SU_CMD= ${LOCALBASE}/bin/sudo doesn't seem to work #11

Closed
risto3 opened this Issue Oct 25, 2012 · 2 comments

Comments

Projects
None yet
2 participants

risto3 commented Oct 25, 2012

If I understand chapter 9.12 (http://www.netbsd-france.org/docs/pkgsrc/faq.html#using-sudo-with-pkgsrc) correctly:

When installing packages as non-root user and using the just-in-time su(1) feature of pkgsrc, it can become annoying to type in the root password for each required package installed. To avoid this, the sudo package can be used, which does password caching over a limited time. To use it, install sudo (either as binary package or from security/sudo) and then put the following into your mk.conf, somewhere after the definition of the LOCALBASE variable:

.if exists(${LOCALBASE}/bin/sudo)
SU_CMD=        ${LOCALBASE}/bin/sudo /bin/sh -c
.endif

I tried this, and tried substitutin /usr/bin/bash for /bin/sh and finally chopped everything off after the sudo,
but I still need (e.g. in pkgsrc/doc/guide when doing a simple $bmake as a non-root user) to break out in each dependency package and do a sudo bmake install... simple bmake install gives the following type of error:

richard@devzone:~/src/pkgsrc/fonts/tex-amsfonts$ bmake install
=> Bootstrap dependency digest>=20010302: found digest-20111104
WARNING: [license.mk] Every package should define a LICENSE.
===> Building binary package for tex-amsfonts-3.0nb2
=> Creating binary package /home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tgz
pkg_create: cannot create archive: Failed to open '/home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tmp.tgz'
*** Error code 2

Stop.
bmake: stopped in /home/richard/src/pkgsrc/fonts/tex-amsfonts
*** Error code 1

Stop.
bmake: stopped in /home/richard/src/pkgsrc/fonts/tex-amsfonts

I checked the following:

richard@devzone:~/src/pkgsrc/fonts/tex-amsfonts$ bmake show-var VARNAME=LOCALBASE
/opt/pkg
richard@devzone:~/src/pkgsrc/fonts/tex-amsfonts$ bmake show-var VARNAME=SU_CMD
/opt/pkg/bin/sudo
richard@devzone:~/src/pkgsrc/fonts/tex-amsfonts$ bmake show-var VARNAME=SH
/usr/bin/bash

here is the shell level debug output

set -e;/usr/bin/env AWK=/opt/pkg/bin/nawk PKG_ADMIN=/opt/pkg/sbin/pkg_admin\ -K\ /var/opt/pkg/db/pkg  PKGSRCDIR=/home/richard/src/pkgsrc PWD_CMD=/bin/pwd SED=/opt/pkg/bin/nbsed  /usr/bin/bash /home/richard/src/pkgsrc/mk/pkgformat/pkg/list-dependencies  " "\ \ digest\>=20010302:../../pkgtools/digest " " " " |                while read type pattern dir; do                     test "$type" = "bootstrap" || continue;         pkg=`/opt/pkg/sbin/pkg_info -K /var/opt/pkg/db/pkg -E "$pattern" || true`;      case $type in bootstrap) Type=Bootstrap;; build) Type=Build;; full) Type=Full;; esac;  case "$pkg" in                           "")                                 echo "=>" "$Type dependency $pattern: NOT found";   target=package-install;                 echo "=>" "Verifying $target for $dir";         [ -d "$dir" ] || /usr/bin/bash /home/richard/src/pkgsrc/mk/scripts/fail echo 1>&2 "ERROR:" "[depends.mk] The directory \`\`$dir'' does not exist.";  cd $dir;                       /usr/bin/env  PATH=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.wrapper/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.buildlink/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.tools/bin:/opt/pkg/bin:/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin USE_DESTDIR=yes _PKGSRC_DEPS=" tex-amsfonts-3.0nb2" PKGNAME_REQD="$pattern" /opt/pkg/bin/bmake _MAKE=/opt/pkg/bin/bmake OPSYS=SunOS OS_VERSION=5.11 LOWER_OPSYS=solaris _PKGSRCDIR=/home/richard/src/pkgsrc _HOSTNAME=devzone OBJHOSTNAME= PKGTOOLS_VERSION=20120221 _CC=/opt/pkg/gcc47/bin/gcc _PATH_ORIG=/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin _AUTOMATIC=yes $target;  pkg=`/opt/pkg/sbin/pkg_info -K /var/opt/pkg/db/pkg -E "$pattern" || true`;  case "$pkg" in                      "")    echo 1>&2 "ERROR:" "[depends.mk] A package matching \`\`$pattern'' should";  echo 1>&2 "ERROR:" "    be installed, but one cannot be found.  Perhaps there is a";  echo 1>&2 "ERROR:" "    stale work directory for $dir?";  exit 1;                         esac;                           echo "=>" "Returning to build of tex-amsfonts-3.0nb2";      ;;                          *)                              objfmt=`/opt/pkg/sbin/pkg_info -K /var/opt/pkg/db/pkg -Q OBJECT_FMT "$pkg"`;        case "$objfmt" in                   "")    echo 1>&2 "WARNING:" "[depends.mk] Unknown object format for installed package $pkg" ;;  ELF)   ;;                   *) echo 1>&2 "ERROR:" "[depends.mk] Installed package $pkg has an";  echo 1>&2 "ERROR:" "    object format \`\`$objfmt'' which differs from \`\`ELF''.  Please";  echo 1>&2 "ERROR:" "    update the $pkg package to ELF.";  exit 1;                        ;;                      esac;                           silent=;            if test -z "${silent}"; then            echo "=>" "$Type dependency $pattern: found $pkg";  fi;                             ;;                          esac;               done
=> Bootstrap dependency digest>=20010302: found digest-20111104
set -e; for w in "[license.mk] Every package should define a LICENSE." ; do echo "WARNING: $w"; done
WARNING: [license.mk] Every package should define a LICENSE.
set -e; set -e;                          case checksum-phase in                      *-phase)   test ! -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.extract_done || exit 0 ;;    esac;                               if cd /home/richard/src/pkgsrc/distfiles && /usr/bin/env DIGEST=/opt/pkg/bin/digest CAT=/usr/bin/cat    ECHO=echo SED=/opt/pkg/bin/nbsed            TEST=test                   /usr/bin/bash /home/richard/src/pkgsrc/mk/checksum/checksum /home/richard/src/pkgsrc/fonts/tex-amsfonts/distinfo tex-amsfonts-15878/amsfonts.tar.xz; then  true;                        else                                echo 1>&2 "ERROR:" "Make sure the Makefile and checksum file (/home/richard/src/pkgsrc/fonts/tex-amsfonts/distinfo)";  echo 1>&2 "ERROR:" "are up to date.  If you want to override this check, type";  echo 1>&2 "ERROR:" "\"/opt/pkg/bin/bmake NO_CHECKSUM=yes [other args]\".";  exit 1;                             fi
set -e;                  if test -n "" &&  /opt/pkg/sbin/pkg_info -K /var/opt/pkg/db/pkg -qe tex-amsfonts-3.0nb2; then  echo ===\> "Skipping installation of already handled package";  else  cd /home/richard/src/pkgsrc/fonts/tex-amsfonts                             && /usr/bin/env  PATH=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.wrapper/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.buildlink/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.tools/bin:/opt/pkg/bin:/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin USE_DESTDIR=yes /opt/pkg/bin/bmake _MAKE=/opt/pkg/bin/bmake OPSYS=SunOS OS_VERSION=5.11 LOWER_OPSYS=solaris _PKGSRCDIR=/home/richard/src/pkgsrc _HOSTNAME=devzone OBJHOSTNAME= PKGTOOLS_VERSION=20120221 _CC=/opt/pkg/gcc47/bin/gcc _PATH_ORIG=/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin _PKGSRC_BARRIER=yes ALLOW_VULNERABLE_PACKAGES= install  || {                              exitcode="$?";                      /usr/bin/env  PATH=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.wrapper/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.buildlink/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.tools/bin:/opt/pkg/bin:/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin USE_DESTDIR=yes /opt/pkg/bin/bmake _MAKE=/opt/pkg/bin/bmake OPSYS=SunOS OS_VERSION=5.11 LOWER_OPSYS=solaris _PKGSRCDIR=/home/richard/src/pkgsrc _HOSTNAME=devzone OBJHOSTNAME= PKGTOOLS_VERSION=20120221 _CC=/opt/pkg/gcc47/bin/gcc _PATH_ORIG=/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin _PKGSRC_BARRIER=yes barrier-error-check;  exit "$exitcode";                  };  fi
===> Building binary package for tex-amsfonts-3.0nb2
set -e; /usr/bin/rm -f /home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tgz
set -e;/usr/bin/mkdir -p /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb
set -e;/usr/bin/rm -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e; (echo LOCALBASE=/opt/pkg ; echo PKGINFODIR=info ; echo PKGMANDIR=man ; echo _USE_DESTDIR=user-destdir ; echo PKG_SYSCONFBASEDIR=/etc/opt/pkg ; echo PKG_SYSCONFDIR=/etc/opt/pkg ; echo PKGPATH=fonts/tex-amsfonts ; echo OPSYS=SunOS ; echo OS_VERSION=5.11 ; echo MACHINE_ARCH=x86_64 ; echo MACHINE_GNU_ARCH=x86_64 ; echo ABI=64 ; echo CPPFLAGS=\ \  ; echo CFLAGS=-O ; echo FFLAGS=-O ; echo LDFLAGS=\ \ \ -L/opt/pkg/gcc47/lib/gcc/x86_64-sun-solaris2.11/4.7.0\ -Wl,-R/opt/pkg/gcc47/lib/gcc/x86_64-sun-solaris2.11/4.7.0\ -L/opt/pkg/gcc47/lib\ -Wl,-R/opt/pkg/gcc47/lib\ -Wl,-R/opt/pkg/lib ; echo OBJECT_FMT=ELF ; echo LICENSE= ; echo RESTRICTED= ; echo NO_SRC_ON_FTP= ; echo NO_SRC_ON_CDROM= ; echo NO_BIN_ON_FTP= ; echo NO_BIN_ON_CDROM= ; echo CONFIGURE_ENV=INSTALL_INFO=\ MAKEINFO=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.tools/bin/makeinfo\ FLEX=\ BISON=\ PKG_CONFIG=\ PKG_CONFIG_LIBDIR=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.buildlink/lib/pkgconfig:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.buildlink/share/pkgconfig\ PKG_CONFIG_LOG=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkg-config.log\ PKG_CONFIG_PATH=\ MAKE=make\ WRAPPER_DEBUG=no\ WRAPPER_UPDATE_CACHE=yes\ CC=gcc\ CFLAGS=-O\ CPPFLAGS=\ CXX=g++\ CXXFLAGS=-O\ COMPILER_RPATH_FLAG=-Wl,-R\ F77=f77\ FC=f77\ FFLAGS=-O\ LANG=C\ LC_COLLATE=C\ LC_CTYPE=C\ LC_MESSAGES=C\ LC_MONETARY=C\ LC_NUMERIC=C\ LC_TIME=C\ LDFLAGS=-L/opt/pkg/gcc47/lib/gcc/x86_64-sun-solaris2.11/4.7.0\\\ -Wl,-R/opt/pkg/gcc47/lib/gcc/x86_64-sun-solaris2.11/4.7.0\\\ -L/opt/pkg/gcc47/lib\\\ -Wl,-R/opt/pkg/gcc47/lib\\\ -Wl,-R/opt/pkg/lib\ LINKER_RPATH_FLAG=-R\ PATH=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.wrapper/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.buildlink/bin:/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.tools/bin:/opt/pkg/bin:/opt/pkg/sbin:/opt/pkg/bin:/opt/pkg/gcc47/bin:/usr/bin:/usr/sbin:/sbin:/opt/pkg/bin:/opt/pkg/bin\ PREFIX=/opt/pkg\ PKG_SYSCONFDIR=/etc/opt/pkg\ CPP=cpp\ CXXCPP=cpp\ HOME=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.home ; echo CONFIGURE_ARGS= ; echo CMAKE_ARGS= ; echo _PLIST_IGNORE_FILES= ;)   > /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;echo "PKGTOOLS_VERSION=20091115" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;echo "HOMEPAGE=http://www.tug.org/texlive/" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;echo "CATEGORIES=print" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;echo "MAINTAINER=minskim@NetBSD.org" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;echo "BUILD_DATE=2012-10-25 19:02:38 +0200" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;echo "BUILD_HOST=SunOS devzone 5.11 oi_151a7 i86pc i386 i86pc" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;                              case "" in                      "")    ldd=`/usr/bin/type ldd 2>/dev/null | /opt/pkg/bin/nawk '{ print $NF }'` ;;  *)  ldd= ;;                      esac;                               bins=`/opt/pkg/bin/nawk '/(^|\/)(bin|sbin|libexec)\// { print "/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/opt/pkg/" $0 } END { exit 0 }' /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST_nokeywords`;  case ELF"" in                     ELF)                                libs=`/opt/pkg/bin/nawk '/\/lib.*\.so(\.[0-9]+)*$/ { print "/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/opt/pkg/" $0 } END { exit 0 }' /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST_nokeywords`;  if test -n "$bins" -o -n "$libs"; then       requires=`(/usr/bin/env  LD_LIBRARY_PATH=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/opt/pkg/lib $ldd $bins $libs 2>/dev/null || true) | /opt/pkg/bin/nawk '$2 == "=>" && $3 ~ "/" { print $3 }' | /opt/pkg/bin/nbsed -e 's,/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir,,' | /usr/bin/sort -u`;  fi;                            linklibs=`/opt/pkg/bin/nawk '/.*\.so(\.[0-9]+)*$/ { print "/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/opt/pkg/" $0 }' /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST_nokeywords`;  for i in $linklibs; do                   if test -r $i -a ! -x $i -a ! -h $i; then   test yes"" = "no" ||  echo "$i: installed without execute permission; fixing (should use [BSD_]INSTALL_LIB)";  /usr/bin/chmod +x $i;            fi;                         done;                           ;;                          Mach-O)                                 libs=`/opt/pkg/bin/nawk '/\/lib.*\.dylib/ { print "/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/opt/pkg/" $0 } END { exit 0 }' /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST_nokeywords`;  if test "$bins" != "" -o "$libs" != ""; then  requires=`($ldd $bins $libs 2>/dev/null || true) | /opt/pkg/bin/nawk '/compatibility version/ { print $1 }' | /usr/bin/sort -u`;  fi;                           ;;                          esac;                               requires=`{ for i in $requires $requires; do echo $i; done;  /opt/pkg/bin/nawk '{ print "/opt/pkg/" $0 }' /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST_nokeywords; } |  /usr/bin/sort | uniq -c | awk '$1 == 2 {print $2}'`;  for i in "" $libs; do                      test "$i" != "" || continue;            echo "PROVIDES=${i}";               done | /opt/pkg/bin/nbsed -e 's,^PROVIDES=/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir,PROVIDES=,'         >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp;                     for req in "" $requires; do                     test "$req" != "" || continue;          echo "REQUIRES=$req" >> /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp;        done
set -e;                              rm -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO;                      sort /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp > /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO;                 rm -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO.tmp
set -e;/usr/bin/mkdir -p /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb
set -e;  /usr/bin/cat /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST |                      /opt/pkg/bin/nawk 'BEGIN { base = "/opt/pkg/" }                 /^@cwd/ { base = $2 "/" }               /^@/ { next }                       { print base $0 }' |                    /usr/bin/sort -u |                          /opt/pkg/bin/nbsed -e "s,^/,/home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/," -e "s/'/'\\\\''/g" -e "s/.*/'&'/" |  /usr/bin/xargs -n 256 /usr/bin/ls -ld 2>/dev/null |               /opt/pkg/bin/nawk 'BEGIN { s = 0 } { s += $5 } END { print s }'         > /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+SIZE_PKG
set -e;/usr/bin/mkdir -p /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb
set -e;                              {                               /usr/bin/cat /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+SIZE_PKG &&               /opt/pkg/bin/nawk '$1 == "full" { print $3; }' < /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.rdepends | /usr/bin/sort -u |            /usr/bin/xargs -n 256 /opt/pkg/sbin/pkg_info -K /var/opt/pkg/db/pkg -qs;            } |                                 /opt/pkg/bin/nawk 'BEGIN { s = 0 } /^[0-9]+$/ { s += $1 } END { print s }'  > /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+SIZE_ALL
set -e; /usr/bin/mkdir -p /home/richard/src/pkgsrc/packages/All
=> Creating binary package /home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tgz
set -e; tmpname=/home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tmp.tgz;   if /opt/pkg/sbin/pkg_create -K /var/opt/pkg/db/pkg -l -U -B /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_INFO -b /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+BUILD_VERSION -c /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+COMMENT  -d /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+DESC -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.PLIST_deps  -S /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+SIZE_ALL -s /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+SIZE_PKG         -C teTeX-texmf\<=3.0nb13\ tex-cm\<2009\ tex-latex-fonts\<2009\ tex-misc\<2009   -i /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+INSTALL     -k /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.pkgdb/+DEINSTALL -F gzip -I /opt/pkg -p /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.destdir/opt/pkg -u root -g root "$tmpname"; then      /usr/bin/mv -f "$tmpname" /home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tgz;            else                                exitcode=$?; /usr/bin/rm -f "$tmpname"; exit $exitcode;     fi
pkg_create: cannot create archive: Failed to open '/home/richard/src/pkgsrc/packages/All/tex-amsfonts-3.0nb2.tmp.tgz'
*** Error code 2

Stop.
bmake: stopped in /home/richard/src/pkgsrc/fonts/tex-amsfonts
set -e;                  /usr/bin/rm -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.warning/*.tmp;                     test -d /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.warning || exit 0;                cd /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.warning;                       for file in ./*; do                         test "$file" != "./*" || exit 0;            break;                          done;                               /usr/bin/cat ./* | /opt/pkg/bin/nbsed -e "s|^|WARNING: |" 1>&2;                     /usr/bin/mv -f ./* /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.warning-done
set -e;                  /usr/bin/rm -f /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.error/*.tmp;                   test -d /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.error || exit 0;              cd /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.error;                         for file in ./*; do                         test "$file" != "./*" || exit 0;            break;                          done;                               /usr/bin/cat * | /opt/pkg/bin/nbsed -e "s|^|ERROR: |" 1>&2;                     if /opt/pkg/bin/nawk 'END { exit (NR > 0) ? 0 : 1; }' ./*; then                 /usr/bin/mv -f ./* /home/richard/src/pkgsrc/fonts/tex-amsfonts/work.devzone/.error-done;            exit 1;                             fi
*** Error code 1

Stop.
bmake: stopped in /home/richard/src/pkgsrc/fonts/tex-amsfonts

Is there something else that needs to be set for a non root user?

Member

jperkin commented Oct 25, 2012

The binary packages are created as the normal user, did you perhaps
change the permissions on /home/richard/src/pkgsrc/packages/All during
testing so that your 'richard' user can no longer write to that
directory or all the files in it?

Jonathan Perkin www.perkin.org.uk
github.com/jperkin twitter.com/jperkin

risto3 commented Oct 25, 2012

Indeed these where owned by root... probably when I updated and put everything back to default I may have been in pfexec bash.
changed owner back to me and corrected some permissions, and put back in the '/usr/bin/bash -c ' part and it seems to work, thanks.

risto3 closed this Oct 25, 2012

@jperkin jperkin pushed a commit that referenced this issue Dec 17, 2012

taca Update ruby-gettext to 2.3.5.
# News
## <a id="2-3-5">2.3.5</a>: 2012-12-11

This is a bug fix release.

### Fixes

  * [POParser] Fixed the class name for backward compatibility.

## <a id="2-3-4">2.3.4</a>: 2012-12-11

This is a many changes and new implements release.

### Improvements

  * [Merger] Implemented "fuzzy-match" with Levenshtein distance.
  * Added the class "PO" for management PO entries. Please use PO
    instead of PoData. (see details in
    http://rubydoc.info/gems/gettext/GetText/PO.html)
  * [POEntry (renamed from PoMessages)] Supported to specify msgstr.
  * [POEntry] Stored comments each type
    (translator\_comment, extracted\_comment, flag, previous).
    see
    http://www.gnu.org/software/gettext/manual/html_node/PO-Files.html
    for details of comment type.
  * [POEntry] Checked if specified type is valid in #type=.
  * [PoParser][MO] Concatenated msgctxt, msgid, msgid\_plural to
    "#{msgctxt}\004#{msgid}\000"{msgid\_plural}" by MO instead of
    PoParser. PoData and MO treat a concatenated string as msgid, but
    PO doesn't.
  * [PoParser] Parsed each type comment from whole comment.

### Changes

  * Rename some classes and methods.
    * PoMessage to PoEntry. This isn't "message" but "entry".
      (See http://www.gnu.org/software/gettext/manual/gettext.html#PO-Files)
    * PoMessages#== to POEntry#mergeable?.
    * PoMessages#to\_po\_str to POEntry#to\_s.
    * PoMessages#sources(sources=) to POEntry#references(references=)
    * MoFile to MO. For backword compatible, MoFile can be used now.
    * PoParser to POParser. For backword compatible, PoParser can be used now.
  * Raised no error when POEntry doesn't have references.
    It is useful for no references in .PO file.

# News
## <a id="2-3-3">2.3.3</a>: 2012-10-18

It's a package fix and msginit improvement release.

### Improvements

  * [msginit] Supported plural forms for Bosnian, Catalan, Norwegian
    Bokmal and Chinese.

### Fixes

  * Fixed the bug that messages (i.e. the help message for rmsgfmt)
    aren't localized in each environment. However, some
    messages aren't tranlated or resolved fuzzy. Please
    help us to translate or resolve them.
    [Github #12][Reported by mtasaka]
  * Used String#% to localize some messages.

### Thanks

  * mtasaka

## <a id="2-3-2">2.3.2</a>: 2012-09-20

It's a bug fix release.

### Fixes

  * Fixed the bug that untranslated messages are included in a .mo file.
    [Github #11][Reported by Ramón Cahenzli]

### Thanks

  * Ramón Cahenzli
a2c82d2

@jperkin jperkin pushed a commit that referenced this issue Jan 2, 2013

obache Update ruby-ole to 1.2.11.5.
== 1.2.11.5 / 2012-11-06

- Fix breakage of IO.parse_mode on Rubinius (issue #10).
- Make tests pass on rubinius (issue #11).
- Improve RangesIO test coverage.
- Don't warn when mbat_start is AVAIL instead of EOC (github #9).
98a7195

@jperkin jperkin pushed a commit that referenced this issue Jan 7, 2013

obache Update ruby-ole to 1.2.11.6.
== 1.2.11.6 / 2012-12-10

- Fix breakage of writable IO stream detection on Windows (github #11).
b974520

@jperkin jperkin pushed a commit that referenced this issue May 24, 2013

ryoon Update to 1.1.20
Changelog:
Version 1.1.20 (released 24-Apr-2013)

  * fix tab-to-space handling regression in markup view
  * fix regression in root lookup handling (issue #526)

Version 1.1.19 (released 22-Apr-2013)

  * improve root lookup performance (issue #523)
  * new 'max_filesize_kbytes' config option and handling (issue #524)
  * tarball generation improvements:
    - preserve Subversion symlinks in generated tarballs (issue #487)
    - reduce memory usage of tarball generation logic
    - fix double compression of generated tarballs (issue #525)
  * file content handling improvements:
    - expanded support for encoding detection and transcoding (issue #11)
    - fix tab-to-space conversion bugs in markup, annotate, and diff views
    - fix handling of trailing whitespace in diff view
  * add support for timestamp display in ISO8601 format (issue #46)

Version 1.1.18 (released 28-Feb-2013)

  * fix exception raised by BDB-backed SVN repositories (issue #519)
  * hide revision-less files when rcsparse is in use
  * include branchpoints in branch views using rcsparse (issue #347)
  * miscellaneous cvsdb improvements:
    - add --port option to make-database (issue #521)
    - explicitly name columns in queries (issue #522)
    - update MySQL syntax to avoid discontinued "TYPE=" terms
4eece3a

@mamash mamash pushed a commit that referenced this issue Aug 12, 2013

ryoon Update to 3.15.1
Changelog:
NSS 3.15.1 release notes

Introduction

Network Security Services (NSS) 3.15.1 is a patch release for NSS 3.15. The bug fixes in NSS 3.15.1 are described in the "Bugs Fixed" section below.
Distribution Information

NSS 3.15.1 source distributions are also available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/

New in NSS 3.15.1
New Functionality

    TLS 1.2: TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations.
        The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1.
        AES GCM cipher suites are not yet supported.

New Functions

None.
New Types

    in sslprot.h
        SSL_LIBRARY_VERSION_TLS_1_2 - The protocol version of TLS 1.2 on the wire, value 0x0303.
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_NULL_SHA256 - New TLS 1.2 only HMAC-SHA256 cipher suites.
    in sslerr.h
        SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, SSL_ERROR_DIGEST_FAILURE, SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM - New error codes for TLS 1.2.
    in sslt.h
        ssl_hmac_sha256 - A new value in the SSLMACAlgorithm enum type.
        ssl_signature_algorithms_xtn - A new value in the SSLExtensionType enum type.

New PKCS #11 Mechanisms

None.
Notable Changes in NSS 3.15.1

    Bug 856060 - Enforce name constraints on the common name in libpkix  when no subjectAltName is present.
    Bug 875156 - Add const to the function arguments of SEC_CertNicknameConflict.
    Bug 877798 - Fix ssltap to print the certificate_status handshake message correctly.
    Bug 882829 - On Windows, NSS initialization fails if NSS cannot call the RtlGenRandom function.
    Bug 875601 - SECMOD_CloseUserDB/SECMOD_OpenUserDB fails to reset the token delay, leading to spurious failures.
    Bug 884072 - Fix a typo in the header include guard macro of secmod.h.
    Bug 876352 - certutil now warns if importing a PEM file that contains a private key.
    Bug 565296 - Fix the bug that shlibsign exited with status 0 even though it failed.
    The NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option is removed.

Bugs fixed in NSS 3.15.1

    https://bugzilla.mozilla.org/buglist.cgi?list_id=5689256;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.15.1;product=NSS

Compatibility

NSS 3.15.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.



NSS 3.15 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.15, which is a minor release.
Distribution Information

The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.

NSS 3.15 source distributions are available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/

New in NSS 3.15
New Functionality

    Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.
    Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    certutil has been updated to support creating name constraints extensions.

New Functions

    in ssl.h
        SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension.
        SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
    in ocsp.h
        CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
        SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time.
    in xconst.h
        CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
    in secitem.h
        SECITEM_AllocArray
        SECITEM_DupArray
        SECITEM_FreeArray
        SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays
        SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938.
    in pk11pub.h
        PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
        PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

New Types

    in secitem.h
        SECItemArray - Represents a variable-length array of SECItems.

New Macros

    in ssl.h
        SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

Notable Changes in NSS 3.15

    SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

    NSS has migrated from CVS to the Mercurial source control management system.

    Updated build instructions are available at Migration to HG

    As part of this migration, the source code directory layout has been re-organized.

    The list of root CA certificates in the nssckbi module has been updated.

    The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

    Applications that use SSL_AuthCertificateHook to override the default handler should add appropriate calls to SSL_PeerStapledOCSPResponse and CERT_CacheOCSPResponseFromSideChannel.
    Bug 554369: Fixed correctness of CERT_CacheOCSPResponseFromSideChannel and other OCSP caching behaviour.
    Bug 853285: Fixed bugs in AES GCM.
    Bug 341127: Fix the invalid read in rc4_wordconv.
    Faster NIST curve P-256 implementation.
    Dropped (32-bit) SPARC V8 processor support on Solaris. The shared library libfreebl_32int_3.so is no longer produced.

Bugs fixed in NSS 3.15

This Bugzilla query returns all the bugs fixed in NSS 3.15:

https://bugzilla.mozilla.org/buglist.cgi?list_id=6278317&resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.15
633504c

@jperkin jperkin pushed a commit that referenced this issue Sep 16, 2013

wiz Update to 2.54:
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $
! Encode.xs
+ t/cow.t
  Addressed: COW breakage with _utf8_on()
  https://rt.cpan.org/Ticket/Display.html?id=88230
! Encode.pm
  Reverted the document accordingly to #11
  dankogai/p5-encode#10
+ t/decode.t
  Unit test for decoding behavior change in #11
  dankogai/p5-encode#12

2.53 2013/08/29 15:20:31
! Encode.pm
  Merged: Do not short-circuit decode_utf8 with utf8 flags
  dankogai/p5-encode#11
  Merged: document decode_utf8 behaviour more precise
  dankogai/p5-encode#10
! Makefile.PL
  Added repository cpan metadata
  dankogai/p5-encode#9

2.52 2013/08/14 02:29:54
! ucm/*.ucm
  Addressed:
    Unicode Mappping tables are missing Unicode Inc. license notification
    All files including "as long as this notice remains attached" now
    have that notice attached in the comment section.  (cp* and mac*
    do not since their source files do not include that notice)
  https://rt.cpan.org/Ticket/Display.html?id=87340
! lib/Encode/MIME/Header.pm
  t/mime-header.t
  Addressed: encoding "0" with MIME-Headers gets a blank string
  https://rt.cpan.org/Ticket/Display.html?id=87831
! Encode.pm
  Addressed: Documentation buglet
  https://rt.cpan.org/Ticket/Display.html?id=84992
! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL
  Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL
  Symbol/Makefile.PL TW/Makefile.PL
  Applied: Patch to output #includes in deterministic order
  https://rt.cpan.org/Ticket/Display.html?id=86974

2.51 2013/04/29 22:19:11
! Encode.xs
  Addressed: Encode.xs doesn't compile with Microsoft C compiler
  https://rt.cpan.org/Public/Bug/Display.html?id=84920
! MANIFEST
  Addressed: t/taint.t missing
  https://rt.cpan.org/Public/Bug/Display.html?id=84919

2.50 2013/04/26 18:30:46
! Encode.xs Unicode/Unicode.xs
  lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm
  t/taint.t
  Addressed: Encode::encode and Encode::decode
             gratuitously launders tainted data
  Taintedness now propagates as it should.
  https://rt.cpan.org/Ticket/Display.html?id=84879
! encoding.pm
  Addressed: 5.18 deprecation
  https://rt.cpan.org/Ticket/Display.html?id=84709
! bin/piconv
  Applied: Update piconv documentation
  https://rt.cpan.org/Ticket/Display.html?id=84695

2.49 2013/03/05 03:12:49
! Encode.xs
  Addressed: Encoding objects leak memory if decoding fails
  dankogai/p5-encode#8

2.48 2013/02/18 02:23:56
! encoding.pm
  t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t
  t/encoding.t t/jperl.t
  [PATCH] Deprecate encoding.pm
  https://rt.cpan.org/Ticket/Display.html?id=81255
! Encode/Supported.pod
  Fixed: Pod errors
  https://rt.cpan.org/Ticket/Display.html?id=81426
! Encode.pm t/Encode.t
  [PATCH] Fix for shared hash key scalars
  https://rt.cpan.org/Ticket/Display.html?id=80608
! Encode.pm
  Fixed: Uninitialized value warning from Encode->encodings()
  https://rt.cpan.org/Ticket/Display.html?id=80181
! Makefile.PL
  Install to 'site' instead of 'perl' when perl version is 5.11+
  https://rt.cpan.org/Ticket/Display.html?id=78917
! Encode/Makefile_PL.e2x
  find enc2xs.bat if it works on windows.
  dankogai/p5-encode#7
! t/piconv.t
  Fix finding piconv in t/piconv.t
  dankogai/p5-encode#6
e7d987f

@jperkin jperkin pushed a commit that referenced this issue Nov 1, 2013

ryoon Update to 3.15.2
Changelog:
Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.

    Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.

New in NSS 3.15.2
New Functionality

    AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_128_GCM_SHA256

New Functions

PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types

No new types have been introduced.
New PKCS #11 Mechanisms

No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2

    Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
    Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
    Bug 884178 - Add PK11_CipherFinal macro

Bugs fixed in NSS 3.15.2

    Bug 734007 - sizeof() used incorrectly
    Bug 900971 - nssutil_ReadSecmodDB() leaks memory
    Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
    Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.

A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility

NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
b27e972

@jperkin jperkin pushed a commit that referenced this issue Nov 1, 2013

minskim Update tcpreplay to 3.4.4.
Changes:
- Set default timing method to either gtod or abstime (#404)
- Fix IPv6 parsing of CIDR's (#405)
- Add support for preloading the memory cache (#410)
- Generate more useful error when packets are too small (#411)
- Update to libopts/Autogen 5.9.9 (#412)
- Ship Win32Readme.txt file (#413)
- Update copyright notice to 2010 (#416)
- Dramatically enhance --portmap option (#417)
- Update autotools (#423)
- Add support for printing statistics periodically during the run (#424)
- Warn user when pcap snaplen < 65535 (#425)
- Add 802.1q processing support tcpprep (#428)
- Link libnl when newer versions of libpcap require it (#397)
- Ship m4 directory (#398)
- Upgrade to latest autotools scripts (#400)
- Fix error message when running autogen.sh (#401)
- Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11)
- Add IPv6 fragroute support (#388)
- Add IPv6 decoding support to tcpprep (#11)
- Fix compile time error in err.h (#390)
- Add --endpoints support in tcpreplay-edit (#393)
02159dd

@jperkin jperkin pushed a commit that referenced this issue Nov 1, 2013

wiz Update to 3.2.6:
* Version 3.2.6 (released 2013-10-31)

** libgnutls: Support for TPM via trousers is now enabled by default.

** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.

** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.

** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.

** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.

** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.

** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.

** gnulib: updated.

** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.

** p11tool: Added option generate-random.

** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
ed8dcb9

@jperkin jperkin pushed a commit that referenced this issue Dec 3, 2013

wiz Update to 3.2.7:
* Version 3.2.7 (released 2013-11-23)

** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).

** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.

** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.

** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html

** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.

** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.

** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.

** libgnutls: Session tickets are encrypted using AES-GCM.

** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.

** libgnutls: Forbid all compression methods in DTLS.

** gnutls-serv: Fixed issue with IPv6 address in UDP mode.

** certtool: When exporting an encrypted PEM private key do not output the key
parameters.

** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.

** certtool: Added new template options: 'activation_date', and
'expiration_date'.

** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.

** tools: The installed version of libopts is used if the autogen tool is
present.

** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
220b29c

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

taca Update ruby-activeldap pacakge to 3.1.1.
3.1.1: 2011-11-03

* Supported Rails 3.1.1.
* [GitHub:#9] Fixed a typo in document. [warden]
* [GitHub:#11] Added persisted?. [bklier]
* [GitHub:#16] Supported 4 or more bytes salt for SSHA and SMD5. [Alex Tomlins]

  Thanks

   * warden
   * bklier
   * Alex Tomlins

3.1.0: 2011-07-09

* Supported Rails 3.1.0.rc4. [Ryan Tandy, Narihiro Nakamura, Hidetoshi Yoshimoto]
* Removed ActiveRecord dependency and added ActiveModel dependency.
* Used YARD instead of RDoc as documentation sysytem.
2d4f4dd

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

obache Update memtest86 to 4.0.
Based on PR 45754 by Radoslaw Kujawa.

Enhancements in v4.0 (28/Mar/2011)
* Support for testing with multiple CPUs. All tests except for #11 (Bit Fade)
  have been multi-threaded. A maximum of 16 CPUs will be used for testing.
* CPU detection has been completely re-written to use the brand ID string rather
  than the cumbersome, difficult to maintain and often out of date CPUID family
  information. All new processors will now be correctly identified without
  requiring code support.
* All code related to controller identification, PCI and DMI has been removed.
  This may be a controversial decision and was not made lightly. The following
  are justifications for the decision:
    1. Controller identification has nothing to do with actual testing of memory,
     the core purpose of Memtest86.
    2. This code needed to be updated with every new chipset. With the ever
       growing number of chipsets it is not possible to keep up with the changes.
       The result is that new chipsets were more often than not reported
       in-correctly. In the authors opinion incorrect information is worse
       than no information.
    3. Probing for chipset information carries the risk of making the program
       crash.
    4. The amount of code involved with controller identification was quite
       large, making support more difficult.

  Removing this code also had the unfortunate effect of removing reporting of
  correctable ECC errors. The code to support ECC was hopelessly intertwined the
  controller identification code. A fresh, streamlined implementation of ECC
  reporting is planned for a future release.
* A surprising number of conditions existed that potentially cause problems when
  testing more than 4 GB of memory. Most if not all of these conditions have
  been identified and corrected.
* A number of cases were corrected where not all of memory was being tested. For
  most tests the last word of each test block was not tested. In addition an
  error in the paging code was fixed that omitted from testing the last 256
  bytes of each block above 2 GB.
* The information display has been simplified and a number of details that were
  not relevant to testing were removed.
* Memory speed measurement has been parallelized for more accurate reporting for
  multi channel memory controllers.
* This is a major re-write of the Memtest86 with a large number of minor
  bug-fixes and substantial cleanup and re-organization of the code.
cd55919

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

taca Update ruby-mime-types to 1.18.
== MIME::Types 1.18 / 2012-03-20
* New MIME Types:
  * Types reported in Issue #6
    (https://github.com/halostatue/mime-types/issues/6):
    * CoffeeScript (text/x-coffeescript; .coffee; 8bit).
    * AIR
      (application/vnd.adobe.air-applicationinstaller-package+zip, .air;
      base64).
    * WOFF (application/font-woff; .woff; base64).
    * TrueType (application/x-font-truetype; .ttf; base64).
    * OpenType (application/x-font-opentype; .otf; base64).
  * WebM (audio/webm, video/webm; .webm). Issue #11
    (https://github.com/halostatue/mime-types/issues/11).
* New extensions:
  * f4v/f4p (video/mp4, used by Adobe); f4a/fb4 (audio/mp4, used by Adobe).
* Bug Fixes:
  * It was pointed out that Licence.txt was incorrectly named. Fixed by
    renaming to Licence.rdoc (from Issue/Pull Request #8,
    https://github.com/halostatue/mime-types/issues/8).
  * It was pointed out that a plan to have the test output generated
    automatically never went through. Issue #10
    (https://github.com/halostatue/mime-types/issues/10)
caef141

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

taca Update ruby-logging to 1.7.2.
== 1.7.2 / 2012-04-03

Bug Fixes
- Fixed segmentation fault on exit [issue #30]
- Fixed syswrite warning when IO contains unflushed data in buffer [issue #31]
- Added "mingw" to the list of Windows host versions

== 1.7.1 / 2012-03-05

Bug Fixes
- Fixed deprecated use of Config::* [issue #29]

== 1.7.0 / 2012-02-18

Enhancements
- Move appender factories [issue #28]
- ActionMail compatible options in the email appender [issue #27]
- Add TLS support to the email appender [issue #25]
- Refactoring appender shutdown [issue #20]
Bug Fixes
- File locking fails on windows using JRuby [issue #22]

== 1.6.2 / 2012-01-05

Bug Fixes
- Fix typo in the Readme [issue #14]
- Fix spelling in a variety of places [issue #15]
- Solaris does not have Syslog#LOG_PERROR defined [issue #17]
- Fix failing tests for Ruby 1.9.3 [issue #18]
- Check for RUBY_ENGINE for Ruby 1.8.7 [issue #19]
- Whitespace and '# EOF' cleanup
- Support for Rubinious

== 1.6.1 / 2011-09-09

Bug Fixes
- Rails compatibility methods [issue #11]
- Blocked rolling file appender [issue #12]

== 1.6.0 / 2011-08-22

Enhancements
- Adding periodic flushing of buffered messages [issue #10]
- Accessor for a logger's appenders [issue #9]
- Better support for capturing log messages in RSpec version 1 & 2

== 1.5.2 / 2011-07-07

Bug Fixes
- Changing working directory breaks rolling file appenders [issue #8]

== 1.5.1 / 2011-06-03

Bug Fixes
- IO streams cannot be buffered when using syswrite
- JRuby does not allow shared locks on write only file descriptors
- Fixing tests for JRuby 1.6.X

== 1.5.0 / 2011-03-22

Minor Enhancements
- removed mutexes in favor of IO#syswrite
- no round tripping through the buffer array when auto_flushing is true
- added a Proxy object that will log all methods called on it
- colorization of log messages
f11b736

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

adam Changes 2.12.19:
* libgnutls: When decoding a PKCS #11 URL the pin-source field is assumed to be
  a file that stores the pin.
* libgnutls: Added strict tests in Diffie-Hellman and SRP key exchange public
  keys.
* minitasn1: Upgraded to libtasn1 version 2.13 (pre-release).
0cd3a40

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

wen Update to 0.46
Upstream changes:
0.46 Tue Oct  2 13:23:00 EDT 2012
  - with() enables argument matching on mocked methods
  - raises() makes mocked methods raise exceptions
    Contributed by Kjell-Magne .ierud (issue #12)

0.45 Mon May  7 10:08:13 EDT 2012
  - Add support for TAP version 13.
    Contributed by Michael G. Schwern (issue #11)

0.44 Mon Apr 30 11:04:00 CST 2012
  - Allow shared_examples_for to be defined in any context.

0.43 Sat Apr 14 16:22:00 EST 2012
  - Fixed runtests() to honor its contract to run only the examples specified
    in its @patterns parameter or SPEC environment variable.

0.42 Mon Mar 05 21:18:00 CST 2012
  - Added context() and xcontext() aliases for describe/xdescribe
    (reported by intrigeri)

0.41 Sat Mar 03 19:04:00 EST 2012
  - Added license info to Makefile.PL (RT #75400)
  - Fixed test suite problems on Windows

0.40 Mon Jan 30 18:38:00 EST 2012
  - Fixed problem that caused Test::Spec usage errors (e.g. 'describe "foo";'
    without a subroutine argument) to be reported from inside the library,
    instead of the caller's perspective where the actual error is.

0.39 Wed Aug 31 00:52:00 EST 2011
  - Added xit/xthey/xdescribe to mark TODO tests, inspired by the
    Jasmine JavaScript framework.
    Contributed by Marian Schubert (issue #10).

0.38 Sat Jul 09 23:16:00 EST 2011
  - Added share() function to facilitate spec refactoring.
d62c5a5

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

taca Update ruby-gettext to 2.3.5.
# News
## <a id="2-3-5">2.3.5</a>: 2012-12-11

This is a bug fix release.

### Fixes

  * [POParser] Fixed the class name for backward compatibility.

## <a id="2-3-4">2.3.4</a>: 2012-12-11

This is a many changes and new implements release.

### Improvements

  * [Merger] Implemented "fuzzy-match" with Levenshtein distance.
  * Added the class "PO" for management PO entries. Please use PO
    instead of PoData. (see details in
    http://rubydoc.info/gems/gettext/GetText/PO.html)
  * [POEntry (renamed from PoMessages)] Supported to specify msgstr.
  * [POEntry] Stored comments each type
    (translator\_comment, extracted\_comment, flag, previous).
    see
    http://www.gnu.org/software/gettext/manual/html_node/PO-Files.html
    for details of comment type.
  * [POEntry] Checked if specified type is valid in #type=.
  * [PoParser][MO] Concatenated msgctxt, msgid, msgid\_plural to
    "#{msgctxt}\004#{msgid}\000"{msgid\_plural}" by MO instead of
    PoParser. PoData and MO treat a concatenated string as msgid, but
    PO doesn't.
  * [PoParser] Parsed each type comment from whole comment.

### Changes

  * Rename some classes and methods.
    * PoMessage to PoEntry. This isn't "message" but "entry".
      (See http://www.gnu.org/software/gettext/manual/gettext.html#PO-Files)
    * PoMessages#== to POEntry#mergeable?.
    * PoMessages#to\_po\_str to POEntry#to\_s.
    * PoMessages#sources(sources=) to POEntry#references(references=)
    * MoFile to MO. For backword compatible, MoFile can be used now.
    * PoParser to POParser. For backword compatible, PoParser can be used now.
  * Raised no error when POEntry doesn't have references.
    It is useful for no references in .PO file.

# News
## <a id="2-3-3">2.3.3</a>: 2012-10-18

It's a package fix and msginit improvement release.

### Improvements

  * [msginit] Supported plural forms for Bosnian, Catalan, Norwegian
    Bokmal and Chinese.

### Fixes

  * Fixed the bug that messages (i.e. the help message for rmsgfmt)
    aren't localized in each environment. However, some
    messages aren't tranlated or resolved fuzzy. Please
    help us to translate or resolve them.
    [Github #12][Reported by mtasaka]
  * Used String#% to localize some messages.

### Thanks

  * mtasaka

## <a id="2-3-2">2.3.2</a>: 2012-09-20

It's a bug fix release.

### Fixes

  * Fixed the bug that untranslated messages are included in a .mo file.
    [Github #11][Reported by Ramón Cahenzli]

### Thanks

  * Ramón Cahenzli
c63c16a

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

obache Update ruby-ole to 1.2.11.5.
== 1.2.11.5 / 2012-11-06

- Fix breakage of IO.parse_mode on Rubinius (issue #10).
- Make tests pass on rubinius (issue #11).
- Improve RangesIO test coverage.
- Don't warn when mbat_start is AVAIL instead of EOC (github #9).
b053608

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

obache Update ruby-ole to 1.2.11.6.
== 1.2.11.6 / 2012-12-10

- Fix breakage of writable IO stream detection on Windows (github #11).
b7b3109

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

obache Update gmtk to 1.0.8.
1.0.8
    Updated Spanish translation
    Updated Japanese translation
	Rework initial subtitle visibility setting
1.0.8b
    Updated Korean translation
    Run make update-po
    Add message when screenshot capture fails
    Switch to GLIB for GMLIB header files, since GTK is not included
    Switch to GTK VERSION tags when possible
    Updated Japanese translation
    Fix compliation of gmtk_media_tracker in generic application
    Run make update-po
    Remove audio export filter when codec cannot use it
    Remove cairo variable from gmtk_media_player
    Version bump to 1.0.8a
    Use cairo and the draw event to draw the background in GTK3
    Set background color in gmtk_media_player widget using specific realize events
    Address parallel build problem from Issue #11
ff87e46

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

ryoon Update to 1.1.20
Changelog:
Version 1.1.20 (released 24-Apr-2013)

  * fix tab-to-space handling regression in markup view
  * fix regression in root lookup handling (issue #526)

Version 1.1.19 (released 22-Apr-2013)

  * improve root lookup performance (issue #523)
  * new 'max_filesize_kbytes' config option and handling (issue #524)
  * tarball generation improvements:
    - preserve Subversion symlinks in generated tarballs (issue #487)
    - reduce memory usage of tarball generation logic
    - fix double compression of generated tarballs (issue #525)
  * file content handling improvements:
    - expanded support for encoding detection and transcoding (issue #11)
    - fix tab-to-space conversion bugs in markup, annotate, and diff views
    - fix handling of trailing whitespace in diff view
  * add support for timestamp display in ISO8601 format (issue #46)

Version 1.1.18 (released 28-Feb-2013)

  * fix exception raised by BDB-backed SVN repositories (issue #519)
  * hide revision-less files when rcsparse is in use
  * include branchpoints in branch views using rcsparse (issue #347)
  * miscellaneous cvsdb improvements:
    - add --port option to make-database (issue #521)
    - explicitly name columns in queries (issue #522)
    - update MySQL syntax to avoid discontinued "TYPE=" terms
9240e98

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

wiz Update to 3.2.1.
* Version 3.2.1 (released 2013-06-01)

** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.

** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.

** libgnutls: Corrected issue when receiving client hello verify requests
in DTLS.

** libgnutls: Fixes in DTLS record overhead size calculations.

** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.

** API and ABI modifications:
gnutls_session_set_id: Added


* Version 3.2.0 (released 2013-05-10)

** libgnutls: Use nettle's elliptic curve implementation.

** libgnutls: Added Salsa20 cipher

** libgnutls: Added UMAC-96 and UMAC-128

** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite
numbers.

** libgnutls: Added support for DTLS 1.2.

** libgnutls: Added support for the Application Layer Protocol Negotiation
(ALPN) extension.

** libgnutls: Removed support for the RSA-EXPORT ciphersuites.

** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).

** API and ABI modifications:
gnutls_cipher_get_iv_size: Added
gnutls_hmac_set_nonce: Added
gnutls_mac_get_nonce_size: Added


* Version 3.1.10 (released 2013-03-22)

** certtool: When generating PKCS #12 files use by default the
ARCFOUR (RC4) cipher to be compatible with devices that don't
support AES with PKCS #12.

** libgnutls: Load CA certificates in android 4.x systems.

** libgnutls: Optimized CA certificate loading.

** libgnutls: Private keys are overwritten on deinitialization.

** libgnutls: PKCS #11 slots are scanned only when needed, not
on initialization. This speeds up gnutls initialization when smart
cards are present.

** libgnutls: Corrected issue in the (deprecated) external key
signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen.

** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by
Joke de Buhr.

** libgnutls-dane: Updated DANE verification options.

** configure: Trust store file must be explicitly set or unset when
cross compiling.

** API and ABI modifications:
gnutls_x509_crt_get_issuer_dn2: Added
gnutls_x509_crt_get_dn2: Added
gnutls_x509_crl_get_issuer_dn2: Added
gnutls_x509_crq_get_dn2: Added
gnutls_x509_trust_list_remove_trust_mem: Added
gnutls_x509_trust_list_remove_trust_file: Added
gnutls_x509_trust_list_remove_cas: Added
gnutls_session_get_desc: Added
gnutls_privkey_sign_raw_data: Added
gnutls_privkey_status: Added





* Version 3.1.9 (released 2013-02-27)

** certtool: Option --to-p12 will now ask for a password to generate
a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.

** libgnutls: Corrected issue in gnutls_pubkey_verify_data().

** libgnutls: Corrected parsing issue in XMPP within a subject
alternative name. Reported by James Cloos.

** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
modules, and not only the ones loaded via p11-kit.

** libgnutls: Added function to check whether the private key is
still available (inserted).

** libgnutls: Try to detect fork even during nonce generation.

** API and ABI modifications:
gnutls_handshake_set_random: Added
gnutls_transport_set_int2: Added
gnutls_transport_get_int2: Added
gnutls_transport_get_int: Added
gnutls_record_cork: Exported
gnutls_record_uncork: Exported
gnutls_pkcs11_privkey_status: Added


* Version 3.1.8 (released 2013-02-10)

** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return
GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation
with encrypted keys. Reported by Yan Fiz.

** libgnutls: The minimum DH bits accepted by priorities NORMAL and
PERFORMANCE was set to previous defaults 727 bits. Reported by Diego
Elio Petteno.

** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash()
to operate with long keys. Reported by Erik A Jensen.

** API and ABI modifications:
No changes since last version.


* Version 3.1.7 (released 2013-02-04)

** certtool: Added option "dn" which allows to directly set the DN
in a template from an RFC4514 string.

** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.

** libgnutls-xssl: Added a new library to simplify GnuTLS usage.

** libgnutls-dane: Added function to specify a DLV file.

** libgnutls: Heartbeat code was made optional.

** libgnutls: Fixes in server side of DTLS-0.9.

** libgnutls: DN variable 'T' was expanded to 'title'.

** libgnutls: Fixes in record padding parsing to prevent a timing attack.
Issue reported by Kenny Paterson and Nadhem Alfardan.

** libgnutls: Added functions to directly set the DN in a certificate
or request from an RFC4514 string.

** libgnutls: Optimizations in the random generator. The re-seeding of
it is now explicitly done on every session deinit.

** libgnutls: Simplified the DTLS sliding window implementation.

** libgnutls: The minimum DH bits accepted by a client are now set
by the specified priority string. The current values correspond to the
previous defaults (727 bits), except for the SECURE128 and SECURE192
strings which increase the minimum to 1248 and 1776 respectively.

** libgnutls: Added the gnutls_record_cork() and uncork API to enable
buffering in sending application data.

** libgnutls: Removed default random padding, and added a length-hiding interface
instead.  Both the server and the client must support this extension. Whether
length-hiding can be used on a given session can be checked using
gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti.

** libgnutls: Added the experimental %NEW_PADDING priority string. It enables
a new padding mechanism in TLS allowing arbitrary padding in TLS records
in all ciphersuites, which makes length-hiding more efficient and solves
the issues with timing attacks on CBC ciphersuites.

** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
ciphers (i.e., AES-GCM). Reported by William McGovern.

** API and ABI modifications:
gnutls_db_check_entry_time: Added
gnutls_record_set_timeout: Added
gnutls_record_get_random_padding_status: Added
gnutls_x509_crt_set_dn: Added
gnutls_x509_crt_set_issuer_dn: Added
gnutls_x509_crq_set_dn: Added
gnutls_range_split: Added
gnutls_record_send_range: Added
gnutls_record_set_max_empty_records: Added
gnutls_record_can_use_length_hiding: Added
gnutls_rnd_refresh: Added
xssl_deinit: Added
xssl_flush: Added
xssl_read: Added
xssl_getdelim: Added
xssl_write: Added
xssl_printf: Added
xssl_sinit: Added
xssl_client_init: Added
xssl_server_init: Added
xssl_get_session: Added
xssl_get_verify_status: Added
xssl_cred_init: Added
xssl_cred_deinit: Added
dane_state_set_dlv_file: Added
GNUTLS_SEC_PARAM_EXPORT: Added
GNUTLS_SEC_PARAM_VERY_WEAK: Added


* Version 3.1.6 (released 2013-01-02)

** libgnutls: Fixed record padding parsing issue. Reported by Kenny
Patterson and Nadhem Alfardan.

** libgnutls: Several updates in the ASN.1 string handling subsystem.

** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero
policy qualifiers.

** libgnutls: Ignore heartbeat messages when received out-of-order,
instead of issuing an error.

** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
by Kikuchi Masashi.

** libgnutls: TPM support is disabled by default because GPL programs
cannot link with it. Use --with-tpm to enable it.

** libgnutls-guile: Fixed parallel compilation issue.

** gnutls-cli: It will try to connect to all possible returned addresses
before failing.

** API and ABI modifications:
No changes since last version.


* Version 3.1.5 (released 2012-11-24)

** libgnutls: Added functions to parse the certificates policies
extension.

** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished
Name by translating it to UTF-8 (works on windows or systems with iconv).

** libgnutls: Added PKCS #11 key generation function that returns the
public key on generation.

** libgnutls: Corrected bug in priority string parsing, that mostly
affected combined levels. Patch by Tim Kosse.

** certtool: The --pubkey-info option can be combined with the
--load-privkey or --load-request to print the corresponding public keys.

** certtool: It is able to set certificate policies via a template.

** certtool: Added --hex-numbers option which prints big numbers in
an easier to parse format.

** p11tool: After key generation, outputs the public key (useful in
tokens that do not store the public key).

** danetool: It is being built even without libgnutls-dane (the
--check functionality is disabled though).

** API and ABI modifications:
gnutls_pkcs11_privkey_generate2: Added
gnutls_x509_crt_get_policy: Added
gnutls_x509_crt_set_policy: Added
gnutls_x509_policy_release: Added
gnutls_pubkey_import_x509_crq: Added
gnutls_pubkey_print: Added
GNUTLS_CRT_PRINT_FULL_NUMBERS: Added


* Version 3.1.4 (released 2012-11-10)

** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on
the available revocation data validity.

** libgnutls: Added gnutls_certificate_verification_status_print(),
a function to print the verification status code in human readable text.

** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS.

** libgnutls: Simplified certificate verification by adding
gnutls_certificate_verify_peers3().

** libgnutls: Added support for extension to establish keys for SRTP.
Contributed by Martin Storsjo.

** libgnutls: The X.509 verification functions check the key
usage bits and pathlen constraints and on failure output
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE.

** libgnutls: gnutls_x509_crl_verify() includes the time checks.

** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN
and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default.

** libgnutls: Always tolerate key usage violation errors from the side
of the peer, but also notify via an audit message.

** gnutls-cli: Added --local-dns option.

** danetool: Corrected bug that prevented loading PEM files.

** danetool: Added --check option to allow querying and verifying
a site's DANE data.

** libgnutls-dane: Added pkg-config file for the library.

** API and ABI modifications:
gnutls_session_get_id2: Added
gnutls_sign_is_secure: Added
gnutls_certificate_verify_peers3: Added
gnutls_ocsp_status_request_is_checked: Added
gnutls_certificate_verification_status_print: Added
gnutls_srtp_set_profile: Added
gnutls_srtp_set_profile_direct: Added
gnutls_srtp_get_selected_profile: Added
gnutls_srtp_get_profile_name: Added
gnutls_srtp_get_profile_id: Added
gnutls_srtp_get_keys: Added
gnutls_srtp_get_mki: Added
gnutls_srtp_set_mki: Added
gnutls_srtp_profile_t: Added
dane_cert_type_name: Added
dane_match_type_name: Added
dane_cert_usage_name: Added
dane_verification_status_print: Added
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added
GNUTLS_CERT_UNEXPECTED_OWNER: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added


* Version 3.1.3 (released 2012-10-12)

** libgnutls: Added support for the OCSP Certificate Status
extension.

** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP
certificate status extension in verification.

** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl().

** libgnutls: Increased maximum password length in the PKCS #12
functions.

** libgnutls: Fixed the receipt of session tickets during session resumption.
Reported by danblack at http://savannah.gnu.org/support/?108146

** libgnutls: Added functions to export structures in an allocated buffer.

** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
response corresponds to the given certificate.

** libgnutls: In client side gnutls_init() enables the session ticket and
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.

** libgnutls: Several updates in the OpenPGP code. The generating code
is fully RFC6091 compliant and RFC5081 support is only supported in client
mode.

** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
certificate verification.

** gnutls-cli: Added --dane option to enable DANE certificate verification.

** danetool: Added tool to generate DANE TLSA Resource Records (RR).

** API and ABI modifications:
gnutls_certificate_get_peers_subkey_id: Added
gnutls_certificate_set_ocsp_status_request_function: Added
gnutls_certificate_set_ocsp_status_request_file: Added
gnutls_ocsp_status_request_enable_client: Added
gnutls_ocsp_status_request_get: Added
gnutls_ocsp_resp_check_crt: Added
gnutls_dh_params_export2_pkcs3: Added
gnutls_pubkey_export2: Added
gnutls_x509_crt_export2: Added
gnutls_x509_dn_export2: Added
gnutls_x509_crl_export2: Added
gnutls_pkcs7_export2: Added
gnutls_x509_privkey_export2: Added
gnutls_x509_privkey_export2_pkcs8: Added
gnutls_x509_crq_export2: Added
gnutls_openpgp_crt_export2: Added
gnutls_openpgp_privkey_export2: Added
gnutls_pkcs11_obj_export2: Added
gnutls_pkcs12_export2: Added
gnutls_pubkey_import_openpgp_raw: Added
gnutls_pubkey_import_x509_raw: Added
dane_state_init: Added
dane_state_deinit: Added
dane_query_tlsa: Added
dane_query_status: Added
dane_query_entries: Added
dane_query_data: Added
dane_query_deinit: Added
dane_verify_session_crt: Added
dane_verify_crt: Added
dane_strerror: Added


* Version 3.1.2 (released 2012-09-26)

** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust()
and gnutls_x509_trust_list_add_trust_mem() that prevented the loading
of certificates in the windows platform.

** libgnutls: Corrected bug in OpenPGP subpacket encoding.

** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk.
(the work was done during Google Summer of Code).

** libgnutls: Added X.509 certificate verification flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
of unsorted certificate chains and is enabled by default for
TLS certificate verification (if gnutls_certificate_set_verify_flags()
does not override it).

** libgnutls: Prints warning on certificates that contain keys of
an insecure level. If the %COMPAT priority flag is not specified
the TLS connection fails.

** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
if interrupted during the retrasmition of handshake data.

** libgnutls: Better mingw32 support (patch by LRN).

** libgnutls: The %COMPAT keyword, if specified, will tolerate
key usage violation errors (they are far too common to ignore).

** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
parts of the data are controlled by the attacker _and_ are placed in
separate records (use with care - do not use compression if not sure).

** libgnutls: Depends on libtasn1 2.14 or later.

** certtool: Prints the number of bits of the public key algorithm
parameter in a private key.

** API and ABI modifications:
gnutls_x509_privkey_get_pk_algorithm2: Added
gnutls_heartbeat_ping: Added
gnutls_heartbeat_pong: Added
gnutls_heartbeat_allowed: Added
gnutls_heartbeat_enable: Added
gnutls_heartbeat_set_timeouts: Added
gnutls_heartbeat_get_timeout: Added
GNUTLS_SEC_PARAM_WEAK: Added
GNUTLS_SEC_PARAM_INSECURE: Added

* Version 3.1.1 (released 2012-09-02)

** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.

** certtool: Changes in password handling of certtool.
Ask password when required and only if the '--password' option is not
given. If the '--password' option is given during key generation then
assume the PKCS #8 file format, instead of ignoring the password.

** tpmtool: No longer asks for key password in registered keys.

** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin.
wmNAF is now used for point multiplication and other optimizations.
(the major part of the work was done during Google Summer of Code).

** libgnutls: The default pull_timeout_function only uses select
instead of a combination of select() and recv() to prevent issues
when used in stream sockets in some systems.

** libgnutls: Be tolerant in ECDSA signature violations (e.g. using
SHA256 with a SECP384 curve instead of SHA-384), to interoperate with
openssl.

** libgnutls: Fixed DSA and ECDSA signature generation in smart
cards. Thanks to Andreas Schwier from cardcontact.de for providing
me with ECDSA capable smart cards.

** API and ABI modifications:
gnutls_sign_algorithm_get: Added
gnutls_sign_get_hash_algorithm: Added
gnutls_sign_get_pk_algorithm: Added


* Version 3.1.0 (released 2012-08-15)

** libgnutls: Added direct support for TPM as a cryptographic module
in gnutls/tpm.h. TPM keys can be used in functions accepting files
using URLs of the following types:
  tpmkey:file=/path/to/file
  tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user

** libgnutls: Priority string level keywords can be combined.
For example the string "SECURE256:+SUITEB128" is now allowed.

** libgnutls: requires libnettle 2.5.

** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5)
for encryption and signatures.

** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
generic errors and signature verification errors in the verification
functions.

** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function
to simplify parsing in most PKCS #12 use cases.

** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds
the whole certificate chain (if any) to the credentials structure, instead
of only the end-user certificate.

** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse()
and gnutls_x509_privkey_import_pkcs8(), return consistently
GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no
password was provided.

** libgnutls: Added gnutls_handshake_set_timeout() a function that
allows to set the maximum time spent in a handshake.

** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
by Alexandre Bique.

** tpmtool: Added. It is a tool to generate private keys in the
TPM.

** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx
and --benchmark-tls-ciphers

** certtool: generated PKCS #12 structures may hold more than one
private key. Patch by Lucas Fisher.

** certtool: Added option --null-password to generate/decrypt keys
that use a NULL password (in schemas that distinguish between NULL
an empty passwords).

** minitasn1: Upgraded to libtasn1 version 2.13.

** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
GNUTLS_CAMELLIA_192_CBC: Added
GNUTLS_PKCS_NULL_PASSWORD: Added
gnutls_url_is_supported: Added
gnutls_pkcs11_obj_list_import_url2: Added
gnutls_pkcs11_obj_set_pin_function: Added
gnutls_pkcs11_privkey_set_pin_function: Added
gnutls_pkcs11_get_pin_function: Added
gnutls_privkey_import_tpm_raw: Added
gnutls_privkey_import_tpm_url: Added
gnutls_privkey_import_pkcs11_url: Added
gnutls_privkey_import_openpgp_raw: Added
gnutls_privkey_import_x509_raw: Added
gnutls_privkey_import_ext2: Added
gnutls_privkey_import_url: Added
gnutls_privkey_set_pin_function: Added
gnutls_tpm_privkey_generate: Added
gnutls_tpm_key_list_deinit: Added
gnutls_tpm_key_list_get_url: Added
gnutls_tpm_get_registered: Added
gnutls_tpm_privkey_delete: Added
gnutls_pubkey_import_tpm_raw: Added
gnutls_pubkey_import_tpm_url: Added
gnutls_pubkey_import_url: Added
gnutls_pubkey_verify_hash2: Added
gnutls_pubkey_set_pin_function: Added
gnutls_x509_privkey_import2: Added
gnutls_x509_privkey_import_openssl: Added
gnutls_x509_crt_set_pin_function: Added
gnutls_load_file: Added
gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
gnutls_certificate_set_pin_function: Added
gnutls_x509_trust_list_add_system_trust: Added
gnutls_x509_trust_list_add_trust_file: Added
gnutls_x509_trust_list_add_trust_mem: Added
gnutls_pk_to_sign: Added
gnutls_handshake_set_timeout: Added
gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
4c023db

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

wen Update to 0.96
Upstream changes:
version 0.96 at 2013-07-08 06:53:34 +0000
-----------------------------------------

  Change: a78109ca3e2c9338bf98185c2014ba2be4a04942
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-08 07:53:34 +0000

    Fix patch applying for v5.18.0

-----------------------------------------
version 0.94 at 2013-07-07 13:45:00 +0000
-----------------------------------------

  Change: c5257739abd2cde575036ba9b105977679a30273
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-07 14:45:00 +0000

    Added commit 4149c7198d9b78d861df289cce40dd865cab57e7

    Fixes a regmatch pointer 32-bit wraparound regression in v5.18.0

-----------------------------------------
version 0.92 at 2013-07-07 13:29:48 +0000
-----------------------------------------

  Change: 8881838495367f05f599939d4e1eac86106785fa
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-07 14:29:48 +0000

    Update Midnight BSD hints for 0.4-RELEASE

-----------------------------------------
version 0.90 at 2013-05-18 22:58:06 +0000
-----------------------------------------

  Change: fe0a97026ae5a56374b1d9a5968554a0c9b693bc
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 23:58:06 +0000

    Bumped version to 0.90

  Change: cc5a37b1298b45fe2e74a4db92e85561a12f1052
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 23:50:04 +0000

    Added gcc m64 fixes for Solaris 11

    http://perl5.git.perl.org/perl.git/commitdiff/1ddb6a4

    http://perl5.git.perl.org/perl.git/commitdiff/767f54d

  Change: 815ff70a8a86c97742a0afdc5a092c590c729e80
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 22:04:29 +0000

    Update hpux hints

  Change: 089592af98239448a956586cf8998dee7b2ab7b6
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 21:46:55 +0000

    Added hints audit tool

  Change: 842e6a11a1dac1adfa253a4a9dbd60d53286fa8e
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 18:24:52 +0000

    Added 'hints' function to Devel::PatchPerl::Hints

-----------------------------------------
version 0.88 at 2013-05-16 12:02:55 +0000
-----------------------------------------

  Change: 7a381f7a969eeb683343ddc3511169298aa19889
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-16 13:02:55 +0000

    Make determine_version() available in the public API

    bingos/devel-patchperl#12

-----------------------------------------
version 0.86 at 2013-05-08 15:39:07 +0000
-----------------------------------------

  Change: 50d0a6e5c2b5f25de596463f219c78204e0ae477
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-08 16:39:07 +0000

    Bump version

  Change: 09c3d04f1eddb60cdbba7b597a9c114c7396be2f
  Author: Chris Williams <chris@bingosnet.co.uk>
  Date : 2013-05-08 08:11:48 +0000

    Merge pull request #11 from hirose31/prevent-premature-hsplit

    Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
    5.12.5

  Change: 19a38ec13e6634a4707bb5043da051b6c551c23f
  Author: HIROSE Masaaki <hirose31@gmail.com>
  Date : 2013-05-08 13:52:42 +0000

    Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
    5.12.5

-----------------------------------------
version 0.84 at 2013-03-08 21:35:14 +0000
-----------------------------------------

  Change: 7b5f0d6c51dbff9a22f250813e230816d3d36f08
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-03-08 21:35:14 +0000

    Remove requirement on IPC::Cmd

    This should make the perlbrew peeps happy

-----------------------------------------
version 0.82 at 2013-02-25 21:38:08 +0000
-----------------------------------------

  Change: 3e146301433f8098460dc6fd5d1930fc48c2903a
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 21:38:08 +0000

    Update Linux hints

-----------------------------------------
version 0.80 at 2013-02-25 12:04:03 +0000
-----------------------------------------

  Change: ef4dfcccd90f7f786847998cba8891b69fd5a2e1
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 12:04:03 +0000

    Bump version to 0.80

  Change: 4e3020edfa3b3adcb79dd4d3c8e410f8cb12bf53
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 12:02:09 +0000

    Ensure that the linux hints file gets updated for kfreebsd as well

  Change: 52fde6650e6a6324c7817fb81d9d08260f73d96a
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 11:41:38 +0000

    Add updated hints for gnukfreebsd

-----------------------------------------
version 0.78 at 2013-02-17 16:58:31 +0000
-----------------------------------------

  Change: 0c2be36694492d5824f7704cf9d3473c28228d99
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-17 16:58:31 +0000

    Added midnightbsd hints file which supports 0.4
938395b

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

ryoon Update to 3.15.1
Changelog:
NSS 3.15.1 release notes

Introduction

Network Security Services (NSS) 3.15.1 is a patch release for NSS 3.15. The bug fixes in NSS 3.15.1 are described in the "Bugs Fixed" section below.
Distribution Information

NSS 3.15.1 source distributions are also available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/

New in NSS 3.15.1
New Functionality

    TLS 1.2: TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations.
        The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1.
        AES GCM cipher suites are not yet supported.

New Functions

None.
New Types

    in sslprot.h
        SSL_LIBRARY_VERSION_TLS_1_2 - The protocol version of TLS 1.2 on the wire, value 0x0303.
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_NULL_SHA256 - New TLS 1.2 only HMAC-SHA256 cipher suites.
    in sslerr.h
        SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, SSL_ERROR_DIGEST_FAILURE, SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM - New error codes for TLS 1.2.
    in sslt.h
        ssl_hmac_sha256 - A new value in the SSLMACAlgorithm enum type.
        ssl_signature_algorithms_xtn - A new value in the SSLExtensionType enum type.

New PKCS #11 Mechanisms

None.
Notable Changes in NSS 3.15.1

    Bug 856060 - Enforce name constraints on the common name in libpkix  when no subjectAltName is present.
    Bug 875156 - Add const to the function arguments of SEC_CertNicknameConflict.
    Bug 877798 - Fix ssltap to print the certificate_status handshake message correctly.
    Bug 882829 - On Windows, NSS initialization fails if NSS cannot call the RtlGenRandom function.
    Bug 875601 - SECMOD_CloseUserDB/SECMOD_OpenUserDB fails to reset the token delay, leading to spurious failures.
    Bug 884072 - Fix a typo in the header include guard macro of secmod.h.
    Bug 876352 - certutil now warns if importing a PEM file that contains a private key.
    Bug 565296 - Fix the bug that shlibsign exited with status 0 even though it failed.
    The NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option is removed.

Bugs fixed in NSS 3.15.1

    https://bugzilla.mozilla.org/buglist.cgi?list_id=5689256;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.15.1;product=NSS

Compatibility

NSS 3.15.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.



NSS 3.15 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.15, which is a minor release.
Distribution Information

The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.

NSS 3.15 source distributions are available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/

New in NSS 3.15
New Functionality

    Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.
    Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    certutil has been updated to support creating name constraints extensions.

New Functions

    in ssl.h
        SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension.
        SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
    in ocsp.h
        CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
        SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time.
    in xconst.h
        CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
    in secitem.h
        SECITEM_AllocArray
        SECITEM_DupArray
        SECITEM_FreeArray
        SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays
        SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938.
    in pk11pub.h
        PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
        PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

New Types

    in secitem.h
        SECItemArray - Represents a variable-length array of SECItems.

New Macros

    in ssl.h
        SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

Notable Changes in NSS 3.15

    SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

    NSS has migrated from CVS to the Mercurial source control management system.

    Updated build instructions are available at Migration to HG

    As part of this migration, the source code directory layout has been re-organized.

    The list of root CA certificates in the nssckbi module has been updated.

    The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

    Applications that use SSL_AuthCertificateHook to override the default handler should add appropriate calls to SSL_PeerStapledOCSPResponse and CERT_CacheOCSPResponseFromSideChannel.
    Bug 554369: Fixed correctness of CERT_CacheOCSPResponseFromSideChannel and other OCSP caching behaviour.
    Bug 853285: Fixed bugs in AES GCM.
    Bug 341127: Fix the invalid read in rc4_wordconv.
    Faster NIST curve P-256 implementation.
    Dropped (32-bit) SPARC V8 processor support on Solaris. The shared library libfreebl_32int_3.so is no longer produced.

Bugs fixed in NSS 3.15

This Bugzilla query returns all the bugs fixed in NSS 3.15:

https://bugzilla.mozilla.org/buglist.cgi?list_id=6278317&resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.15
ad2e730

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

wiz Update to 2.54:
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $
! Encode.xs
+ t/cow.t
  Addressed: COW breakage with _utf8_on()
  https://rt.cpan.org/Ticket/Display.html?id=88230
! Encode.pm
  Reverted the document accordingly to #11
  dankogai/p5-encode#10
+ t/decode.t
  Unit test for decoding behavior change in #11
  dankogai/p5-encode#12

2.53 2013/08/29 15:20:31
! Encode.pm
  Merged: Do not short-circuit decode_utf8 with utf8 flags
  dankogai/p5-encode#11
  Merged: document decode_utf8 behaviour more precise
  dankogai/p5-encode#10
! Makefile.PL
  Added repository cpan metadata
  dankogai/p5-encode#9

2.52 2013/08/14 02:29:54
! ucm/*.ucm
  Addressed:
    Unicode Mappping tables are missing Unicode Inc. license notification
    All files including "as long as this notice remains attached" now
    have that notice attached in the comment section.  (cp* and mac*
    do not since their source files do not include that notice)
  https://rt.cpan.org/Ticket/Display.html?id=87340
! lib/Encode/MIME/Header.pm
  t/mime-header.t
  Addressed: encoding "0" with MIME-Headers gets a blank string
  https://rt.cpan.org/Ticket/Display.html?id=87831
! Encode.pm
  Addressed: Documentation buglet
  https://rt.cpan.org/Ticket/Display.html?id=84992
! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL
  Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL
  Symbol/Makefile.PL TW/Makefile.PL
  Applied: Patch to output #includes in deterministic order
  https://rt.cpan.org/Ticket/Display.html?id=86974

2.51 2013/04/29 22:19:11
! Encode.xs
  Addressed: Encode.xs doesn't compile with Microsoft C compiler
  https://rt.cpan.org/Public/Bug/Display.html?id=84920
! MANIFEST
  Addressed: t/taint.t missing
  https://rt.cpan.org/Public/Bug/Display.html?id=84919

2.50 2013/04/26 18:30:46
! Encode.xs Unicode/Unicode.xs
  lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm
  t/taint.t
  Addressed: Encode::encode and Encode::decode
             gratuitously launders tainted data
  Taintedness now propagates as it should.
  https://rt.cpan.org/Ticket/Display.html?id=84879
! encoding.pm
  Addressed: 5.18 deprecation
  https://rt.cpan.org/Ticket/Display.html?id=84709
! bin/piconv
  Applied: Update piconv documentation
  https://rt.cpan.org/Ticket/Display.html?id=84695

2.49 2013/03/05 03:12:49
! Encode.xs
  Addressed: Encoding objects leak memory if decoding fails
  dankogai/p5-encode#8

2.48 2013/02/18 02:23:56
! encoding.pm
  t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t
  t/encoding.t t/jperl.t
  [PATCH] Deprecate encoding.pm
  https://rt.cpan.org/Ticket/Display.html?id=81255
! Encode/Supported.pod
  Fixed: Pod errors
  https://rt.cpan.org/Ticket/Display.html?id=81426
! Encode.pm t/Encode.t
  [PATCH] Fix for shared hash key scalars
  https://rt.cpan.org/Ticket/Display.html?id=80608
! Encode.pm
  Fixed: Uninitialized value warning from Encode->encodings()
  https://rt.cpan.org/Ticket/Display.html?id=80181
! Makefile.PL
  Install to 'site' instead of 'perl' when perl version is 5.11+
  https://rt.cpan.org/Ticket/Display.html?id=78917
! Encode/Makefile_PL.e2x
  find enc2xs.bat if it works on windows.
  dankogai/p5-encode#7
! t/piconv.t
  Fix finding piconv in t/piconv.t
  dankogai/p5-encode#6
7b43295

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

ryoon Update to 3.15.2
Changelog:
Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.

    Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.

New in NSS 3.15.2
New Functionality

    AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_128_GCM_SHA256

New Functions

PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types

No new types have been introduced.
New PKCS #11 Mechanisms

No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2

    Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
    Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
    Bug 884178 - Add PK11_CipherFinal macro

Bugs fixed in NSS 3.15.2

    Bug 734007 - sizeof() used incorrectly
    Bug 900971 - nssutil_ReadSecmodDB() leaks memory
    Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
    Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.

A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility

NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
fb39f18

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

minskim Update tcpreplay to 3.4.4.
Changes:
- Set default timing method to either gtod or abstime (#404)
- Fix IPv6 parsing of CIDR's (#405)
- Add support for preloading the memory cache (#410)
- Generate more useful error when packets are too small (#411)
- Update to libopts/Autogen 5.9.9 (#412)
- Ship Win32Readme.txt file (#413)
- Update copyright notice to 2010 (#416)
- Dramatically enhance --portmap option (#417)
- Update autotools (#423)
- Add support for printing statistics periodically during the run (#424)
- Warn user when pcap snaplen < 65535 (#425)
- Add 802.1q processing support tcpprep (#428)
- Link libnl when newer versions of libpcap require it (#397)
- Ship m4 directory (#398)
- Upgrade to latest autotools scripts (#400)
- Fix error message when running autogen.sh (#401)
- Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11)
- Add IPv6 fragroute support (#388)
- Add IPv6 decoding support to tcpprep (#11)
- Fix compile time error in err.h (#390)
- Add --endpoints support in tcpreplay-edit (#393)
7cf83b0

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

wiz Update to 3.2.6:
* Version 3.2.6 (released 2013-10-31)

** libgnutls: Support for TPM via trousers is now enabled by default.

** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.

** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.

** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.

** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.

** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.

** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.

** gnulib: updated.

** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.

** p11tool: Added option generate-random.

** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
d210f7c

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2013

wiz Update to 3.2.7:
* Version 3.2.7 (released 2013-11-23)

** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).

** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.

** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.

** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html

** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.

** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.

** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.

** libgnutls: Session tickets are encrypted using AES-GCM.

** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.

** libgnutls: Forbid all compression methods in DTLS.

** gnutls-serv: Fixed issue with IPv6 address in UDP mode.

** certtool: When exporting an encrypted PEM private key do not output the key
parameters.

** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.

** certtool: Added new template options: 'activation_date', and
'expiration_date'.

** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.

** tools: The installed version of libopts is used if the autogen tool is
present.

** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
076ad74

@jperkin jperkin pushed a commit that referenced this issue Jan 6, 2014

schmonz Update to 20131010. From the changelog:
Incompatible Changes:
* can no longer use both `\' and `:' (didn't work anyway)

New Features:
* Handling of run-time errors (default: die) is now overridable by
  subclasses via signature_error_handler(). [github #54]
* Can now have aliased named parameters. [github #57]
* remove dependency on Devel::BeginLift [github #39]
* can now use `when' to specify default conditions [github #48]
* can use `//=' as a shortcut for `when undef' [github #45]
* can now provide `where' constraints in addition to (or instead
  of) a type [github #7]
* can now use `...' to disable further argument checking [github #49]
* can now specify more than one alternative in type unions [github #55]
* can now nest parameterized types

Bug Fixes:
* Removed experimental smartmatch warnings
* Don't require Data::Alias for named params unless you have to [github #71]
* Fixed obscure bug where an eval in Method::Signatures wouldn't
  be skipped when carp'ing (i.e. in carp_location_for()) [github #72]
* Data::Alias is only loaded when needed avoiding a threads + eval
  bug in most cases and improving compile time performance.
  [rt.cpan.org 82922, github #62]
* Compile-time errors now reporting proper line numbers. [github #61]
* Trailing commas on parameter lists are now ok. [rt.cpan.org 81364]
* Default condition of `when {}' now interpreted as `when { $_ ~~
  {} }' (avoids parse error). [github #60]

Optimizations:
* better signature parsing using PPI [github #11]

Distribution Fixes:
* Fixed failing test in 5.10.0 (uncovered by CPAN Testers)
* Fixed repo link in metadata (thanks dsteinbrunner) [github #87]
* Add M::S::Parameter to MANIFEST [github #76]
* Change representation of Infinity to work on Win32 [github #75]
* Fixed stray detritus in MANIFEST.
* Somehow my last-minute fix to the new error handler test didn't
  make it in; this will fix "Can't locate Moose.pm" errors.
* Fixed test failing on 5.10.0 as per github #59.
* Fixed subtests failing on Test::More's prior to 0.96.

Docs:
* Updated close parend problem to include quotes and a workaround
  [rt.cpan.org 85925]
* Fixed some typos (thanks dsteinbrunner) [github #88]
* Found and fixed missing parend
* Minor clarifications here and there.
* Clarified what doesn't work in Perl 5.8.
* Added Function::Parameters to See Also section.
* Updated copyright.
* documented all new features
* new ASCI-art breakdown of signature syntax
* minor tweaks and corrections

Misc:
* Rearranged so signature is now an object [github #30]
* Add hook for Travis CI [github #78]
* Failure to parse parameters will now produce a more useful error.
315b9c2

@jperkin jperkin pushed a commit that referenced this issue Jan 17, 2014

tron Pullup ticket #4301 - requested by ryoon
devel/nss: security update

Revisions pulled up:
- devel/nss/Makefile                                            1.75
- devel/nss/distinfo                                            1.32

---
   Module Name:	pkgsrc
   Committed By:	ryoon
   Date:		Wed Jan 15 14:38:53 UTC 2014

   Modified Files:
   	pkgsrc/devel/nss: Makefile distinfo

   Log Message:
   Update to 3.15.4

   Changelog:
   from: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes

   Security Advisories

   The following security-relevant bugs have been resolved in NSS 3.15.4.
   Users are encouraged to upgrade immediately.

   Bug 919877 - (CVE-2013-1740) When false start is enabled, libssl will
   sometimes return unencrypted, unauthenticated data from PR_Recv

   New in NSS 3.15.4
   New Functionality
       Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method.
       Implemented OCSP server functionality for testing purposes (httpserv utility).
       Support SHA-1 signatures with TLS 1.2 client authentication.
       Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database.
       Added the -w command-line option to pp: don't wrap long output lines.

   New Functions
       CERT_ForcePostMethodForOCSP
       CERT_GetSubjectNameDigest
       CERT_GetSubjectPublicKeyDigest
       SSL_PeerCertificateChain
       SSL_RecommendedCanFalseStart
       SSL_SetCanFalseStartCallback

   New Types
       CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST.

   New PKCS #11 Mechanisms
   None.

   Notable Changes in NSS 3.15.4

       Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices.
       Updated the set of root CA certificates (version 1.96).
       Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function.
       When building on Windows, OS_TARGET now defaults to WIN95. To use the WINNT build configuration, specify OS_TARGET=WINNT.

   Bugs fixed in NSS 3.15.4

   A complete list of all bugs resolved in this release can be obtained at
   https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS

   Compatibility
   NSS 3.15.4 shared libraries are backward compatible with all older NSS 3.x
   shared libraries. A program linked with older NSS 3.x shared libraries will
   work with NSS 3.15.4 shared libraries without recompiling or relinking.
   Furthermore, applications that restrict their use of NSS APIs to the
   functions listed in NSS Public Functions will remain compatible with future
   versions of the NSS shared libraries.
fac1836

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

ryoon Update to 1.1.20
Changelog:
Version 1.1.20 (released 24-Apr-2013)

  * fix tab-to-space handling regression in markup view
  * fix regression in root lookup handling (issue #526)

Version 1.1.19 (released 22-Apr-2013)

  * improve root lookup performance (issue #523)
  * new 'max_filesize_kbytes' config option and handling (issue #524)
  * tarball generation improvements:
    - preserve Subversion symlinks in generated tarballs (issue #487)
    - reduce memory usage of tarball generation logic
    - fix double compression of generated tarballs (issue #525)
  * file content handling improvements:
    - expanded support for encoding detection and transcoding (issue #11)
    - fix tab-to-space conversion bugs in markup, annotate, and diff views
    - fix handling of trailing whitespace in diff view
  * add support for timestamp display in ISO8601 format (issue #46)

Version 1.1.18 (released 28-Feb-2013)

  * fix exception raised by BDB-backed SVN repositories (issue #519)
  * hide revision-less files when rcsparse is in use
  * include branchpoints in branch views using rcsparse (issue #347)
  * miscellaneous cvsdb improvements:
    - add --port option to make-database (issue #521)
    - explicitly name columns in queries (issue #522)
    - update MySQL syntax to avoid discontinued "TYPE=" terms
d3fef1a

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

wiz Update to 3.2.1.
* Version 3.2.1 (released 2013-06-01)

** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.

** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.

** libgnutls: Corrected issue when receiving client hello verify requests
in DTLS.

** libgnutls: Fixes in DTLS record overhead size calculations.

** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.

** API and ABI modifications:
gnutls_session_set_id: Added


* Version 3.2.0 (released 2013-05-10)

** libgnutls: Use nettle's elliptic curve implementation.

** libgnutls: Added Salsa20 cipher

** libgnutls: Added UMAC-96 and UMAC-128

** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite
numbers.

** libgnutls: Added support for DTLS 1.2.

** libgnutls: Added support for the Application Layer Protocol Negotiation
(ALPN) extension.

** libgnutls: Removed support for the RSA-EXPORT ciphersuites.

** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).

** API and ABI modifications:
gnutls_cipher_get_iv_size: Added
gnutls_hmac_set_nonce: Added
gnutls_mac_get_nonce_size: Added


* Version 3.1.10 (released 2013-03-22)

** certtool: When generating PKCS #12 files use by default the
ARCFOUR (RC4) cipher to be compatible with devices that don't
support AES with PKCS #12.

** libgnutls: Load CA certificates in android 4.x systems.

** libgnutls: Optimized CA certificate loading.

** libgnutls: Private keys are overwritten on deinitialization.

** libgnutls: PKCS #11 slots are scanned only when needed, not
on initialization. This speeds up gnutls initialization when smart
cards are present.

** libgnutls: Corrected issue in the (deprecated) external key
signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen.

** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by
Joke de Buhr.

** libgnutls-dane: Updated DANE verification options.

** configure: Trust store file must be explicitly set or unset when
cross compiling.

** API and ABI modifications:
gnutls_x509_crt_get_issuer_dn2: Added
gnutls_x509_crt_get_dn2: Added
gnutls_x509_crl_get_issuer_dn2: Added
gnutls_x509_crq_get_dn2: Added
gnutls_x509_trust_list_remove_trust_mem: Added
gnutls_x509_trust_list_remove_trust_file: Added
gnutls_x509_trust_list_remove_cas: Added
gnutls_session_get_desc: Added
gnutls_privkey_sign_raw_data: Added
gnutls_privkey_status: Added





* Version 3.1.9 (released 2013-02-27)

** certtool: Option --to-p12 will now ask for a password to generate
a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.

** libgnutls: Corrected issue in gnutls_pubkey_verify_data().

** libgnutls: Corrected parsing issue in XMPP within a subject
alternative name. Reported by James Cloos.

** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
modules, and not only the ones loaded via p11-kit.

** libgnutls: Added function to check whether the private key is
still available (inserted).

** libgnutls: Try to detect fork even during nonce generation.

** API and ABI modifications:
gnutls_handshake_set_random: Added
gnutls_transport_set_int2: Added
gnutls_transport_get_int2: Added
gnutls_transport_get_int: Added
gnutls_record_cork: Exported
gnutls_record_uncork: Exported
gnutls_pkcs11_privkey_status: Added


* Version 3.1.8 (released 2013-02-10)

** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return
GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation
with encrypted keys. Reported by Yan Fiz.

** libgnutls: The minimum DH bits accepted by priorities NORMAL and
PERFORMANCE was set to previous defaults 727 bits. Reported by Diego
Elio Petteno.

** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash()
to operate with long keys. Reported by Erik A Jensen.

** API and ABI modifications:
No changes since last version.


* Version 3.1.7 (released 2013-02-04)

** certtool: Added option "dn" which allows to directly set the DN
in a template from an RFC4514 string.

** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.

** libgnutls-xssl: Added a new library to simplify GnuTLS usage.

** libgnutls-dane: Added function to specify a DLV file.

** libgnutls: Heartbeat code was made optional.

** libgnutls: Fixes in server side of DTLS-0.9.

** libgnutls: DN variable 'T' was expanded to 'title'.

** libgnutls: Fixes in record padding parsing to prevent a timing attack.
Issue reported by Kenny Paterson and Nadhem Alfardan.

** libgnutls: Added functions to directly set the DN in a certificate
or request from an RFC4514 string.

** libgnutls: Optimizations in the random generator. The re-seeding of
it is now explicitly done on every session deinit.

** libgnutls: Simplified the DTLS sliding window implementation.

** libgnutls: The minimum DH bits accepted by a client are now set
by the specified priority string. The current values correspond to the
previous defaults (727 bits), except for the SECURE128 and SECURE192
strings which increase the minimum to 1248 and 1776 respectively.

** libgnutls: Added the gnutls_record_cork() and uncork API to enable
buffering in sending application data.

** libgnutls: Removed default random padding, and added a length-hiding interface
instead.  Both the server and the client must support this extension. Whether
length-hiding can be used on a given session can be checked using
gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti.

** libgnutls: Added the experimental %NEW_PADDING priority string. It enables
a new padding mechanism in TLS allowing arbitrary padding in TLS records
in all ciphersuites, which makes length-hiding more efficient and solves
the issues with timing attacks on CBC ciphersuites.

** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
ciphers (i.e., AES-GCM). Reported by William McGovern.

** API and ABI modifications:
gnutls_db_check_entry_time: Added
gnutls_record_set_timeout: Added
gnutls_record_get_random_padding_status: Added
gnutls_x509_crt_set_dn: Added
gnutls_x509_crt_set_issuer_dn: Added
gnutls_x509_crq_set_dn: Added
gnutls_range_split: Added
gnutls_record_send_range: Added
gnutls_record_set_max_empty_records: Added
gnutls_record_can_use_length_hiding: Added
gnutls_rnd_refresh: Added
xssl_deinit: Added
xssl_flush: Added
xssl_read: Added
xssl_getdelim: Added
xssl_write: Added
xssl_printf: Added
xssl_sinit: Added
xssl_client_init: Added
xssl_server_init: Added
xssl_get_session: Added
xssl_get_verify_status: Added
xssl_cred_init: Added
xssl_cred_deinit: Added
dane_state_set_dlv_file: Added
GNUTLS_SEC_PARAM_EXPORT: Added
GNUTLS_SEC_PARAM_VERY_WEAK: Added


* Version 3.1.6 (released 2013-01-02)

** libgnutls: Fixed record padding parsing issue. Reported by Kenny
Patterson and Nadhem Alfardan.

** libgnutls: Several updates in the ASN.1 string handling subsystem.

** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero
policy qualifiers.

** libgnutls: Ignore heartbeat messages when received out-of-order,
instead of issuing an error.

** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
by Kikuchi Masashi.

** libgnutls: TPM support is disabled by default because GPL programs
cannot link with it. Use --with-tpm to enable it.

** libgnutls-guile: Fixed parallel compilation issue.

** gnutls-cli: It will try to connect to all possible returned addresses
before failing.

** API and ABI modifications:
No changes since last version.


* Version 3.1.5 (released 2012-11-24)

** libgnutls: Added functions to parse the certificates policies
extension.

** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished
Name by translating it to UTF-8 (works on windows or systems with iconv).

** libgnutls: Added PKCS #11 key generation function that returns the
public key on generation.

** libgnutls: Corrected bug in priority string parsing, that mostly
affected combined levels. Patch by Tim Kosse.

** certtool: The --pubkey-info option can be combined with the
--load-privkey or --load-request to print the corresponding public keys.

** certtool: It is able to set certificate policies via a template.

** certtool: Added --hex-numbers option which prints big numbers in
an easier to parse format.

** p11tool: After key generation, outputs the public key (useful in
tokens that do not store the public key).

** danetool: It is being built even without libgnutls-dane (the
--check functionality is disabled though).

** API and ABI modifications:
gnutls_pkcs11_privkey_generate2: Added
gnutls_x509_crt_get_policy: Added
gnutls_x509_crt_set_policy: Added
gnutls_x509_policy_release: Added
gnutls_pubkey_import_x509_crq: Added
gnutls_pubkey_print: Added
GNUTLS_CRT_PRINT_FULL_NUMBERS: Added


* Version 3.1.4 (released 2012-11-10)

** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on
the available revocation data validity.

** libgnutls: Added gnutls_certificate_verification_status_print(),
a function to print the verification status code in human readable text.

** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS.

** libgnutls: Simplified certificate verification by adding
gnutls_certificate_verify_peers3().

** libgnutls: Added support for extension to establish keys for SRTP.
Contributed by Martin Storsjo.

** libgnutls: The X.509 verification functions check the key
usage bits and pathlen constraints and on failure output
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE.

** libgnutls: gnutls_x509_crl_verify() includes the time checks.

** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN
and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default.

** libgnutls: Always tolerate key usage violation errors from the side
of the peer, but also notify via an audit message.

** gnutls-cli: Added --local-dns option.

** danetool: Corrected bug that prevented loading PEM files.

** danetool: Added --check option to allow querying and verifying
a site's DANE data.

** libgnutls-dane: Added pkg-config file for the library.

** API and ABI modifications:
gnutls_session_get_id2: Added
gnutls_sign_is_secure: Added
gnutls_certificate_verify_peers3: Added
gnutls_ocsp_status_request_is_checked: Added
gnutls_certificate_verification_status_print: Added
gnutls_srtp_set_profile: Added
gnutls_srtp_set_profile_direct: Added
gnutls_srtp_get_selected_profile: Added
gnutls_srtp_get_profile_name: Added
gnutls_srtp_get_profile_id: Added
gnutls_srtp_get_keys: Added
gnutls_srtp_get_mki: Added
gnutls_srtp_set_mki: Added
gnutls_srtp_profile_t: Added
dane_cert_type_name: Added
dane_match_type_name: Added
dane_cert_usage_name: Added
dane_verification_status_print: Added
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added
GNUTLS_CERT_UNEXPECTED_OWNER: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added


* Version 3.1.3 (released 2012-10-12)

** libgnutls: Added support for the OCSP Certificate Status
extension.

** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP
certificate status extension in verification.

** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl().

** libgnutls: Increased maximum password length in the PKCS #12
functions.

** libgnutls: Fixed the receipt of session tickets during session resumption.
Reported by danblack at http://savannah.gnu.org/support/?108146

** libgnutls: Added functions to export structures in an allocated buffer.

** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
response corresponds to the given certificate.

** libgnutls: In client side gnutls_init() enables the session ticket and
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.

** libgnutls: Several updates in the OpenPGP code. The generating code
is fully RFC6091 compliant and RFC5081 support is only supported in client
mode.

** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
certificate verification.

** gnutls-cli: Added --dane option to enable DANE certificate verification.

** danetool: Added tool to generate DANE TLSA Resource Records (RR).

** API and ABI modifications:
gnutls_certificate_get_peers_subkey_id: Added
gnutls_certificate_set_ocsp_status_request_function: Added
gnutls_certificate_set_ocsp_status_request_file: Added
gnutls_ocsp_status_request_enable_client: Added
gnutls_ocsp_status_request_get: Added
gnutls_ocsp_resp_check_crt: Added
gnutls_dh_params_export2_pkcs3: Added
gnutls_pubkey_export2: Added
gnutls_x509_crt_export2: Added
gnutls_x509_dn_export2: Added
gnutls_x509_crl_export2: Added
gnutls_pkcs7_export2: Added
gnutls_x509_privkey_export2: Added
gnutls_x509_privkey_export2_pkcs8: Added
gnutls_x509_crq_export2: Added
gnutls_openpgp_crt_export2: Added
gnutls_openpgp_privkey_export2: Added
gnutls_pkcs11_obj_export2: Added
gnutls_pkcs12_export2: Added
gnutls_pubkey_import_openpgp_raw: Added
gnutls_pubkey_import_x509_raw: Added
dane_state_init: Added
dane_state_deinit: Added
dane_query_tlsa: Added
dane_query_status: Added
dane_query_entries: Added
dane_query_data: Added
dane_query_deinit: Added
dane_verify_session_crt: Added
dane_verify_crt: Added
dane_strerror: Added


* Version 3.1.2 (released 2012-09-26)

** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust()
and gnutls_x509_trust_list_add_trust_mem() that prevented the loading
of certificates in the windows platform.

** libgnutls: Corrected bug in OpenPGP subpacket encoding.

** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk.
(the work was done during Google Summer of Code).

** libgnutls: Added X.509 certificate verification flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
of unsorted certificate chains and is enabled by default for
TLS certificate verification (if gnutls_certificate_set_verify_flags()
does not override it).

** libgnutls: Prints warning on certificates that contain keys of
an insecure level. If the %COMPAT priority flag is not specified
the TLS connection fails.

** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
if interrupted during the retrasmition of handshake data.

** libgnutls: Better mingw32 support (patch by LRN).

** libgnutls: The %COMPAT keyword, if specified, will tolerate
key usage violation errors (they are far too common to ignore).

** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
parts of the data are controlled by the attacker _and_ are placed in
separate records (use with care - do not use compression if not sure).

** libgnutls: Depends on libtasn1 2.14 or later.

** certtool: Prints the number of bits of the public key algorithm
parameter in a private key.

** API and ABI modifications:
gnutls_x509_privkey_get_pk_algorithm2: Added
gnutls_heartbeat_ping: Added
gnutls_heartbeat_pong: Added
gnutls_heartbeat_allowed: Added
gnutls_heartbeat_enable: Added
gnutls_heartbeat_set_timeouts: Added
gnutls_heartbeat_get_timeout: Added
GNUTLS_SEC_PARAM_WEAK: Added
GNUTLS_SEC_PARAM_INSECURE: Added

* Version 3.1.1 (released 2012-09-02)

** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.

** certtool: Changes in password handling of certtool.
Ask password when required and only if the '--password' option is not
given. If the '--password' option is given during key generation then
assume the PKCS #8 file format, instead of ignoring the password.

** tpmtool: No longer asks for key password in registered keys.

** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin.
wmNAF is now used for point multiplication and other optimizations.
(the major part of the work was done during Google Summer of Code).

** libgnutls: The default pull_timeout_function only uses select
instead of a combination of select() and recv() to prevent issues
when used in stream sockets in some systems.

** libgnutls: Be tolerant in ECDSA signature violations (e.g. using
SHA256 with a SECP384 curve instead of SHA-384), to interoperate with
openssl.

** libgnutls: Fixed DSA and ECDSA signature generation in smart
cards. Thanks to Andreas Schwier from cardcontact.de for providing
me with ECDSA capable smart cards.

** API and ABI modifications:
gnutls_sign_algorithm_get: Added
gnutls_sign_get_hash_algorithm: Added
gnutls_sign_get_pk_algorithm: Added


* Version 3.1.0 (released 2012-08-15)

** libgnutls: Added direct support for TPM as a cryptographic module
in gnutls/tpm.h. TPM keys can be used in functions accepting files
using URLs of the following types:
  tpmkey:file=/path/to/file
  tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user

** libgnutls: Priority string level keywords can be combined.
For example the string "SECURE256:+SUITEB128" is now allowed.

** libgnutls: requires libnettle 2.5.

** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5)
for encryption and signatures.

** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
generic errors and signature verification errors in the verification
functions.

** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function
to simplify parsing in most PKCS #12 use cases.

** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds
the whole certificate chain (if any) to the credentials structure, instead
of only the end-user certificate.

** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse()
and gnutls_x509_privkey_import_pkcs8(), return consistently
GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no
password was provided.

** libgnutls: Added gnutls_handshake_set_timeout() a function that
allows to set the maximum time spent in a handshake.

** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
by Alexandre Bique.

** tpmtool: Added. It is a tool to generate private keys in the
TPM.

** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx
and --benchmark-tls-ciphers

** certtool: generated PKCS #12 structures may hold more than one
private key. Patch by Lucas Fisher.

** certtool: Added option --null-password to generate/decrypt keys
that use a NULL password (in schemas that distinguish between NULL
an empty passwords).

** minitasn1: Upgraded to libtasn1 version 2.13.

** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
GNUTLS_CAMELLIA_192_CBC: Added
GNUTLS_PKCS_NULL_PASSWORD: Added
gnutls_url_is_supported: Added
gnutls_pkcs11_obj_list_import_url2: Added
gnutls_pkcs11_obj_set_pin_function: Added
gnutls_pkcs11_privkey_set_pin_function: Added
gnutls_pkcs11_get_pin_function: Added
gnutls_privkey_import_tpm_raw: Added
gnutls_privkey_import_tpm_url: Added
gnutls_privkey_import_pkcs11_url: Added
gnutls_privkey_import_openpgp_raw: Added
gnutls_privkey_import_x509_raw: Added
gnutls_privkey_import_ext2: Added
gnutls_privkey_import_url: Added
gnutls_privkey_set_pin_function: Added
gnutls_tpm_privkey_generate: Added
gnutls_tpm_key_list_deinit: Added
gnutls_tpm_key_list_get_url: Added
gnutls_tpm_get_registered: Added
gnutls_tpm_privkey_delete: Added
gnutls_pubkey_import_tpm_raw: Added
gnutls_pubkey_import_tpm_url: Added
gnutls_pubkey_import_url: Added
gnutls_pubkey_verify_hash2: Added
gnutls_pubkey_set_pin_function: Added
gnutls_x509_privkey_import2: Added
gnutls_x509_privkey_import_openssl: Added
gnutls_x509_crt_set_pin_function: Added
gnutls_load_file: Added
gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
gnutls_certificate_set_pin_function: Added
gnutls_x509_trust_list_add_system_trust: Added
gnutls_x509_trust_list_add_trust_file: Added
gnutls_x509_trust_list_add_trust_mem: Added
gnutls_pk_to_sign: Added
gnutls_handshake_set_timeout: Added
gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
fcbba46

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

wen Update to 0.96
Upstream changes:
version 0.96 at 2013-07-08 06:53:34 +0000
-----------------------------------------

  Change: a78109ca3e2c9338bf98185c2014ba2be4a04942
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-08 07:53:34 +0000

    Fix patch applying for v5.18.0

-----------------------------------------
version 0.94 at 2013-07-07 13:45:00 +0000
-----------------------------------------

  Change: c5257739abd2cde575036ba9b105977679a30273
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-07 14:45:00 +0000

    Added commit 4149c7198d9b78d861df289cce40dd865cab57e7

    Fixes a regmatch pointer 32-bit wraparound regression in v5.18.0

-----------------------------------------
version 0.92 at 2013-07-07 13:29:48 +0000
-----------------------------------------

  Change: 8881838495367f05f599939d4e1eac86106785fa
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-07 14:29:48 +0000

    Update Midnight BSD hints for 0.4-RELEASE

-----------------------------------------
version 0.90 at 2013-05-18 22:58:06 +0000
-----------------------------------------

  Change: fe0a97026ae5a56374b1d9a5968554a0c9b693bc
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 23:58:06 +0000

    Bumped version to 0.90

  Change: cc5a37b1298b45fe2e74a4db92e85561a12f1052
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 23:50:04 +0000

    Added gcc m64 fixes for Solaris 11

    http://perl5.git.perl.org/perl.git/commitdiff/1ddb6a4

    http://perl5.git.perl.org/perl.git/commitdiff/767f54d

  Change: 815ff70a8a86c97742a0afdc5a092c590c729e80
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 22:04:29 +0000

    Update hpux hints

  Change: 089592af98239448a956586cf8998dee7b2ab7b6
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 21:46:55 +0000

    Added hints audit tool

  Change: 842e6a11a1dac1adfa253a4a9dbd60d53286fa8e
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 18:24:52 +0000

    Added 'hints' function to Devel::PatchPerl::Hints

-----------------------------------------
version 0.88 at 2013-05-16 12:02:55 +0000
-----------------------------------------

  Change: 7a381f7a969eeb683343ddc3511169298aa19889
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-16 13:02:55 +0000

    Make determine_version() available in the public API

    bingos/devel-patchperl#12

-----------------------------------------
version 0.86 at 2013-05-08 15:39:07 +0000
-----------------------------------------

  Change: 50d0a6e5c2b5f25de596463f219c78204e0ae477
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-08 16:39:07 +0000

    Bump version

  Change: 09c3d04f1eddb60cdbba7b597a9c114c7396be2f
  Author: Chris Williams <chris@bingosnet.co.uk>
  Date : 2013-05-08 08:11:48 +0000

    Merge pull request #11 from hirose31/prevent-premature-hsplit

    Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
    5.12.5

  Change: 19a38ec13e6634a4707bb5043da051b6c551c23f
  Author: HIROSE Masaaki <hirose31@gmail.com>
  Date : 2013-05-08 13:52:42 +0000

    Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
    5.12.5

-----------------------------------------
version 0.84 at 2013-03-08 21:35:14 +0000
-----------------------------------------

  Change: 7b5f0d6c51dbff9a22f250813e230816d3d36f08
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-03-08 21:35:14 +0000

    Remove requirement on IPC::Cmd

    This should make the perlbrew peeps happy

-----------------------------------------
version 0.82 at 2013-02-25 21:38:08 +0000
-----------------------------------------

  Change: 3e146301433f8098460dc6fd5d1930fc48c2903a
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 21:38:08 +0000

    Update Linux hints

-----------------------------------------
version 0.80 at 2013-02-25 12:04:03 +0000
-----------------------------------------

  Change: ef4dfcccd90f7f786847998cba8891b69fd5a2e1
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 12:04:03 +0000

    Bump version to 0.80

  Change: 4e3020edfa3b3adcb79dd4d3c8e410f8cb12bf53
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 12:02:09 +0000

    Ensure that the linux hints file gets updated for kfreebsd as well

  Change: 52fde6650e6a6324c7817fb81d9d08260f73d96a
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 11:41:38 +0000

    Add updated hints for gnukfreebsd

-----------------------------------------
version 0.78 at 2013-02-17 16:58:31 +0000
-----------------------------------------

  Change: 0c2be36694492d5824f7704cf9d3473c28228d99
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-17 16:58:31 +0000

    Added midnightbsd hints file which supports 0.4
a950bcd

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

ryoon Update to 3.15.1
Changelog:
NSS 3.15.1 release notes

Introduction

Network Security Services (NSS) 3.15.1 is a patch release for NSS 3.15. The bug fixes in NSS 3.15.1 are described in the "Bugs Fixed" section below.
Distribution Information

NSS 3.15.1 source distributions are also available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/

New in NSS 3.15.1
New Functionality

    TLS 1.2: TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations.
        The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1.
        AES GCM cipher suites are not yet supported.

New Functions

None.
New Types

    in sslprot.h
        SSL_LIBRARY_VERSION_TLS_1_2 - The protocol version of TLS 1.2 on the wire, value 0x0303.
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_NULL_SHA256 - New TLS 1.2 only HMAC-SHA256 cipher suites.
    in sslerr.h
        SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, SSL_ERROR_DIGEST_FAILURE, SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM - New error codes for TLS 1.2.
    in sslt.h
        ssl_hmac_sha256 - A new value in the SSLMACAlgorithm enum type.
        ssl_signature_algorithms_xtn - A new value in the SSLExtensionType enum type.

New PKCS #11 Mechanisms

None.
Notable Changes in NSS 3.15.1

    Bug 856060 - Enforce name constraints on the common name in libpkix  when no subjectAltName is present.
    Bug 875156 - Add const to the function arguments of SEC_CertNicknameConflict.
    Bug 877798 - Fix ssltap to print the certificate_status handshake message correctly.
    Bug 882829 - On Windows, NSS initialization fails if NSS cannot call the RtlGenRandom function.
    Bug 875601 - SECMOD_CloseUserDB/SECMOD_OpenUserDB fails to reset the token delay, leading to spurious failures.
    Bug 884072 - Fix a typo in the header include guard macro of secmod.h.
    Bug 876352 - certutil now warns if importing a PEM file that contains a private key.
    Bug 565296 - Fix the bug that shlibsign exited with status 0 even though it failed.
    The NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option is removed.

Bugs fixed in NSS 3.15.1

    https://bugzilla.mozilla.org/buglist.cgi?list_id=5689256;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.15.1;product=NSS

Compatibility

NSS 3.15.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.



NSS 3.15 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.15, which is a minor release.
Distribution Information

The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.

NSS 3.15 source distributions are available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/

New in NSS 3.15
New Functionality

    Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.
    Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    certutil has been updated to support creating name constraints extensions.

New Functions

    in ssl.h
        SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension.
        SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
    in ocsp.h
        CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
        SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time.
    in xconst.h
        CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
    in secitem.h
        SECITEM_AllocArray
        SECITEM_DupArray
        SECITEM_FreeArray
        SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays
        SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938.
    in pk11pub.h
        PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
        PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

New Types

    in secitem.h
        SECItemArray - Represents a variable-length array of SECItems.

New Macros

    in ssl.h
        SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

Notable Changes in NSS 3.15

    SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

    NSS has migrated from CVS to the Mercurial source control management system.

    Updated build instructions are available at Migration to HG

    As part of this migration, the source code directory layout has been re-organized.

    The list of root CA certificates in the nssckbi module has been updated.

    The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

    Applications that use SSL_AuthCertificateHook to override the default handler should add appropriate calls to SSL_PeerStapledOCSPResponse and CERT_CacheOCSPResponseFromSideChannel.
    Bug 554369: Fixed correctness of CERT_CacheOCSPResponseFromSideChannel and other OCSP caching behaviour.
    Bug 853285: Fixed bugs in AES GCM.
    Bug 341127: Fix the invalid read in rc4_wordconv.
    Faster NIST curve P-256 implementation.
    Dropped (32-bit) SPARC V8 processor support on Solaris. The shared library libfreebl_32int_3.so is no longer produced.

Bugs fixed in NSS 3.15

This Bugzilla query returns all the bugs fixed in NSS 3.15:

https://bugzilla.mozilla.org/buglist.cgi?list_id=6278317&resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.15
07b59cb

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

wiz Update to 2.54:
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $
! Encode.xs
+ t/cow.t
  Addressed: COW breakage with _utf8_on()
  https://rt.cpan.org/Ticket/Display.html?id=88230
! Encode.pm
  Reverted the document accordingly to #11
  dankogai/p5-encode#10
+ t/decode.t
  Unit test for decoding behavior change in #11
  dankogai/p5-encode#12

2.53 2013/08/29 15:20:31
! Encode.pm
  Merged: Do not short-circuit decode_utf8 with utf8 flags
  dankogai/p5-encode#11
  Merged: document decode_utf8 behaviour more precise
  dankogai/p5-encode#10
! Makefile.PL
  Added repository cpan metadata
  dankogai/p5-encode#9

2.52 2013/08/14 02:29:54
! ucm/*.ucm
  Addressed:
    Unicode Mappping tables are missing Unicode Inc. license notification
    All files including "as long as this notice remains attached" now
    have that notice attached in the comment section.  (cp* and mac*
    do not since their source files do not include that notice)
  https://rt.cpan.org/Ticket/Display.html?id=87340
! lib/Encode/MIME/Header.pm
  t/mime-header.t
  Addressed: encoding "0" with MIME-Headers gets a blank string
  https://rt.cpan.org/Ticket/Display.html?id=87831
! Encode.pm
  Addressed: Documentation buglet
  https://rt.cpan.org/Ticket/Display.html?id=84992
! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL
  Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL
  Symbol/Makefile.PL TW/Makefile.PL
  Applied: Patch to output #includes in deterministic order
  https://rt.cpan.org/Ticket/Display.html?id=86974

2.51 2013/04/29 22:19:11
! Encode.xs
  Addressed: Encode.xs doesn't compile with Microsoft C compiler
  https://rt.cpan.org/Public/Bug/Display.html?id=84920
! MANIFEST
  Addressed: t/taint.t missing
  https://rt.cpan.org/Public/Bug/Display.html?id=84919

2.50 2013/04/26 18:30:46
! Encode.xs Unicode/Unicode.xs
  lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm
  t/taint.t
  Addressed: Encode::encode and Encode::decode
             gratuitously launders tainted data
  Taintedness now propagates as it should.
  https://rt.cpan.org/Ticket/Display.html?id=84879
! encoding.pm
  Addressed: 5.18 deprecation
  https://rt.cpan.org/Ticket/Display.html?id=84709
! bin/piconv
  Applied: Update piconv documentation
  https://rt.cpan.org/Ticket/Display.html?id=84695

2.49 2013/03/05 03:12:49
! Encode.xs
  Addressed: Encoding objects leak memory if decoding fails
  dankogai/p5-encode#8

2.48 2013/02/18 02:23:56
! encoding.pm
  t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t
  t/encoding.t t/jperl.t
  [PATCH] Deprecate encoding.pm
  https://rt.cpan.org/Ticket/Display.html?id=81255
! Encode/Supported.pod
  Fixed: Pod errors
  https://rt.cpan.org/Ticket/Display.html?id=81426
! Encode.pm t/Encode.t
  [PATCH] Fix for shared hash key scalars
  https://rt.cpan.org/Ticket/Display.html?id=80608
! Encode.pm
  Fixed: Uninitialized value warning from Encode->encodings()
  https://rt.cpan.org/Ticket/Display.html?id=80181
! Makefile.PL
  Install to 'site' instead of 'perl' when perl version is 5.11+
  https://rt.cpan.org/Ticket/Display.html?id=78917
! Encode/Makefile_PL.e2x
  find enc2xs.bat if it works on windows.
  dankogai/p5-encode#7
! t/piconv.t
  Fix finding piconv in t/piconv.t
  dankogai/p5-encode#6
a742646

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

ryoon Update to 3.15.2
Changelog:
Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.

    Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.

New in NSS 3.15.2
New Functionality

    AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_128_GCM_SHA256

New Functions

PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types

No new types have been introduced.
New PKCS #11 Mechanisms

No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2

    Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
    Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
    Bug 884178 - Add PK11_CipherFinal macro

Bugs fixed in NSS 3.15.2

    Bug 734007 - sizeof() used incorrectly
    Bug 900971 - nssutil_ReadSecmodDB() leaks memory
    Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
    Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.

A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility

NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
bf8f2b9

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

minskim Update tcpreplay to 3.4.4.
Changes:
- Set default timing method to either gtod or abstime (#404)
- Fix IPv6 parsing of CIDR's (#405)
- Add support for preloading the memory cache (#410)
- Generate more useful error when packets are too small (#411)
- Update to libopts/Autogen 5.9.9 (#412)
- Ship Win32Readme.txt file (#413)
- Update copyright notice to 2010 (#416)
- Dramatically enhance --portmap option (#417)
- Update autotools (#423)
- Add support for printing statistics periodically during the run (#424)
- Warn user when pcap snaplen < 65535 (#425)
- Add 802.1q processing support tcpprep (#428)
- Link libnl when newer versions of libpcap require it (#397)
- Ship m4 directory (#398)
- Upgrade to latest autotools scripts (#400)
- Fix error message when running autogen.sh (#401)
- Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11)
- Add IPv6 fragroute support (#388)
- Add IPv6 decoding support to tcpprep (#11)
- Fix compile time error in err.h (#390)
- Add --endpoints support in tcpreplay-edit (#393)
86efa5e

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

wiz Update to 3.2.6:
* Version 3.2.6 (released 2013-10-31)

** libgnutls: Support for TPM via trousers is now enabled by default.

** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.

** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.

** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.

** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.

** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.

** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.

** gnulib: updated.

** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.

** p11tool: Added option generate-random.

** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
8b434da

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

wiz Update to 3.2.7:
* Version 3.2.7 (released 2013-11-23)

** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).

** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.

** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.

** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html

** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.

** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.

** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.

** libgnutls: Session tickets are encrypted using AES-GCM.

** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.

** libgnutls: Forbid all compression methods in DTLS.

** gnutls-serv: Fixed issue with IPv6 address in UDP mode.

** certtool: When exporting an encrypted PEM private key do not output the key
parameters.

** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.

** certtool: Added new template options: 'activation_date', and
'expiration_date'.

** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.

** tools: The installed version of libopts is used if the autogen tool is
present.

** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
235edd0

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

schmonz Update to 20131010. From the changelog:
Incompatible Changes:
* can no longer use both `\' and `:' (didn't work anyway)

New Features:
* Handling of run-time errors (default: die) is now overridable by
  subclasses via signature_error_handler(). [github #54]
* Can now have aliased named parameters. [github #57]
* remove dependency on Devel::BeginLift [github #39]
* can now use `when' to specify default conditions [github #48]
* can use `//=' as a shortcut for `when undef' [github #45]
* can now provide `where' constraints in addition to (or instead
  of) a type [github #7]
* can now use `...' to disable further argument checking [github #49]
* can now specify more than one alternative in type unions [github #55]
* can now nest parameterized types

Bug Fixes:
* Removed experimental smartmatch warnings
* Don't require Data::Alias for named params unless you have to [github #71]
* Fixed obscure bug where an eval in Method::Signatures wouldn't
  be skipped when carp'ing (i.e. in carp_location_for()) [github #72]
* Data::Alias is only loaded when needed avoiding a threads + eval
  bug in most cases and improving compile time performance.
  [rt.cpan.org 82922, github #62]
* Compile-time errors now reporting proper line numbers. [github #61]
* Trailing commas on parameter lists are now ok. [rt.cpan.org 81364]
* Default condition of `when {}' now interpreted as `when { $_ ~~
  {} }' (avoids parse error). [github #60]

Optimizations:
* better signature parsing using PPI [github #11]

Distribution Fixes:
* Fixed failing test in 5.10.0 (uncovered by CPAN Testers)
* Fixed repo link in metadata (thanks dsteinbrunner) [github #87]
* Add M::S::Parameter to MANIFEST [github #76]
* Change representation of Infinity to work on Win32 [github #75]
* Fixed stray detritus in MANIFEST.
* Somehow my last-minute fix to the new error handler test didn't
  make it in; this will fix "Can't locate Moose.pm" errors.
* Fixed test failing on 5.10.0 as per github #59.
* Fixed subtests failing on Test::More's prior to 0.96.

Docs:
* Updated close parend problem to include quotes and a workaround
  [rt.cpan.org 85925]
* Fixed some typos (thanks dsteinbrunner) [github #88]
* Found and fixed missing parend
* Minor clarifications here and there.
* Clarified what doesn't work in Perl 5.8.
* Added Function::Parameters to See Also section.
* Updated copyright.
* documented all new features
* new ASCI-art breakdown of signature syntax
* minor tweaks and corrections

Misc:
* Rearranged so signature is now an object [github #30]
* Add hook for Travis CI [github #78]
* Failure to parse parameters will now produce a more useful error.
cbac0bb

@jperkin jperkin pushed a commit that referenced this issue Jan 21, 2014

ryoon Update to 3.15.4
Changelog:
from: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes

Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.4.
Users are encouraged to upgrade immediately.

Bug 919877 - (CVE-2013-1740) When false start is enabled, libssl will
sometimes return unencrypted, unauthenticated data from PR_Recv


New in NSS 3.15.4
New Functionality
    Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method.
    Implemented OCSP server functionality for testing purposes (httpserv utility).
    Support SHA-1 signatures with TLS 1.2 client authentication.
    Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database.
    Added the -w command-line option to pp: don't wrap long output lines.

New Functions
    CERT_ForcePostMethodForOCSP
    CERT_GetSubjectNameDigest
    CERT_GetSubjectPublicKeyDigest
    SSL_PeerCertificateChain
    SSL_RecommendedCanFalseStart
    SSL_SetCanFalseStartCallback

New Types
    CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST.

New PKCS #11 Mechanisms
None.

Notable Changes in NSS 3.15.4

    Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices.
    Updated the set of root CA certificates (version 1.96).
    Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function.
    When building on Windows, OS_TARGET now defaults to WIN95. To use the WINNT build configuration, specify OS_TARGET=WINNT.

Bugs fixed in NSS 3.15.4

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS

Compatibility
NSS 3.15.4 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries will
work with NSS 3.15.4 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.
3b81d5d

@jperkin jperkin pushed a commit that referenced this issue Jan 29, 2014

wiz Update to 3.2.9 based on patch from Richard Palo.
Assembler issues still seem to be there at least on SunOS.

* Version 3.2.9 (released 2014-01-24)

** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.

** libgnutls: %COMPAT implies %DUMBFW.

** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.

* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.

** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.

** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html

** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.

** p11tool: Added --so-login option to force login as security
officer (admin).

** API and ABI modifications:
No changes since last version.
4ee574e

@jperkin jperkin pushed a commit that referenced this issue Feb 10, 2014

obache Update cutter to 1.2.3.
== [release-1-2-3] 1.2.3: 2014-02-09

As long time has passed since Cutter 1.2.2 release,
there are some improvements and fixed bugs.

After Cutter 1.2.2 release, you can install Cutter from
Fedora's official yum repository. No need to register Cutter yum repository on Fedora anymore.

=== Cutter

==== Improvements

  * [doc] Removed a needless period from installation link.
    [GitHub #6] [Patch by Masafumi Yokoyama]
  * Supported lcov 1.10. [cutter-users-ja:92] [Reported by Siganai SE]
  * [doc] Updated download URL on SF.net. [cutter-users-ja:91] [Reported by Siganai SE]
  * [doc] Updated XML report format. [cutter-users-ja:91] [Reported by Siganai SE]
  * Added more trace logs for loader. It helps you to investigate the case when no tests are loaded.
  * [doc] Updated Cygwin's setup.exe URL.
  * Added --log-level option. The value of default log level is "critical|error|warning|message".

==== Fixes

  * [loader] Fixed a bug that ELF loader can't collect symbol because of wrong comparison.
  * Fixed memory leaks on loading all modules.
  * Fixed a warning from GCC 4.8.1 on Ubuntu 13.10
    [GitHub #9] [Reported by Kazuhiro Yamato]

=== CppCutter

==== Improvements

  * Supported cppcut_assert_equal(const type_info &, const type_info &)
    [GitHub #4] [Patch by Kazuhiro Yamato]
  * Supported to catch unhandled C++ exception in test case.
    This change avoids to crash when unexpected exception is thrown.
    [GitHub #8] [Suggested by Kazuhiro Yamato] [Patch by Kazuhiro Yamato]
  * Supported to call destructors of objects on a stack even when an assertion is failed.
    [GitHub #10] [Patch by Kazuhiro Yamato]

==== Fixes

  * [Clang] Fixed a compile error which is caused by missing std::type_info forward declaration.
  * Fixed an invalid memory access when an exception is thrown in cutter's
    assertion function.
    [GitHub #11] [Patch by Kazuhiro Yamato]

=== GCutter

==== Fixes

  * [doc] Fixed a signal name typo about gcut-egg example.

=== Thanks

  * Kazuhiro Yamato
  * Masafumi Yokoyama
  * Siganai SE
185f6f5

@jperkin jperkin pushed a commit that referenced this issue Feb 17, 2014

wen Update to 0.19
Upstream changes:
0.19  2014-01-22
  - fix an obscure issue with loading modules during global destruction
    (ilmari, #11)
  - documentation updates (anaxagoras, #12)
9f6e823

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

taca Update ruby-gettext to 2.3.5.
# News
## <a id="2-3-5">2.3.5</a>: 2012-12-11

This is a bug fix release.

### Fixes

  * [POParser] Fixed the class name for backward compatibility.

## <a id="2-3-4">2.3.4</a>: 2012-12-11

This is a many changes and new implements release.

### Improvements

  * [Merger] Implemented "fuzzy-match" with Levenshtein distance.
  * Added the class "PO" for management PO entries. Please use PO
    instead of PoData. (see details in
    http://rubydoc.info/gems/gettext/GetText/PO.html)
  * [POEntry (renamed from PoMessages)] Supported to specify msgstr.
  * [POEntry] Stored comments each type
    (translator\_comment, extracted\_comment, flag, previous).
    see
    http://www.gnu.org/software/gettext/manual/html_node/PO-Files.html
    for details of comment type.
  * [POEntry] Checked if specified type is valid in #type=.
  * [PoParser][MO] Concatenated msgctxt, msgid, msgid\_plural to
    "#{msgctxt}\004#{msgid}\000"{msgid\_plural}" by MO instead of
    PoParser. PoData and MO treat a concatenated string as msgid, but
    PO doesn't.
  * [PoParser] Parsed each type comment from whole comment.

### Changes

  * Rename some classes and methods.
    * PoMessage to PoEntry. This isn't "message" but "entry".
      (See http://www.gnu.org/software/gettext/manual/gettext.html#PO-Files)
    * PoMessages#== to POEntry#mergeable?.
    * PoMessages#to\_po\_str to POEntry#to\_s.
    * PoMessages#sources(sources=) to POEntry#references(references=)
    * MoFile to MO. For backword compatible, MoFile can be used now.
    * PoParser to POParser. For backword compatible, PoParser can be used now.
  * Raised no error when POEntry doesn't have references.
    It is useful for no references in .PO file.

# News
## <a id="2-3-3">2.3.3</a>: 2012-10-18

It's a package fix and msginit improvement release.

### Improvements

  * [msginit] Supported plural forms for Bosnian, Catalan, Norwegian
    Bokmal and Chinese.

### Fixes

  * Fixed the bug that messages (i.e. the help message for rmsgfmt)
    aren't localized in each environment. However, some
    messages aren't tranlated or resolved fuzzy. Please
    help us to translate or resolve them.
    [Github #12][Reported by mtasaka]
  * Used String#% to localize some messages.

### Thanks

  * mtasaka

## <a id="2-3-2">2.3.2</a>: 2012-09-20

It's a bug fix release.

### Fixes

  * Fixed the bug that untranslated messages are included in a .mo file.
    [Github #11][Reported by Ramón Cahenzli]

### Thanks

  * Ramón Cahenzli
6a3967c

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

obache Update ruby-ole to 1.2.11.5.
== 1.2.11.5 / 2012-11-06

- Fix breakage of IO.parse_mode on Rubinius (issue #10).
- Make tests pass on rubinius (issue #11).
- Improve RangesIO test coverage.
- Don't warn when mbat_start is AVAIL instead of EOC (github #9).
05c0bc6

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

obache Update ruby-ole to 1.2.11.6.
== 1.2.11.6 / 2012-12-10

- Fix breakage of writable IO stream detection on Windows (github #11).
bbdfbd3

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

obache Update gmtk to 1.0.8.
1.0.8
    Updated Spanish translation
    Updated Japanese translation
	Rework initial subtitle visibility setting
1.0.8b
    Updated Korean translation
    Run make update-po
    Add message when screenshot capture fails
    Switch to GLIB for GMLIB header files, since GTK is not included
    Switch to GTK VERSION tags when possible
    Updated Japanese translation
    Fix compliation of gmtk_media_tracker in generic application
    Run make update-po
    Remove audio export filter when codec cannot use it
    Remove cairo variable from gmtk_media_player
    Version bump to 1.0.8a
    Use cairo and the draw event to draw the background in GTK3
    Set background color in gmtk_media_player widget using specific realize events
    Address parallel build problem from Issue #11
c4c1c63

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

ryoon Update to 1.1.20
Changelog:
Version 1.1.20 (released 24-Apr-2013)

  * fix tab-to-space handling regression in markup view
  * fix regression in root lookup handling (issue #526)

Version 1.1.19 (released 22-Apr-2013)

  * improve root lookup performance (issue #523)
  * new 'max_filesize_kbytes' config option and handling (issue #524)
  * tarball generation improvements:
    - preserve Subversion symlinks in generated tarballs (issue #487)
    - reduce memory usage of tarball generation logic
    - fix double compression of generated tarballs (issue #525)
  * file content handling improvements:
    - expanded support for encoding detection and transcoding (issue #11)
    - fix tab-to-space conversion bugs in markup, annotate, and diff views
    - fix handling of trailing whitespace in diff view
  * add support for timestamp display in ISO8601 format (issue #46)

Version 1.1.18 (released 28-Feb-2013)

  * fix exception raised by BDB-backed SVN repositories (issue #519)
  * hide revision-less files when rcsparse is in use
  * include branchpoints in branch views using rcsparse (issue #347)
  * miscellaneous cvsdb improvements:
    - add --port option to make-database (issue #521)
    - explicitly name columns in queries (issue #522)
    - update MySQL syntax to avoid discontinued "TYPE=" terms
41d52ec

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wiz Update to 3.2.1.
* Version 3.2.1 (released 2013-06-01)

** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain
openssl versions.

** libgnutls: Fixes in interrupted function resumption. Report
and patch by Tim Kosse.

** libgnutls: Corrected issue when receiving client hello verify requests
in DTLS.

** libgnutls: Fixes in DTLS record overhead size calculations.

** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported
by Mann Ern Kang.

** API and ABI modifications:
gnutls_session_set_id: Added


* Version 3.2.0 (released 2013-05-10)

** libgnutls: Use nettle's elliptic curve implementation.

** libgnutls: Added Salsa20 cipher

** libgnutls: Added UMAC-96 and UMAC-128

** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96.
As they are not standardized they are defined using private ciphersuite
numbers.

** libgnutls: Added support for DTLS 1.2.

** libgnutls: Added support for the Application Layer Protocol Negotiation
(ALPN) extension.

** libgnutls: Removed support for the RSA-EXPORT ciphersuites.

** libgnutls: Avoid linking to librt (that also avoids unnecessary
linking to pthreads if p11-kit isn't used).

** API and ABI modifications:
gnutls_cipher_get_iv_size: Added
gnutls_hmac_set_nonce: Added
gnutls_mac_get_nonce_size: Added


* Version 3.1.10 (released 2013-03-22)

** certtool: When generating PKCS #12 files use by default the
ARCFOUR (RC4) cipher to be compatible with devices that don't
support AES with PKCS #12.

** libgnutls: Load CA certificates in android 4.x systems.

** libgnutls: Optimized CA certificate loading.

** libgnutls: Private keys are overwritten on deinitialization.

** libgnutls: PKCS #11 slots are scanned only when needed, not
on initialization. This speeds up gnutls initialization when smart
cards are present.

** libgnutls: Corrected issue in the (deprecated) external key
signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen.

** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by
Joke de Buhr.

** libgnutls-dane: Updated DANE verification options.

** configure: Trust store file must be explicitly set or unset when
cross compiling.

** API and ABI modifications:
gnutls_x509_crt_get_issuer_dn2: Added
gnutls_x509_crt_get_dn2: Added
gnutls_x509_crl_get_issuer_dn2: Added
gnutls_x509_crq_get_dn2: Added
gnutls_x509_trust_list_remove_trust_mem: Added
gnutls_x509_trust_list_remove_trust_file: Added
gnutls_x509_trust_list_remove_cas: Added
gnutls_session_get_desc: Added
gnutls_privkey_sign_raw_data: Added
gnutls_privkey_status: Added





* Version 3.1.9 (released 2013-02-27)

** certtool: Option --to-p12 will now ask for a password to generate
a PKCS #12 file from an encrypted key file. Reported by Yan Fiz.

** libgnutls: Corrected issue in gnutls_pubkey_verify_data().

** libgnutls: Corrected parsing issue in XMPP within a subject
alternative name. Reported by James Cloos.

** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11
modules, and not only the ones loaded via p11-kit.

** libgnutls: Added function to check whether the private key is
still available (inserted).

** libgnutls: Try to detect fork even during nonce generation.

** API and ABI modifications:
gnutls_handshake_set_random: Added
gnutls_transport_set_int2: Added
gnutls_transport_get_int2: Added
gnutls_transport_get_int: Added
gnutls_record_cork: Exported
gnutls_record_uncork: Exported
gnutls_pkcs11_privkey_status: Added


* Version 3.1.8 (released 2013-02-10)

** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return
GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation
with encrypted keys. Reported by Yan Fiz.

** libgnutls: The minimum DH bits accepted by priorities NORMAL and
PERFORMANCE was set to previous defaults 727 bits. Reported by Diego
Elio Petteno.

** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash()
to operate with long keys. Reported by Erik A Jensen.

** API and ABI modifications:
No changes since last version.


* Version 3.1.7 (released 2013-02-04)

** certtool: Added option "dn" which allows to directly set the DN
in a template from an RFC4514 string.

** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters.

** libgnutls-xssl: Added a new library to simplify GnuTLS usage.

** libgnutls-dane: Added function to specify a DLV file.

** libgnutls: Heartbeat code was made optional.

** libgnutls: Fixes in server side of DTLS-0.9.

** libgnutls: DN variable 'T' was expanded to 'title'.

** libgnutls: Fixes in record padding parsing to prevent a timing attack.
Issue reported by Kenny Paterson and Nadhem Alfardan.

** libgnutls: Added functions to directly set the DN in a certificate
or request from an RFC4514 string.

** libgnutls: Optimizations in the random generator. The re-seeding of
it is now explicitly done on every session deinit.

** libgnutls: Simplified the DTLS sliding window implementation.

** libgnutls: The minimum DH bits accepted by a client are now set
by the specified priority string. The current values correspond to the
previous defaults (727 bits), except for the SECURE128 and SECURE192
strings which increase the minimum to 1248 and 1776 respectively.

** libgnutls: Added the gnutls_record_cork() and uncork API to enable
buffering in sending application data.

** libgnutls: Removed default random padding, and added a length-hiding interface
instead.  Both the server and the client must support this extension. Whether
length-hiding can be used on a given session can be checked using
gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti.

** libgnutls: Added the experimental %NEW_PADDING priority string. It enables
a new padding mechanism in TLS allowing arbitrary padding in TLS records
in all ciphersuites, which makes length-hiding more efficient and solves
the issues with timing attacks on CBC ciphersuites.

** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD
ciphers (i.e., AES-GCM). Reported by William McGovern.

** API and ABI modifications:
gnutls_db_check_entry_time: Added
gnutls_record_set_timeout: Added
gnutls_record_get_random_padding_status: Added
gnutls_x509_crt_set_dn: Added
gnutls_x509_crt_set_issuer_dn: Added
gnutls_x509_crq_set_dn: Added
gnutls_range_split: Added
gnutls_record_send_range: Added
gnutls_record_set_max_empty_records: Added
gnutls_record_can_use_length_hiding: Added
gnutls_rnd_refresh: Added
xssl_deinit: Added
xssl_flush: Added
xssl_read: Added
xssl_getdelim: Added
xssl_write: Added
xssl_printf: Added
xssl_sinit: Added
xssl_client_init: Added
xssl_server_init: Added
xssl_get_session: Added
xssl_get_verify_status: Added
xssl_cred_init: Added
xssl_cred_deinit: Added
dane_state_set_dlv_file: Added
GNUTLS_SEC_PARAM_EXPORT: Added
GNUTLS_SEC_PARAM_VERY_WEAK: Added


* Version 3.1.6 (released 2013-01-02)

** libgnutls: Fixed record padding parsing issue. Reported by Kenny
Patterson and Nadhem Alfardan.

** libgnutls: Several updates in the ASN.1 string handling subsystem.

** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero
policy qualifiers.

** libgnutls: Ignore heartbeat messages when received out-of-order,
instead of issuing an error.

** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported
by Kikuchi Masashi.

** libgnutls: TPM support is disabled by default because GPL programs
cannot link with it. Use --with-tpm to enable it.

** libgnutls-guile: Fixed parallel compilation issue.

** gnutls-cli: It will try to connect to all possible returned addresses
before failing.

** API and ABI modifications:
No changes since last version.


* Version 3.1.5 (released 2012-11-24)

** libgnutls: Added functions to parse the certificates policies
extension.

** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished
Name by translating it to UTF-8 (works on windows or systems with iconv).

** libgnutls: Added PKCS #11 key generation function that returns the
public key on generation.

** libgnutls: Corrected bug in priority string parsing, that mostly
affected combined levels. Patch by Tim Kosse.

** certtool: The --pubkey-info option can be combined with the
--load-privkey or --load-request to print the corresponding public keys.

** certtool: It is able to set certificate policies via a template.

** certtool: Added --hex-numbers option which prints big numbers in
an easier to parse format.

** p11tool: After key generation, outputs the public key (useful in
tokens that do not store the public key).

** danetool: It is being built even without libgnutls-dane (the
--check functionality is disabled though).

** API and ABI modifications:
gnutls_pkcs11_privkey_generate2: Added
gnutls_x509_crt_get_policy: Added
gnutls_x509_crt_set_policy: Added
gnutls_x509_policy_release: Added
gnutls_pubkey_import_x509_crq: Added
gnutls_pubkey_print: Added
GNUTLS_CRT_PRINT_FULL_NUMBERS: Added


* Version 3.1.4 (released 2012-11-10)

** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on
the available revocation data validity.

** libgnutls: Added gnutls_certificate_verification_status_print(),
a function to print the verification status code in human readable text.

** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS.

** libgnutls: Simplified certificate verification by adding
gnutls_certificate_verify_peers3().

** libgnutls: Added support for extension to establish keys for SRTP.
Contributed by Martin Storsjo.

** libgnutls: The X.509 verification functions check the key
usage bits and pathlen constraints and on failure output
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE.

** libgnutls: gnutls_x509_crl_verify() includes the time checks.

** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN
and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default.

** libgnutls: Always tolerate key usage violation errors from the side
of the peer, but also notify via an audit message.

** gnutls-cli: Added --local-dns option.

** danetool: Corrected bug that prevented loading PEM files.

** danetool: Added --check option to allow querying and verifying
a site's DANE data.

** libgnutls-dane: Added pkg-config file for the library.

** API and ABI modifications:
gnutls_session_get_id2: Added
gnutls_sign_is_secure: Added
gnutls_certificate_verify_peers3: Added
gnutls_ocsp_status_request_is_checked: Added
gnutls_certificate_verification_status_print: Added
gnutls_srtp_set_profile: Added
gnutls_srtp_set_profile_direct: Added
gnutls_srtp_get_selected_profile: Added
gnutls_srtp_get_profile_name: Added
gnutls_srtp_get_profile_id: Added
gnutls_srtp_get_keys: Added
gnutls_srtp_get_mki: Added
gnutls_srtp_set_mki: Added
gnutls_srtp_profile_t: Added
dane_cert_type_name: Added
dane_match_type_name: Added
dane_cert_usage_name: Added
dane_verification_status_print: Added
GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added
GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added
GNUTLS_CERT_UNEXPECTED_OWNER: Added
GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added


* Version 3.1.3 (released 2012-10-12)

** libgnutls: Added support for the OCSP Certificate Status
extension.

** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP
certificate status extension in verification.

** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl().

** libgnutls: Increased maximum password length in the PKCS #12
functions.

** libgnutls: Fixed the receipt of session tickets during session resumption.
Reported by danblack at http://savannah.gnu.org/support/?108146

** libgnutls: Added functions to export structures in an allocated buffer.

** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP
response corresponds to the given certificate.

** libgnutls: In client side gnutls_init() enables the session ticket and
OCSP certificate status request extensions by default. The flag
GNUTLS_NO_EXTENSIONS can be used to prevent that.

** libgnutls: Several updates in the OpenPGP code. The generating code
is fully RFC6091 compliant and RFC5081 support is only supported in client
mode.

** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC
certificate verification.

** gnutls-cli: Added --dane option to enable DANE certificate verification.

** danetool: Added tool to generate DANE TLSA Resource Records (RR).

** API and ABI modifications:
gnutls_certificate_get_peers_subkey_id: Added
gnutls_certificate_set_ocsp_status_request_function: Added
gnutls_certificate_set_ocsp_status_request_file: Added
gnutls_ocsp_status_request_enable_client: Added
gnutls_ocsp_status_request_get: Added
gnutls_ocsp_resp_check_crt: Added
gnutls_dh_params_export2_pkcs3: Added
gnutls_pubkey_export2: Added
gnutls_x509_crt_export2: Added
gnutls_x509_dn_export2: Added
gnutls_x509_crl_export2: Added
gnutls_pkcs7_export2: Added
gnutls_x509_privkey_export2: Added
gnutls_x509_privkey_export2_pkcs8: Added
gnutls_x509_crq_export2: Added
gnutls_openpgp_crt_export2: Added
gnutls_openpgp_privkey_export2: Added
gnutls_pkcs11_obj_export2: Added
gnutls_pkcs12_export2: Added
gnutls_pubkey_import_openpgp_raw: Added
gnutls_pubkey_import_x509_raw: Added
dane_state_init: Added
dane_state_deinit: Added
dane_query_tlsa: Added
dane_query_status: Added
dane_query_entries: Added
dane_query_data: Added
dane_query_deinit: Added
dane_verify_session_crt: Added
dane_verify_crt: Added
dane_strerror: Added


* Version 3.1.2 (released 2012-09-26)

** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust()
and gnutls_x509_trust_list_add_trust_mem() that prevented the loading
of certificates in the windows platform.

** libgnutls: Corrected bug in OpenPGP subpacket encoding.

** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk.
(the work was done during Google Summer of Code).

** libgnutls: Added X.509 certificate verification flag
GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification
of unsorted certificate chains and is enabled by default for
TLS certificate verification (if gnutls_certificate_set_verify_flags()
does not override it).

** libgnutls: Prints warning on certificates that contain keys of
an insecure level. If the %COMPAT priority flag is not specified
the TLS connection fails.

** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode
if interrupted during the retrasmition of handshake data.

** libgnutls: Better mingw32 support (patch by LRN).

** libgnutls: The %COMPAT keyword, if specified, will tolerate
key usage violation errors (they are far too common to ignore).

** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(),
which provides a tool to counter compression-related attacks where
parts of the data are controlled by the attacker _and_ are placed in
separate records (use with care - do not use compression if not sure).

** libgnutls: Depends on libtasn1 2.14 or later.

** certtool: Prints the number of bits of the public key algorithm
parameter in a private key.

** API and ABI modifications:
gnutls_x509_privkey_get_pk_algorithm2: Added
gnutls_heartbeat_ping: Added
gnutls_heartbeat_pong: Added
gnutls_heartbeat_allowed: Added
gnutls_heartbeat_enable: Added
gnutls_heartbeat_set_timeouts: Added
gnutls_heartbeat_get_timeout: Added
GNUTLS_SEC_PARAM_WEAK: Added
GNUTLS_SEC_PARAM_INSECURE: Added

* Version 3.1.1 (released 2012-09-02)

** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link.

** certtool: Changes in password handling of certtool.
Ask password when required and only if the '--password' option is not
given. If the '--password' option is given during key generation then
assume the PKCS #8 file format, instead of ignoring the password.

** tpmtool: No longer asks for key password in registered keys.

** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin.
wmNAF is now used for point multiplication and other optimizations.
(the major part of the work was done during Google Summer of Code).

** libgnutls: The default pull_timeout_function only uses select
instead of a combination of select() and recv() to prevent issues
when used in stream sockets in some systems.

** libgnutls: Be tolerant in ECDSA signature violations (e.g. using
SHA256 with a SECP384 curve instead of SHA-384), to interoperate with
openssl.

** libgnutls: Fixed DSA and ECDSA signature generation in smart
cards. Thanks to Andreas Schwier from cardcontact.de for providing
me with ECDSA capable smart cards.

** API and ABI modifications:
gnutls_sign_algorithm_get: Added
gnutls_sign_get_hash_algorithm: Added
gnutls_sign_get_pk_algorithm: Added


* Version 3.1.0 (released 2012-08-15)

** libgnutls: Added direct support for TPM as a cryptographic module
in gnutls/tpm.h. TPM keys can be used in functions accepting files
using URLs of the following types:
  tpmkey:file=/path/to/file
  tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user

** libgnutls: Priority string level keywords can be combined.
For example the string "SECURE256:+SUITEB128" is now allowed.

** libgnutls: requires libnettle 2.5.

** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5)
for encryption and signatures.

** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between
generic errors and signature verification errors in the verification
functions.

** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function
to simplify parsing in most PKCS #12 use cases.

** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds
the whole certificate chain (if any) to the credentials structure, instead
of only the end-user certificate.

** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse()
and gnutls_x509_privkey_import_pkcs8(), return consistently
GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no
password was provided.

** libgnutls: Added gnutls_handshake_set_timeout() a function that
allows to set the maximum time spent in a handshake.

** libgnutlsxx: Added session::set_transport_vec_push_function. Patch
by Alexandre Bique.

** tpmtool: Added. It is a tool to generate private keys in the
TPM.

** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx
and --benchmark-tls-ciphers

** certtool: generated PKCS #12 structures may hold more than one
private key. Patch by Lucas Fisher.

** certtool: Added option --null-password to generate/decrypt keys
that use a NULL password (in schemas that distinguish between NULL
an empty passwords).

** minitasn1: Upgraded to libtasn1 version 2.13.

** API and ABI modifications:
GNUTLS_CERT_SIGNATURE_FAILURE: Added
GNUTLS_CAMELLIA_192_CBC: Added
GNUTLS_PKCS_NULL_PASSWORD: Added
gnutls_url_is_supported: Added
gnutls_pkcs11_obj_list_import_url2: Added
gnutls_pkcs11_obj_set_pin_function: Added
gnutls_pkcs11_privkey_set_pin_function: Added
gnutls_pkcs11_get_pin_function: Added
gnutls_privkey_import_tpm_raw: Added
gnutls_privkey_import_tpm_url: Added
gnutls_privkey_import_pkcs11_url: Added
gnutls_privkey_import_openpgp_raw: Added
gnutls_privkey_import_x509_raw: Added
gnutls_privkey_import_ext2: Added
gnutls_privkey_import_url: Added
gnutls_privkey_set_pin_function: Added
gnutls_tpm_privkey_generate: Added
gnutls_tpm_key_list_deinit: Added
gnutls_tpm_key_list_get_url: Added
gnutls_tpm_get_registered: Added
gnutls_tpm_privkey_delete: Added
gnutls_pubkey_import_tpm_raw: Added
gnutls_pubkey_import_tpm_url: Added
gnutls_pubkey_import_url: Added
gnutls_pubkey_verify_hash2: Added
gnutls_pubkey_set_pin_function: Added
gnutls_x509_privkey_import2: Added
gnutls_x509_privkey_import_openssl: Added
gnutls_x509_crt_set_pin_function: Added
gnutls_load_file: Added
gnutls_pkcs12_simple_parse: Added
gnutls_certificate_set_x509_system_trust: Added
gnutls_certificate_set_pin_function: Added
gnutls_x509_trust_list_add_system_trust: Added
gnutls_x509_trust_list_add_trust_file: Added
gnutls_x509_trust_list_add_trust_mem: Added
gnutls_pk_to_sign: Added
gnutls_handshake_set_timeout: Added
gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2)
gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)
b2f9009

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wen Update to 0.96
Upstream changes:
version 0.96 at 2013-07-08 06:53:34 +0000
-----------------------------------------

  Change: a78109ca3e2c9338bf98185c2014ba2be4a04942
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-08 07:53:34 +0000

    Fix patch applying for v5.18.0

-----------------------------------------
version 0.94 at 2013-07-07 13:45:00 +0000
-----------------------------------------

  Change: c5257739abd2cde575036ba9b105977679a30273
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-07 14:45:00 +0000

    Added commit 4149c7198d9b78d861df289cce40dd865cab57e7

    Fixes a regmatch pointer 32-bit wraparound regression in v5.18.0

-----------------------------------------
version 0.92 at 2013-07-07 13:29:48 +0000
-----------------------------------------

  Change: 8881838495367f05f599939d4e1eac86106785fa
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-07-07 14:29:48 +0000

    Update Midnight BSD hints for 0.4-RELEASE

-----------------------------------------
version 0.90 at 2013-05-18 22:58:06 +0000
-----------------------------------------

  Change: fe0a97026ae5a56374b1d9a5968554a0c9b693bc
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 23:58:06 +0000

    Bumped version to 0.90

  Change: cc5a37b1298b45fe2e74a4db92e85561a12f1052
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 23:50:04 +0000

    Added gcc m64 fixes for Solaris 11

    http://perl5.git.perl.org/perl.git/commitdiff/1ddb6a4

    http://perl5.git.perl.org/perl.git/commitdiff/767f54d

  Change: 815ff70a8a86c97742a0afdc5a092c590c729e80
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 22:04:29 +0000

    Update hpux hints

  Change: 089592af98239448a956586cf8998dee7b2ab7b6
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 21:46:55 +0000

    Added hints audit tool

  Change: 842e6a11a1dac1adfa253a4a9dbd60d53286fa8e
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-18 18:24:52 +0000

    Added 'hints' function to Devel::PatchPerl::Hints

-----------------------------------------
version 0.88 at 2013-05-16 12:02:55 +0000
-----------------------------------------

  Change: 7a381f7a969eeb683343ddc3511169298aa19889
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-16 13:02:55 +0000

    Make determine_version() available in the public API

    bingos/devel-patchperl#12

-----------------------------------------
version 0.86 at 2013-05-08 15:39:07 +0000
-----------------------------------------

  Change: 50d0a6e5c2b5f25de596463f219c78204e0ae477
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-05-08 16:39:07 +0000

    Bump version

  Change: 09c3d04f1eddb60cdbba7b597a9c114c7396be2f
  Author: Chris Williams <chris@bingosnet.co.uk>
  Date : 2013-05-08 08:11:48 +0000

    Merge pull request #11 from hirose31/prevent-premature-hsplit

    Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
    5.12.5

  Change: 19a38ec13e6634a4707bb5043da051b6c551c23f
  Author: HIROSE Masaaki <hirose31@gmail.com>
  Date : 2013-05-08 13:52:42 +0000

    Add patch on prevent premature hsplit for Perl 5.8.[89], 5.10.1,
    5.12.5

-----------------------------------------
version 0.84 at 2013-03-08 21:35:14 +0000
-----------------------------------------

  Change: 7b5f0d6c51dbff9a22f250813e230816d3d36f08
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-03-08 21:35:14 +0000

    Remove requirement on IPC::Cmd

    This should make the perlbrew peeps happy

-----------------------------------------
version 0.82 at 2013-02-25 21:38:08 +0000
-----------------------------------------

  Change: 3e146301433f8098460dc6fd5d1930fc48c2903a
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 21:38:08 +0000

    Update Linux hints

-----------------------------------------
version 0.80 at 2013-02-25 12:04:03 +0000
-----------------------------------------

  Change: ef4dfcccd90f7f786847998cba8891b69fd5a2e1
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 12:04:03 +0000

    Bump version to 0.80

  Change: 4e3020edfa3b3adcb79dd4d3c8e410f8cb12bf53
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 12:02:09 +0000

    Ensure that the linux hints file gets updated for kfreebsd as well

  Change: 52fde6650e6a6324c7817fb81d9d08260f73d96a
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-25 11:41:38 +0000

    Add updated hints for gnukfreebsd

-----------------------------------------
version 0.78 at 2013-02-17 16:58:31 +0000
-----------------------------------------

  Change: 0c2be36694492d5824f7704cf9d3473c28228d99
  Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
  Date : 2013-02-17 16:58:31 +0000

    Added midnightbsd hints file which supports 0.4
bbb3b7c

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

ryoon Update to 3.15.1
Changelog:
NSS 3.15.1 release notes

Introduction

Network Security Services (NSS) 3.15.1 is a patch release for NSS 3.15. The bug fixes in NSS 3.15.1 are described in the "Bugs Fixed" section below.
Distribution Information

NSS 3.15.1 source distributions are also available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/

New in NSS 3.15.1
New Functionality

    TLS 1.2: TLS 1.2 (RFC 5246) is supported. HMAC-SHA256 cipher suites (RFC 5246 and RFC 5289) are supported, allowing TLS to be used without MD5 and SHA-1. Note the following limitations.
        The hash function used in the signature for TLS 1.2 client authentication must be the hash function of the TLS 1.2 PRF, which is always SHA-256 in NSS 3.15.1.
        AES GCM cipher suites are not yet supported.

New Functions

None.
New Types

    in sslprot.h
        SSL_LIBRARY_VERSION_TLS_1_2 - The protocol version of TLS 1.2 on the wire, value 0x0303.
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_NULL_SHA256 - New TLS 1.2 only HMAC-SHA256 cipher suites.
    in sslerr.h
        SSL_ERROR_UNSUPPORTED_HASH_ALGORITHM, SSL_ERROR_DIGEST_FAILURE, SSL_ERROR_INCORRECT_SIGNATURE_ALGORITHM - New error codes for TLS 1.2.
    in sslt.h
        ssl_hmac_sha256 - A new value in the SSLMACAlgorithm enum type.
        ssl_signature_algorithms_xtn - A new value in the SSLExtensionType enum type.

New PKCS #11 Mechanisms

None.
Notable Changes in NSS 3.15.1

    Bug 856060 - Enforce name constraints on the common name in libpkix  when no subjectAltName is present.
    Bug 875156 - Add const to the function arguments of SEC_CertNicknameConflict.
    Bug 877798 - Fix ssltap to print the certificate_status handshake message correctly.
    Bug 882829 - On Windows, NSS initialization fails if NSS cannot call the RtlGenRandom function.
    Bug 875601 - SECMOD_CloseUserDB/SECMOD_OpenUserDB fails to reset the token delay, leading to spurious failures.
    Bug 884072 - Fix a typo in the header include guard macro of secmod.h.
    Bug 876352 - certutil now warns if importing a PEM file that contains a private key.
    Bug 565296 - Fix the bug that shlibsign exited with status 0 even though it failed.
    The NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option is removed.

Bugs fixed in NSS 3.15.1

    https://bugzilla.mozilla.org/buglist.cgi?list_id=5689256;resolution=FIXED;classification=Components;query_format=advanced;target_milestone=3.15.1;product=NSS

Compatibility

NSS 3.15.1 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.1 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.



NSS 3.15 release notes

Introduction

The NSS team has released Network Security Services (NSS) 3.15, which is a minor release.
Distribution Information

The HG tag is NSS_3_15_RTM. NSS 3.15 requires NSPR 4.10 or newer.

NSS 3.15 source distributions are available on ftp.mozilla.org for secure HTTPS download:

    Source tarballs:
    https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_RTM/src/

New in NSS 3.15
New Functionality

    Support for OCSP Stapling (RFC 6066, Certificate Status Request) has been added for both client and server sockets. TLS client applications may enable this via a call to SSL_OptionSetDefault(SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
    Added function SECITEM_ReallocItemV2. It replaces function SECITEM_ReallocItem, which is now declared as obsolete.
    Support for single-operation (eg: not multi-part) symmetric key encryption and decryption, via PK11_Encrypt and PK11_Decrypt.
    certutil has been updated to support creating name constraints extensions.

New Functions

    in ssl.h
        SSL_PeerStapledOCSPResponse - Returns the server's stapled OCSP response, when used with a TLS client socket that negotiated the status_request extension.
        SSL_SetStapledOCSPResponses - Set's a stapled OCSP response for a TLS server socket to return when clients send the status_request extension.
    in ocsp.h
        CERT_PostOCSPRequest - Primarily intended for testing, permits the sending and receiving of raw OCSP request/responses.
    in secpkcs7.h
        SEC_PKCS7VerifyDetachedSignatureAtTime - Verifies a PKCS#7 signature at a specific time other than the present time.
    in xconst.h
        CERT_EncodeNameConstraintsExtension - Matching function for CERT_DecodeNameConstraintsExtension, added in NSS 3.10.
    in secitem.h
        SECITEM_AllocArray
        SECITEM_DupArray
        SECITEM_FreeArray
        SECITEM_ZfreeArray - Utility functions to handle the allocation and deallocation of SECItemArrays
        SECITEM_ReallocItemV2 - Replaces SECITEM_ReallocItem, which is now obsolete. SECITEM_ReallocItemV2 better matches caller expectations, in that it updates item->len on allocation. For more details of the issues with SECITEM_ReallocItem, see Bug 298649 and Bug 298938.
    in pk11pub.h
        PK11_Decrypt - Performs decryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.
        PK11_Encrypt - Performs encryption as a single PKCS#11 operation (eg: not multi-part). This is necessary for AES-GCM.

New Types

    in secitem.h
        SECItemArray - Represents a variable-length array of SECItems.

New Macros

    in ssl.h
        SSL_ENABLE_OCSP_STAPLING - Used with SSL_OptionSet to configure TLS client sockets to request the certificate_status extension (eg: OCSP stapling) when set to PR_TRUE

Notable Changes in NSS 3.15

    SECITEM_ReallocItem is now deprecated. Please consider using SECITEM_ReallocItemV2 in all future code.

    NSS has migrated from CVS to the Mercurial source control management system.

    Updated build instructions are available at Migration to HG

    As part of this migration, the source code directory layout has been re-organized.

    The list of root CA certificates in the nssckbi module has been updated.

    The default implementation of SSL_AuthCertificate has been updated to add certificate status responses stapled by the TLS server to the OCSP cache.

    Applications that use SSL_AuthCertificateHook to override the default handler should add appropriate calls to SSL_PeerStapledOCSPResponse and CERT_CacheOCSPResponseFromSideChannel.
    Bug 554369: Fixed correctness of CERT_CacheOCSPResponseFromSideChannel and other OCSP caching behaviour.
    Bug 853285: Fixed bugs in AES GCM.
    Bug 341127: Fix the invalid read in rc4_wordconv.
    Faster NIST curve P-256 implementation.
    Dropped (32-bit) SPARC V8 processor support on Solaris. The shared library libfreebl_32int_3.so is no longer produced.

Bugs fixed in NSS 3.15

This Bugzilla query returns all the bugs fixed in NSS 3.15:

https://bugzilla.mozilla.org/buglist.cgi?list_id=6278317&resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.15
aa1ce46

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wiz Update to 2.54:
$Revision: 2.54 $ $Date: 2013/08/29 16:47:39 $
! Encode.xs
+ t/cow.t
  Addressed: COW breakage with _utf8_on()
  https://rt.cpan.org/Ticket/Display.html?id=88230
! Encode.pm
  Reverted the document accordingly to #11
  dankogai/p5-encode#10
+ t/decode.t
  Unit test for decoding behavior change in #11
  dankogai/p5-encode#12

2.53 2013/08/29 15:20:31
! Encode.pm
  Merged: Do not short-circuit decode_utf8 with utf8 flags
  dankogai/p5-encode#11
  Merged: document decode_utf8 behaviour more precise
  dankogai/p5-encode#10
! Makefile.PL
  Added repository cpan metadata
  dankogai/p5-encode#9

2.52 2013/08/14 02:29:54
! ucm/*.ucm
  Addressed:
    Unicode Mappping tables are missing Unicode Inc. license notification
    All files including "as long as this notice remains attached" now
    have that notice attached in the comment section.  (cp* and mac*
    do not since their source files do not include that notice)
  https://rt.cpan.org/Ticket/Display.html?id=87340
! lib/Encode/MIME/Header.pm
  t/mime-header.t
  Addressed: encoding "0" with MIME-Headers gets a blank string
  https://rt.cpan.org/Ticket/Display.html?id=87831
! Encode.pm
  Addressed: Documentation buglet
  https://rt.cpan.org/Ticket/Display.html?id=84992
! Byte/Makefile.PL CN/Makefile.PL EBCDIC/Makefile.PL
  Encode/Makefile_PL.e2x JP/Makefile.PL KR/Makefile.PL
  Symbol/Makefile.PL TW/Makefile.PL
  Applied: Patch to output #includes in deterministic order
  https://rt.cpan.org/Ticket/Display.html?id=86974

2.51 2013/04/29 22:19:11
! Encode.xs
  Addressed: Encode.xs doesn't compile with Microsoft C compiler
  https://rt.cpan.org/Public/Bug/Display.html?id=84920
! MANIFEST
  Addressed: t/taint.t missing
  https://rt.cpan.org/Public/Bug/Display.html?id=84919

2.50 2013/04/26 18:30:46
! Encode.xs Unicode/Unicode.xs
  lib/Encode/Unicode/UTF7.pm lib/CN/HZ.pm lib/Encode/GSM0338.pm
  t/taint.t
  Addressed: Encode::encode and Encode::decode
             gratuitously launders tainted data
  Taintedness now propagates as it should.
  https://rt.cpan.org/Ticket/Display.html?id=84879
! encoding.pm
  Addressed: 5.18 deprecation
  https://rt.cpan.org/Ticket/Display.html?id=84709
! bin/piconv
  Applied: Update piconv documentation
  https://rt.cpan.org/Ticket/Display.html?id=84695

2.49 2013/03/05 03:12:49
! Encode.xs
  Addressed: Encoding objects leak memory if decoding fails
  dankogai/p5-encode#8

2.48 2013/02/18 02:23:56
! encoding.pm
  t/Mod_EUCJP.pm t/enc_data.t t/enc_eucjp.t t/enc_module.t t/enc_utf8.t
  t/encoding.t t/jperl.t
  [PATCH] Deprecate encoding.pm
  https://rt.cpan.org/Ticket/Display.html?id=81255
! Encode/Supported.pod
  Fixed: Pod errors
  https://rt.cpan.org/Ticket/Display.html?id=81426
! Encode.pm t/Encode.t
  [PATCH] Fix for shared hash key scalars
  https://rt.cpan.org/Ticket/Display.html?id=80608
! Encode.pm
  Fixed: Uninitialized value warning from Encode->encodings()
  https://rt.cpan.org/Ticket/Display.html?id=80181
! Makefile.PL
  Install to 'site' instead of 'perl' when perl version is 5.11+
  https://rt.cpan.org/Ticket/Display.html?id=78917
! Encode/Makefile_PL.e2x
  find enc2xs.bat if it works on windows.
  dankogai/p5-encode#7
! t/piconv.t
  Fix finding piconv in t/piconv.t
  dankogai/p5-encode#6
4a23247

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

ryoon Update to 3.15.2
Changelog:
Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.2. Users are encouraged to upgrade immediately.

    Bug 894370 - (CVE-2013-1739) Avoid uninitialized data read in the event of a decryption failure.

New in NSS 3.15.2
New Functionality

    AES-GCM Ciphersuites: AES-GCM cipher suite (RFC 5288 and RFC 5289) support has been added when TLS 1.2 is negotiated. Specifically, the following cipher suites are now supported:
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_128_GCM_SHA256

New Functions

PK11_CipherFinal has been introduced, which is a simple alias for PK11_DigestFinal.
New Types

No new types have been introduced.
New PKCS #11 Mechanisms

No new PKCS#11 mechanisms have been introduced
Notable Changes in NSS 3.15.2

    Bug 880543 - Support for AES-GCM ciphersuites that use the SHA-256 PRF
    Bug 663313 - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs, consistent with their handling for general certificate signatures.
    Bug 884178 - Add PK11_CipherFinal macro

Bugs fixed in NSS 3.15.2

    Bug 734007 - sizeof() used incorrectly
    Bug 900971 - nssutil_ReadSecmodDB() leaks memory
    Bug 681839 - Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished.
    Bug 848384 - Deprecate the SSL cipher policy code, as it's no longer relevant. It is no longer necessary to call NSS_SetDomesticPolicy because all cipher suites are now allowed by default.

A complete list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.2&product=NSS&list_id=7982238
Compatibility

NSS 3.15.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.15.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
c725e3e

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

minskim Update tcpreplay to 3.4.4.
Changes:
- Set default timing method to either gtod or abstime (#404)
- Fix IPv6 parsing of CIDR's (#405)
- Add support for preloading the memory cache (#410)
- Generate more useful error when packets are too small (#411)
- Update to libopts/Autogen 5.9.9 (#412)
- Ship Win32Readme.txt file (#413)
- Update copyright notice to 2010 (#416)
- Dramatically enhance --portmap option (#417)
- Update autotools (#423)
- Add support for printing statistics periodically during the run (#424)
- Warn user when pcap snaplen < 65535 (#425)
- Add 802.1q processing support tcpprep (#428)
- Link libnl when newer versions of libpcap require it (#397)
- Ship m4 directory (#398)
- Upgrade to latest autotools scripts (#400)
- Fix error message when running autogen.sh (#401)
- Added extensive IPv6 support to tcprewrite & tcpreplay-edit (#11)
- Add IPv6 fragroute support (#388)
- Add IPv6 decoding support to tcpprep (#11)
- Fix compile time error in err.h (#390)
- Add --endpoints support in tcpreplay-edit (#393)
9482ba9

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wiz Update to 3.2.6:
* Version 3.2.6 (released 2013-10-31)

** libgnutls: Support for TPM via trousers is now enabled by default.

** libgnutls: Camellia in GCM mode has been added in default priorities, and
GCM mode is prioritized over CBC in all of the default priority strings.

** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384.

** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256.
Reported by Stefan Buehler.

** libgnutls: Added support for ISO OID for RSA-SHA1 signatures.

** libgnutls: Minimum acceptable DH group parameters were increased to 767
bits from 727.

** libgnutls: Added function to obtain random data from PKCS #11 tokens.
Contributed by Wolfgang Meyer zu Bergsten.

** gnulib: updated.

** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the
previous fix. Reported by Tomas Mraz.

** p11tool: Added option generate-random.

** API and ABI modifications:
gnutls_pkcs11_token_get_random: Added
5f5e908

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wiz Update to 3.2.7:
* Version 3.2.7 (released 2013-11-23)

** libgnutls: gnutls_cipher_get_iv_size() now returns the correct IV size in
GCM ciphers (previously it returned the implicit IV used in TLS).

** libgnutls: gnutls_certificate_set_x509_key_file() et al when provided
with a PKCS #11 URL pointing to a certificate, will attempt to load the whole
chain.

** libgnutls: When traversing PKCS #11 tokens looking for an object, avoid
looking in unrelated to the object tokens.

** libgnutls: Added an experimental %DUMBFW option in priority strings. This
avoids a black hole behavior in some firewalls by sending a large client hello.
See http://www.ietf.org/mail-archive/web/tls/current/msg10423.html

** libgnutls: The GNUTLS_DEBUG_LEVEL variable if set to a log level number
will force output of debug messages to stderr.

** libgnutls: Fixed the setting of the ciphersuite when gnutls_premaster_set()
is used with another protocol than the GNUTLS_DTLS0_9 protocol.

** libgnutls: gnutls_x509_crt_set_expiration_time() will set the no well defined
expiration date when (time_t)-1 is specified as date.

** libgnutls: Session tickets are encrypted using AES-GCM.

** libgnutls: Corrected issue in record decompression. Issue pinpointed
by Frank Zschockel.

** libgnutls: Forbid all compression methods in DTLS.

** gnutls-serv: Fixed issue with IPv6 address in UDP mode.

** certtool: When exporting an encrypted PEM private key do not output the key
parameters.

** certtool: Expiration days template option allows for a -1 value which
will set to the no well defined expiration date (RFC5280), and no longer
chokes on integer overflows. Suggested by Stefan Buehler.

** certtool: Added new template options: 'activation_date', and
'expiration_date'.

** tools: The environment variable GNUTLS_PIN can be used to read any PIN
requested from tokens.

** tools: The installed version of libopts is used if the autogen tool is
present.

** API and ABI modifications:
gnutls_pkcs11_obj_export3: Added
gnutls_pkcs11_get_raw_issuer: Added
gnutls_est_record_overhead_size: Exported
5fcb2af

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

schmonz Update to 20131010. From the changelog:
Incompatible Changes:
* can no longer use both `\' and `:' (didn't work anyway)

New Features:
* Handling of run-time errors (default: die) is now overridable by
  subclasses via signature_error_handler(). [github #54]
* Can now have aliased named parameters. [github #57]
* remove dependency on Devel::BeginLift [github #39]
* can now use `when' to specify default conditions [github #48]
* can use `//=' as a shortcut for `when undef' [github #45]
* can now provide `where' constraints in addition to (or instead
  of) a type [github #7]
* can now use `...' to disable further argument checking [github #49]
* can now specify more than one alternative in type unions [github #55]
* can now nest parameterized types

Bug Fixes:
* Removed experimental smartmatch warnings
* Don't require Data::Alias for named params unless you have to [github #71]
* Fixed obscure bug where an eval in Method::Signatures wouldn't
  be skipped when carp'ing (i.e. in carp_location_for()) [github #72]
* Data::Alias is only loaded when needed avoiding a threads + eval
  bug in most cases and improving compile time performance.
  [rt.cpan.org 82922, github #62]
* Compile-time errors now reporting proper line numbers. [github #61]
* Trailing commas on parameter lists are now ok. [rt.cpan.org 81364]
* Default condition of `when {}' now interpreted as `when { $_ ~~
  {} }' (avoids parse error). [github #60]

Optimizations:
* better signature parsing using PPI [github #11]

Distribution Fixes:
* Fixed failing test in 5.10.0 (uncovered by CPAN Testers)
* Fixed repo link in metadata (thanks dsteinbrunner) [github #87]
* Add M::S::Parameter to MANIFEST [github #76]
* Change representation of Infinity to work on Win32 [github #75]
* Fixed stray detritus in MANIFEST.
* Somehow my last-minute fix to the new error handler test didn't
  make it in; this will fix "Can't locate Moose.pm" errors.
* Fixed test failing on 5.10.0 as per github #59.
* Fixed subtests failing on Test::More's prior to 0.96.

Docs:
* Updated close parend problem to include quotes and a workaround
  [rt.cpan.org 85925]
* Fixed some typos (thanks dsteinbrunner) [github #88]
* Found and fixed missing parend
* Minor clarifications here and there.
* Clarified what doesn't work in Perl 5.8.
* Added Function::Parameters to See Also section.
* Updated copyright.
* documented all new features
* new ASCI-art breakdown of signature syntax
* minor tweaks and corrections

Misc:
* Rearranged so signature is now an object [github #30]
* Add hook for Travis CI [github #78]
* Failure to parse parameters will now produce a more useful error.
560ff60

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

ryoon Update to 3.15.4
Changelog:
from: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.4_release_notes

Security Advisories

The following security-relevant bugs have been resolved in NSS 3.15.4.
Users are encouraged to upgrade immediately.

Bug 919877 - (CVE-2013-1740) When false start is enabled, libssl will
sometimes return unencrypted, unauthenticated data from PR_Recv


New in NSS 3.15.4
New Functionality
    Implemented OCSP querying using the HTTP GET method, which is the new default, and will fall back to the HTTP POST method.
    Implemented OCSP server functionality for testing purposes (httpserv utility).
    Support SHA-1 signatures with TLS 1.2 client authentication.
    Added the --empty-password command-line option to certutil, to be used with -N: use an empty password when creating a new database.
    Added the -w command-line option to pp: don't wrap long output lines.

New Functions
    CERT_ForcePostMethodForOCSP
    CERT_GetSubjectNameDigest
    CERT_GetSubjectPublicKeyDigest
    SSL_PeerCertificateChain
    SSL_RecommendedCanFalseStart
    SSL_SetCanFalseStartCallback

New Types
    CERT_REV_M_FORCE_POST_METHOD_FOR_OCSP: When this flag is used, libpkix will never attempt to use the HTTP GET method for OCSP requests; it will always use POST.

New PKCS #11 Mechanisms
None.

Notable Changes in NSS 3.15.4

    Reordered the cipher suites offered in SSL/TLS client hello messages to match modern best practices.
    Updated the set of root CA certificates (version 1.96).
    Improved SSL/TLS false start. In addition to enabling the SSL_ENABLE_FALSE_START option, an application must now register a callback using the SSL_SetCanFalseStartCallback function.
    When building on Windows, OS_TARGET now defaults to WIN95. To use the WINNT build configuration, specify OS_TARGET=WINNT.

Bugs fixed in NSS 3.15.4

A complete list of all bugs resolved in this release can be obtained at
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.4&product=NSS

Compatibility
NSS 3.15.4 shared libraries are backward compatible with all older NSS 3.x
shared libraries. A program linked with older NSS 3.x shared libraries will
work with NSS 3.15.4 shared libraries without recompiling or relinking.
Furthermore, applications that restrict their use of NSS APIs to the
functions listed in NSS Public Functions will remain compatible with future
versions of the NSS shared libraries.
7064860

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wiz Update to 3.2.9 based on patch from Richard Palo.
Assembler issues still seem to be there at least on SunOS.

* Version 3.2.9 (released 2014-01-24)

** libgnutls: The %DUMBFW option in priority string only
appends data to client hello if the expected size is in the
"black hole" range.

** libgnutls: %COMPAT implies %DUMBFW.

** libgnutls: gnutls_session_get_desc() returns a more compact
ciphersuite description.

* libgnutls: In PKCS #11 allow deleting multiple non-certificate data.

** libgnutls: When a PKCS #11 trust store is specified (e.g. using the
configure option --with-default-trust-store-pkcs11), then the PKCS #11
token is used on demand to obtain the trusted anchors, rather than
preloading all trusted certificates. That delegates CA certificate management
and blacklist checking to the PKCS #11 module.

** libgnutls: When a PKCS #11 trust store is specified in configure option
or in gnutls_x509_trust_list_add_trust_file(), then the module is used
to obtain the verification anchors and any required blacklists as in
http://p11-glue.freedesktop.org/doc/storing-trust-policy/storing-trust-pkcs11.html

** libgnutls: Fix in OCSP certificate status extension handling
in non-blocking servers. Patch by Nils Maier.

** p11tool: Added --so-login option to force login as security
officer (admin).

** API and ABI modifications:
No changes since last version.
7e31ea1

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

obache Update cutter to 1.2.3.
== [release-1-2-3] 1.2.3: 2014-02-09

As long time has passed since Cutter 1.2.2 release,
there are some improvements and fixed bugs.

After Cutter 1.2.2 release, you can install Cutter from
Fedora's official yum repository. No need to register Cutter yum repository on Fedora anymore.

=== Cutter

==== Improvements

  * [doc] Removed a needless period from installation link.
    [GitHub #6] [Patch by Masafumi Yokoyama]
  * Supported lcov 1.10. [cutter-users-ja:92] [Reported by Siganai SE]
  * [doc] Updated download URL on SF.net. [cutter-users-ja:91] [Reported by Siganai SE]
  * [doc] Updated XML report format. [cutter-users-ja:91] [Reported by Siganai SE]
  * Added more trace logs for loader. It helps you to investigate the case when no tests are loaded.
  * [doc] Updated Cygwin's setup.exe URL.
  * Added --log-level option. The value of default log level is "critical|error|warning|message".

==== Fixes

  * [loader] Fixed a bug that ELF loader can't collect symbol because of wrong comparison.
  * Fixed memory leaks on loading all modules.
  * Fixed a warning from GCC 4.8.1 on Ubuntu 13.10
    [GitHub #9] [Reported by Kazuhiro Yamato]

=== CppCutter

==== Improvements

  * Supported cppcut_assert_equal(const type_info &, const type_info &)
    [GitHub #4] [Patch by Kazuhiro Yamato]
  * Supported to catch unhandled C++ exception in test case.
    This change avoids to crash when unexpected exception is thrown.
    [GitHub #8] [Suggested by Kazuhiro Yamato] [Patch by Kazuhiro Yamato]
  * Supported to call destructors of objects on a stack even when an assertion is failed.
    [GitHub #10] [Patch by Kazuhiro Yamato]

==== Fixes

  * [Clang] Fixed a compile error which is caused by missing std::type_info forward declaration.
  * Fixed an invalid memory access when an exception is thrown in cutter's
    assertion function.
    [GitHub #11] [Patch by Kazuhiro Yamato]

=== GCutter

==== Fixes

  * [doc] Fixed a signal name typo about gcut-egg example.

=== Thanks

  * Kazuhiro Yamato
  * Masafumi Yokoyama
  * Siganai SE
b5d6ecf

@jperkin jperkin pushed a commit that referenced this issue Mar 14, 2014

wen Update to 0.19
Upstream changes:
0.19  2014-01-22
  - fix an obscure issue with loading modules during global destruction
    (ilmari, #11)
  - documentation updates (anaxagoras, #12)
0e8288e

@jperkin jperkin pushed a commit that referenced this issue Mar 31, 2014

prlw1 Update dansguardian to 2.12.0.3
* Applied patch #9 (Crash when more than one authplugin are selected)
  by Frederic Bourgeois
* Added feature to allow Facebook mock ajax (request #6) by Jason Spiro
* Added contrib dir
* Added a new html & css validated html template in contrib (request #3).
  By Chris Peschke
* Converted iso-8859 message files to utf-8 (bug #86). Suggested
  by Fred Ulisses Maranhao
* Fixed Error reading Content-Length (bug #84). By Carlos Soto
* Fixed compilation error BSD due lack of string.h when using
  memcpy() (bug #75). By Alexander Hornung
* Fixed exceptioniplist case sensitivity (bug #11). By Mark J Hewitt
* Fixed accept-encoding support for new tokens (bug #13). By userquin
* Applied patch 3438750 (GCC 4.4 and 4.6 compatibility) by Mathieu PARENT
* Applied patch 3438749 (French translation update) by Mathieu PARENT
* Applied patch 3418297 (Set proxy timeout in dansguardian.conf)
  by Frederic Bourgeois
* Applied patch 3419088 (login/password in URL is dropped) by Mathieu PARENT
* Applied patch 3419089 ("Expect" header should be dropped) by Mathieu PARENT
* Applied patch 3438751 (Fix queue handling in OptionContainer)
  by Mathieu PARENT
* Applied patch 3515167 (Fix digest identication) by Frederic Bourgeois
* Fixed GCC warnings
* LFS review in String.cpp (requires different arch review yet)

Previous release notes seem to be lost - the build structure changed, and:

  Both the main configuration file and the filter group configuration
  file(s) have changed since the last stable release.  If you try
  to re-use the configuration from an existing copy of 2.8.0.6 or
  earlier, the daemon will not start.  On the other hand, list
  files (phrase lists, domain lists, etc.) have not changed format,
  and should largely "just work".  There have been improvements to
  the default list files, though, so again it is recommended that
  you start from the new version and re-do any customisations.
a9e02b3

@jperkin jperkin pushed a commit that referenced this issue Apr 15, 2014

imil Updated irclib to version 8.5.4
8.5.4

    Issue #32: Add logging around large DCC messages to facilitate
    troubleshooting.
    Issue #31: Fix error in connection wrapper for SSL example.

8.5.3

    Issue #28: Fix TypeError in version calculation in irc.bot CTCP version.

8.5.2

    Updated DCC send and receive scripts (Issue #27).

8.5.1

    Fix timestamp support in schedule.DelayedCommand construction.

8.5

    irc.client.NickMask is now a Unicode object on Python 2. Fixes issue
    reported in pull request #19.
    Issue #24: Added DCCConnection.send_bytes for transmitting binary data.
    privmsg remains to support transmitting text.

8.4

    Code base now runs natively on Python 2 and Python 3, but requires six to
    be installed.
    Issue #25: Rate-limiting has been updated to be finer grained (preventing
    bursts exceeding the limit following idle periods).

8.3.2

    Issue #22: Catch error in bot.py on NAMREPLY when nick is not in any visible
    channel.

8.3.1

    Fixed encoding errors in server on Python 3.

8.3

    Added a set_keepalive method to the ServerConnection. Sends a periodic PING
    message every indicated interval.

8.2

    Added support for throttling send_raw messages via the ServerConnection
    object. For example, on any connection object:

        connection.set_rate_limit(30)

    That would set the rate limit to 30 Hz (30 per second). Thanks to Jason Kendall for the suggestion and bug fixes.

8.1.2

    Fix typo in client.NickMask.

8.1.1

    Fix typo in bot.py.

8.1

    Issue #15: Added client support for ISUPPORT directives on server connections. Now, each ServerConnection has a features attribute which reflects the features supported by the server. See the docs for irc.features for details about the implementation.

8.0.1

    Issue #14: Fix errors when handlers of the same priority are added under Python 3. This also fixes the unintended behavior of allowing handlers of the same priority to compare as unequal.

8.0

This release brings several backward-incompatible changes to the scheduled commands.

    Refactored implementation of schedule classes. No longer do they override the datetime constructor, but now only provide suitable classmethods for construction in various forms.
    Removed backward-compatible references from irc.client.
    Remove 'arguments' parameter from scheduled commands.

Clients that reference the schedule classes from irc.client or that construct them from the basic constructor will need to update to use the new class methods:

- DelayedCommand -> DelayedCommand.after
- PeriodicCommand -> PeriodicCommand.after

Arguments may no longer be passed to the 'function' callback, but one is encouraged instead to use functools.partial to attach parameters to the callback. For example:

DelayedCommand.after(3, func, ('a', 10))

becomes:

func = functools.partial(func, 'a', 10)
DelayedCommand.after(3, func)

This mode puts less constraints on the both the handler and the caller. For example, a caller can now pass keyword arguments instead:

func = functools.partial(func, name='a', quantity=10)
DelayedCommand.after(3, func)

Readability, maintainability, and usability go up.
7.1.2

    Issue #13: TypeError on Python 3 when constructing PeriodicCommand (and thus execute_every).

7.1.1

    Fixed regression created in 7.0 where PeriodicCommandFixedDelay would only cause the first command to be scheduled, but not subsequent ones.

7.1

    Moved scheduled command classes to irc.schedule module. Kept references for backwards-compatibility.

7.0

    PeriodicCommand now raises a ValueError if it's created with a negative or zero delay (meaning all subsequent commands are immediately due). This fixes #12.

    Renamed the parameters to the IRC object. If you use a custom event loop and your code constructs the IRC object with keyword parameters, you will need to update your code to use the new names, so:

    IRC(fn_to_add_socket=adder, fn_to_remove_socket=remover, fn_to_add_timeout=timeout)

    becomes:

    IRC(on_connect=adder, on_disconnect=remover, on_schedule=timeout)

    If you don't use a custom event loop or you pass the parameters positionally, no change is necessary.

6.0.1

    Fixed some unhandled exceptions in server client connections when the client would disconnect in response to messages sent after select was called.

6.0

    Moved LineBuffer and DecodingLineBuffer from client to buffer module. Backward-compatible references have been kept for now.
    Removed daemon mode and log-to-file options for server.
    Miscellaneous bugfixes in server.

5.1.1

    Fix error in 2to3 conversion on irc/server.py (issue #11).

5.1

The IRC library is now licensed under the MIT license.

    Added irc/server.py, based on hircd by Ferry Boender.
    Added support for CAP command (pull request #10), thanks to Danneh Oaks.

5.0

Another backward-incompatible change. In irc 5.0, many of the unnecessary getter functions have been removed and replaced with simple attributes. This change addresses issue #2. In particular:

        Connection._get_socket() -> Connection.socket (including subclasses)
        Event.eventtype() -> Event.type
        Event.source() -> Event.source
        Event.target() -> Event.target
        Event.arguments() -> Event.arguments

The nm_to_* functions were removed. Instead, use the NickMask class attributes.

These deprecated function aliases were removed from irc.client:

- parse_nick_modes -> modes.parse_nick_modes
- parse_channel_modes -> modes.parse_channel_modes
- generated_events -> events.generated
- protocol_events -> events.protocol
- numeric_events -> events.numeric
- all_events -> events.all
- irc_lower -> strings.lower

Also, the parameter name when constructing an event was renamed from eventtype to simply type.
4.0

    Removed deprecated arguments to ServerConnection.connect. See notes on the 3.3 release on how to use the connect_factory parameter if your application requires ssl, ipv6, or other connection customization.

3.6.1

    Filter out disconnected sockets when processing input.

3.6

    Created two new exceptions in irc.client: MessageTooLong and InvalidCharacters.
    Use explicit exceptions instead of ValueError when sending data.

3.5

    SingleServerIRCBot now accepts keyword arguments which are passed through to the ServerConnection.connect method. One can use this to use SSL for connections:

    factory = irc.connection.Factory(wrapper=ssl.wrap_socket)
    bot = irc.bot.SingleServerIRCBot(..., connect_factory = factory)
1ee66e1

@jperkin jperkin pushed a commit that referenced this issue May 19, 2014

sborrill Update to fping 3.10.
Changes:
2014-05-03  David Schweikert  <david@schweikert.ch>
  * Version 3.10
  * Fix confusing error message with -g and IPv6 addresses (#58, reported by
  * Axel Beckert)
  * Allow option '-f' also for non-root (since setuid privileges are
  * dropped)
  * Do not retry twice DNS lookup on DNS lookup problem
  * Remove support for NIS groups
  * Better document -B backoff-factor and when it can be used (#33, Oleksiy
  * Zagorskyi)
  * More tests added

2014-03-08  David Schweikert  <david@schweikert.ch>
  * Version 3.9
  * Fix random output on socket error (reported by Aleksandrs Saveljevs,
  * #56)
  * Support ppc64le architecture by including alpha libtool version
    (reported by Amit Kumar Gupta and Aravinda B Thunug)
  * Fix compilation problem on FreeBSD (#57)
  * Initial test suite and continous intergration (with travis-ci.org /
  * coveralls.io)
  * Don't output usage information on error

2013-11-08  David Schweikert  <david@schweikert.ch>
  * Version 3.8
  * Fix segmentation fault introduced in version 3.7 with loop mode
  * (reported
    by Vlad Glagolev, #55)

2013-11-04  David Schweikert  <david@schweikert.ch>
  * Version 3.7
  * Allow running as non-root on Mac OS X by using non-privileged ICMP (#7)
  * Remove unnecessary IPv6 socket options
  * Fix again compatibility issue with FreeBSD (Shawn Chu)
  * Fix fping hanging forever on permanent sendto failure (Shawn Chu)
  * Fix duplicate echo reply packets causing early stop in count mode
    (reported by Ramon Schwammberger, #53)

2013-10-10  David Schweikert  <david@schweikert.ch>
  * Version 3.6
  * Fix loop issue after 65536 pings (reported by Peter Folk and GBert, #12)
  * Minimum ping data size is now 0
  * Removed setsockopt IPV6_CHECKSUM, which shouldn't be set and breaks
    compiling on Solaris (reported by Juergen Arndt)
  * Fix wrong min RTT value with -Q option (reported by Alexander Ivanov,
  * #51)

2013-05-22  David Schweikert  <david@schweikert.ch>
  * Version 3.5
  * Fix sprint_tm buffer size crash (reported by Japheth Cleaver)
  * Addded -D flag to print timestamps (Toke H�iland-J�rgensen)
  * Fix fping6 build on OS X 10.8 (unknown contributor)
  * Fix compatibility issue with FreeBSD (Alexandre Raynaud, Jason Harris,
  * #39)
  * Fping.spec: fix setuid permissions and provides fping6 (Marcus Vinicius
  * Ferreira)
  * Re-create configure script with autoconf 2.69 for aarch64 support (Chuck
  * Anderson, #45)

2012-09-04  David Schweikert  <david@schweikert.ch>
  * Version 3.4
  * Revert "Output statistics to stdout instead of stderr", because it
  * breaks
    tools assuming the output goes to stderr

2012-08-19  David Schweikert  <david@schweikert.ch>
  * Version 3.3
  * Do not output icmp errors with -q (#1)
  * Add --enable-ipv4 and --enable-ipv6 options to configure (Niclas
  * Zeising)
  * Fix removing of unreachable hosts when doing loop (Thomas Liske, #13
  * #23)
  * Fix -A for fping6 (reported by Matt LaPlante, #14)
  * Fix "options inet6" breaking IPv4 name resolution (reported by Matt
  * LaPlante, #17)
  * Output statistics to stdout instead of stderr (suggested by Simon
  * Leinen, #9)
  * Set default data size to 56 bytes on all architectures (#18)
  * Added contrib/fping.spec (Stephen Schaefer, #24)
  * Convert man-page source to POD for easier maintenance
  * Fix error message on DNS error for IPv6 hosts (#27)
  * Fix -n flag in fping6 (#28)
  * Man-page fix: TOS option typo (Thomas Liske, #23)
  * Man-page fix: inconsistency in regards to numeric arguments (Robert
  * Henney)
  * Man-page fix: better description of option -q (#15)

2012-05-29  David Schweikert  <david@schweikert.ch>
  * Version 3.2
  * Improve documentation for -g option (G.W. Haywood)
  * Performance optimization for big select timeouts (#10, Andrey
  * Bondarenko)
  * Fix restart of select call after interrupt signal (#8, Boian Bonev)
  * Fix infinite loop caused by linked list corruption (#11, Boian Bonev)

2012-04-26  David Schweikert  <david@schweikert.ch>
  * Version 3.1
  * -g option (generate): exclude network and broadcast address for cidr
    ranges (idea by Eric Brander)
  * do not explicitely check if running as root, to make it possible to
    install fping with linux capabilities instead of making it setuid
    (setcap cap_net_raw+ep fping)
  * ANSI C (C89) compiler now a requirement
  * Portability fixes
  * Reorganized source directory
  * Bugfix: fix timeout issue on Solaris (Sandor Geller)
  * Man-page fixes (Axel Beckert)
  * Added -H option to specify number of hops (Paul Duda)
  * Output usage information to stdout when called with -h (Paul Duda)

2011-12-28  David Schweikert  <david@schweikert.ch>
  * Version 3.0
  * rewritten main loop for improved performance
  * -T parameter (select timeout) now obsolete
  * Maintenance taken over from unresponsive previous maintainer
    (anybody please step up, if you disagree)
  * New homepage: www.fping.org

2009-12-21  Tobi Oetiker  <tobi@oetiker.ch>
  * Version v2.4b2-to3-ipv6
  * added -On option to set the TOS octet
  * Removed unused variables from code
  * updated to current autoconf standards
  * Merged Debian changes (see below)

----------------------------------------------------------------------

fping (2.4b2-to-ipv6-16.1) unstable; urgency=low

  * NMU during Moenchengladbach BSP
  * Fixes FTBFS on kfreebsd (Closes: #555398)
  * Fixes typo "Paramter" in binary

 -- Axel Beckert <abe@deuxchevaux.org>  Sat, 23 Jan 2010 16:22:02 +0100

fping (2.4b2-to-ipv6-16) unstable; urgency=low

  * Fix the following bugs
    - Network byte order sensitivity was missing completely.
      Added hopefully all missing calls.
    - The sequence numbering scheme used led to packet drops.
      Changed it to a more senseful numbering scheme.
    - Some minor C programming mistakes ('=' instead of '==').
    Patch by Stephan Fuhrmann; closes: #502569
  * Add support for command line select timeout setting
    Patch by Marton Balint; closes: #502575
  * Remove symlinks in /usr/sbin; closes: #377732
  * Standards-Version is 3.8.0

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 18 Oct 2008 12:04:52
 -- +1100

fping (2.4b2-to-ipv6-15) unstable; urgency=low

  * Added interface binding (-I) for fping
    Patch by Peter Naulls <peter@mushroomnetworks.com>
    Closes: #439014
  * Fixed a couple of typos in fping.8. Closes: #423180
  * Added homepage control header
  * Bumped Standards-Version to 3.7.3
  * Fixed the following lintian issue:
    - debian-rules-sets-DH_COMPAT

 -- Anibal Monsalve Salazar <anibal@debian.org>  Mon, 03 Mar 2008 17:46:17
 -- +1100

fping (2.4b2-to-ipv6-13) unstable; urgency=low

  * Fixed stdout flush problem, closes: #340146.
    Patch by Bart Martens <bart.martens@advalvas.be>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 30 Dec 2005 08:30:09
 -- +1100

fping (2.4b2-to-ipv6-12) unstable; urgency=low

  * Fixed "problem with option -r (retry limit)", closes: #318402.
    Patch by Qingning Huo <qingningh@lanware.co.uk>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 08 Oct 2005 21:26:35
 -- +1000

fping (2.4b2-to-ipv6-11) unstable; urgency=low

  * Fixed "would be useful to specify 'source address' like ping for multi
    homed machines", closes: #198486.
    Patch by Marc Haber <mh+debian-bugs@zugschlus.de>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 02 Jun 2005 08:14:54
 -- +1000

fping (2.4b2-to-ipv6-10) unstable; urgency=low

  * Fixed "unnecessary delay with the -c option after the last packet"
    (Closes: #293856). Patch by Niko Tyni <ntyni@iki.fi>

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 06 Feb 2005 23:25:57
 -- +1100

fping (2.4b2-to-ipv6-9) unstable; urgency=low

  * Fixed "fping6 always does reverse lookup" (Closes: #273647).
    Patch by Jeroen Massar and forwarded by Bernhard Schmidt
<berni@birkenwald.de>

 -- Anibal Monsalve Salazar <A.Monsalve.Salazar@IEEE.org>  Mon, 10 Jan 2005
 -- 00:01:32 +1100

fping (2.4b2-to-ipv6-7) unstable; urgency=low

  * Build fping in build/ipv[46] instead of build and build-ipv6.
  * Made DNS errors non-fatal for IPv6 (closes: #198056).

 -- Herbert Xu <herbert@debian.org>  Fri, 20 Jun 2003 21:36:30 +1000

fping (2.4b2-to-ipv6-6) unstable; urgency=low

  * Do not use incorrect linux.h file (closes: #85468).

 -- Herbert Xu <herbert@debian.org>  Sat, 17 May 2003 14:13:11 +1000

fping (2.4b2-to-ipv6-5) unstable; urgency=low

  * Fixed yet another divide by zero bug (closes: #148445).

 -- Herbert Xu <herbert@debian.org>  Tue,  4 Jun 2002 12:18:03 +1000

fping (2.4b2-to-ipv6-4) unstable; urgency=low

  * Made fping6 setuid (closes: #136386).
  * Moved fping back into bin.
  * Partially applied IPv6 patch to fix IPv6 checksums (closes: #136479).

 -- Herbert Xu <herbert@debian.org>  Sun,  7 Apr 2002 20:36:56 +1000

fping (2.4b2-to-ipv6-3) unstable; urgency=low

  * Added compatibility symlink for fping (closes: #135203).

 -- Herbert Xu <herbert@debian.org>  Sat, 23 Feb 2002 08:34:11 +1100

fping (2.4b2-to-ipv6-2) unstable; urgency=low

  * Fixed another divide by zero error (closes: #132370).

 -- Herbert Xu <herbert@debian.org>  Thu,  7 Feb 2002 20:10:48 +1100

fping (2.4b2-to-ipv6-1) unstable; urgency=low

  * New upstream release.
  * Install fping into sbin as done by upstream.
32f31e7

@jperkin jperkin pushed a commit that referenced this issue Jun 2, 2014

sborrill Update to fping 3.10.
Changes:
2014-05-03  David Schweikert  <david@schweikert.ch>
  * Version 3.10
  * Fix confusing error message with -g and IPv6 addresses (#58, reported by
  * Axel Beckert)
  * Allow option '-f' also for non-root (since setuid privileges are
  * dropped)
  * Do not retry twice DNS lookup on DNS lookup problem
  * Remove support for NIS groups
  * Better document -B backoff-factor and when it can be used (#33, Oleksiy
  * Zagorskyi)
  * More tests added

2014-03-08  David Schweikert  <david@schweikert.ch>
  * Version 3.9
  * Fix random output on socket error (reported by Aleksandrs Saveljevs,
  * #56)
  * Support ppc64le architecture by including alpha libtool version
    (reported by Amit Kumar Gupta and Aravinda B Thunug)
  * Fix compilation problem on FreeBSD (#57)
  * Initial test suite and continous intergration (with travis-ci.org /
  * coveralls.io)
  * Don't output usage information on error

2013-11-08  David Schweikert  <david@schweikert.ch>
  * Version 3.8
  * Fix segmentation fault introduced in version 3.7 with loop mode
  * (reported
    by Vlad Glagolev, #55)

2013-11-04  David Schweikert  <david@schweikert.ch>
  * Version 3.7
  * Allow running as non-root on Mac OS X by using non-privileged ICMP (#7)
  * Remove unnecessary IPv6 socket options
  * Fix again compatibility issue with FreeBSD (Shawn Chu)
  * Fix fping hanging forever on permanent sendto failure (Shawn Chu)
  * Fix duplicate echo reply packets causing early stop in count mode
    (reported by Ramon Schwammberger, #53)

2013-10-10  David Schweikert  <david@schweikert.ch>
  * Version 3.6
  * Fix loop issue after 65536 pings (reported by Peter Folk and GBert, #12)
  * Minimum ping data size is now 0
  * Removed setsockopt IPV6_CHECKSUM, which shouldn't be set and breaks
    compiling on Solaris (reported by Juergen Arndt)
  * Fix wrong min RTT value with -Q option (reported by Alexander Ivanov,
  * #51)

2013-05-22  David Schweikert  <david@schweikert.ch>
  * Version 3.5
  * Fix sprint_tm buffer size crash (reported by Japheth Cleaver)
  * Addded -D flag to print timestamps (Toke H�iland-J�rgensen)
  * Fix fping6 build on OS X 10.8 (unknown contributor)
  * Fix compatibility issue with FreeBSD (Alexandre Raynaud, Jason Harris,
  * #39)
  * Fping.spec: fix setuid permissions and provides fping6 (Marcus Vinicius
  * Ferreira)
  * Re-create configure script with autoconf 2.69 for aarch64 support (Chuck
  * Anderson, #45)

2012-09-04  David Schweikert  <david@schweikert.ch>
  * Version 3.4
  * Revert "Output statistics to stdout instead of stderr", because it
  * breaks
    tools assuming the output goes to stderr

2012-08-19  David Schweikert  <david@schweikert.ch>
  * Version 3.3
  * Do not output icmp errors with -q (#1)
  * Add --enable-ipv4 and --enable-ipv6 options to configure (Niclas
  * Zeising)
  * Fix removing of unreachable hosts when doing loop (Thomas Liske, #13
  * #23)
  * Fix -A for fping6 (reported by Matt LaPlante, #14)
  * Fix "options inet6" breaking IPv4 name resolution (reported by Matt
  * LaPlante, #17)
  * Output statistics to stdout instead of stderr (suggested by Simon
  * Leinen, #9)
  * Set default data size to 56 bytes on all architectures (#18)
  * Added contrib/fping.spec (Stephen Schaefer, #24)
  * Convert man-page source to POD for easier maintenance
  * Fix error message on DNS error for IPv6 hosts (#27)
  * Fix -n flag in fping6 (#28)
  * Man-page fix: TOS option typo (Thomas Liske, #23)
  * Man-page fix: inconsistency in regards to numeric arguments (Robert
  * Henney)
  * Man-page fix: better description of option -q (#15)

2012-05-29  David Schweikert  <david@schweikert.ch>
  * Version 3.2
  * Improve documentation for -g option (G.W. Haywood)
  * Performance optimization for big select timeouts (#10, Andrey
  * Bondarenko)
  * Fix restart of select call after interrupt signal (#8, Boian Bonev)
  * Fix infinite loop caused by linked list corruption (#11, Boian Bonev)

2012-04-26  David Schweikert  <david@schweikert.ch>
  * Version 3.1
  * -g option (generate): exclude network and broadcast address for cidr
    ranges (idea by Eric Brander)
  * do not explicitely check if running as root, to make it possible to
    install fping with linux capabilities instead of making it setuid
    (setcap cap_net_raw+ep fping)
  * ANSI C (C89) compiler now a requirement
  * Portability fixes
  * Reorganized source directory
  * Bugfix: fix timeout issue on Solaris (Sandor Geller)
  * Man-page fixes (Axel Beckert)
  * Added -H option to specify number of hops (Paul Duda)
  * Output usage information to stdout when called with -h (Paul Duda)

2011-12-28  David Schweikert  <david@schweikert.ch>
  * Version 3.0
  * rewritten main loop for improved performance
  * -T parameter (select timeout) now obsolete
  * Maintenance taken over from unresponsive previous maintainer
    (anybody please step up, if you disagree)
  * New homepage: www.fping.org

2009-12-21  Tobi Oetiker  <tobi@oetiker.ch>
  * Version v2.4b2-to3-ipv6
  * added -On option to set the TOS octet
  * Removed unused variables from code
  * updated to current autoconf standards
  * Merged Debian changes (see below)

----------------------------------------------------------------------

fping (2.4b2-to-ipv6-16.1) unstable; urgency=low

  * NMU during Moenchengladbach BSP
  * Fixes FTBFS on kfreebsd (Closes: #555398)
  * Fixes typo "Paramter" in binary

 -- Axel Beckert <abe@deuxchevaux.org>  Sat, 23 Jan 2010 16:22:02 +0100

fping (2.4b2-to-ipv6-16) unstable; urgency=low

  * Fix the following bugs
    - Network byte order sensitivity was missing completely.
      Added hopefully all missing calls.
    - The sequence numbering scheme used led to packet drops.
      Changed it to a more senseful numbering scheme.
    - Some minor C programming mistakes ('=' instead of '==').
    Patch by Stephan Fuhrmann; closes: #502569
  * Add support for command line select timeout setting
    Patch by Marton Balint; closes: #502575
  * Remove symlinks in /usr/sbin; closes: #377732
  * Standards-Version is 3.8.0

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 18 Oct 2008 12:04:52
 -- +1100

fping (2.4b2-to-ipv6-15) unstable; urgency=low

  * Added interface binding (-I) for fping
    Patch by Peter Naulls <peter@mushroomnetworks.com>
    Closes: #439014
  * Fixed a couple of typos in fping.8. Closes: #423180
  * Added homepage control header
  * Bumped Standards-Version to 3.7.3
  * Fixed the following lintian issue:
    - debian-rules-sets-DH_COMPAT

 -- Anibal Monsalve Salazar <anibal@debian.org>  Mon, 03 Mar 2008 17:46:17
 -- +1100

fping (2.4b2-to-ipv6-13) unstable; urgency=low

  * Fixed stdout flush problem, closes: #340146.
    Patch by Bart Martens <bart.martens@advalvas.be>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Fri, 30 Dec 2005 08:30:09
 -- +1100

fping (2.4b2-to-ipv6-12) unstable; urgency=low

  * Fixed "problem with option -r (retry limit)", closes: #318402.
    Patch by Qingning Huo <qingningh@lanware.co.uk>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sat, 08 Oct 2005 21:26:35
 -- +1000

fping (2.4b2-to-ipv6-11) unstable; urgency=low

  * Fixed "would be useful to specify 'source address' like ping for multi
    homed machines", closes: #198486.
    Patch by Marc Haber <mh+debian-bugs@zugschlus.de>.

 -- Anibal Monsalve Salazar <anibal@debian.org>  Thu, 02 Jun 2005 08:14:54
 -- +1000

fping (2.4b2-to-ipv6-10) unstable; urgency=low

  * Fixed "unnecessary delay with the -c option after the last packet"
    (Closes: #293856). Patch by Niko Tyni <ntyni@iki.fi>

 -- Anibal Monsalve Salazar <anibal@debian.org>  Sun, 06 Feb 2005 23:25:57
 -- +1100

fping (2.4b2-to-ipv6-9) unstable; urgency=low

  * Fixed "fping6 always does reverse lookup" (Closes: #273647).
    Patch by Jeroen Massar and forwarded by Bernhard Schmidt
<berni@birkenwald.de>

 -- Anibal Monsalve Salazar <A.Monsalve.Salazar@IEEE.org>  Mon, 10 Jan 2005
 -- 00:01:32 +1100

fping (2.4b2-to-ipv6-7) unstable; urgency=low

  * Build fping in build/ipv[46] instead of build and build-ipv6.
  * Made DNS errors non-fatal for IPv6 (closes: #198056).

 -- Herbert Xu <herbert@debian.org>  Fri, 20 Jun 2003 21:36:30 +1000

fping (2.4b2-to-ipv6-6) unstable; urgency=low

  * Do not use incorrect linux.h file (closes: #85468).

 -- Herbert Xu <herbert@debian.org>  Sat, 17 May 2003 14:13:11 +1000

fping (2.4b2-to-ipv6-5) unstable; urgency=low

  * Fixed yet another divide by zero bug (closes: #148445).

 -- Herbert Xu <herbert@debian.org>  Tue,  4 Jun 2002 12:18:03 +1000

fping (2.4b2-to-ipv6-4) unstable; urgency=low

  * Made fping6 setuid (closes: #136386).
  * Moved fping back into bin.
  * Partially applied IPv6 patch to fix IPv6 checksums (closes: #136479).

 -- Herbert Xu <herbert@debian.org>  Sun,  7 Apr 2002 20:36:56 +1000

fping (2.4b2-to-ipv6-3) unstable; urgency=low

  * Added compatibility symlink for fping (closes: #135203).

 -- Herbert Xu <herbert@debian.org>  Sat, 23 Feb 2002 08:34:11 +1100

fping (2.4b2-to-ipv6-2) unstable; urgency=low

  * Fixed another divide by zero error (closes: #132370).

 -- Herbert Xu <herbert@debian.org>  Thu,  7 Feb 2002 20:10:48 +1100

fping (2.4b2-to-ipv6-1) unstable; urgency=low

  * New upstream release.
  * Install fping into sbin as done by upstream.
49915f0

@jperkin jperkin pushed a commit that referenced this issue Jun 2, 2014

wiz Update to 3.2.15:
* Version 3.2.15 (released 2014-05-30)

** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.

** libgnutls: Several memory leaks caused by error conditions were
fixed. The leaks were identified using valgrind and the Codenomicon
TLS test suite.

** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.

** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.

** gnutls-cli: if dane is requested but not PKIX verification, then
only do verify the end certificate.

** ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.

** API and ABI modifications:
No changes since last version.


* Version 3.2.14 (released 2014-05-06)

** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.

** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided.

** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.

** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.

** libgnutls: Several small bug fixes found by coverity.

** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.

** configure: Added --with-nettle-mini option, which allows linking
with a libnettle that contains gmp.

** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.

** API and ABI modifications:
No changes since last version.


* Version 3.2.13 (released 2014-04-07)

** libgnutls: gnutls_openpgp_keyring_import will no longer fail silently
if there are no base64 data. Report and patch by Ramkumar Chinchani.

** libgnutls: gnutls_record_send is now safe to be called under DTLS when
in corked mode.

** libgnutls: Ciphersuites that use the SHA256 or SHA384 MACs are
only available in TLS 1.0 as SSL 3.0 doesn't specify parameters for
these algorithms.

** libgnutls: Changed the behaviour in wildcard acceptance in certificates.
Wildcards are only accepted when there are more than two domain components
after the wildcard. This drops support for the permissive RFC2818 wildcards
and adds more conservative support based on the suggestions in RFC6125. Suggested
by Jeffrey Walton.

** certtool: When no password is provided to export a PKCS #8 keys, do
not encrypt by default. This reverts to the certtool behavior of gnutls
3.0. The previous behavior of encrypting using an empty password can be
replicating using the new parameter --empty-password.

** p11tool: Avoid dual initialization of the PKCS #11 subsystem when
the --provider option is given.

** API and ABI modifications:
No changes since last version.
58b2882

@jperkin jperkin pushed a commit that referenced this issue Jul 8, 2014

schmonz Update to 2014.7.3. From the changelog:
* Fix #8: Remove ``How to do a release`` section from README.md.
* Fix #11: Include test directory markdown, html files.
* Fix memory leak in using ``handle`` while keeping the old instance
  of ``html2text``.
b27085a

@jperkin jperkin pushed a commit that referenced this issue Jul 23, 2014

schmonz Update to 3.24. From the changelog:
* Remove SvREFCNT_dec_NN until it can be implemented
  properly.
  (Thanks to bulk88 for reporting GH #10)
* Fix GH #11 - compiler warning under clang
  (Thanks to jhi for reporting it)
* Fix GH #12 - compiler warnings
  (Thanks to jhi for reporting it)
* Add support for HeUTF8
* Add GetFileContents() to retrieve the contents of the
  ppport.h file
* Update MAX_VER to be 5.20
* Update issue tracker to GitHub
* Add support for the following API
    SvREFCNT_dec_NN
    mg_findext
    sv_unmagicext
* Update META
    Move bug tracker to github
    Provide link to repository
* Avoid syntax disallowed by C++11
  (Thanks to Tony C for the patch)
* Fix cpan #87870: Merge core perl commit 90b0dc0e2e
  (Thanks to Father Chrysostomos for the original patch and
   to Steve Hay for forwarding it)
* Fix cpan #86975: Deterministically order API elements in POD
  (Thanks to Karl Williamson for providing a patch.)
* Fix cpan #81796: my $_ is deprecated
  (Thanks to Nicholas Clark for providing a patch)
* Fix cpan #81484: fix isASCII and isCNTRL for inputs > 255
  (Thanks to Karl Williamson for providing a patch)
* Fix cpan #80314: make use of PERL_NO_GET_CONTEXT the default
* Fix cpan #79814: Install to 'site' for perl 5.11+
  (Thanks to Robert Sedlacek for providing a patch)
* Fix cpan #78271: Need SvPV_nomg_nolen
* Adapt buildperl.pl for newer Perl releases
* Update masked_versions regex for 5.005 thread builds
* Some tweaks needed to support 5.003 on 64-bit platforms
0b67515

@jperkin jperkin pushed a commit that referenced this issue Sep 3, 2014

wiz Update to 1.2:
Version 1.2 -- August 26, 2014
==============================

 - Fixed compilation with neither libswresample nor libavresample (#11)
 - Fixed compilation with static libav (#10)
 - Functions chromaprint_encode_fingerprint and chromaprint_decode_fingerprint
   are changed to accept const pointer as input
 - Added support for using the Kiss FFT library (should make Android port easier)
 - Removed obsolete dev tools from the package
 - More compatible DEBUG() macro
758de3b

@jperkin jperkin pushed a commit that referenced this issue Dec 9, 2014

khorben Packaged gnutls 3.2.19
* Version 3.2.19 (released 2014-10-13)

** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.

** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.

** libgnutls: fix issue in DTLS retransmission when session tickets
were in use; reported by Manuel Pégourié-Gonnard.

** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.

** guile: new 'set-session-server-name!' procedure; see the manual for
details.

** API and ABI modifications:
No changes since last version.
61cb603

@jperkin jperkin pushed a commit that referenced this issue Apr 16, 2015

wen Update to 1.3.6
Add test target

Upstream changes:
2015-03-14 -- 1.3.6

    * Class.slots raises NotImplementedError for old style classes.
      Closes issue #67.

    * Add a new option to AstroidManager, `optimize_ast`, which
      controls if peephole optimizer should be enabled or not.
      This prevents a regression, where the visit_binop method
      wasn't called anymore with astroid 1.3.5, due to the differences
      in the resulting AST. Closes issue #82.


2015-03-11 -- 1.3.5

    * Add the ability to optimize small ast subtrees,
      with the first use in the optimization of multiple
      BinOp nodes. This removes recursivity in the rebuilder
      when dealing with a lot of small strings joined by the
      addition operator. Closes issue #59.

    * Obtain the methods for the nose brain tip through an
      unittest.TestCase instance. Closes Pylint issue #457.

    * Fix a crash which occurred when a class was the ancestor
      of itself. Closes issue #78.

    * Improve the scope_lookup method for Classes regarding qualified
      objects, with an attribute name exactly as one provided in the
      class itself.

      For example, a class containing an attribute 'first',
      which was also an import and which had, as a base, a qualified name
      or a Gettattr node, in the form 'module.first', then Pylint would
      have inferred the `first` name as the function from the Class,
      not the import. Closes Pylint issue #466.

    * Implement the assigned_stmts operation for Starred nodes,
      which was omitted when support for Python 3 was added in astroid.
      Closes issue #36.


2015-01-17 -- 1.3.4

    * Get the first element from the method list when obtaining
      the functions from nose.tools.trivial. Closes Pylint issue #448.

2015-01-16 -- 1.3.3

    * Restore file_stream to a property, but deprecate it in favour of
      the newly added method Module.stream. By using a method instead of a
      property, it will be easier to properly close the file right
      after it is used, which will ensure that no file descriptors are
      leaked. Until now, due to the fact that a module was cached,
      it was not possible to close the file_stream anywhere.
      file_stream will start emitting PendingDeprecationWarnings in
      astroid 1.4, DeprecationWarnings in astroid 1.5 and it will
      be finally removed in astroid 1.6.

    * Add inference tips for 'tuple', 'list', 'dict' and 'set' builtins.

    * Add brain definition for most string and unicode methods

    * Changed the API for Class.slots. It returns None when the class
      doesn't define any slots. Previously, for both the cases where
      the class didn't have slots defined and when it had an empty list
      of slots, Class.slots returned an empty list.

    * Add a new method to Class nodes, 'mro', for obtaining the
      the method resolution order of the class.

    * Add brain tips for six.moves. Closes issue #63.

    * Improve the detection for functions decorated with decorators
      which returns static or class methods.

    * .slots() can contain unicode strings on Python 2.

    * Add inference tips for nose.tools.


2014-11-22 -- 1.3.2

    * Fixed a crash with invalid subscript index.

    * Implement proper base class semantics for Python 3, where
      every class derives from object.

    * Allow more fine-grained control over C extension loading
      in the manager.

2014-11-21 -- 1.3.1

    * Fixed a crash issue with the pytest brain module.

2014-11-20 -- 1.3.0

    * Fix a maximum recursion error occured during the inference,
      where statements with the same name weren't filtered properly.
      Closes pylint issue #295.

    * Check that EmptyNode has an underlying object in
      EmptyNode.has_underlying_object.

    * Simplify the understanding of enum members.

    * Fix an infinite loop with decorator call chain inference,
      where the decorator returns itself. Closes issue #50.

    * Various speed improvements. Patch by Alex Munroe.

    * Add pytest brain plugin. Patch by Robbie Coomber.

    * Support for Python versions < 2.7 has been dropped, and the
      source has been made compatible with Python 2 and 3. Running
      2to3 on installation for Python 3 is not needed anymore.

    * astroid now depends on six.

    * modutils._module_file opens __init__.py in binary mode.
      Closes issues #51 and #13.

    * Only C extensions from trusted sources (the standard library)
      are loaded into the examining Python process to build an AST
      from the live module.

    * Path names on case-insensitive filesystems are now properly
      handled. This fixes the stdlib detection code on Windows.

    * Metaclass-generating functions like six.with_metaclass
      are now supported via some explicit detection code.

    * astroid.register_module_extender has been added to generalize
      the support for module extenders as used by many brain plugins.

    * brain plugins can now register hooks to handle failed imports,
      as done by the gobject-introspection plugin.

    * The modules have been moved to a separate package directory,
      `setup.py develop` now works correctly.


2014-08-24 -- 1.2.1

    * Fix a crash occurred when inferring decorator call chain.
      Closes issue #42.

    * Set the parent of vararg and kwarg nodes when inferring them.
      Closes issue #43.

    * namedtuple inference knows about '_fields' attribute.

    * enum members knows about the methods from the enum class.

    * Name inference will lookup in the parent function
      of the current scope, in case searching in the current scope
      fails.

    * Inference of the functional form of the enums takes into
      consideration the various inputs that enums accepts.

    * The inference engine handles binary operations (add, mul etc.)
      between instances.

    * Fix an infinite loop in the inference, by returning a copy
      of instance attributes, when calling 'instance_attr'.
      Closes issue #34 (patch by Emile Anclin).

    * Don't crash when trying to infer unbound object.__new__ call.
      Closes issue #11.

2014-07-25  --  1.2.0

    * Function nodes can detect decorator call chain and see if they are
      decorated with builtin descriptors (`classmethod` and `staticmethod`).

    * infer_call_result called on a subtype of the builtin type will now
      return a new `Class` rather than an `Instance`.

    * `Class.metaclass()` now handles module-level __metaclass__ declaration
      on python 2, and no longer looks at the __metaclass__ class attribute on
      python 3.

    * Function nodes can detect if they are decorated with subclasses
      of builtin descriptors when determining their type
      (`classmethod` and `staticmethod`).

    * Add `slots` method to `Class` nodes, for retrieving
      the list of valid slots it defines.

    * Expose function annotation to astroid: `Arguments` node
      exposes 'varargannotation', 'kwargannotation' and 'annotations'
      attributes, while `Function` node has the 'returns' attribute.

    * Backported most of the logilab.common.modutils module there, as
      most things there are for pylint/astroid only and we want to be
      able to fix them without requiring a new logilab.common release

    * Fix names grabed using wildcard import in "absolute import mode"
      (ie with absolute_import activated from the __future__ or with
      python 3). Fix pylint issue #58.

    * Add support in pylint-brain for understanding enum classes.

2014-04-30  --  1.1.1
    * `Class.metaclass()` looks in ancestors when the current class
      does not define explicitly a metaclass.

    * Do not cache modules if a module with the same qname is already
      known, and only return cached modules if both name and filepath
      match. Fixes pylint Bitbucket issue #136.

2014-04-18  --  1.1.0
    * All class nodes are marked as new style classes for Py3k.

    * Add a `metaclass` function to `Class` nodes to
      retrieve their metaclass.

    * Add a new YieldFrom node.

    * Add support for inferring arguments to namedtuple invocations.

    * Make sure that objects returned for namedtuple
      inference have parents.

    * Don't crash when inferring nodes from `with` clauses
      with multiple context managers. Closes #18.

    * Don't crash when a class has some __call__ method that is not
      inferable. Closes #17.

    * Unwrap instances found in `.ancestors()`, by using their _proxied
      class.
847122f

@jperkin jperkin pushed a commit that referenced this issue Apr 28, 2015

mef (pkgsrc)
 - Add 5 of BUILD_DEPENDS for make test
 - Among make test items, waitpid() in test #11 won't return,
   disable it for the moment by renaming 11*.t to 11*.t.orig. XXXXXX
(upstream)
 - update to 1.33
----------------
 1.33 2015-04-17
    - Fix failing tests
    - Fix manifest
3611c3e

@jperkin jperkin pushed a commit that referenced this issue May 21, 2015

mef Update 0.20 to 0.23
-------------------
0.23
  - fix test error on Windows due to the use of
    unescaped paths in regex patterns (by nanis) #11 #13
0.22
  - fix regression in 0.21 (use of here-doc within `<?= ?>` causes syntax error) #12
  - add support for `prepend` property for prepending code (by LoonyPandora) #3

0.21
 - fix the strange rule for multi-line expression #10
764c43f

@jperkin jperkin pushed a commit that referenced this issue May 21, 2015

mef (pkgsrc)
 - Add three BUILD_DEPENDS for 'make test'.
   p5-JSON-MaybeXS, p5-Module-Pluggable, p5-Test-Deep
(upstream)
 - Update to 1.004
---------------
1.004   2015-03-05 05:18:44Z
        - fix the Gist plugin to work with github's stricter validation
          (PR #11, Tatsuhiko Miyagawa)
        - removed +x permissions on files (RT#102361)
        - mark the Codepeek service as deprecated (RT#101823)
e52ebfb

@jperkin jperkin pushed a commit that referenced this issue May 21, 2015

wen Update to 1.3.4.150503
Upstream changes:
20150503
	+ add --with-man2html configure option
	+ improve description of -W options and how they can be combined into
	  a comma-separated list (adapted from Leif LeBaron).
	+ modify parsing for -Wexec to permit its value to be separated by '='
	  in addition to a space, for consistency with the other -W options.
	+ cosmetic changes to configure script macros, from work on xterm.
	+ update config.guess and config.sub

20141206
	+ Mawk behaves incorrectly when using the nextfile statement.  It marks
	  the file as dead, but does not check such state and thus ends reading
	  from a closed fd (patch by Ismael Luceno).

20141027
	+ remove a special check for anchored regular expressions in gsub3
	  which did not handle expressions with "|" alternation (report by
	  "Ypnose").

20140914
	+ rename vs6.mak / vs6.h to vs2008 for Visual Studio 2008 compiles.
	+ remove MS-DOS support.
	+ add a check in split for empty regex, treating that the same as an
	  empty string (Original-Mawk #9).
	+ correct inconsistently-ifdef'd reset of errno in check_strnum()
	  function, which caused some values to be internally classified as
	  strings rather than strnums (Original-Mawk #26).
	+ add parameter to REmatch to control use of REG_NOTBOL and its
	  equivalent in mawk (prompted by discussion with Mike Brennan,
	  Original-Mawk #24).
	+ settle on "gsub3" implementation (suggested by Mike Brennan,
	  Original-Mawk #11).
	+ change default for configure option --enable-init-srand to enable
	  this (discussion with Mike Brennan).
	+ add -W random option to set initial srand() seed.
	+ add TraceVA, use to provide debug-traces for errmsg().
	+ add note in manpage about "nextfile", see for example:
	    http://www.opengroup.org/austin/docs/austin_578.txt
	    http://austingroupbugs.net/view.php?id=607
	+ make it possible to build with "bsd" library ported to Linux by
	  setting LIBS=-lbsd before running configure script.
	+ show random-function names in version message, as well as maximum
	  integer-value.
	+ modify initialization of srand default seed from time of day to use
	  gettimeofday, etc., so that successive runs of mawk are less likely
	  to use the same seed value (suggested by Mike Brennan).
	+ make a further refinement, "gsub3" which uses a single pass.
	+ change SType and SLen types to improve performance as well as
	  handling larger regular expressions (suggested by Mike Brennan).
	+ fix some minor issues reported by Coverity.
	+ regenerate parse.c using byacc 20140422
	+ modify makefile-rule for generating parse.c to keep the "#line"
	  preprocessor lines consistent with the actual filename.  This is
	  needed by lcov.
	+ add test/reg7.awk to help with recent testing.
	+ discard intermediate new_gsub used for regression-testing, will do
	  further improvements based on "gsub2".
	+ fix a comparison in rexp3.c to work with embedded nulls (patch by
	  Mike Brennan).
	+ in-progress changes to implement "gsub2", which will reduce copying.
	+ discard intermediate old_gsub used for regression-testing, using
	  original gsub function renamed to "gsub0" for that purpose.
	+ remove old compiler information from version message.
	+ remove NF value from version message.
	+ patches by Mike Brennan:
	  + changed the intermediate storage of STRINGS used by split.
	  + cleaned up the xxx_split() functions.
	    a) removed hand loop unrolling. What was an optimization for
            intel 8086/88 is silly today.
            b) consequence of a) some macros went away so the code is easier
            to read/understand.
            c) handles null in input string
	       Note:  re_split() does \x00 null correctly, but it calls
	       REmatch() which does not.  I have examples where REmatch works
	       with nulls and examples of not working.  That needs to be fixed.
	  + changed field allocation to support no upper limit.
	+ when comparing two strings, allow for embedded nulls.
	+ add checks in rexp3.c for infinite loop for testcase noloop.awk
	  (report by Tibor Palinkas).
	+ improve test-package for debian by adding postrm script to restore
	  "mawk-base" to its unalternatized configuration, as well as adding
	  messages to the other pre/post scripts.
	+ patches by Mike Brennan:
	  + increase some limits: NF is now 1048575, sprintf limit is 8192.
	  + updated array.w; mostly documentation improvements
	  + add array.pdf generated from array.w
	+ add -Wu / -Wusage / -Wh / -Whelp to show usage message, like gawk.
	  If long options are enabled, honor --help and --usage as well.
	+ if no command-line parameters are given, show usage message like
	  gawk and BWK (report by Michael Sanders).
	+ improve configure macros CF_ADD_CFLAGS, CF_ADD_LIBS, CF_XOPEN_SOURCE,
	  e.g., for Minix3.2 port.
	+ restore in-progress change to gsub; resolved problem handling its
	  internal use of vectors for second parameter when "&" marker is used.
	+ improve configure check for Intel compiler warnings; trim unwanted
	  -no-gcc option.
	+ for Solaris suppress the followup check for defining _XOPEN_SOURCE
	+ update config.guess and config.sub
d749861

@jperkin jperkin pushed a commit that referenced this issue Jun 17, 2015

spz update to gnutls 3.3.15
patch refresh grace of mkpatches

upstream notable changes list since the 3.2 to 3.3 branch point (excerpt
of the NEWS file):

* Version 3.3.15 (released 2015-05-03)

** libgnutls: gnutls_certificate_get_ours: will return the certificate even
if a callback was used to send it.

** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
Karthikeyan Bhargavan [GNUTLS-SA-2015-2].

** libgnutls: Check for invalid length in the X.509 version field. Without the check
certificates with invalid length would be detected as having an arbitrary
version. Reported by Hanno Böck.

** API and ABI modifications:
No changes since last version.


* Version 3.3.14 (released 2015-03-30)

** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo
structures use BER to decode them (requires libtasn1 4.3). That allows
to decode some more complex structures.

** libgnutls: When an end-certificate with no name is present and there
are CA name constraints, don't reject the certificate. This follows RFC5280
advice closely. Reported by Fotis Loukos.

** libgnutls: Fixed handling of supplemental data with types > 255.
Patch by Thierry Quemerais.

** libgnutls: Fixed double free in the parsing of CRL distribution points certificate
extension. Reported by Robert Święcki.

** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That
protocol is not enabled by default (used by openconnect VPN).

** libgnutls: The maximum user data send size is set to be the same for
block and non-block ciphersuites. This addresses a regression with wine:
https://bugs.winehq.org/show_bug.cgi?id=37500

** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN,
and CKA_DECRYPT when needed.

** libgnutls: Allow names with zero size to be set using
gnutls_server_name_set(). That will disable the Server Name Indication.
Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2

** API and ABI modifications:
No changes since last version.


* Version 3.3.13 (released 2015-02-25)

** libgnutls: Enable AESNI in GCM on x86

** libgnutls: Fixes in DTLS message handling

** libgnutls: Check certificate algorithm consistency, i.e.,
check whether the signatureAlgorithm field matches the signature
field inside TBSCertificate.

** gnutls-cli: Fixes in OCSP verification.

** API and ABI modifications:
No changes since last version.


* Version 3.3.12 (released 2015-01-17)

** libgnutls: When negotiating TLS use the lowest enabled version in
the client hello, rather than the lowest supported. In addition, do
not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0
is the only protocol supported. That addresses issues with servers that
immediately drop the connection when the encounter SSL 3.0 as the record
version number. See:
http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html

** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters.

** libgnutls: Handle zero length plaintext for VIA PadLock functions.
This solves a potential crash on AES encryption for small size plaintext.
Patch by Matthias-Christian Ott.

** libgnutls: In DTLS don't combine multiple packets which exceed MTU.
Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715

** libgnutls: In DTLS decode all handshake packets present in a record
packet, in a single pass. Reported by Andreas Schultz.
https://savannah.gnu.org/support/?108712

** libgnutls: When importing a CA file with a PKCS #11 URL, simply
import the certificates, if the URL specifies objects, rather than
treating it as trust module.

** libgnutls: When importing a PKCS #11 URL and we know the type of
object we are importing, don't require the object type in the URL.

** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2
was used by the server.

** guile: Fix compilation on MinGW. Previously only the static version of the
'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.

** guile: Fix harmless warning during compilation of gnutls.scm
Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>.

** certtool: --pubkey-info will also attempt to load a public key
from stdin.

** gnutls-cli: Added --starttls-proto option. That allows to specify a
protocol for starttls negotiation.

** API and ABI modifications:
No changes since last version.


* Version 3.3.11 (released 2014-12-11)

** libgnutls: Corrected regression introduced in 3.3.9 related to
session renegotiation. Reported by Dan Winship.

** libgnutls: Corrected parsing issue with OCSP responses.

** API and ABI modifications:
No changes since last version.


* Version 3.3.10 (released 2014-11-10)

** libgnutls: Refuse to import v1 or v2 certificates that contain
extensions.

** libgnutls: Fixes in usage of PKCS #11 token callback

** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used
with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag.
Reported by David Woodhouse.

** libgnutls: Removed superfluous random generator refresh on every call
of gnutls_deinit(). That reduces load and usage of /dev/urandom.

** libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
Reported by Sean Burford [GNUTLS-SA-2014-5].

** libgnutls: When gnutls_global_init() is called for a second time, it
will check whether the /dev/urandom fd kept is still open and matches
the original one. That behavior works around issues with servers that
close all file descriptors.

** libgnutls: Corrected behavior with PKCS #11 objects that are marked
as CKA_ALWAYS_AUTHENTICATE.

** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12.
That option is more compatible than AES or RC4.

** API and ABI modifications:
No changes since last version.


* Version 3.3.9 (released 2014-10-13)

** libgnutls: Fixes in the transparent import of PKCS #11 certificates.
Reported by Joseph Peruski.

** libgnutls: Fixed issue with unexpected non-fatal errors resetting the
handshake's hash buffer, in applications using the heartbeat extension
or DTLS. Reported by Joeri de Ruiter.

** libgnutls: When both a trust module and additional CAs are present
account the latter as well; reported by David Woodhouse.

** libgnutls: added GNUTLS_TL_GET_COPY flag for
gnutls_x509_trust_list_get_issuer(). That allows the function to be used
in a thread safe way when PKCS #11 trust modules are in use.

** libgnutls: fix issue in DTLS retransmission when session tickets
were in use; reported by Manuel Pégourié-Gonnard.

** libgnutls-dane: Do not require the CA on a ca match to be direct CA.

** libgnutls: Prevent abort() in library if getrusage() fails. Try to
detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.

** guile: new 'set-session-server-name!' procedure; see the manual for
details.

** certtool: The authority key identifier will be set in a certificate only
if the CA's subject key identifier is set.

** API and ABI modifications:
No changes since last version.


* Version 3.3.8 (released 2014-09-18)

** libgnutls: Updates in the name constraints checks. No name constraints
will be checked for intermediate certificates. As our support for name
constraints is limited to e-mail addresses in DNS names, it is pointless
to check them on intermediate certificates.

** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple
object listing would fail completely if a single object could not be exported.

** libgnutls: Improved the performance of PKCS #11 object listing/retrieving,
by retrieving them in large batches. Report and suggestion by David
Woodhouse.

** libgnutls: Fixed issue with certificates being sanitized by gnutls prior
to signature verification. That resulted to certain non-DER compliant modifications
of valid certificates, being corrected by libtasn1's parser and restructured as
the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from
Codenomicon.

** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle
strings with embedded spaces and escaped commas.

** libgnutls: when comparing a CA certificate with the trusted list compare
the name and key only instead of the whole certificate. That is to handle
cases where a CA certificate was superceded by a different one with the same
name and the same key.

** libgnutls: when verifying a certificate against a p11-kit trusted
module, use the attached extensions in the module to override the CA's
extensions (that requires p11-kit 0.20.7).

** libgnutls: In DTLS prevent sending zero-size fragments in certain cases
of MTU split. Reported by Manuel Pégourié-Gonnard.

** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows
verifying using a hostname and a purpose (extended key usage). That
enhances PKCS #11 trust module verification, as it can now check the purpose
when this function is used.

** libgnutls: Corrected gnutls_x509_crl_verify() which would always report
a CRL signature as invalid. Reported by Armin Burgmeier.

** libgnutls: added option --disable-padlock to allow disabling the padlock
CPU acceleration.

** p11tool: when listing tokens, list their type as well.

** p11tool: when listing objects from a trust module print any attached
extensions on certificates.

** API and ABI modifications:
gnutls_x509_crq_get_extension_by_oid2: Added
gnutls_x509_crt_get_extension_by_oid2: Added
gnutls_x509_trust_list_verify_crt2: Added
gnutls_x509_ext_print: Added
gnutls_x509_ext_deinit: Added
gnutls_x509_othername_to_virtual: Added
gnutls_pkcs11_obj_get_exts: Added


* Version 3.3.7 (released 2014-08-24)

** libgnutls: Added function to export the public key of a PKCS #11
private key. Contributed by Wolfgang Meyer zu Bergsten.

** libgnutls: Explicitly set the exponent in PKCS #11 key generation.
That improves compatibility with certain PKCS #11 modules. Contributed by
Wolfgang Meyer zu Bergsten.

** libgnutls: When generating a PKCS #11 private key allow setting
the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten.

** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session
to the key.

** libgnutls: bundle replacements of inet_pton and inet_aton if not
available.

** libgnutls: initialize parameters variable on PKCS #8 decryption.

** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
algorithms.

** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125
requirement of checking the Common Name (CN) part of DN only if there is
a single CN present in the certificate.

** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used
to force the FIPS mode, when set to 1.

** libgnutls: In DTLS ignore only errors that relate to unexpected packets
and decryption failures.

** p11tool: Added --info parameter.

** certtool: Added --mark-wrap parameter.

** danetool: --check will attempt to retrieve the server's certificate
chain and verify against it.

** danetool/gnutls-cli-debug: Added --app-proto parameters which can
be used to enforce starttls (currently only SMTP and IMAP) on the connection.

** danetool: Added openssl linking exception, to allow linking
with libunbound.

** API and ABI modifications:
GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added
gnutls_pkcs11_privkey_export_pubkey: Added
gnutls_pkcs11_obj_flags_get_str: Added
gnutls_pkcs11_obj_get_flags: Added


* Version 3.3.6 (released 2014-07-23)

** libgnutls: Use inet_ntop to print IP addresses when available

** libgnutls: gnutls_x509_crt_check_hostname and friends will also check
IP addresses, and match documented behavior. Reported by David Woodhouse.

** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024
bit parameters.

** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens
being usable after a reinitialization.

** libgnutls: fixed PKCS #11 private key operations after a fork.

** libgnutls: fixed PKCS #11 ECDSA key generation.

** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to
explicitly enable/disable the use of certain CPU capabilities. Note that CPU
detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel
CPU. The currently available options are:
  0x1: Disable all run-time detected optimizations
  0x2: Enable AES-NI
  0x4: Enable SSSE3
  0x8: Enable PCLMUL
  0x100000: Enable VIA padlock
  0x200000: Enable VIA PHE
  0x400000: Enable VIA PHE SHA512

** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott.

** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set.

** p11tool: ask for label when one isn't provided.

** p11tool: added --batch parameter to disable any interactivity.

** p11tool: will not implicitly enable so-login for certain types of
objects. That avoids issues with tokens that require different login
types.

** certtool/p11tool: Added the --curve parameter which allows to explicitly
specify the curve to use.

** API and ABI modifications:
gnutls_certificate_set_x509_trust_dir: Added
gnutls_x509_trust_list_add_trust_dir: Added


* Version 3.3.5 (released 2014-06-26)

** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit().
These functions provide a variant of gnutls_record_recv() that avoids
the final memcpy of data.

** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a
faster variant of gnutls_x509_crl_get_crt_serial() when coping with
very large structures.

** libgnutls: When the decoding of a printable DN element fails, then treat
it as unknown and print its hex value rather than failing. That works around
an issue in a TURKTRST root certificate which improperly encodes the
X520countryName element.

** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number
of certificates present in a PKCS #11 token when loading it.

** libgnutls: Allow the post client hello callback to put the handshake on
hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.

** certtool: option --to-p12 will now consider --load-ca-certificate

** certtol: Added option to specify the PKCS #12 friendly name on command
line.

** p11tool: Allow marking a certificate copied to a token as a CA.

** API and ABI modifications:
GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added
gnutls_x509_crl_iter_deinit: Added
gnutls_x509_crl_iter_crt_serial: Added
gnutls_record_recv_packet: Added
gnutls_packet_deinit: Added
gnutls_packet_get: Added


* Version 3.3.4 (released 2014-05-31)

** libgnutls: Updated Andy Polyakov's assembly code. That prevents a
crash on certain CPUs.

** API and ABI modifications:
No changes since last version.


* Version 3.3.3 (released 2014-05-30)

** libgnutls: Eliminated memory corruption issue in Server Hello parsing.
Issue reported by Joonas Kuorilehto of Codenomicon.

** libgnutls: gnutls_global_set_mutex() was modified to operate with the
new initialization process.

** libgnutls: Increased the maximum certificate size buffer
in the PKCS #11 subsystem.

** libgnutls: Check the return code of getpwuid_r() instead of relying
on the result value. That avoids issue in certain systems, when using
tofu authentication and the home path cannot be determined. Issue reported
by Viktor Dukhovni.

** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to
create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552

** gnutls-cli: --dane will only check the end certificate if PKIX validation
has been disabled.

** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot
be emulated with the implicit initialization of gnutls.

** certtool: Allow multiple organizations and organizational unit names to
be specified in a template.

** certtool: Warn when invalid configuration options are set to a template.

** ocsptool: Include path in ocsp request. This resolves #108582
(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.

** API and ABI modifications:
gnutls_credentials_get: Added


* Version 3.3.2 (released 2014-05-06)

** libgnutls: Added the 'very weak' certificate verification profile
that corresponds to 64-bit security level.

** libgnutls: Corrected file descriptor leak on random generator
initialization.

** libgnutls: Corrected file descriptor leak on PSK password file
reading. Issue identified using the Codenomicon TLS test suite.

** libgnutls: Avoid deinitialization if initialization has failed.

** libgnutls: null-terminate othername alternative names.

** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly
on a PKCS #11 trust list.

** libgnutls: Several small bug fixes identified using valgrind and
the Codenomicon TLS test suite.

** libgnutls-dane: Accept a certificate using DANE if there is at least one
entry that matches the certificate. Patch by simon [at] arlott.org.

** libgnutls-guile: Fixed compilation issue.

** certtool: Allow exporting a CRL on DER format.

** certtool: The ECDSA keys generated by default use the SECP256R1 curve
which is supported more widely than the previously used SECP224R1.

** API and ABI modifications:
GNUTLS_PROFILE_VERY_WEAK: Added


* Version 3.3.1 (released 2014-04-19)

** libgnutls: Enforce more strict checks to heartbeat messages
concerning padding and payload. Suggested by Peter Dettman.

** libgnutls: Allow decoding PKCS #8 files with ECC parameters
from openssl.

** libgnutls: Several small bug fixes found by coverity.

** libgnutls: The conditionally available self-test functions
were moved to self-test.h.

** libgnutls: Fixed issue with the check of incoming data when two
different recv and send pointers have been specified. Reported and
investigated by JMRecio.

** libgnutls: Fixed issue in the RSA-PSK key exchange, which would
result to illegal memory access if a server hint was provided. Reported
by André Klitzing.

** libgnutls: Fixed client memory leak in the PSK key exchange, if a
server hint was provided.

** libgnutls: Corrected the *get_*_othername_oid() functions.

** API and ABI modifications:
No changes since last version.


* Version 3.3.0 (released 2014-04-10)

** libgnutls: The initialization of the library was moved to a
constructor. That is, gnutls_global_init() is no longer required
unless linking with a static library or a system that does not
support library constructors.

** libgnutls: static libraries are not built by default.

** libgnutls: PKCS #11 initialization is delayed to first usage.
That avoids long delays in gnutls initialization due to broken PKCS #11
modules.

** libgnutls: The PKCS #11 subsystem is re-initialized "automatically"
on the first PKCS #11 API call after a fork.

** libgnutls: certificate verification profiles were introduced
that can be specified as flags to verification functions. They
are enumerations in gnutls_certificate_verification_profiles_t
and can be converted to flags for use in a verification function
using GNUTLS_PROFILE_TO_VFLAGS().

** libgnutls: Added the ability to read system-specific initial
keywords, if they are prefixed with '@'. That allows a compile-time
specified configuration file to be used to read pre-configured priority
strings from. That can be used to impose system specific policies.

** libgnutls: Increased the default security level of priority
strings (NORMAL and PFS strings require at minimum a 1008 DH prime),
and set a verification profile by default.  The LEGACY keyword is
introduced to set the old defaults.

** libgnutls: Added support for the name constraints PKIX extension.
Currently only DNS names and e-mails are supported (no URIs, IPs
or DNs).

** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to
SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL.

** libgnutls: Added new API in x509-ext.h to handle X.509 extensions.
This API handles the X.509 extensions in isolation, allowing to parse
similarly formatted extensions stored in other structures.

** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS
can be used to specify a particular subgroup as the number of bits in
gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256).

** libgnutls: DH parameter generation is now delegated to nettle.
That unfortunately has the side-effect that DH parameters longer than
3072 bits, cannot be generated (not without a nettle update).

** libgnutls: Separated nonce RNG from the main RNG. The nonce
random number generator is based on salsa20/12.

** libgnutls: The buffer alignment provided to crypto backend is
enforced to be 16-byte aligned, when compiled with cryptodev
support. That allows certain cryptodev drivers to operate more
efficiently.

** libgnutls: Return error when a public/private key pair that doesn't
match is set into a credentials structure.

** libgnutls: Depend on p11-kit 0.20.0 or later.

** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has
been removed. It was not approved by IETF.

** libgnutls: The experimental xssl library is removed from the gnutls
distribution.

** libgnutls: Reduced the number of gnulib modules used in the main library.

** libgnutls: Added priority string %DISABLE_WILDCARDS.

** libgnutls: Added the more extensible verification function
gnutls_certificate_verify_peers(), that allows checking, in addition
to a peer's DNS hostname, for the key purpose of the end certificate
(via PKIX extended key usage).

** certtool: Timestamps for serial numbers were increased to 8 bytes,
and in batch mode to 12 (appended with 4 random bytes).

** certtool: When no CRL number is provided (or value set to -1), then
a time-based number will be used, similarly to the serial generation
number in certificates.

** certtool: Print the SHA256 fingerprint of a certificate in addition
to SHA1.

** libgnutls: Added --enable-fips140-mode configuration option (unsupported).
That option enables (when running on FIPS140-enabled system):
 o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes)
 o The DRBG-CTR-AES256 deterministic random generator from SP800-90A.
 o Self-tests on initialization on ciphers/MACs, public key algorithms
   and the random generator.
 o HMAC-SHA256 verification of the library on load.
 o MD5 is included for TLS purposes but cannot be used by the high level
   hashing functions.
 o All ciphers except AES are disabled.
 o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5).
 o All keys (temporal and long term) are zeroized after use.
 o Security levels are adjusted to the FIPS140-2 recommendations (rather
   than ECRYPT).

** API and ABI modifications:
GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added
gnutls_certificate_verify_peers: Added
gnutls_privkey_generate: Added
gnutls_pkcs11_crt_is_known: Added
gnutls_fips140_mode_enabled: Added
gnutls_sec_param_to_symmetric_bits: Added
gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962)
gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw)
gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw)
gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw)
gnutls_pubkey_verify_params: Added
gnutls_privkey_export_ecc_raw: Added
gnutls_privkey_export_dsa_raw: Added
gnutls_privkey_export_rsa_raw: Added
gnutls_privkey_import_ecc_raw: Added
gnutls_privkey_import_dsa_raw: Added
gnutls_privkey_import_rsa_raw: Added
gnutls_privkey_verify_params: Added
gnutls_x509_crt_check_hostname2: Added
gnutls_openpgp_crt_check_hostname2: Added
gnutls_x509_name_constraints_init: Added
gnutls_x509_name_constraints_deinit: Added
gnutls_x509_crt_get_name_constraints: Added
gnutls_x509_name_constraints_add_permitted: Added
gnutls_x509_name_constraints_add_excluded: Added
gnutls_x509_crt_set_name_constraints: Added
gnutls_x509_name_constraints_get_permitted: Added
gnutls_x509_name_constraints_get_excluded: Added
gnutls_x509_name_constraints_check: Added
gnutls_x509_name_constraints_check_crt: Added
gnutls_x509_crl_get_extension_data2: Added
gnutls_x509_crt_get_extension_data2: Added
gnutls_x509_crq_get_extension_data2: Added
gnutls_subject_alt_names_init: Added
gnutls_subject_alt_names_deinit: Added
gnutls_subject_alt_names_get: Added
gnutls_subject_alt_names_set: Added
gnutls_x509_ext_import_subject_alt_names: Added
gnutls_x509_ext_export_subject_alt_names: Added
gnutls_x509_crl_dist_points_init: Added
gnutls_x509_crl_dist_points_deinit: Added
gnutls_x509_crl_dist_points_get: Added
gnutls_x509_crl_dist_points_set: Added
gnutls_x509_ext_import_crl_dist_points: Added
gnutls_x509_ext_export_crl_dist_points: Added
gnutls_x509_ext_import_name_constraints: Added
gnutls_x509_ext_export_name_constraints: Added
gnutls_x509_aia_init: Added
gnutls_x509_aia_deinit: Added
gnutls_x509_aia_get: Added
gnutls_x509_aia_set: Added
gnutls_x509_ext_import_aia: Added
gnutls_x509_ext_export_aia: Added
gnutls_x509_ext_import_subject_key_id: Added
gnutls_x509_ext_export_subject_key_id: Added
gnutls_x509_ext_export_authority_key_id: Added
gnutls_x509_ext_import_authority_key_id: Added
gnutls_x509_aki_init: Added
gnutls_x509_aki_get_id: Added
gnutls_x509_aki_get_cert_issuer: Added
gnutls_x509_aki_set_id: Added
gnutls_x509_aki_set_cert_issuer: Added
gnutls_x509_aki_deinit: Added
gnutls_x509_ext_import_private_key_usage_period: Added
gnutls_x509_ext_export_private_key_usage_period: Added
gnutls_x509_ext_import_basic_constraints: Added
gnutls_x509_ext_export_basic_constraints: Added
gnutls_x509_ext_import_key_usage: Added
gnutls_x509_ext_export_key_usage: Added
gnutls_x509_ext_import_proxy: Added
gnutls_x509_ext_export_proxy: Added
gnutls_x509_policies_init: Added
gnutls_x509_policies_deinit: Added
gnutls_x509_policies_get: Added
gnutls_x509_policies_set: Added
gnutls_x509_ext_import_policies: Added
gnutls_x509_ext_export_policies: Added
gnutls_x509_key_purpose_init: Added
gnutls_x509_key_purpose_deinit: Added
gnutls_x509_key_purpose_set: Added
gnutls_x509_key_purpose_get: Added
gnutls_x509_ext_import_key_purposes: Added
gnutls_x509_ext_export_key_purposes: Added
gnutls_digest_self_test: Added (conditionally)
gnutls_mac_self_test: Added (conditionally)
gnutls_pk_self_test: Added (conditionally)
gnutls_cipher_self_test: Added (conditionally)
gnutls_global_set_mem_functions: Deprecated
bca9e28

@jperkin jperkin pushed a commit that referenced this issue Aug 24, 2015

leot Update devel/libusb1 to libusb1-1.0.19.
ok wiz@.

pkgsrc changes:
* Delete a patch that is now imported upstream
* Add test target support

Changes:
2014-05-30: v1.0.19
* Add support for USB bulk streams on Linux and Mac OS X (#11)
* Windows: Add AMD and Intel USB-3.0 root hub support
* Windows: Fix USB 3.0 speed detection on Windows 8 or later (#10)
* Added Russian translation for libusb_strerror strings
* All: Various small fixes and cleanups
The (#xx) numbers are libusb issue numbers, see ie:
libusb/libusb#11

2014-01-25: v1.0.18
* Fix multiple memory leaks
* Fix a crash when HID transfers return no data on Windows
* Ensure all pending events are consumed
* Improve Android and ucLinux support
* Multiple Windows improvements (error logging, VS2013, VIA xHCI support)
* Multiple OS X improvements (broken compilation, SIGFPE, 64bit support)

2013-09-06: v1.0.17
* Hotplug callbacks now always get passed a libusb_context, even if it is
  the default context. Previously NULL would be passed for the default context,
  but since the first context created is the default context, and most apps
  use only 1 context, this meant that apps explicitly creating a context would
  still get passed NULL
* Android: Add .mk files to build with the Android NDK
* Darwin: Add Xcode project
* Darwin: Fix crash on unplug (#121)
* Linux: Fix hang (deadlock) on libusb_exit
* Linux: Fix libusb build failure with --disable-udev (#124)
* Linux: Fix libusb_get_device_list() hang with --disable-udev (#130)
* OpenBSD: Update OpenBSD backend with support for control transfers to
  non-ugen(4) devices and make get_configuration() no longer generate I/O.
  Note that using this libusb version on OpenBSD requires using
  OpenBSD 5.3-current or later. Users of older OpenBSD versions are advised
  to stay with the libusb shipped with OpenBSD (mpi)
* Windows: fix libusb_dll_2010.vcxproj link errors (#129)
* Various other bug fixes and improvements

2013-07-11: v1.0.16
* Add hotplug support for Darwin and Linux (#9)
* Add superspeed endpoint companion descriptor support (#15)
* Add BOS descriptor support (#15)
* Make descriptor parsing code more robust
* New libusb_get_port_numbers API, this is libusb_get_port_path without
  the unnecessary context parameter, libusb_get_port_path is now deprecated
* New libusb_strerror API (#14)
* New libusb_set_auto_detach_kernel_driver API (#17)
* Improve topology API docs (#95)
* Logging now use a single write call per log-message, avoiding log-message
  "interlacing" when using multiple threads.
* Android: use Android logging when building on Android (#101)
* Darwin: make libusb_reset reenumerate device on descriptors change (#89)
* Darwin: add support for the LIBUSB_TRANSFER_ADD_ZERO_PACKET flag (#91)
* Darwin: add a device cache (#112, #114)
* Examples: Add sam3u_benchmark isochronous example by Harald Welte (#109)
* Many other bug fixes and improvements
The (#xx) numbers are libusbx issue numbers, see ie:
https://github.com/libusbx/libusbx/issues/9

2013-04-15: v1.0.15
* Improve transfer cancellation and avoid short read failures on broken descriptors
* Filter out 8-bit characters in libusb_get_string_descriptor_ascii()
* Add WinCE support
* Add library stress tests
* Add Cypress FX3 firmware upload support for fxload sample
* Add HID and kernel driver detach support capabilities detection
* Add SuperSpeed detection on OS X
* Fix bInterval value interpretation on OS X
* Fix issues with autoclaim, composite HID devices, interface autoclaim and
  early abort in libusb_close() on Windows. Also add VS2012 solution files.
* Improve fd event handling on Linux
* Other bug fixes and improvements

2012-09-26: v1.0.14
* Reverts the previous API change with regards to bMaxPower.
  If this doesn't matter to you, you are encouraged to keep using v1.0.13,
  as it will use the same attribute as v2.0, to be released soon.
* Note that LIBUSB_API_VERSION is *decreased* to 0x010000FF and the previous
  guidelines with regards to concurrent use of MaxPower/bMaxPower still apply.

2012-09-20: v1.0.13
* [MAJOR] Fix a typo in the API with struct libusb_config_descriptor where
  MaxPower was used instead of bMaxPower, as defined in the specs. If your
  application was accessing the MaxPower attribute, and you need to maintain
  compatibility with libusb or older versions, see APPENDIX A below.
* Fix broken support for the 0.1 -> 1.0 libusb-compat layer
* Fix unwanted cancellation of pending timeouts as well as major timeout related bugs
* Fix handling of HID and composite devices on Windows
* Introduce LIBUSB_API_VERSION macro
* Add Cypress FX/FX2 firmware upload sample, based on fxload from
  http://linux-hotplug.sourceforge.net
* Add libusb0 (libusb-win32) and libusbK driver support on Windows. Note that while
  the drivers allow it, isochronous transfers are not supported yet in libusb. Also
  not supported yet is the use of libusb-win32 filter drivers on composite interfaces
* Add support for the new get_capabilities ioctl on Linux and avoid unnecessary
  splitting of bulk transfers
* Improve support for newer Intel and Renesas USB 3.0 controllers on Windows
* Harmonize the device number for root hubs across platforms
* Other bug fixes and improvements

2012-06-15: v1.0.12
* Fix a potential major regression with pthread on Linux
* Fix missing thread ID from debug log output on cygwin
* Fix possible crash when using longjmp and MinGW's gcc 4.6
* Add topology calls: libusb_get_port_number(), libusb_get_parent() & libusb_get_port_path()
* Add toggleable debug, using libusb_set_debug() or the LIBUSB_DEBUG environment variable
* Define log levels in libusb.h and set timestamp origin to first libusb_init() call
* All logging is now sent to to stderr (info was sent to stdout previously)
* Update log messages severity and avoid polluting log output on OS-X
* Add HID driver support on Windows
* Enable interchangeability of MSVC and MinGW DLLs
* Additional bug fixes and improvements

2012-05-08: v1.0.11
* Revert removal of critical Windows event handling that was introduced in 1.0.10
* Fix a possible deadlock in Windows when submitting transfers
* Add timestamped logging
* Add NetBSD support (experimental) and BSD libusb_get_device_speed() data
* Add bootstrap.sh alongside autogen.sh (bootstrap.sh doesn't invoke configure)
* Search for device nodes in /dev for Android support
* Other bug fixes

2012-04-17: v1.0.10
* Public release
* Add libusb_get_version
* Add Visual Studio 2010 project files
* Some Windows code cleanup
* Fix xusb sample warnings

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
APPENDIX A - How to maintain code compatibility with versions of libusb and
libusb that use MaxPower:

If you must to maintain compatibility with versions of the library that aren't
using the bMaxPower attribute in struct libusb_config_descriptor, the
recommended way is to use the new LIBUSB_API_VERSION macro with an #ifdef.
For instance, if your code was written as follows:

  if (dev->config[0].MaxPower < 250)

Then you should modify it to have:

#if defined(LIBUSB_API_VERSION) && (LIBUSB_API_VERSION >= 0x01000100)
  if (dev->config[0].bMaxPower < 250)
#else
  if (dev->config[0].MaxPower < 250)
#endif
2d7bff2

@jperkin jperkin pushed a commit that referenced this issue Sep 1, 2015

taca Update pear-Console_Table to 1.2.1.
1.2.1:
* Add travis configuration (Christian Weiske).
* Try to autoload Console_Color2 first (Jurgen Rutten, PR #11).
* Fix Composer definition syntax (Rob Loach, PR #9).

1.2.0:
* Make border visibility configurable (Christian Weiske, Request #20186).
* Allow to customize all border characters (Christian Weiske, Request
  #20182).
* Fix notice when using setAlign() on other than first column (Christian
  Weiske, Bug #20181).
* Use Console_Color2 to avoid notices from PHP 4 code (Christian Weiske, Bug
  #20188)

1.1.6:
Use line breaks dependent on the current operating system.
3138c38

@jperkin jperkin pushed a commit that referenced this issue Sep 7, 2015

mef Update 1.20140408 to 1.20150527
-------------------------------
1.20150527 2015-05-27 08:33:52-07:00 America/Los_Angeles
    - improved dependencies (build/run/requires), (Olivier Mengue, GH PR #10)
    - improved runtime loading (Olivier Mengue, GH PR #11)

1.20150521 2015-05-21 09:09:19-07:00 America/Los_Angeles
    - updated CGI dependency
    - improved README for GitHub (Rob Van Dam, GH PR #9)
0814442

@jperkin jperkin pushed a commit that referenced this issue Sep 18, 2015

taca Update ruby-jekyll-gist to 1.3.4.
## 1.3.4 / 2015-08-28

  * Catch `TimeoutError` to further support 1.9.3 (#16)

## 1.3.3 / 2015-08-20

  * Fix gemspec to allow Ruby 1.9.3 (relates to #14)

## 1.3.2 / 2016-08-19

  * Re-add support for Ruby 1.9.3. Fixes #11 for 1.9.3 (#14)
  * Replaced `OpenURI` with `Net::HTTP` and introduced timeout of 3 seconds (#11)

## 1.3.1 / 2015-08-16 (yanked)

  * Replaced `OpenURI` with `Net::HTTP` and introduced timeout of 3 seconds (#11)

## 1.3.0 / 2015-08-05

  * Added an `noscript` fallback for browsers without JavaScript enabled. (#7)
abf1904

@jperkin jperkin pushed a commit that referenced this issue Jan 9, 2016

taca Update ruby-tzinfo to 1.2.2.
Version 1.2.2 - 8-Aug-2014
--------------------------

* Fix an error with duplicates being returned by Timezone#all_country_zones
  and Timezone#all_country_zone_identifiers when used with tzinfo-data
  v1.2014.6 or later.
* Use the zone1970.tab file for country timezone data if it is found in the
  zoneinfo directory (and fallback to zone.tab if not). zone1970.tab was added
  in tzdata 2014f. zone.tab is now deprecated.


Version 1.2.1 - 1-Jun-2014
--------------------------

* Support zoneinfo files generated with zic version 2014c and later.
* On platforms that only support positive 32-bit timestamps, ensure that
  conversions are accurate from the epoch instead of just from the first
  transition after the epoch.
* Minor documentation improvements.


Version 1.2.0 - 26-May-2014
---------------------------

* Raise the minimum supported Ruby version to 1.8.7.
* Support loading system zoneinfo data on FreeBSD, OpenBSD and Solaris.
  Resolves #15.
* Add canonical_identifier and canonical_zone methods to Timezone. Resolves #16.
* Add a link to a DataSourceNotFound help page in the TZInfo::DataSourceNotFound
  exception message.
* Load iso3166.tab and zone.tab files as UTF-8.
* Fix Timezone#local_to_utc returning local Time instances on systems using UTC
  as the local time zone. Resolves #13.
* Fix == methods raising an exception when passed an instance of a different
  class by making <=> return nil if passed a non-comparable argument.
* Eliminate "require 'rational'" warnings. Resolves #10.
* Eliminate "assigned but unused variable - info" warnings. Resolves #11.
* Switch to minitest v5 for unit tests. Resolves #18.


Version 1.1.0 - 25-Sep-2013
---------------------------

* TZInfo is now thread safe. ThreadSafe::Cache is now used instead of Hash
  to cache Timezone and Country instances returned by Timezone.get and
  Country.get. The tzinfo gem now depends on thread_safe ~> 0.1.
* Added a transitions_up_to method to Timezone that returns a list of the times
  where the UTC offset of the timezone changes.
* Added an offsets_up_to method to Timezone that returns the set of offsets
  that have been observed in a defined timezone.
* Fixed a "can't modify frozen String" error when loading a Timezone from a
  zoneinfo file using an identifier String that is both tainted and frozen.
  Resolves #3.
* Support TZif3 format zoneinfo files (now produced by zic from tzcode version
  2013e onwards).
* Support using YARD to generate documentation (added a .yardopts file).
* Ignore the +VERSION file included in the zoneinfo directory on Mac OS X.
* Added a note to the documentation concerning 32-bit zoneinfo files (as
  included with Mac OS X).


Version 1.0.1 - 22-Jun-2013
---------------------------

* Fix a test case failure when tests are run from a directory that contains a
  dot in the path (issue #29751).


Version 1.0.0 - 2-Jun-2013
--------------------------

* Allow TZInfo to be used with different data sources instead of just the
  built-in Ruby module data files.
* Include a data source that allows TZInfo to load data from the binary
  zoneinfo files produced by zic and included with many Linux and Unix-like
  distributions.
* Remove the definition and index Ruby modules from TZInfo and move them into
  a separate TZInfo::Data library (available as the tzinfo-data gem).
* Default to using the TZInfo::Data library as the data source if it is
  installed, otherwise use zoneinfo files instead.
* Preserve the nanoseconds of local timezone Time objects when performing
  conversions (issue #29705).
* Don't add the tzinfo lib directory to the search path when requiring 'tzinfo'.
  The tzinfo lib directory must now be in the search path before 'tzinfo' is
  required.
* Add utc_start_time, utc_end_time, local_start_time and local_end_time instance
  methods to TimezonePeriod. These return an identical value as the existing
  utc_start, utc_end, local_start and local_end methods, but return Time
  instances instead of DateTime.
* Make the start_transition, end_transition and offset properties of
  TimezonePeriod protected. To access properties of the period, callers should
  use other TimezonePeriod instance methods instead (issue #7655).
1c369bf

@jperkin jperkin pushed a commit that referenced this issue Feb 11, 2016

mef Update to 0.17
--------------
0.17  2016-02-03T18:35:33Z
      - Added URI::_ado, which subclasses URI::_odbc to provide a `dbi_dsn()`
        that returns a DSN using DBD::ADO. NOTE: This class is experimental,
        since I was unable to figure out the best default values for the
        connection string -- there are so many options! Feedback and
        recommendations wanted (Issue #11).
      - The `dbi_dsn` method of URI::mssql now supports a single argument to
        specify the DBI driver for which to return a DSN. Pass in "sybase" or
        "ado" (experimental) to get a DSN for either of those drivers,
        instead. Based on work by Dan Muey.
9f776c2

@jperkin jperkin pushed a commit that referenced this issue Feb 11, 2016

mef Update 1.48 to 1.50
-------------------
1.50 2016-02-11
    - Switched to a production version.

1.49_08 2016-01-30
    - no significant code changes
    - Resolved RT#111558: Virtual table tests depend on enhanced
      query syntax availability (vlmarek++)
    - Ingore FTS tests if FTS is not available

1.49_07 2016-01-21
    - Updated to SQLite 3.10.2, which fixed a case-folding bug
      in the LIKE operator introduced in SQLite 3.10.0.

1.49_06 2016-01-15
    - Updated to SQLite 3.10.1, which fixed an old bug that could
      generate incorrect results when a scalar subquery attempts
      to use the block sorting optimization.

1.49_05 2016-01-11
    *** CHANGES THAT MAY POSSIBLY BREAK YOUR OLD APPLICATIONS ***
    - Updated to SQLite 3.10.0.
      Because of the addition of LIKE/GLOB/REGEXP support on
      virtual tables, previous ::PerlData virtual table got broken.
      This is hopefully fixed by adding strlike/strglob functions
      to DBD::SQLite but if you use this virtual table, please
      test it carefully.
    - Now you can make a database connection read-only if you
      turn on the ReadOnly attribute when you connect. (RT #110439)
      If you set it after you connect to a database, DBD::SQLite
      warns because the database doesn't actually become read-only.

    - Improved ::Constants
      - to load DBD::SQLite by itself
      - to expose SQLITE_VERSION_NUMBER
      - introduced a few new (shorter) tags

1.49_04 2015-11-24
    - Updated ::Constants
    - Fixed a sqlite version number in a test (GH-14; NANIS++)

1.49_03 2015-11-05
    - Updated to SQLite 3.9.2, with JSON support

1.49_02 2015-10-10
    - Added a workaround to resolve #106950 Extra warnings
      with savepoints (hopefully)
    - Not to run tests for table_column_metadata unless
      ENABLE_COLUMN_METADATA is set

1.49_01 2015-08-04
    - Updated to SQLite 3.8.11.1
    - Resolved #106151 SAVEPOINT bug
    - Made sure to keep what's left in unprepared_statements when
      allow_multiple_statements is set. (GH #11)
956b859

@jperkin jperkin pushed a commit that referenced this issue Mar 1, 2016

pettai Knot DNS 2.1.1 (2016-02-10)
===========================

Bugfixes:
---------
 - DNSSEC: Allow import of duplicate private key into the KASP
 - DNSSEC: Avoid duplicate NSEC for Wildcard No Data answer
 - Fix server crash when an incomming transfer is in progress and reload is issued
 - Fix socket polling when configured with many interfaces and threads
 - Fix compilation against Nettle 3.2

Improvements:
-------------
 - Select correct source address for UDP messages recieved on ANY address
 - Extend documentation of knotc commands

Knot DNS 2.1.0 (2016-01-14)
===========================

Features:
---------
 - Per-thread UDP socket binding using SO_REUSEPORT on Linux
 - Support for dynamic configuration database
 - DNSSEC: Support for cryptographic tokens via PKCS #11 interface
 - DNSSEC: Experimental support for online signing

Improvements:
-------------
 - Support for zone file name patterns
 - Configurable location of zone timer database
 - Non-blocking network operations and better timeout handling
 - Caching of Critical configuration values for better performance
 - Logging of ACL failures
 - RRL: Add rate-limit-slip zero support to drop all responses
 - RRL: Document behavior for different rate-limit-slip options
 - kdig: Warning instead of error on TSIG validation failure
 - Cleanup of support libraries interfaces (libknot, libzscanner, libdnssec)
 - Remove possibly insecure server control over a network socket
 - Remove implementation limit for the number of network interfaces

Bugfixes:
---------
 - synth-record module: Fix application of default configuration options
 - TSIG: Allow compressed TSIG name when forwarding DDNS updates
 - Schedule zone bootstrap after slave zone fails to load from disk
b1a9215

@jperkin jperkin pushed a commit that referenced this issue Mar 3, 2016

wiz Update p5-DateTime to 1.24.
1.24   2016-02-29

- The last release partially broke $dt->time. If you passed a value to use as
  unit separator, this was ignored. Reported by Sergiy Zuban. RT #112585.


1.23   2016-02-28

- Make all DateTime::Infinite objects return the system's representation of
  positive or negative infinity for any method which returns a number of
  string representation (year(), month(), ymd(), iso8601(), etc.). Previously
  some of these methods could return "Nan", "-Inf--Inf--Inf", and other
  confusing outputs. Reported by Greg Oschwald. RT #110341.


1.22   2016-02-21 (TRIAL RELEASE)

- Fixed several issues with the handling of non-integer values passed to
  from_epoch().

  This method was simply broken for negative values, which would end up being
  incremented by a full second, so for example -0.5 became 0.5.

  The method did not accept all valid float values. Specifically, it did not
  accept values in scientific notation.

  Finally, this method now rounds all non-integer values to the nearest
  millisecond. This matches the precision we can expect from Perl itself (53
  bits) in most cases.

  Patch by Christian Hansen. GitHub #11.


1.21   2015-09-30

- Make all tests pass with both the current DateTime::Locale and the upcoming
  new version (currently still in trial releases).
19507e4

@jperkin jperkin pushed a commit that referenced this issue Jun 20, 2016

pettai Knot DNS 2.2.1 (2016-05-24)
===========================

Bugfixes:
---------
 - Fix separate logging of server and zone events
 - Fix concurrent zone file flushing with many zones
 - Fix possible server crash with empty hostname on OpenWRT
 - Fix control timeout parsing in knotc
 - Fix "Environment maxreaders limit reached" error in knotc
 - Don't apply journal changes on modified zone file
 - Remove broken LTO option from configure script
 - Enable multiple zone names completion in interactive knotc
 - Set the TC flag in a response if a glue doesn't fit the response
 - Disallow server reload when there is an active configuration transaction

Improvements:
-------------
 - Distinguish unavailable zones from zones with zero serial in log messages
 - Log warning and error messages to standard error output in all utilities
 - Document tested PKCS #11 devices
 - Extended Python configuration interface

Knot DNS 2.2.0 (2016-04-26)
===========================

Bugfixes:
---------
 - Fix build dependencies on FreeBSD
 - Fix query/response message type setting in dnstap module
 - Fix remote address retrieval from dnstap capture in kdig
 - Fix global modules execution for queries hitting existing zones
 - Fix execution of semantic checks after an IXFR transfer
 - Fix PKCS#11 support detection at build time
 - Fix kdig failure when the first AXFR message contains just the SOA record
 - Exclude non-authoritative types from NSEC/NSEC3 bitmap at a delegation
 - Mark PKCS#11 generated keys as sensitive (required by Luna SA)
 - Fix error when removing the only zone from the server
 - Don't abort knotc transaction when some check fails

Features:
---------
 - URI and CAA resource record types support
 - RRL client address based white list
 - knotc interactive mode

Improvements:
-------------
 - Consistent IXFR error messages
 - Various fixes for better compatibility with PKCS#11 devices
 - Various keymgr user interface improvements
 - Better zone event scheduler performance with many zones
 - New server control interface
 - kdig uses local resolver if resolv.conf is empty
5b58240

@jperkin jperkin pushed a commit that referenced this issue Aug 30, 2016

pettai Knot DNS 2.3.0 (2016-08-09)
===========================

Bugfixes:
---------
 - No wildcard expansion below empty non-terminal for NSEC signed zone
 - Avoid multiple loads of the same PKCS #11 module
 - Fix kdig IXFR response processing if the transfer content is empty
 - Don't ignore non-existing records to be removed in IXFR

Improvements:
-------------
 - Refactored semantic checks and improved error messages
 - Set TC flag in delegation only if mandatory glue doesn't fit the response
 - Separate EDNS(0) payload size configuration for IPv4 and IPv6

Features:
---------
 - DNSSEC policy can be defined in server configuration
 - Automatic NSEC3 resalt according to DNSSEC policy
 - Zone content editing using control interface
 - Zone size limit restriction for DDNS, AXFR, and IXFR (CVE-2016-6171)
 - DNS-over-TLS support in kdig (RFC 7858)
 - EDNS(0) padding and alignment support in kdig (RFC 7830)
9b0f14a

@jperkin jperkin pushed a commit that referenced this issue Aug 30, 2016

mef Updated net/yaz 4.1.6 to 5.16
------------------------------
--- 5.16.0 2016/04/29
Allow multi-byte indicators for MARC subsystem. GitHub #11.

--- 5.15.3 2016/04/06
Fix yaz_query2xml aborts for attribute type 0. GitHub #9.

backtrace: exit with same signal as original fired
Until now with backtrace any signal would end up being an SIGABRT.

backtrace: cancel alarm if backtrace succeeds
This is to avoid "backtrace hangs" message that should not be
printed and gdb be invoked twice.

Fix some broken URLs in documentation and code.

yaz_marc_write_iso2709: truncate if 99,999 limit is reached.

--- 5.15.2 2016/01/11
Re-organize Windows build. Use ICU compiled with VS 2015 to use
same runtime as rest of components (YAZ, Libxml2, etc).

Move YAZ and many other software components to GitHub.

--- 5.15.1 2015/11/12
Bundle sha1 rather than use libgcrypt/nettle. This means that
configure no longer accepts --with-gcrypt and --with-nettle.

Fix rpn2cql fails for Bib-1 set in qry+conf YAZ-865

--- 5.15.0 2015/11/11
CCL: fix r=o, r=r WRT inherited attributes YAZ-864

(more 1400 lines are listed in NEWS, omitted)

(pkgsrc changes)
 - Add following line to find backtrace and backtrace_symbols
   # backtrace and backtrace_symbols
   LDFLAGS+=      -lexecinfo
345f8cd

@jperkin jperkin pushed a commit that referenced this issue Sep 20, 2016

wiz