| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
|
|
From Hakan Engvall in PR 48519.
Bump PKGREVISION.
|
|
Changes in release 0.30.0:
* Interface changes:
- none, API and ABI backwards-compatible with 0.27.x and later
* New interfaces and features:
- ne_ssl.h: added ne_ssl_clicert_import, ne_ssl_context_get_flag
- ne_session.h: added ne_set_addrlist2
- ne_socket.h: added ne_addr_canonical
- ne_auth.h: added NE_AUTH_GSSAPI_ONLY, NE_AUTH_SSPI (Nathanael Rensen)
- ne_basic.h: added NE_CAP_EXT_MKCOL options test
- ne_request.h: support chunked bodies with negative length passed to
ne_set_request_body_provider (Julien Reichel)
* Bug fixes:
- ne_path_escape: fix excessive memory allocation (Pierre Crokaert)
- SSPI auth: use canonical server hostname, clear SSPI context after
successful auth (Nathanael Rensen)
- build fixes for Open Watcom compiler (NormW)
- fix Win32 error code handling for local ne_sock_prebind bind failure
- Win32: support LFS, thread-safe OpenSSL (Diego Santa Cruz)
- GnuTLS: fix GnuTLS 3.x support (Matthias Petschick, Bartosz Brachaczek)
|
|
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
|
|
are called p5-*.
I hope that's all of them.
|
|
Bump PKGREVISION.
|
|
changes:
-bugfixes (mostly SSL releated)
-docs updates
|
|
|
|
* Change ne_sock_close() to no longer wait for SSL closure alert:
o fixes possible hang with IIS servers when closing SSL connection
o this reverts the behaviour with OpenSSL to match 0.28.x,
and changes the behaviour with GnuTLS to match that with
OpenSSL
* Fix memory leak with GnuTLS
* API clarification in ne_sock_close():
o SSL closure handling now documented
o return value semantics fixed to describe the implementation
|
|
Changes in release neon 0.29.2, 30 December 2009 (PGP signature)
* Fix spurious 'certificate verify failed' errors with OpenSSL (Tom C)
* Fix unnecessary re-authentication with SSPI (Danil Shopyrin)
o Note that this change was previously listed in the 0.29.1 changes, however the patch had not been merged.
Changes in release neon 0.29.1, 15 December 2009 (PGP signature)
* Fixes for (Unix) NTLM implementation:
o fix handling of session timeout (Kai Sommerfeld)
o fix possible crash (basic@mozdev.org)
* Build fixes for Win32:
o fix use of socklen_t with recent SDKs (Stefan Kung)
o fix USE_GETADDRINFO on Win2K (Kai Sommerfeld)
* Fix build with versions of GnuTLS older than 2.8.0.
|
|
|
|
* Interface changes:
o none, API and ABI backwards-compatible with 0.28.x and 0.27.x
* New interfaces and features:
o added NTLM auth support for Unix builds (Kai Sommerfeld,
Daniel Stenberg)
o ne_auth.h: added NE_AUTH_GSSAPI and NE_AUTH_NTLM auth protocol codes
o added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst)
o added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(),
and ne_session.h:ne_session_socks_proxy()
o added support for system-default proxies: ne_session_system_proxy(),
implemented using libproxy where available
o ne_session.h: added NE_SESSFLAG_EXPECT100 session flag,
SSL verification failure bits extended by NE_SSL_BADCHAIN and
NE_SSL_REVOKED, better handling of failures within the cert chain
(thanks to Ludwig Nussel)
o ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(),
ne_iaddr_raw(), ne_iaddr_parse()
o ne_string.h: ne_buffer_qappend(), ne_strnqdup()
* Deprecated interfaces:
o ne_acl.h is obsoleted by ne_acl3744.h (but is still present)
o obsolete feature "NE_FEATURE_SOCKS" now never marked present
* Other changes:
o fix handling of "stale" flag in RFC2069-style Digest auth challenge
o ne_free() implemented as a function on Win32 (thanks to Helge Hess)
o symbol versioning used for new symbols, where supported
o ensure SSL connections are closed cleanly with OpenSSL
o fix build with OpenSSL 1.0 beta
o updated Polish (pl) translation (Arfrever Frehtes Taifersar Arahesis)
* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat;
could allow a Denial of Service attack by a malicious server.
* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in a
certificate subject name; could allow an undetected MITM attack against
an SSL server if a trusted CA issues such a cert.
Tested by Daniel Horecki with SVN client.
|
|
|
|
"reverse lookup" selftest succeed
-fix a memory allocation in case a sockaddr is larger than
"struct addrinfo" -- likely with IPv6
ride on update
|
|
add a local copy of SSL_SESSION_cmp which is missing in openssl 1.0.0 betas.
based on hack found at: http://trac.macports.org/ticket/19124
This fixes subversion-base build on NetBSD-current.
While here update to neon-0.28.5.
Changes in release neon 0.28.5, 3 July 2009 (PGP signature)
* Enable support for X.509v1 CA certificates in GnuTLS.
* Fix handling of EINTR in connect() calls.
* Fix use of builds with SOCK_CLOEXEC support on older Linux kernels.
Changes in release neon 0.28.4, 3 March 2009 (PGP signature)
* Fix ne_forget_auth (Kai Sommerfeld)
* GnuTLS support fixes:
o fix handling of PKCS#12 client certs with multiple certs or keys
o fix crash with OpenPGP certificate
o use pkg-config data in configure, in preference to libgnutls-config
* Add PKCS#11 support for OpenSSL builds (where pakchois is available)
* Fix small memory leak in PKCS#11 code.
* Fix build on Haiku (scott mc)
|
|
|
|
Remove comment about checking subversion for neon > 0.27 as 0.28.3 is
in fact the prefered version for the current subversion.
Several years of bug fixes.
|
|
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
|
|
|
|
on packages that are affected by the switch from the openssl 0.9.7
branch to the 0.9.8 branch. ok jlam@
|
|
|
|
|
|
|
|
change (keeping BUILDLINK_ABI_DEPENDS bump).
|
|
* Fix buffer under-read in URI parser (Laszlo Boszormenyi, CVE-2007-0157)
* Fix regression in handling of "attempt" argument passed to auth callbacks;
ensure the value only increments for each invocation of the callback
* Fix handling of "nextnonce" parameter in Digest authentication
Changes 0.26.2:
* Fix error reported for LOCK responses lacking a Lock-Token header.
* Use Libs.private in neon.pc for newer versions of pkg-config.
* Build fix for platforms without libintl.h.
* Build fixes for MinGW.
* Build fix for h_errno detection on HP-UX 10.
* Win32: enable debugging; build fixes with some SDKs.
Changes 0.26.1:
* Build fixes for Win32 (D.J. Heap) and OS X.
* Add Simplified Chinese translation
Changes in release 0.26.0:
* Added internationalization support:
* Added support for GnuTLS
* Changes and additions to URI support:
* Changed results callbacks for ne_lock_discover, PROPFIND interfaces:
* Added functions which give control over authentication protocol use:
* Added ne_unhook_* functions to remove hooks
* Added ne_set_session_flags()/ne_get_session_flags() functions:
* Added ne_set_request_flags()/ne_get_request_flags() functions:
* Change ne_md5.h interface to make struct ne_md5_ctx opaque:
* Fixed ne_get_range(), added ne_get_range64()
* Removed NE_FREE() macro from ne_alloc.h
* Added ne_strcasecmp(), ne_strncasecmp(), ne_tolower() functions
* Changed ne_sock_init()/ne_sock_exit() such that ne_sock_exit()
* Added "--enable-threadsafe-ssl=posix" configure flag, to enable
* The manual is now licensed under the GPL rather than the GFDL
|
|
|
|
and add a new helper target and script, "show-buildlink3", that outputs
a listing of the buildlink3.mk files included as well as the depth at
which they are included.
For example, "make show-buildlink3" in fonts/Xft2 displays:
zlib
fontconfig
iconv
zlib
freetype2
expat
freetype2
Xrender
renderproto
|
|
of the order in which buildlink3.mk files are (recursively) included
by a package Makefile.
|
|
that they look nicer.
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
|
|
<mark@mcs.vuw.ac.nz> in PR 32642.
|
|
|
|
|
|
of the shlib major bump.
PKGREVISION++ for the dependencies.
|
|
Changes in release 0.25.5:
* ne_ssl_clicert_decrypt(): catch and fail to load a client cert
with mismatched key/cert pair.
* Fix build issue on AIX 5.1.
* Fix warnings if built against OpenSSL >= 0.9.8.
* Win32: fix issues in SSPI implementation (Stefan Küng).
|
|
Changes in release 0.25.4:
* GSSAPI fixes for non-MIT implementations (Mikhail Teterin).
* Fix ne_print_request_header() et al to use 8K buffer size on all
platforms (fixes issue with long Destination: URLs on Win32).
* Win32 build fix for !USE_GETADDRINFO configuration.
* Documentation updates.
Changes in release 0.25.3:
* ne_lock() and ne_unlock(): fix cases where NE_ERROR would be returned
instead of e.g. NE_AUTH on auth failure.
* Prevent use of poll() on Darwin.
* Fix gethostbyname-based resolver on LP64 platforms (Matthew Sanderson).
Changes in release 0.25.2:
* Really fix the Win32 build.
Changes in release 0.25.1:
* ne_get_content_type(): fix cases where the charset field was not set
to NULL after successful return (Johannes Schneider)
* Compressed response handling fixes:
- fix double invocation of reader callback with len=0
- fix cases where the reader callback return value was ignored
* Cache the new SSL session if the old one was expired (Robert Eiglmaier)
* Win32: fix build issues.
Changes in release 0.25.0:
* New interfaces:
- ne_get_response_header() replaces ne_add_response_header_handler
- ne_read_response_to_fd() and ne_discard_response() for use with
ne_begin_request/ne_end_request style response handling
- ne_xmlreq.h: ne_xml_parse_response() and ne_xml_dispatch_request()
- ne_has_support() for feature detection, replaces ne_support_ssl()
- ne_set_addrlist() can be used to bypass normal DNS hostname resolver
- ne_buffer_czappend(), convenience wrapper for ne_buffer_append.
- ne_iaddr_typeof() returns type of a socket object
- ne_get_content_type() replaces ne_content_type_handler()
- ne_set_request_expect100() replaces ne_set_expect100()
* New interfaces on LFS systems for large file support:
- ne_set_request_body_fd64() call for using an fd opened using O_LARGEFILE
- ne_set_request_body_provider64(), takes an off64_t length argument
* Interface changes:
- ne_set_request_body_fd takes offset and length arguments and returns void
- ne_set_request_body_provider takes length as off_t rather than size_t;
provider callbacks now MUST set session error string if returning an error
- response body reader callback returns an integer and can abort the response
- ne_decompress_destroy() returns void; errors are caught earlier
- ne_xml_failed() replaces ne_xml_valid(), with different return value logic
- ne_xml_parse() can return an error; ne_xml_parse_v() aborts the response if
the parse either fails or is aborted by a handler returning NE_XML_ABORT
- ne_path_escape() now escapes all but unreserved characters
- ne_ssl_clicert_name() and ne_ssl_cert_identity() clarified to return UTF-8
- ne_ssl_clicert_name() clicert object argument is now const
- ne_uri_parse()/ne_uri_free() memory handling clarified
- removed the buffer length requirement for ne_read_response_block()
* Bug fixes:
- properly handle multiple Authentication challenges per request
- fixes and improvements to the Negotiate auth implementation
- handle proxies which send a 401 auth challenge to a CONNECT request
- XML: handle the UTF-8 BOM even if the underlying parser does not
- Win32: Fix timezone handling (Jiang Lei)
- ne_lock_refresh() works and will update timeout of passed-in lock
- persistent connection timeout handling fixes for CygWin et al
- impose hard limit of 1024 props per resource in ne_props.h response parsing
* New platform-specific features:
- Win32: Negotiate/NTLM support using SSPI (Vladimir Berezniker)
- Win32: Add IPv6 support using ENABLE_IPV6 neon.mak flag (Kai Sommerfeld)
* Removed features:
- the cookies interface has been removed
- removed functions: ne_service_lookup(), ne_put_if_unmodified()
- "qop=auth-int" support removed from Digest auth implementation
* Default XML parser search changed to check for expat before libxml2.
|
|
|
|
|
|
|
|
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
All library names listed by *.la files no longer need to be listed
in the PLIST, e.g., instead of:
lib/libfoo.a
lib/libfoo.la
lib/libfoo.so
lib/libfoo.so.0
lib/libfoo.so.0.1
one simply needs:
lib/libfoo.la
and bsd.pkg.mk will automatically ensure that the additional library
names are listed in the installed package +CONTENTS file.
Also make LIBTOOLIZE_PLIST default to "yes".
|
|
Changes in release 0.24.7:
* Compression interface fixes:
- fix issues handling content decoding and request retries from
authentication challenges (Justin Erenkrantz)
- fix places where reader callback would receive spurious size=0 calls
- fix to pass user-supplied userdata to user-supplied acceptance callback
* Fix for RFC2617-style digest authentication (Hideaki Takahashi).
* Fix to pick up gethostbyname() on QNX 6.2.
|
|
Security fix release
|
|
|
