Security fix with updating bundled RubyGems to 1.8.23 and several a few bug
fixes.
Fri Apr 20 12:40:19 2012 Eric Hodel <drbrain@segment7.net>
* lib/rubygems/ssl_certs/AddTrustExternalCARoot.pem: Removed to avoid
conflict with ca-bundle.pem
* lib/rubygems/ssl_certs/VerisignClass3PublicPrimaryCertificationAuthority-G2.pem:
ditto.
* lib/rubygems/ssl_certs/Entrust_net-Secure-Server-Certification-Authority.pem:
ditto.
Fri Apr 20 09:04:35 2012 Eric Hodel <drbrain@segment7.net>
* lib/rubygems: Apply the following security fixes to RubyGems 1.3.7:
RubyGems now disallows redirection from HTTPS to HTTP.
RubyGems now verifies SSL connections.
Patch by Hiroshi Nakamura.
* test/rubygems: ditto.
Three situations need it be handled:
1) Multilib support is unknowen, i.e. there is nothing in the options.mk
file to appropriately set ${MULTILIB_SUPPORTED} (currently all platforms
except Linux/x86_64). In this situation nothing should be done.
2) Multilib _is_ supported, in this situation the 'gcc-multilib' option
should be made available and the CONFIGURE_ARGS modified accordingly.
3) Multilib _is not_ supported, in this situation CONFIGURE_ARGS need to
be modified.
=== 1.8.23 / 2012-04-19
This release increases the security used when RubyGems is talking to
an https server. If you use a custom RubyGems server over SSL, this
release will cause RubyGems to no longer connect unless your SSL cert
is globally valid.
You can configure SSL certificate usage in RubyGems through the
:ssl_ca_cert and :ssl_verify_mode options in ~/.gemrc and /etc/gemrc.
The recommended way is to set :ssl_ca_cert to the CA certificate for
your server or a certificate bundle containing your CA certification.
You may also set :ssl_verify_mode to 0 to completely disable SSL
certificate checks, but this is not recommended.
* 2 security fixes:
* Disallow redirects from https to http
* Turn on verification of server SSL certs
* 1 minor feature:
* Add --clear-sources to fetch
* 2 bug fixes:
* Use File.identical? to check if two files are the same.
* Fixed init_with warning when using psych
=== 1.8.22 / 2012-04-13
* 4 bug fixes:
* Workaround for psych/syck YAML date parsing issue
* Don't trust the encoding of ARGV. Fixes#307
* Quiet default warnings about missing spec variables
* Read a binary file properly (windows fix)
=== 1.8.21 / 2012-03-22
* 2 bug fixes:
* Add workaround for buggy yaml output from 1.9.2
* Force 1.9.1 to remove it's prelude code. Fixes#305
=== 1.8.20 / 2012-03-21
* 4 bug fixes:
* Add --force to `gem build` to skip validation. Fixes#297
* Gracefully deal with YAML::PrivateType objects in Marshal'd gemspecs
* Treat the source as a proper url base. Fixes#304
* Warn when updating the specs cache fails. Fixes#300
=== 1.8.19 / 2012-03-14
* 3 bug fixes:
* Handle loading psych vs syck properly. Fixes#298
* Make sure Date objects don't leak in via Marshal
* Perform Date => Time coercion on yaml loading. Fixes#266
=== 1.8.18 / 2012-03-11
* 4 bug fixes:
* Use Psych API to emit more compatible YAML
* Download and write inside `gem fetch` directly. Fixes#289
* Honor sysconfdir on 1.8. Fixes#291
* Search everywhere for a spec for `gem spec`. Fixes#288
* Fix Gem.all_load_path. Fixes#171
(misc/urjtag gettext-lib support)
This commit apparently fixes the PLIST problem on Linux.
Linux seems always gettext-lib available, while in
NetBSD (other *BSD ?) has it conditionally.
(As a side fix, add msgfmt to USE_TOOLS, thanks obache)
This commit adds gettext-lib support unconditionally.
Resulting some *.mo files are added to PLIST.
NEWS
====
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v:
o Fix for ASN1 overflow bug CVE-2012-2110
Features
--------
- The interface argument to IReactorTCP.listenTCP may now be an IPv6
address literal, allowing the creation of IPv6 TCP servers.
- twisted.python.constants.Names now provides a way to define
collections of named constants, similar to the "enum type" feature
of C or Java.
- twisted.python.constants.Values now provides a way to define
collections of named constants with arbitrary values.
Bugfixes
--------
- Fixed an obscure case where connectionLost wasn't called on the
protocol when using half-close.
- UDP ports handle socket errors better on Windows.
- When idle, the gtk2 and glib2 reactors no longer wake up 10 times a
second.
- Prevent a rare situation involving TLS transports, where a producer
may be erroneously left unpaused.
- twisted.internet.iocpreactor.iocpsupport now has fewer 64-bit
compile warnings.
- The GTK2 reactor is now more responsive on Windows.
- TLS transports now correctly handle producer registration after the
connection has been lost.
- twisted.protocols.htb.Bucket now empties properly with a non-zero
drip rate.
- IReactorSSL and ITCPTransport.startTLS now synchronously propagate
errors from the getContext method of context factories, instead of
being capturing them and logging them as unhandled.
Improved Documentation
----------------------
- The multicast documentation has been expanded.
- twisted.internet.defer.Deferred now documents more return values.
- Show a better starting page at
http://twistedmatrix.com/documents/current
Deprecations and Removals
-------------------------
- Remove the deprecated module twisted.enterprise.reflector.
- Removed the deprecated module twisted.enterprise.row.
- Remove the deprecated module twisted.enterprise.sqlreflector.
- Removed the deprecated module twisted.enterprise.util, as well as
twisted.enterprise.adbapi.safe.
- Python 2.4 is no longer supported on any platform.
- Removed printTraceback and noOperation from twisted.spread.pb,
deprecated since Twisted 8.2.
* New module ``zope.interface.registry``. This is code moved from
``zope.component.registry`` which implements a basic nonperistent component
registry as ``zope.interface.registry.Components``. This class was moved
from ``zope.component`` to make porting systems (such as Pyramid) that rely
only on a basic component registry to Python 3 possible without needing to
port the entirety of the ``zope.component`` package. Backwards
compatibility import shims have been left behind in ``zope.component``, so
this change will not break any existing code.
* New ``tests_require`` dependency: ``zope.event`` to test events sent by
Components implementation. The ``zope.interface`` package does not have a
hard dependency on ``zope.event``, but if ``zope.event`` is importable, it
will send component registration events when methods of an instance of
``zope.interface.registry.Components`` are called.
* New interfaces added to support ``zope.interface.registry.Components``
addition: ``ComponentLookupError``, ``Invalid``, ``IObjectEvent``,
``ObjectEvent``, ``IComponentLookup``, ``IRegistration``,
``IUtilityRegistration``, ``IAdapterRegistration``,
``ISubscriptionAdapterRegistration``, ``IHandlerRegistration``,
``IRegistrationEvent``, ``RegistrationEvent``, ``IRegistered``,
``Registered``, ``IUnregistered``, ``Unregistered``,
``IComponentRegistry``, and ``IComponents``.
* No longer Python 2.4 compatible (tested under 2.5, 2.6, 2.7, and 3.2).
* Always unlock the semaphore before returning from the png codec, either
by a "return" or png_error(); changed all Magick*Exception() calls
after setjmp() to png_error() to ensure proper cleanup (reference
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=16883).
* Fixed log known alpha*kernel normalization bug in morphology convolve.
* Pixel allocation for Pango is stride*rows not stride*columns.
* Set the image resolution for Postscript files with an embedded Photoshop
profile.
More...
VERSION 1.9 2012-03-14
CHANGES IN 1.9
Fixed the problem with inverted question mark facing the wrong way. (Thanks
to Swyter for reporting it.)
Modified the small "w" and "g".
Restored the original look for size 6x12 bold.
CHANGES IN 1.8
Fixed a problem where chars showed up as boxes in xfontsel and some apps.
Tweaks, esp. to 8x17 size
CHANGES IN 1.7
Added two new sizes: tiny 5x9 and large 10x20.
Retired size 7x12. (If this presents major problem for you, get in touch.)
Added a pixel to the height of the 6x11 size, making it 6x12.
Added new chars for partial ISO8859-1 support, mainly covering the accented
characters and currency symbols. I consider these new characters to be BETA,
since I don't use them so I'm not sure how they should look. If you have
feedback about them, please get in touch.
Made many minor tweaks to character shapes. In particular, the f, l, and t
have a more "traditional" look. Also, I've changed the w and y again.
arguments to speex are floats or ints. They are, as far as I can tell,
always ints in pkgsrc. This test has been getting the wrong answer in
my test-build environment, leading to build failure later on.
Admittedly the test gets the wrong answer because I've been having the
wrappers insert -Wall -Wno-error, but that has value (as does being
able to test-build this and ekiga) and as best I can tell the test is
pointless.
* Remove dead link from plugins/teximg. Closes: #664885
* inline: When the pagenames list includes pages that do not exist, skip
them.
* meta: Export author information in html <meta> tag. Closes: #664779
Thanks, Martin Michlmayr
* notifyemail: New plugin, sends email notifications about new and
changed pages, and allows subscribing to comments.
* Added a "changes" hook. Renamed the "change" hook to "rendered", but
the old hook name is called for now for back-compat.
* meta: Support keywords header. Closes: #664780
Thanks, Martin Michlmayr
* passwordauth: Fix url in password recovery email to be absolute.
* httpauth: When it's the only auth method, avoid a pointless and
confusing signin form, and go right to the httpauthurl.
* rename: Allow rename to be started not from the edit page; return to
the renamed page in this case.
* remove: Support removing of pages in the transient underlay. (smcv)
* inline, trail: The pagenames parameter is now a list of absolute
pagenames, not relative wikilink type names. This is necessary to fix
a bug, and makes pagenames more consistent with the pagespec used
in the pages parameter. (smcv)
* link: Fix renaming wikilinks that contain embedded urls.
* graphviz: Handle self-links.
* trail: Improve CSS, also display trail links at bottom of page,
and a bug fix. (smcv)
Add dependency on p5-HTML-Tree, suggested by Matthias Rampke in PR pkg/45688.
