Fix www/wml configure to always use posix mode #8

oliwer · 2015-04-01T14:06:15Z

Because wml uses very old configure scripts, the posix mode
is not set with all shells. This can cause a test in the script
to be false and makes it re-exec itself indefinitely.

Because wml uses very old configure scripts, the posix mode is not set with all shells. This can cause a test in the script to be false and makes it re-exec itself indefinitly.

Update DEPENDS Add test target Upstream changes: 2015-03-14 -- 1.4.3 * Remove three warnings: star-args, abstract-class-little-used, abstract-class-not-used. These warnings don't add any real value and they don't imply errors or problems in the code. * Added a new option for controlling the peephole optimizer in astroid. The option ``--optimize-ast`` will control the peephole optimizer, which is used to optimize a couple of AST subtrees. The current problem solved by the peephole optimizer is when multiple joined strings, with the addition operator, are encountered. If the numbers of such strings is high enough, Pylint will then fail with a maximum recursion depth exceeded error, due to its visitor architecture. The peephole just transforms such calls, if it can, into the final resulting string and this exhibit a problem, because the visit_binop method stops being called (in the optimized AST it will be a Const node). 2015-03-11 -- 1.4.2 * Don't require a docstring for empty modules. Closes issue #261. * Fix a false positive with `too-few-format-args` string warning, emitted when the string format contained a normal positional argument ('{0}'), mixed with a positional argument which did an attribute access ('{0.__class__}'). Closes issue #463. * Take in account all the methods from the ancestors when checking for too-few-public-methods. Closes issue #471. * Catch enchant errors and emit 'invalid-characters-in-docstring' when checking for spelling errors. Closes issue #469. * Use all the inferred statements for the super-init-not-called check. Closes issue #389. * Add a new warning, 'unichr-builtin', emitted by the Python 3 porting checker, when the unichr builtin is found. Closes issue #472. * Add a new warning, 'intern-builtin', emitted by the Python 3 porting checker, when the intern builtin is found. Closes issue #473. * Add support for editable installations. * The HTML output accepts the `--msg-template` option. Patch by Dan Goldsmith. * Add 'map-builtin-not-iterating' (replacing 'implicit-map-evaluation'), 'zip-builtin-not-iterating', 'range-builtin-not-iterating', and 'filter-builtin-not-iterating' which are emitted by `--py3k` when the appropriate built-in is not used in an iterating context (semantics taken from 2to3). * Add a new warning, 'unidiomatic-typecheck', emitted when an explicit typecheck uses type() instead of isinstance(). For example, `type(x) == Y` instead of `isinstance(x, Y)`. Patch by Chris Rebert. Closes issue #299. * Add support for combining the Python 3 checker mode with the --jobs flag (--py3k and --jobs). Closes issue #467. * Add a new warning for the Python 3 porting checker, 'using-cmp-argument', emitted when the `cmp` argument for the `list.sort` or `sorted builtin` is encountered. * Make the --py3k flag commutative with the -E flag. Also, this patch fixes the leaks of error messages from the Python 3 checker when the errors mode was activated. Closes issue #437. 2015-01-16 -- 1.4.1 * Look only in the current function's scope for bad-super-call. Closes issue #403. * Check the return of properties when checking for not-callable. Closes issue #406. * Warn about using the input() or round() built-ins for Python 3. Closes issue #411. * Proper abstract method lookup while checking for abstract-class-instantiated. Closes issue #401. * Use a mro traversal for finding abstract methods. Closes issue #415. * Fix a false positive with catching-non-exception and tuples of exceptions. * Fix a false negative with raising-non-exception, when the raise used an uninferrable exception context. * Fix a false positive on Python 2 for raising-bad-type, when raising tuples in the form 'raise (ZeroDivisionError, None)'. * Fix a false positive with invalid-slots-objects, where the slot entry was an unicode string on Python 2. Closes issue #421. * Add a new warning, 'redundant-unittest-assert', emitted when using unittest's methods assertTrue and assertFalse with constant value as argument. Patch by Vlad Temian. * Add a new JSON reporter, usable through -f flag. * Add the method names for the 'signature-differs' and 'argument-differs' warnings. Closes issue #433. * Don't compile test files when installing. * Fix a crash which occurred when using multiple jobs and the files given as argument didn't exist at all. 2014-11-23 -- 1.4.0 * Added new options for controlling the loading of C extensions. By default, only C extensions from the stdlib will be loaded into the active Python interpreter for inspection, because they can run arbitrary code on import. The option `--extension-pkg-whitelist` can be used to specify modules or packages that are safe to load. * Change default max-line-length to 100 rather than 80 * Drop BaseRawChecker class which were only there for backward compat for a while now * Don't try to analyze string formatting with objects coming from function arguments. Closes issue #373. * Port source code to be Python 2/3 compatible. This drops the need for 2to3, but does drop support for Python 2.5. * Each message now comes with a confidence level attached, and can be filtered base on this level. This allows to filter out all messages that were emitted even though an inference failure happened during checking. * Improved presenting unused-import message. Closes issue #293. * Add new checker for finding spelling errors. New messages: wrong-spelling-in-comment, wrong-spelling-in-docstring. New options: spelling-dict, spelling-ignore-words. * Add new '-j' option for running checks in sub-processes. * Added new checks for line endings if they are mixed (LF vs CRLF) or if they are not as expected. New messages: mixed-line-endings, unexpected-line-ending-format. New option: expected-line-ending-format. * 'dangerous-default-value' no longer evaluates the value of the arguments, which could result in long error messages or sensitive data being leaked. Closes issue #282 * Fix a false positive with string formatting checker, when encountering a string which uses only position-based arguments. Closes issue #285. * Fix a false positive with string formatting checker, when using keyword argument packing. Closes issue #288. * Proper handle class level scope for lambdas. * Handle 'too-few-format-args' or 'too-many-format-args' for format strings with both named and positional fields. Closes issue #286. * Analyze only strings by the string format checker. Closes issue #287. * Properly handle nested format string fields. Closes issue #294. * Don't emit 'attribute-defined-outside-init' if the attribute was set by a function call in a defining method. Closes issue #192. * Properly handle unicode format strings for Python 2. Closes issue #296. * Don't emit 'import-error' if an import was protected by a try-except, which excepted ImportError. * Fix an 'unused-import' false positive, when the error was emitted for all the members imported with 'from import' form. Closes issue #304. * Don't emit 'invalid-name' when assigning a name in an ImportError handler. Closes issue #302. * Don't count branches from nested functions. * Fix a false positive with 'too-few-format-args', when the format strings contains duplicate manual position arguments. Closes issue #310. * fixme regex handles comments without spaces after the hash. Closes issue #311. * Don't emit 'unused-import' when a special object is imported (__all__, __doc__ etc.). Closes issue #309. * Look in the metaclass, if defined, for members not found in the current class. Closes issue #306. * Don't emit 'protected-access' if the attribute is accessed using a property defined at the class level. * Detect calls of the parent's __init__, through a binded super() call. * Check that a class has an explicitly defined metaclass before emitting 'old-style-class' for Python 2. * Emit 'catching-non-exception' for non-class nodes. Closes issue #303. * Order of reporting is consistent. * Add a new warning, 'boolean-datetime', emitted when an instance of 'datetime.time' is used in a boolean context. Closes issue #239. * Fix a crash which ocurred while checking for 'method-hidden', when the parent frame was something different than a function. * Generate html output for missing files. Closes issue #320. * Fix a false positive with 'too-many-format-args', when the format string contains mixed attribute access arguments and manual fields. Closes issue #322. * Extend the cases where 'undefined-variable' and 'used-before-assignment' can be detected. Closes issue #291. * Add support for customising callback identifiers, by adding a new '--callbacks' command line option. Closes issue #326. * Add a new warning, 'logging-format-interpolation', emitted when .format() string interpolation is used within logging function calls. * Don't emit 'unbalanced-tuple-unpacking' when the rhs of the assignment is a variable length argument. Closes issue #329. * Add a new warning, 'inherit-non-class', emitted when a class inherits from something which is not a class. Closes issue #331. * Fix another false positives with 'undefined-variable', where the variable can be found as a class assignment and used in a function annotation. Closes issue #342. * Handle assignment of the string format method to a variable. Closes issue #351. * Support wheel packaging format for PyPi. Closes issue #334. * Check that various built-ins that do not exist in Python 3 are not used: apply, basestring, buffer, cmp, coerce, execfile, file, long raw_input, reduce, StandardError, unicode, reload and xrange. * Warn for magic methods which are not used in any way in Python 3: __coerce__, __delslice__, __getslice__, __setslice__, __cmp__, __oct__, __nonzero__ and __hex__. * Don't emit 'assigning-non-slot' when the assignment is for a property. Closes issue #359. * Fix for regression: '{path}' was no longer accepted in '--msg-template'. * Report the percentage of all messages, not just for errors and warnings. Closes issue #319. * 'too-many-public-methods' is reported only for methods defined in a class, not in its ancestors. Closes issue #248. * 'too-many-lines' disable pragma can be located on any line, not only the first. Closes issue #321. * Warn in Python 2 when an import statement is found without a corresponding `from __future__ import absolute_import`. * Warn in Python 2 when a non-floor division operation is found without a corresponding `from __future__ import division`. * Add a new option, 'exclude-protected', for excluding members from the protected-access warning. Closes issue #48. * Warn in Python 2 when using dict.iter*(), dict.view*(); none of these methods are available in Python 3. * Warn in Python 2 when calling an object's next() method; Python 3 uses __next__() instead. * Warn when assigning to __metaclass__ at a class scope; in Python 3 a metaclass is specified as an argument to the 'class' statement. * Warn when performing parameter tuple unpacking; it is not supported in Python 3. * 'abstract-class-instantiated' is also emitted for Python 2. It was previously disabled. * Add 'long-suffix' error, emitted when encountering the long suffix on numbers. * Add support for disabling a checker, by specifying an 'enabled' attribute on the checker class. * Add a new CLI option, --py3k, for enabling Python 3 porting mode. This mode will disable all other checkers and will emit warnings and errors for constructs which are invalid or removed in Python 3. * Add 'old-octal-literal' to Python 3 porting checker, emitted when encountering octals with the old syntax. * Add 'implicit-map-evaluation' to Python 3 porting checker, emitted when encountering the use of map builtin, without explicit evaluation. 2014-07-26 -- 1.3.0 * Allow hanging continued indentation for implicitly concatenated strings. Closes issue #232. * Pylint works under Python 2.5 again, and its test suite passes. * Fix some false positives for the cellvar-from-loop warnings. Closes issue #233. * Return new astroid class nodes when the inferencer can detect that that result of a function invocation on a type (like `type` or `abc.ABCMeta`) is requested. Closes #205. * Emit 'undefined-variable' for undefined names when using the Python 3 `metaclass=` argument. * Checkers respect priority now. Close issue #229. * Fix a false positive regarding W0511. Closes issue #149. * Fix unused-import false positive with Python 3 metaclasses (#143). * Don't warn with 'bad-format-character' when encountering the 'a' format on Python 3. * Add multiple checks for PEP 3101 advanced string formatting: 'bad-format-string', 'missing-format-argument-key', 'unused-format-string-argument', 'format-combined-specification', 'missing-format-attribute' and 'invalid-format-index'. * Issue broad-except and bare-except even if the number of except handlers is different than 1. Fixes issue #113. * Issue attribute-defined-outside-init for all cases, not just for the last assignment. Closes issue #262. * Emit 'not-callable' when calling properties. Closes issue #268. * Fix a false positive with unbalanced iterable unpacking, when encountering starred nodes. Closes issue #273. * Add new checks, 'invalid-slice-index' and 'invalid-sequence-index' for invalid sequence and slice indices. * Add 'assigning-non-slot' warning, which detects assignments to attributes not defined in slots. * Don't emit 'no-name-in-module' for ignored modules. Closes issue #223. * Fix an 'unused-variable' false positive, where the variable is assigned through an import. Closes issue #196. * Definition order is considered for classes, function arguments and annotations. Closes issue #257. * Don't emit 'unused-variable' when assigning to a nonlocal. Closes issue #275. * Do not let ImportError propagate from the import checker, leading to crash in some namespace package related cases. Closes issue #203. * Don't emit 'pointless-string-statement' for attribute docstrings. Closes issue #193. * Use the proper mode for pickle when opening and writing the stats file. Closes issue #148. * Don't emit hidden-method message when the attribute has been monkey-patched, you're on your own when you do that. * Only emit attribute-defined-outside-init for definition within the same module as the offended class, avoiding to mangle the output in some cases. * Don't emit 'unnecessary-lambda' if the body of the lambda call contains call chaining. Closes issue #243. * Don't emit 'missing-docstring' when the actual docstring uses `.format`. Closes issue #281. 2014-04-30 -- 1.2.1 * Restore the ability to specify the init-hook option via the configuration file, which was accidentally broken in 1.2.0. * Add a new warning [bad-continuation] for badly indentend continued lines. * Emit [assignment-from-none] when the function contains bare returns. Fixes BitBucket issue #191. * Added a new warning for closing over variables that are defined in loops. Fixes Bitbucket issue #176. * Do not warn about \u escapes in string literals when Unicode literals are used for Python 2.*. Fixes BitBucket issue #151. * Extend the checking for unbalanced-tuple-unpacking and unpacking-non-sequence to instance attribute unpacking as well. * Fix explicit checking of python script (1.2 regression, #219) * Restore --init-hook, renamed accidentally into --init-hooks in 1.2.0 (#211) * Add 'indexing-exception' warning, which detects that indexing an exception occurs in Python 2 (behaviour removed in Python 3). 2014-04-18 -- 1.2.0 * Pass the current python paths to pylint process when invoked via epylint. Fixes BitBucket issue #133. * Add -i / --include-ids and -s / --symbols back as completely ignored options. Fixes BitBucket issue #180. * Extend the number of cases in which logging calls are detected. Fixes bitbucket issue #182. * Improve pragma handling to not detect pylint:* strings in non-comments. Fixes BitBucket issue #79. * Do not crash with UnknownMessage if an unknown message ID/name appears in disable or enable in the configuration. Patch by Cole Robinson. Fixes bitbucket issue #170. * Add new warning 'eval-used', checking that the builtin function `eval` was used. * Make it possible to show a naming hint for invalid name by setting include-naming-hint. Also make the naming hints configurable. Fixes BitBucket issue #138. * Added support for enforcing multiple, but consistent name styles for different name types inside a single module; based on a patch written by [email protected]. * Also warn about empty docstrings on overridden methods; contributed by [email protected]. * Also inspect arguments to constructor calls, and emit relevant warnings; contributed by [email protected]. * Added a new configuration option logging-modules to make the list of module names that can be checked for 'logging-not-lazy' et. al. configurable; contributed by [email protected]. * ensure init-hooks is evaluated before other options, notably load-plugins (#166) * Python 2.5 support restored: fixed small issues preventing pylint to run on python 2.5. Bitbucket issues #50 and #62. * bitbucket #128: pylint doesn't crash when looking for used-before-assignment in context manager assignments. * Add new warning, 'bad-reversed-sequence', for checking that the reversed() builtin receive a sequence (implements __getitem__ and __len__, without being a dict or a dict subclass) or an instance which implements __reversed__. * Mark `file` as a bad function when using python2 (closes #8). * Add new warning 'bad-exception-context', checking that `raise ... from ...` uses a proper exception context (None or an exception). * Enhance the check for 'used-before-assignment' to look for 'nonlocal' uses. * Emit 'undefined-all-variable' if a package's __all__ variable contains a missing submodule (closes #126). * Add a new warning 'abstract-class-instantiated' for checking that abstract classes created with `abc` module and with abstract methods are instantied. * Do not warn about 'return-arg-in-generator' in Python 3.3+. * Do not warn about 'abstract-method' when the abstract method is implemented through assignment (#155). * Improve cyclic import detection in the case of packages, patch by Buck Golemon * Add new warnings for checking proper class __slots__: `invalid-slots-object` and `invalid-slots`. * Search for rc file in `~/.config/pylintrc` if `~/.pylintrc` doesn't exists (#121) * Don't register the newstyle checker w/ python >= 3 * Fix unused-import false positive w/ augment assignment (#78) * Fix access-member-before-definition false negative wrt aug assign (#164) * Do not attempt to analyze non python file, eg .so file (#122)

--------------------- Version 0.9.7 - for a detailed log and changed files visit GitHub ---------------------------- - Reviewed and updated README - Huge POD rewrite - Adding a small script that generates HTML from POD and applies CSS from CPAN. Useful for reviewing the POD before release. - Added a test for POD validation - Added an example file that can test GitHub Issues #8, #9, #10 - GitHub [Issue #9] [Issue #10] Fixed cell_props applied to a different row when 'Repeat Headers' is enabled - Introduced column_numbers variable to avoid using $record in a broader scope. Further improvement needed. - Header row height is copied to each new page when 'Repeat Headers' is enabled - Fixed messing up row height when repeat headers is enabled due to access by array index vs shift/unshift - Fixed row height for rows with text blocks - Headers_props variable has been wrongly initialised with 0 causing a copy of the first data row even when header props are not passed as parameter - Added initialisation of header props justify param so that column and cell properties are not affecting the default value. - Fixed an issue with messing up row properties when repeating the header row on each page. - Examples have been formatted. - One new example added (header.pl) for demonstrating how header row can be added to multiple pages. - No need to export variables. Added one more test. - Removed pad_w and pad_h local variable as useless - Fixed typo causing a bug with row_height param. Added example file for row_height. To be used for writing a test. - Added POD for row_height param - Row counting should not be skipped if it is first row. - Added one more test(duplicates existing) but only to have base. - Extracted PDF::API2 Mock as a separate package. Created New test with the very basics. Create a new package that will hold predefined data for tests so it can be reused. - Fixed a variable that masks earlier declaration. - Fixed Issue #4 - Row height is calculated correctly depending on font size. Some variables are renamed to more meaningful. Row counting is done in a new way with single counter that is used for column and cell props retrieval. - Row height is now calculated for each row based on maximum font size from all cells. Refactored some variable names and unified row counting during column size calculation phase. - Fixed doc details in POD - Cosmetic changes - Decreased indent and reduced if body. For easier review, diff with whitespace changes disabled. - Added github url in readme Version 0.9.6 ---------------------------- - Fixed typo in POD. Closes #71816 Thanks to Gregor Herrmann - Small code refactoring. - Added patch for infinite loop fix. Closes #77376 Thanks to John Bazik - Added patch for header justification. Closes #77566 Thanks to James Lance - Added horizontal_borders, vertical_borders params to table(). Closes #79883 Thanks to Eric Johnson Version 0.9.5 - 18.Oct.2011 ---------------------------- - MANIFEST was missing sample pdf file. - Accidently left alternative code for infinite loop fix commented out. Fixed. Added a test for that. Version 0.9.4 - 17.Oct.2011 ---------------------------- - Don't bump row count when row spans a page. Closes #67401. - Fixed bug: don't call text_block if record width is exactly cell width. - Fixed bug in text_block: bottom is (top - height), not (baseline - height). - Example script typo fixed. Closes #55133. - Don't set up strokes when border is 0. Apparently breaks Acrobat. Closes #40705 and #55137. - Changed print warnings to carp. Closes #38007. - Added center justification for columns and cells. Tests, too. Closes #37924. - Fixed infinite loop caused by uninitialized $2. Thanks to Petri Kaurinkoski. Closes #34017. - Fixed perl warning if $col_prop->{min_w} is undef. Thanks to Matthias Pitzl (NEPOS). Closes #30720. - Fixed default header background color bug, closes #28542. - Added mock PDF::API2 packages to test script and added tests. - Improve column width calculations so wider content gets wider columns. Added column width test. Thanks to Barrie Slaymaker (RBS). Closes #26158.

- Add comment on DEPENDS related, make test may fail # if Net::Server exists, t/60 may fail due to more test items # t/60_net_server.t ............... skipped: Net::Server not available #DEPENDS+= p5-Net-Server-[0-9]*:../../net/p5-Net-Server (upstream) - Update to 0.79 -------------- 0.79 Friday May 1, 2015, 09:00:00 AM -0700 * t/40_server.t * t/40_server_xmllibxml.t * t/41_server_hang.t * t/60_net_server.t * t/70_compression_detect.t * t/90_rt54183_sigpipe.t * t/util.pl Test clean-up/fixes to address CPAN test failures. Should address problems with having IO::Socket::IP acting in place of IO::Socket::INET and also address some issues with a dynloader bug being triggered by t/70_compression_detect.t. * t/00_load.t * t/10_data.t * t/11_base64_fh.t * t/12_nil.t * t/13_no_deep_recursion.t * t/14_datetime_iso8601.t * t/15_serialize.t * t/20_xml_parser.t * t/21_xml_libxml.t * t/25_parser_negative.t * t/29_parserfactory.t * t/30_procedure.t * t/35_namespaces.t * t/40_server.t * t/40_server_xmllibxml.t * t/41_server_hang.t * t/50_client.t * t/51_client_with_host_header.t * t/60_net_server.t * t/90_rt50013_parser_bugs.t * t/90_rt54183_sigpipe.t * t/90_rt54494_blessed_refs.t * t/90_rt58065_allow_nil.t * t/90_rt58323_push_parser.t * t/util.pl Perl::Critic clean-up of test suites. * lib/RPC/XML/Parser/XMLParser.pm Fix to prevent a new sprintf-related warning in 5.21. * README * lib/Apache/RPC/status.code Merge pull request #8 from jkg/docfixes (James Green). Replace indirect object notation with direct.

patch refresh grace of mkpatches upstream notable changes list since the 3.2 to 3.3 branch point (excerpt of the NEWS file): * Version 3.3.15 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** API and ABI modifications: No changes since last version. * Version 3.3.14 (released 2015-03-30) ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. ** libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. ** libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). ** libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. ** libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 ** API and ABI modifications: No changes since last version. * Version 3.3.13 (released 2015-02-25) ** libgnutls: Enable AESNI in GCM on x86 ** libgnutls: Fixes in DTLS message handling ** libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. ** gnutls-cli: Fixes in OCSP verification. ** API and ABI modifications: No changes since last version. * Version 3.3.12 (released 2015-01-17) ** libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html ** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. ** libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. ** libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 ** libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 ** libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. ** libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. ** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** guile: Fix harmless warning during compilation of gnutls.scm Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. ** certtool: --pubkey-info will also attempt to load a public key from stdin. ** gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. ** API and ABI modifications: No changes since last version. * Version 3.3.11 (released 2014-12-11) ** libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. ** libgnutls: Corrected parsing issue with OCSP responses. ** API and ABI modifications: No changes since last version. * Version 3.3.10 (released 2014-11-10) ** libgnutls: Refuse to import v1 or v2 certificates that contain extensions. ** libgnutls: Fixes in usage of PKCS #11 token callback ** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. ** libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. ** libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. ** libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. ** libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. ** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. ** API and ABI modifications: No changes since last version. * Version 3.3.9 (released 2014-10-13) ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. ** libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. ** libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. ** libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. ** libgnutls-dane: Do not require the CA on a ca match to be direct CA. ** libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. ** guile: new 'set-session-server-name!' procedure; see the manual for details. ** certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. ** API and ABI modifications: No changes since last version. * Version 3.3.8 (released 2014-09-18) ** libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. ** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. ** libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. ** libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. ** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. ** libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. ** libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). ** libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. ** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. ** libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. ** libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. ** p11tool: when listing tokens, list their type as well. ** p11tool: when listing objects from a trust module print any attached extensions on certificates. ** API and ABI modifications: gnutls_x509_crq_get_extension_by_oid2: Added gnutls_x509_crt_get_extension_by_oid2: Added gnutls_x509_trust_list_verify_crt2: Added gnutls_x509_ext_print: Added gnutls_x509_ext_deinit: Added gnutls_x509_othername_to_virtual: Added gnutls_pkcs11_obj_get_exts: Added * Version 3.3.7 (released 2014-08-24) ** libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. ** libgnutls: bundle replacements of inet_pton and inet_aton if not available. ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. ** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** p11tool: Added --info parameter. ** certtool: Added --mark-wrap parameter. ** danetool: --check will attempt to retrieve the server's certificate chain and verify against it. ** danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. ** danetool: Added openssl linking exception, to allow linking with libunbound. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added gnutls_pkcs11_privkey_export_pubkey: Added gnutls_pkcs11_obj_flags_get_str: Added gnutls_pkcs11_obj_get_flags: Added * Version 3.3.6 (released 2014-07-23) ** libgnutls: Use inet_ntop to print IP addresses when available ** libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. ** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. ** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. ** libgnutls: fixed PKCS #11 private key operations after a fork. ** libgnutls: fixed PKCS #11 ECDSA key generation. ** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 ** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. ** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. ** p11tool: ask for label when one isn't provided. ** p11tool: added --batch parameter to disable any interactivity. ** p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. ** certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. ** API and ABI modifications: gnutls_certificate_set_x509_trust_dir: Added gnutls_x509_trust_list_add_trust_dir: Added * Version 3.3.5 (released 2014-06-26) ** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. ** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. ** libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. ** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. ** libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. ** certtool: option --to-p12 will now consider --load-ca-certificate ** certtol: Added option to specify the PKCS #12 friendly name on command line. ** p11tool: Allow marking a certificate copied to a token as a CA. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added gnutls_x509_crl_iter_deinit: Added gnutls_x509_crl_iter_crt_serial: Added gnutls_record_recv_packet: Added gnutls_packet_deinit: Added gnutls_packet_get: Added * Version 3.3.4 (released 2014-05-31) ** libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. ** API and ABI modifications: No changes since last version. * Version 3.3.3 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 ** gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. ** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. ** certtool: Allow multiple organizations and organizational unit names to be specified in a template. ** certtool: Warn when invalid configuration options are set to a template. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: gnutls_credentials_get: Added * Version 3.3.2 (released 2014-05-06) ** libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. ** libgnutls: Corrected file descriptor leak on random generator initialization. ** libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. ** libgnutls: Avoid deinitialization if initialization has failed. ** libgnutls: null-terminate othername alternative names. ** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** libgnutls-guile: Fixed compilation issue. ** certtool: Allow exporting a CRL on DER format. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: GNUTLS_PROFILE_VERY_WEAK: Added * Version 3.3.1 (released 2014-04-19) ** libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. ** libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls: The conditionally available self-test functions were moved to self-test.h. ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Corrected the *get_*_othername_oid() functions. ** API and ABI modifications: No changes since last version. * Version 3.3.0 (released 2014-04-10) ** libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. ** libgnutls: static libraries are not built by default. ** libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). ** libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. ** libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. ** libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). ** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. ** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). ** libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). ** libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. ** libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. ** libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. ** libgnutls: Depend on p11-kit 0.20.0 or later. ** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. ** libgnutls: The experimental xssl library is removed from the gnutls distribution. ** libgnutls: Reduced the number of gnulib modules used in the main library. ** libgnutls: Added priority string %DISABLE_WILDCARDS. ** libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). ** certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). ** certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. ** certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. ** libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT). ** API and ABI modifications: GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added gnutls_certificate_verify_peers: Added gnutls_privkey_generate: Added gnutls_pkcs11_crt_is_known: Added gnutls_fips140_mode_enabled: Added gnutls_sec_param_to_symmetric_bits: Added gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) gnutls_pubkey_verify_params: Added gnutls_privkey_export_ecc_raw: Added gnutls_privkey_export_dsa_raw: Added gnutls_privkey_export_rsa_raw: Added gnutls_privkey_import_ecc_raw: Added gnutls_privkey_import_dsa_raw: Added gnutls_privkey_import_rsa_raw: Added gnutls_privkey_verify_params: Added gnutls_x509_crt_check_hostname2: Added gnutls_openpgp_crt_check_hostname2: Added gnutls_x509_name_constraints_init: Added gnutls_x509_name_constraints_deinit: Added gnutls_x509_crt_get_name_constraints: Added gnutls_x509_name_constraints_add_permitted: Added gnutls_x509_name_constraints_add_excluded: Added gnutls_x509_crt_set_name_constraints: Added gnutls_x509_name_constraints_get_permitted: Added gnutls_x509_name_constraints_get_excluded: Added gnutls_x509_name_constraints_check: Added gnutls_x509_name_constraints_check_crt: Added gnutls_x509_crl_get_extension_data2: Added gnutls_x509_crt_get_extension_data2: Added gnutls_x509_crq_get_extension_data2: Added gnutls_subject_alt_names_init: Added gnutls_subject_alt_names_deinit: Added gnutls_subject_alt_names_get: Added gnutls_subject_alt_names_set: Added gnutls_x509_ext_import_subject_alt_names: Added gnutls_x509_ext_export_subject_alt_names: Added gnutls_x509_crl_dist_points_init: Added gnutls_x509_crl_dist_points_deinit: Added gnutls_x509_crl_dist_points_get: Added gnutls_x509_crl_dist_points_set: Added gnutls_x509_ext_import_crl_dist_points: Added gnutls_x509_ext_export_crl_dist_points: Added gnutls_x509_ext_import_name_constraints: Added gnutls_x509_ext_export_name_constraints: Added gnutls_x509_aia_init: Added gnutls_x509_aia_deinit: Added gnutls_x509_aia_get: Added gnutls_x509_aia_set: Added gnutls_x509_ext_import_aia: Added gnutls_x509_ext_export_aia: Added gnutls_x509_ext_import_subject_key_id: Added gnutls_x509_ext_export_subject_key_id: Added gnutls_x509_ext_export_authority_key_id: Added gnutls_x509_ext_import_authority_key_id: Added gnutls_x509_aki_init: Added gnutls_x509_aki_get_id: Added gnutls_x509_aki_get_cert_issuer: Added gnutls_x509_aki_set_id: Added gnutls_x509_aki_set_cert_issuer: Added gnutls_x509_aki_deinit: Added gnutls_x509_ext_import_private_key_usage_period: Added gnutls_x509_ext_export_private_key_usage_period: Added gnutls_x509_ext_import_basic_constraints: Added gnutls_x509_ext_export_basic_constraints: Added gnutls_x509_ext_import_key_usage: Added gnutls_x509_ext_export_key_usage: Added gnutls_x509_ext_import_proxy: Added gnutls_x509_ext_export_proxy: Added gnutls_x509_policies_init: Added gnutls_x509_policies_deinit: Added gnutls_x509_policies_get: Added gnutls_x509_policies_set: Added gnutls_x509_ext_import_policies: Added gnutls_x509_ext_export_policies: Added gnutls_x509_key_purpose_init: Added gnutls_x509_key_purpose_deinit: Added gnutls_x509_key_purpose_set: Added gnutls_x509_key_purpose_get: Added gnutls_x509_ext_import_key_purposes: Added gnutls_x509_ext_export_key_purposes: Added gnutls_digest_self_test: Added (conditionally) gnutls_mac_self_test: Added (conditionally) gnutls_pk_self_test: Added (conditionally) gnutls_cipher_self_test: Added (conditionally) gnutls_global_set_mem_functions: Deprecated

Changes from Ant 1.9.4 TO Ant 1.9.5 =================================== Changes that could break older environments: ------------------------------------------- * The ReplaceTokens filter can now use token-separators longer than one character. This means it can be used to replace mustache-style {{patterns}} and similar templates. This is going to break code that invokes the setters on ReplaceTokens via the Java API as their parameters have been changed from char to String. It may also break build files that specified multi character tokens and relied on Ant silently ignoring all but the first character. Bugzilla Report 56584 * The changes that added <get>'s support for gzip encoding automatically uncompressed content that would not have been touched before - like when downloading .tar.gz files. A new flag has been added to control the behavior and its default will make <get> work as it did in 1.9.3. I.e. if you want it to work like 1.9.4 you have to explicitly set tryGzipEncoding to true. Bugzilla Report 57048 Fixed bugs: ----------- * TarArchiveInputStream failed to read archives with empty gid/uid fields. Bugzilla Report 56641 * TarArchiveInputStream could throw IOException when reading PAX headers from a "slow" InputStream. * XMLJunitResultFormatter could throw NullPointerException if Java cannot determine the local hostname. Bugzilla Report 56593 * URLResource#getLastModified tried to access the connection to the URL without making sure it was established, potentially leading to a NullPointerException when using FTP. Bugzilla Report 56873 * Long-Name and -link or PAX-header entries in TAR archives always had the current time as last modfication time, creating archives that are different at the byte level each time an archive was built. * runant.py should now work as well when the path of the Java executable contains spaces. github pull request #1 * <junitreport> now supports nested <classpath> and <factory> elements. Bugzilla Report 47002 * complete-ant-cmd.pl now also knows about the -file option. Bugzilla Report 57371 * the br-replace template inside the XSLT stylesheets used by <junitreport> could cause stack overflows or out-of-memory errors when applied to big outputs. Bugzilla Report 57341 * removed spurious warning about unclosed ZipFiles when reading the archive failed. Port of https://issues.apache.org/jira/browse/COMPRESS-297 * FileUtils.rename which is used by several tasks can throw a NullPointerException if the "normal" renameTo operation fails and an exception occurs while rename falls back to copying and deleting the file. Bugzilla Report 57533 * complete-ant-cmd.pl would incorrectly suggest words from the build file description. Bugzilla Report 51931 * complete-ant-cmd.pl now also completes tasks without a description. Bugzilla Report 57542 * LocalPropertyStack could run into ConcurrentModificationException when tasks spawned new child threads that accessed the properties. Bugzilla Report 55074 * TarEntry's constructor with a File and a String arg didn't normalize the name. * Between 1.8.4 and 1.9.0 TarInputStream started to parse file names using the platform's default encoding rather than as ASCII. This has been a breaking change that has never been marked as such (in fact it went unnoticed). In order to allow <untar> and <tarfileset> to work on platforms who's encoding doesn't match the encoding of file names inside the archive, both now support encoding attributes. The attribute has also been added to <tar> for symmetry. Bugzilla Report 57822 Other changes: -------------- * it is now possible to provide proxy configuration to signjar when using the timestamped authority. Bugzilla Report 56678 * complete-ant-cmd.pl now also analyzes the ANT_ARGS environment variable. Bugzilla Report 57371 * ported some of the write-optimization of Commons Compress 1.10 to the ZIP package * adapted unit tests to Java9 and added "javac1.9" as valid option for javac's compiler attribute. * performance improvements for <intersect> Bugzilla Report 57588 * MailLogger can now add CC and BCC addresses. Bugzilla Report 57789. * <scp>'s buffer size has been increased from 1k to 100k to match <ftp> and <get>. github pull requests #8 and #9 * The tar package can now deal with group and user ids bigger than 0x80000000. https://issues.apache.org/jira/browse/COMPRESS-314 https://issues.apache.org/jira/browse/COMPRESS-315 * <scp> has new attributes fileMode and dirMode that control the permissions on the remote side when sending data via SSH. Bugzilla Report 43271. * New <allbutlast> and <allbutfirst> resource collections can be used to select all but a given subset of a resource collection. Bugzilla Report 57834.

2.0.2 ----- * #22: Fix improper commas in request headers in wsgi_environ (https://bitbucket.org/ianb/paste/pull-request/22/fix-improper-commas-in-request-headers-in) Fixes issue #4 ("WSGI environ totally borked") (https://bitbucket.org/ianb/paste/issue/4/wsgi-environ-totally-borked) * #24: test_wsgirequest_charset: Use UTF-8 instead of iso-8859-1 (https://bitbucket.org/ianb/paste/pull-request/24/test_wsgirequest_charset-use-utf-8-instead) Fixes issue #7 ("Python 3 test failure") (https://bitbucket.org/ianb/paste/issue/7/python-3-test-failure) * #23: Replace cgi.parse_qsl w/ six.moves.urllib.parse.parse_qsl (https://bitbucket.org/ianb/paste/pull-request/23/replace-cgiparse_qsl-w) Fixes issue #8 ("cgi.parse_qsl is pending deprecation") (https://bitbucket.org/ianb/paste/issue/8/cgiparse_qsl-is-pending-deprecation) * #20: Escape CGI environment variables in HTTP 404 responses (https://bitbucket.org/ianb/paste/pull-request/20/escape-cgi-environment-variables-in-http) * #6: Add HTTP exception for new code 429 "Too Many Requests" (https://bitbucket.org/ianb/paste/pull-request/6/add-http-exception-for-new-code-429-too) * #25: replace ``has_key`` method to ``in`` operator #9 (https://bitbucket.org/ianb/paste/pull-request/25/replace-has_key-method-to-in-operator-9) Fixes #9 ("used methods removed from py3") (https://bitbucket.org/ianb/paste/issue/9/used-methods-removed-from-py3) * #5: Invalid error message when the socket is already in use (https://bitbucket.org/ianb/paste/issue/5/invalid-error-message-when-the-socket-is) 2.0.1 ----- * Fix setup.py for six dependency: move the six dependency from extras_require to install_requires. * Port paste.proxy to Python 3. * Fix paste.exceptions.serial_number_generator.hash_identifier() on Python 3. * Fix paste.util.threadedprint.uninstall(). Rename duplicated uninstall() function to uninstall_stdin() and fix typo in variable name (_oldstin => _oldstdin). * Add README.rst file. 2.0 --- * Experimental Python 3 support. * paste now requires the six module. * Drop support of Python 2.5 and older. * Fixed ``egg:Paste#cgi`` * In ``paste.httpserver``: give a 100 Continue response even when the server has been configured as an HTTP/1.0 server (clients may send ``Expect: 100-Continue`` before they know the version), and wrap 100 Continue ``environ['wsgi.input']`` files with LimitedLengthFile just like normal request bodies are wrapped, keeping WSGI applications from over-reading from the socket. * Fixed parsing of paths beginning with multiple forward slashes. * Add tox.ini to run tests with tox on Python 2.6, 2.7 and 3.4.

* Fixed build option * Fixed quotes for auto-build feature of the package. * Added "multido" option. * Fixes/improvements for output convert filename for the 'multi' option. * Changed \IfFileExists test for \if..tex macros to support 'htlatex'. * Issue #12: Fixed info message for mode=buildnew if generated file is already newer than source file. * Issue #8: Updated description of mode=buildnew to state that it doesn't work with XeLaTeX.

New: Support Literal IPv6 Addresses in the Database Connection URL. Ref. RFC2732 New: Honour timezone information if provided with date-time column values in Result Sets Fixed: Issue #7 Removed onstop handler Fixed: #8 Do not remove trailing SQL termination charachter ';' from statement

security/gnutls: security update Revisions pulled up: - security/gnutls/Makefile 1.146 - security/gnutls/distinfo 1.106 --- Module Name: pkgsrc Committed By: wiz Date: Fri May 30 13:20:23 UTC 2014 Modified Files: pkgsrc/security/gnutls: Makefile distinfo Log Message: Update to 3.2.15: * Version 3.2.15 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: Several memory leaks caused by error conditions were fixed. The leaks were identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** gnutls-cli: if dane is requested but not PKIX verification, then only do verify the end certificate. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: No changes since last version. * Version 3.2.14 (released 2014-05-06) ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** configure: Added --with-nettle-mini option, which allows linking with a libnettle that contains gmp. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: No changes since last version. * Version 3.2.13 (released 2014-04-07) ** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently if there are no base64 data. Report and patch by Ramkumar Chinchani. ** libgnutls: gnutls_record_send is now safe to be called under DTLS when in corked mode. ** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for these algorithms. ** libgnutls: Changed the behaviour in wildcard acceptance in certificates. Wildcards are only accepted when there are more than two domain components after the wildcard. This drops support for the permissive RFC2818 wildcards and adds more conservative support based on the suggestions in RFC6125. Suggested by Jeffrey Walton. ** certtool: When no password is provided to export a PKCS #8 keys, do not encrypt by default. This reverts to the certtool behavior of gnutls 3.0. The previous behavior of encrypting using an empty password can be replicating using the new parameter --empty-password. ** p11tool: Avoid dual initialization of the PKCS #11 subsystem when the --provider option is given. ** API and ABI modifications: No changes since last version.

Upstream changes: 1.27 2016-01-14 10:50:00 MANWAR - Added LICENSE file. 1.26 2016-01-03 00:45:00 MANWAR - Merged GitHub Pull Request #9 from ESERTE. 1.25 2016-01-02 01:05:00 MANWAR - Merged GitHub Pull Request #8 from TAISNIF. 1.24 2015-12-14 11:35:00 MANWAR - Documented method version(). - Added check for version number. - Added unit test for method version(). 1.23 2015-12-05 12:40:00 MANWAR - Added parameter validation check for method new_outline().

------------------ 0.16 2015-09-22T00:17:07Z - Added new abstract class, URI::_odbc, for URIs that use ODBC in `dbi_dsn`. - The `dbi_dsn` method of URI::mssql now returns an ODBC DSN instead of DBD::Sybase, since the latter would require Sybase to build. - URI::sqlserver now inherits from URI::mssql rather than the other way around. - Fixed a bug where a URI with three slashes but no authority part after the first two would incorrectly think the databse name should be an absolute path. That is, in "db:sqlite:///foo.db", the `dbname` value is "foo.db", not "/foo.db". Thanks to Dan Book for the report (issue #8).

0.9.3 ----- * Merge pull request #8 from lnielsen/lazydomainfix Fix lazy gettext problem with domain evaluation

------------------ 0.16 2015-09-22T00:17:07Z - Added new abstract class, URI::_odbc, for URIs that use ODBC in `dbi_dsn`. - The `dbi_dsn` method of URI::mssql now returns an ODBC DSN instead of DBD::Sybase, since the latter would require Sybase to build. - URI::sqlserver now inherits from URI::mssql rather than the other way around. - Fixed a bug where a URI with three slashes but no authority part after the first two would incorrectly think the databse name should be an absolute path. That is, in "db:sqlite:///foo.db", the `dbname` value is "foo.db", not "/foo.db". Thanks to Dan Book for the report (issue #8).

0.9.3 ----- * Merge pull request #8 from lnielsen/lazydomainfix Fix lazy gettext problem with domain evaluation

1.23 2016-03-26 - Fixed some Perl stack corruption bugs. Based on a proposed PR from Tony Cook plus some additional changes. GH #8. - Fixed tests with Carp 1.01 (shipped with Perl 5.8.3). Patch by Andreas Koenig. RT #113318.

----------------------------------------- 2.01 2016-03-02 - Fixed the frames method when it is called with arguments. Previously this did not work if it was called before the method was called as a reader. Fixed by Mark Fowler. PR #8.

------------------------------------- 0.14 2016-05-29 - a couple minor optimizations (dolmen, #8)

@ambs

Upstream changes: 3.093 2016-03-25 12:16:08-04:00 America/New_York - lin.kz no longer exists, so WWW::Shorten::Linkz is deprecated - added deprecation/removal notices in accordance with issue #8 - Folded ::Qurl into the deprecated modules - Folded ::Qwer into the deprecated modules - Temporarily hault live testing against TinyURL with ugly hack - Bump Perl requirement to 5.8.1 3.092 2016-03-20 - Clear note about how to contribute other shorten services. Thanks, @ambs - Updated shorten CLI app to add a lengthen option. #9 - Pared down the requirements - re-release with GNU tar 3.091 2016-03-17 - Fixed typo on ::_dead (Thanks, @neilb) - Add synopsis to ::_dead - Cleaned up contributors, alphabetized - Cleaned up the copyright and license confusion 3.090 2016-03-16 - changed to Dist::Zilla - added author tests - Cleaned up documentation - Cleaned up Changes file - added deprecation notices - Cleaned up the Readme.md quite a bit

Upstream changes: 0.16012 2016-07-19T21:37:31Z - Parsing invalid intervals with no amount and units only should have resulted in exceptions, but did not. Reported by Henrik Pauli (ssue #8) - Internal cleanup

@keyword1

* Version 3.5.4 (released 2016-09-08) ** libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). Reported by Stefan Buehler. ** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop. ** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0. ** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0. ** libgnutls: Added support for internationalized passwords in PKCS#12 files. Previous versions would only encrypt or decrypt using passwords from the ASCII set. ** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. ** gnutls-cli: Fixed starttls regression from 3.5.3. ** API and ABI modifications: GNUTLS_E_MALFORMED_CIDR: Added gnutls_x509_cidr_to_rfc5280: Added gnutls_oid_to_mac: Added * Version 3.5.3 (released 2016-08-09) ** libgnutls: Added support for TCP fast open (RFC7413), allowing to reduce by one round-trip the handshake process. Based on proposal and patch by Tim Ruehsen. ** libgnutls: Adopted a simpler with less memory requirements DTLS sliding window implementation. Based on Fridolin Pokorny's implementation for AF_KTLS. ** libgnutls: Use getrandom where available via the syscall interface. This works around an issue of not-using getrandom even if it exists since glibc doesn't declare such function. ** libgnutls: Fixed DNS name constraints checking in the case of empty intersection of domain names in the chain. Report and fix by Martin Ukrop. ** libgnutls: Fixed name constraints checking in the case of chains where the higher level certificates contained different types of constraints than the ones present in the lower intermediate CAs. Report and fix by Martin Ukrop. ** libgnutls: Dropped support for the EGD random generator. ** libgnutls: Allow the decoding of raw elements (starting with #) in RFC4514 DN string decoding. ** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ignoring flags if all certificates in the list fit within the initially allocated memory. Patch by Tim Kosse. ** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() to return invalid pointers when returned more than a single certificate. Report and fix by Stefan Sørensen. ** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain, even when the extra_certs was non-null. Report and fix by Stefan Sørensen. ** certtool: Added the "add_extension" and "add_critical_extension" template options. This allows specifying arbitrary extensions into certificates and certificate requests. ** gnutls-cli: Added the --fastopen option. ** API and ABI modifications: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added gnutls_x509_crq_set_extension_by_oid: Added gnutls_x509_dn_set_str: Added gnutls_transport_set_fastopen: Added * Version 3.5.2 (released 2016-07-06) ** libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2). ** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by Guillaume Roguez. ** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects from SafeNet Network HSM. Reported by Anthony Alba in #108. ** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report and fix by Stanislav Židek. ** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE instructions. Uses Andy Polyakov's assembly code. ** API and ABI modifications: No changes since last version. * Version 3.5.1 (released 2016-06-14) ** libgnutls: The SSL 3.0 protocol support can completely be removed using a compile time option. The configure option is --disable-ssl3-support. ** libgnutls: The SSL 2.0 client hello support can completely be removed using a compile time option. The configure option is --disable-ssl2-support. ** libgnutls: Added support for OCSP Must staple PKIX extension. That is, implemented the RFC7633 TLSFeature for OCSP status request extension. Feature implemented by Tim Kosse. ** libgnutls: More strict OCSP staple verification. That is, no longer ignore invalid or too old OCSP staples. The previous behavior was to rely on application use gnutls_ocsp_status_request_is_checked(), while the new behavior is to include OCSP verification by default and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error. ** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This improves interoperability with several old intermediate CA certificates carrying these legacy OIDs. ** libgnutls: Re-read the system wide priority file when needed. Patch by Daniel P. Berrange. ** libgnutls: Allow for fallback in system-specific initial keywords (prefixed with '@'). That allows to specify a keyword such as "@keyword1,KEYWORD2" which will use the first available of these two keywords. Patch by Daniel P. Berrange. ** libgnutls: The SSLKEYLOGFILE environment variable can be used to log session keys. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark. ** API and ABI modifications: GNUTLS_CERT_INVALID_OCSP_STATUS: Added gnutls_x509_crt_set_crq_extension_by_oid: Added gnutls_x509_ext_import_tlsfeatures: Added gnutls_x509_ext_export_tlsfeatures: Added gnutls_x509_tlsfeatures_add: Added gnutls_x509_tlsfeatures_init: Added gnutls_x509_tlsfeatures_deinit: Added gnutls_x509_tlsfeatures_get: Added gnutls_x509_crt_get_tlsfeatures: Added gnutls_x509_crt_set_tlsfeatures: Added gnutls_x509_crq_get_tlsfeatures: Added gnutls_x509_crq_set_tlsfeatures: Added gnutls_ext_get_name: Added * Version 3.5.0 (released 2016-05-09) ** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA, based on http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html ** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07). This curve is disabled by default as it is still on specification status. It can be enabled using the priority string modifier +CURVE-X25519. ** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01) by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73). ** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable RSA and DSA parameter generation from a seed. ** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This cipher is prioritized after AES-GCM. ** libgnutls: On a rehandshake ensure that the certificate of the peer or its username remains the same as in previous handshakes. That is to protect applications which do not check user credentials on rehandshakes. The threat to address depends on the application protocol. Primarily it protects against applications which authenticate the peer initially and perform accounting using the session's information, from being misled by a rehandshake which switches the peer's identity. Applications can disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in gnutls_init(). ** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate parsing errors in the extensions field and treat it as a typical Hello message structure. Reported by Hubert Kario (#40). ** libgnutls: Old and unsupported version numbers in client hellos are rejected with a "protocol_version" alert message. Reported by Hubert Kario (#42). ** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*() functions, only on non-resumed sessions. This brings the API in par with its usage (#79). ** libgnutls: Follow RFC5280 strictly in name constraints computation. The permitted subtrees is intersected with any previous values. Report and patch by Daiki Ueno. ** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on session resumption. Reported by Hubert Kario (#69). ** libgnutls: Consider the max-record TLS extension even when under DTLS. Reported by Peter Dettman (#61). ** libgnutls: Replaced writev() system call with sendmsg(). ** libgnutls: Replaced select() system call with poll() on POSIX systems. ** libgnutls: Preload the system priority file on library load. This allows applications that chroot() to also use the system priorities. ** libgnutls: Applications are allowed to override the built-in key and certificate URLs. ** libgnutls: The gnutls.h header marks constant and pure functions explictly. ** certtool: Added the ability to sign certificates using SHA3. ** certtool: Added the --provable and --verify-allow-broken options. ** gnutls-cli: The --dane option will cause verification failure if gnutls is not compiled with DANE support. ** crywrap: The tool was unbundled from gnutls' distribution. It can be found at https://github.com/nmav/crywrap ** guile: .go files are now built and installed ** guile: Fix compatibility issue of the test suite with Guile 2.1 ** guile: When --with-guile-site-dir is passed, modules are installed in a versioned directory, typically $(datadir)/guile/site/2.0 ** guile: Tests no longer leave zombie processes behind ** API and ABI modifications: GNUTLS_FORCE_CLIENT_CERT: Added GNUTLS_ENABLE_FALSE_START: Added GNUTLS_INDEFINITE_TIMEOUT: Added GNUTLS_ALPN_SERVER_PRECEDENCE: Added GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added gnutls_check_version_numeric: Added gnutls_x509_crt_equals: Added gnutls_x509_crt_equals2: Added gnutls_x509_crt_set_subject_alt_othername: Added gnutls_x509_crt_set_issuer_alt_othername: Added gnutls_x509_crt_get_signature_oid: Added gnutls_x509_crt_get_pk_oid: Added gnutls_x509_crq_set_subject_alt_othername: Added gnutls_x509_crq_get_pk_oid: Added gnutls_x509_crq_get_signature_oid: Added gnutls_x509_crl_get_signature_oid: Added gnutls_x509_privkey_generate2: Added gnutls_x509_privkey_get_seed: Added gnutls_x509_privkey_verify_seed: Added gnutls_privkey_generate2: Added gnutls_privkey_get_seed: Added gnutls_privkey_verify_seed: Added gnutls_decode_ber_digest_info: Added gnutls_encode_ber_digest_info: Added gnutls_dh_params_import_dsa: Added gnutls_session_get_master_secret: Added * Version 3.4.3 (released 2015-07-12) ** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. ** libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled). ** libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. ** libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. ** libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set. ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. ** p11tool: Added --list-token-urls option, and print the token module name in list-tokens. ** API and ABI modifications: gnutls_ecc_curve_get_oid: Added gnutls_digest_get_oid: Added gnutls_pk_get_oid: Added gnutls_sign_get_oid: Added gnutls_ecc_curve_get_id: Added gnutls_oid_to_digest: Added gnutls_oid_to_pk: Added gnutls_oid_to_sign: Added gnutls_oid_to_ecc_curve: Added gnutls_pkcs7_get_signature_count: Added * Version 3.4.2 (released 2015-06-16) ** libgnutls: DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. ** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported by Manuel Pegourie-Gonnard. ** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. ** libgnutls: Enhanced the PKCS #7 API to allow signing and verification of structures. API moved to gnutls/pkcs7.h header. ** certtool: Added options to generate PKCS #7 bundles and signed structures. ** API and ABI modifications: gnutls_x509_dn_get_str: Added gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added gnutls_x509_crt_verify_data2: Added gnutls_pkcs7_get_crt_raw2: Added gnutls_pkcs7_signature_info_deinit: Added gnutls_pkcs7_get_signature_info: Added gnutls_pkcs7_verify_direct: Added gnutls_pkcs7_verify: Added gnutls_pkcs7_get_crl_raw2: Added gnutls_pkcs7_sign: Added gnutls_pkcs7_attrs_deinit: Added gnutls_pkcs7_add_attr: Added gnutls_pkcs7_get_attr: Added gnutls_pkcs7_print: Added * Version 3.4.1 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. ** libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. ** certtool: It can generate SHA256 key IDs. ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. ** configure: re-enabled the --enable-local-libopts flag ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added * Version 3.4.0 (released 2015-04-08) ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". ** libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. ** libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). ** libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". ** libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. ** libgnutls: The priority string EXPORT was completely removed. The string was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. ** libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview and is restricted to windows CNG keys. ** libgnutls: gnutls_x509_crt_check_hostname() and friends will use RFC6125 comparison of hostnames. That introduces a dependency on libidn. ** libgnutls: Depend on p11-kit 0.23.1 to comply with the final PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). ** libgnutls: Depend on nettle 3.1. ** libgnutls: Use getrandom() or getentropy() when available. That avoids the complexity of file descriptor handling and issues with applications closing all open file descriptors on startup. ** libgnutls: Use pthread_atfork() to detect fork when available. ** libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. ** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. ** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. ** libgnutls: Added helper functions to obtain information on PKCS #8 structures. ** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. ** libgnutls: Added functions to export and set the record state. That allows for gnutls_record_send() and recv() to be offloaded (to kernel, hardware or any other subsystem). ** libgnutls: Added the ability to register application specific URL types, which express certificates and keys using gnutls_register_custom_url(). ** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., to override AES-GCM using a system-specific accelerator. That is, (crypto.h) gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). ** libgnutls: Added gnutls_ext_register() to register custom extensions. Contributed by Thierry Quemerais. ** libgnutls: Added gnutls_supplemental_register() to register custom supplemental data handshake messages. Contributed by Thierry Quemerais. ** libgnutls-openssl: it is no longer built by default. ** certtool: Added --p8-info option, which will print PKCS #8 information even if the password is not available. ** certtool: --key-info option will print PKCS #8 encryption information when available. ** certtool: Added the --key-id and --fingerprint options. ** certtool: Added the --verify-hostname, --verify-email and --verify-purpose options to be used in certificate chain verification, to simulate verification for specific hostname and key purpose (extended key usage). ** certtool: --p12-info option will print PKCS #12 MAC and cipher information when available. ** certtool: it will print the A-label (ACE) names in addition to UTF-8. ** p11tool: added options --set-id and --set-label. ** gnutls-cli: added options --priority-list and --save-cert. ** guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. ** guile: Remove RSA parameters and related procedures. This API had been deprecated. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** API and ABI modifications: gnutls_record_get_state: Added gnutls_record_set_state: Added gnutls_aead_cipher_init: Added gnutls_aead_cipher_decrypt: Added gnutls_aead_cipher_encrypt: Added gnutls_aead_cipher_deinit: Added gnutls_pkcs12_generate_mac2: Added gnutls_pkcs12_mac_info: Added gnutls_pkcs12_bag_enc_info: Added gnutls_pkcs8_info: Added gnutls_pkcs_schema_get_name: Added gnutls_pkcs_schema_get_oid: Added gnutls_pcert_export_x509: Added gnutls_pcert_export_openpgp: Added gnutls_pcert_import_x509_list: Added gnutls_pkcs11_privkey_cpy: Added gnutls_x509_crq_get_signature_algorithm: Added gnutls_x509_trust_list_iter_get_ca: Added gnutls_x509_trust_list_iter_deinit: Added gnutls_x509_trust_list_get_issuer_by_dn: Added gnutls_pkcs11_get_raw_issuer_by_dn: Added gnutls_certificate_get_trust_list: Added gnutls_privkey_export_x509: Added gnutls_privkey_export_pkcs11: Added gnutls_privkey_export_openpgp: Added gnutls_privkey_import_ext3: Added gnutls_certificate_get_x509_key: Added gnutls_certificate_get_x509_crt: Added gnutls_certificate_get_openpgp_key: Added gnutls_certificate_get_openpgp_crt: Added gnutls_record_discard_queued: Added gnutls_session_ext_master_secret_status: Added gnutls_priority_string_list: Added gnutls_dh_params_import_raw2: Added gnutls_memset: Added gnutls_memcmp: Added gnutls_pkcs12_bag_set_privkey: Added gnutls_ocsp_resp_get_responder_raw_id: Added gnutls_system_key_iter_deinit: Added gnutls_system_key_iter_get_info: Added gnutls_system_key_delete: Added gnutls_system_key_add_x509: Added gnutls_system_recv_timeout: Added gnutls_register_custom_url: Added gnutls_pkcs11_obj_list_import_url3: Added gnutls_pkcs11_obj_list_import_url4: Added gnutls_pkcs11_obj_set_info: Added gnutls_crypto_register_cipher: Added gnutls_crypto_register_aead_cipher: Added gnutls_crypto_register_mac: Added gnutls_crypto_register_digest: Added gnutls_ext_register: Added gnutls_supplemental_register: Added gnutls_supplemental_recv: Added gnutls_supplemental_send: Added gnutls_openpgp_crt_check_email: Added gnutls_x509_crt_check_email: Added gnutls_handshake_set_hook_function: Modified gnutls_pkcs11_privkey_generate3: Added gnutls_pkcs11_copy_x509_crt2: Added gnutls_pkcs11_copy_x509_privkey2: Added gnutls_pkcs11_obj_list_import_url: Removed gnutls_pkcs11_obj_list_import_url2: Removed gnutls_certificate_client_set_retrieve_function: Removed gnutls_certificate_server_set_retrieve_function: Removed gnutls_certificate_set_rsa_export_params: Removed gnutls_certificate_type_set_priority: Removed gnutls_cipher_set_priority: Removed gnutls_compression_set_priority: Removed gnutls_kx_set_priority: Removed gnutls_mac_set_priority: Removed gnutls_protocol_set_priority: Removed gnutls_rsa_export_get_modulus_bits: Removed gnutls_rsa_export_get_pubkey: Removed gnutls_rsa_params_cpy: Removed gnutls_rsa_params_deinit: Removed gnutls_rsa_params_export_pkcs1: Removed gnutls_rsa_params_export_raw: Removed gnutls_rsa_params_generate2: Removed gnutls_rsa_params_import_pkcs1: Removed gnutls_rsa_params_import_raw: Removed gnutls_rsa_params_init: Removed gnutls_sign_callback_get: Removed gnutls_sign_callback_set: Removed gnutls_x509_crt_verify_data: Removed gnutls_x509_crt_verify_hash: Removed gnutls_pubkey_get_verify_algorithm: Removed gnutls_x509_crt_get_verify_algorithm: Removed gnutls_pubkey_verify_hash: Removed gnutls_pubkey_verify_data: Removed gnutls_record_set_max_empty_records: Removed guile: set-session-cipher-priority!: Removed set-session-mac-priority!: Removed set-session-compression-method-priority!: Removed set-session-kx-priority!: Removed set-session-protocol-priority!: Removed set-session-certificate-type-priority!: Removed set-session-default-priority!: Removed set-session-default-export-priority!: Removed make-rsa-parameters: Removed rsa-parameters?: Removed set-certificate-credentials-rsa-export-parameters!: Removed pkcs1-import-rsa-parameters: Removed pkcs1-export-rsa-parameters: Removed

Upstream changes: 0.07 2016-09-21T01:35:56Z - Allow quoted cookie values, as per RFC 6265. #8

## 1.1.0 / 2016-06-28 ### Minor Enhancements * Support jruby (#8) ## 1.0.0 / 2016-04-28 ### Major enhancements - Merge Simple::ANSI and Colorator. (#7) ### Minor Enhancements - Delete unnecessary `Symbol#to_sym` (#2) - Change argument name of `Enumerator#each` for better code legibility (#3) ### Development Fixes - Convert to new RSpec expectation syntax (#1) - Fix `String#blue` result in README (#4)

* Moved the "ping?" and "pingecho" aliases to the `Ping` superclass. * Fix issue #8 (the specification for net-ping-2.0.0 has corupped).

Upstream changes: 0.07046 2016-09-05 - Introspect view definitions for PostgreSQL, MySQL, Oracle, Firebird, and InterBase. - When a file's md5sum was wrong but no other content in the file had changed, it would not be rewritten even when overwrite_modifications was true. Fixed by Dave Rolsky. GH #8.

0.21 2016-12-06 - Switched to using GitHub issues. 0.20 2016-12-05 - The keys for parameter specifications are now validated. If an unknown key is seen then an exception will be thrown. This will help you catch typos in your parameter specification. Implemented by Greg Oschwald. PR #8.

-------------------------------------- 0.28 2016-11-27 - Follow the current mime-apps-spec (fixes #8, #20) The current version of the mime-apps spec locates the per-user defaults file in `$XDG_CONFIG_HOME/mimeapps.list`. Use that location, and fall back to the per-system and distribution defaults as specified, with the previous legacy defaults file as a final fallback. Fix by Patrick Burroughs (Celti)

security/gnutls: security update Revisions pulled up: - security/gnutls/Makefile 1.146 - security/gnutls/distinfo 1.106 --- Module Name: pkgsrc Committed By: wiz Date: Fri May 30 13:20:23 UTC 2014 Modified Files: pkgsrc/security/gnutls: Makefile distinfo Log Message: Update to 3.2.15: * Version 3.2.15 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: Several memory leaks caused by error conditions were fixed. The leaks were identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** gnutls-cli: if dane is requested but not PKIX verification, then only do verify the end certificate. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: No changes since last version. * Version 3.2.14 (released 2014-05-06) ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** configure: Added --with-nettle-mini option, which allows linking with a libnettle that contains gmp. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: No changes since last version. * Version 3.2.13 (released 2014-04-07) ** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently if there are no base64 data. Report and patch by Ramkumar Chinchani. ** libgnutls: gnutls_record_send is now safe to be called under DTLS when in corked mode. ** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for these algorithms. ** libgnutls: Changed the behaviour in wildcard acceptance in certificates. Wildcards are only accepted when there are more than two domain components after the wildcard. This drops support for the permissive RFC2818 wildcards and adds more conservative support based on the suggestions in RFC6125. Suggested by Jeffrey Walton. ** certtool: When no password is provided to export a PKCS #8 keys, do not encrypt by default. This reverts to the certtool behavior of gnutls 3.0. The previous behavior of encrypting using an empty password can be replicating using the new parameter --empty-password. ** p11tool: Avoid dual initialization of the PKCS #11 subsystem when the --provider option is given. ** API and ABI modifications: No changes since last version.

1.42 2017-01-04 - Generated exception classes are now added to %INC. If you subclass a generated class with "use base" then base.pm will no longer attempt to load the requested class. Patch by Todd Rinaldo. PR #8.

1.40: 2016-09-07 Add warnings about stock CVS vs. the MirOS patched version. 1.39: 2016-09-06 Fix GitLab issue #8: Exporting with commitids does not coalesce changesets. 1.38: 2016-02-28 All Python code in the suite is 2 & 3 polyglot and 8-bit clean. 1.37: 2016-01-29 New -c option for when you can't trust commit-IDs. Port patch for Sun systems. 1.36: 2015-12-22 Avoid a core dump in another pathological case. 1.35: 2015-11-23 Properly handle CVS masters with nonempty access lists. Bail out gracefully on pathological masters with no revisions. 1.34: 2015-09-25 Another Python compatibility fix. Fix inconsistent license header in revdir.c.

0.36 2017-02-19 - Inlined coercions would attempt to coerce for every type which matched the value given, instead of stopping after the first type. Fixed by Graham Knop (GH #11). - Inlined coercions did not include the inline environment variables needed by the type from which the coercion was being performed. Fixed by Graham Knop (GH #8). - When you use the same type repeatedly as coderef (for example, as a constraint with Moo), it will only generated its subified form once, rather than regenerating it each time it is de-referenced. - Added an API to Specio::Subs to allow you to combine type libraries and helper subs in one package for exporting. See the Specio::Exporter docs for more details.

Add test target. Changes in version 0.21 *********************** Released on October 23rd, 2014. * Restored the atf(7) manual page to serve as a reference to all the other manual pages shipped by ATF. * Added the -s flag to atf-sh to support specifying the shell interpreter to be used. * Removed ATF_WORKDIR. The only remaining consumers have been converted to use the standard TMPDIR environment variable. As a benefit, and because Kyua forces the TMPDIR to live within the test case's work directory, any stale files left behind by ATF will be automatically cleaned up. * Documented the environment variables recognized by each component in the relevant manual pages. This information was lost with the atf-config(1) removal. * Added a new "require.diskspace" metadata property to test cases so that they can specify the minimum amount of disk space required for the test to run. * Renamed the atf-{c,c++,sh}-api(3) manual pages to atf-{c,c++,sh}(3) for discoverability purposes. Symbolic links are provided for the time being to still make the old names visible. * Issue #5: Recommend the (expected, actual) idiom for calls to the test macros in the manual pages. * Issue #7: Stopped catching unhandled exceptions in atf-c++ tests. This propagates the crash to the caller, which in turn allows it to obtain proper debugging information. In particular, Kyua should now be able to extract a stacktrace pinpointing the problem. * Issue #8: Fixed atf-c/macros_test:use test failures spotted by the clang that ships with FreeBSD 11.0-CURRENT. * Issue #12: Improved documentation of atf-sh(3) and atf-check(1) by better explaining how they relate to each other. * Issue #14: Stopped setting 'set -e' in atf-sh. This setting was initially added as a way to enable a "strict" mode in the library and to make test cases fail fast when they run unprotected commands. However, doing so in the library is surprising as the responsibility of enabling 'set -e' should be on the user's code. Also, 'set -e' introduces inconsistent behavior on subshells and users do not expect that. * Issue #15: Fixed atf_utils_{fork,wait} to support nested calls. * Issue #16: Fixed test failures (by removing a long-standing hack) on systems that lack \e support in printf(1). * Issue #19: Removed stale references to atf-config and atf-run.

Release date: 2017-03-08 14:32 UTC Changelog: * Set minimum PHP version to 5.4.0 * Set minimum PEAR version to 1.10.1 * Bug #18262: Incomplete buffer sent with fwrite after bugfix #14619 * Bug #20113: package.xml does not validate * Bug #21031: Warning on connection error(stream_socket_client) * PR #7: Fix for "Maximum execution time of 30 seconds exceeded" error * PR #8: Make PHP5 compatible

1.7.1 (2016-08-12) * Allow applications to query if they've got loggers #18 (thommay) 1.7.0 (2016-08-04) * test with updated ruby versions and run cucumber #16 (thommay) * Add dev dependency on chefstyle #15 (tas50) * Misc cleanup + add Travis #14 (tas50) * File log devices opened by mixlib-log should be closed. #13 (mhorbul) * Include the license type in the .gemspec #9 (benders) * MIXLIB-10: don't be so pessimistic about development libraries #8 (jkeiser) Fixed bugs: * Ensure that arguments to Mixlib::Log#add are passed as is to all loggers #7 (ketan) * Fixing RDoc formatting of README.rdoc. #4 (ampledata)

Fix www/wml configure to always use posix mode

d5c69db

Because wml uses very old configure scripts, the posix mode is not set with all shells. This can cause a test in the script to be false and makes it re-exec itself indefinitly.

oliwer closed this Apr 1, 2015

jsonn pushed a commit that referenced this pull request Feb 11, 2016

Update py-flask-babelex to 0.9.3.

dec7cf6

0.9.3 ----- * Merge pull request #8 from lnielsen/lazydomainfix Fix lazy gettext problem with domain evaluation

jsonn pushed a commit that referenced this pull request Feb 11, 2016

Update py-flask-babelex to 0.9.3.

bc216a3

0.9.3 ----- * Merge pull request #8 from lnielsen/lazydomainfix Fix lazy gettext problem with domain evaluation

jsonn pushed a commit that referenced this pull request Jun 5, 2016

Updated devel/p5-Eval-Closure to 0.14

e652104

------------------------------------- 0.14 2016-05-29 - a couple minor optimizations (dolmen, #8)

jsonn pushed a commit that referenced this pull request Oct 4, 2016

Update to 0.07

de42b2f

Upstream changes: 0.07 2016-09-21T01:35:56Z - Allow quoted cookie values, as per RFC 6265. #8

jsonn pushed a commit that referenced this pull request Oct 6, 2016

Update to 0.07

81aee38

Upstream changes: 0.07 2016-09-21T01:35:56Z - Allow quoted cookie values, as per RFC 6265. #8

jsonn pushed a commit that referenced this pull request Oct 17, 2016

Update ruby-net-ping to 2.0.1.

c750ec1

* Moved the "ping?" and "pingecho" aliases to the `Ping` superclass. * Fix issue #8 (the specification for net-ping-2.0.0 has corupped).

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix www/wml configure to always use posix mode #8

Fix www/wml configure to always use posix mode #8

oliwer commented Apr 1, 2015

Fix www/wml configure to always use posix mode #8

Fix www/wml configure to always use posix mode #8

Conversation

oliwer commented Apr 1, 2015