|
»
« Return to Thread: Ann: SWI-Prolog 5.7.11
Ann: SWI-Prolog 5.7.11
by Jan Wielemaker-3
::
Rate this Message:
Hi,
I've uploaded SWI-Prolog 5.7.11. Almost all changes are in the libraries,
notably the web and semantic web libraries. There are two special warnings:
* The term_hash/2 algorithm has been changed such that x(a,b) gives
a different hash than x(b,a). The (few?) applications that reply on
the hash to be stable over versions must rebuild their databases.
* If PlDoc is running as a public service (this is not the default),
it had a local-file access vulnerability. If you run such a service,
we strongly advice to upgrade to this version of SWI-Prolog.
* http_reply_file/3 has a new option unsafe(Bool). This option is
by default false, which causes http_reply_file/3 to refuse serving files
with an absolute path or a path holding a '..' segment. This avoids
many security issues, but of course cause an unnecessary failure if you
pass a path you specified yourself in the application. If you are hit
by this, use unsafe(true) in the option list.
Thanks for all the bug-reports and patches! I'm aware that there is more
in the pipeline. Releases are frequent :-)
Most of the other patches will affect few users, but there are many small
fixes and enhancements :-)
Enjoy --- Jan
Below is the full list of changes and fixes.
================================================================
[Jul 2 2009]
* ADDED: Public API to generate help on a predicate without the page header
* FIXED: handle rdf:datatype earlier (compliant to the revised RDF syntax
specs). This fixes empty strings using
<rdfs:label rdf:datatype="&xsd;string"/>
Spotted by Chris Mungall
[Jul 1 2009]
* ENHANCED: term_hash: take the order of arguments in compound terms into
account
* MODIFIED: The hash-value of terms is supposed to be stable over
SWI-Prolog versions to allow storing datastructures on file that reply on
the hash. This change obviously breaks compatibility here. If you have
such a database you will have to rebuild it.
* ADDED: Allow \-escape inside html(\List).
* ADDED: Return the fact that a handler is a prefix handler in
http_current_handler/3.
* ADDED: Allow for http_handler(root(find/concept), ...). I.e., allow for
component/component without quotes,
[Jun 30 2009]
* FIXED: Reset supervisor of an undefined predicate that is set to dynamic.
Mikami Kana.
* ENHANCED: Avoid dependence on implementation dependent detection of non-
determinism in setup_call_cleanup/3.
The original (true;fail) to "leave a choice point open"
only works, if an implementation does not replace this
by true. This otherwise compliant optimization is
now prevented by having two soltions, one of which
is discarded.
[Jun 29 2009]
* BUILD: Enhance message if -lXpm is not found. Dennis van Dok.
* FIXED: Properly prevent message_queue_destroy/1 from destroying the default
queue of a thread.
* ADDED: Allow message_queue_destroy/1 on queues that are being waited for
* FIXED: http_currect_session(-, ?) did not generate (all) sessions.
* ADDED: http_close_session/1
* CHANGED: assert/2 issues representation error instead of type error
Affected case:
?- retractall(a), asserta(a,R), retractall(a), asserta(a,R).
This cannot be a type error, since the following query would have to
fail.
?- retractall(a), asserta(a,R1), retractall(a), asserta(a,R2), R1 = R2.
[Jun 28 2009]
* DOC: Updated README.git
* FIXED: Stream locking issue. Keri Harris.
* ENHANCED: Test whether 2nd argument of assert/2 and friends is unbound.
Günter Kniesel.
* FIXED: RDF literal matches (literal(exact(string), X))
[Jun 25 2009]
* FIXED: thread_create_in_pool/4: manager thread died if thread could not be
created.
[Jun 24 2009]
* FIXED: aggregate/3 when combining max or min with a bag operator. Mike
Elston.
[Jun 23 2009]
* MODIFIED: Added option unsafe(Bool) to http_reply_file/3. This option is
by default false, which causes this predicate to refuse serving files with an
absolute path, a path outside the working directory or, if an alias(Path) is
used, outside the root of the alias.
If you want to serve such files, you must provide unsafe(true) explicitely.
* DOC: Clarified alternatives to setup_call_cleanup/3.
* ADDED: Reply with 400 Bad Request on illegal HTTP requests
[Jun 22 2009]
* FIXED: avoid bnodes in types nodes for rdf_write_xml/2.
* ADDED: Efficient SPARQL compliant literal matching to RDF-DB
[Jun 21 2009]
* CLEANUP: Better reporting of multiple frozen goals on the same variable.
* FIXED: Freezing multiple goals on the same variable used ,/2 instead of
$and/2. This can lead to an exception Undefined procedure: $attvar: $and/2.
Mike Elston.
[Jun 19 2009]
* FIXED: Semweb: writing RDF/XML should not use bnodes as typed nodes. Chris
Mungall.
[Jun 18 2009]
* FIXED: Allow serving the manual again.
* FIXED: Setting spy, trace, etc. on system predicates
[Jun 17 2009]
* FIXED: Turtle UTF-8 handling
* FIXED: rdf_load/2: Do not record a file as loaded before completion.
* ADDED: Semweb: Register turtle parser for .n3 files
[Jun 16 2009]
* FIXED: Bug#404: PlDoc local file inclusion vulnerability
* FIXED: Pass Turtle test-case #10.
* DOC: Fixes and cleanup
* FIXED: Ulrich Item#486: meta-calls that exceed max_arity now raise a
representation error instead of crashing.
* FIXED: Ulrich Item#510: current_op/3 compliant error generation.
[Jun 15 2009]
* FIXED: Enhanced error terms for callable (call/1, etc).
* CLEANUP: Underlying code for call/1
* DOC: Item#483: Broken link in PlUnit. Ulrich Neumerkel.
* FIXED: memory-leak in atom_number/2 and number_chars/2 when producing GMP
numbers. Keri Harris.
* SECURITY: Loading XPCE can cause an insecure library search path. ELF-
systems only. Keri Harris.
* BUILD: Fix SGML test-case handling. Keri Harris.
* BUILD: Skip RFC2202 tests if Prolog is not compiled with unbounded
arithmetic. Keri Harris.
* FIXED: Typo in day-name of format_time/4. Keri Harris.
* BUILD: Fix for parallel make. Keri Harris.
* PORT: Make stack size alignment on 64-bit Windows comparable to Linux. Keri
Harris.
[Jun 13 2009]
* PORT: Avoid conflict on strndup(). Mary Ellen Foster
[Jun 12 2009]
* ENHANCED: CLP(FD): extended partial evaluation in automatic goal expansion
[Jun 9 2009]
* FIXED: RDF typed-nodes (<ns:Class ...>...</ns:Class> descriptions) if the
expansion of ns contains %-escaped characters. Jochem Liem.
_______________________________________________
SWI-Prolog mailing list
SWI-Prolog@...
https://mailbox.iai.uni-bonn.de/mailman/listinfo.cgi/swi-prolog
I've uploaded SWI-Prolog 5.7.11. Almost all changes are in the libraries,
notably the web and semantic web libraries. There are two special warnings:
* The term_hash/2 algorithm has been changed such that x(a,b) gives
a different hash than x(b,a). The (few?) applications that reply on
the hash to be stable over versions must rebuild their databases.
* If PlDoc is running as a public service (this is not the default),
it had a local-file access vulnerability. If you run such a service,
we strongly advice to upgrade to this version of SWI-Prolog.
* http_reply_file/3 has a new option unsafe(Bool). This option is
by default false, which causes http_reply_file/3 to refuse serving files
with an absolute path or a path holding a '..' segment. This avoids
many security issues, but of course cause an unnecessary failure if you
pass a path you specified yourself in the application. If you are hit
by this, use unsafe(true) in the option list.
Thanks for all the bug-reports and patches! I'm aware that there is more
in the pipeline. Releases are frequent :-)
Most of the other patches will affect few users, but there are many small
fixes and enhancements :-)
Enjoy --- Jan
Below is the full list of changes and fixes.
================================================================
[Jul 2 2009]
* ADDED: Public API to generate help on a predicate without the page header
* FIXED: handle rdf:datatype earlier (compliant to the revised RDF syntax
specs). This fixes empty strings using
<rdfs:label rdf:datatype="&xsd;string"/>
Spotted by Chris Mungall
[Jul 1 2009]
* ENHANCED: term_hash: take the order of arguments in compound terms into
account
* MODIFIED: The hash-value of terms is supposed to be stable over
SWI-Prolog versions to allow storing datastructures on file that reply on
the hash. This change obviously breaks compatibility here. If you have
such a database you will have to rebuild it.
* ADDED: Allow \-escape inside html(\List).
* ADDED: Return the fact that a handler is a prefix handler in
http_current_handler/3.
* ADDED: Allow for http_handler(root(find/concept), ...). I.e., allow for
component/component without quotes,
[Jun 30 2009]
* FIXED: Reset supervisor of an undefined predicate that is set to dynamic.
Mikami Kana.
* ENHANCED: Avoid dependence on implementation dependent detection of non-
determinism in setup_call_cleanup/3.
The original (true;fail) to "leave a choice point open"
only works, if an implementation does not replace this
by true. This otherwise compliant optimization is
now prevented by having two soltions, one of which
is discarded.
[Jun 29 2009]
* BUILD: Enhance message if -lXpm is not found. Dennis van Dok.
* FIXED: Properly prevent message_queue_destroy/1 from destroying the default
queue of a thread.
* ADDED: Allow message_queue_destroy/1 on queues that are being waited for
* FIXED: http_currect_session(-, ?) did not generate (all) sessions.
* ADDED: http_close_session/1
* CHANGED: assert/2 issues representation error instead of type error
Affected case:
?- retractall(a), asserta(a,R), retractall(a), asserta(a,R).
This cannot be a type error, since the following query would have to
fail.
?- retractall(a), asserta(a,R1), retractall(a), asserta(a,R2), R1 = R2.
[Jun 28 2009]
* DOC: Updated README.git
* FIXED: Stream locking issue. Keri Harris.
* ENHANCED: Test whether 2nd argument of assert/2 and friends is unbound.
Günter Kniesel.
* FIXED: RDF literal matches (literal(exact(string), X))
[Jun 25 2009]
* FIXED: thread_create_in_pool/4: manager thread died if thread could not be
created.
[Jun 24 2009]
* FIXED: aggregate/3 when combining max or min with a bag operator. Mike
Elston.
[Jun 23 2009]
* MODIFIED: Added option unsafe(Bool) to http_reply_file/3. This option is
by default false, which causes this predicate to refuse serving files with an
absolute path, a path outside the working directory or, if an alias(Path) is
used, outside the root of the alias.
If you want to serve such files, you must provide unsafe(true) explicitely.
* DOC: Clarified alternatives to setup_call_cleanup/3.
* ADDED: Reply with 400 Bad Request on illegal HTTP requests
[Jun 22 2009]
* FIXED: avoid bnodes in types nodes for rdf_write_xml/2.
* ADDED: Efficient SPARQL compliant literal matching to RDF-DB
[Jun 21 2009]
* CLEANUP: Better reporting of multiple frozen goals on the same variable.
* FIXED: Freezing multiple goals on the same variable used ,/2 instead of
$and/2. This can lead to an exception Undefined procedure: $attvar: $and/2.
Mike Elston.
[Jun 19 2009]
* FIXED: Semweb: writing RDF/XML should not use bnodes as typed nodes. Chris
Mungall.
[Jun 18 2009]
* FIXED: Allow serving the manual again.
* FIXED: Setting spy, trace, etc. on system predicates
[Jun 17 2009]
* FIXED: Turtle UTF-8 handling
* FIXED: rdf_load/2: Do not record a file as loaded before completion.
* ADDED: Semweb: Register turtle parser for .n3 files
[Jun 16 2009]
* FIXED: Bug#404: PlDoc local file inclusion vulnerability
* FIXED: Pass Turtle test-case #10.
* DOC: Fixes and cleanup
* FIXED: Ulrich Item#486: meta-calls that exceed max_arity now raise a
representation error instead of crashing.
* FIXED: Ulrich Item#510: current_op/3 compliant error generation.
[Jun 15 2009]
* FIXED: Enhanced error terms for callable (call/1, etc).
* CLEANUP: Underlying code for call/1
* DOC: Item#483: Broken link in PlUnit. Ulrich Neumerkel.
* FIXED: memory-leak in atom_number/2 and number_chars/2 when producing GMP
numbers. Keri Harris.
* SECURITY: Loading XPCE can cause an insecure library search path. ELF-
systems only. Keri Harris.
* BUILD: Fix SGML test-case handling. Keri Harris.
* BUILD: Skip RFC2202 tests if Prolog is not compiled with unbounded
arithmetic. Keri Harris.
* FIXED: Typo in day-name of format_time/4. Keri Harris.
* BUILD: Fix for parallel make. Keri Harris.
* PORT: Make stack size alignment on 64-bit Windows comparable to Linux. Keri
Harris.
[Jun 13 2009]
* PORT: Avoid conflict on strndup(). Mary Ellen Foster
[Jun 12 2009]
* ENHANCED: CLP(FD): extended partial evaluation in automatic goal expansion
[Jun 9 2009]
* FIXED: RDF typed-nodes (<ns:Class ...>...</ns:Class> descriptions) if the
expansion of ns contains %-escaped characters. Jochem Liem.
_______________________________________________
SWI-Prolog mailing list
SWI-Prolog@...
https://mailbox.iai.uni-bonn.de/mailman/listinfo.cgi/swi-prolog
« Return to Thread: Ann: SWI-Prolog 5.7.11
| Free embeddable forum powered by Nabble | Forum Help |
