[SWIPL] Ann: SWI-Prolog 6.3.7 and 6.2.5

Jan Wielemaker J.Wielemaker at vu.nl
Fri Dec 21 12:59:11 MET 2012


Hi,

I've uploaded SWI-Prolog 6.3.7 as development release and 6.2.5 as
stable release. Version 6.3.6 has been skipped because we found a but I
wanted to include in the release after the release files had been
uploaded. The main reason for 6.2.5 was a critical bug in the Windows
port. As other changes in 6.3.x are either bugfixes or concern
non-critical functionality, 6.2.5 is the same as 6.3.7, except for the
semweb/RDF library which is held back at version 2 for 6.2.5.

Highlights:

   - Two critical bugfixes to path-handling that could trigger buffer
     overruns.  If you run a server where users can remotely create files,
     control the names of these files and run requests that scan for
     the uploaded files it might be possible to use this bug to execute
     arbitrary code on the server.

   - Various patches to the pack installer.  library(archive) should now
     work on Windows XP thanks to Keri Harris.  Added a few messages
     instead of failing, use the proper directory for running
     configure for foreign packages (fixes install of Nico's real package).

   - Many enhancements to PlDoc.  A new doc_save/2 can save stand-alone HTML
     files, copy docs for re-exported predicates, re-scan files that have
     been loaded before the documentation-collection was started, make
     ?- doc_browser. start the server if needed, etc.

	Enjoy --- Jan


=================================
SWI-Prolog Changelog since V6.3.5
=================================

  * FIXED: possible crash when accessing a stream being closed

  * FIXED: Bug#72: Deleted --disable-mt option of configure.

  * PORT: do not use Windows security api functions in libarchive as
    these are not supported across all versions of the C runtime

  * FIXED: pack_property(-,+).

  * DOC: Fixed mode declaration.

  * DOC: Fixed illegal PlDoc mode declaration

  * ADDED: directory_source_files/3 to library(prolog_source)

  * ENHANCED: Better message if no new versions can be found

  * DOC: Documented details around stream aliases.  Mike Elston.

  * ADDED: pack_property/2: readme(File) and todo(File) properties.
    Used by doc_pack/1.

  * FIXED: Possible crash in multi-threaded reloading of files.
    Keri Harris.  This is the same race condition as documented with
    restore_after_query().  It is now fixed by adding a new lock called
    L_STOPTHEWORLD.

  * TBD: Look for a lock-free solution.

  * FIXED: Initialize Windows L_CSTACK lock

  * FIXED: Run configure in the packdir. Nicos Angelopoulos.

  * FIXED: Possible buffer overrun in patch canonisation code.  Pushes
    pointers on an automatic array without checking for overflow.  Can be
    used for DoS attacks.  Will be extremely hard to make it execute
    arbitrary code.

  * SECURITY: Possible buffer overflows when expanding file-names with long
    paths.  Affects expand_file_name/2.  Can lead to crashes (DoS attacks)
    and possibly execution of arbitrary code if an attacker can control
    the names of the files searched for, e.g., if expand_file_name/2 is
    used in a directory to which an attacker can upload files for which
    he can control the name.

  * ADDED: pack_property/2.

  * DOC: Fixed outdated documentation

  * CLEANUP: untangle dual use of argKey()



============
Package http
============

  * FIXED: Unknown message: goal_failed(http_process/4) The message was
    reported on server timeouts if ?- debug(http(request)) was activated.

  * DOC: Fixed PlDoc mode declaration.

  * FIXED: argument order to functor/3 when deleting handlers without
    explicit IDs


=============
Package pldoc
=============

  * ADDED: Extend the notion of places to include the extension packs

  * ADDED: library(doc/doc_pack), starting pack support in the
    documentation system.

  * FIXED: Alignment issue with right-aligned items on empty descriptions

  * ENHANCED: Stricter checking of PlDoc mode declarations.

  * ADDED: Make doc_browser/0,1 start the server if it isn't yet running.

  * ENHANCED: Make links from manual HTML resolve to other documents.

  * ENHANCED: Allow generating a description item holding :

  * ADDED: Fall back to object pages for man?predicate, such that this
    can be used for all non-local links from generated pages.

  * FIXED: Manul page if there is no match

  * ADDED: Control README and TODO files

  * FIXED: Ensure all documentation is loaded when creating a directory
    index.

  * ENHANCED: Re-fetch file comments if the documentation is requested
    for a file that was loaded before PlDoc was loaded.

  * MODIFIED: Deleted read_structured_comments/2.  Was broken and not
    used. enter the commit message for your changes. Lines starting


==============
Package semweb
==============

  * DOC: Fixed mode declaration


============
Package sgml
============

  * FIXED: declaration of the encoding option of load_structure/3.




More information about the SWI-Prolog mailing list