixes most
occurrences of #308959)
* bug fix: RUN-PROGRAM is more responsive and less likely to deadlock
(#1702178, #1808641)
* bug fix: traceroot can search for simple-fun targets (#1808659,
reported by Michal Herda)
* compiler bug fixes:
related to code generation: #1805899, #1806982, #1807455
related to interpreting and constant-folding: #1806513
related to the type system: #1804759, #1804796
related to eq-testing of structure slots: #1809582, #1808273
related to dynamic-extent: #1809565, #1809253, #1809485, #1739652
related to GC safety: #308949
Changes between version 1.4.13 and version 1.4.14
* enhancement: attempting to build on openbsd 6.0 or newer without the
wxallowed mount option now results in a more useful error message.
* enhancement: by popular demand, SB-EXT now exports two functions
HEAP-ALLOCATED-P and STACK-ALLOCATED-P to assist in writing debug
assertions that objects in hash-tables are not stack-allocated, etc.
* bug fix: restored sb-thread support on OpenBSD.
Changes between version 1.4.12 and version 1.4.13
* minor incompatible change: PRINT-TYPE and PRINT-TYPE-SPECIFIER are not
exported from SB-EXT. These were never announced, so this change would
only affects users who discovered these undocumented functions.
* enhancement: SB-EXT:SEARCH-ROOTS and SB-EXT:GC-AND-SEARCH-ROOTS are
supported on all backends that use gencgc.
Changes between version 1.4.11 and version 1.4.12
* minor incompatible change: a number of platform-specific elements of
*FEATURES* related to whether the system implements particular
strategies have been removed.
* minor incompatible change: some changes to the (internal) implementation
details of the x86 and x86-64 have necessitated changes to some
low-level libraries.
* enhancement: attempting to transfer control through GO or RETURN-FROM
to frames which no longer exist are now caught and handled by the debugger.
* enhancement: identical code (at the machine instruction level) can now
be shared between functions, if explicitly requested.
* enhancement: SB-EXT:STRING-TO-OCTETS and SB-EXT:OCTETS-TO-STRING are
now documented.
* bug fixes: fix a number of bugs revealed by random testing (#1793171,
#1793150, #1791550, #1792030, #1791059, #1790157, #1790717, #1790703)
Changes between version 1.4.10 and version 1.4.11
* minor incompatible change: changes to the (internal) assembler on x86
and x86-64 may cause problems to some low-level third-party libraries:
new macro EA for defining an effective address, without size
information;
an explicit size modifier is now needed for MOVSX and MOVSZ
instructions;
MOVD and MOVQ move a single size of operand by definition.
* enhancement: support the latest MinGW (#1786731, reported by il71)
* enhancement: checks for modifications of constants can now be done in
local (FLET/LABELS) functions.
* optimization: improved type checking routines for various compound types.
* optimization: array bound checks are elided on vectors when the index
is known to be less than the length, including LOOP ACROSS.
* optimization: the register allocator's use of temporaries is somewhat
improved.
* optimization: checking widetags involves fewer conditional jumps on x86
and x86-64.
* bug fix: fix a number of bugs related to constant improper lists as
sequence arguments (#1768563, #1768568, #1768652)
Changes between version 1.4.9 and version 1.4.10
* enhancement: added SB-EXT:MAKE-WEAK-VECTOR.
* enhancement: constant-modification detection warnings can be generated
in the presence of conditional constructs.
* optimization: better bounds-checking on x86[-64] and ARM64.
* optimization: adding 1 to or subtracting 1 from a fixnum variable does
not cons.
* bug fixes: fix a number of bugs revealed by random testing (#1782826,
#1779878, #1779737)
Changes between version 1.4.8 and version 1.4.9
* enhancement: SB-COVER instrumentation for x86[-64] has signficantly
less overhead. The performance penalty for 64-bit code has been
measured at around 30% slower than uninstrumented code as contrasted
with slowdowns in excess of 100% previously.
* enhancement: tracing a generic function with the :METHODS T option
produces output corresponding to each method called under the default
:ENCAPSULATE NIL tracing implementation.
* bug fix: updated TRACE documentation. (#574614 was actually already
fixed, but there were other issues.)
* bug fix: fixed x86 GC bug causing heap corruption. (#1749369)
* bug fix: improved compatibility with macOS High Sierra and graphical
applications.
Changes between version 1.4.7 and version 1.4.8
* bug fix: redefinition of method combinations now does the expected
thing; generic functions using that method combination have their
effective methods lazily recomputed according to the new definition
of the method combination. (Reported by Didier Verna at ELS 2018)
* bug fix: :arguments argument to the long form of DEFINE-METHOD-COMBINATION
is now implemented more correctly, supporting suppliedp variables and
&optional defaults. (Reported by Bruno Haible, #309084)
Changes between version 1.4.6 and version 1.4.7
* enhancement: better handling of unknown keyword arguments (#1750466)
* enhancement: namestrings can now be computed for certain pathnames
that previously did not have namestrings because of #\. characters
in their name and/or type components.
* bug fix: compiling a SLEEP call with a float positive infinity
argument no longer causes an internal error (#1754081)
* bug fix: keyword arguments provided to a generic function with
EQL-specialized methods are checked more correctly (reported by
Syll, #1760987)
Changes between version 1.4.5 and version 1.4.6
* enhancement: DISASSEMBLE on a symbol naming a macro will
disassemble the expander, not the code that traps attempted
FUNCALL of the macro.
* enhancement: The sb-sprof contrib now provides an experimental
interface for accessing collected profiler data.
* enhancement: The instruction-level profiling of the sb-prof contrib
annotates the disassembler output more efficiently.
* optimization: improved dynamic-extent handling of nested variables.
Changes betweenNew in version 1.4.5
* minor incompatible change: building with/without the :sb-package-locks
feature is no longer an option. Package locks are always compiled in,
and removing :sb-package-locks from *features* will have no effect.
* enhancement: FIND-PACKAGE does not acquire a mutex
* enhancement: cheneygc can perform heap relocation on startup
* enhancement: in threaded builds, finalizers execute in a system-internal
thread so that a user thread which invokes GC is unblocked from
performing work as soon it returns from GC and invokes any post-GC hooks.
As such, it is more important than before to avoid assumptions about
special variable bindings in finalizers, even in single-threaded code.
* optimization: faster (funcall (or function symbol)) on x86-64.
Changes between version 1.4.3 and version 1.4.4
* bug fix: pathname accessors such as PATHNAME-DIRECTORY work on
SYNONYM-STREAMs.
* bug fix: (pathname-{device,directory,name,type} ... :case :common) works
as expected. In particular MAKE-PATHNAME composed with the accessors
roundtrips properly when both use the same :case. (#1739906)
* bug fix: DIRECTORY no longer gets confused when the value of
*DEFAULT-PATHNAME-DEFAULTS* has a name or type component. (#1740563)
* bug fix: pattern pieces in pathname components are correctly
escaped during unparsing.
* bug fix: DELETE-DIRECTORY no longer signals an error when the
directory is supplied as a pathname with name and/or type
components containing escaped characters. (#1740624)
* bug fix: weak hash-tables no longer cause GC time to scale
superlinearly (#1241771)
* bug fix: CANCEL-FINALIZATION operates in approximately constant
time per operation (#1587983)
* bug fix: big-endian MIPS systems now (mostly) work again (broken
since 1.3.14.x).
* bug fix: backtrace from arg-count errors on systems other than x86,
x86-64, ARM, and ARM64 now works again.
* bug fix: backtrace from asynchronous interrupts on non-x86,
non-x86-64 systems should now be more reliable.
* enhancement: warnings and errors referring to bindings established by
LET, LET*, FLET and LABELS point to the offending form more accurately.
* enhancement: backtrace for invalid argument count produces the
exact supplied arguments including the extra ones on all platforms
(no longer just x86, x86-64, ARM, and ARM64).
Mypy 0.720 was released. This release uses the new semantic analyzer by
default, adds a flag to warn about unreachable code, and has other improvements
and bug fixes.
what is new for perl v5.30.0
Core Enhancements
Limited variable length lookbehind in regular expression pattern matching is now experimentally supported
Using a lookbehind assertion (like "(?<=foo?)" or "(?<!ba{1,9}r)" previously would generate an error and
refuse to compile. Now it compiles (if the maximum lookbehind is at most 255 characters), but raises a
warning in the new "experimental::vlb" warnings category. This is to caution you that the precise behavior
is subject to change based on feedback from use in the field.
See "(?<=pattern)" in perlre and "(?<!pattern)" in perlre.
The upper limit "n" specifiable in a regular expression quantifier of the form "{m,n}" has been doubled to 65534
The meaning of an unbounded upper quantifier "{m,}" remains unchanged. It matches 2**31 - 1 times on most
platforms, and more on ones where a C language short variable is more than 4 bytes long.
Unicode 12.1 is supported
Because of a change in Unicode release cycles, Perl jumps from Unicode 10.0 in Perl 5.28 to Unicode 12.1 in
Perl 5.30.
For details on the Unicode changes, see <https://www.unicode.org/versions/Unicode11.0.0/> for 11.0;
<https://www.unicode.org/versions/Unicode12.0.0/> for 12.0; and
<https://www.unicode.org/versions/Unicode12.1.0/> for 12.1. (Unicode 12.1 differs from 12.0 only in the
addition of a single character, that for the new Japanese era name.)
The Word_Break property, as in past Perl releases, remains tailored to behave more in line with expectations
of Perl users. This means that sequential runs of horizontal white space characters are not broken apart,
but kept as a single run. Unicode 11 changed from past versions to be more in line with Perl, but it left
several white space characters as causing breaks: TAB, NO BREAK SPACE, and FIGURE SPACE (U+2007). We have
decided to continue to use the previous Perl tailoring with regards to these.
Wildcards in Unicode property value specifications are now partially supported
You can now do something like this in a regular expression pattern
qr! \p{nv= /(?x) \A [0-5] \z / }!
which matches all Unicode code points whose numeric value is between 0 and 5 inclusive. So, it could match
the Thai or Bengali digits whose numeric values are 0, 1, 2, 3, 4, or 5.
This marks another step in implementing the regular expression features the Unicode Consortium suggests.
Most properties are supported, with the remainder planned for 5.32. Details are in "Wildcards in Property
Values" in perlunicode.
qr'\N{name}' is now supported
Previously it was an error to evaluate a named character "\N{...}" within a single quoted regular expression
pattern (whose evaluation is deferred from the normal place). This restriction is now removed.
Turkic UTF-8 locales are now seamlessly supported
Turkic languages have different casing rules than other languages for the characters "i" and "I". The
uppercase of "i" is LATIN CAPITAL LETTER I WITH DOT ABOVE (U+0130); and the lowercase of "I" is LATIN SMALL
LETTER DOTLESS I (U+0131). Unicode furnishes alternate casing rules for use with Turkic languages.
Previously, Perl ignored these, but now, it uses them when it detects that it is operating under a Turkic
UTF-8 locale.
It is now possible to compile perl to always use thread-safe locale operations.
Previously, these calls were only used when the perl was compiled to be multi-threaded. To always enable
them, add
-Accflags='-DUSE_THREAD_SAFE_LOCALE'
to your Configure flags.
Eliminate opASSIGN macro usage from core
This macro is still defined but no longer used in core
"-Drv" now means something on "-DDEBUGGING" builds
Now, adding the verbose flag ("-Dv") to the "-Dr" flag turns on all possible regular expression debugging.
Incompatible Changes
Assigning non-zero to $[ is fatal
Setting $[ to a non-zero value has been deprecated since Perl 5.12 and now throws a fatal error. See
"Assigning non-zero to $[ is fatal" in perldeprecation.
Delimiters must now be graphemes
See "Use of unassigned code point or non-standalone grapheme for a delimiter." in perldeprecation
Some formerly deprecated uses of an unescaped left brace "{" in regular expression patterns are now illegal
But to avoid breaking code unnecessarily, most instances that issued a deprecation warning, remain legal and
now have a non-deprecation warning raised. See "Unescaped left braces in regular expressions" in
perldeprecation.
Previously deprecated sysread()/syswrite() on :utf8 handles is now fatal
Calling sysread(), syswrite(), send() or recv() on a ":utf8" handle, whether applied explicitly or
implicitly, is now fatal. This was deprecated in perl 5.24.
There were two problems with calling these functions on ":utf8" handles:
o All four functions only paid attention to the ":utf8" flag. Other layers were completely ignored, so a
handle with ":encoding(UTF-16LE)" layer would be treated as UTF-8. Other layers, such as compression
are completely ignored with or without the ":utf8" flag.
o sysread() and recv() would read from the handle, skipping any validation by the layers, and do no
validation of their own. This could lead to invalidly encoded perl scalars.
my() in false conditional prohibited
Declarations such as "my $x if 0" are no longer permitted.
Fatalize $* and $#
These special variables, long deprecated, now throw exceptions when used.
Fatalize unqualified use of dump()
The "dump()" function, long discouraged, may no longer be used unless it is fully qualified, i.e.,
"CORE::dump()".
Remove File::Glob::glob()
The "File::Glob::glob()" function, long deprecated, has been removed and now throws an exception which
advises use of "File::Glob::bsd_glob()" instead.
"pack()" no longer can return malformed UTF-8
It croaks if it would otherwise return a UTF-8 string that contains malformed UTF-8. This protects against
potential security threats. This is considered a bug fix as well.
Any set of digits in the Common script are legal in a script run of another script
There are several sets of digits in the Common script. "[0-9]" is the most familiar. But there are also
"[\x{FF10}-\x{FF19}]" (FULLWIDTH DIGIT ZERO - FULLWIDTH DIGIT NINE), and several sets for use in
mathematical notation, such as the MATHEMATICAL DOUBLE-STRUCK DIGITs. Any of these sets should be able to
appear in script runs of, say, Greek. But the design of 5.30 overlooked all but the ASCII digits "[0-9]",
so the design was flawed. This has been fixed, so is both a bug fix and an incompatibility.
All digits in a run still have to come from the same set of ten digits.
JSON::PP enables allow_nonref by default
As JSON::XS 4.0 changed its policy and enabled allow_nonref by default, JSON::PP also enabled allow_nonref
by default.
Deprecations
In XS code, use of various macros dealing with UTF-8.
This deprecation was scheduled to become fatal in 5.30, but has been delayed to 5.32 due to problems that
showed up with some CPAN modules. For details of what's affected, see perldeprecation.
Performance Enhancements
o Translating from UTF-8 into the code point it represents now is done via a deterministic finite
automaton, speeding it up. As a typical example, "ord("\x7fff")" now requires 12% fewer instructions
than before. The performance of checking that a sequence of bytes is valid UTF-8 is similarly improved,
again by using a DFA.
o Eliminate recursion from finalize_op().
o A handful of small optimizations related to character folding and character classes in regular
expressions.
o Optimization of "IV" to "UV" conversions.
o Speed up of the integer stringification algorithm by processing two digits at a time instead of one.
o Improvements based on LGTM analysis and recommendation.
o Code optimizations in regcomp.c, regcomp.h, regexec.c.
o Regular expression pattern matching of things like "qr/[^a]/" is significantly sped up, where a is any
ASCII character. Other classes can get this speed up, but which ones is complicated and depends on the
underlying bit patterns of those characters, so differs between ASCII and EBCDIC platforms, but all case
pairs, like "qr/[Gg]/" are included, as is "[^01]".
The canonical form [1] of an R package Makefile includes the
following:
- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
needed), and CATEGORIES.
- HOMEPAGE is not present but defined in math/R/Makefile.extension to
refer to the CRAN web page describing the package. Other relevant
web pages are often linked from there via the URL field.
This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.
[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
v6.10.3:
BUGFIXES
vulns → vulnerabilities in npm audit output
install, doctor: don't crash if registry unset
Handle unhandledRejections, tell user what to do when encountering an EACCES error in the cache.
