The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
generation (some double work going on there). Changes include:
2017-08-14 Gerd Stolpmann <gerd@gerdbook.fritz.box>
* Release 4.1.4
* Fix: incompatibility for OCaml < 4.03 because of -opaque
2017-08-05 Gerd Stolpmann <gerd@gerdbook.fritz.box>
* Release 4.1.3
* Building modules with -opaque flag when we don't install the cmx file
* Fix: incompatbility with OCaml-4.05 (O_KEEPEXEC flag)
* Fix: the local cppo built has been made compatible with -safe-string
git repository to make package compile with ocaml 4.0.3.
Changes include:
* Cryptography: adding basic support for public key cryptography
(provided by GnuTLS)
* Authentication: the module types for SASL and HTTP authentication
have been changed to a stateless style. Added an experimental
SCRAM module for HTTP.
* Nethttp_client: Supporting Digest authentication with
SHA-256 as hash algorithm. Supporting Basic authentication
with "charset" parameter.
* XDR/RPC: supporting that direct mappings can be disabled
when this is disadvantegous. For now, this is done for
internal RPC services, because direct mappings do not
copy values, which would be very surprising here.
* Netplex: adding support for so-called internal services.
This is a fast and type-safe way of exchanging messages
between netplex containers.
* ALL MODULES: Transitioning to the new "bytes" type for
mutable strings while using "string" only for immutable
strings. If compiled with OCaml-4.02 or newer, Ocamlnet
is built with the -safe-string compiler option.
* Netplex_sharedvar: implementing a new protocol that uses shared
memory for announcing variable updates. Also, almost all functions
can now be called from controller context.
* Netsys_global: new module, for keeping a dictionary of global
strings. The dictionary is connected with Netplex_sharedvar, so
that the strings can be updated across process boundaries if used
with Netplex.
* Netsys_polysocket: adding this module
* Netsys_polypipe: adding this module
* Netasn1_encoder: new module for encding ASN.1 messages
* Netnumber: on 64 bit platforms, the functions lt_uint4 and
lt_uint8 were wrong. Fixed now.
ocaml.mk. It was becoming more trouble than it was worth: only a minority
of packages used it, and it only made Makefiles more confusing.
(I've left out some packages: these will be updated forthwith)
* GnuTLS: compatibility with GnuTLS-3.4.2
* Nethttpd_plex: the post_add_hook was not called by accident
(since OCamlnet-4); this is now fixed.
* Nethtml: new option case_sensitive
* GnuTLS: initializing the library on-demand. This avoids that
/dev/random is kept open all the time since program start, and
works around incompatibilities with Netplex. (Thomas Calderon
found the problem.)
* GnuTLS: setting DH parameters on certificates (this was forgotten in
previous releases). (Thomas Calderon found the problem.)
* GnuTLS: supporting GnuTLS versions where SRP is disabled.
Supporting GnuTLS-3.4.
* OpenBSD build: fix linker option (Christopher Zimmermann)
* Equeue: There is a new method request_proxy_notification,
which is only used by Uq_engines.qseq_engine (but unfortunately
needs to appear in the public type of the object). This new
method permits that chains of Uq_engines.qseq_engine pairs
can now be arbitrarily long without consuming too much memory
and without the danger of getting stack overflows.
This fixes issues where notification chains got too long. In
particular, we saw a stack overflow when retrieving a video
stream via HTTP. The stream was sent with many chunks, resulting
in a long Uq_engines.qseq_engine chain.
Implementers of engines can simply define request_proxy_notification
as no-ops.
* Nethttp.set_content_range: this function generated an incorrect
header (the "bytes" word was missing). (Török Edwin)
* _oasis is generated from _oasis.in
* Netplex: the Netplex socket directory has a different default
if not specified in the config file.
* Netshm: the POSIX specifier has now two args
* IPv6: automatically enabled if there is a global IPv6 address
* Unicode tables: Moved them to a separate netunidata library.
This library needs to be linked in for getting access to the
tables (this is no longer the default).
* Renamings: Http_client, Ftp_client etc. => Nethttp_client,
Netftp_client
Mimestring => Netmime_string
Xdr => Netxdr
* Netmime: moved functions to Netmime_header and Netmime_channels
* Netmech_scram: Removed the check that passwords only consist of
ASCII chars. The user can now call Netsaslprep.saslprep.
* Removed: rpc-auth-dh, nethttpd-for-netcgi2
* Http_client: the authentication mechanisms are now encapsulated
in a first-class module HTTP_MECHANISM. So far, there is Digest
authentication in this form. The signature of HTTP_MECHANISM
is similar to SASL_MECHANISM.
Another visible change is that the insecure Basic authentication
is no longer enabled for non-TLS-secured connections. This can be
changed back by setting flags, though.
Some fixes in the design improve Digest authentication for proxy
connections.
* Netpop: implementating SASL authentication for POP3. Moved Netpop
into netclient.
* Netsmtp: implementing SASL authentication for SMTP. Moved Netsmtp
into netclient.
* Adding a framework for SASL, and a number of mechanisms
(PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA1).
* fcgi/scgi/ajp connectors: exporting a handle_connection function,
and unifying existing such functions (Christopher Zimmermann)
* adding support for modular cryptography (symmetric ciphers and
digests)
* SCRAM is now implemented with the new crypto providers
* removing dependency on Cryptokit
* removed library netgssapi; now part of netsys/netstring
* removed library netmech-scram; now part of netstring
Ocamlnet-4 adds:
- new library netgss-system
- new library nettls-gnutls
- removed equeue-ssl and rpc-ssl
- X.500 modules Netasn1, Netdn, Netx509
- Crypto definitions Netsys_crypto_types, Netsys_crypto
- TLS modules Netsys_tls, Nettls_support
- Support for SASL and GSSAPI
- Moved many functions from Uq_engines to new modules in
the equeue library (Uq_client, Uq_server, Uq_multiplex,
Uq_transfer)
