- MASTER_SITES moved, patch-Makefile removed (was to fix help typo)
(upstream)
- Update to 0.2.7
---------------
version 0.2.7, 09.03.15 -- included a patch from NetBSD
need to link with it but might have included x11/xf86driproto's bl3.mk first,
because we have:
x11/xf86driproto/buildlink3.mk:BUILDLINK_DEPMETHOD.libpciaccess?= build
(This issue appears only on non-x86 because on x86 we get libpciaccess
through libdrm)
Bump PKGREVISION to get the dependency expressed.
These releases address a security issue in the Django admin.
* Issue: XSS attack via properties in ModelAdmin.readonly_fields
* Advisory: HTML escaping when calling template filters from Python code
Changes
2.5.3 (2015-02-24)
Bugfixes
Revert changes to our vendored certificate bundle. For more context see (#2455, #2456, and http://bugs.python.org/issue23476)
2.5.2 (2015-02-23)
Features and Improvements
Add sha256 fingerprint support. (shazow/urllib3#540)
Improve the performance of headers. (shazow/urllib3#544)
Bugfixes
Copy pip’s import machinery. When downstream redistributors remove requests.packages.urllib3 the import machinery will continue to let those same symbols work. Example usage in requests’ documentation and 3rd-party libraries relying on the vendored copies of urllib3 will work without having to fallback to the system urllib3.
Attempt to quote parts of the URL on redirect if unquoting and then quoting fails. (#2356)
Fix filename type check for multipart form-data uploads. (#2411)
Properly handle the case where a server issuing digest authentication challenges provides both auth and auth-int qop-values. (#2408)
Fix a socket leak. (shazow/urllib3#549)
Fix multiple Set-Cookie headers properly. (shazow/urllib3#534)
Disable the built-in hostname verification. (shazow/urllib3#526)
Fix the behaviour of decoding an exhausted stream. (shazow/urllib3#535)
Security
Pulled in an updated cacert.pem.
Drop RC4 from the default cipher list. (shazow/urllib3#551)
0.9.2 (2015-02-24)
Fixed compatibility with Requests 2.5.1
Changed the default JSON Content-Type to application/json as UTF-8 is the default JSON encoding
Changelog
1.4.0 (2015-02-11)
Using insecure SSL configuration (verify_cert=False) raises a warning
reindex accepts a query parameter
enable reindex helper to accept any kwargs for underlying bulk and scan calls
when doing an initial sniff (via sniff_on_start) ignore special sniff timeout
option to treat TransportError as normal failure in bulk helpers
fixed an issue with sniffing when only a single host was passed in
1.3.0 (2014-12-31)
Timeout now doesn't trigger a retry by default (can be overriden by setting retry_on_timeout=True)
Introduced new parameter retry_on_status (defaulting to (503, 504, )) controls which http status code should lead to a retry.
Implemented url parsing according to RFC-1738
Added support for proper SSL certificate handling
Required parameters are now checked for non-empty values
ConnectionPool now checks if any connections were defined
DummyConnectionPool introduced when no load balancing is needed (only one connection defined)
Fixed a race condition in ConnectionPool
Changes
1.10.1 (2015-02-10)
Pools can be used as context managers. (Issue #545)
Don’t re-use connections which experienced an SSLError. (Issue #529)
Don’t fail when gzip decoding an empty stream. (Issue #535)
Add sha256 support for fingerprint verification. (Issue #540)
Fixed handling of header values containing commas. (Issue #533)
1.10 (2014-12-14)
Disabled SSLv3. (Issue #473)
Add Url.url property to return the composed url string. (Issue #394)
Fixed PyOpenSSL + gevent WantWriteError. (Issue #412)
MaxRetryError.reason will always be an exception, not string. (Issue #481)
Fixed SSL-related timeouts not being detected as timeouts. (Issue #492)
Py3: Use ssl.create_default_context() when available. (Issue #473)
Emit InsecureRequestWarning for every insecure HTTPS request. (Issue #496)
Emit SecurityWarning when certificate has no subjectAltName. (Issue #499)
Close and discard sockets which experienced SSL-related errors. (Issue #501)
Handle body param in .request(...). (Issue #513)
Respect timeout with HTTPS proxy. (Issue #505)
PyOpenSSL: Handle ZeroReturnError exception. (Issue #520)
1.9.1 (2014-09-13)
Apply socket arguments before binding. (Issue #427)
More careful checks if fp-like object is closed. (Issue #435)
Fixed packaging issues of some development-related files not getting included. (Issue #440)
Allow performing only fingerprint verification. (Issue #444)
Emit SecurityWarning if system clock is waaay off. (Issue #445)
Fixed PyOpenSSL compatibility with PyPy. (Issue #450)
Fixed BrokenPipeError and ConnectionError handling in Py3. (Issue #443)
1.9 (2014-07-04)
Shuffled around development-related files. If you’re maintaining a distro package of urllib3, you may need to tweak things. (Issue #415)
Unverified HTTPS requests will trigger a warning on the first request. See our new security documentation for details. (Issue #426)
New retry logic and urllib3.util.retry.Retry configuration object. (Issue #326)
All raised exceptions should now wrapped in a urllib3.exceptions.HTTPException-extending exception. (Issue #326)
All errors during a retry-enabled request should be wrapped in urllib3.exceptions.MaxRetryError, including timeout-related exceptions which were previously exempt. Underlying error is accessible from the .reason propery. (Issue #326)
urllib3.exceptions.ConnectionError renamed to urllib3.exceptions.ProtocolError. (Issue #326)
Errors during response read (such as IncompleteRead) are now wrapped in urllib3.exceptions.ProtocolError. (Issue #418)
Requesting an empty host will raise urllib3.exceptions.LocationValueError. (Issue #417)
Catch read timeouts over SSL connections as urllib3.exceptions.ReadTimeoutError. (Issue #419)
Apply socket arguments before connecting. (Issue #427)
1.8.3 (2014-06-23)
Fix TLS verification when using a proxy in Python 3.4.1. (Issue #385)
Add disable_cache option to urllib3.util.make_headers. (Issue #393)
Wrap socket.timeout exception with urllib3.exceptions.ReadTimeoutError. (Issue #399)
Fixed proxy-related bug where connections were being reused incorrectly. (Issues #366, #369)
Added socket_options keyword parameter which allows to define setsockopt configuration of new sockets. (Issue #397)
Removed HTTPConnection.tcp_nodelay in favor of HTTPConnection.default_socket_options. (Issue #397)
Fixed TypeError bug in Python 2.6.4. (Issue #411)
cwdiff is a part of cj-overlay, and it has three modes, with
(textproc/) wdiff, diff, or without them, stand alone.
With wdiff or diff, it wraps output of those commands to
support directories and colorize the output.
cwdiff -h or cwdiff --help
will tell you how to use it, and command line examples.
Collection.
This extention was previously known as ZendOptimizerPlus and has been renamed by
upstream.
Changes:
7.0.4
Added function opcache_is_script_cached()
- Fix bug #67111 (Loop variables need to be freed for both "break" and
"continue")
- Fix opcache.revalidate_freq per-request behavior
- Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen)
- Fixed issue #183 (TMP_VAR is not only used once)
7.0.3
- Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style
^M as lineend)
- Added suggestion about opcache.revalidate_freq setting in development
environmento
- Fixed Issue #140: "opcache.enable_file_override" doesn't respect
"opcache.revalidate_freq"
- Fixed reavlidate_path=1 behavior to avoid caching of symlinks values.
- Fixed opcahce_reset() crash when opcache.protect_memory is set
- Fixed bug #66176 (Invalid constant substitution)
- Fixed bug #65559 (Opcache: cache not cleared if changes occur while running)
- Fixed compatibility with old PHP versions
- Fixed bug #65915 (Inconsistent results with require return value)
- Fixed issue #115 (path issue when using phar)
- Fixed issue #149 (Phar mount points not working with OPcache enabled)
- Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
- Added function opcache_compile_file() to load PHP scripts into cache without
execution.
- Fixed issue #135 (segfault in interned strings if initial memory is too low)
- Fixed bug #65665 (Exception not properly caught when opcache enabled)
- Fixed issue #128 (opcache_invalidate segmentation fault)
- Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var)
- Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4)
- Replce ZEND_FETCH_* instructions with IS_CV if possible
- Added opcache.restrict_api configuration directive that may limit usage of
OPcahce API functions only to patricular script(s)
- Added support for glob symbols in blacklist entries (?, *, **)
- Improved implementation of NOP removal pass from O(n^2) to O(n)
- Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on shutdown).
- Fixed bug #64827 Segfault in zval_mark_grey (zend_gc.c)
7.0.2
- Fixed issue #26 (added opcache_invalidate(string $filename [, bool
$force = false]) function)
- Fixed issue #74 (Allowed per request OPcache disabling)
- Fixed issue #76 (actually we don't need zend_shared_meory_block_header at all)
- Fixed issue #78 (incorrect file path validation)
- Fixed issue #79 (Optimization Problem/Bug)
- Fixed issue #82 (allow comments in blacklist file, lines started with ";")
- Fixed issue #91 (fix x64 fixed addresses)
- Fxied issue #92 (Compilation warnings)
- Fixed issue #97 (Use size_t instead of int to support a cache larger than 2G)
- Fixed bug (Avoid possible conditional jump depended on uninitialised value)
7.0.1
- Fixed Bug #64490 (add __FreeBSD_kernel__ to allowed FreeBSD defs)
- Fixed Bug #64482 (Opcodes for dynamic includes should not be cached)
- Fixed Bug #64353 (Built-in classes can be unavailable with dynamic includes
and Optimizer+)
- Fixed compatibility with ext/phar
- Fixed Issue #58 (PHP-5.2 compatibility)
- Fixed Issue #57 (segfaults in drupal7)
- Fixed Issue #54 (PECL install adds extension= instead of zend_extension= to
php.ini)-iii
- Allows exclusion of large files from being cached
- Save a stat() call by calling sapi_module.get_stat()
- Add optional flag to opcache_get_status()
- Separate "start_time" from "last_restart_time"
Update net/mitmproxy to 0.11.3.
Changes:
29 Dec 2014: mitmproxy 0.11.3:
* Bug fixes (-w option and #435 issue).
29 Dec 2014: mitmproxy 0.11.2:
* Configuration files - mitmproxy.conf, mitmdump.conf, common.conf in the
.mitmproxy directory.
* Better handling of servers that reject connections that are not SNI.
* Many other small bugfixes and improvements.
15 November 2014: mitmproxy 0.11.1:
* Bug fixes: connection leaks some crashes
7 November 2014: mitmproxy 0.11:
* Performance improvements for mitmproxy console
* SOCKS5 proxy mode allows mitmproxy to act as a SOCKS5 proxy server
* Data streaming for response bodies exceeding a threshold
(bradpeabody@gmail.com)
* Ignore hosts or IP addresses, forwarding both HTTP and HTTPS traffic
untouched
* Finer-grained control of traffic replay, including options to ignore
contents or parameters when matching flows (marcelo.glezer@gmail.com)
* Pass arguments to inline scripts
* Configurable size limit on HTTP request and response bodies
* Per-domain specification of interception certificates and keys (see
--cert option)
* Certificate forwarding, relaying upstream SSL certificates verbatim (see
--cert-forward)
* Search and highlighting for HTTP request and response bodies in
mitmproxy console (pedro@worcel.com)
* Transparent proxy support on Windows
* Improved error messages and logging
* Support for FreeBSD in transparent mode, using pf (zbrdge@gmail.com)
* Content view mode for WBXML (davidshaw835@air-watch.com)
* Better documentation, with a new section on proxy modes
* Generic TCP proxy mode
* Countless bugfixes and other small improvements
28 January 2014: mitmproxy 0.10:
* Support for multiple scripts and multiple script arguments
* Easy certificate install through the in-proxy web app, which is now
enabled by default
* Forward proxy mode, that forwards proxy requests to an upstream HTTP server
* Reverse proxy now works with SSL
* Search within a request/response using the "/" and "n" shortcut keys
* A view that beatifies CSS files if cssutils is available
* Bug fix, documentation improvements, and more.
25 August 2013: mitmproxy 0.9.2:
* Improvements to the mitmproxywrapper.py helper script for OSX.
* Don't take minor version into account when checking for serialized file
compatibility.
* Fix a bug causing resource exhaustion under some circumstances for SSL
connections.
* Revamp the way we store interception certificates. We used to store these
on disk, they're now in-memory. This fixes a race condition related to
cert handling, and improves compatibility with Windows, where the rules
governing permitted file names are weird, resulting in errors for some
valid IDNA-encoded names.
* Display transfer rates for responses in the flow list.
* Many other small bugfixes and improvements.
16 June 2013: mitmproxy 0.9.1:
* Use "correct" case for Content-Type headers added by mitmproxy.
* Make UTF environment detection more robust.
* Improved MIME-type detection for viewers.
* Always read files in binary mode (Windows compatibility fix).
* Some developer documentation.
for wip by leot1990.
Applications with more than a handful of user-settable options are best
configured through a combination of command line args, config files,
hard-coded defaults, and in some cases, environment variables.
Python's command line parsing modules like argparse have very limited support
for config files and environment variables, so this module extends argparse to
add these features.
Changes:
0.11.2
------
* TCPClient: Use TLS1.1+ where available, BaseHandler: disable SSLv2.
0.11.1
------
* Fixes traceback in connection finish.
0.11
----
* Refactor TCP close.
* certstore: add support for cert chains
* certstore: add support for asterisk form to DNTree replacement
* Change the criticality of a number of X509 extentions, to match the RFCs and
real-world CAs/certs.
* Much more sophisticated certificate store:
- Handle wildcard lookup
- Handle lookup of SANs
- Provide hooks for registering override certs and keys for specific
domains (including wildcard specifications)
* Various bug fixes.
0.10
----
* Add IPv6 support for TCPServer.
* Various bug fixes.
- Bug Fixes
The following vulnerabilities have been fixed.
* wnpa-sec-2015-07
The WCP dissector could crash. (Bug 10844) CVE-2015-2188
* wnpa-sec-2015-08
The pcapng file parser could crash. (Bug 10895) CVE-2015-2189
* wnpa-sec-2015-10
The TNEF dissector could go into an infinite loop. Discovered by
Vlad Tsyrklevich. (Bug 11023) CVE-2015-2190
The following bugs have been fixed:
* IPv6 AUTH mobility option parses Mobility SPI and Authentication
Data incorrectly. (Bug 10626)
* DHCP Option 125 Suboption: (1) option-len always expects 1 but
specification allows for more. (Bug 10784)
* Little-endian OS X Bluetooth PacketLogger files aren't handled.
(Bug 10861)
* X.509 certificate serial number incorrectly interpreted as negative
number. (Bug 10862)
* H.248 "ServiceChangeReasonStr" messages are not shown in text
generated by tshark. (Bug 10879)
* Clang ASAN : AddressSanitizer: global-buffer-overflow ANSI.
(Bug 10897)
* MEGACO wrong decoding on media port. (Bug 10898)
* Wrong media format. (Bug 10899)
* BSSGP Status PDU decoding fault (missing Mandatory element (0x04)
BVCI for proper packet). (Bug 10903)
* Packets on OpenBSD loopback decoded as raw not null. (Bug
10956)
* Display Filter Macro unable to edit. (Bug 10957)
* IPv6 Local Mobility Anchor Address mobility option code is treated
incorrectly. (Bug 10961)
* Juniper Packet Mirror dissector expects ipv6 flow label = 0.
(Bug 10976)
* Infinite loop DoS in TNEF dissector. (Bug 11023)
- Updated Protocol Support
ANSI IS-637-A, DHCP, GSM MAP, H.248, IPv6, Juniper Jmirror, and X.509AF
- New and Updated Capture File Support
PacketLogger, and Pcapng
