-------------------------------------------------------------------
(From https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-56.html)
Changes in MySQL 5.5.56 (2017-05-02, General availability)
Binary packages for MySQL 5.5.56 are identical to those for MySQL
5.5.55, except for the version number. The change in 5.5.56 for Bug
#25942414 is applicable only to those who build from source.
Security Notes
For the WITH_SSL CMake option, no is no longer a permitted value or
the default value. The default is now bundled. Consequently, MySQL now
is always built with SSL support. (Bug #25942414)
-------------------------------------------------------------------
(pkgsrc changes)
- Removed ssl option both from PKG_{SUPPORTED,SUGGESTED}_OPTIONS.
This may give error if ssl is explicitly designated, but I believe
that is the (kind of) upstream intension.
(or left ssl in SUPPORTED and ignore it ?)
- module: The module loading global fallback to the Node executable's
directory now works correctly on Windows.
- src: fix base64 decoding in rare edgecase
- tls: fix rare segmentation faults when using TLS
We have released LibreSSL 2.5.4, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:
* Reverted a previous change that forced consistency between return
value and error code when specifing a certificate verification
callback, since this breaks the documented API. When a user supplied
callback always returns 1, and later code checks the error code to
potentially abort post verification, this will result in incorrect
successul certificate verification.
* Switched Linux getrandom() usage to non-blocking mode, continuing to
use fallback mechanims if unsuccessful. This works around a design
flaw in Linux getrandom(2) where early boot usage in a library makes
it impossible to recover if getrandom(2) is not yet initialized.
* Fixed a bug caused by the return value being set early to signal
successful DTLS cookie validation. This can mask a later failure and
result in a positive return value being returned from
ssl3_get_client_hello(), when it should return a negative value to
propagate the error.
* Fixed a build error on non-x86/x86_64 systems running Solaris.
We have released LibreSSL 2.5.3, based on OpenBSD 6.1, which will be the new
stable release series. LibreSSL 2.3.x support has also ended. LibreSSL 2.5.3
contains the following changes from the previous stable release.
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO functions.
Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than having
two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in a single
memory based code path being used to provide data to libssl.
* Added support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this brings in
X509_check_host, X509_check_email, X509_check_ip, and X509_check_ip_asc.
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak analysis
software.
* Correctly handle an EOF that occurs prior to the TLS handshake completing.
Reported by Vasily Kolobkov, based on a diff from Marko Kreen.
* Limit the support of the "backward compatible" ssl2 handshake to only be
used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when BN_mod_word()
can return incorrect results. BN_mod_word() now can return an error condition.
Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with printf.
* Reverted change that cleans up the EVP cipher context in EVP_EncryptFinal()
and EVP_DecryptFinal(). Some software relies on the previous behaviour.
* Avoid unbounded memory growth in libssl, which can be triggered by a TLS
client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
* X509_cmp_time() now passes a malformed GeneralizedTime field as an error.
Reported by Theofilos Petsios.
* Detect zero-length encrypted session data early, instead of when malloc(0)
fails or the HMAC check fails. Noted independently by jsing@ and Kurt Cancemi.
* Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate().
* Massive update and normalization of manpages, conversion to mandoc format.
Many pages were rewritten for clarity and accuracy. Portable doc links are
up-to-date with a new conversion tool.
* Curve25519 Key Exchange support.
* Support for alternate chains for certificate verification.
* Code cleanups, CBB conversions, further unification of DTLS/SSL handshake
code, further ASN1 macro expansion and removal.
* Private symbols are now hidden in libssl and libcrypto.
* Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
* Added OCSP stapling support to libtls and nc.
* Added ocspcheck utility to validate a certificate against its OCSP responder
and save the reply for stapling
* Enhanced regression tests and error handling for libtls.
* Added explicit constant and non-constant time BN functions, defaulting to
constant time wherever possible.
* Moved many leaked implementation details in public structs behind opaque
pointers.
* Added ticket support to libtls.
* Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names. This also changes the default list of
curves to be X25519, P-256 and P-384. All other curves must be manually
enabled.
* Added -groups option to openssl(1) s_client for specifying the curves to be
used in a colon-separated list.
* Merged client/server version negotiation code paths into one, reducing much
duplicate code.
* Removed error function codes from libssl and libcrypto.
* Fixed an issue where a truncated packet could crash via an OOB read.
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows client-initiated
renegotiation. This is the default for libtls servers.
* Avoid a side-channel cache-timing attack that can leak the ECDSA private
keys when signing. This is due to BN_mod_inverse() being used without the
constant time flag being set. Reported by Cesar Pereida Garcia and Billy
Brumley (Tampere University of Technology). The fix was developed by Cesar
Pereida Garcia.
* iOS and MacOS compatibility updates from Simone Basso and Jacob Berkman.
* Added the recallocarray(3) memory allocation function, and converted various
places in the library to use it, such as CBB and BUF_MEM_grow. recallocarray(3)
is similar to reallocarray. Newly allocated memory is cleared similar to
calloc(3). Memory that becomes unallocated while shrinking or moving existing
allocations is explicitly discarded by unmapping or clearing to 0.
* Added new root CAs from SECOM Trust Systems / Security Communication of Japan.
* Added EVP interface for MD5+SHA1 hashes.
* Fixed DTLS client failures when the server sends a certificate request.
* Correct handling of padding when upgrading an SSLv2 challenge into an
SSLv3/TLS connection.
* Allow protocols and ciphers to be set on a TLS config object in libtls.
* Improved nc(1) TLS handshake CPU usage and server-side error reporting.
* Add a constant time version of BN_gcd and use it default for BN_gcd to avoid
the possibility of sidechannel timing attacks against RSA private key
generation - Thanks to Alejandro Cabrera
We have released LibreSSL 2.5.2, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. It includes the following
changes:
* Added the recallocarray(3) memory allocation function, and converted
various places in the library to use it, such as CBB and BUF_MEM_grow.
recallocarray(3) is similar to reallocarray. Newly allocated memory
is cleared similar to calloc(3). Memory that becomes unallocated
while shrinking or moving existing allocations is explicitly
discarded by unmapping or clearing to 0.
* Added new root CAs from SECOM Trust Systems / Security Communication
of Japan.
* Added EVP interface for MD5+SHA1 hashes.
* Fixed DTLS client failures when the server sends a certificate
request.
* Correct handling of padding when upgrading an SSLv2 challenge into
an SSLv3/TLS connection.
* Allow protocols and ciphers to be set on a TLS config object in
libtls.
* Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
- module: The module loading global fallback to the Node executable's
directory now works correctly on Windows.
- src: fix base64 decoding in rare edgecase
- tls: fix rare segmentation faults when using TLS
* FindOpenSSL: Add more library name alternatives
* FindBoost: Restore tolerance of backslashes in paths
* Tests: Fix FindModulesExecuteAll when KDE4 is installed
* Tests: Simplify CMakeOnly.AllFindModules policy settings
* FindBoost: Fix library directory for VS 2017
* CPack/RPM doc: CPACK_RPM_BUILDREQUIRES docs
* source_group: Fix TREE with root that is not current source dir
* FindMatlab: Add support for Matlab 2017a
* VS: Fix project reference inspection in VS IDE
* FindBoost: Allow testing for multiple compiler suffixes
* FindBoost: Support prebuilt Windows binaries from SourceForge
* VS2017: Verify Windows 8.1 SDK before using it
Changes:
1.0.3
=====
- Add .es6 to js file types
- Add support for log file types
- Add elm file type support
- Add twig to languages
- Add .gradle to groovy flie types
- Misc bug fixes and improvements
This allows packages to specify the version of the standard that they
require, and the infrastructure then distils that down in a similar way
to GCC_REQD to the newest standard, avoiding clashes with different -std
requirements based on CXXFLAGS.
Broad concensus on tech-pkg and tested in bulk builds.
-------------------------------------
dnsperf 2.1.0.0
Release Notes
************************
December 15, 2015
In addition to various bug fixes, the following new capabilities
were added in this release:
- The -C option was added to resperf. This option enables the local
server to act as multiple clients. By default, the local server
acts as a single client.
- the -T option was added to dnsperf. This option separates the
number of clients from the number of threads and allows more
clients to be simulated effectively. Note that using this option
impacts CPU and memory, so we recommend limiting the number of
threads.
GCC Java removed, package now uses ISL 0.16.1
Release notes:
We are proud to announce the next, major release of the
GNU Compiler Collection, 7.1. This year we celebrated the 30th
anniversary of the first GCC beta release and this month
we will celebrate 30 years since the GCC 1.0 release.
GCC 7.1 is a major release containing substantial new
functionality not available in GCC 6.x or previous GCC releases.
The C++ frontend now has experimental support for all of the current C++17
draft, with the -std=c++1z and -std=gnu++1z options, and the libstdc++
library has most of the C++17 draft library features implemented too.
This releases features various improvements in the emitted diagnostics,
including improved locations, location ranges, suggestions for misspelled
identifiers, option names, fix-it hints and various new warnings
have been added.
The optimizers have been improved, with improvements appearing in all of
intra- and inter-procedural optimizations, link time optimizations and
various target backends, including, but not limited to, additions of store
merging pass, code hoisting optimization, loop splitting, and
shrink wrapping improvements.
The Address Sanitizer can now report uses of variables after leaving their
scope. GCC now can be configured for OpenMP 4.5 offloading to NVidia PTX
GPGPUs.
Some code that compiled successfully with older GCC versions might require
some code adjustments, see http://gcc.gnu.org/gcc-7/porting_to.html for
details.
See
https://gcc.gnu.org/gcc-7/changes.html
for more information about changes in GCC 7.1.
Changes:
4.7
===
New features
------------
- Add embedding support with -w option.
This option can be used to xembed dmenu into an application. This is
useful in particular for surf.
- config.h: add config option for word delimiters.
Noteworthy fixes
----------------
- die() on calloc failure.
- Sync new drw from libsl and minor fixes.
- arg.h: fixed argv checks order.
- Regression fix: Do not crash on e.g. dmenu < /dev/null
- Shut up glibc about _BSD_SOURCE being deprecated.
- Xinerama: correct variable declarations in preprocessor conditional.
- Small man page improvements.
Thanks in particular to the contributors
----------------------------------------
- Andrew Gregory
- Klemens Nanni
- Lucas Gabriel Vuotto
- Markus Teich
- Quentin Rameau
- S. Gilles
- Thomas Gardner
Changelog:
Apr 25, 2017
Features
zone parser can parse acronyms for algorithms ED25519 and ED448.
Fix 1243: Option to make NSD emit really minimal responses, minimal-responses: yes in nsd.conf.
Bugfixes
Calculate new udb index after growing the array, fix from Chaofeng Liu.
Fix missing _t to _type conversion for disable-radix-tree option.
Printout serial error with hint it may be too big.
Fix 1228: OpenSSL include is not guarded with HAVE_SSL
Patch for expire state in multi-master when masters includes broken master, from Manabu Sonoda.
minor manpage fix.
Release 0.54.0
core:
* Make XRef reconstruction a bit better. Bug #100509
glib:
* Expose movie play mode. Bug #99625
* demo: Show play mode in movie properties view
qt5:
* Compile with -DQT_NO_CAST_FROM_BYTEARRAY. Bug #100311
utils:
* pdfimages: don't fail listing if inline image data contains 'EI'. Bug #100737
Release 0.53.0
core:
* Form support improvements
* SplashOutputDev: Fix memory leak when rendering images with colormap and matte color
* Minor fix in GlobalParams documentation
qt5:
* Expose form calculate order
* Expose Form additional actions
utils:
* pdfimages: support 16bpc png and tiff images. Bug #99988
* pdftohtml: fix small memory leak when constructing some filenames
* pdfinfo: fix leak when printing JS
build sytem:
* Compile in C++11 mode
* Update naxsi to 0.55.3
Changes with nginx 1.13.0 25 Apr 2017
- Change: SSL renegotiation is now allowed on backend connections.
- Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.
- Feature: the "return" and "error_page" directives can now be used to
return 308 redirections.
Thanks to Simon Leblanc.
- Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.
- Feature: when logging signals nginx now logs PID of the process which
sent the signal.
- Bugfix: in memory allocation error handling.
- Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could differ
from the original datagram destination address.
Changes with nginx 1.11.13 04 Apr 2017
- Feature: the "http_429" parameter of the "proxy_next_upstream",
"fastcgi_next_upstream", "scgi_next_upstream", and
"uwsgi_next_upstream" directives.
Thanks to Piotr Sikora.
- Bugfix: in memory allocation error handling.
- Bugfix: requests might hang when using the "sendfile" and
"timer_resolution" directives on Linux.
- Bugfix: requests might hang when using the "sendfile" and "aio_write"
directives with subrequests.
- Bugfix: in the ngx_http_v2_module.
Thanks to Piotr Sikora.
- Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2.
- Bugfix: requests might hang when using the "limit_rate",
"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
embedded perl method with subrequests.
- Bugfix: in the ngx_http_slice_module.
Changes with nginx 1.11.12 24 Mar 2017
- Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11.
Changes with nginx 1.11.11 21 Mar 2017
- Feature: the "worker_shutdown_timeout" directive.
- Feature: vim syntax highlighting scripts improvements.
Thanks to Wei-Ko Kao.
- Bugfix: a segmentation fault might occur in a worker process if the
$limit_rate variable was set to an empty string.
- Bugfix: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives might work incorrectly
if the "if" directive was used.
- Bugfix: a segmentation fault might occur in a worker process if
number of large_client_header_buffers in a virtual server was
different from the one in the default server.
- Bugfix: in the mail proxy server.
Changes with nginx 1.11.10 14 Feb 2017
- Change: cache header format has been changed, previously cached
responses will be invalidated.
- Feature: support of "stale-while-revalidate" and "stale-if-error"
extensions in the "Cache-Control" backend response header line.
- Feature: the "proxy_cache_background_update",
"fastcgi_cache_background_update", "scgi_cache_background_update",
and "uwsgi_cache_background_update" directives.
- Feature: nginx is now able to cache responses with the "Vary" header
line up to 128 characters long (instead of 42 characters in previous
versions).
- Feature: the "build" parameter of the "server_tokens" directive.
Thanks to Tom Thorogood.
- Bugfix: "[crit] SSL_write() failed" messages might appear in logs
when handling requests with the "Expect: 100-continue" request header
line.
- Bugfix: the ngx_http_slice_module did not work in named locations.
- Bugfix: a segmentation fault might occur in a worker process when
using AIO after an "X-Accel-Redirect" redirection.
- Bugfix: reduced memory consumption for long-lived requests using
gzipping.
