3.7.0 (2021-04-28)
Merged Pull Requests
* Update chefstyle requirement from 1.7.4 to 1.7.5 #678 (dependabot[bot])
* Switch to GNU timeout-based implementation of SSH timeouts #679
(clintoncwolfe)
* Read the username and port from /.ssh/config file and replace if present
#659 (sanga1794)
3.6.2 (2021-04-14)
Merged Pull Requests
* Update chefstyle requirement from 1.7.2 to 1.7.4 #673 (dependabot[bot])
* Fix SSH Timeout PTY allocation #676 (clintoncwolfe)
3.6.0 (2021-04-07)
Merged Pull Requests
* Support Docker for Windows #674 (clintoncwolfe)
3.5.5 (2021-03-24)
Merged Pull Requests
* Add timeout support to Mixlib::ShellOut based local runners #671
(clintoncwolfe)
Required by new version of textproc/ruby-kramdown-rfc2629.
Ensure net/https uses OpenSSL::SSL::VERIFY_PEER to verify SSL
certificates and provides certificate bundle in case OpenSSL cannot
find one.
2.2.5 (2021-04-15)
* Fix argument forwarding on Ruby 2.7 [#149]
2.2.4 (2021-04-12)
* Add reload to close all connections, recreating them afterwards [Andrew
Marshall, #140]
* Add then as a way to use a pool or a bare connection with the same code
path [#138]
pkgsrc change: add "USE_LANGUAGES= # none".
1.4.0 (2021-05-01)
* Allow for customization which signals are sent to stop process (thanks to
philister)
* Resolves mismatched indentations (thanks to Luis M Rodriguez)
* Allow to use pry-byebug 3.8.0 (thanks to kamipo)
2.2.17 (2021-05-05)
Enhancements:
* Improve authentication required error message to include an alternative
using ENV #4565
* Discard partial range responses without etag #4563
* Fix configuring ENV for a gem server with a name including dashes #4571
* Redact credentials from bundle env and bundle config #4566
* Redact all sources in verbose mode #4564
* Improve bundle pristine error if BUNDLE_GEMFILE does not exist #4536
* [CurrentRuby] Add 3.0 as a known minor #4535
* Prefer File.read instead of IO.read #4530
* Add space after open curly bracket in Gemfile and gems.rb template #4518
Bug fixes:
* Make sure specs are fetched from the right source when materializing #4562
* Fix bundle cache with an up-to-date lockfile and specs not already
installed #4554
* Ignore deployment setting in inline mode #4523
Performance:
* Don't materialize resolutions when not necessary #4556
Upstream changes:
2.100 2021-02-04
- Declare vars with our instead of use vars (GH #7, thanks to Grinnz)
- Quote $VERSION to preserve formatting (GH #6, thanks to Grinnz)
2.000 2020-11-09
- Switch to XSLoader rather than DynaLoader (GH #5, thanks to atoomic)
upstream changes:
-----------------
Patch Package: OTP 23.3.3
Git Tag: OTP-23.3.3
Date: 2021-05-06
Trouble Report Id: OTP-16607, OTP-16930, OTP-17347, OTP-17357,
OTP-17358, OTP-17361
Seq num: ERL-1371, ERL-1439, ERL-ERL-610, GH-3480,
GH-4396, GH-4774
System: OTP
Release: 23
Application: common_test-1.20.2, compiler-7.6.8,
erl_interface-4.0.3, kernel-7.3.1,
runtime_tools-1.16.1
Predecessor: OTP 23.3.2
Check out the git tag OTP-23.3.3, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- common_test-1.20.2 ----------------------------------------------
---------------------------------------------------------------------
The common_test-1.20.2 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17347 Application(s): common_test
Related Id(s): ERL-1439, GH-3480
Before this change Config leaked between test groups in
case of a subgroup was skipped (GH-3480).
Full runtime dependencies of common_test-1.20.2: compiler-6.0,
crypto-3.6, debugger-4.1, erts-7.0, ftp-1.0.0, inets-6.0, kernel-4.0,
observer-2.1, runtime_tools-1.8.16, sasl-2.4.2, snmp-5.1.2, ssh-4.0,
stdlib-3.5, syntax_tools-1.7, tools-2.8, xmerl-1.3.8
---------------------------------------------------------------------
--- compiler-7.6.8 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.6.8 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17357 Application(s): compiler
Related Id(s): GH-4774
Fixed a bug in the validator that could cause it to
reject valid code.
Full runtime dependencies of compiler-7.6.8: crypto-3.6, erts-11.0,
hipe-3.12, kernel-7.0, stdlib-3.13
---------------------------------------------------------------------
--- erl_interface-4.0.3 ---------------------------------------------
---------------------------------------------------------------------
The erl_interface-4.0.3 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17358 Application(s): erl_interface
Related Id(s): ERL-ERL-610
Fix bug where sending of large data with
ei_send_*/ei_rpc with infinite timeout could fail when
the tcp buffer becomes full.
Fault has existed since OTP-21.
--- Known Bugs and Problems ---
OTP-16607 Application(s): erl_interface
Related Id(s): OTP-16608
The ei API for decoding/encoding terms is not fully
64-bit compatible since terms that have a
representation on the external term format larger than
2 GB cannot be handled.
---------------------------------------------------------------------
--- kernel-7.3.1 ----------------------------------------------------
---------------------------------------------------------------------
The kernel-7.3.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17361 Application(s): kernel
A bug in the Erlang DNS resolver has been fixed, where
it could be made to bring down the kernel supervisor
and thereby the whole node, when getting an incorrect
(IN A reply to an IN CNAME query) reply from the DNS
server and used the reply record's value without
verifying its type.
Full runtime dependencies of kernel-7.3.1: erts-11.0, sasl-3.0,
stdlib-3.13
---------------------------------------------------------------------
--- runtime_tools-1.16.1 --------------------------------------------
---------------------------------------------------------------------
The runtime_tools-1.16.1 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16930 Application(s): runtime_tools
Related Id(s): ERL-1371, GH-4396
The function dbg:n/1 used a local fun to set up a
tracer on a remote node. This works fine as long as the
remote node is running exactly the same version of
Erlang/OTP but does not work at all otherwise. This is
fixed by exporting the relevant function and by calling
this function on the remote node to set up remote
tracing.
Full runtime dependencies of runtime_tools-1.16.1: erts-11.0,
kernel-7.0, mnesia-4.12, stdlib-3.13
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
This is the first properly tagged version of go-tools. It now builds as a
module. The buildlink3 file is gone. Several binaries that landed in bin
by accident are no longer included :)
Module-based builds are the default way to build software in Go as of Go
1.16. go-package.mk implements the older GOPATH-based build type, which
will go away in one of the next Go releases (probably in early 2022).
"There are several reasons not to enable libdiscmage, which is different
than saying that it is unnecessary. It appears it is also unnecessary, as it
has never gotten further than alpha status and certain functionality was
actively disabled many years ago, but I never got any feedback about it.
The presence of libdiscmage caused confusion for some users and I had
discovered some issues in its limited functionality, so for version 2.2.1 of
uCON64 I decided to change the default of the configure script to
--without-libdiscmage. I probably should have stated that I consider
libdiscmage deprecated, because several distribution channels responded by
adding --with-libdiscmage to their build specifications for uCON64 instead.
Among those is pkgsrc."
Real changes are in www/ruby-actionpack61 only.
## Rails 6.1.3.2 (May 05, 2021) ##
* Prevent open redirects by correctly escaping the host allow list
CVE-2021-22903
* Prevent catastrophic backtracking during mime parsing
CVE-2021-22902
* Prevent regex DoS in HTTP token authentication
CVE-2021-22904
* Prevent string polymorphic route arguments.
`url_for` supports building polymorphic URLs via an array
of arguments (usually symbols and records). If a developer passes a
user input array, strings can result in unwanted route helper calls.
CVE-2021-22885
*Gannon McGibbon*
