Changes in libsoup from 2.62.0 to 2.62.1:
* Fix digest authentication with encoded URIs
[#794208, Claudio Saavedra]
* Avoid unaligned memory accesses in WebSocket implementation
[#794421, Rolf Eike Beer]
* Use base domain to decide if cookies are third-party
[#792130, Michael Catanzaro]
* Fix crash under soup_socket_new()
[#762138, Milan Crha]
Changes in libsoup from 2.61.91 to 2.62.0:
* Updated translations.
Changes in libsoup from 2.61.90 to 2.61.91:
* Add limit to header length to avoid DOS attacks
[#792173, Michele Dionisio]
* Update the public-suffix list.
[Claudio Saavedra]
* Revert "cookie-jar: use base domain to decide if cookie is third party"
[#792130, Claudio Saavedra]
Changes in libsoup from 2.61.2 to 2.61.90:
* Various improvements to the WebSocket implementation
[#792113, Italo Guerrieri]
* cookie-jar: use base domain to decide if cookie is third party
[#792130, Michael Catanzaro]
* Add new API to create a new connection from a SoupSession
[#792212, Carlos Garcia Campos]
* soup-headers: accept any 3 digit number as message status code
[#792124, Carlos Garcia Campos]
Changes in libsoup from 2.61.1 to 2.61.2:
* session: don't request Keep-Alive for upgraded connections
[#788723, Lionel Landwerlin]
Changes in libsoup from 2.60.2 to 2.60.3:
* heap-buffer-overflow in soup_ntlm_parse_challenge()
[#788037, Milan Crha]
* session: don't request Keep-Alive for upgraded connections
[#788723, Lionel Landwerlin]
* soup-headers: accept any 3 digit number as message status code
[#792124, Carlos Garcia Campos]
Changes in libsoup from 2.60.1 to 2.60.2:
* Fix documentation typos [#788920, Nirbheek Chauhan]
* format-zero-length warning triggered in soup-logger.c
[#789096, Tomas Popela]
* Warnings while generating inrospection files
[#789099, Tomas Popela]
* Visual Studio builds: Enhance security of x64 binaries
[Chun-wei Fan]
* Updated translation: Nepali.
Changes in libsoup from 2.60.0 to 2.60.1:
* Fallback to another authentication type if the current
failed [#788238, Tomas Popela]
* Fix unbalanced G_GNUC_BEGIN_IGNORE_DEPRECATIONS use in
soup-session.c [#787166, Zan Dobersek]
* SoupCache: fix setting default value for cache dir
[#788452, Cosimo Cecchi]
* Updated translations: Catalan (Valencian).
Changes in libsoup from 2.59.90.1 to 2.60.0:
* New/updated translations: Catalan, Danish, Dutch, Nepali
Changes in libsoup from 2.59.90 to 2.59.90.1:
* CVE-2017-2885: Fixed a chunked decoding buffer overrun that
could be exploited against either clients or servers.
[#785774]
Changes in libsoup from 2.58.0 to 2.59.90:
* Several SoupAuthNegotiate compatibility fixes [#783780,
#783781, Tomas Popela]
* Include a payload in SoupWebsocketConnection's "ping"
messages (to avoid problems with certain buggy server
implementations), and emit a signal when receiving a "pong"
(to allow apps to notice when the remote peer has
disconnected them). [#785660, David Woodhouse]
* Fix the interpretation of wss:// URIs, which previously
mostly didn't work. [#784766, Nirbheek Chauhan].
* Fixed SoupContentSniffer behavior on XML files with no
Content-Type
[https://bugs.webkit.org/show_bug.cgi?id=173923]
* Fixed a bug with cancelling async requests [#773257, Carlos
Garcia Campos]
* Reverted the (undocumented) change in 2.58.0 to call
soup_session_abort() after changing
SoupSession:proxy-resolver; while this made its behavior
more consistent with :proxy-uri, it ended up breaking
things. [#781590]
* Allow HTTP responses that have no trailing CRLF after the
response headers (and no body) [#780352, Carlos Garcia
Campos]
* Fixed an out-of-bounds read in SoupURI parsing [#785042]
* Fixed a spurious (debug-level) error message in
SoupWebsocketConnection [#784935, Ignacio Casal Quinteiro]
* Fixed introspection annotations on
soup_message_headers_get_content_range() [Philip Withnall]
* Fixed a flake in tests/header-parsing [#777258]
* Update tests/test-cert.pem to use stronger algorithms to
avoid problems with newer gnutls. [#784949, Jan Alexander
Steffens]
* Fixed examples/get to not accidentally break https
certificate validation [#784259, Sebatian Dröge]
* Misc updates to apache/php stuff in unit tests:
* Dropped support for Apache 2.2
* Deal with mod_unixd being compiled-in [#776478]
* Switched PHP support from PHP 5 to PHP 7
* Updated translations:
Esperanto, Turkish
Changes in libsoup from 2.58.1 to 2.58.2:
* CVE-2017-2885: Fixed a chunked decoding buffer overrun that
could be exploited against either clients or servers.
[#785774]
Changes in libsoup from 2.58.0 to 2.58.1:
* Reverts a change to SoupSession to close all open
connections when the :proxy-resolver property is changed
[#777326; this change was made in 2.58.0 but accidentally
left out of the NEWS for that release]; although that
behavior made :proxy-resolver more consistent with
:proxy-uri, it ended up breaking Evolution EWS. [#781590]
* Fixed undefined behavior in tests/header-parsing that could
make the test spuriously fail. [#777258]
* Updates to the configure tests for Apache for use in tests/:
* Dropped support for Apache 2.2
* Changed PHP support from PHP 5 to PHP 7
* mod_unixd can now be either built-in or dynamically
loaded [#776478]
* Updated translations:
Turkish
Changes in libsoup from 2.57.1 to 2.58.0:
* Fix authentication issues when the SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE
flag is used. [#778497, #777936, Carlos Garcia Campos]
* MSVC build improvements (Chun-wei Fan)
* Updated translations:
Basque, Belarusian, Brazilian Portuguese, Chinese (Taiwan), Danish,
French, Galician, Greek, Indonesian, Italian, Korean, Latvian,
Lithuanian, Norwegian bokmål, Russian, Serbian, Slovak, Slovenian,
Spanish, zh_CN
Changes in libsoup from 2.56.0 to 2.57.1:
* Added SoupWebsocketConnection:keepalive-interval, to make a
connection send regular pings. [#773253, Ignacio Casal
Quinteiro]
* Added soup_auth_manager_clear_cached_credentials() and
SOUP_MESSAGE_DO_NOT_USE_AUTH_CACHE, to allow greater control
over the use of cached HTTP auth credentials. [#774031,
#774033, Carlos Garcia Campos]
* Fixed the use of SoupSession:proxy-uri values containing
passwords. [#772932, Jonathan Lebon]
* Various minor WebSocket fixes [Ignacio Casal Quinteiro]:
* Avoid sending data after we start closing the
connection [#774957]
* Do not log a critical if the peer sends an invalid
close status code
* Log a debug message when a "pong" is received
* Fixed introspection of
soup_message_headers_get_content_range() [Jasper St. Pierre]
* Replaced Vala [Deprecated] annotations with [Version] to
avoid build warnings [#773177, Evan Nemerson]
* MSVC build improvements (Chun-wei Fan)
* Updated error/message strings to use Unicode punctuation.
[#772217, Piotr Drąg]
* Updated translations:
Czech, Friulian, German, Hebrew, Hungarian,
Norwegian bokmål, Polish, Swedish
Changes in libsoup from 2.55.90 to 2.56.0:
* Added SoupWebsocketConnection:max-incoming-payload-size
property, to override the default maximum incoming payload
size. [#770022, Ignacio Casal Quinteiro]
* Added soup-version.h symbols (in particular
soup_check_version()) to introspection. [#771439, Rico
Tzschichholz]
* Updated the copy of the public suffix list used by SoupTLD
[#769650, Michael Catanzaro]
* Updated translations:
British English, Greek, Polish
Changes in libsoup from 2.54.1 to 2.55.90:
* Removed support for SSLv3 fallback; sites that reject TLS
1.x handshakes will now just fail with an error. (Firefox
and Chrome have both already switched to this behavior.)
[#765940, Dan Winship]
* Fixed the parsing of <double>s in the new GVariant-based
XMLRPC code. [#767707, Dan Winship]
* Fixed soup_server_set_ssl_cert_file(), which was added in
2.48 but didn't actually work... [patch on libsoup-list from
Sean DuBois]
* Added GObject properties to SoupLogger to make it
bindings-friendly. [#768053, Jonh Wendell]
* Fixed build error on FreeBSD [#765376, Ting-Wei Lan]
* Fixed build with certain new versions of glibc that define
"EOF" as a macro. [#768731, Philip Withnall]
* Updated m4/ax_code_coverage.m4 with support for lcov 1.12
[Philip Withnall]
* Updated po files for future gettext versions [Piotr Drąg]
* New/updated translations:
Occitan, Scottish Gaelic
Note: ABI issue
Changes in libsoup from 2.54.0.1 to 2.54.1:
* *** IMPORTANT ***
Fixed an ABI break in 2.54.0 caused by adding a member to
SoupAuthClass; 2.54.1 is ABI-compatible with 2.53.92 and
earlier, but NOT with the anomalous 2.54.0. If you built
packages against 2.54.0, you will need to rebuild them
against 2.54.1.
* Fixed NTLM authentication when ntlm_auth from the latest
version of Samba is present. [#765106, Milan Crha]
* Updates to MSVC build, including for GSS-API support
[Chun-wei Fan]
* Updated translations:
Friulian
Add gssapi option (default off)
Changes in libsoup from 2.53.92 to 2.54.0.1:
* (2.54.0.1 fixes a build problem with the 2.54.0 tarball,
which would not build if you configured with
"--without-gnome". There are no other changes between 2.54.0
and 2.54.0.1.)
* Fixed examples/simple-httpd on Windows [#758759, Chun-wei
Fan]
Changes in libsoup from 2.53.90 to 2.53.92:
* libsoup now supports HTTP "Negotiate"/GSSAPI/Kerberos
authentication. It must be enabled specifically by the
application and is also subject to certain other
restrictions, some of which are not yet controllable through
the API. [#587145, Guido Guenther, Tomas Popela, David
Woodhouse, Dan Winship]
* Added support for building under MSVC [#758759, Chun-wei
Fan]
* Fixed a problem with the 2.53.90 tarball that caused
translations to be mis-installed.
* Updated translations:
Occitan
Changes in libsoup from 2.53.2 to 2.53.90:
* NUL bytes in headers are now ignored [#760832, Dan Winship]
* Fixed transfer annotation of soup_form_decode* functions
[#743966, Lionel Landwerlin]
* Updated translations:
Bulgarian, Latvian, Norwegian bokmål
Changes in libsoup from 2.53.1 to 2.53.2:
* Fixed up symbol visibility handling for mingw by copying
GLib's system [Ignacio Casal Quinteiro, #757146]
* Finally marked the old SoupSessionAsync and SoupSessionSync
methods as deprecated [Ignacio Casal Quinteiro, Dan Winship,
#757146]
* Added libsoup-2.4.deps for valac [Rico Tzschichholz]
* Make it possible to build from git without gtk-doc being
installed [Ignacio Casal Quinteiro]
* Updated translations:
Norwegian bokmål, Occitan
Changes in libsoup from 2.52.1 to 2.53.1:
* Really fixed build under MinGW for sure this time [Ignacio
Casal Quinteiro]
* Fixed SoupServer Web Sockets code so that the
SoupClientContext passed to a SoupServerWebsocketCallback is
fully usable (rather than crashing when you try to do most
things).
Changes:
Changes in libsoup from 2.53.1 to 2.53.2:
* Fixed up symbol visibility handling for mingw by copying
GLib's system [Ignacio Casal Quinteiro, #757146]
* Finally marked the old SoupSessionAsync and SoupSessionSync
methods as deprecated [Ignacio Casal Quinteiro, Dan Winship,
#757146]
* Added libsoup-2.4.deps for valac [Rico Tzschichholz]
* Make it possible to build from git without gtk-doc being
installed [Ignacio Casal Quinteiro]
* Updated translations:
Norwegian bokmål, Occitan
Changes in libsoup from 2.52.1 to 2.53.1:
* Really fixed build under MinGW for sure this time [Ignacio
Casal Quinteiro]
* Fixed SoupServer Web Sockets code so that the
SoupClientContext passed to a SoupServerWebsocketCallback is
fully usable (rather than crashing when you try to do most
things).
Changes in libsoup from 2.52.0 to 2.52.1:
* Fixed build under MinGW [Chun-wei Fan]
* Fixed build with --disable-introspection [#755389, Quentin
Glidic]
* Fixed HTTP authentication protection space handling for
files directly under the root directory. [#755617, Carlos
Garcia Campos]
* Fixed a warning when loading data from SoupCache while using
an authenticated proxy. [#756076, Carlos Garcia Campos]
* Updated translations:
German, Vietnamese
Changes in libsoup from 2.51.92 to 2.52.0:
* Removed duplicate test paths from tests/date so it will pass
with glib 2.46.0
Changes in libsoup from 2.51.90 to 2.51.92:
* Added g_autoptr() support for all libsoup types. [#754721,
Kalev Lember]
* Added a missing (allow-none) annotation to
soup_uri_normalize() [#754776, Jens Georg]
* Updated translations:
Polish
Changes in libsoup from 2.51.3 to 2.51.90:
* Added a new GVariant-based XMLRPC API, and deprecated the
old GValue-based API (along with the associated
GValue-manipulating utilities). [#746495, Xavier Claessens]
* Multiple build fixes for Visual Studio [#752952, Chun-wei Fan]
* Added VAPI generation [#750679, Daniel Espinosa]
* Fixed the mode bits on soup-cookie.c, which was previously
marked executable for some reason. [rh #1247285]
* Updated translations:
Norwegian bokmål, Portuguese, Thai, Turkish
Changes in libsoup from 2.50.0 to 2.51.3:
* Fixed "make check" in non-English locales [rh #1224989,
#749397]
* Fixed some compiler warnings [#748514, Philip Withnall]
* New/Updated translations:
Aragonese, Catalan, Occitan, Russian
Libsoup is an HTTP library implementation in C. It was originally part
of a SOAP (Simple Object Access Protocol) implementation called Soup, but
the SOAP and non-SOAP parts have now been split into separate packages.
libsoup uses the Glib main loop and is designed to work well with GTK
applications. This enables GNOME applications to access HTTP servers
on the network in a completely asynchronous fashion, very similar to
the Gtk+ programming model (a synchronous operation mode is also
supported for those who want it).
Features:
* Completely Asynchronous
* Connection cache
* HTTP chunked transfer support
* HTTP, SOCKS4, and SOCKS5 authenticated proxy support
* SSL Support using OpenSSL or GnuTLS
* Client support for Digest, NTLM, and Basic authentication
* HTTP server
* Server support for Digest and Basic authentication
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
file's sole purpose was to provide a dependency on pkg-config and set
some environment variables. Instead, turn pkg-config into a "tool"
in the tools framework, where the pkg-config wrapper automatically
adds PKG_CONFIG_LIBDIR to the environment before invoking the real
pkg-config.
For all package Makefiles that included pkg-config/buildlink3.mk, remove
that inclusion and replace it with USE_TOOLS+=pkg-config.
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
by moving the inclusion of buildlink3.mk files outside of the protected
region. This bug would be seen by users that have set PREFER_PKGSRC
or PREFER_NATIVE to non-default values.
BUILDLINK_PACKAGES should be ordered so that for any package in the
list, that package doesn't depend on any packages to the left of it
in the list. This ordering property is used to check for builtin
packages in the correct order. The problem was that including a
buildlink3.mk file for <pkg> correctly ensured that <pkg> was removed
from BUILDLINK_PACKAGES and appended to the end. However, since the
inclusion of any other buildlink3.mk files within that buildlink3.mk
was in a region that was protected against multiple inclusion, those
dependencies weren't also moved to the end of BUILDLINK_PACKAGES.
