platforms /bin/sh gets one something uselessly broken.
Also, don't set MAKE to Solaris's make on Solaris; while this might be
necessary building standalone, in pkgsrc it's foolish.
Instead of extracting the runtime twice for src/ and base/ and then
haphazardly patching either or both copies, patch only one copy and
create the other *after* patching.
(better yet would be not to copy the thing at all, but I think there
are smlnj reasons you can't do that)
Instead of extracting the runtime twice for src/ and base/ and then
haphazardly patching either or both copies, patch only one copy and
create the other *after* patching.
(better yet would be not to copy the thing at all, but I think there
are smlnj reasons you can't do that)
Core and Builtins
Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples.
Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data().
Library
Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283.
Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team Oststrom
Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates.
Issue 26012: Don’t traverse into symlinks for ** pattern in pathlib.Path.[r]glob().
Issue 24120: Ignore PermissionError when traversing a tree with pathlib.Path.[r]glob(). Patch by Ulrich Petri.
Skip getaddrinfo if host is already resolved. Patch by A. Jesse Jiryu Davis.
Add asyncio.timeout() context manager.
Issue 26050: Add asyncio.StreamReader.readuntil() method. Patch by Марк Коренберг.
Tests
Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This avoids relying on svn.python.org, which recently changed root certificate.
Issue 27066: Fixed SystemError if a custom opener (for open()) returns a negative number without setting an exception.
Issue 20041: Fixed TypeError when frame.f_trace is set to None. Patch by Xavier de Gaye.
Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the “N” format unit.
Issue 26991: Fix possible refleak when creating a function with annotations.
Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by Joe Jevnik.
Issue 23640: int.from_bytes() no longer bypasses constructors for subclasses.
Issue 26811: gc.get_objects() no longer contains a broken tuple with NULL pointer.
Issue 20120: Use RawConfigParser for .pypirc parsing, removing support for interpolation unintentionally added with move to Python 3. Behavior no longer does any interpolation in .pypirc files, matching behavior in Python 2.7 and Setuptools 19.0.
Issue 26659: Make the builtin slice type support cycle collection.
Issue 26718: super.__init__ no longer leaks memory if called multiple times. NOTE: A direct call of super.__init__ is not endorsed!
Issue 25339: PYTHONIOENCODING now has priority over locale in setting the error handler for stdin and stdout.
Issue 26494: Fixed crash on iterating exhausting iterators. Affected classes are generic sequence iterators, iterators of str, bytes, bytearray, list, tuple, set, frozenset, dict, OrderedDict, corresponding views and os.scandir() iterator.
Issue 26581: If coding cookie is specified multiple times on a line in Python source code file, only the first one is taken to account.
Issue 26464: Fix str.translate() when string is ASCII and first replacements removes character, but next replacement uses a non-ASCII character or a string longer than 1 character. Regression introduced in Python 3.5.0.
Issue 22836: Ensure exception reports from PyErr_Display() and PyErr_WriteUnraisable() are sensible even when formatting them produces secondary errors. This affects the reports produced by sys.__excepthook__() and when __del__() raises an exception.
Issue 26302: Correct behavior to reject comma as a legal character for cookie names.
Issue 4806: Avoid masking the original TypeError exception when using star (*) unpacking in function calls. Based on patch by Hagen Fürstenau and Daniel Urban.
Issue 27138: Fix the doc comment for FileFinder.find_spec().
Issue 26154: Add a new private _PyThreadState_UncheckedGet() function to get the current Python thread state, but don’t issue a fatal error if it is NULL. This new function must be used instead of accessing directly the _PyThreadState_Current variable. The variable is no more exposed since Python 3.5.1 to hide the exact implementation of atomic C types, to avoid compiler issues.
Issue 26194: Deque.insert() gave odd results for bounded deques that had reached their maximum size. Now an IndexError will be raised when attempting to insert into a full deque.
Issue 25843: When compiling code, don’t merge constants if they are equal but have a different types. For example, f1, f2 = lambda: 1, lambda: 1.0 is now correctly compiled to two different functions: f1() returns 1 (int) and f2() returns 1.0 (int), even if 1 and 1.0 are equal.
Issue 22995: [UPDATE] Comment out the one of the pickleability tests in _PyObject_GetState() due to regressions observed in Cython-based projects.
Issue 25961: Disallowed null characters in the type name.
Issue 25973: Fix segfault when an invalid nonlocal statement binds a name starting with two underscores.
Issue 22995: Instances of extension types with a state that aren’t subclasses of list or dict and haven’t implemented any pickle-related methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__, or __getstate__), can no longer be pickled. Including memoryview.
Issue 20440: Massive replacing unsafe attribute setting code with special macro Py_SETREF.
Issue 25766: Special method __bytes__() now works in str subclasses.
Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size. This allows sys.getsize() to work correctly with their subclasses with __slots__ defined.
Issue 25709: Fixed problem with in-place string concatenation and utf-8 cache.
Issue 27147: Mention PEP 420 in the importlib docs.
Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside __getattr__.
Issue 24731: Fixed crash on converting objects with special methods __bytes__, __trunc__, and __float__ returning instances of subclasses of bytes, int, and float to subclasses of bytes, int, and float correspondingly.
Issue 26478: Fix semantic bugs when using binary operators with dictionary views and tuples.
Issue 26171: Fix possible integer overflow and heap corruption in zipimporter.get_data().
Issue 25660: Fix TAB key behaviour in REPL with readline.
Issue 25887: Raise a RuntimeError when a coroutine object is awaited more than once.
Issue 27243: Update the __aiter__ protocol: instead of returning an awaitable that resolves to an asynchronous iterator, the asynchronous iterator should be returned directly. Doing the former will trigger a PendingDeprecationWarning.
more...
Core and Builtins
-----------------
- Issue 20041: Fixed TypeError when frame.f_trace is set to None.
Patch by Xavier de Gaye.
- Issue 25702: A --with-lto configure option has been added that will
enable link time optimizations at build time during a make profile-opt.
Some compilers and toolchains are known to not produce stable code when
using LTO, be sure to test things thoroughly before relying on it.
It can provide a few % speed up over profile-opt alone.
- Issue 26168: Fixed possible refleaks in failing Py_BuildValue() with the "N"
format unit.
- Issue 27039: Fixed bytearray.remove() for values greater than 127. Patch by
Joe Jevnik.
- Issue 4806: Avoid masking the original TypeError exception when using star
(*) unpacking and the exception was raised from a generator. Based on
patch by Hagen Fürstenau.
- Issue 26659: Make the builtin slice type support cycle collection.
- Issue 26718: super.__init__ no longer leaks memory if called multiple times.
NOTE: A direct call of super.__init__ is not endorsed!
- Issue 13410: Fixed a bug in PyUnicode_Format where it failed to properly
ignore errors from a __int__() method.
- Issue 26494: Fixed crash on iterating exhausting iterators.
Affected classes are generic sequence iterators, iterators of bytearray,
list, tuple, set, frozenset, dict, OrderedDict and corresponding views.
- Issue 26581: If coding cookie is specified multiple times on a line in
Python source code file, only the first one is taken to account.
- Issue 22836: Ensure exception reports from PyErr_Display() and
PyErr_WriteUnraisable() are sensible even when formatting them produces
secondary errors. This affects the reports produced by
sys.__excepthook__() and when __del__() raises an exception.
- Issue 22847: Improve method cache efficiency.
- Issue 25843: When compiling code, don't merge constants if they are equal
but have a different types. For example, ``f1, f2 = lambda: 1, lambda: 1.0``
is now correctly compiled to two different functions: ``f1()`` returns ``1``
(``int``) and ``f2()`` returns ``1.0`` (``int``), even if ``1`` and ``1.0``
are equal.
- Issue 22995: [UPDATE] Remove the one of the pickleability tests in
_PyObject_GetState() due to regressions observed in Cython-based projects.
- Issue 25961: Disallowed null characters in the type name.
- Issue 22995: Instances of extension types with a state that aren't
subclasses of list or dict and haven't implemented any pickle-related
methods (__reduce__, __reduce_ex__, __getnewargs__, __getnewargs_ex__,
or __getstate__), can no longer be pickled. Including memoryview.
- Issue 20440: Massive replacing unsafe attribute setting code with special
macro Py_SETREF.
- Issue 25421: __sizeof__ methods of builtin types now use dynamic basic size.
This allows sys.getsize() to work correctly with their subclasses with
__slots__ defined.
- Issue 19543: Added Py3k warning for decoding unicode.
- Issue 24097: Fixed crash in object.__reduce__() if slot name is freed inside
__getattr__.
- Issue 24731: Fixed crash on converting objects with special methods
__str__, __trunc__, and __float__ returning instances of subclasses of
str, long, and float to subclasses of str, long, and float correspondingly.
- Issue 26478: Fix semantic bugs when using binary operators with dictionary
views and tuples.
- Issue 26171: Fix possible integer overflow and heap corruption in
zipimporter.get_data().
Library
-------
- Issue 26556: Update expat to 2.1.1, fixes CVE-2015-1283.
- Fix TLS stripping vulnerability in smptlib, CVE-2016-0772. Reported by Team
Oststrom
- Issue 7356: ctypes.util: Make parsing of ldconfig output independent of the
locale.
- Issue 25738: Stop BaseHTTPServer.BaseHTTPRequestHandler.send_error() from
sending a message body for 205 Reset Content. Also, don't send the
Content-Type header field in responses that don't have a body. Based on
patch by Susumu Koshiba.
- Issue 21313: Fix the "platform" module to tolerate when sys.version
contains truncated build information.
- Issue 27211: Fix possible memory corruption in io.IOBase.readline().
- Issue 27114: Fix SSLContext._load_windows_store_certs fails with
PermissionError
- Issue 14132: Fix urllib.request redirect handling when the target only has
a query string. Fix by Ján Janech.
- Removed the requirements for the ctypes and modulefinder modules to be
compatible with earlier Python versions.
- Issue 22274: In the subprocess module, allow stderr to be redirected to
stdout even when stdout is not redirected. Patch by Akira Li.
- Issue 12045: Avoid duplicate execution of command in ctypes.util._get_soname().
Patch by Sijin Joseph.
- Issue 26960: Backported 16270 from Python 3 to Python 2, to prevent urllib
from hanging when retrieving certain FTP files.
- Issue 25745: Fixed leaking a userptr in curses panel destructor.
- Issue 17765: weakref.ref() no longer silently ignores keyword arguments.
Patch by Georg Brandl.
- Issue 26873: xmlrpclib now raises ResponseError on unsupported type tags
instead of silently return incorrect result.
- Issue 24114: Fix an uninitialized variable in `ctypes.util`.
The bug only occurs on SunOS when the ctypes implementation searches
for the `crle` program. Patch by Xiang Zhang. Tested on SunOS by
Kees Bos.
- Issue 26864: In urllib, change the proxy bypass host checking against
no_proxy to be case-insensitive, and to not match unrelated host names that
happen to have a bypassed hostname as a suffix. Patch by Xiang Zhang.
- Issue 26804: urllib will prefer lower_case proxy environment variables over
UPPER_CASE or Mixed_Case ones. Patch contributed by Hans-Peter Jansen.
- Issue 26837: assertSequenceEqual() now correctly outputs non-stringified
differing items. This affects assertListEqual() and assertTupleEqual().
- Issue 26822: itemgetter, attrgetter and methodcaller objects no longer
silently ignore keyword arguments.
- Issue 26657: Fix directory traversal vulnerability with SimpleHTTPServer
on Windows. This fixes a regression that was introduced in 2.7.7. Based
on patch by Philipp Hagemeister.
- Issue 19377: Add .svg to mimetypes.types_map.
- Issue 13952: Add .csv to mimetypes.types_map. Patch by Geoff Wilson.
- Issue 16329: Add .webm to mimetypes.types_map. Patch by Giampaolo Rodola'.
- Issue 23735: Handle terminal resizing with Readline 6.3+ by installing our
own SIGWINCH handler. Patch by Eric Price.
- Issue 26644: Raise ValueError rather than SystemError when a negative
length is passed to SSLSocket.recv() or read().
- Issue 23804: Fix SSL recv(0) and read(0) methods to return zero bytes
instead of up to 1024.
- Issue 24266: Ctrl+C during Readline history search now cancels the search
mode when compiled with Readline 7.
- Issue 23857: Implement PEP 493, adding a Python-2-only ssl module API and
environment variable to configure the default handling of SSL/TLS certificates
for HTTPS connections.
- Issue 26313: ssl.py _load_windows_store_certs fails if windows cert store
is empty. Patch by Baji.
- Issue 26513: Fixes platform module detection of Windows Server
- Issue 23718: Fixed parsing time in week 0 before Jan 1. Original patch by
Tamás Bence Gedai.
- Issue 26177: Fixed the keys() method for Canvas and Scrollbar widgets.
- Issue 15068: Got rid of excessive buffering in the fileinput module.
The bufsize parameter is no longer used.
- Issue 2202: Fix UnboundLocalError in
AbstractDigestAuthHandler.get_algorithm_impls. Initial patch by Mathieu Dupuy.
- Issue 26475: Fixed debugging output for regular expressions with the (?x)
flag.
- Issue 26385: Remove the file if the internal fdopen() call in
NamedTemporaryFile() fails. Based on patch by Silent Ghost.
- Issue 26309: In the "socketserver" module, shut down the request (closing
the connected socket) when verify_request() returns false. Based on patch
by Aviv Palivoda.
- Issue 25939: On Windows open the cert store readonly in ssl.enum_certificates.
- Issue 24303: Fix random EEXIST upon multiprocessing semaphores creation with
Linux PID namespaces enabled.
- Issue 25698: Importing module if the stack is too deep no longer replaces
imported module with the empty one.
- Issue 12923: Reset FancyURLopener's redirect counter even if there is an
exception. Based on patches by Brian Brazil and Daniel Rocco.
- Issue 25945: Fixed a crash when unpickle the functools.partial object with
wrong state. Fixed a leak in failed functools.partial constructor.
"args" and "keywords" attributes of functools.partial have now always types
tuple and dict correspondingly.
- Issue 19883: Fixed possible integer overflows in zipimport.
- Issue 26147: xmlrpclib now works with unicode not encodable with used
non-UTF-8 encoding.
- Issue 16620: Fixed AttributeError in msilib.Directory.glob().
- Issue 21847: Fixed xmlrpclib on Unicode-disabled builds.
- Issue 6500: Fixed infinite recursion in urllib2.Request.__getattr__().
- Issue 26083: Workaround a subprocess bug that raises an incorrect
"ValueError: insecure string pickle" exception instead of the actual
exception on some platforms such as Mac OS X when an exception raised
in the forked child process prior to the exec() was large enough that
it overflowed the internal errpipe_read pipe buffer.
- Issue 24103: Fixed possible use after free in ElementTree.iterparse().
- Issue 20954: _args_from_interpreter_flags used by multiprocessing and some
tests no longer behaves incorrectly in the presence of the PYTHONHASHSEED
environment variable.
- Issue 14285: When executing a package with the "python -m package" option,
and package initialization raises ImportError, a proper traceback is now
reported.
- Issue 6478: _strptime's regexp cache now is reset after changing timezone
with time.tzset().
- Issue 25718: Fixed copying object with state with boolean value is false.
- Issue 25742: :func:`locale.setlocale` now accepts a Unicode string for
its second parameter.
- Issue 10131: Fixed deep copying of minidom documents. Based on patch
by Marian Ganisin.
- Issue 25725: Fixed a reference leak in cPickle.loads() when unpickling
invalid data including tuple instructions.
- Issue 25663: In the Readline completer, avoid listing duplicate global
names, and search the global namespace before searching builtins.
- Issue 25688: Fixed file leak in ElementTree.iterparse() raising an error.
- Issue 23914: Fixed SystemError raised by CPickle unpickler on broken data.
- Issue 25924: Avoid unnecessary serialization of getaddrinfo(3) calls on
OS X versions 10.5 or higher. Original patch by A. Jesse Jiryu Davis.
- Issue 26406: Avoid unnecessary serialization of getaddrinfo(3) calls on
current versions of OpenBSD and NetBSD. Patch by A. Jesse Jiryu Davis.
IDLE
----
- Issue 5124: Paste with text selected now replaces the selection on X11.
This matches how paste works on Windows, Mac, most modern Linux apps,
and ttk widgets. Original patch by Serhiy Storchaka.
- Issue 24759: Make clear in idlelib.idle_test.__init__ that the directory
is a private implementation of test.test_idle and tool for maintainers.
- Issue 26673: When tk reports font size as 0, change to size 10.
Such fonts on Linux prevented the configuration dialog from opening.
- Issue 27044: Add ConfigDialog.remove_var_callbacks to stop memory leaks.
- In the 'IDLE-console differences' section of the IDLE doc, clarify
how running with IDLE affects sys.modules and the standard streams.
- Issue 25507: fix incorrect change in IOBinding that prevented printing.
Change also prevented saving shell window with non-ascii characters.
Augment IOBinding htest to include all major IOBinding functions.
- Issue 25905: Revert unwanted conversion of ' to ’ RIGHT SINGLE QUOTATION
MARK in README.txt and open this and NEWS.txt with 'ascii'.
Re-encode CREDITS.txt to utf-8 and open it with 'utf-8'.
- Issue 26417: Prevent spurious errors and incorrect defaults when
installing IDLE 2.7 on OS X: default configuration settings are
no longer installed from OS X specific copies.
Documentation
-------------
- Issue 26736: Used HTTPS for external links in the documentation if possible.
- Issue 6953: Rework the Readline module documentation to group related
functions together, and add more details such as what underlying Readline
functions and variables are accessed.
- Issue 26014: Guide users to the newer packaging documentation as was done
for Python 3.x. In particular, the top-level 2.7 documentation page now
links to the newer installer and distributions pages rather than the
legacy install and Distutils pages; these are still linked to in the
library/distutils doc page.
Tests
-----
- Issue 21916: Added tests for the turtle module. Patch by ingrid,
Gregory Loyse and Jelle Zijlstra.
- Issue 25940: Changed test_ssl to use self-signed.pythontest.net. This
avoids relying on svn.python.org, which recently changed root certificate.
- Issue 25616: Tests for OrderedDict are extracted from test_collections
into separate file test_ordered_dict.
Build
-----
- Issue 22359: Avoid incorrect recursive $(MAKE), and disable the rules for
running pgen when cross-compiling. The pgen output is normally saved with
the source code anyway, and is still regenerated when doing a native build.
Patch by Jonas Wagner and Xavier de Gaye.
- Issue 19450: Update Windows builds to use SQLite 3.8.11.0.
- Issue 27229: Fix the cross-compiling pgen rule for in-tree builds. Patch
by Xavier de Gaye.
- Issue 17603: Avoid error about nonexistant fileblocks.o file by using a
lower-level check for st_blocks in struct stat.
- Issue 26465: Update Windows builds to use OpenSSL 1.0.2g.
- Issue 24421: Compile Modules/_math.c once, before building extensions.
Previously it could fail to compile properly if the math and cmath builds
were concurrent.
- Issue 25824: Fixes sys.winver to not include any architecture suffix.
- Issue 25348: Added ``--pgo`` and ``--pgo-job`` arguments to
``PCbuild\build.bat`` for building with Profile-Guided Optimization. The
old ``PCbuild\build_pgo.bat`` script is now deprecated, and simply calls
``PCbuild\build.bat --pgo %*``.
- Issue 25827: Add support for building with ICC to ``configure``, including
a new ``--with-icc`` flag.
- Issue 25696: Fix installation of Python on UNIX with make -j9.
- Issue 26930: Update OS X 10.5+ 32-bit-only installer to build
and link with OpenSSL 1.0.2h.
- Issue 26268: Update Windows builds to use OpenSSL 1.0.2f.
- Issue 25136: Support Apple Xcode 7's new textual SDK stub libraries.
Tools/Demos
-----------
- Issue 26799: Fix python-gdb.py: don't get C types once when the Python code
is loaded, but get C types on demand. The C types can change if
python-gdb.py is loaded before the Python executable. Patch written by Thomas
Ilsche.
C API
-----
- Issue 26476: Fixed compilation error when use PyErr_BadInternalCall() in C++.
Patch by Jeroen Demeyer.
Misc
----
- Issue 17500, and https://github.com/python/pythondotorg/issues/945: Remove
unused and outdated icons.
that had buildlink paths show up in the Coq_config module, and added a
patch from upstream to allow compilation with 4.03.
Changes:
Critical bugfix
- The subterm relation for the guard condition was incorrectly defined on
primitive projections (#4588)
Plugin development tools
- add a .merlin target to the makefile
Various performance improvements (time, space used by .vo files)
Other bugfixes
- Fix order of arguments to Big.compare_case in ExtrOcamlZBigInt.v
- Added compatibility coercions from Specif.v which were present in Coq 8.4.
- Fixing a source of inefficiency and an artificial dependency in the printer in the congruence tactic.
- Allow to unset the refinement mode of Instance in ML
- Fixing an incorrect use of prod_appvect on a term which was not a product in setoid_rewrite.
- Add -compat 8.4 econstructor tactics, and tests
- Add compatibility Nonrecursive Elimination Schemes
- Fixing the "No applicable tactic" non informative error message regression on apply.
- Univs: fix get_current_context (bug #4603, part I)
- Fix a bug in Program coercion code
- Fix handling of arity of definitional classes.
- #4630: Some tactics are 20x slower in 8.5 than 8.4.
- #4627: records with no declared arity can be template polymorphic.
- #4623: set tactic too weak with universes (regression)
- Fix incorrect behavior of CS resolution
- #4591: Uncaught exception in directory browsing.
- CoqIDE is more resilient to initialization errors.
- #4614: "Fully check the document" is uninterruptable.
- Try eta-expansion of records only on non-recursive ones
- Fix bug when a sort is ascribed to a Record
- Primitive projections: protect kernel from erroneous definitions.
- Fixed bug #4533 with previous Keyed Unification commit
- Win: kill unreliable hence do not waitpid after kill -9 (Close#4369)
- Fix strategy of Keyed Unification
- #4608: Anomaly "output_value: abstract value (outside heap)".
- #4607: do not read native code files if native compiler was disabled.
- #4105: poor escaping in the protocol between CoqIDE and coqtop.
- #4596: [rewrite] broke in the past few weeks.
- #4533 (partial): respect declared global transparency of projections in unification.ml
- #4544: Backtrack on using full betaiota reduction during keyed unification.
- #4540: CoqIDE bottom progress bar does not update.
- Fix regression from 8.4 in reflexivity
- #4580: [Set Refine Instance Mode] also used for Program Instance.
- #4582: cannot override notation [ x ]. MAY CREATE INCOMPATIBILITIES, see #4683.
- STM: Print/Extraction have to be skipped if -quick
- #4542: CoqIDE: STOP button also stops workers
- STM: classify some variants of Instance as regular `Fork nodes.
- #4574: Anomaly: Uncaught exception Invalid_argument("splay_arity").
- Do not give a name to anonymous evars anymore. See bug #4547.
- STM: always stock in vio files the first node (state) of a proof
- STM: not delegate proofs that contain Vernac(Module|Require|Import), #4530
- Don't fail fatally if PATH is not set.
- #4537: Coq 8.5 is slower in typeclass resolution.
- #4522: Incorrect "Warning..." on windows.
- #4373: coqdep does not know about .vio files.
- #3826: "Incompatible module types" is uninformative.
- #4495: Failed assertion in metasyntax.ml.
- #4511: evar tactic can create non-typed evars.
- #4503: mixing universe polymorphic and monomorphic variables and definitions in sections is unsupported.
- #4519: oops, global shadowed local universe level bindings.
- #4506: Anomaly: File "pretyping/indrec.ml", line 169, characters 14-20: Assertion failed.
- #4548: Coqide crashes when going back one command
Notable Changes
- debugger:
* All properties of an array (aside from length) can now be printed
in the repl
- npm:
* Upgrade npm to 2.15.8
- stream:
* Fix for a bug that became more prevalent with the stream changes
that landed in v4.4.5.
- V8:
* Fix for a bug in crankshaft that was causing crashes on arm64
* Add missing classes to postmortem info such as JSMap and JSSet
This repo contains the .NET Core runtime, called CoreCLR, and the base library,
called mscorlib. It includes the garbage collector, JIT compiler, base .NET
data types and many low-level classes.
- http:
- req.read(0) could cause incoming connections to stall and time out
under certain conditions. (Fedor Indutny) #7211
- When freeing the socket to be reused in keep-alive Agent wait for
both prefinish and end events. Otherwise the next request may be
written before the previous one has finished sending the body,
leading to parser errors. (Fedor Indutny) #7149
- npm: upgrade npm to 3.9.5 (Kat Marchan) #7139
Notable changes
- buffer: Ignore negative lengths in calls to Buffer() and
Buffer.allocUnsafe().
- npm: Upgrade npm to 3.9.3
- tty: Default to blocking mode for stdio on OS X.
- V8: Upgrade to V8 5.0.71.52.
See full changelog:
https://github.com/nodejs/node/blob/v6.2.1/doc/changelogs/CHANGELOG_V6.md
Pkgsrc changes:
* Add candidate fix from https://rt.cpan.org/Public/Bug/Display.html?id=72467
* Remove patches which have been integrated upstream
* Rename and re-mould some patches which required adjustments
http://perlnews.org/2016/05/perl-5-24-released/ has pointer to
more details and says:
May 9 2016
Perl 5.24.0 has been released.
You can read about the changes which include:
Postfix dereferencing is no longer experimental
Unicode 8.0 is now supported
The autoderef feature has been removed
Perl 5.24.0 represents approximately 11 months of development since
Perl 5.22.0 and contains approximately 360,000 lines of changes
across 1,800 files from 77 authors.
From Leonardo Taccari.
This release introduces several large changes, the one with the most
impact being a completely new calling convention for compiled CPS
procedures in C code. Instead of expecting "regular" C arguments,
the compiled C functions now accept a so-called "argvector" which
holds the arguments. This should greatly improve the portability of
CHICKEN programs, because it relies less on ill-specified parts of C.
It also removes the assembly code required for manyargs, so that the
limitation of 128 arguments for platforms without an "apply hack" has
finally been removed.
On the tooling front we've also added two new features: a statistical
profiler for analysing performance, and a graphical debugger called
"feathers", which allows you to inspect your Scheme programs over the
network. These have both been documented in the manual. The debugger
has its own chapter at https://wiki.call-cc.org/man/4/Debugging and the
profiler's new -:p runtime option is documented at
https://wiki.call-cc.org/man/4/Using%20the%20compiler#runtime-options
As usual, many bugs have been fixed with this release, including several
bugs that would cause programs to crash. All in all, this new release
should be much more robust and reliable.
For the complete list of changes since 4.10.0, see the NEWS file:
https://code.call-cc.org/releases/4.11.0/NEWS
This bugfix version fixes the following problems:
1. Metatable may access its own deallocated field when it has a
self reference in __newindex.
2. Label between local definitions can mix-up their initializations.
3. gmatch iterator fails when called from a coroutine different
from the one that created it.
the java/openjdk8/jre/bin/ directory. In particular, apache-ant will
execute java from this directory rather than the copy in the non-jre
directory!
Bump package revision.
Fixes my problem building misc/libreoffice.
I tried and failed to reverse engineer the build framework to add
the rpath in the right place.
Give up for now and force it with WRAP_EXTRA_ARGS.CXX.
At least it makes the package build again.
with CONFIG_SHELL with respect to possible builtins used such as 'echo -n'.
Fixes install on SunOS using pdksh but with bash as the interactive user shell.
buffer:
- Buffer no longer errors if you call lastIndexOf with a search
term longer than the buffer
contextify:
- Context objects are now properly garbage collected, this solves
a problem some individuals were experiencing with extreme memory
growth
deps:
- update npm to 2.15.5
http:
- Invalid status codes can no longer be sent. Limited to 3 digit
numbers between 100 - 999
Ruby 2.3.1 Released Posted by nagachika on 26 Apr 2016
Ruby 2.3.1 has been released.
This is the first TEENY version release of the stable 2.3 series.
There are many bugfixes. See the ChangeLog for details.
Ruby 2.1.10 Released Posted by usa on 1 Apr 2016
Ruby 2.1.10 has been released. This release is not intended for production
use, but for compatibility tests with two-digit version numbers. You don¡Çt
have to replace Ruby 2.1.9 by 2.1.10 in normal use.
As announced in the 2.1.9 release post, Ruby 2.1.10 does not include any
changes from 2.1.9, except for its version number (and only one small related
change in its test suite). Please test your applications and/or libraries for
compatibility with two-digit version numbers.
Ruby 2.1.9 Released Posted by usa on 30 Mar 2016
Ruby 2.1.9 has been released.
This release includes many bug fixes. See ChangeLog for details.
As announced before, this is the last normal release of the Ruby 2.1
series. After this release we will never backport any bug fixes to 2.1 except
security fixes. We recommend that you start planning to upgrade to Ruby 2.3 or
2.2.
By the way, we are planning to release Ruby 2.1.10 in a few days. Ruby 2.1.10
will not include any changes from 2.1.9, except for its version number. You do
not have to use it on production, but you should test it because it has a
two-digit version number.
This will set all normal files to NONBINMODE (=644) avoiding, in the first
place, install warnings and errors about world and/or group writeability.
Some modules may even be shipped with egg-info files having mode 600
which has an adverse side-effect of wreaking havoc with setuptools
find_package() for *any* python module after installation of the culprit.
Ensuring world and group readability fixes this anomaly.
ok'd by wiz@
New in version 1.3.5
* enhancement: the platform's strtod() is exposed as SB-POSIX:STRTOD
* enhancement: speed up debug info creation for highly nested functions.
* enhancement: the interleaved structure slot optimization from release 1.2.6
has been ported to all architectures.
* enhancement: support run-program I/O redirection into lisp streams on Windows.
* bug fix: better wording in missed optimization note.
* bug fix: interpreted (CAS SVREF) was broken
* bug fix: support CLISP as build host for ARM
Changelog:
Bug Fixes
The following table lists the bug fixes included in JDK 8u92 release:
Bug Id Category Subcategory Description
JDK-8041900 client-libs 2d [macosx] Java forces the use of discrete GPU
JDK-8132890 client-libs 2d Text Overlapping on Dot Matrix Printers
JDK-8132503 client-libs java.awt [macosx] Chinese full stop symbol cannot be entered with Pinyin IM on OS X
JDK-8138764 client-libs java.awt In some cases the usage of TreeLock can be replaced by other synchronization
JDK-8041501 client-libs javax.imageio ImageIO reader is not capable of reading JPEGs without JFIF header
JDK-8134828 client-libs javax.swing Scrollbar thumb disappears with Nimbus L&F
JDK-8131129 core-libs java.lang.invoke Attempt to define a duplicate BMH$Species class
JDK-8067800 core-libs java.time Clarify java.time.chrono.Chronology.isLeapYear for out of range years
JDK-8062901 core-libs java.util Iterators is spelled incorrectly in the Javadoc for Spliterator
JDK-8140587 core-libs java.util.concurrent Atomic*FieldUpdaters should use Class.isInstance instead of direct class check
JDK-8145539 core-libs java.util:collections (coll) AbstractMap.keySet and .values should not be volatile
JDK-8143297 core-libs jdk.nashorn Nashorn compilation time reported in nanoseconds
JDK-8143896 core-libs jdk.nashorn java.lang.Long is implicitly converted to double
JDK-8144020 core-libs jdk.nashorn Remove long as an internal numeric type
JDK-8144131 core-libs jdk.nashorn ArrayData.getInt implementations do not convert to int32
JDK-8146147 core-libs jdk.nashorn Java linker indexed property getter does not work for computed nashorn string
JDK-8147845 core-libs jdk.nashorn Varargs Array functions still leaking longs
JDK-8147857 core-svc javax.management RMIConnector logs attribute names incorrectly
JDK-8140244 core-svc tools Port fix of JDK-8075773 to AIX and possibly MacOSX
JDK-8139773 deploy Add more debug traces to deployment registration process (RegFx.cpp)
JDK-8142982 deploy Race Condition can cause CacheEntry.getJarSigningData() to return null.
JDK-8143294 deploy cookie handler can't get JSESSIONID on linux
JDK-8145217 deploy Fix GenericCookieHandlerTest
JDK-8143314 deploy packager Runtime not respected with INI-configuration while creating native bundle
JDK-8139389 deploy webstart Register a protocol handler for Java Webstart
JDK-6869327 hotspot compiler Add new C2 flag to keep safepoints in counted loops.
JDK-8058563 hotspot compiler InstanceKlass::_dependencies list isn't cleared from empty nmethodBucket entries
JDK-8080650 hotspot compiler Enable stubs to use frame pointers correctly
JDK-8129847 hotspot compiler Compiling methods generated by Nashorn triggers high memory usage in C2
JDK-8131782 hotspot compiler C1 Class.cast optimization breaks when Class is loaded from static final
JDK-8139421 hotspot compiler PPC64LE: MacroAssembler::bxx64_patchable kills register R12
JDK-8140483 hotspot compiler Atomic*FieldUpdaters final fields should be trusted
JDK-8144487 hotspot compiler PhaseIdealLoop::build_and_optimize() must restore major_progress flag if skip_loop_opts is true
JDK-8144935 hotspot compiler C2: safepoint is pruned from a non-counted loop
JDK-8145754 hotspot compiler PhaseIdealLoop::is_scaled_iv_plus_offset() does not match AddI
JDK-8065579 hotspot gc WB method to start G1 concurrent mark cycle should be introduced
JDK-8138966 hotspot gc Intermittent SEGV running ParallelGC
JDK-8145442 hotspot gc Add the facility to verify remembered sets for G1
JDK-8029630 hotspot runtime Thread id should be displayed as hex number in error report
JDK-8046611 hotspot runtime Build errors with gcc on sparc/fastdebug
JDK-8087120 hotspot runtime [GCC5] java.lang.StackOverflowError on Zero JVM initialization on non x86 platforms
JDK-8138745 hotspot runtime Implement ExitOnOutOfMemory and CrashOnOutOfMemory in HotSpot
JDK-8139258 hotspot runtime PPC64LE: argument passing problem when passing 15 floats in native call
JDK-8143963 hotspot runtime improve ClassLoader::trace_class_path to accept an additional outputStream* arg
JDK-8029726 hotspot svc On OS X some dtrace probe names are mismatched with Solaris
JDK-8029727 hotspot svc On OS X dtrace probes Call<type>MethodA/Call<type>MethodV are not fired.
JDK-8029728 hotspot svc On OS X dtrace probes SetStaticBooleanField are not fired
JDK-8130910 hotspot svc hsperfdata file is created in wrong directory and not cleaned up if /tmp/hsperfdata_<username> has wrong permissions
JDK-8140031 hotspot svc SA: Searching for a value in Threads does not work
JDK-8144885 hotspot svc agent/src/os/linux/libproc.h needs to support Linux/SPARC builds
JDK-8145099 hotspot svc Better error message when SA can't attach to a process
JDK-8074935 security-libs java.security jdk8 keytool doesn't validate pem files for RFC 1421 correctness, as jdk7 did
JDK-8139436 security-libs java.security sun.security.mscapi.KeyStore might load incomplete data
JDK-8064330 security-libs javax.net.ssl Remove SHA224 from the default support list if SunMSCAPI enabled
JDK-8131665 security-libs javax.net.ssl Bad exception message in HandshakeHash.getFinishedHash
JDK-8136442 security-libs javax.net.ssl Don't tie Certificate signature algorithms to ciphuites
JDK-8038184 security-libs javax.xml.crypto XMLSignature throws StringIndexOutOfBoundsException if ID attribute value is empty String
JDK-8038349 security-libs javax.xml.crypto Signing XML with DSA throws Exception when key is larger than 1024 Exception when calling super with Object<>()
JDK-8066974 tools javac Compiler doesn't infer method's generic type information in lambda body
JDK-8068254 tools javac Method reference uses wrong qualifying type
JDK-8130506 tools javac javac Assertien invoking MethodHandle.invoke with lambda parameter
JDK-8134007 tools javac Improve string folding
JDK-8134759 tools javac jdb: Incorrect stepping inside finally block
JDK-8139751 tools javac Javac crash with -XDallowStringFolding=false
JDK-8145466 tools javac javac: No line numbers in compilation error
JDK-8145722 tools javadoc(tool) NullPointerException in javadoc
JDK-8133924 xml jaxp NPE may be thrown when xsltc select a non-existing node after JDK-8062518
* [28 Apr 16] Fixed problems of compatibility with previous versions of
ocaml.
* [23 Jan 16] Fixed bug on optional types (ocaml 4.02).
* [15 Jan 16] Fixed bug on methods wrongly interpreted as vals.
* [05 Jan 16] Updated for ocaml trunk 4.03.0
(git version be2a7e2f830911b331657b8cfa462f5219dfec5b)
* [26 Nov 15] Updated again for ocaml trunk current version (4.03.0).
* [23 Sep 15] Updated for ocaml trunk current version (4.03.0).
- assert: deep{Strict}Equal() now works correctly with circular
references.
- debugger: Arrays are now formatted correctly in the debugger repl.
- deps: Upgrade OpenSSL sources to 1.0.2h
- net: Introduced a Socket#connecting property.
- process: Introduced process.cpuUsage().
- stream: Writable#setDefaultEncoding() now returns this.
- util: Two new additions to util.inspect():
- Added a maxArrayLength option to truncate the formatting of
Arrays.
- Added a showProxy option for formatting proxy intercepting
handlers.
unneeded patches.
The list of changes is a thousand lines long, so I'm not including it
here: details can be found in the Changes file in the top directory of the
package after extraction.
This is the command-line tool, which uses the recently added libduktape package.
Duktape is an embeddable Ecmascript E5/E5.1 engine with a focus on
portability and compact footprint. By integrating Duktape into your
C/C++ program you can easily extend its functionality through
scripting. You can also build the main control flow of your program
in Ecmascript and use fast C code functions to do heavy lifting.
The terms Ecmascript and Javascript are often considered more or less
equivalent, although Javascript and its variants are technically just
one environment where the Ecmascript language is used. The line
between the two is not very clear in practice: even non-browser
Ecmascript environments often provide some browser-specific built-ins.
Duktape is no exception, and provides the commonly used print() and
alert() built-ins. Even so, we use the term Ecmascript throughout to
refer to the language implemented by Duktape.
which can be embedded in other C programs.
Duktape is an embeddable Ecmascript E5/E5.1 engine with a focus on
portability and compact footprint. By integrating Duktape into your
C/C++ program you can easily extend its functionality through
scripting. You can also build the main control flow of your program
in Ecmascript and use fast C code functions to do heavy lifting.
The terms Ecmascript and Javascript are often considered more or less
equivalent, although Javascript and its variants are technically just
one environment where the Ecmascript language is used. The line
between the two is not very clear in practice: even non-browser
Ecmascript environments often provide some browser-specific built-ins.
Duktape is no exception, and provides the commonly used print() and
alert() built-ins. Even so, we use the term Ecmascript throughout to
refer to the language implemented by Duktape.
Changelog:
NAME
perldelta - what is new for perl v5.22.2
DESCRIPTION
This document describes differences between the 5.22.1 release and the
5.22.2 release.
If you are upgrading from an earlier release such as 5.22.0, first read
perl5221delta, which describes differences between 5.22.0 and 5.22.1.
Security
Fix out of boundary access in Win32 path handling
This is CVE-2015-8608. For more information see [perl #126755]
<https://rt.perl.org/Ticket/Display.html?id=126755>.
Fix loss of taint in "canonpath()"
This is CVE-2015-8607. For more information see [perl #126862]
<https://rt.perl.org/Ticket/Display.html?id=126862>.
Set proper umask before calling mkstemp(3)
In 5.22.0 perl started setting umask to 0600 before calling mkstemp(3)
and restoring it afterwards. This wrongfully tells open(2) to strip
the owner read and write bits from the given mode before applying it,
rather than the intended negation of leaving only those bits in place.
Systems that use mode 0666 in mkstemp(3) (like old versions of glibc)
create a file with permissions 0066, leaving world read and write
permissions regardless of current umask.
This has been fixed by using umask 0177 instead.
[perl #127322] <https://rt.perl.org/Ticket/Display.html?id=127322>
Avoid accessing uninitialized memory in Win32 "crypt()"
Validation that will detect both a short salt and invalid characters in
the salt has been added.
://rt.perl.org/Ticket/Display.html?id=126922>
Remove duplicate environment variables from "environ"
Previously, if an environment variable appeared more than once in
"environ[]", %ENV would contain the last entry for that name, while a
typical "getenv()" would return the first entry. We now make sure %ENV
contains the same as what "getenv()" returns.
Secondly, we now remove duplicates from "environ[]", so if a setting
with that name is set in %ENV we won't pass an unsafe value to a child
process.
This is CVE-2016-2381.
Incompatible Changes
There are no changes intentionally incompatible with Perl 5.22.1. If
any exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
• File::Spec has been upgraded from version 3.56 to 3.56_01.
"canonpath()" now preserves taint. See "Fix loss of taint in
"canonpath()"".
• Module::CoreList has been upgraded from version 5.20151213 to
5.20160429.
The version number of Digest::SHA listed for Perl 5.18.4 was wrong
and has been corrected. Likewise for the version number of Config
in 5.18.3 and 5.18.4. [perl #127624]
<https://rt.perl.org/Ticket/Display.html?id=127624>
Documentation
Changes to Existing Documentation
perldiag
• The explanation of the warning "unable to close filehandle %s
properly: %s" which can occur when doing an implicit close of a
filehandle has been expanded and improved.
perlfunc
• The documentation of "hex()" has been revised to clarify valid
inputs.
Configuration and Compilation
• Dtrace builds now build successfully on systems with a newer dtrace
that require an input object file that uses the probes in the .d
file.
Previously the probe would fail and cause a build failure.
[perl #122287] <https://rt.perl.org/Ticket/Display.html?id=122287>
• Configure no longer probes for libnm by default. Originally this
was the "New Math" library, but the name has been re-used by the
GNOME NetworkManager.
[perl #127131] <https://rt.perl.org/Ticket/Display.html?id=127131>
• Configure now knows about gcc 5.
• Compiling perl with -DPERL_MEM_LOG now works again.
Platform Support
Platform-Specific Notes
Darwin
Compiling perl with -Dusecbacktrace on Darwin now works again.
[perl #127764] <https://rt.perl.org/Ticket/Display.html?id=127764>
OS X/Darwin
Builds with both -DDEBUGGING and threading enabled would fail with
a "panic: free from wrong pool" error when built or tested from
Terminal on OS X. This was caused by perl's internal management of
the environment conflicting with an atfork handler using the libc
"setenv()" function to update the environment.
Perl now uses "setenv()"/"unsetenv()" to update the environment on
OS X.
[perl #126240] <https://rt.perl.org/Ticket/Display.html?id=126240>
ppc64el
The floating point format of ppc64el (Debian naming for little-
endian PowerPC) is now detected correctly.
Tru64
A test failure in t/porting/extrefs.t has been fixed.
Internal Changes
• An unwarranted assertion in "Perl_newATTRSUB_x()" has been removed.
If a stub subroutine definition with a prototype has been seen,
then any subsequent stub (or definition) of the same subroutine
with an attribute was causing an assertion failure because of a
null pointer.
[perl #126845] <https://rt.perl.org/Ticket/Display.html?id=126845>
Selected Bug Fixes
• Calls to the placeholder &PL_sv_yes used internally when an
"import()" or "unimport()" method isn't found now correctly handle
scalar context. [perl #126042]
<https://rt.perl.org/Ticket/Display.html?id=126042>
• The "pipe()" operator would assert for "DEBUGGING" builds instead
of producing the correct error message. The condition asserted on
is detected and reported on correctly without the assertions, so
the assertions were removed. [perl #126480]
<https://rt.perl.org/Ticket/Display.html?id=126480>
• In some cases, failing to parse a here-doc would attempt to use
freed memory. This was caused by a pointer not being restored
correctly. [perl #126443]
<https://rt.perl.org/Ticket/Display.html?id=126443>
• Perl now reports more context when it sees an array where it
expects to see an operator, and avoids an assertion failure. [perl
#123737] <https://rt.perl.org/Ticket/Display.html?id=123737>
• If a here-doc was found while parsing another operator, the parser
had already read end of file, and the here-doc was not terminated,
perl could produce an assertion or a segmentation fault. This now
reliably complains about the unterminated here-doc. [perl #125540]
<https://rt.perl.org/Ticket/Display.html?id=125540>
• Parsing beyond the end of the buffer when processing a "#line"
directive with no filename is now avoided. [perl #127334]
<https://rt.perl.org/Ticket/Display.html?id=127334>
• Perl 5.22.0 added support for the C99 hexadecimal floating point
notation, but sometimes misparsed hex floats. This has been fixed.
[perl #127183] <https://rt.perl.org/Ticket/Display.html?id=127183>
• Certain regex patterns involving a complemented posix class in an
inverted bracketed character class, and matching something else
optionally would improperly fail to match. An example of one that
could fail is "qr/_?[^\Wbar]\x{100}/". This has been fixed. [perl
#127537] <https://rt.perl.org/Ticket/Display.html?id=127537>
• Fixed an issue with "pack()" where "pack "H"" (and "pack "h"")
could read past the source when given a non-utf8 source and a utf8
target. [perl #126325]
<https://rt.perl.org/Ticket/Display.html?id=126325>
• Fixed some cases where perl would abort due to a segmentation
fault, or a C-level assert. [perl #126193]
<https://rt.perl.org/Ticket/Display.html?id=126193> [perl #126257]
<https://rt.perl.org/Ticket/Display.html?id=126257> [perl #126258]
<https://rt.perl.org/Ticket/Display.html?id=126258> [perl #126405]
<https://rt.perl.org/Ticket/Display.html?id=126405> [perl #126602]
<https://rt.perl.org/Ticket/Display.html?id=126602> [perl #127773]
<https://rt.perl.org/Ticket/Display.html?id=127773> [perl #127786]
<https://rt.perl.org/Ticket/Display.html?id=127786>
• A memory leak when setting $ENV{foo} on Darwin has been fixed.
[perl #126240] <https://rt.perl.org/Ticket/Display.html?id=126240>
• Perl now correctly raises an error when trying to compile patterns
with unterminated character classes while there are trailing
backslashes. [perl #126141]
<https://rt.perl.org/Ticket/Display.html?id=126141>
• "NOTHING" regops and "EXACTFU_SS" regops in "make_trie()" are now
handled properly. [perl #126206]
<https://rt.perl.org/Ticket/Display.html?id=126206>
• Perl now only tests "semctl()" if we have everything needed to use
it. In FreeBSD the "semctl()" entry point may exist, but it can be
disabled by policy. [perl #127533]
<https://rt.perl.org/Ticket/Display.html?id=127533>
• A regression that allowed undeclared barewords as hash keys to work
despite strictures has been fixed. [perl #126981]
<https://rt.perl.org/Ticket/Display.html?id=126981>
• As an optimization (introduced in Perl 5.20.0), "uc()", "lc()",
"ucfirst()" and "lcfirst()" sometimes modify their argument in-
place rather than returning a modified copy. The criteria for this
optimization has been made stricter to avoid these functions
accidentally modifying in-place when they should not, which has
been happening in some cases, e.g. in List::Util.
• Excessive memory usage in the compilation of some regular
expressions involving non-ASCII characters has been reduced. A
more complete fix is forthcoming in Perl 5.24.0.
Acknowledgements
Perl 5.22.2 represents approximately 5 months of development since Perl
5.22.1 and contains approximately 3,000 lines of changes across 110
files from 24 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 1,500 lines of changes to 52 .pm, .t, .c and .h
files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.22.2:
Aaron Crane, Abigail, Andreas Koenig, Aristotle Pagaltzis, Chris
'BinGOs' Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David
Golden, David Mitchell, H.Merijn Brand, James E Keenan, Jarkko
Hietaniemi, Karen Etheridge, Karl Williamson, Matthew Horsfall, Niko
Tyni, Ricardo Signes, Sawyer X, Stevan Little, Steve Hay, Todd Rinaldo,
Tony Cook, Vladimir Timofeev, Yves Orton.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
Originally reported from abs@ on tech-pkg@.
From random(4) man page:
Applications should read from /dev/urandom when they need randomly
generated data, e.g. key material for cryptography or seeds for
simulations.
This release will become the new LTS later in 2016.
The following significant changes have been made since the
previous Node.js v5.0.0 release.
Buffer
- New Buffer constructors have been added #4682 and #5833.
- Existing Buffer() and SlowBuffer() constructors have been
deprecated in docs #4682 and #5833.
- Previously deprecated Buffer APIs are removed #5048, #4594.
- Improved error handling #4514.
- The Buffer.prototype.lastIndexOf() method has been added #4846.
Cluster
- Worker emitted as first argument in 'message' event #5361.
- The worker.exitedAfterDisconnect property replaces
worker.suicide #3743.
Console
- Calling console.timeEnd() with an unknown label now emits a
process warning rather than throwing #5901.
Crypto
- Improved error handling #3100, #5611.
- Simplified Certificate class bindings #5382.
- Improved control over FIPS mode #5181.
- pbkdf2 digest overloading is deprecated #4047.
Dependencies
- Reintroduce shared c-ares build support #5775.
- V8 updated to 5.0.71.35 #6372.
DNS
- Add dns.resolvePtr() API to query plain DNS PTR records #4921.
Domains
- Clear stack when no error handler #4659.
Events
- The EventEmitter.prototype._events object no longer inherits
from Object.prototype #6092.
- The EventEmitter.prototype.prependListener() and
EventEmitter.prototype.prependOnceListener() methods have been
added #6032.
File System
- The fs.realpath() and fs.realpathSync() methods have been
updated to use a more efficient libuv-based implementation. This
change includes the removal of the cache argument and the method
can throw new errors #3594.
- FS apis can now accept and return paths as Buffers #5616.
- Error handling and type checking improvements #5616, #5590,
#4518, #3917.
- fs.read's string interface is deprecated #4525.
HTTP
- 'clientError' can now be used to return custom errors from an
HTTP server #4557.
Buffer:
- Buffer.prototype.compare can now compare sub-ranges of two
Buffers.
deps:
- update to http-parser 2.7.0
- update ESLint to 2.7.0
net:
- adds support for passing DNS lookup hints to createConnection()
node:
- Make the builtin libraries available for the --eval and --print
CLI options
npm:
- upgrade npm to 3.8.6
repl:
- Pressing enter in the repl will repeat the last command by default
if no input has been received. This behaviour was in node
previously and was not removed intentionally.
src:
- add SIGINFO to supported signals
streams:
- Fix a regression that caused by net streams requesting multiple
chunks synchronously when combined with cork/uncork
zlib:
- The flushing flag is now configurable allowing for decompression
of partial data
Some highlights of the release are:
- New statistics info about runnable and active processes & ports.
- Time warp improvements: dbg:p/2 and erlang:trace/3 with
monotonic_timestamp | strict_monotonic_timestamp.
- Introduced a validation callback for heart.
- The module overload in sasl has been deprecated.
- ~90 contributions since 18.2
Full release notes:
http://erlang.org/download/otp_src_18.3.readme
struct declaration is always bit compatible with it. (Because it
isn't.) My patches from PR 40954 circa 2009, which it turns out is
still relevant even after the last couple updates. (Just for some
reason it had stopped crashing.)
This does not make smlnj build for me, but it gets further than it
used to.
New in version 1.3.4
* enhancement: who-sets and who-references work on DEFGLOBAL.
* enhancement: CONSTANTP understands backquote.
e.g. (CONSTANTP '`(0 (,CHAR-CODE-LIMIT))) => T
* optimization: improvements to sequence functions: CONCATENATE,
SUBSTITUTE, REVERSE.
* bug fix: SB-EVAL does not signal an error for (THE KEYWORD :FOO)
* bug fix: a DEFTYPE name that is redefined into a DEFSTRUCT name
is less likely to cause confusion in the compiler.
* bug fix: DOCUMENTATION works as intended for classes
with non-standard metaclasses
* bug fix: (TYPEP <extended-sequence> <extended-sequence-class>)
no longer returns NIL in certain situations
* bug fix: MAKE-SEQUENCE, MAP, CONCATENATE and MERGE accept class
objects as result-type
* bug fix: MAKE-SEQUENCE, MAP, CONCATENATE and MERGE expand
DEFTYPEs in result-type
- deps: Fix --gdbjit for embedders. Backported from v8 upstream.
- etw: Correctly display descriptors for ETW events 9 and 23 on
the windows platform.
- querystring: Restore throw when attempting to stringify bad
surrogate pair.
Two security-related issues were recently reported, and to address these issues
we have just released Go 1.6.1 and Go 1.5.4.
We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.6.1).
The issues addressed by these releases are:
On Windows, Go loads system DLLs by name with LoadLibrary, making it vulnerable
to DLL preloading attacks. For instance, if a user runs a Go executable from a
Downloads folder, malicious DLL files also downloaded to that folder could be
loaded into that executable.
This is CVE-2016-3958 and was addressed by this change: https://golang.org/cl/21428
Thanks to Taru Karttunen for identifying this issue.
Go's crypto libraries passed certain parameters unchecked to the underlying big
integer library, possibly leading to extremely long-running computations, which
in turn makes Go programs vulnerable to remote denial of service attacks.
Programs using HTTPS client certificates or the Go SSH server libraries are
both exposed to this vulnerability.
This is CVE-2016-3959 and was addressed by this change: https://golang.org/cl/21533
Thanks to David Wong for identifying this issue.
- http: Enclose IPv6 Host header in square brackets. This will
enable proper seperation of the host adress from any port
reference
- path: Make win32.isAbsolute more consistent
Unfortunately no changelog for just the documentation seems available, although
this sync the py27-html-docs package version with the current python27 version
in pkgsrc.
While here also add LICENSE.
4.4.2
* https: Under certain conditions ssl sockets may have been
causing a memory leak when keepalive is enabled. This is no
longer the case.
* lib: The way that we were internally passing arguments was
causing a potential leak. By copying the arguments into an
array we can avoid this.
* npm: Upgrade to v2.15.1. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an
attacker to set up a server that could collect tokens from
users of the command-line interface. Authentication tokens
have previously been sent with every request made by the
CLI for logged-in users, regardless of the destination of
the request. This update fixes this by only including those
tokens for requests made against the registry or registries
used for the current install.
* repl: Previously if you were using the repl in strict mode
the column number would be wrong in a stack trace. This is
no longer an issue.
4.4.1
* build:
- Updated Logos for the OSX + Windows installers
- New option to select your VS Version in the Windows installer
- Support Visual C++ Build Tools 2015
* tools: Gyp now works on OSX without XCode
5.10.0
* buffer:
- make byteLength work with ArrayBuffer & DataView
- backport --zero-fill-buffers command line option
- backport new buffer constructor APIs
- add swap16() and swap32() methods
* fs: add the fs.mkdtemp() function.
* net: emit host in lookup event
* node: --no-browser-globals configure flag
* npm: Upgrade to v3.8.3. Fixes a security flaw in the use of
authentication tokens in HTTP requests that would allow an
attacker to set up a server that could collect tokens from
users of the command-line interface. Authentication tokens
have previously been sent with every request made by the CLI
for logged-in users, regardless of the destination of the
request. This update fixes this by only including those
tokens for requests made against the registry or registries
used for the current install.
* repl: support standalone blocks
* src: override v8 thread defaults using cli options
5.9.0
* contextify: Fixed a memory consumption issue related to heavy
use of vm.createContext and vm.runInNewContext.
* lib: copy arguments object instead of leaking it
* src: allow both -i and -e flags to be used at the same time
* timers: Internal Node.js timeouts now use the same logic path
as those created with setTimeout()
* v8: backport fb4ccae from v8 upstream: breakout events from v8
to offer better support for external debuggers
* zlib: add support for concatenated members
I don't see a relation to relro, but the linker found out about
a missing symbol it didn't complain about before.
SVN 54139:
Thu Mar 17 11:36:27 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/socket/option.c (inspect_tcpi_msec): more accurate condition
for TCPI msec member inspection function.
[ruby-core:74388] [Bug #12185]
Bump PKGREVISION.
I don't see a relation to relro, but the linker found out about
a missing symbol it didn't complain about before.
SVN 54139:
Thu Mar 17 11:36:27 2016 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/socket/option.c (inspect_tcpi_msec): more accurate condition
for TCPI msec member inspection function.
[ruby-core:74388] [Bug #12185]
Bump PKGREVISION.
Changes in Racket 6.4:
- We fixed a security vulnerability in the web server. The existing
web server is vulnerable to a navigation attack if it is also
enabled to serve files statically; that is, any file readable by
the web server is accessible remotely. For more information see
http://blog.racket-lang.org/2016/02/racket-web-server-security-vulnerability.html
- DrRacket's scrolling is faster.
- Incremental garbage-collection mode can eliminate long pauses in a
program. For example, incremental mode is useful for avoiding pauses
in games and animations.
Programs must specifically request incremental mode with
`(collect-garbage 'incremental)`, but libraries such as
`2htdp/universe` include the request as part of the library's
implementation.
- The default package catalog is an HTTPS address instead of HTTP, and
package operations properly validate server certificates when using
HTTPS.
- Documentation may define their own categories for the manual top-
level page by using strings, rather than only symbols that name
pre-defined categories.
- The Racket cheat sheet is included in the main distribution.
- DrRacket is available in Bulgarian, thanks to Alexander Shopov.
- The contract Typed Racket generates for the `Any` type is more
permissive, allowing more typed/untyped programs to work without
contract errors.
- Redex supports binding specifications; describe which variables bind
in which expressions and your metafunctions and reduction relations
automatically become scope-sensitive. Thanks to Paul Stansifer for
this improvement.
- All `pict` functions accept `pict-convertible`s. This allows for
transparent interoperability between `pict` and libraries like
`2htdp/image`.
- The `raco profile` and `raco contract-profile` commands provide easy
access to profiling tools, without requiring program modifications.
Changelog:
Scala 2.11.8 is now available!
March 8, 2016
We are pleased to announce the availability of Scala 2.11.8!
Significant changes since 2.11.7 include:
The Scala REPL now has robust and flexible tab-completion (details below)
An assortment of bugs have been fixed
Compared to 2.11.7, this release resolves 44 issues. We merged 175 pull requests.
As usual for minor releases, Scala 2.11.8 is binary compatible with other releases in the Scala 2.11 series.
The last planned 2.11.x release will be 2.11.9 in late 2016.
New tab-completion in the Scala REPL
The implementation of tab-completion in the Scala REPL has been rewritten and now uses the same infrastructure as for example Scala IDE and ENSIME.
There are a number of improvements:
Reliable completion, also in partial expressions and syntactically incorrect programs: try class C { def f(l: List[Int]) = l.<TAB>
CamelCase completion: try (l: List[Int]).rro<TAB>, it expands to (l: List[Int]).reduceRightOption
Show desugarings performed by the compiler by adding //print: try for (x <- 1 to 10) println(x) //print<TAB>
Complete bean getters without typing get: try (d: java.util.Date).day<TAB>
Find members by typing any CamelCased part of the name: try classOf[String].typ<TAB> to get getAnnotationsByType, getComponentType and others
Complete non-qualified names, including types: try def f(s: Str<TAB>
Press tab twice to see the method signature: try List(1,2,3).part<TAB>, which completes to List(1,2,3).partition; press tab again to display def partition(p: Int => Boolean): (List[Int], List[Int])
Thanks to @retronym and @som-snytt for their fruitful collaboration on this work!
Scala 2.11.7 is now available!
June 23, 2015
We are very pleased to announce the availability of Scala 2.11.7!
We would like to highlight the following changes:
Exhaustivity checking for pattern matching is now much snappier — thank you @gbasler! (SI-9181)
A 300x more embeddable Scala REPL, brought to you by a team effort with Apache Spark. Thank you @ScrapCodes, @retronym & co! (#4548, #4563)
Scala also <3 INDYs – experiment with all our favorite new Java 8 features as follows and get an exclusive sneak preview of 2.12.0-M2!
Oh, and the spec is now much spiffier! Thanks, @soc!
Compared to 2.11.6, this release resolves 53 issues. We merged 124 pull requests (out of 157). Before upgrading, please also check the known issues for this release.
As usual for minor releases, Scala 2.11.7 is binary compatible with other releases in the Scala 2.11 series.
Changes since 16.0.0
* API changes
- si:do-setf accepts optional parameter stores. New lambda-list:
(access-fn function &optional (stores `(,(gensym))))
This change is backward compatible.
- New MP functions:
mp:with-rwlock
mp:try-get-semaphore (non-blocking)
mp:mailbox-try-read (non-blocking)
mp:mailbox-try-send (non-blocking)
- Added back removed C interfaces
ecl_import_current_thread
ecl_release_current_thread
- When cl-truename encounters a broken symlink, it returns its path
instead of signalling a file-error
- Deprecated variables has been removed
c::*suppress-compiler-warnings*, c::*suppress-compiler-notes*
- Random state might be initialized by a random seed (truncated to
32bit value) or by a precomputed array.
Latter is designed to allow reading back the printed random state
(when printed readably), not as an array to initialize the random
state.
- C99 supporting compiler is mandatory for C backend.
- COMPILER::*cc_is_cxx*: New variable to switch the output extension of
emitted compiler code to ".cxx" when configured with "--with-c++". This
eliminates compiler warnings that compiling C++ with a ".c" extension is
deprecated; this is seen mostly with Clang++.
- Added Clang-specific pragmas to disable return type, unused value and
excessive parentheses warnings, which are fairly harmless, but annoying
and clutter user output.
- GRAY:CLOSE isn't specialized on T to preserve compatibility with some
libraries.
* Enhancements:
- Added code walker (present as *feature* :walker)
- Testing framework cleanup
- Format fallbacks to prin1 if infinity or NaN are passed to it
- Annotations are added at runtime (better integration with SLIME)
- Mersenne-Twister RNG has new 64 bit implementation for appropriate
machines
- Add sockets implementation for android platform
- Add android build target (official android support)
* Issues fixed:
- si:open-unix-socket-stream accepts both string and base-string
(automatic coercion is performed)
- Long form of DEFSETF accepts multiple-values as a store forms:
(defsetf gah (x) (y z) `(list ,x ,y ,z))
(setf (gah 3) (values 3 4))
- Building with single-threaded boehm works if ECL threads are disabled
- Using labels works with sharp-S-reader
(read-from-string
"(#1=\"Hello\" #S(sharp-s-reader.1.example-struct :A #1#))")
- Generated C code works well with IEEE 754 infinities
(regression tests created)
- User-defined heap sizes can now exceed the size of a fixnum on 32-bit
- The heap size limit was intended to be 1GB on 32-bit or 4GB on 64-bit
but inconsistency between ECL_FIXNUM_BITS and FIXNUM_BITS in the code
prevented the heap to grow for 64-bit. This now occurs, and a few
other less visible bugs were fixed by restoring consistency to
ECL_FIXNUM_BITS.
- EXT:EXTERNAL-PROCESS-WAIT potential race condition fix
- Building with object files not created by ECL works (CFFI wrappers)
- Regression regarding initialization of build by ECL libraries from
external code fixed. Static and shared libraries initialization
funcitons has predetermined name while object files has randomized
names.
- Random state initial state generation was buggy and insecure (entropy
from urandom was rejected)
- Fix `listen' on streams when FILE_CNT isn't available (use read instad
of fread)
- `FIND' compiled with C compiler didn't respect `START' nor `END'
arguments. Compiler macro is fixed now and should work as expected
- `compute-applicable-methods-using-classes` bugfix
It is a dlopened library and needs libmawt.so, but that can be provided by
either xawt/libmawt.so or headless/libmawt.so. The JVM will pick and load
the correct implementation to use so an explicit run path is neither
appropriate nor required.
jperkin Mon Mar 7 16:27:47 UTC 2016
Do not use "-z discard-unused" linker flags on SunOS, it is only supported
by the very latest Oracle Solaris release.
Packaged in pkgsrc-wip by myself and Kamil.
Remove stale pkgsrc/SunOS bread crumbs that were difficult to merge
following the build framework switch. Needs to be redone. (Sorry!)
Summary of significant changes in LLVM:
- switch build framework from autoconf to CMake
- llvm-ar now supports thin archives.
- llvm doesn t produce .data.rel.ro.local or .data.rel sections anymore.
- opional support for linking clang and the LLVM tools with a single
libLLVM shared library
pkgsrc note: we have this library in lang/libLLVM, but we don't currently
use it. We may do so in the future if/when the API matures.
- The optimization to move the prologue and epilogue of functions in colder
code path (shrink-wrapping) is now enabled by default
- new target-independent gcc-compatible emulated Thread Local Storage mode
- various target specific optimizations
Summary of significant changes in Clang:
- new compiler flags for tuning what DWARF information is included
- better strict alignment handling
- better support for __builtin_object_size
Notable changes
- deps: An update to v8 that introduces a new flag
--perf_basic_prof_only_functions
- http: A new feature in http(s) agent that catches errors on keep
alived connections
- src: Better support for Big-Endian systems
- tls: A new feature that allows you to pass common SSL options
to tls.createSecurePair
- tools: a new flag --prof-process which will execute the tick
processor on the provided isolate files
- build: Support python path that includes spaces. This should be
of particular interest to our Windows users who may have python
living in c:/Program Files
- https: A potential fix for #3692 HTTP/HTTPS client requests
throwing EPROTO
- installer: More readable profiling information from isolate
tick logs
- npm: upgrade to npm 2.14.20
- process: Add support for symbols in event emitters. Symbols
didn't exist when it was written
- querystring: querystring.parse() is now 13-22% faster!
- streams: performance improvements for moving small buffers that
shows a 5% throughput gain. IoT projects have been seen to be as
much as 10% faster with this change!
- tools: eslint has been updated to version 2.1.0
Changes since 5.7.1:
- child_process: send() now accepts an options parameter
- constants: ENGINE_METHOD_RSA is now correctly exposed
- Fixed two regressions which originated in v5.7.0:
- http: Errors inside of http client callbacks now propagate
correctly
- path: Fixed normalization of absolute paths
- repl: start() no longer requires an options parameter
- util: Improved format() performance 50-300%
Decouple the package from lang/clang that so it can be maintained
and updated independently.
This switches the build framework from autoconf to cmake.
There are no significant changes to the AMDGPU target mentioned in
the release notes. Other changes are not relevant to mention here since
mesa is the only user of this package in pkgsrc proper.
The symbol 'main' is multiply defined because Perl 5's `Configure`
script erroneously appends `try.c`, instead of overwriting it.
This change backports an upstream patch, which will not be needed once
Perl 5 5.23.x is available.
Sent by Eric N. Vander Weele
