Release 2.2.0 Tue June 21 2016
Security fixes:
#537 CVE-2016-0718 -- Fix crash on malformed input
CVE-2016-4472 -- Improve insufficient fix to CVE-2015-1283 /
CVE-2015-2716 introduced with Expat 2.1.1
#499 CVE-2016-5300 -- Use more entropy for hash initialization
than the original fix to CVE-2012-0876
#519 CVE-2012-6702 -- Resolve troublesome internal call to srand
that was introduced with Expat 2.1.0
when addressing CVE-2012-0876 (issue #496)
Bug fixes:
Fix uninitialized reads of size 1
(e.g. in little2_updatePosition)
Fix detection of UTF-8 character boundaries
Other changes:
#532 Fix compilation for Visual Studio 2010 (keyword "C99")
Autotools: Resolve use of "$<" to better support bmake
Autotools: Add QA script "qa.sh" (and make target "qa")
Autotools: Respect CXXFLAGS if given
Autotools: Fix "make run-xmltest"
Autotools: Have "make run-xmltest" check for expected output
p90 CMake: Fix static build (BUILD_shared=OFF) on Windows
#536 CMake: Add soversion, support -DNO_SONAME=yes to bypass
#323 CMake: Add suffix "d" to differentiate debug from release
CMake: Define WIN32 with CMake on Windows
Annotate memory allocators for GCC
Address all currently known compile warnings
Make sure that API symbols remain visible despite
-fvisibility=hidden
Remove executable flag from source files
Resolve COMPILED_FROM_DSP in favor of WIN32
Remove some unnecessary cuteness that limited error reporting.
Permit just one -s arg to fdflags
Be deterministic in the case of fdflags -s +cloexec,-cloexec 0
(and similar) - use the last specified, always.
Allow:
FD_0_FLAGS=$( fdflags -v 0 )
# do stuff, manipulating the flags
fdflags -s "FD_0_FLAGS" 0
to save/restore flags for a fd.
Correctly mask result of fcntl(fd, F_GETFD) with FD_CLOEXEC as the
specs require before deciding close on exec is set.
Improve portability as a tool, don't assume strtoi(), nor __arraycount()
and avoid needlessly requiring recent C versions (ie: there's no need to
sprinkle declarations in the middle of the code, it just makes them hard
to find, and benefits nothing.)
Still to do: As currently implemented, both user, and shell internal fds
are reported, and can be manipulated. Allowing users to touch the shell's
internal fds is bogus, and providing this easy way to allow users to
discover which values they have is poor. Fixing this means getting rid
of the use of fcntl(F_MAXFD) and replacing it with a shell maintained
memory of what fds the user (script) has allocated. The shell's fd
manipulation really still needs major work (including properly fixing
bin/48875)
fixes pmap_steal_memory() as it can now unplug from the start of the
segment. This might be the right thing to do too as the pages before
kernend are accessed via directly mapped P1, but i need to ask someone
with a clue. This is also what evbsh3 always did.
Anyway, this at least unbreaks landisk after uvm hotplug fallout.
