Two security-related issues were recently reported.
To address this issue, we have just released Go 1.8.4 and Go 1.9.1.
We recommend that all users update to one of these releases (if you're not sure
which, choose Go 1.9.1).
The issues addressed by these releases are:
By nesting a git checkout inside another version control repository, it was
possible for an attacker to trick the "go get" command into executing arbitrary
code. The go command now refuses to use version control checkouts found inside
other version control systems, with an exception for git submodules (git inside
git).
The issue is tracked as https://golang.org/issue/22125 (Go 1.8.4) and
https://golang.org/issue/22131 (Go 1.9.1). Fixes are linked from the issues.
Thanks to Simon Rawet for the report.
In the smtp package, PlainAuth is documented as sending credentials only over
authenticated, encrypted TLS connections, but it was changed in Go 1.1 to also
send credentials on non-TLS connections when the remote server advertises that
PLAIN authentication is supported. The change was meant to allow use of PLAIN
authentication on localhost, but it has the effect of allowing a
man-in-the-middle attacker to harvest credentials. PlainAuth now requires
either TLS or a localhost connection before sending credentials, regardless of
what the remote server claims.
This issue is tracked as https://golang.org/issue/22134 (Go 1.8.4) and
https://golang.org/issue/22133 (Go 1.9.1). Fixes are linked from the issues.
Thanks to Stevie Johnstone for the report.
Python 3.6.3 final
Library
* bpo-31641: Re-allow arbitrary iterables in concurrent.futures.as_completed(). Fixes regression in 3.6.3rc1.
Build
* bpo-31662: Fix typos in Windows uploadrelease.bat script. Fix Windows Doc build issues in Doc/make.bat.
* bpo-31423: Fix building the PDF documentation with newer versions of Sphinx.
More here https://docs.python.org/3.6/whatsnew/changelog.html
Pkgsrc changes:
* Remove patch which has been integrated upstream
Upstream changes:
NAME
perldelta - what is new for perl v5.26.1
DESCRIPTION
This document describes differences between the 5.26.0 release and the
5.26.1 release.
If you are upgrading from an earlier release such as 5.24.0, first read
perl5260delta, which describes differences between 5.24.0 and 5.26.0.
Security
[CVE-2017-12837] Heap buffer overflow in regular expression compiler
Compiling certain regular expression patterns with the case-insensitive
modifier could cause a heap buffer overflow and crash perl. This has
now been fixed. [perl #131582]
<https://rt.perl.org/Public/Bug/Display.html?id=131582>
[CVE-2017-12883] Buffer over-read in regular expression parser
For certain types of syntax error in a regular expression pattern, the
error message could either contain the contents of a random, possibly
large, chunk of memory, or could crash perl. This has now been fixed.
[perl #131598] <https://rt.perl.org/Public/Bug/Display.html?id=131598>
[CVE-2017-12814] $ENV{$key} stack buffer overflow on Windows
A possible stack buffer overflow in the %ENV code on Windows has been
fixed by removing the buffer completely since it was superfluous
anyway. [perl #131665]
<https://rt.perl.org/Public/Bug/Display.html?id=131665>
Incompatible Changes
There are no changes intentionally incompatible with 5.26.0. If any
exist, they are bugs, and we request that you submit a report. See
"Reporting Bugs" below.
Modules and Pragmata
Updated Modules and Pragmata
* base has been upgraded from version 2.25 to 2.26.
The effects of dotless @INC on this module have been limited by the
introduction of a more refined and accurate solution for removing
'.' from @INC while reducing the false positives.
* charnames has been upgraded from version 1.44 to 1.45.
* Module::CoreList has been upgraded from version 5.20170530 to
5.20170922_26.
Platform Support
Platform-Specific Notes
FreeBSD
* Building with g++ on FreeBSD-11.0 has been fixed. [perl
#131337]
<https://rt.perl.org/Public/Bug/Display.html?id=131337>
Windows
* Support for compiling perl on Windows using Microsoft Visual
Studio 2017 (containing Visual C++ 14.1) has been added.
* Building XS modules with GCC 6 in a 64-bit build of Perl failed
due to incorrect mapping of "strtoll" and "strtoull". This has
now been fixed. [perl #131726]
<https://rt.perl.org/Public/Bug/Display.html?id=131726> [cpan
#121683]
<https://rt.cpan.org/Public/Bug/Display.html?id=121683> [cpan
#122353]
<https://rt.cpan.org/Public/Bug/Display.html?id=122353>
Selected Bug Fixes
* Several built-in functions previously had bugs that could cause
them to write to the internal stack without allocating room for the
item being written. In rare situations, this could have led to a
crash. These bugs have now been fixed, and if any similar bugs are
introduced in future, they will be detected automatically in
debugging builds. [perl #131732]
<https://rt.perl.org/Public/Bug/Display.html?id=131732>
* Using a symbolic ref with postderef syntax as the key in a hash
lookup was yielding an assertion failure on debugging builds.
[perl #131627]
<https://rt.perl.org/Public/Bug/Display.html?id=131627>
* List assignment ("aassign") could in some rare cases allocate an
entry on the mortal stack and leave the entry uninitialized. [perl
#131570] <https://rt.perl.org/Public/Bug/Display.html?id=131570>
* Attempting to apply an attribute to an "our" variable where a
function of that name already exists could result in a NULL pointer
being supplied where an SV was expected, crashing perl. [perl
#131597] <https://rt.perl.org/Public/Bug/Display.html?id=131597>
* The code that vivifies a typeglob out of a code ref made some false
assumptions that could lead to a crash in cases such as $::{"A"} =
sub {}; \&{"A"}. This has now been fixed. [perl #131085]
<https://rt.perl.org/Public/Bug/Display.html?id=131085>
* "my_atof2" no longer reads beyond the terminating NUL, which
previously occurred if the decimal point is immediately before the
NUL. [perl #131526]
<https://rt.perl.org/Public/Bug/Display.html?id=131526>
* Occasional "Malformed UTF-8 character" crashes in "s//" on utf8
strings have been fixed. [perl #131575]
<https://rt.perl.org/Public/Bug/Display.html?id=131575>
* "perldoc -f s" now finds "s///". [perl #131371]
<https://rt.perl.org/Public/Bug/Display.html?id=131371>
* Some erroneous warnings after utf8 conversion have been fixed.
[perl #131190]
<https://rt.perl.org/Public/Bug/Display.html?id=131190>
* The "jmpenv" frame to catch Perl exceptions is set up lazily, and
this used to be a bit too lazy. The catcher is now set up earlier,
preventing some possible crashes. [perl #105930]
<https://rt.perl.org/Public/Bug/Display.html?id=105930>
* Spurious "Assuming NOT a POSIX class" warnings have been removed.
[perl #131522]
<https://rt.perl.org/Public/Bug/Display.html?id=131522>
Acknowledgements
Perl 5.26.1 represents approximately 4 months of development since Perl
5.26.0 and contains approximately 8,900 lines of changes across 85
files from 23 authors.
Excluding auto-generated files, documentation and release tools, there
were approximately 990 lines of changes to 38 .pm, .t, .c and .h files.
Perl continues to flourish into its third decade thanks to a vibrant
community of users and developers. The following people are known to
have contributed the improvements that became Perl 5.26.1:
Aaron Crane, Andy Dougherty, Aristotle Pagaltzis, Chris 'BinGOs'
Williams, Craig A. Berry, Dagfinn Ilmari Mannsaaker, David Mitchell, E.
Choroba, Eric Herman, Father Chrysostomos, Jacques Germishuys, James E
Keenan, John SJ Anderson, Karl Williamson, Ken Brown, Lukas Mai,
Matthew Horsfall, Ricardo Signes, Sawyer X, Steve Hay, Tony Cook, Yves
Orton, Zefram.
The list above is almost certainly incomplete as it is automatically
generated from version control history. In particular, it does not
include the names of the (very much appreciated) contributors who
reported issues to the Perl bug tracker.
Many of the changes included in this version originated in the CPAN
modules included in Perl's core. We're grateful to the entire CPAN
community for helping Perl to flourish.
For a more complete list of all of Perl's historical contributors,
please see the AUTHORS file in the Perl source distribution.
Reporting Bugs
If you find what you think is a bug, you might check the perl bug
database at <https://rt.perl.org/> . There may also be information at
<http://www.perl.org/> , the Perl Home Page.
If you believe you have an unreported bug, please run the perlbug
program included with your release. Be sure to trim your bug down to a
tiny but sufficient test case. Your bug report, along with the output
of "perl -V", will be sent off to perlbug@perl.org to be analysed by
the Perl porting team.
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then see
"SECURITY VULNERABILITY CONTACT INFORMATION" in perlsec for details of
how to report the issue.
Give Thanks
If you wish to thank the Perl 5 Porters for the work we had done in
Perl 5, you can do so by running the "perlthanks" program:
perlthanks
This will send an email to the Perl 5 Porters list with your show of
thanks.
SEE ALSO
The Changes file for an explanation of how to view exhaustive details
on what changed.
The INSTALL file for how to build Perl.
The README file for general stuff.
The Artistic and Copying files for copyright information.
Vala 0.38.1
===========
* Various bug fixes:
- valadoc: Don't use 'stderr' as variable name [#787305]
- codegen: Try to use a more unique internal define for properties [#787436]
- vala: Update list of used attributes
- method: Use prototype-string for error-reports of return-type mismatches
* Bindings:
- glib-2.0: Fix MainContext.check(),
OptionEntry[] params are null-terminated,
Bind g_convert_with_fallback() and g_convert_with_iconv()
Vala 0.38.0
===========
* Various bug fixes:
- Improve error output for incompatible method signatures
(Add CallableType as base for DelegateType, MethodType, SignalType)
- codegen:
+ Initialize temp-variable for fixed-size arrays to zero first [#787152]
+ Add support for "type-func" in ui-files [#787033]
* Bindings:
- gtk+-3.0,gtk+-4.0: Update
- libxml-2.0: Bind xmlLastElementChild and xmlPreviousElementSibling
- pangocairo: CairoFontMap.set_default() is not an instance method
- gio-2.0: Application.set_default() is not an instance method
Vala 0.37.91
============
* Various bug fixes:
- codegen:
+ Actually write declaration for GNodeTraverseFunc wrapper [#786845]
+ Don't transfer ownership of variable if target-type is unknown [#736774]
+ Adjust format-index for printf/scanf-methods which throw errors [#781061]
+ Use given dup_function for structs
- libvaladoc: Fix some -Wincompatible-pointer-types warnings
- tests: Fix some syntax issues [#786652]
- Add .editorconfig file [#786620]
* GIR parser:
- Better support of "cprefix" argument in metadata
- Support "cname" argument in metadata
* Bindings:
- Add javascriptcoregtk-4.0 and avoid skips in webkit2gtk*-4.0
- Update GIR-based bindings
- gtk+-3.0: Update to 3.22.19
Vala 0.37.90
============
* Various bug fixes:
- Fix some build-system problem
+ valadoc/tests: Add the source vapi directory to driver-test [#786505],
Add ./vala/.libs rather than ./gee/.libs to LD_LIBRARY_PATH
+ Explicitly link doclets against libvala-*.la [#786534]
+ Add missing include of Makefile.common
- vapigen: Mark given source-files as such and force girparser to handle them
- codegen: Include glib-object.h for Enums/Structs with type_id
* Bindings:
- gtk+-4.0: Make Gsk.Texturer.for_*() static factory methods
Vala 0.37.2
===========
* Various bug fixes:
- libvaladoc: Keep bootstrap-support with valac >= 0.16.1
- valadoc: Fix tests while bootstapping with valac < 0.31/32
* Bindings:
- glib-2.0: Update Unicode symbols
- gobject-2.0: Add required type_id attributes to all ParamSpec subclasses
- libgdata: Make Authorizer.reauth_* methods virtual [#779229]
- libxml-2.0: Update Xml.ParserOption [#785585]
- gtk+-4.0: Update to 3.91.2
- webkit2gtk-4.0: Update to 2.17.90
Vala 0.37.1
===========
* Highlights
- Don't warn about deprecated symbols if installed_version is older
- Add --gresourcesdir option [#783133]
- Install libvala-0.xx.vapi to "global" vapi directory
- Require and target GLib >= 2.40
- build: Make ccode and codegen private API
- build: Use --use-header for vala's libraries
- compiler: Add --color=WHEN option
- codegen: Use g_object_notify_by_pspec() to notify property-changes
- codegen: Use *_free_full to free GLib.List, GLib.SList and GLib.Queue
- codegen: Support renamed signals [#731547]
- Optimize (de)serialization of arrays with type-signature "ay" [#772426]
- Merge valadoc - Consider valadoc a part of vala's toolchain and
therefore let it live in the main repository (adds graphviz to the
build-requirements)
* Various bug fixes:
- Fix finally blocks with async yields [#741929]
- Handle non-null in coalescing expression [#611223]
- Make the task_complete flag for < 2.44 more similar to >= 2.44 [#783543]
- Nullable ValueType requires POINTER as marshaller signature [#783897]
- NoAccessorMethod attribute is allowed for gobject-properties only
- girparser: Fix parsing of delegate-alias without target
- compiler: Use API_VERSION instead of stripping PACKAGE_SUFFIX
- girwriter: Write length-parameters of arrays with rank > 1 [#758019]
- gdbus: Don't leak nested HashTable on deserialization [#782719]
- codewriter: Update timestamps of generated c-files if needed [#683286]
- tests: Use dbus-run-session instead of dbus-launch [#771455]
- codegenerator: Add source_reference parameter to CodeGenerator.store_*()
- Don't allow assigning delegate if no target/closure is available [#598869]
- gee: Add some useful symbols from gee-0.8
* Bindings:
- gio-2.0: Add DBusConnection 'closed' signal as 'on_closed' [#684358]
- gio-2.0: Use default 'length = null' for DataInputStream.read_line_utf8*
[#783351]
- glib-2.0,gobject-2.0: Updates from 2.53.x
- poppler-glib: Update to 0.54.0
- webkit2gtk-4.0: Update to 2.17.4
- gstreamer-1.0: Update to 1.13.0+
- libgvc: Add WITH_CGRAPH conditionals
Some highlights for 20.1:
- crypto, public_key: Extend crypto and public_key functions sign and
verify with:
- support for RSASSA-PS padding for signatures and for saltlength
setting
- X9.31 RSA padding.
- sha, sha224, sha256, sha384, and sha512 for dss signatures as
mentioned in NIST SP 800-57 Part 1.
- ripemd160 to be used for rsa signatures.
- A new tuple in crypto:supports/0 reports supported MAC algorithms.
- diameter:
- Add service option decode_format to allow incoming messages to be
decoded into maps instead of records.
- Decode performance has been improved.
- Add service/transport option avp_dictionaries to give better
support for dictionaries only defining AVPs.
- erts: Upgraded the ERTS internal PCRE library from version 8.40 to
version 8.41.
- erts, kernel, tools: Profiling with lock counting can now be fully
toggled at runtime in the lock counting emulator (-emu_type lcnt).
- erts: The zlib module has been refactored and all its operations
will now yield appropriately, allowing them to be used freely in
concurrent applications.
- erts, tools: Add erlang:iolist_to_iovec/1, which converts an
iolist() to an erlang:iovec(), which is suitable for use with
enif_inspect_iovec().
- erts: Add new nif API functions for managing an I/O Queue.
- observer/crashdump_viewer:
- Reading of crash dumps with many binaries is optimized.
- A progress bar is shown when the detail view for a process is
opened.
- The cdv script now sets ERL_CRASH_DUMP_SECONDS=0 to avoid
generating a new crash dump from the node running the Crashdump
Viewer.
- observer: Add system statistics and limits to frontpage in observer.
- public_key, ssl**: Improved error propagation and reports
- ssh: A new option modify_algorithms is implemented. It enables
specifying changes on the default algorithms list.
- tools/xref: The predefined Xref analysis locals_not_used now
understands the -on_load() attribute and does not report unused
functions.
- tools/fprof: When sampling multiple processes and analyzing with
totals set to true, the output now sums together all caller and
callee entries which concerns the same function.
Version 5.0.2:
Correct handling of import in child thread
Correct handling of “dis” module with Python 3.5.1
Correct handling of “multiprocess.process” module
Correct attempt to assign variable to an empty list
Improved README
Add hook for pythonnet package
Add hook for sqlite3 and improve win32file hook
Add FAQ entry
* Disable SunOS/Solaris support because newer bootstrap is not available
* Include Rust libraries and Cargo
Changelog:
Version 1.20.0 (2017-08-31)
Language
Associated constants are now stabilised.
A lot of macro bugs are now fixed.
Compiler
Struct fields are now properly coerced to the expected field type.
Enabled wasm LLVM backend WASM can now be built with the wasm32-experimental-emscripten target.
Changed some of the error messages to be more helpful.
Add support for RELRO(RELocation Read-Only) for platforms that support it.
rustc now reports the total number of errors on compilation failure previously this was only the number of errors in the pass that failed.
Expansion in rustc has been sped up 29x.
added msp430-none-elf target.
rustc will now suggest one-argument enum variant to fix type mismatch when applicable
Fixes backtraces on Redox
rustc now identifies different versions of same crate when absolute paths of different types match in an error message.
Libraries
Relaxed Debug constraints on {HashMap,BTreeMap}::{Keys,Values}.
Impl PartialEq, Eq, PartialOrd, Ord, Debug, Hash for unsized tuples.
Impl fmt::{Display, Debug} for Ref, RefMut, MutexGuard, RwLockReadGuard, RwLockWriteGuard
Impl Clone for DefaultHasher.
Impl Sync for SyncSender.
Impl FromStr for char
Fixed how {f32, f64}::{is_sign_negative, is_sign_positive} handles NaN.
allow messages in the unimplemented!() macro. ie. unimplemented!("Waiting for 1.21 to be stable")
pub(restricted) is now supported in the thread_local! macro.
Upgrade to Unicode 10.0.0
Reimplemented {f32, f64}::{min, max} in Rust instead of using CMath.
Skip the main thread's manual stack guard on Linux
Iterator::nth for ops::{Range, RangeFrom} is now done in O(1) time
#[repr(align(N))] attribute max number is now 2^31 - 1. This was previously 2^15.
{OsStr, Path}::Display now avoids allocations where possible
Stabilized APIs
CStr::into_c_string
CString::as_c_str
CString::into_boxed_c_str
Chain::get_mut
Chain::get_ref
Chain::into_inner
Option::get_or_insert_with
Option::get_or_insert
OsStr::into_os_string
OsString::into_boxed_os_str
Take::get_mut
Take::get_ref
Utf8Error::error_len
char::EscapeDebug
char::escape_debug
compile_error!
f32::from_bits
f32::to_bits
f64::from_bits
f64::to_bits
mem::ManuallyDrop
slice::sort_unstable_by_key
slice::sort_unstable_by
slice::sort_unstable
str::from_boxed_utf8_unchecked
str::as_bytes_mut
str::as_bytes_mut
str::from_utf8_mut
str::from_utf8_unchecked_mut
str::get_mut
str::get_unchecked_mut
str::get_unchecked
str::get
str::into_boxed_bytes
Cargo
Cargo API token location moved from ~/.cargo/config to ~/.cargo/credentials.
Cargo will now build main.rs binaries that are in sub-directories of src/bin. ie. Having src/bin/server/main.rs and src/bin/client/main.rs generates target/debug/server and target/debug/client
You can now specify version of a binary when installed through cargo install using --vers.
Added --no-fail-fast flag to cargo to run all benchmarks regardless of failure.
Changed the convention around which file is the crate root.
The include/exclude property in Cargo.toml now accepts gitignore paths instead of glob patterns. Glob patterns are now deprecated.
Compatibility Notes
Functions with 'static in their return types will now not be as usable as if they were using lifetime parameters instead.
The reimplementation of {f32, f64}::is_sign_{negative, positive} now takes the sign of NaN into account where previously didn't.
Version 1.19.0 (2017-07-20)
Language
Numeric fields can now be used for creating tuple structs. RFC 1506 For example struct Point(u32, u32); let x = Point { 0: 7, 1: 0 };.
Macro recursion limit increased to 1024 from 64.
Added lint for detecting unused macros.
loop can now return a value with break. RFC 1624 For example: let x = loop { break 7; };
C compatible unions are now available. RFC 1444 They can only contain Copy types and cannot have a Drop implementation. Example: union Foo { bar: u8, baz: usize }
Non capturing closures can now be coerced into fns, RFC 1558 Example: let foo: fn(u8) -> u8 = |v: u8| { v };
Compiler
Add support for bootstrapping the Rust compiler toolchain on Android.
Change arm-linux-androideabi to correspond to the armeabi official ABI. If you wish to continue targeting the armeabi-v7a ABI you should use --target armv7-linux-androideabi.
Fixed ICE when removing a source file between compilation sessions.
Minor optimisation of string operations.
Compiler error message is now aborting due to previous error(s) instead of aborting due to N previous errors This was previously inaccurate and would only count certain kinds of errors.
The compiler now supports Visual Studio 2017
The compiler is now built against LLVM 4.0.1 by default
Added a lot of new error codes
Added target-feature=+crt-static option RFC 1721 Which allows libraries with C Run-time Libraries(CRT) to be statically linked.
Fixed various ARM codegen bugs
Libraries
String now implements FromIterator<Cow<'a, str>> and Extend<Cow<'a, str>>
Vec now implements From<&mut [T]>
Box<[u8]> now implements From<Box<str>>
SplitWhitespace now implements Clone
[u8]::reverse is now 5x faster and [u16]::reverse is now 1.5x faster
eprint! and eprintln! macros added to prelude. Same as the print! macros, but for printing to stderr.
Stabilized APIs
OsString::shrink_to_fit
cmp::Reverse
Command::envs
thread::ThreadId
Cargo
Build scripts can now add environment variables to the environment the crate is being compiled in. Example: println!("cargo:rustc-env=FOO=bar");
Subcommands now replace the current process rather than spawning a new child process
Workspace members can now accept glob file patterns
Added --all flag to the cargo bench subcommand to run benchmarks of all the members in a given workspace.
Updated libssh2-sys to 0.2.6
Target directory path is now in the cargmetadata
Cargo no longer checks out a local working directory for the crates.io index This should provide smaller file size for the registry, and improve cloning times, especially on Windows machines.
Added an --exclude option for excluding certai using the --all option
Cargo will now automatically retry when receiving a 5xx error from crates.io
The --features option now accepts multiple comma or space delimited values.
Added support for custom target specific runners
Misc
Added ow prefer to download rust packages with XZ compression over GZip packages.
Added the ability to escape # in rust documentation By adding additional #'s ie. ## is now #
Compatibility Notes
MutexGuard<T> may only be Sync if T is Sync.
-Z flagning for a year previous to this.
As a result of the -Z flag change, the cargo-check plugin no longer works. Users should migrate to the built-in check command, which has been available since 1.16.
Ending a float literal with ._ is now a hard erro use ::self::foo; is now a hard error. self paths are always relative while the :: prefix makes a path absolute, but was ignored and the path was relative regardless.
Floating point constants in match patterns is now a hard error This was previously ts that don't derive PartialEq & Eq used match patterns is now a hard error This was previously a warning.
Lifetimes named '_ are no longer allowed. This was previously a warning.
From the pound escape, lines consisting of multiple #s are now visible
It is an error to reexport private enum variants. This is known to break a number of crates that depend on an older version of mustache.
On Windows, if VCINSTALLDIR is set incorrectly, rustc will try to use it to find the linker, and the build will fail where it did not previously
Version 1.18.0 (2017-06-08)
Language
Stabilize pub(restricted) pub can now accept a module path to make the item visible to just that module tree. Also accepts the keyword crate to make something public to the whole crate but not users of the library. Example: pub(crate) mod utils;. RFC 1422.
Stabilize #![windows_subsystem] attribute conservative exposure of the /SUBSYSTEM linker flag on Windows platforms. RFC 1665.
Refactor of trait object type parsing Now ty in macros can accept types like Write + Send, trailing + are now supported in trait objects, and better error reporting for trait objects starting with ?Sized.
0e+10 is now a valid floating point literal
Now warns if you bind a lifetime parameter to 'static
Tuples, Enum variant fields, and structs with no repr attribute or with #[repr(Rust)] are reordered to minimize padding and produce a smaller representation in some cases.
Compiler
rustc can now emit mir with --emit mir
Improved LLVM IR for trivial functions
Added explanation for E0090(Wrong number of lifetimes are supplied)
rustc compilation is now 15%-20% faster Thanks to optimisation opportunities found through profiling
Improved backtrace formatting when panicking
Libraries
Specialized Vec::from_iter being passed vec::IntoIter if the iterator hasn't been advanced the original Vec is reassembled with no actual iteration or reallocation.
Simplified HashMap Bucket interface provides performance improvements for iterating and cloning.
Specialize Vec::from_elem to use calloc
Fixed Race condition in fs::create_dir_all
No longer caching stdio on Windows
Optimized insertion sort in slice insertion sort in some cases 2.50%~ faster and in one case now 12.50% faster.
Optimized AtomicBool::fetch_nand
Stabilized APIs
Child::try_wait
HashMap::retain
HashSet::retain
PeekMut::pop
TcpStream::peek
UdpSocket::peek
UdpSocket::peek_from
Cargo
Added partial Pijul support Pijul is a version control system in Rust. You can now create new cargo projects with Pijul using cargo new --vcs pijul
Now always emits build script warnings for crates that fail to build
Added Android build support
Added --bins and --tests flags now you can build all programs of a certain type, for example cargo build --bins will build all binaries.
Added support for haiku
Misc
rustdoc can now use pulldown-cmark with the --enable-commonmark flag
Added rust-winbg script for better debugging on Windows
Rust now uses the official cross compiler for NetBSD
rustdoc now accepts # at the start of files
Fixed jemalloc support for musl
Compatibility Notes
Changes to how the 0 flag works in format! Padding zeroes are now always placed after the sign if it exists and before the digits. With the # flag the zeroes are placed after the prefix and before the digits.
Due to the struct field optimisation, using transmute on structs that have no repr attribute or #[repr(Rust)] will no longer work. This has always been undefined behavior, but is now more likely to break in practice.
The refactor of trait object type parsing fixed a bug where + was receiving the wrong priority parsing things like &for<'a> Tr<'a> + Send as &(for<'a> Tr<'a> + Send) instead of (&for<'a> Tr<'a>) + Send
Overlapping inherent impls are now a hard error
PartialOrd and Ord must agree on the ordering.
rustc main.rs -o out --emit=asm,llvm-ir Now will output out.asm and out.ll instead of only one of the filetypes.
calling a function that returns Self will no longer work when the size of Self cannot be statically determined.
rustc now builds with a "pthreads" flavour of MinGW for Windows GNU this has caused a few regressions namely:
Changed the link order of local static/dynamic libraries (respecting the order on given rather than having the compiler reorder).
Changed how MinGW is linked, native code linked to dynamic libraries may require manually linking to the gcc support library (for the native code itself)
Version 1.17.0 (2017-04-27)
Language
The lifetime of statics and consts defaults to 'static. RFC 1623
Fields of structs may be initialized without duplicating the field/variable names. RFC 1682
Self may be included in the where clause of impls. RFC 1647
When coercing to an unsized type lifetimes must be equal. That is, there is no subtyping between T and U when T: Unsize<U>. For example, coercing &mut [&'a X; N] to &mut [&'b X] requires 'a be equal to 'b. Soundness fix.
Values passed to the indexing operator, [], automatically coerce
Static variables may contain references to other statics
Compiler
Exit quickly on only --emit dep-info
Make -C relocation-model more correctly determine whether the linker creates a position-independent executable
Add -C overflow-checks to directly control whether integer overflow panics
The rustc type checker now checks items on demand instead of in a single in-order pass. This is mostly an internal refactoring in support of future work, including incremental type checking, but also resolves RFC 1647, allowing Self to appear in impl where clauses.
Optimize vtable loads
Turn off vectorization for Emscripten targets
Provide suggestions for unknown macros imported with use
Fix ICEs in path resolution
Strip exception handling code on Emscripten when panic=abort
Add clearer error message using &str + &str
Stabilized APIs
Arc::into_raw
Arc::from_raw
Arc::ptr_eq
Rc::into_raw
Rc::from_raw
Rc::ptr_eq
Ordering::then
Ordering::then_with
BTreeMap::range
BTreeMap::range_mut
collections::Bound
process::abort
ptr::read_unaligned
ptr::write_unaligned
Result::expect_err
Cell::swap
Cell::replace
Cell::into_inner
Cell::take
Libraries
BTreeMap and BTreeSet can iterate over ranges
Cell can store non-Copy types. RFC 1651
String implements FromIterator<&char>
Box implements a number of new conversions: From<Box<str>> for String, From<Box<[T]>> for Vec<T>, From<Box<CStr>> for CString, From<Box<OsStr>> for OsString, From<Box<Path>> for PathBuf, Into<Box<str>> for String, Into<Box<[T]>> for Vec<T>, Into<Box<CStr>> for CString, Into<Box<OsStr>> for OsString, Into<Box<Path>> for PathBuf, Default for Box<str>, Default for Box<CStr>, Default for Box<OsStr>, From<&CStr> for Box<CStr>, From<&OsStr> for Box<OsStr>, From<&Path> for Box<Path>
ffi::FromBytesWithNulError implements Error and Display
Specialize PartialOrd<A> for [A] where A: Ord
Slightly optimize slice::sort
Add ToString trait specialization for Cow<'a, str> and String
Box<[T]> implements From<&[T]> where T: Copy, Box<str> implements From<&str>
IpAddr implements From for various arrays. SocketAddr implements From<(I, u16)> where I: Into<IpAddr>
format! estimates the needed capacity before writing a string
Support unprivileged symlink creation in Windows
PathBuf implements Default
Implement PartialEq<[A]> for VecDeque<A>
HashMap resizes adaptively to guard against DOS attacks and poor hash functions.
Cargo
Add cargo check --all
Add an option to ignore SSL revocation checking
Add cargo run --package
Add required_features
Assume build.rs is a build script
Find workspace via workspace_root link in containing member
Misc
Documentation is rendered with mdbook instead of the obsolete, in-tree rustbook
The "Unstable Book" documents nightly-only features
Improve the style of the sidebar in rustdoc output
Configure build correctly on 64-bit CPU's with the armhf ABI
Fix MSP430 breakage due to i128
Preliminary Solaris/SPARCv9 support
rustc is linked statically on Windows MSVC targets, allowing it to run without installing the MSVC runtime.
rustdoc --test includes file names in test names
This release includes builds of std for sparc64-unknown-linux-gnu, aarch64-unknown-linux-fuchsia, and x86_64-unknown-linux-fuchsia.
Initial support for aarch64-unknown-freebsd
Initial support for i686-unknown-netbsd
This release no longer includes the old makefile build system. Rust is built with a custom build system, written in Rust, and with Cargo.
Add Debug implementations for libcollection structs
TypeId implements PartialOrd and Ord
--test-threads=0 produces an error
rustup installs documentation by default
The Rust source includes NatVis visualizations. These can be used by WinDbg and Visual Studio to improve the debugging experience.
Compatibility Notes
Rust 1.17 does not correctly detect the MSVC 2017 linker. As a workaround, either use MSVC 2015 or run vcvars.bat.
When coercing to an unsized type lifetimes must be equal. That is, disallow subtyping between T and U when T: Unsize<U>, e.g. coercing &mut [&'a X; N] to &mut [&'b X] requires 'a be equal to 'b. Soundness fix.
format! and Display::to_string panic if an underlying formatting implementation returns an error. Previously the error was silently ignored. It is incorrect for write_fmt to return an error when writing to a string.
In-tree crates are verified to be unstable. Previously, some minor crates were marked stable and could be accessed from the stable toolchain.
Rust git source no longer includes vendored crates. Those that need to build with vendored crates should build from release tarballs.
Fix inert attributes from proc_macro_derives
During crate resolution, rustc prefers a crate in the sysroot if two crates are otherwise identical. Unlikely to be encountered outside the Rust build system.
Fixed bugs around how type inference interacts with dead-code. The existing code generally ignores the type of dead-code unless a type-hint is provided; this can cause surprising inference interactions particularly around defaulting. The new code uniformly ignores the result type of dead-code.
Tuple-struct constructors with private fields are no longer visible
Lifetime parameters that do not appear in the arguments are now considered early-bound, resolving a soundness bug (#32330). The hr_lifetime_in_assoc_type future-compatibility lint has been in effect since April of 2016.
rustdoc: fix doctests with non-feature crate attributes
Make transmuting from fn item types to pointer-sized types a hard error
under NetBSD. Bump PKGREVISION
Rust language 1.20.0 uses these options and Rust build system uses it
as '-l tinfo' and our wrapper does not handle this.
nodejs 8.6.0
============
crypto
- Support for multiple ECDH curves.
dgram
- Added setMulticastInterface() API.
- Custom lookup functions are now supported.
n-api
- The command-line flag is no longer required to use N-API.
tls
- Docs-only deprecation of parseCertString().
nodejs 8.5.0
============
build
- Snapshots are now re-enabled in V8
console
- Implement minimal console.group().
deps
- upgrade libuv to 1.14.1
- update nghttp2 to v1.25.0
dns
- Add verbatim option to dns.lookup(). When true, results from the DNS
resolver are passed on as-is, without the reshuffling that Node.js
otherwise does that puts IPv4 addresses before IPv6 addresses.
fs
- add fs.copyFile and fs.copyFileSync which allows for more efficient
copying of files.
inspector
- Enable async stack traces
module
- Add support for ESM. This is currently behind the
--experimental-modules flag and requires the .mjs extension. node
--experimental-modules index.mjs
napi
- implement promise
os
- Add support for CIDR notation to the output of the networkInterfaces()
method.
perf_hooks
- An initial implementation of the Performance Timing API for Node.js.
This is the same Performance Timing API implemented by modern browsers
with a number of Node.js specific properties. The User Timing mark()
and measure() APIs are implemented.
tls
- multiple PFX in createSecureContext
SPARC
Support for the SPARC M8 processor has been added.
The switches -mfix-ut700 and -mfix-gr712rc have been added to work around an erratum in LEON3FT processors.
Use of the Floating-point Multiply Single to Double (FsMULd) instruction can now be controlled by the -mfsmuld and -fno-fsmuld options.
RTEMS
The Ada run-time support uses now thread-local storage (TLS).
Support for RISC-V has been added.
Support for 64-bit PowerPC using the ELFv2 ABI with 64-bit long double has been added.
Bug fixes: https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&resolution=FIXED&target_milestone=7.2
Add a PRINT_PLIST_AWK to help avoid this being removed again in the future,
though with all the PLIST_VARS used it's still difficult to keep updated. It
is probably worth splitting the vars into individual PLIST files instead.
1.11.0:
- Pull request 178: `with_metaclass` now properly proxies `__prepare__` to the
underlying metaclass.
- Pull request 191: Allow `with_metaclass` to work with metaclasses implemented
in C.
- Pull request 203: Add parse_http_list and parse_keqv_list to moved
urllib.request.
- Pull request 172 and issue 171: Add unquote_to_bytes to moved urllib.parse.
- Pull request 167: Add `six.moves.getoutput`.
- Pull request 80: Add `six.moves.urllib_parse.splitvalue`.
- Pull request 75: Add `six.moves.email_mime_image`.
- Pull request 72: Avoid creating reference cycles through tracebacks in
`reraise`.
Python 2.7.14:
Core and Builtins
- bpo-30657: Fixed possible integer overflow in PyString_DecodeEscape.
- bpo-27945: Fixed various segfaults with dict when input collections are
mutated during searching, inserting or comparing. Based on patches by
Duane Griffin and Tim Mitchell.
- bpo-25794: Fixed type.__setattr__() and type.__delattr__() for
non-interned or unicode attribute names. Based on patch by Eryk Sun.
- bpo-29935: Fixed error messages in the index() method of tuple and list
when pass indices of wrong type.
- bpo-28598: Support __rmod__ for subclasses of str being called before
str.__mod__. Patch by Martijn Pieters.
- bpo-29602: Fix incorrect handling of signed zeros in complex constructor for
complex subclasses and for inputs having a __complex__ method. Patch
by Serhiy Storchaka.
- bpo-29347: Fixed possibly dereferencing undefined pointers
when creating weakref objects.
- Issue 14376: Allow sys.exit to accept longs as well as ints. Patch
by Gareth Rees.
- Issue 29028: Fixed possible use-after-free bugs in the subscription of the
buffer object with custom index object.
- Issue 29145: Fix overflow checks in string, bytearray and unicode.
Patch by jan matejek and Xiang Zhang.
- Issue 28932: Do not include <sys/random.h> if it does not exist.
Extension Modules
- bpo-31170: Update vendorized expat to 2.2.4.
- Issue 29169: Update zlib to 1.2.11.
Changes in version 1.5.0
Enhancements
------------
* [r14934] ABCL-INTROSPECT a contrib for accessing ABCL compiler
information (Alan).
* [r14907] ABCL-AIO all-in-one jar target creates dist/abcl-aio.jar (Alan).
* [r15009] Rework ABCL-BUILD as a contrib which uses UIOP machinery to
invoke Ant on <file:build.xml>, unifying all build mechanisms to a single
prescriptive source artifact external to Common-Lisp.
* [r14911] [r14955] [r14914] Source recording on SYS:SOURCE plist
PRECOMPILER possibly beta reduce form with function
position lambda, record arglist during Build
* [r14912] [r14922] Re-write the ASDF descriptions using secondary systems
* [r14917] build: 'abcl.clean.application.fasls' now cleans only ABCL fasls
* [r14923] Added Dockerfile to package ABCL in Docker
* [r14927] Build add ability to download Maven from Ant
* [r14931] Bless EXT:GET-PID as the offical way to get process id
* [r14947] JSS syntax for access Java fields (Alan)
* [r14962] JSS:J2LIST as a convenience method for turning "anything"
in Java to an appropriate Lisp list.
* [r14967] (Provisional) ABCL-ASDF JDK-JAR ASDF class to describe JDK
path locations (Alan).
* [r14969] Add QUICKLISP-ABCL:*QUICKLISP-PARENT-DIR* special (Alan).
* [r14978] Implement MAKE-LOAD-FORM for Java fields (Alan).
* [r15013] Restore the ability SYSTEM:CHOOSE-ASSEMBLER to use Objectweb
* [r15018] Enable use of MVN-MODULE in ASDF definitions (Alan).
* [r15019] Add NAMED-READTABLES from <https://github.com/melisgl/named-readtables>
* [r15062] ABCL-INTROSPECT 'javaparser.asd' definition adds a
SHARPSIGN-ONE-QUOTATION_MARK macro to evaluate arbitrary Java expressions
Fixes
-----
* [r14902] Fix CL:OPEN for :DIRECTION :INPUT (pipping)
* [r14903] JNEW-RUNTIME-CLASS Make static functions and :int
parameters work. Fix return conversion for null. Ensure that the
same classloader is used (olof).
* [r14905] ABCL-ASDF uses the value of the reported Maven home to look
for libraries, fixing loading CFFI under FreeBSD 11-RELEASE.
* [r14906] JSS:LOOKUP-CLASSNAME would return allcaps class name if not
found (alan).
* [r14909] QUICKLISP-ABCL simplify load/compile logic.
* [r14918] JAVA Remove generic Throwable handler from JAVA:JFIELD innards
* [r14919] ABCL-ASDF fix finding Maven on Fedora
* [r14926] ABCL-ASDF fix problems with test suite's reliance on PROVE
* [r14921] CL:DIRECTORY no longer errors on files containing asterisk characters
* [r14950] Fix restart calculation for compiled closures (Alan)
* [r14952] Guard printing of large Java objects (Alan)
* [r14953] Fix debugging frames which don't have a pathname (Alan)
* [r14956] Show function documentation in describe (Alan)
* [r14966] JAVA:CHAIN returns last value of computation (Alan)
* [r14973] ABCL-ASDF probes for "mvn" and "mvn.cmd" under Windows
* [r14974] Standardize the use of CL:*LOAD-VERBOSE* to control loading
verbosity.
* [r14976] Fix CL:GET-OUTPUT-STREAM-STRING to reset underlying buffer
* [r14979] Fix JavaObject.getParts() for Java arrays (Alan).
* [r14980] Fix SETF for EXT:URL-PATHNAME-FRAGMENT
* [r14987] Fix CL:MAKE-PATHNAME for explicitly nil HOST
* [r14996] Correctly implement 'time-of-the-time' daylight savings
semantics (Scott).
* [r15001] Fix signalling simple error with #\~ in CL:FORMAT string
(Alan).
* [r15002] Fix problems with SHARED-INITIALIZE (Olof).
* [r15003] Fix ENSURE-GENERIC-FUNCTION when removing definition (Olof).
* [r15004] Fix DESTRUCTURING-BIND with &rest arguments (Olof)
* [r15024] Optimise LOGCOUNT (Olof).
* [r15026] Support bignum argument for FILE-POSITION (Olof).
* [r15032] Better directory validation; handle :UNSPECIFIC (Olof).
* [r15033] Fix LOOP code size estimation (Olof).
* [r15034] Fix NTH inlining type mismatch (Olof).
* [r15035] Fix byte code verification error in edge case (Olof).
* [r15036] Fix PACKAGE-ERROR-PACKAGE behaviour (Olof).
* [r15037] Fix MAX type derivation (Olof).
* [r15038] Fix NPE if directory can't be accessed (Olof).
* [r15044] Documentation renders less/greater-than characters correctly (Olof).
Updates
-------
* ASDF 3.2.1
New in version 1.3.21
- minor incompatible change: the CLOBBER-IT restart for defstruct
redefintion has been removed after a 15 year deprecation cycle.
Use the new name, RECKLESSLY-CONTINUE. Note also that this restart
is hidden if deemed unsafe due to altered placement of untagged slots
in the structure.
- enhancement: the assignment of -DSBCL_PREFIX= in src/runtime/GNUmakefile
can be removed as a local patch, which results in an sbcl executable
that finds its core file relative to itself by looking in "../lib/sbcl".
- enhancement: backends using the generational GC are able to relocate
dynamic space anywhere the operating system places it. This feature
can be disabled by removing :relocatable-heap from the build configuration.
Not supported on Windows.
- enhancement: DEFMETHOD no longer signals IMPLICIT-GENERIC-FUNCTION-WARNING.
- enhancement: better type conflict detection for high order functions,
e.g. (find x "123" :test #'=)
- enhancement: the tabular output of ROOM is aligned dynamically,
preventing misaligned tables for larger sizes or counts.
- enhancement: ROOM reports on immobile space if applicable.
- optimization: optimized external-format routines.
- bug fix: SB-INTROSPECT:ALLOCATION-INFORMATION returns :IMMOBILE
instead of :FOREIGN for objects in immobile space.
- bug fix: dotted lists in special forms and function call forms signal
an appropriate error
- bug fix: EQUALP hash tables with pathname keys now ignore internal slots.
(#1712944, reported by Jason Miller)
New in version 1.3.20
- minor incompatible change: DEF{GENERIC,METHOD} no longer accept
some illegal lambda lists such as (defgeneric bar (foo &key foo))
or (defgeneric baz (t)) that were accepted before.
- optimization: a valueless &AUX binding in a BOA constructor does not
force all slots reads in safe code to perform a full type check.
- optimization: ATOMIC-PUSH and ATOMIC-POP generate better code
- bug fix: the low-level debugger would erroneously print - or not print
as the case may be - "(bad-address)" for some objects depending whether
the --dynamic-space-size argument was used at Lisp startup
- bug fix: a DEFCONSTANT with a non non-eql-comparable object as the value
could cause miscompilation if that constant appeared as the default
expression for an &OPTIONAL binding
- bug fix: generic function lambda lists are now checked for repeated
and otherwise illegal entries. (#1704114)
- bug fix: setting gencgc_verbose = 1 could cause deadlock in fprintf()
depending on the platform's stdio implementation. The relevant code
has been changed to use snprintf() and write() instead.
New in version 1.3.19
- enhancement: specialized arrays can be printed readably without using
*read-eval*
- enhancement: SB-DEBUG:PRINT-BACKTRACE truncates huge string arguments.
The full string remains available for inspection via (SB-DEBUG:ARG).
- bug fix: backtracing from several threads at once could fail
- bug fix: floating-point infinities could not be used as keys in EQUALP
hash tables. (#1696274)
- bug fix: random sb-fasteval failures. (#1642708)
- bug fix: align the stack in callback wrappers to defend against C compiler
over-aggressive use of SIMD. (#1697528)
- bug fix: don't try to find the class when reporting that a class does not
exist for a primitive type. (#1697226)
Ruby 2.4.2 Released Posted by nagachika on 14 Sep 2017
We are pleased to announce the release of Ruby 2.4.2. This release contains
some security fixes.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docod
* CVE-2017-14064: Heap exposure in generating JSON
* Multiple vulnerabilities in RubyGems
* Update bundled libyaml to version 0.1.7.
There are also many bug-fixes. See commit logs for more details.
ruby23 packages to 2.3.5.
pkgsrc change: clean up PLIST.
Ruby 2.3.5 Released Posted by usa on 14 Sep 2017
Ruby 2.3.5 has been released.
This release includes about 70 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* Multiple vulnerabilities in RubyGems
* Updated bundled libyaml to version 0.1.7
See the ChangeLog for details.
pkgsrc change: clean up PILST.
Ruby 2.2.8 Released Posted by usa on 14 Sep 2017
Ruby 2.2.8 has been released. This release includes several security
fixes. Please check the topics below for details.
* CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
* CVE-2017-10784: Escape sequence injection vulnerability in the Basic
authentication of WEBrick
* CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 docode
* CVE-2017-14064: Heap exposure vulnerability in generating JSON
* Multiple vulnerabilities in RubyGems
* Updated bundled libyaml to version 0.1.7
Ruby 2.2 is now under the state of the security maintenance phase, until the
endo of the March of 2018. After the date, maintenance of Ruby 2.2 will be
ended. We recommend you start planning migration to newer versions of Ruby,
such as 2.4 or 2.3.
