* Include bugfix,
ac26fafa03/
Changelog:
Changes from 5.0.7 to 5.0.8
---------------------------
- Global aliases can be created for syntactic tokens such as command
separators (";", "&", "|", "&&", "||"), redirection operators, etc.
Use at your own risk! The POSIX_ALIASES option is interpreted more
strictly to prevent expansion of these and other alias names containing
quotes, glob metacharacters, parameter references, etc.
- There have been various further improvements to builtin handling
with the POSIX_BUILTINS option (off by default) for compatibility with
the POSIX standard.
- 'whence -v' is now more informative, and 'whence -S' shows you
how a full chain of symbolic links resolves to a command.
- The 'p' parameter flag now allows an argument to be specified
as a reference to a variable, e.g. ${(ps.$sep.)foo} to split $foo
on a string given by $sep.
- The option FORCE_FLOAT now forces variables, not just constants,
to floating point in arithmetic expressions.
- The type of an assignment in arithmetic expressions, e.g. the
type seen by the variable res in $(( res = a = b )), is now
more logical and C-like.
- The default binding of 'u' in vi command mode has changed to undo
multiple changes when invoked repeatedly. '^R' is now bound to redo
changes. To revert to toggling of the last edit use:
bindkey -a u vi-undo-change
- Compatibility with Vim has been improved for vi editing mode. Most
notably, Vim style text objects are supported and the region can be
manipulated with vi commands in the same manner as Vim's visual mode.
- Elements of the watch variable may now be patterns.
- The logic for retrying history locking has been improved.
- Some rationalisations have been made to the zsh/db/gdbm module that
should make it more useful and predictable in operation.
Upstream changes:
0.71 2015-05-28
* Fix segmentation fault when btparse fails parsing a long
entry. Thanks to Dale Evans.
* Stop using UNIVERSAL (5.21.3 requirement).
Thanks to Jitka Plesnikova
### 3.3.0 / 2015-06-12
[Full Changelog](http://github.com/rspec/rspec-rails/compare/v3.2.3...v3.3.0)
Enhancements:
* Add support for PATCH to route specs created via scaffold. (Igor Zubkov, #1336)
* Improve controller and routing spec calls to `routes` by using `yield`
instead of `call`. (Anton Davydov, #1308)
* Add support for `ActiveJob` specs as standard `RSpec::Rails::RailsExampleGoup`s
via both `:type => :job` and inferring type from spec directory `spec/jobs`.
(Gabe Martin-Dempesy, #1361)
* Include `RSpec::Rails::FixtureSupport` into example groups using metadata
`:use_fixtures => true`. (Aaron Kromer, #1372)
* Include `rspec:request` generator for generating request specs; this is an
alias of `rspec:integration` (Aaron Kromer, #1378)
* Update `rails_helper` generator with a default check to abort the spec run
when the Rails environment is production. (Aaron Kromer, #1383)
### 3.3.0 / 2015-06-12
[Full Changelog](http://github.com/rspec/rspec-expectations/compare/v3.2.1...v3.3.0)
Enhancements:
* Expose `RSpec::Matchers::EnglishPhrasing` to make it easier to write
nice failure messages in custom matchers. (Jared Beck, #736)
* Add `RSpec::Matchers::FailMatchers`, a mixin which provides
`fail`, `fail_with` and `fail_including` matchers for use in
specifying that an expectation fails for use by
extension/plugin authors. (Charlie Rudolph, #729)
* Avoid loading `tempfile` (and its dependencies) unless
it is absolutely needed. (Myron Marston, #735)
* Improve failure output when attempting to use `be_true` or `be_false`.
(Tim Wade, #744)
* Define `RSpec::Matchers#respond_to_missing?` so that
`RSpec::Matchers#respond_to?` and `RSpec::Matchers#method` handle
dynamic predicate matchers. (Andrei Botalov, #751)
* Use custom Time/DateTime/BigDecimal formatting for all matchers
so they are consistently represented in failure messages.
(Gavin Miller, #740)
* Add configuration to turn off warnings about matcher combinations that
may cause false positives. (Jon Rowe, #768)
* Warn when using a bare `raise_error` matcher that you may be subject to
false positives. (Jon Rowe, #768)
* Warn rather than raise when using the`raise_error` matcher in negative
expectations that may be subject to false positives. (Jon Rowe, #775)
* Improve failure message for `include(a, b, c)` so that if `a` and `b`
are included the failure message only mentions `c`. (Chris Arcand, #780)
* Allow `satisfy` matcher to take an optional description argument
that will be used in the `description`, `failure_message` and
`failure_message_when_negated` in place of the undescriptive
"sastify block". (Chris Arcand, #783)
* Add new `aggregate_failures` API that allows multiple independent
expectations to all fail and be listed in the failure output, rather
than the example aborting on the first failure. (Myron Marston, #776)
* Improve `raise_error` matcher so that it can accept a matcher as a single argument
that matches the message. (Time Wade, #782)
Bug Fixes:
* Make `contain_exactly` / `match_array` work with strict test doubles
that have not defined `<=>`. (Myron Marston, #758)
* Fix `include` matcher so that it omits the diff when it would
confusingly highlight items that are actually included but are not
an exact match in a line-by-line diff. (Tim Wade, #763)
* Fix `match` matcher so that it does not blow up when matching a string
or regex against another matcher (rather than a string or regex).
(Myron Marston, #772)
* Silence whitespace-only diffs. (Myron Marston, #801)
### 3.3.0 / 2015-06-12
[Full Changelog](http://github.com/rspec/rspec-mocks/compare/v3.2.1...v3.3.0)
Enhancements:
* When stubbing `new` on `MyClass` or `class_double(MyClass)`, use the
method signature from `MyClass#initialize` to verify arguments.
(Myron Marston, #886)
* Use matcher descriptions when generating description of received arguments
for mock expectation failures. (Tim Wade, #891)
* Avoid loading `stringio` unnecessarily. (Myron Marston, #894)
* Verifying doubles failure messages now distinguish between class and instance
level methods. (Tim Wade, #896, #908)
* Improve mock expectation failure messages so that it combines both
number of times and the received arguments in the output. (John Ceh, #918)
* Improve how test doubles are represented in failure messages.
(Siva Gollapalli, Myron Marston, #932)
* Rename `RSpec::Mocks::Configuration#when_declaring_verifying_double` to
`RSpec::Mocks::Configuration#before_verifying_doubles` and utilise when
verifying partial doubles. (Jon Rowe, #940)
* Use rspec-support's `ObjectFormatter` for improved formatting of
arguments in failure messages so that, for example, full time
precisions is displayed for time objects. (Gavin Miller, Myron Marston, #955)
Bug Fixes:
* Ensure expectations that raise eagerly also raise during RSpec verification.
This means that if exceptions are caught inside test execution the test will
still fail. (Sam Phippen, #884)
* Fix `have_received(msg).with(args).exactly(n).times` and
`receive(msg).with(args).exactly(n).times` failure messages
for when the message was received the wrong number of times with
the specified args, and also received additional times with other
arguments. Previously it confusingly listed the arguments as being
mis-matched (even when the double was allowed to receive with any
args) rather than listing the count. (John Ceh, #918)
* Fix `any_args`/`anything` support so that we avoid calling `obj == anything`
on user objects that may have improperly implemented `==` in a way that
raises errors. (Myron Marston, #924)
* Fix edge case involving stubbing the same method on a class and a subclass
which previously hit a `NoMethodError` internally in RSpec. (Myron Marston #954)
* Fix edge case where the message received count would be incremented multiple
times for one failure. (Myron Marston, #957)
* Fix failure messages for when spies received the expected message with
different arguments and also received another message. (Maur«¿cio Linhares, #960)
* Silence whitespace-only diffs. (Myron Marston, #969)
### 3.3.0 / 2015-06-12
[Full Changelog](http://github.com/rspec/rspec-core/compare/v3.2.3...v3.3.0)
Enhancements:
* Expose the reporter used to run examples via `RSpec::Core::Example#reporter`.
(Jon Rowe, #1866)
* Make `RSpec::Core::Reporter#message` a public supported API. (Jon Rowe, #1866)
* Allow custom formatter events to be published via
`RSpec::Core::Reporter#publish(event_name, hash_of_attributes)`. (Jon Rowe, #1869)
* Remove dependency on the standard library `Set` and replace with `RSpec::Core::Set`.
(Jon Rowe, #1870)
* Assign a unique id to each example and group so that they can be
uniquely identified, even for shared examples (and similar situations)
where the location isn't unique. (Myron Marston, #1884)
* Use the example id in the rerun command printed for failed examples
when the location is not unique. (Myron Marston, #1884)
* Add `config.example_status_persistence_file_path` option, which is
used to persist the last run status of each example. (Myron Marston, #1888)
* Add `:last_run_status` metadata to each example, which indicates what
happened the last time an example ran. (Myron Marston, #1888)
* Add `--only-failures` CLI option which filters to only the examples
that failed the last time they ran. (Myron Marston, #1888)
* Add `--next-failure` CLI option which allows you to repeatedly focus
on just one of the currently failing examples, then move on to the
next failure, etc. (Myron Marston, #1888)
* Make `--order random` ordering stable, so that when you rerun a
subset with a given seed, the examples will be order consistently
relative to each other. (Myron Marston, #1908)
* Set example group constant earlier so errors when evaluating the context
include the example group name (Myron Marson, #1911)
* Make `let` and `subject` threadsafe. (Josh Cheek, #1858)
* Add version information into the JSON formatter. (Mark Swinson, #1883)
* Add `--bisect` CLI option, which will repeatedly run your suite in
order to isolate the failures to the smallest reproducible case.
(Myron Marston, #1917)
* For `config.include`, `config.extend` and `config.prepend`, apply the
module to previously defined matching example groups. (Eugene Kenny, #1935)
* When invalid options are parsed, notify users where they came from
(e.g. `.rspec` or `~/.rspec` or `ENV['SPEC_OPTS']`) so they can
easily find the source of the problem. (Myron Marston, #1940)
* Add pending message contents to the json formatter output. (Jon Rowe, #1949)
* Add shared group backtrace to the output displayed by the built-in
formatters for pending examples that have been fixed. (Myron Marston, #1946)
* Add support for `:aggregate_failures` metadata. Tag an example or
group with this metadata and it'll use rspec-expectations'
`aggregate_failures` feature to allow multiple failures in an example
and list them all, rather than aborting on the first failure. (Myron
Marston, #1946)
* When no formatter implements #message add a fallback to prevent those
messages being lost. (Jon Rowe, #1980)
* Profiling examples now takes into account time spent in `before(:context)`
hooks. (Denis Laliberté, Jon Rowe, #1971)
* Improve failure output when an example has multiple exceptions, such
as one from an `it` block and one from an `after` block. (Myron Marston, #1985)
Bug Fixes:
* Handle invalid UTF-8 strings within exception methods. (Benjamin Fleischer, #1760)
* Fix Rake Task quoting of file names with quotes to work properly on
Windows. (Myron Marston, #1887)
* Fix `RSpec::Core::RakeTask#failure_message` so that it gets printed
when the task failed. (Myron Marston, #1905)
* Make `let` work properly when defined in a shared context that is applied
to an individual example via metadata. (Myron Marston, #1912)
* Ensure `rspec/autorun` respects configuration defaults. (Jon Rowe, #1933)
* Prevent modules overriding example group defined methods when included,
prepended or extended by config defined after an example group. (Eugene Kenny, #1935)
* Fix regression which caused shared examples to be mistakenly run when specs
where filtered to a particular location. (Ben Axnick, #1963)
* Fix time formatting logic so that it displays 70 seconds as "1 minute,
10 seconds" rather than "1 minute, 1 second". (Paul Brennan, #1984)
* Fix regression where the formatter loader would allow duplicate formatters.
(Jon Rowe, #1990)
### 3.3.0 / 2015-06-12
[Full Changelog](http://github.com/rspec/rspec-support/compare/v3.2.2...v3.3.0)
Enhancements:
* Improve formatting of arrays and hashes in failure messages so they
use our custom formatting of matchers, time objects, etc.
(Myron Marston, Nicholas Chmielewski, #205)
* Use improved formatting for diffs as well. (Nicholas Chmielewski, #205)
Bug Fixes:
* Fix `FuzzyMatcher` so that it checks `expected == actual` rather than
`actual == expected`, which avoids errors in situations where the
`actual` object's `==` is improperly implemented to assume that only
objects of the same type will be given. This allows rspec-mocks'
`anything` to match against objects with buggy `==` definitions.
(Myron Marston, #193)
0.3.2
Changes
* Bug fix: "clamd_get_versions: parse error ..."
* Bug fix: Bug 66: decoding deflate encoded files produces huge files
0.3.1
New features
* The virus engines now loaded as external modules to c-icap. Currently the
"clamd" which uses clamd daemon and "clamav" which uses the libclamav,
engines are provided
0.2.5
* virus_scan viralator mode fixes
0.3.5
Changes
* Bug fix: Wrong status code for REQMOD requests without preview
* Bug fix: Spaces on header may result to bad request error
* Bug fix: cache drops non expired items
* Add the "DefaultService" configuration parameter. For use with buggy clients
which are not include icap service name in urls.
* Add support for ICAP requests pipelining
* Add the "SupportBuggyClients" configuration parameter. If enabled c-icap
tries to handle buggy ICAP clients which are not include correct delimiters
between HTTP and ICAP headers.
Other minor fixes
0.3.4
Changes
* Berkeley databases may have problems when newer Berkeley DB library used
hash_table, always uses a very small hash table resulting to slow search
operations
* c-icap crashes when trying to parse lookup table parameters
* local cache items are never expired. Affects dnsbl and ldap lookup tables
* posix interprocess locking does not work
Other minor fixes
0.3.3
Changes
* bug 67: "Bug in the service. Please report to the service author..."
* Bug fix: ci_format_text function may exceeds the buffer
Other minor fixes
0.3.2
Changes
* Bug fix: Restrict permissions on c-icap.ctl
* Author: Mathieu Parent sathieu@debian.org
* Bug-Debian: http://bugs.debian.org/645122
* Bug fix: Correctly daemonize
* Author: Mathieu Parent sathieu@debian.org
* Bug-Debian: http://bugs.debian.org/645310
0.3.1
For installation instructions:
* https://sourceforge.net/apps/trac/c-icap/wiki/configcicap
* https://sourceforge.net/apps/trac/c-icap/wiki
Changes
* New interfaces added to help service developers.
0.2.6
Bugs fixes
* The c-icap does not build correctly in some platforms
* The c-icap-client does not display ICAP headers on 204 preview response
* The xheaders are not displayed when %<ih fmt code used
* Fix deadlocks in access log subsystem
- Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
- Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
- Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno Böck.
(CVE-2015-1789)
[Emilia Käsper]
- PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia Käsper]
- CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
- Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
- Removed support for the two export grade static DH ciphersuites
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
were newly added (along with a number of other static DH ciphersuites) to
1.0.2. However the two export ones have *never* worked since they were
introduced. It seems strange in any case to be adding new export
ciphersuites, and given "logjam" it also does not seem correct to fix them.
[Matt Caswell]
- Only support 256-bit or stronger elliptic curves with the
'ecdh_auto' setting (server) or by default (client). Of supported
curves, prefer P-256 (both).
[Emilia Kasper]
- Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
- Avoid a corner case segfault when no search URL is found in dillorc.
- Fix linking problem with fltk-1.3.3 and fl_oldfocus.
- Don't follow redirections or meta refresh in --local mode.
- Don't load background images in --local mode.
- Make sure window is resizable with fltk-1.3.3.
- Remove Fl_Printer stub that always gave problems compiling under OSX.
