Changelog:
Fixed
Fix missing nodes in the developer tools Inspector panel (bug 1460223)
Various security fixes
Fix font rendering when using third-party font managers on OS X 10.11
and earlier (bug 1460917)
Security fix:
#CVE-2018-6126: Heap buffer overflow rasterizing paths in SVG with Skia
No upstream changelog in the NEWS file, but includes the following fixes:
* Fix critical bug: sixel_dither_set_diffusion_type()
(called from img2sixel -d option) doesn't work well
* Suppress an uninitialized warning on GCC-4.1
* Move pragma GCC diagnostic to outside functions because
it's not allowed on gcc44
Changes:
Noteworthy changes in version 2.2.8 (2018-06-08)
------------------------------------------------
* gpg: Decryption of messages not using the MDC mode will now lead
to a hard failure even if a legacy cipher algorithm was used. The
option --ignore-mdc-error can be used to turn this failure into a
warning. Take care: Never use that option unconditionally or
without a prior warning.
* gpg: The MDC encryption mode is now always used regardless of the
cipher algorithm or any preferences. For testing --rfc2440 can be
used to create a message without an MDC.
* gpg: Sanitize the diagnostic output of the original file name in
verbose mode. [#4012, CVE-2018-12020]
* gpg: Detect suspicious multiple plaintext packets in a more
reliable way. [#4000]
* gpg: Fix the duplicate key signature detection code. [#3994]
* gpg: The options --no-mdc-warn, --force-mdc, --no-force-mdc,
--disable-mdc and --no-disable-mdc have no more effect.
* agent: Add DBUS_SESSION_BUS_ADDRESS and a few other envvars to the
list of startup environment variables. [#3947]
When sysconfdir is PREFIX/etc tmux automagically hardcode it to /etc.
This is a bit awkward in the pkgsrc context, so add a SUBST class to avoid this
hardcoding and always honor the --sysconfdir configure argument.
Bump PKGREVISION
Upstream announcement:
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
Adobe Security Bulletin
Security updates available for Flash Player | APSB18-19
Summary
Adobe has released security updates for Adobe Flash Player for Windows,
macOS, Linux and Chrome OS. These updates address critical
vulnerabilities in Adobe Flash Player 29.0.0.171 and earlier versions.
Successful exploitation could lead to arbitrary code execution in the
context of the current user.
Adobe is aware of a report that an exploit for CVE-2018-5002 exists
in the wild, and is being used in limited, targeted attacks against
Windows users. These attacks leverage Office documents with embedded
malicious Flash Player content distributed via email.
pkgsrc changes:
* remove a fix for glib2 pulled from upstream
* remove a gobject-introspection patch for netbsd-6 (seems fixed in upstream)
Upstream changes (from NEWS):
== Ruby-GNOME2 3.2.7: 2018-06-07
This is a packaging bug fix release of 3.2.6.
=== Changes
==== All
* Improvements
* Added support for using unreleased version with Bundler.
[Patch by cedlemo]
* Fixes
* Fixed a packaging bug that dependencies are missing.
== Ruby-GNOME2 3.2.6: 2018-06-06
This is a bug fix release of 3.2.5.
=== Changes
==== Document
* Improvements
* Updated project URL.
[GitHub#1174][Patch by okkez]
==== All
* Improvements
* Added support for using unreleased version with Bundler.
[Patch by cedlemo]
* Windows: Upgraded bundled library versions.
==== Ruby/GLib2
* Improvements
* (({GLib::Object.define_signal})): Added.
(({GLib::Object.signal_new})) is deprecated.
* (({GLib::Object.signal_new})): Changed to accept (({Symbol})) as
flags.
* (({GLib::Signal})): Migrated to (({TypedData})).
* (({GLib::Enum})): Migrated to (({TypedData})).
* (({GLib::Flags})): Migrated to (({TypedData})).
* (({GLib::Boxed})): Migrated to (({TypedData})).
* (({GLib::Param})): Migrated to (({TypedData})).
* (({rbgobj_signal_new()})): Added.
(({rbgobj_signal_wrap()})) is deprecated.
* Dropped GLib < 2.28 support.
* (({GLib::Variant.new})): Changed to accept (({String})) as
variant type.
* (({rbg_variant_type_from_ruby()})): Added.
* (({rbg_gc_guard()})): Added.
* (({rbg_gc_unguard()})): Added.
* Fixes
* Fixed a bug that signal created by (({GLib::Object.signal_new}))
may be GC-ed.
[GitHub#1166][Reported by Izumi Tsutsui]
==== Ruby/GObjectIntrospection
* Improvements
* (({GObjectIntrospection::Struct})): Migrated to (({TypedData})).
* Improved better function detection.
* Added heuristic callback data detection.
* Added support for getting flags field value.
* (({RBGICallbackData})): Hidden details.
* (({rb_gi_callback_data_get_metadata()})): Added.
* (({rb_gi_callback_data_get_rb_callback()})): Added.
* Added (({to_integer})) to (({to_i})) mapping.
[GitHub#1191][Patch by yosuke shiro]
==== Ruby/CairoGObject
* Improvements
* Added (({gtype})) class methods.
==== Ruby/GIO2
* Improvements
* (({Gio::MenuItem#set_attribute_value})): Improved argument conversion.
Callers don't need to create (({GLib::Variant})).
* (({Gio::Settings.new})): Added support for keyword (({Hash})).
[GitHub#1187][Patch by cedlemo]
==== Ruby/Pango
* Improvements
* (({Pango::Attribute})): Migrated to (({GLib::Boxed})).
* (({Pango::Rectangle#dup})): Added.
* (({rbpango_attribute_from_ruby()})): Added.
* Fixes
* Fixed a bug that wrong (({Pango::Attribute})) conversion.
[GitHub#1188][Reported by kojix2]
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf#subpixbuf})): Added.
(({GdkPixbuf::Pixbuf#new_subpixbuf})) is deprecated.
* (({GdkPixbuf::Pixbuf#new})): Improved the default
(({row_stride})) value.
==== Ruby/GDK3
* Improvements
* (({Gdk::Cursor.new})): Added multiple calls with the same value.
[GitHub#1195][Reported by kojix2]
==== Ruby/GTK3
* Improvements
* Removed needless custom callback handlers.
* Dropped GTK+ 3.10 support.
* (({Gtk::Application.new})): Changed to all arguments are omittable.
* (({Gtk::TextBuffer#insert})): Changed to raise an exception for
unknown tag.
* Fixes
* Fixed a bug that (({Gtk::Version.or_later?})) requires the 3rd
argument.
* Fixed demo.
* [GitHub#1175][GitHub#1176][GitHub#1177][GitHub#1178][GitHub#1183]
[GitHub#1184][GitHub#1185]
[Reported by kojix2]
* [GitHub#1181][GitHub#1186][GitHub#1197][GitHub#1210]
[Patch by kojix2]
==== Ruby/Poppler
* Improvements
* (({Cairo::Context#show_poppler_page})): Added for consistency.
==== Ruby/RSVG2
* Improvements
* (({Cairo::Context#show_rsvg_handle})): Added for consistency.
==== Ruby/GStreamer
* Improvements
* (({Gst::Element.[]})): Added as a shortcut of
(({Gst::ElementFactory.make})).
* (({Gst::Bus#poll})): Made all arguments omittable.
=== Thanks
* Izumi Tsutsui
* okkez
* kojix2
* cedlemo
* yosuke shiro
Upstream changes:
Changes in Devel::NYTProf 6.06 - 4th June 2018
Fix sorting of numbers ending ...5s as microsec
thanks to pichi. #120
Fix tests for Strawberry Perl portable
thanks to shawnlaffan. #123
Fixed broken link in the pod to YAPC::NA 2014 talk video
thanks to manwar. #116
Add "NYTProf" to buffer overflow error message for easier triage
thanks to atomicstack. #119.
Add appveyor config file for CI on Windows
thanks to shawnlaffan. #117
Upstream changes:
6.72 2018-06-06
- Fixed recurrence bug
The fix in the previous version for a rare recurrence problem broke
another recurrence form. It is now corrected. Michael Schout (GitHub
#20)
- Fixed version problem
The wrong version was included in two files for some reason. This is
fixed.
- Documentation fixes
Fixed a grammatical error reported by Xavier Guimard (GitHub #19).
6.71 2018-06-01
- Fixed an extremely rare problem with recurrences
It is possible to specify a recurrence that never produces a valid
date. In these cases, looking for dates went into an infinite loop.
The MaxRecurAttempts config variable was added which will stop that
from happening. If no occurrence was found, an error condition will
be set. Dean Hamstead (RT 123708)
- Changes file supported
It was requested that I include a valid Changes file. I wrote a
simple script to convert the Change6.pod file into a valid Change
file. The Changes6.pod file is still the canonical source of this
information! Requested by H. Merijn Brand
- Fix for timezone determination
On MacOS X High Sierra, some of the timezone files were symlinks,
but not properly followed. This was fixed by Stu Tomlinson (GitHub
#15).
- Time zone fixes
Newest zoneinfo data (tzdata 2018e)
- Documentation fixes
Minor fix provided by Mohammad S Anwar (GitHub #17)
Upstream changes:
0.83
- Released at 2018-05-30T08:04:43+0900
- Thanks to our contributors: Alceu Rodrigues de Freitas Junior, Dan Book, Luca Ferrari, María Inés Parnisari, Mohammad S Anwar, Shoichi Kaji, sylints
- my respect to search.cpan.org
- MAKE env var can now be used to specify the "make" program.
- New command: install-cpm
- "install" command now has a "--builddir" option for specifying a work directory
- "list" command now takes "--verbose" option.
- "clone-modules" command is now better documented.
## Version 0.11.0 (2018-06-08)
* Fix build on NetBSD/evbarm.
* Skip download checks for packages that are being removed, prevents
erroneous "empty FILE_SIZE" failures.
* Perform in-place upgrades using `pkg_add -DU` rather than removing
and reinstalling. Should be faster and less error-prone.
* Output formatting improvements. Installs are now split between
refresh, upgrade, and install, with package lists formatted to be
easier to read.
doc: Updated databases/qore-pgsql-module to 2.4.1
doc: Updated databases/qore-mysql-module to 2.0.2.1
doc: Updated textproc/qore-xml-module to 1.4.1
doc: Updated textproc/qore-json-module to 1.7
doc: Updated security/qore-ssh2-module to 1.2
doc: Updated textproc/qore-yaml-module to 0.6
Changes from release notes:
* improved the description for the DESERIALIZATION-ERROR exception
for non-deserializable message bodies from HTTP servers with error
responses
* added the YamlRpcConnection class to the YamlRpcClient module
* updated the DataStreamClient module for complex types and new
internal RestClient API changes
* updated the DataStreamUtil module for complex types
* fixed a bug deserializing single-quoted strings; also serialized
"!number" values will always include the tag to avoid potential
future ambiguity
* improved argument error messages with RPC calls in the
YamlRpcHandler module
Changes from release notes:
* added the Ssh2Connections user module
* added the following SFTPClient methods supporting
streams:SFTPClient::get(), SFTPClient::put()
* fixed bugs retrieving zero-length text files with
SFTPClient::getFile(), SFTPClient::getTextFile(),
SFTPClient::get(), and SFTPClient::retrieveFile()
* fixed bugs streaming data with SFTPClient::transferFile()
and SFTPClient::put()
* argument error in SFTPClient disconnection with
socket errors causes a crash
* infinite loop in SftpPoller polling when
PO_NO_PROCESS_CONTROL is not set and no sleep
option is given
* implement support for additional directories
in SftpPoller
* SftpPoller::run() cannot be synchronized
* compile fixes for Solaris 10 g++
* add constructor option to SftpPoller for checking
if polled directories are writable
* fixed a bug that could cause a crash when an error
occurs in the SFTPClient class
* streaming from SFTP server impossible without user
re-implementing SftpPoller methods
* fixed a bug in libssh2 library initialization
error reporting
Removed patch-src_ql__json.qpp fixed upstream.
Changes from release notes:
* deprecated support for the non-published JSON-RPC 1.1 protocol
* added support for JSON-RPC 2.0
* added the JsonRpcConnection user module
* improved argument error messages with RPC calls in the
JsonRpcHandler module
* fixed date serialization to use ISO-8601 format
(instead of near-ISO-8601 format)
* parse_json() now ignores UTF-8 and Unicode BOMs at the
start of passed JSON string
* fixed a bug in request logging in the JsonRpcHandler module
* fixed a bug serializing hash keys with embedded quotes
Changes from release notes:
* fixed a bug where the URI path was not respected when
resolving SOAP calls
* implemented supoprt for handling SOAP faults based on
the exception err string (must correspond to the fault name)
* implemented supoprt for handling SOAP faults in response
messages with SOAP bindings
* fixed a bug resolving namespaces in nested schemas with
late resolution with overlapping namespace prefixes
* fixed a type error in message generation
* implemented the wsdl_set_global_compat_empty_string_is_nothing()
function and the "compat_empty_string_is_nothing" option for
the WebService class for backwards compatibility with older
versions of the WSDL module
* implemented the wsdl_set_global_compat_allow_any_header
function and the "compat_allow_any_header" option for the
WebService class for backwards compatibility with older
versions of the WSDL module
* fixed types when deserializing to eliminate performance
penalties stripping types in large data structures
* fixed soaputil to import XSDs automatically when parsing WSDLs
* fixed a bug in make_xml() to support underscores at start of tags
* added the InputStreamSaxIterator class
* added the get_xml_value() function
* exception raised when make_xml() called with multi list
value passed for top level element
* added support for XML comments (XPF_ADD_COMMENTS)
* added missing support for DTD validation
(parse_xml_with_dtd(),XmlDoc::validateDtd())
* added support for stripping namespace prefixes on element
names when parsing XML
* added a make_xml(hash, hash) variant that allows for more
control over the XML output such as date serialization formats
* added AbstractXmlIoInputCallback to provide an abstract API
for resolving external schema references
* extended XmlDoc::constructor with extra optional hash that
allows for more control over the XML output such as date
serialization formats
* XSD-ERROR exception thrown during document validation against
schema is now more verbose about what exactly failed
* fixed a bug in Windows builds
* added the SalesforceSoapConnection class
* added support for logging messages in the SoapClient module
* added the SoapConnection class
* added API support for specifying the SOAP bindings in the WSDL
to use
* added support for logging messages in the SoapHandler module
* fixed a bug in late resolution of complexTypes
* fixed a bug handling empty complexType declarations
* fixed a bug handling complexType extentions
* fixed bugs handling elementFormDefault="qualified"
declarations when the value differs between schemas
* fixed a bug where xsi:type information was serialized when
not necessary
* added a more user-friendly exception when WSDLs are encountered
with unsupported bindings
* added WSDL::WSMessageHelper to generate sample messages
* added support for multiple SOAP bindings in the WSDL
including HTTP GET/POST bindings
* fixed a bug in message serialization; all required elements
must be present or an exception is thrown
* fixed a bug handling base type extensions to complexTypes
* improved argument error messages with RPC calls in the
XmlRpcHandler module
* fixed SOAP handler to produce correct URLs in WSDL
* added documentation for the WSOperation class in the WSDL module
* fixed SalesforceSoapClient::callOperation() in the
SalesforceSoapClient module to respect the soapaction header
* fixed a memory leak in XML-RPC parsing
* supress emitting a SOAPAction header in requests if the binding
gives an empty string
* updated WSOperation::serializeRequest() to allow the SOAPAction
header to be overridden in each request
* respect XML generation flags in request generation in WSDL module
* fixed parsing empty base64Binary and hexBinary elements
* added the SoapClient::callOperation() method
* updated SOAP response processing to throw an exception when the
server responds with an error code
* content-type in exceptional cases follows Soap version
* fixed a bug in the SoapClient::constructor() where a WebService
object was not supported
* added SalesforceSoapClient user module
* added Salesforce.com.qtest and accompanying WSDLs
patch-configure and patch-src_Makefile.in removed since
they have applied upstream.
Changes from release notes:
* updated SQLStatement::fetchColumns() to return an empty
hash when no data is available
* fixed a bug where DBI-SELECT-ROW-ERROR exceptions were
being raised as MYSQL-SELECT-ROW-ERROR exceptions
* fixed formatting bugs in invalid value specification
error messages
* updated configure to find and compile with MariaDB and
Percona includes and libs
* placeholders and quotes in SQL comments are ignored
* fixed time column retrieval; the date component is now
set to 1970-01-01
* fixed binary and varbinary column handling
* fixed the "optimal-numbers" option with decimal values
with decimal points
* fixed returning result sets with duplicate column names
Changes from release notes:
* updated SQLStatement::fetchColumns() to return an empty
hash when no data is available
* fixed a formatting bug in an error message
* fixed selecting numeric values between 0 and 1
* fixed a bug where DBI-SELECT-ROW-ERROR exceptions were
being raised as PGSQL-SELECT-ROW-ERROR exceptions
New features in Qore:
* the sqlutil script has been updated with the –select option
to allow dumped table rows to be filtered
* "thread list", "backtrace all" commands implemented for
the debugger
* QUnit: overloaded the testAssertionValue() method to support
auto/number/float and more verbose output when a difference
in number/float values is found
* qdbg-remote supports ConnectionProvider connections
* new method: Breakpoint::getProgram()
* improved debugging support:
- added support for a Visual Studio Code debug adapter for Qore
- the debugger can now retrieve sources when running from a remote
debug server
- debugger options can now be set from command line (verbosity etc.)
- the onAttach() event is now executed synchronously when
the program thread context starts
- the onDetach() event is executed properly when program thread
contexts terminate
- the onStep() now provides the breakpointId value if available
- the onExit() event was added for greater control over
code execution in the debugger
- the onException() event was improved
- server commands now support frameid as a parameter
Bug fixes:
to many to list.
