Commit graph

8 commits

Author SHA1 Message Date
taca
375525a3eb Update ruby-rest-client to 2.0.2.
# 2.0.2

- Suppress the header override warning introduced in 2.0.1 if the value is the
  same. There's no conflict if the value is unchanged. (#578)
2017-06-05 15:35:29 +00:00
taca
804b5dd2f5 Update ruby-rest-client to 2.0.1.
* Update HOMEPAGE.

2.0.1.

* Warn if auto-generated headers from the payload, such as Content-Type,
  override headers set by the user. This is usually not what the user wants to
  happen, and can be surprising. (#554)
* Drop the old check for weak default TLS ciphers, and use the built-in Ruby
  defaults. Ruby versions from Oct. 2014 onward use sane defaults, so this is
  no longer needed. (#573)
2017-03-20 16:01:31 +00:00
taca
2672960f84 Update ruby-rest-client to 2.0.0.
pkgsrc change: Add pkg_alternatives support.

# 2.0.0

This release is largely API compatible, but makes several breaking changes.

- Drop support for Ruby 1.9
- Allow mime-types as new as 3.x (requires ruby 2.0)
- Respect Content-Type charset header provided by server. Previously,
  rest-client would not override the string encoding chosen by Net::HTTP. Now
  responses that specify a charset will yield a body string in that encoding.
  For example, `Content-Type: text/plain; charset=EUC-JP` will return a String
  encoded with `Encoding::EUC_JP`. (#361)
- Change exceptions raised on request timeout. Instead of
  `RestClient::RequestTimeout` (which is still used for HTTP 408), network
  timeouts will now raise either `RestClient::Exceptions::ReadTimeout` or
  `RestClient::Exceptions::OpenTimeout`, both of which inherit from
  `RestClient::Exceptions::Timeout`. For backwards compatibility, this still
  inherits from `RestClient::RequestTimeout` so existing uses will still work.
  This may change in a future major release. These new timeout classes also
  make the original wrapped exception available as `#original_exception`.
- Unify request exceptions under `RestClient::RequestFailed`, which still
  inherits from `ExceptionWithResponse`. Previously, HTTP 304, 401, and 404
  inherited directly from `ExceptionWithResponse` rather than from
  `RequestFailed`. Now _all_ HTTP status code exceptions inherit from both.
- Rename the `:timeout` request option to `:read_timeout`. When `:timeout` is
  passed, now set both `:read_timeout` and `:open_timeout`.
- Change default HTTP Accept header to `*/*`
- Use a more descriptive User-Agent header by default
- Drop RC4-MD5 from default cipher list
- Only prepend http:// to URIs without a scheme
- Fix some support for using IPv6 addresses in URLs (still affected by Ruby
  2.0+ bug https://bugs.ruby-lang.org/issues/9129, with the fix expected to be
  backported to 2.0 and 2.1)
- `Response` objects are now a subclass of `String` rather than a `String` that
  mixes in the response functionality. Most of the methods remain unchanged,
  but this makes it much easier to understand what is happening when you look
  at a RestClient response object. There are a few additional changes:
  - Response objects now implement `.inspect` to make this distinction clearer.
  - `Response#to_i` will now behave like `String#to_i` instead of returning the
    HTTP response code, which was very surprising behavior.
  - `Response#body` and `#to_s` will now return a true `String` object rather
    than self. Previously there was no easy way to get the true `String`
    response instead of the Frankenstein response string object with
    AbstractResponse mixed in.
  - Response objects no longer accept an extra request args hash, but instead
    access request args directly from the request object, which reduces
    confusion and duplication.
- Handle multiple HTTP response headers with the same name (except for
  Set-Cookie, which is special) by joining the values with a comma space,
  compliant with RFC 7230
- Rewrite cookie support to be much smarter and to use cookie jars consistently
  for requests, responses, and redirection in order to resolve long-standing
  complaints about the previously broken behavior: (#498)
  - The `:cookies` option may now be a Hash of Strings, an Array of
    HTTP::Cookie objects, or a full HTTP::CookieJar.
  - Add `RestClient::Request#cookie_jar` and reimplement `Request#cookies` to
    be a wrapper around the cookie jar.
  - Still support passing the `:cookies` option in the headers hash, but now
    raise ArgumentError if that option is also passed to `Request#initialize`.
  - Warn if both `:cookies` and a `Cookie` header are supplied.
  - Use the `Request#cookie_jar` as the basis for `Response#cookie_jar`,
    creating a copy of the jar and adding any newly received cookies.
  - When following redirection, also use this same strategy so that cookies
    from the original request are carried through in a standards-compliant way
    by the cookie jar.
- Don't set basic auth header if explicit `Authorization` header is specified
- Add `:proxy` option to requests, which can be used for thread-safe
  per-request proxy configuration, overriding `RestClient.proxy`
- Allow overriding `ENV['http_proxy']` to disable proxies by setting
  `RestClient.proxy` to a falsey value. Previously there was no way in Ruby 2.x
  to turn off a proxy specified in the environment without changing `ENV`.
- Add actual support for streaming request payloads. Previously rest-client
  would call `.to_s` even on RestClient::Payload::Streamed objects. Instead,
  treat any object that responds to `.read` as a streaming payload and pass it
  through to `.body_stream=` on the Net:HTTP object. This massively reduces the
  memory required for large file uploads.
- Changes to redirection behavior: (#381, #484)
  - Remove `RestClient::MaxRedirectsReached` in favor of the normal
    `ExceptionWithResponse` subclasses. This makes the response accessible on
    the exception object as `.response`, making it possible for callers to tell
    what has actually happened when the redirect limit is reached.
  - When following HTTP redirection, store a list of each previous response on
    the response object as `.history`. This makes it possible to access the
    original response headers and body before the redirection was followed.
  - Follow redirection consistently, regardless of whether the HTTP method was
    passed as a symbol or string. Under the hood rest-client now normalizes the
    HTTP request method to a lowercase string.
- Add `:before_execution_proc` option to `RestClient::Request`. This makes it
  possible to add procs like `RestClient.add_before_execution_proc` to a single
  request without global state.
- Run tests on Travis's beta OS X support.
- Make `Request#transmit` a private method, along with a few others.
- Refactor URI parsing to happen earlier, in Request initialization.
- Improve consistency and functionality of complex URL parameter handling:
  - When adding URL params, handle URLs that already contain params.
  - Add new convention for handling URL params containing deeply nested arrays
    and hashes, unify handling of null/empty values, and use the same code for
    GET and POST params. (#437)
  - Add the RestClient::ParamsArray class, a simple array-like container that
    can be used to pass multiple keys with same name or keys where the ordering
    is significant.
- Add a few more exception classes for obscure HTTP status codes.
- Multipart: use a much more robust multipart boundary with greater entropy.
- Make `RestClient::Payload::Base#inspect` stop pretending to be a String.
- Add `Request#redacted_uri` and `Request#redacted_url` to display the URI
  with any password redacted.

# 2.0.0.rc1

Changes in the release candidate that did not persist through the final 2.0.0
release:
- RestClient::Exceptions::Timeout was originally going to be a direct subclass
  of RestClient::Exception in the release candidate. This exception tree was
  made a subclass of RestClient::RequestTimeout prior to the final release.
2016-10-18 16:08:35 +00:00
taca
93473e5338 Switch depends on ruby-mime-types2 package.
Bump PKGREVISION.
2015-12-13 16:42:30 +00:00
agc
b9b754e081 Add SHA512 digests for distfiles for www category
Problems found locating distfiles:
	Package haskell-cgi: missing distfile haskell-cgi-20001206.tar.gz
	Package nginx: missing distfile array-var-nginx-module-0.04.tar.gz
	Package nginx: missing distfile encrypted-session-nginx-module-0.04.tar.gz
	Package nginx: missing distfile headers-more-nginx-module-0.261.tar.gz
	Package nginx: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package nginx-devel: missing distfile echo-nginx-module-0.58.tar.gz
	Package nginx-devel: missing distfile form-input-nginx-module-0.11.tar.gz
	Package nginx-devel: missing distfile lua-nginx-module-0.9.16.tar.gz
	Package nginx-devel: missing distfile nginx_http_push_module-0.692.tar.gz
	Package nginx-devel: missing distfile set-misc-nginx-module-0.29.tar.gz
	Package php-owncloud: missing distfile owncloud-8.2.0.tar.bz2

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 02:46:46 +00:00
taca
e9c9fef0c1 Update ruby-rest-client to 1.8.0, security fix.
# 1.8.0

- Security: implement standards compliant cookie handling by adding a
  dependency on http-cookie. This breaks compatibility, but was necessary to
  address a session fixation / cookie disclosure vulnerability.
  (#369 / CVE-2015-1820)

  Previously, any Set-Cookie headers found in an HTTP 30x response would be
  sent to the redirection target, regardless of domain. Responses now expose a
  cookie jar and respect standards compliant domain / path flags in Set-Cookie
  headers.
2015-03-28 04:12:16 +00:00
taca
a616dc9085 Update ruby-rest-client to 1.7.3.
# 1.7.3

- Security: redact password in URI from logs (#349 / OSVDB-117461)
- Drop monkey patch on MIME::Types (added `type_for_extension` method, use
  the public interface instead.

# 1.7.2

- Ignore duplicate certificates in CA store on Windows

# 1.7.1

- Relax mime-types dependency to continue supporting mime-types 1.x series.
  There seem to be a large number of popular gems that have depended on
  mime-types '~> 1.16' until very recently.
- Improve urlencode performance
- Clean up a number of style points

# 1.7.0

- This release drops support for Ruby 1.8.7 and breaks compatibility in a few
  other relatively minor ways
- Upgrade to mime-types ~> 2.0
- Don't CGI.unescape cookie values sent to the server (issue #89)
- Add support for reading credentials from netrc
- Lots of SSL changes and enhancements: (#268)
  - Enable peer verification by default (setting `VERIFY_PEER` with OpenSSL)
  - By default, use the system default certificate store for SSL verification,
    even on Windows (this uses a separate Windows build that pulls in ffi)
  - Add support for SSL `ca_path`
  - Add support for SSL `cert_store`
  - Add support for SSL `verify_callback` (with some caveats for jruby, OS X, #277)
  - Add support for SSL ciphers, and choose secure ones by default
- Run tests under travis
- Several other bugfixes and test improvements
  - Convert Errno::ETIMEDOUT to RestClient::RequestTimeout
  - Handle more HTTP response codes from recent standards
  - Save raw responses to binary mode tempfile (#110)
  - Disable timeouts with :timeout => nil rather than :timeout => -1
  - Drop all Net::HTTP monkey patches

# 1.6.8

- The 1.6.x series will be the last to support Ruby 1.8.7
- Pin mime-types to < 2.0 to maintain Ruby 1.8.7 support
- Add Gemfile, AUTHORS, add license to gemspec
- Point homepage at https://github.com/rest-client/rest-client
- Clean up and fix various tests and ruby warnings
- Backport `ssl_verify_callback` functionality from 1.7.0
2015-03-13 17:36:10 +00:00
jperkin
7c2936c0cf Import www/ruby-rest-client into pkgsrc.
A simple HTTP and REST client for Ruby, inspired by the Sinatra
microframework style of specifying actions: get, put, post, delete.
2014-06-03 14:06:49 +00:00