| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
I imported this gem (via PR) for net/ruby-userstream for net/ruby-tw,
but ruby-userstream is no longer required and has been removed.
sysutils/ruby-chef-zero and misc/ruby-powerbar still depend on
this hashie gem but they don't have a maintainer since initial imports.
|
|
Updated cross/aarch64-none-elf-binutils to 2.29.1
|
|
Changelog:
Some improvements about ARMv7 and ARMv8 in gas
|
|
|
|
* Sync with www/firefox-57.0.2
|
|
|
|
* Move gtk3 part to mozilla-common.mk
* Add a option for Widevine CDM support
Changelog:
For Windows only.
|
|
|
|
It should have been removed on 0.3.5 update.
Also update HOMEPAGE per https://rubygems.org/gems/thread_safe info.
Bump PKGREVISION.
|
|
Problem found by Ian D. Leroux and reported via private email... a few
months ago. My bad.
|
|
|
|
- no upstream activity for 4 years
- net/ruby-twitter gem includes the same functionality
- the only consumer net/ruby-tw no longer requires this gem
(switched to using userstream in twitter gem)
|
|
|
|
Upstream changes (from History.txt):
=== 1.2.1 2017-12-10
* Fix deprecated warnings (#77)
* update gems, use twitter v6.2.0, remove yajl-ruby from dependencies (#76)
=== 1.2.0 2017-08-20
* fix --stream option (#73)
=== 1.1.0 2017-07-02
* update rubygems - parallel, rainbow, launchy #72
* fix gemspec for ruby 2.4.x #71
|
|
On some platforms (strictly speaking the ones that have libm
somewhere in a path with /lib64/) LIB_SUFFIX is set to `64' leading
to install phase/PLIST errors due libraries and pkg-config `.pc'
files are tried to be installed in `lib64/'.
Add a `cmakelists' SUBST_CLASS to avoid that.
This should fix problems noticed on Joyent CentOS 7.2/x86_64 bulk builds.
|
|
|
|
Upstream changes (from Changelog.md):
## 3.0.0 (2017-11-29)
* added String refinement
* added new `Rainbow.uncolor` method
* dropped MRI 1.9.3 compatibility
* dropped MRI 2.0 compatibility
* removed Rake dependency
|
|
|
|
Upstream changes (from HISTORY):
=== 0.5.4 2017-12-08
* Fixes UnknownRequestType on Rails 5.1 for ActionDispatch::Request (xprazak2)
* Various cleanups (charliesome)
|
|
|
|
No upstream changelog, but seems to include security fixes CVE-2017-16516
and others:
https://github.com/brianmario/yajl-ruby/issues/176
https://github.com/brianmario/yajl-ruby/pull/178
|
|
|
|
2.1.16
- Fix python 3 syntax error when running tests.
- [nsone] support linked records-
2.1.15
- Added Linode provider.
|
|
|
|
Read/write after SSL object in error state (CVE-2017-3737)
==========================================================
Severity: Moderate
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake then
OpenSSL would move into the error state and would immediately fail if you
attempted to continue the handshake. This works as designed for the explicit
handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()),
however due to a bug it does not work correctly if SSL_read() or SSL_write() is
called directly. In that scenario, if the handshake fails then a fatal error
will be returned in the initial function call. If SSL_read()/SSL_write() is
subsequently called by the application for the same SSL object then it will
succeed and the data is passed without being decrypted/encrypted directly from
the SSL/TLS record layer.
In order to exploit this issue an application bug would have to be present that
resulted in a call to SSL_read()/SSL_write() being issued after having already
received a fatal error.
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================
Severity: Low
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
|
|
|
|
"Not yet documented, sorry" in upstream CHANGELOG.md.
|
|
|
|
|
|
- buffer: buffer allocated with an invalid content will now be zero
filled (CVE-2017-15897)
- deps: openssl updated to 1.0.2n
|
|
|
|
- buffer: buffer allocated with an invalid content will now be zero
filled (CVE-2017-15897)
- deps: openssl updated to 1.0.2n
|
|
- deps: openssl updated to 1.0.2n
|
|
|
|
- deps: openssl updated to 1.0.2n
|
|
|
|
pkgsrc changes:
- sort DEPENDS
Upstream changes (from CHANGES.md):
## 3.0.0 (2017-10-01)
* Drop support of Ruby `2.0` and Ruby `2.1`.
([@ixti])
* [#410](https://github.com/httprb/http/pull/410)
Infer `Host` header upon redirects.
([@janko-m])
* [#409](https://github.com/httprb/http/pull/409)
Enables request body streaming on any IO object.
([@janko-m])
* [#413](https://github.com/httprb/http/issues/413),
[#414](https://github.com/httprb/http/pull/414)
Fix encoding of body chunks.
([@janko-m])
* [#368](https://github.com/httprb/http/pull/368),
[#357](https://github.com/httprb/http/issues/357)
Fix timeout issue.
([@HoneyryderChuck])
|
|
|
|
This version is required by newer ruby-http gem 3.0.0.
Upstream changes: (from CHANGES.md)
## 2.0.0 (2017-10-01)
* [#17](https://github.com/httprb/form_data/pull/17)
Add CRLF character to end of multipart body.
[@mhickman][]
## 2.0.0.pre2 (2017-05-11)
* [#14](https://github.com/httprb/form_data/pull/14)
Enable streaming for urlencoded form data.
[@janko-m][]
## 2.0.0.pre1 (2017-05-10)
* [#12](https://github.com/httprb/form_data.rb/pull/12)
Enable form data streaming.
[@janko-m][]
|
|
|
|
No quotable changelog in the annoucement:
http://cldr.unicode.org/index/downloads/cldr-32
|
|
|
|
Default changes
- Change default queue.buffering.max.kbytes and
queued.max.message.kbytes to 1GB
- win32: Use sasl.kerberos.service.name for broker principal, not
sasl.kerberos.principal
Enhancements
- Default producer message offsets to OFFSET_INVALID rather than 0
- new nuget package layout + debian9 librdkafka build
- Allow for calling rd_kafka_queue_io_event_enable() from the C++
world
- rdkafka_performance: allow testing latency with different size
messages
Fixes
- Improved stability on termination
- offsets_for_times() return ERR__TIMED_OUT if brokers did not respond
in time
- Let list_groups() return ERR__PARTIAL with a partial group list
- Properly handle infinite
- Fix offsets_store() return value when at least one valid partition
- portability: rdendian: add le64toh() alias for older glibc
- Add MIPS build and fix CRC32 to work on big endian CPUs
- osx: fix endian checking for software crc32c
- Fix comparison in rd_list_remove_cmp
- stop calling cnd_timedwait() with a timeout of 0h
- Fix DNS cache logic broker.address.ttl
- Fix broker thread "hang" in CONNECT state
- Reset rkb_blocking_max_ms on broker DOWN to avoid busy-loop during
CONNECT
- Fix memory leak when producev() fails
- Raise cmake minimum version to 3.2
- Do not assume LZ4 worst
- Fix ALL_BROKERS_DOWN re-generation
- rdkafka-performance: busy wait to wait short periods of time
|
|
|
|
- This release fixes yet more errors present in the 4.0.5 fixes, that
could affect slaves. Moreover another critical issue in quicklists,
when they are used at a massive memory scale, was fixed in this
release. Upgrading from any 4.0.x release, especially if you are
running 4.0.4 or 4.0.5, is highly recommended.
|
|
|
|
0.20.0 - 2017-12-06
- Certbot's ACME library now recognizes URL fields in challenge
objects in preparation for Let's Encrypt's new ACME endpoint.
- The Apache plugin now parses some distro specific Apache
configuration files on non-Debian systems allowing it to get a
clearer picture on the running configuration.
- Certbot better reports network failures by removing information
about connection retries from the error output.
- An unnecessary question when using Certbot's webroot plugin
interactively has been removed.
- Certbot's NGINX plugin no longer sometimes incorrectly reports that
it was unable to deploy a HTTP->HTTPS redirect when requesting
Certbot to enable a redirect for multiple domains.
- Problems where the Apache plugin was failing to find directives and
duplicating existing directives on openSUSE have been resolved.
- An issue running the test shipped with Certbot and some our DNS
plugins with older versions of mock have been resolved.
- On some systems, users reported strangely interleaved output
depending on when stdout and stderr were flushed.
0.19.0 - 2017-10-04
- Certbot now has renewal hook directories where executable files can
be placed for Certbot to run with the renew subcommand.
- After revoking a certificate with the revoke subcommand, Certbot
will offer to delete the lineage associated with the certificate.
- When using Certbot's Google Cloud DNS plugin on Google Compute
Engine, you no longer have to provide a credential file to Certbot
if you have configured sufficient permissions for the instance which
Certbot can automatically obtain using Google's metadata service.
- When deleting certificates interactively using the delete
subcommand, Certbot will now allow you to select multiple lineages
to be deleted at once.
- Certbot's Apache plugin no longer always parses Apache's
sites-available on Debian based systems and instead only parses
virtual hosts included in your Apache configuration.
- The plugins subcommand can now be run without root access.
- certbot-auto now includes a timeout when updating itself so it no
longer hangs indefinitely when it is unable to connect to the
external server.
- An issue where Certbot's Apache plugin would sometimes fail to
deploy a certificate on Debian based systems if mod_ssl wasn't
already enabled has been resolved.
- A bug in our Docker image where the certificates subcommand could
not report if certificates maintained by Certbot had been revoked
has been fixed.
- Certbot's RFC 2136 DNS plugin (for use with software like BIND) now
properly performs DNS challenges when the domain being verified
contains a CNAME record.
|
|
|
