pkgsrc bash has problems with locale #8

ghost · 2012-10-23T15:06:54Z

fighting the better part of the day trying to sort locale issues with ssh/sshd in a oi_151a7 local zone, and finally I believe the culprit is pkgsrc bash.
If I sudo pkgin install bash, then add /opt/pkg/bin/bash to /etc/shells and finally do a
usermod -s /opt/pkg/bin/bash , then when I log in (in this case via ssh) it ignores LANG and LC_ALL.
Is there something special to do here, or is this the reason /usr/bin/bash is forced in /etc/opt/pkg/mk.conf?

jperkin · 2012-10-23T15:34:54Z

I can't speak to the locale issue, but it's not related to why
/usr/bin/bash is used in mk.conf, that is simply setting the default
shell in pkgsrc.

Ordinarily it'd be /bin/sh but the ksh93 in illumos has bugs so it's
better to use bash.

Jonathan Perkin www.perkin.org.uk
github.com/jperkin twitter.com/jperkin

== 1.2.1 / 2013-02-09 * Bugs Fixed: * As seen in rspec/rspec-expectations#200, the release of Diff::LCS 1.2 introduced an unnecessary public API change to Diff::LCS::Hunk (see the change at rspec/rspec-expectations@3d6fc82c for details). The new method name (and behaviour) is more correct, but I should not have renamed the function or should have at least provided an alias. This release restores Diff::LCS::Hunk#unshift as an alias to #merge. Note that the old #unshift behaviour was incorrect and will not be restored. == 1.2.0 / 2013-01-21 * Minor Enhancements: * Added special case handling for Diff::LCS.patch so that it handles patches that are empty or contain no changes. * Added two new methods (#patch\_me and #unpatch\_me) to the includable module. * Bugs Fixed: * Fixed issue #1 patch direction detection. halostatue/diff-lcs#1 * Resolved issue #2 by handling string[string.size, 1] properly (it returns "" not nil). halostatue/diff-lcs#2 * Michael Granger (ged) fixed an implementation error in Diff::LCS::Change and added specs in pull request #8. Thanks! halostatue/diff-lcs#8 * Made the code auto-testable. * Vít Ondruch (voxik) provided the latest version of the GPL2 license file in pull request #10. Thanks! halostatue/diff-lcs#10 * Fixed a documentation issue with the includable versions of #patch! and #unpatch! where they implied that they would replace the original value. Given that Diff::LCS.patch always returns a copy, the documentation was incorrect and has been corrected. To provide the behaviour that was originally documented, two new methods were added to provide this behaviour. Found by scooter-dangle in issue #12. Thanks! halostatue/diff-lcs#12 * Code Style Changes: * Removed trailing spaces. * Calling class methods using '.' instead of '::'. * Vít Ondruch (voxik) removed unnecessary shebangs in pull request #9. Thanks! halostatue/diff-lcs#9 * Kenichi Kamiya (kachick) removed some warnings of an unused variable in lucky pull request #13. halostatue/diff-lcs#13 Thanks! * Embarked on a major refactoring to make the files a little more manageable and understand the code on a deeper level. * Adding to http://travis-ci.org.

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

=== 1.4 / 2013-07-23 * Minor enhancements * Relaxed parser to accept quoted algorithm to work with Linksys SPA922. Pull request #8 by Ismail Hanli, Issue #5 by bearded === 1.3 / 2012-03-28 * Minor enhancements * The cnonce is regenerated for every request to improve security. * SecureRandom is used to generate the cnonce instead of Kernel#rand * Bug fix * cnonce and nonce-count are no longer sent when qop was not provided per RFC 2617 section 3.2.2.

Release 1.10.2 (2011-11-20) Kouhei Sutou <kou@cozmixng.org>) ============================================================ Fixes ----- * Added missing pkg-config dependency. #8 [Will Bryant]

* 1.8.13, 2011-07-02 - A race in Algorithm_Factory that could cause crashes in multithreaded code has been fixed. * 1.8.12, 2011-06-20 - If EMSA3(Raw) was used for more than one signature, it would produce incorrect output. - Fix the --enable-debug option to configure.py - Improve OS detection on Cygwin - Fix compilation under Sun Studio 12 on Solaris - Fix a memory leak in the constructors of DataSource_Stream and DataSink_Stream which would occur if opening the file failed. PR 144 * 1.8.11, 2010-11-02 - Fix a number of CRL encoding and decoding bugs - When building a debug library under VC++, use the debug runtime - Fix compilation under Sun Studio on Linux and Solaris - Add several functions for compatability with 1.9 - In the examples, read most input files as binary - The Perl build script has been removed in this release * 1.8.10, 2010-08-31 - Switch default PKCS #8 encryption algorithm from 3DES to AES-256 - Increase default hash iterations from 2048 to 10000 in PBES1 and PBES2 - Use small tables in the first round of AES - Add PBKDF typedef and get_pbkdf for better compatability with 1.9 - Add version of S2K::derive_key taking salt and iteration count - Enable the /proc-walking entropy source on NetBSD - Fix the doxygen makefile target * 1.8.9, 2010-06-16 - Use constant time multiplication in IDEA - Avoid possible timing attack against OAEP decoding - Add new X509::BER_encode and PKCS8::BER_encode - Enable DLL builds under Windows - Add Win32 installer support - Add support for the Clang compiler - Fix problem in semcem.h preventing build under Clang or GCC 3.4 - Fix bug that prevented creation of DSA groups under 1024 bits - Fix crash in GMP_Engine if library is shutdown and reinitialized - Work around problem with recent binutils in x86-64 SHA-1 - The Perl build script is no longer supported and refuses to run by default * 1.8.8, 2009-11-03 - Alter Skein-512 to match the tweaked 1.2 specification - Fix use of inline asm for access to x86 bswap function - Allow building the library without AES enabled - Add 'powerpc64' alias to ppc64 arch for Gentoo ebuild

=== 2.3.2 * Bug fix * Finish connections that were closed by Net::HTTP so they can be restarted. === 2.3.1 / 2011-10-26 * Bug fix * If a request object already contains a Connection header it will no longer be overridden. This allows keep-alive connections to be disabled on a per-request basis. === 2.3 / 2011-10-25 * Minor Enhancement * The time since last use for a connection is now recorded in error messages for the connection. === 2.2 / 2011-10-24 * Minor Enhancements * Added timeouts for idle connections which are set through #idle_timeout. The default timeout is 5 seconds. Reducing the idle timeout is preferred over setting #retry_change_requests to true if you wish to avoid the "too many connection resets" error when POSTing data. * Documented tunables and settings in one place in Net::HTTP::Persistent === 2.1 / 2011-09-19 * Minor Enhancement * For HTTPS connections, SSL sessions are now reused avoiding the extra round trips and computations of extra SSL handshakes. If you have problems with SSL session reuse it can be disabled by Net::HTTP::Persistent#reuse_ssl_sessions * Bug Fixes * The default certificate store is now used even if #verify_mode was not set. Issue #7, Pull Request #8 by Matthew M. Boedicker

Changes: * Show warnings for JsonCsrtf attacks. * do not enable parameter escaping by default, fixes #8. * Use more specific namespace declaration in Rack::Builder configuration. * NotimpelentedError typo fix * add test that makes sure passingin on :track option works. related to #6. * deal with PATH_INFO being nil, fixes #7. * do not track HTTP_VERSION, fixes #6.

== 1.1.3 - 2012/01/29 * [GitHub #8] fix test broken by libpng version. (Patch by Bohuslav Kabrda.) * Used RbConfig instead of Config. == 1.1.2 - 2011/07/04 * [GitHub #2] fix test broken. (Reported by Mamoru Tasaka.) * [GitHub #4] update project descripton. (Patch by Antonio Terceiro.) * [GitHub #4] use setup.rb instead of extconf.rb. (Patch by Antonio Terceiro.) * [GitHub #3] add Copyright notice to README. (Suggested by Antonio Terceiro.) * [GitHub #7] supported non i386 and amd64 architectures. (Reported by Antonio Terceiro.)

== MIME::Types 1.18 / 2012-03-20 * New MIME Types: * Types reported in Issue #6 (mime-types/ruby-mime-types#6): * CoffeeScript (text/x-coffeescript; .coffee; 8bit). * AIR (application/vnd.adobe.air-applicationinstaller-package+zip, .air; base64). * WOFF (application/font-woff; .woff; base64). * TrueType (application/x-font-truetype; .ttf; base64). * OpenType (application/x-font-opentype; .otf; base64). * WebM (audio/webm, video/webm; .webm). Issue #11 (mime-types/ruby-mime-types#11). * New extensions: * f4v/f4p (video/mp4, used by Adobe); f4a/fb4 (audio/mp4, used by Adobe). * Bug Fixes: * It was pointed out that Licence.txt was incorrectly named. Fixed by renaming to Licence.rdoc (from Issue/Pull Request #8, mime-types/ruby-mime-types#8). * It was pointed out that a plan to have the test output generated automatically never went through. Issue #10 (mime-types/ruby-mime-types#10)

Upstream changes: ----------------- 2012-04-04: released Fabric 1.4.1 2012-04-04: released Fabric 1.3.6 [Bug] #608: Add capture kwarg to rsync_project to aid in debugging rsync problems. [Bug] #607: Allow local to display stdout/stderr when it warns/aborts, if it was capturing them. [Bug] #395: Added an FAQ entry detailing how to handle init scripts which misbehave when a pseudo-tty is allocated. [Bug] #568: execute allowed too much of its internal state changes (to variables such as env.host_string and env.parallel) to persist after execution completed; this caused a number of different incorrect behaviors. execute has been overhauled to clean up its own state changes - while preserving any state changes made by the task being executed. [Bug] #584: upload_project did not take explicit remote directory location into account when untarring, and now uses cd to address this. Thanks to Ben Burry for the patch. [Bug] #458: with_settings did not perfectly match settings, re: ability to inline additional context managers. This has been corrected. Thanks to Rory Geoghegan for the patch. [Bug] #499: contrib.files.first used an outdated function signature in its wrapped exists call. This has been fixed. Thanks to Massimiliano Torromeo for catch & patch. [Bug] #551: --list output now detects terminal window size and truncates (or doesn't truncate) accordingly. Thanks to Horacio G. de Oro for the initial pull request. [Bug] #572: Parallel task aborts (as oppposed to unhandled exceptions) now correctly print their abort messages instead of tracebacks, and cause the parent process to exit with the correct (nonzero) return code. Thanks to Ian Langworth for the catch. [Bug] #306: Remote paths now use posixpath for a separator. Thanks to Jason Coombs for the patch. 2012-02-13: released Fabric 1.4.0 2012-02-13: released Fabric 1.3.5 2012-02-13: released Fabric 1.2.6 2012-02-13: released Fabric 1.1.8 [Bug] #495: Fixed documentation example showing how to subclass Task. Thanks to Brett Haydon for the catch and Mark Merritt for the patch. [Bug] #410: Fixed a bug where using the task decorator inside/under another decorator such as hosts could cause that task to become invalid when invoked by name (due to how old-style vs new-style tasks are detected.) Thanks to Dan Colish for the initial patch. [Feature] #559: rsync_project now allows users to append extra SSH-specific arguments to rsync`s --rsh flag. [Feature] #138: env.port may now be written to at fabfile module level to set a default nonstandard port number. Previously this value was read-only. [Feature] #3: Fabric can now load a subset of SSH config functionality directly from your local ~/.ssh/config if env.use_ssh_config is set to True. See Leveraging native SSH config files for details. Thanks to Kirill Pinchuk for the initial patch. [Feature] #12: Added the ability to try connecting multiple times to temporarily-down remote systems, instead of immediately failing. (Default behavior is still to only try once.) See env.timeout and env.connection_attempts for controlling both connection timeouts and total number of attempts. reboot has also been overhauled (but practically deprecated - see its updated docs.) [Feature] #474: execute now allows you to access the executed task's return values, by itself returning a dictionary whose keys are the host strings executed against. [Bug] #487: Overhauled the regular expression escaping performed in append and contains to try and handle more corner cases. Thanks to Neilen Marais for the patch. [Support] #532: Reorganized and cleaned up the output of fab --help. [Feature] #8: Added --skip-bad-hosts/env.skip_bad_hosts option to allow skipping past temporarily down/unreachable hosts. [Feature] #13: Env vars may now be set at runtime via the new --set command-line flag. [Feature] #506: A new output alias, commands, has been added, which allows hiding remote stdout and local "running command X" output lines. [Feature] #72: SSH agent forwarding support has made it into Fabric's SSH library, and hooks for using it have been added (disabled by default; use -A or env.forward_agent to enable.) Thanks to Ben Davis for porting an existing Paramiko patch to ssh and providing the necessary tweak to Fabric.

== 1.7.2 / 2012-04-03 Bug Fixes - Fixed segmentation fault on exit [issue #30] - Fixed syswrite warning when IO contains unflushed data in buffer [issue #31] - Added "mingw" to the list of Windows host versions == 1.7.1 / 2012-03-05 Bug Fixes - Fixed deprecated use of Config::* [issue #29] == 1.7.0 / 2012-02-18 Enhancements - Move appender factories [issue #28] - ActionMail compatible options in the email appender [issue #27] - Add TLS support to the email appender [issue #25] - Refactoring appender shutdown [issue #20] Bug Fixes - File locking fails on windows using JRuby [issue #22] == 1.6.2 / 2012-01-05 Bug Fixes - Fix typo in the Readme [issue #14] - Fix spelling in a variety of places [issue #15] - Solaris does not have Syslog#LOG_PERROR defined [issue #17] - Fix failing tests for Ruby 1.9.3 [issue #18] - Check for RUBY_ENGINE for Ruby 1.8.7 [issue #19] - Whitespace and '# EOF' cleanup - Support for Rubinious == 1.6.1 / 2011-09-09 Bug Fixes - Rails compatibility methods [issue #11] - Blocked rolling file appender [issue #12] == 1.6.0 / 2011-08-22 Enhancements - Adding periodic flushing of buffered messages [issue #10] - Accessor for a logger's appenders [issue #9] - Better support for capturing log messages in RSpec version 1 & 2 == 1.5.2 / 2011-07-07 Bug Fixes - Changing working directory breaks rolling file appenders [issue #8] == 1.5.1 / 2011-06-03 Bug Fixes - IO streams cannot be buffered when using syswrite - JRuby does not allow shared locks on write only file descriptors - Fixing tests for JRuby 1.6.X == 1.5.0 / 2011-03-22 Minor Enhancements - removed mutexes in favor of IO#syswrite - no round tripping through the buffer array when auto_flushing is true - added a Proxy object that will log all methods called on it - colorization of log messages

changes: bugfixes: -Fixed memory leak in PKCS #8 key import -Check key identifiers when checking for an issuer pkgsrc note: This is just a last checkpoint on the 2.x branch, in case it will be needed for the Q2 branch. Will update to 3.x RSN.

Release 1.12.2 (2012-06-03) Kouhei Sutou <kou@cozmixng.org>) ============================================================ Improvements ------------ * Added Cairo::Device.supported?. [GitHub#11] [Reported by Cédric Boutillier] * Added Cairo::Device.gl_texture_supported?. * Added Cairo::Surface.supported?. * Defined all surfaces even if a surface isn't available. Use Cairo::Surface.XXX_supported? method to check surface availability. * Added Cairo::Pattern.xxx_supported?. [GitHub#12] [Reported by Mamoru Tasaka] * [experimental] Supported auto native package install. Thanks ------ * Cédric Boutillier * Mamoru Tasaka Release 1.12.1 (2012-03-31) Kouhei Sutou <kou@cozmixng.org>) ============================================================ Improvements ------------ * Re-supported cairo < 1.10.0. [ruby-gnome2-devel-en] Help me install my own program [Eric C.] Fixes ----- * Fixed a problem that an unresolved symbol is referenced. Thanks ------ * Eric C. Release 1.12.0 (2012-03-25) Kouhei Sutou <kou@cozmixng.org>) ============================================================ Improvements ------------ * Supported cairo 1.12.0. * Cairo::Surface#supported_mime_type? * Cairo::Surface#create_similar_image * Cairo::Surface#map_to_image * Cairo::Surface#unmap_to_image * Cairo::RecordingSurface#extents * Cairo::MeshPattern * Cairo::RasterSourcePattern * Cairo::MimeType::UNIQUE_ID * Supported glesv2 surface. Fixes ----- * Fixed a bug that Cairo::HINT_METRICS_ON can't be specified. #8 [Vasily Fedoseyev] Thanks ------ * Vasily Fedoseyev

== 1.2.1 / 2013-02-09 * Bugs Fixed: * As seen in rspec/rspec-expectations#200, the release of Diff::LCS 1.2 introduced an unnecessary public API change to Diff::LCS::Hunk (see the change at rspec/rspec-expectations@3d6fc82c for details). The new method name (and behaviour) is more correct, but I should not have renamed the function or should have at least provided an alias. This release restores Diff::LCS::Hunk#unshift as an alias to #merge. Note that the old #unshift behaviour was incorrect and will not be restored. == 1.2.0 / 2013-01-21 * Minor Enhancements: * Added special case handling for Diff::LCS.patch so that it handles patches that are empty or contain no changes. * Added two new methods (#patch\_me and #unpatch\_me) to the includable module. * Bugs Fixed: * Fixed issue #1 patch direction detection. halostatue/diff-lcs#1 * Resolved issue #2 by handling string[string.size, 1] properly (it returns "" not nil). halostatue/diff-lcs#2 * Michael Granger (ged) fixed an implementation error in Diff::LCS::Change and added specs in pull request #8. Thanks! halostatue/diff-lcs#8 * Made the code auto-testable. * Vít Ondruch (voxik) provided the latest version of the GPL2 license file in pull request #10. Thanks! halostatue/diff-lcs#10 * Fixed a documentation issue with the includable versions of #patch! and #unpatch! where they implied that they would replace the original value. Given that Diff::LCS.patch always returns a copy, the documentation was incorrect and has been corrected. To provide the behaviour that was originally documented, two new methods were added to provide this behaviour. Found by scooter-dangle in issue #12. Thanks! halostatue/diff-lcs#12 * Code Style Changes: * Removed trailing spaces. * Calling class methods using '.' instead of '::'. * Vít Ondruch (voxik) removed unnecessary shebangs in pull request #9. Thanks! halostatue/diff-lcs#9 * Kenichi Kamiya (kachick) removed some warnings of an unused variable in lucky pull request #13. halostatue/diff-lcs#13 Thanks! * Embarked on a major refactoring to make the files a little more manageable and understand the code on a deeper level. * Adding to http://travis-ci.org.

* Version 3.2.1 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: Corrected issue when receiving client hello verify requests in DTLS. ** libgnutls: Fixes in DTLS record overhead size calculations. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: gnutls_session_set_id: Added * Version 3.2.0 (released 2013-05-10) ** libgnutls: Use nettle's elliptic curve implementation. ** libgnutls: Added Salsa20 cipher ** libgnutls: Added UMAC-96 and UMAC-128 ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. As they are not standardized they are defined using private ciphersuite numbers. ** libgnutls: Added support for DTLS 1.2. ** libgnutls: Added support for the Application Layer Protocol Negotiation (ALPN) extension. ** libgnutls: Removed support for the RSA-EXPORT ciphersuites. ** libgnutls: Avoid linking to librt (that also avoids unnecessary linking to pthreads if p11-kit isn't used). ** API and ABI modifications: gnutls_cipher_get_iv_size: Added gnutls_hmac_set_nonce: Added gnutls_mac_get_nonce_size: Added * Version 3.1.10 (released 2013-03-22) ** certtool: When generating PKCS #12 files use by default the ARCFOUR (RC4) cipher to be compatible with devices that don't support AES with PKCS #12. ** libgnutls: Load CA certificates in android 4.x systems. ** libgnutls: Optimized CA certificate loading. ** libgnutls: Private keys are overwritten on deinitialization. ** libgnutls: PKCS #11 slots are scanned only when needed, not on initialization. This speeds up gnutls initialization when smart cards are present. ** libgnutls: Corrected issue in the (deprecated) external key signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. ** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr. ** libgnutls-dane: Updated DANE verification options. ** configure: Trust store file must be explicitly set or unset when cross compiling. ** API and ABI modifications: gnutls_x509_crt_get_issuer_dn2: Added gnutls_x509_crt_get_dn2: Added gnutls_x509_crl_get_issuer_dn2: Added gnutls_x509_crq_get_dn2: Added gnutls_x509_trust_list_remove_trust_mem: Added gnutls_x509_trust_list_remove_trust_file: Added gnutls_x509_trust_list_remove_cas: Added gnutls_session_get_desc: Added gnutls_privkey_sign_raw_data: Added gnutls_privkey_status: Added * Version 3.1.9 (released 2013-02-27) ** certtool: Option --to-p12 will now ask for a password to generate a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. ** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). ** libgnutls: Corrected parsing issue in XMPP within a subject alternative name. Reported by James Cloos. ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 modules, and not only the ones loaded via p11-kit. ** libgnutls: Added function to check whether the private key is still available (inserted). ** libgnutls: Try to detect fork even during nonce generation. ** API and ABI modifications: gnutls_handshake_set_random: Added gnutls_transport_set_int2: Added gnutls_transport_get_int2: Added gnutls_transport_get_int: Added gnutls_record_cork: Exported gnutls_record_uncork: Exported gnutls_pkcs11_privkey_status: Added * Version 3.1.8 (released 2013-02-10) ** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation with encrypted keys. Reported by Yan Fiz. ** libgnutls: The minimum DH bits accepted by priorities NORMAL and PERFORMANCE was set to previous defaults 727 bits. Reported by Diego Elio Petteno. ** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() to operate with long keys. Reported by Erik A Jensen. ** API and ABI modifications: No changes since last version. * Version 3.1.7 (released 2013-02-04) ** certtool: Added option "dn" which allows to directly set the DN in a template from an RFC4514 string. ** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. ** libgnutls-xssl: Added a new library to simplify GnuTLS usage. ** libgnutls-dane: Added function to specify a DLV file. ** libgnutls: Heartbeat code was made optional. ** libgnutls: Fixes in server side of DTLS-0.9. ** libgnutls: DN variable 'T' was expanded to 'title'. ** libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Paterson and Nadhem Alfardan. ** libgnutls: Added functions to directly set the DN in a certificate or request from an RFC4514 string. ** libgnutls: Optimizations in the random generator. The re-seeding of it is now explicitly done on every session deinit. ** libgnutls: Simplified the DTLS sliding window implementation. ** libgnutls: The minimum DH bits accepted by a client are now set by the specified priority string. The current values correspond to the previous defaults (727 bits), except for the SECURE128 and SECURE192 strings which increase the minimum to 1248 and 1776 respectively. ** libgnutls: Added the gnutls_record_cork() and uncork API to enable buffering in sending application data. ** libgnutls: Removed default random padding, and added a length-hiding interface instead. Both the server and the client must support this extension. Whether length-hiding can be used on a given session can be checked using gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. ** libgnutls: Added the experimental %NEW_PADDING priority string. It enables a new padding mechanism in TLS allowing arbitrary padding in TLS records in all ciphersuites, which makes length-hiding more efficient and solves the issues with timing attacks on CBC ciphersuites. ** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD ciphers (i.e., AES-GCM). Reported by William McGovern. ** API and ABI modifications: gnutls_db_check_entry_time: Added gnutls_record_set_timeout: Added gnutls_record_get_random_padding_status: Added gnutls_x509_crt_set_dn: Added gnutls_x509_crt_set_issuer_dn: Added gnutls_x509_crq_set_dn: Added gnutls_range_split: Added gnutls_record_send_range: Added gnutls_record_set_max_empty_records: Added gnutls_record_can_use_length_hiding: Added gnutls_rnd_refresh: Added xssl_deinit: Added xssl_flush: Added xssl_read: Added xssl_getdelim: Added xssl_write: Added xssl_printf: Added xssl_sinit: Added xssl_client_init: Added xssl_server_init: Added xssl_get_session: Added xssl_get_verify_status: Added xssl_cred_init: Added xssl_cred_deinit: Added dane_state_set_dlv_file: Added GNUTLS_SEC_PARAM_EXPORT: Added GNUTLS_SEC_PARAM_VERY_WEAK: Added * Version 3.1.6 (released 2013-01-02) ** libgnutls: Fixed record padding parsing issue. Reported by Kenny Patterson and Nadhem Alfardan. ** libgnutls: Several updates in the ASN.1 string handling subsystem. ** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero policy qualifiers. ** libgnutls: Ignore heartbeat messages when received out-of-order, instead of issuing an error. ** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi. ** libgnutls: TPM support is disabled by default because GPL programs cannot link with it. Use --with-tpm to enable it. ** libgnutls-guile: Fixed parallel compilation issue. ** gnutls-cli: It will try to connect to all possible returned addresses before failing. ** API and ABI modifications: No changes since last version. * Version 3.1.5 (released 2012-11-24) ** libgnutls: Added functions to parse the certificates policies extension. ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished Name by translating it to UTF-8 (works on windows or systems with iconv). ** libgnutls: Added PKCS #11 key generation function that returns the public key on generation. ** libgnutls: Corrected bug in priority string parsing, that mostly affected combined levels. Patch by Tim Kosse. ** certtool: The --pubkey-info option can be combined with the --load-privkey or --load-request to print the corresponding public keys. ** certtool: It is able to set certificate policies via a template. ** certtool: Added --hex-numbers option which prints big numbers in an easier to parse format. ** p11tool: After key generation, outputs the public key (useful in tokens that do not store the public key). ** danetool: It is being built even without libgnutls-dane (the --check functionality is disabled though). ** API and ABI modifications: gnutls_pkcs11_privkey_generate2: Added gnutls_x509_crt_get_policy: Added gnutls_x509_crt_set_policy: Added gnutls_x509_policy_release: Added gnutls_pubkey_import_x509_crq: Added gnutls_pubkey_print: Added GNUTLS_CRT_PRINT_FULL_NUMBERS: Added * Version 3.1.4 (released 2012-11-10) ** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on the available revocation data validity. ** libgnutls: Added gnutls_certificate_verification_status_print(), a function to print the verification status code in human readable text. ** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. ** libgnutls: Simplified certificate verification by adding gnutls_certificate_verify_peers3(). ** libgnutls: Added support for extension to establish keys for SRTP. Contributed by Martin Storsjo. ** libgnutls: The X.509 verification functions check the key usage bits and pathlen constraints and on failure output GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. ** libgnutls: gnutls_x509_crl_verify() includes the time checks. ** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. ** libgnutls: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. ** gnutls-cli: Added --local-dns option. ** danetool: Corrected bug that prevented loading PEM files. ** danetool: Added --check option to allow querying and verifying a site's DANE data. ** libgnutls-dane: Added pkg-config file for the library. ** API and ABI modifications: gnutls_session_get_id2: Added gnutls_sign_is_secure: Added gnutls_certificate_verify_peers3: Added gnutls_ocsp_status_request_is_checked: Added gnutls_certificate_verification_status_print: Added gnutls_srtp_set_profile: Added gnutls_srtp_set_profile_direct: Added gnutls_srtp_get_selected_profile: Added gnutls_srtp_get_profile_name: Added gnutls_srtp_get_profile_id: Added gnutls_srtp_get_keys: Added gnutls_srtp_get_mki: Added gnutls_srtp_set_mki: Added gnutls_srtp_profile_t: Added dane_cert_type_name: Added dane_match_type_name: Added dane_cert_usage_name: Added dane_verification_status_print: Added GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added GNUTLS_CERT_UNEXPECTED_OWNER: Added GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added * Version 3.1.3 (released 2012-10-12) ** libgnutls: Added support for the OCSP Certificate Status extension. ** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP certificate status extension in verification. ** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). ** libgnutls: Increased maximum password length in the PKCS #12 functions. ** libgnutls: Fixed the receipt of session tickets during session resumption. Reported by danblack at http://savannah.gnu.org/support/?108146 ** libgnutls: Added functions to export structures in an allocated buffer. ** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP response corresponds to the given certificate. ** libgnutls: In client side gnutls_init() enables the session ticket and OCSP certificate status request extensions by default. The flag GNUTLS_NO_EXTENSIONS can be used to prevent that. ** libgnutls: Several updates in the OpenPGP code. The generating code is fully RFC6091 compliant and RFC5081 support is only supported in client mode. ** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC certificate verification. ** gnutls-cli: Added --dane option to enable DANE certificate verification. ** danetool: Added tool to generate DANE TLSA Resource Records (RR). ** API and ABI modifications: gnutls_certificate_get_peers_subkey_id: Added gnutls_certificate_set_ocsp_status_request_function: Added gnutls_certificate_set_ocsp_status_request_file: Added gnutls_ocsp_status_request_enable_client: Added gnutls_ocsp_status_request_get: Added gnutls_ocsp_resp_check_crt: Added gnutls_dh_params_export2_pkcs3: Added gnutls_pubkey_export2: Added gnutls_x509_crt_export2: Added gnutls_x509_dn_export2: Added gnutls_x509_crl_export2: Added gnutls_pkcs7_export2: Added gnutls_x509_privkey_export2: Added gnutls_x509_privkey_export2_pkcs8: Added gnutls_x509_crq_export2: Added gnutls_openpgp_crt_export2: Added gnutls_openpgp_privkey_export2: Added gnutls_pkcs11_obj_export2: Added gnutls_pkcs12_export2: Added gnutls_pubkey_import_openpgp_raw: Added gnutls_pubkey_import_x509_raw: Added dane_state_init: Added dane_state_deinit: Added dane_query_tlsa: Added dane_query_status: Added dane_query_entries: Added dane_query_data: Added dane_query_deinit: Added dane_verify_session_crt: Added dane_verify_crt: Added dane_strerror: Added * Version 3.1.2 (released 2012-09-26) ** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() and gnutls_x509_trust_list_add_trust_mem() that prevented the loading of certificates in the windows platform. ** libgnutls: Corrected bug in OpenPGP subpacket encoding. ** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. (the work was done during Google Summer of Code). ** libgnutls: Added X.509 certificate verification flag GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification of unsorted certificate chains and is enabled by default for TLS certificate verification (if gnutls_certificate_set_verify_flags() does not override it). ** libgnutls: Prints warning on certificates that contain keys of an insecure level. If the %COMPAT priority flag is not specified the TLS connection fails. ** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasmition of handshake data. ** libgnutls: Better mingw32 support (patch by LRN). ** libgnutls: The %COMPAT keyword, if specified, will tolerate key usage violation errors (they are far too common to ignore). ** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), which provides a tool to counter compression-related attacks where parts of the data are controlled by the attacker _and_ are placed in separate records (use with care - do not use compression if not sure). ** libgnutls: Depends on libtasn1 2.14 or later. ** certtool: Prints the number of bits of the public key algorithm parameter in a private key. ** API and ABI modifications: gnutls_x509_privkey_get_pk_algorithm2: Added gnutls_heartbeat_ping: Added gnutls_heartbeat_pong: Added gnutls_heartbeat_allowed: Added gnutls_heartbeat_enable: Added gnutls_heartbeat_set_timeouts: Added gnutls_heartbeat_get_timeout: Added GNUTLS_SEC_PARAM_WEAK: Added GNUTLS_SEC_PARAM_INSECURE: Added * Version 3.1.1 (released 2012-09-02) ** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. ** certtool: Changes in password handling of certtool. Ask password when required and only if the '--password' option is not given. If the '--password' option is given during key generation then assume the PKCS #8 file format, instead of ignoring the password. ** tpmtool: No longer asks for key password in registered keys. ** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. wmNAF is now used for point multiplication and other optimizations. (the major part of the work was done during Google Summer of Code). ** libgnutls: The default pull_timeout_function only uses select instead of a combination of select() and recv() to prevent issues when used in stream sockets in some systems. ** libgnutls: Be tolerant in ECDSA signature violations (e.g. using SHA256 with a SECP384 curve instead of SHA-384), to interoperate with openssl. ** libgnutls: Fixed DSA and ECDSA signature generation in smart cards. Thanks to Andreas Schwier from cardcontact.de for providing me with ECDSA capable smart cards. ** API and ABI modifications: gnutls_sign_algorithm_get: Added gnutls_sign_get_hash_algorithm: Added gnutls_sign_get_pk_algorithm: Added * Version 3.1.0 (released 2012-08-15) ** libgnutls: Added direct support for TPM as a cryptographic module in gnutls/tpm.h. TPM keys can be used in functions accepting files using URLs of the following types: tpmkey:file=/path/to/file tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user ** libgnutls: Priority string level keywords can be combined. For example the string "SECURE256:+SUITEB128" is now allowed. ** libgnutls: requires libnettle 2.5. ** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) for encryption and signatures. ** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between generic errors and signature verification errors in the verification functions. ** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function to simplify parsing in most PKCS #12 use cases. ** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds the whole certificate chain (if any) to the credentials structure, instead of only the end-user certificate. ** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() and gnutls_x509_privkey_import_pkcs8(), return consistently GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no password was provided. ** libgnutls: Added gnutls_handshake_set_timeout() a function that allows to set the maximum time spent in a handshake. ** libgnutlsxx: Added session::set_transport_vec_push_function. Patch by Alexandre Bique. ** tpmtool: Added. It is a tool to generate private keys in the TPM. ** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx and --benchmark-tls-ciphers ** certtool: generated PKCS #12 structures may hold more than one private key. Patch by Lucas Fisher. ** certtool: Added option --null-password to generate/decrypt keys that use a NULL password (in schemas that distinguish between NULL an empty passwords). ** minitasn1: Upgraded to libtasn1 version 2.13. ** API and ABI modifications: GNUTLS_CERT_SIGNATURE_FAILURE: Added GNUTLS_CAMELLIA_192_CBC: Added GNUTLS_PKCS_NULL_PASSWORD: Added gnutls_url_is_supported: Added gnutls_pkcs11_obj_list_import_url2: Added gnutls_pkcs11_obj_set_pin_function: Added gnutls_pkcs11_privkey_set_pin_function: Added gnutls_pkcs11_get_pin_function: Added gnutls_privkey_import_tpm_raw: Added gnutls_privkey_import_tpm_url: Added gnutls_privkey_import_pkcs11_url: Added gnutls_privkey_import_openpgp_raw: Added gnutls_privkey_import_x509_raw: Added gnutls_privkey_import_ext2: Added gnutls_privkey_import_url: Added gnutls_privkey_set_pin_function: Added gnutls_tpm_privkey_generate: Added gnutls_tpm_key_list_deinit: Added gnutls_tpm_key_list_get_url: Added gnutls_tpm_get_registered: Added gnutls_tpm_privkey_delete: Added gnutls_pubkey_import_tpm_raw: Added gnutls_pubkey_import_tpm_url: Added gnutls_pubkey_import_url: Added gnutls_pubkey_verify_hash2: Added gnutls_pubkey_set_pin_function: Added gnutls_x509_privkey_import2: Added gnutls_x509_privkey_import_openssl: Added gnutls_x509_crt_set_pin_function: Added gnutls_load_file: Added gnutls_pkcs12_simple_parse: Added gnutls_certificate_set_x509_system_trust: Added gnutls_certificate_set_pin_function: Added gnutls_x509_trust_list_add_system_trust: Added gnutls_x509_trust_list_add_trust_file: Added gnutls_x509_trust_list_add_trust_mem: Added gnutls_pk_to_sign: Added gnutls_handshake_set_timeout: Added gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

=== 1.4 / 2013-07-23 * Minor enhancements * Relaxed parser to accept quoted algorithm to work with Linksys SPA922. Pull request #8 by Ismail Hanli, Issue #5 by bearded === 1.3 / 2012-03-28 * Minor enhancements * The cnonce is regenerated for every request to improve security. * SecureRandom is used to generate the cnonce instead of Kernel#rand * Bug fix * cnonce and nonce-count are no longer sent when qop was not provided per RFC 2617 section 3.2.2.

* Version 3.2.1 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: Corrected issue when receiving client hello verify requests in DTLS. ** libgnutls: Fixes in DTLS record overhead size calculations. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: gnutls_session_set_id: Added * Version 3.2.0 (released 2013-05-10) ** libgnutls: Use nettle's elliptic curve implementation. ** libgnutls: Added Salsa20 cipher ** libgnutls: Added UMAC-96 and UMAC-128 ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. As they are not standardized they are defined using private ciphersuite numbers. ** libgnutls: Added support for DTLS 1.2. ** libgnutls: Added support for the Application Layer Protocol Negotiation (ALPN) extension. ** libgnutls: Removed support for the RSA-EXPORT ciphersuites. ** libgnutls: Avoid linking to librt (that also avoids unnecessary linking to pthreads if p11-kit isn't used). ** API and ABI modifications: gnutls_cipher_get_iv_size: Added gnutls_hmac_set_nonce: Added gnutls_mac_get_nonce_size: Added * Version 3.1.10 (released 2013-03-22) ** certtool: When generating PKCS #12 files use by default the ARCFOUR (RC4) cipher to be compatible with devices that don't support AES with PKCS #12. ** libgnutls: Load CA certificates in android 4.x systems. ** libgnutls: Optimized CA certificate loading. ** libgnutls: Private keys are overwritten on deinitialization. ** libgnutls: PKCS #11 slots are scanned only when needed, not on initialization. This speeds up gnutls initialization when smart cards are present. ** libgnutls: Corrected issue in the (deprecated) external key signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. ** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr. ** libgnutls-dane: Updated DANE verification options. ** configure: Trust store file must be explicitly set or unset when cross compiling. ** API and ABI modifications: gnutls_x509_crt_get_issuer_dn2: Added gnutls_x509_crt_get_dn2: Added gnutls_x509_crl_get_issuer_dn2: Added gnutls_x509_crq_get_dn2: Added gnutls_x509_trust_list_remove_trust_mem: Added gnutls_x509_trust_list_remove_trust_file: Added gnutls_x509_trust_list_remove_cas: Added gnutls_session_get_desc: Added gnutls_privkey_sign_raw_data: Added gnutls_privkey_status: Added * Version 3.1.9 (released 2013-02-27) ** certtool: Option --to-p12 will now ask for a password to generate a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. ** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). ** libgnutls: Corrected parsing issue in XMPP within a subject alternative name. Reported by James Cloos. ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 modules, and not only the ones loaded via p11-kit. ** libgnutls: Added function to check whether the private key is still available (inserted). ** libgnutls: Try to detect fork even during nonce generation. ** API and ABI modifications: gnutls_handshake_set_random: Added gnutls_transport_set_int2: Added gnutls_transport_get_int2: Added gnutls_transport_get_int: Added gnutls_record_cork: Exported gnutls_record_uncork: Exported gnutls_pkcs11_privkey_status: Added * Version 3.1.8 (released 2013-02-10) ** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation with encrypted keys. Reported by Yan Fiz. ** libgnutls: The minimum DH bits accepted by priorities NORMAL and PERFORMANCE was set to previous defaults 727 bits. Reported by Diego Elio Petteno. ** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() to operate with long keys. Reported by Erik A Jensen. ** API and ABI modifications: No changes since last version. * Version 3.1.7 (released 2013-02-04) ** certtool: Added option "dn" which allows to directly set the DN in a template from an RFC4514 string. ** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. ** libgnutls-xssl: Added a new library to simplify GnuTLS usage. ** libgnutls-dane: Added function to specify a DLV file. ** libgnutls: Heartbeat code was made optional. ** libgnutls: Fixes in server side of DTLS-0.9. ** libgnutls: DN variable 'T' was expanded to 'title'. ** libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Paterson and Nadhem Alfardan. ** libgnutls: Added functions to directly set the DN in a certificate or request from an RFC4514 string. ** libgnutls: Optimizations in the random generator. The re-seeding of it is now explicitly done on every session deinit. ** libgnutls: Simplified the DTLS sliding window implementation. ** libgnutls: The minimum DH bits accepted by a client are now set by the specified priority string. The current values correspond to the previous defaults (727 bits), except for the SECURE128 and SECURE192 strings which increase the minimum to 1248 and 1776 respectively. ** libgnutls: Added the gnutls_record_cork() and uncork API to enable buffering in sending application data. ** libgnutls: Removed default random padding, and added a length-hiding interface instead. Both the server and the client must support this extension. Whether length-hiding can be used on a given session can be checked using gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. ** libgnutls: Added the experimental %NEW_PADDING priority string. It enables a new padding mechanism in TLS allowing arbitrary padding in TLS records in all ciphersuites, which makes length-hiding more efficient and solves the issues with timing attacks on CBC ciphersuites. ** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD ciphers (i.e., AES-GCM). Reported by William McGovern. ** API and ABI modifications: gnutls_db_check_entry_time: Added gnutls_record_set_timeout: Added gnutls_record_get_random_padding_status: Added gnutls_x509_crt_set_dn: Added gnutls_x509_crt_set_issuer_dn: Added gnutls_x509_crq_set_dn: Added gnutls_range_split: Added gnutls_record_send_range: Added gnutls_record_set_max_empty_records: Added gnutls_record_can_use_length_hiding: Added gnutls_rnd_refresh: Added xssl_deinit: Added xssl_flush: Added xssl_read: Added xssl_getdelim: Added xssl_write: Added xssl_printf: Added xssl_sinit: Added xssl_client_init: Added xssl_server_init: Added xssl_get_session: Added xssl_get_verify_status: Added xssl_cred_init: Added xssl_cred_deinit: Added dane_state_set_dlv_file: Added GNUTLS_SEC_PARAM_EXPORT: Added GNUTLS_SEC_PARAM_VERY_WEAK: Added * Version 3.1.6 (released 2013-01-02) ** libgnutls: Fixed record padding parsing issue. Reported by Kenny Patterson and Nadhem Alfardan. ** libgnutls: Several updates in the ASN.1 string handling subsystem. ** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero policy qualifiers. ** libgnutls: Ignore heartbeat messages when received out-of-order, instead of issuing an error. ** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi. ** libgnutls: TPM support is disabled by default because GPL programs cannot link with it. Use --with-tpm to enable it. ** libgnutls-guile: Fixed parallel compilation issue. ** gnutls-cli: It will try to connect to all possible returned addresses before failing. ** API and ABI modifications: No changes since last version. * Version 3.1.5 (released 2012-11-24) ** libgnutls: Added functions to parse the certificates policies extension. ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished Name by translating it to UTF-8 (works on windows or systems with iconv). ** libgnutls: Added PKCS #11 key generation function that returns the public key on generation. ** libgnutls: Corrected bug in priority string parsing, that mostly affected combined levels. Patch by Tim Kosse. ** certtool: The --pubkey-info option can be combined with the --load-privkey or --load-request to print the corresponding public keys. ** certtool: It is able to set certificate policies via a template. ** certtool: Added --hex-numbers option which prints big numbers in an easier to parse format. ** p11tool: After key generation, outputs the public key (useful in tokens that do not store the public key). ** danetool: It is being built even without libgnutls-dane (the --check functionality is disabled though). ** API and ABI modifications: gnutls_pkcs11_privkey_generate2: Added gnutls_x509_crt_get_policy: Added gnutls_x509_crt_set_policy: Added gnutls_x509_policy_release: Added gnutls_pubkey_import_x509_crq: Added gnutls_pubkey_print: Added GNUTLS_CRT_PRINT_FULL_NUMBERS: Added * Version 3.1.4 (released 2012-11-10) ** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on the available revocation data validity. ** libgnutls: Added gnutls_certificate_verification_status_print(), a function to print the verification status code in human readable text. ** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. ** libgnutls: Simplified certificate verification by adding gnutls_certificate_verify_peers3(). ** libgnutls: Added support for extension to establish keys for SRTP. Contributed by Martin Storsjo. ** libgnutls: The X.509 verification functions check the key usage bits and pathlen constraints and on failure output GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. ** libgnutls: gnutls_x509_crl_verify() includes the time checks. ** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. ** libgnutls: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. ** gnutls-cli: Added --local-dns option. ** danetool: Corrected bug that prevented loading PEM files. ** danetool: Added --check option to allow querying and verifying a site's DANE data. ** libgnutls-dane: Added pkg-config file for the library. ** API and ABI modifications: gnutls_session_get_id2: Added gnutls_sign_is_secure: Added gnutls_certificate_verify_peers3: Added gnutls_ocsp_status_request_is_checked: Added gnutls_certificate_verification_status_print: Added gnutls_srtp_set_profile: Added gnutls_srtp_set_profile_direct: Added gnutls_srtp_get_selected_profile: Added gnutls_srtp_get_profile_name: Added gnutls_srtp_get_profile_id: Added gnutls_srtp_get_keys: Added gnutls_srtp_get_mki: Added gnutls_srtp_set_mki: Added gnutls_srtp_profile_t: Added dane_cert_type_name: Added dane_match_type_name: Added dane_cert_usage_name: Added dane_verification_status_print: Added GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added GNUTLS_CERT_UNEXPECTED_OWNER: Added GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added * Version 3.1.3 (released 2012-10-12) ** libgnutls: Added support for the OCSP Certificate Status extension. ** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP certificate status extension in verification. ** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). ** libgnutls: Increased maximum password length in the PKCS #12 functions. ** libgnutls: Fixed the receipt of session tickets during session resumption. Reported by danblack at http://savannah.gnu.org/support/?108146 ** libgnutls: Added functions to export structures in an allocated buffer. ** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP response corresponds to the given certificate. ** libgnutls: In client side gnutls_init() enables the session ticket and OCSP certificate status request extensions by default. The flag GNUTLS_NO_EXTENSIONS can be used to prevent that. ** libgnutls: Several updates in the OpenPGP code. The generating code is fully RFC6091 compliant and RFC5081 support is only supported in client mode. ** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC certificate verification. ** gnutls-cli: Added --dane option to enable DANE certificate verification. ** danetool: Added tool to generate DANE TLSA Resource Records (RR). ** API and ABI modifications: gnutls_certificate_get_peers_subkey_id: Added gnutls_certificate_set_ocsp_status_request_function: Added gnutls_certificate_set_ocsp_status_request_file: Added gnutls_ocsp_status_request_enable_client: Added gnutls_ocsp_status_request_get: Added gnutls_ocsp_resp_check_crt: Added gnutls_dh_params_export2_pkcs3: Added gnutls_pubkey_export2: Added gnutls_x509_crt_export2: Added gnutls_x509_dn_export2: Added gnutls_x509_crl_export2: Added gnutls_pkcs7_export2: Added gnutls_x509_privkey_export2: Added gnutls_x509_privkey_export2_pkcs8: Added gnutls_x509_crq_export2: Added gnutls_openpgp_crt_export2: Added gnutls_openpgp_privkey_export2: Added gnutls_pkcs11_obj_export2: Added gnutls_pkcs12_export2: Added gnutls_pubkey_import_openpgp_raw: Added gnutls_pubkey_import_x509_raw: Added dane_state_init: Added dane_state_deinit: Added dane_query_tlsa: Added dane_query_status: Added dane_query_entries: Added dane_query_data: Added dane_query_deinit: Added dane_verify_session_crt: Added dane_verify_crt: Added dane_strerror: Added * Version 3.1.2 (released 2012-09-26) ** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() and gnutls_x509_trust_list_add_trust_mem() that prevented the loading of certificates in the windows platform. ** libgnutls: Corrected bug in OpenPGP subpacket encoding. ** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. (the work was done during Google Summer of Code). ** libgnutls: Added X.509 certificate verification flag GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification of unsorted certificate chains and is enabled by default for TLS certificate verification (if gnutls_certificate_set_verify_flags() does not override it). ** libgnutls: Prints warning on certificates that contain keys of an insecure level. If the %COMPAT priority flag is not specified the TLS connection fails. ** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasmition of handshake data. ** libgnutls: Better mingw32 support (patch by LRN). ** libgnutls: The %COMPAT keyword, if specified, will tolerate key usage violation errors (they are far too common to ignore). ** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), which provides a tool to counter compression-related attacks where parts of the data are controlled by the attacker _and_ are placed in separate records (use with care - do not use compression if not sure). ** libgnutls: Depends on libtasn1 2.14 or later. ** certtool: Prints the number of bits of the public key algorithm parameter in a private key. ** API and ABI modifications: gnutls_x509_privkey_get_pk_algorithm2: Added gnutls_heartbeat_ping: Added gnutls_heartbeat_pong: Added gnutls_heartbeat_allowed: Added gnutls_heartbeat_enable: Added gnutls_heartbeat_set_timeouts: Added gnutls_heartbeat_get_timeout: Added GNUTLS_SEC_PARAM_WEAK: Added GNUTLS_SEC_PARAM_INSECURE: Added * Version 3.1.1 (released 2012-09-02) ** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. ** certtool: Changes in password handling of certtool. Ask password when required and only if the '--password' option is not given. If the '--password' option is given during key generation then assume the PKCS #8 file format, instead of ignoring the password. ** tpmtool: No longer asks for key password in registered keys. ** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. wmNAF is now used for point multiplication and other optimizations. (the major part of the work was done during Google Summer of Code). ** libgnutls: The default pull_timeout_function only uses select instead of a combination of select() and recv() to prevent issues when used in stream sockets in some systems. ** libgnutls: Be tolerant in ECDSA signature violations (e.g. using SHA256 with a SECP384 curve instead of SHA-384), to interoperate with openssl. ** libgnutls: Fixed DSA and ECDSA signature generation in smart cards. Thanks to Andreas Schwier from cardcontact.de for providing me with ECDSA capable smart cards. ** API and ABI modifications: gnutls_sign_algorithm_get: Added gnutls_sign_get_hash_algorithm: Added gnutls_sign_get_pk_algorithm: Added * Version 3.1.0 (released 2012-08-15) ** libgnutls: Added direct support for TPM as a cryptographic module in gnutls/tpm.h. TPM keys can be used in functions accepting files using URLs of the following types: tpmkey:file=/path/to/file tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user ** libgnutls: Priority string level keywords can be combined. For example the string "SECURE256:+SUITEB128" is now allowed. ** libgnutls: requires libnettle 2.5. ** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) for encryption and signatures. ** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between generic errors and signature verification errors in the verification functions. ** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function to simplify parsing in most PKCS #12 use cases. ** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds the whole certificate chain (if any) to the credentials structure, instead of only the end-user certificate. ** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() and gnutls_x509_privkey_import_pkcs8(), return consistently GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no password was provided. ** libgnutls: Added gnutls_handshake_set_timeout() a function that allows to set the maximum time spent in a handshake. ** libgnutlsxx: Added session::set_transport_vec_push_function. Patch by Alexandre Bique. ** tpmtool: Added. It is a tool to generate private keys in the TPM. ** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx and --benchmark-tls-ciphers ** certtool: generated PKCS #12 structures may hold more than one private key. Patch by Lucas Fisher. ** certtool: Added option --null-password to generate/decrypt keys that use a NULL password (in schemas that distinguish between NULL an empty passwords). ** minitasn1: Upgraded to libtasn1 version 2.13. ** API and ABI modifications: GNUTLS_CERT_SIGNATURE_FAILURE: Added GNUTLS_CAMELLIA_192_CBC: Added GNUTLS_PKCS_NULL_PASSWORD: Added gnutls_url_is_supported: Added gnutls_pkcs11_obj_list_import_url2: Added gnutls_pkcs11_obj_set_pin_function: Added gnutls_pkcs11_privkey_set_pin_function: Added gnutls_pkcs11_get_pin_function: Added gnutls_privkey_import_tpm_raw: Added gnutls_privkey_import_tpm_url: Added gnutls_privkey_import_pkcs11_url: Added gnutls_privkey_import_openpgp_raw: Added gnutls_privkey_import_x509_raw: Added gnutls_privkey_import_ext2: Added gnutls_privkey_import_url: Added gnutls_privkey_set_pin_function: Added gnutls_tpm_privkey_generate: Added gnutls_tpm_key_list_deinit: Added gnutls_tpm_key_list_get_url: Added gnutls_tpm_get_registered: Added gnutls_tpm_privkey_delete: Added gnutls_pubkey_import_tpm_raw: Added gnutls_pubkey_import_tpm_url: Added gnutls_pubkey_import_url: Added gnutls_pubkey_verify_hash2: Added gnutls_pubkey_set_pin_function: Added gnutls_x509_privkey_import2: Added gnutls_x509_privkey_import_openssl: Added gnutls_x509_crt_set_pin_function: Added gnutls_load_file: Added gnutls_pkcs12_simple_parse: Added gnutls_certificate_set_x509_system_trust: Added gnutls_certificate_set_pin_function: Added gnutls_x509_trust_list_add_system_trust: Added gnutls_x509_trust_list_add_trust_file: Added gnutls_x509_trust_list_add_trust_mem: Added gnutls_pk_to_sign: Added gnutls_handshake_set_timeout: Added gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

=== 1.4 / 2013-07-23 * Minor enhancements * Relaxed parser to accept quoted algorithm to work with Linksys SPA922. Pull request #8 by Ismail Hanli, Issue #5 by bearded === 1.3 / 2012-03-28 * Minor enhancements * The cnonce is regenerated for every request to improve security. * SecureRandom is used to generate the cnonce instead of Kernel#rand * Bug fix * cnonce and nonce-count are no longer sent when qop was not provided per RFC 2617 section 3.2.2.

2013-12-23 version 0.5.8: * Move to the new github repository msgpack/msgpack-c * Support the new deserialization specification * fixes the problem of unpack helpers for array and map with 32bit compilers (#37, #38) * Other bug fixes and refactoring: #46, #41, #36, #35, #33, #32, #30, #29, #28, #27, #26, #25, #8, #3 * Update of documents: #23, #18, #17

0.4.0 ===== :release date: 2013-10-21 Inconpatible Changes -------------------- * Raises TypeError instead of ValueError when packer receives unsupported type. Changes ------- * Support New msgpack spec. 0.3.0 ===== Inconpatible Changes -------------------- * Default value of ``use_list`` is ``True`` for now. (It was ``False`` for 0.2.x) You should pass it explicitly for compatibility to 0.2.x. * `Unpacker.unpack()` and some unpack methods now raise `OutOfData` instead of `StopIteration`. `StopIteration` is used for iterator protocol only. Changes ------- * Pure Python fallback module is added. (thanks to bwesterb) * Add ``.skip()`` method to ``Unpacker`` (thanks to jnothman) * Add capturing feature. You can pass the writable object to ``Unpacker.unpack()`` as a second parameter. * Add ``Packer.pack_array_header`` and ``Packer.pack_map_header``. These methods only pack header of each type. * Add ``autoreset`` option to ``Packer`` (default: True). Packer doesn't return packed bytes and clear internal buffer. * Add ``Packer.pack_map_pairs``. It packs sequence of pair to map type. 0.2.4 ======= :release date: 2012-12-22 Bugs fixed ---------- * Fix SEGV when object_hook or object_pairs_hook raise Exception. (#39) 0.2.3 ======= :release date: 2012-12-11 Changes ------- * Warn when use_list is not specified. It's default value will be changed in 0.3. Bugs fixed ----------- * Can't pack subclass of dict. 0.2.2 ======= :release date: 2012-09-21 Changes ------- * Add ``use_single_float`` option to ``Packer``. When it is true, packs float object in single precision format. Bugs fixed ----------- * ``unpack()`` didn't restores gc state when it called with gc disabled. ``unpack()`` doesn't control gc now instead of restoring gc state collectly. User can control gc state when gc cause performance issue. * ``Unpacker``'s ``read_size`` option didn't used. 0.2.1 ======= :release date: 2012-08-20 Changes ------- * Add ``max_buffer_size`` parameter to Unpacker. It limits internal buffer size and allows unpack data from untrusted source safely. * Unpacker's buffer reallocation algorithm is less greedy now. It cause perforamce derease in rare case but memory efficient and don't allocate than ``max_buffer_size``. Bugs fixed ---------- * Fix msgpack didn't work on SPARC Solaris. It was because choosing wrong byteorder on compilation time. Use ``sys.byteorder`` to get correct byte order. Very thanks to Chris Casey for giving test environment to me. 0.2.0 ======= :release date: 2012-06-27 Changes ------- * Drop supporting Python 2.5 and unify tests for Py2 and Py3. * Use new version of msgpack-c. It packs correctly on big endian platforms. * Remove deprecated packs and unpacks API. Bugs fixed ---------- * #8 Packing subclass of dict raises TypeError. (Thanks to Steeve Morin.)

== [release-1-2-3] 1.2.3: 2014-02-09 As long time has passed since Cutter 1.2.2 release, there are some improvements and fixed bugs. After Cutter 1.2.2 release, you can install Cutter from Fedora's official yum repository. No need to register Cutter yum repository on Fedora anymore. === Cutter ==== Improvements * [doc] Removed a needless period from installation link. [GitHub #6] [Patch by Masafumi Yokoyama] * Supported lcov 1.10. [cutter-users-ja:92] [Reported by Siganai SE] * [doc] Updated download URL on SF.net. [cutter-users-ja:91] [Reported by Siganai SE] * [doc] Updated XML report format. [cutter-users-ja:91] [Reported by Siganai SE] * Added more trace logs for loader. It helps you to investigate the case when no tests are loaded. * [doc] Updated Cygwin's setup.exe URL. * Added --log-level option. The value of default log level is "critical|error|warning|message". ==== Fixes * [loader] Fixed a bug that ELF loader can't collect symbol because of wrong comparison. * Fixed memory leaks on loading all modules. * Fixed a warning from GCC 4.8.1 on Ubuntu 13.10 [GitHub #9] [Reported by Kazuhiro Yamato] === CppCutter ==== Improvements * Supported cppcut_assert_equal(const type_info &, const type_info &) [GitHub #4] [Patch by Kazuhiro Yamato] * Supported to catch unhandled C++ exception in test case. This change avoids to crash when unexpected exception is thrown. [GitHub #8] [Suggested by Kazuhiro Yamato] [Patch by Kazuhiro Yamato] * Supported to call destructors of objects on a stack even when an assertion is failed. [GitHub #10] [Patch by Kazuhiro Yamato] ==== Fixes * [Clang] Fixed a compile error which is caused by missing std::type_info forward declaration. * Fixed an invalid memory access when an exception is thrown in cutter's assertion function. [GitHub #11] [Patch by Kazuhiro Yamato] === GCutter ==== Fixes * [doc] Fixed a signal name typo about gcut-egg example. === Thanks * Kazuhiro Yamato * Masafumi Yokoyama * Siganai SE

Forward ported the existing patches that were not upstream yet. Also added patches for cfmakeraw and log10(int) amgiguity to fix build on SunOS. From the changelog since 0.17.1 15-07-2013 Darkice 1.2 released o Issue #75: Added Ogg/Opus support. Patch by Doug Kelly dougk.ff7@gmail.com o Fix 'Ring Ruffer' reports. - Increased buffer for jack to 5 seconds - prevent darkice termination by jack, report no fatal problem when we have a ringbuffer overflow, can happen during startup If we can not handle input audio fast enough we just ignore the buffer and skip it, and just report it. - new multithreaded connector code, now handles encoders in parallel and does not spin waiting, cpu load will be very much lower now Codes uses 2 condition variables to report data availability and consumer thread availability - Hopes are that glitching reports will be a thing of the past - minor compiler warnings fixed (Fix by Edwin van den Oetelaar) o Issue #56: Wrong icecast2 password isn't properly reported, fixed. thanks to Filipe Roque <flip.roque@gmail.com> o Issue #57: BufferedSink makes streams invalid, fixed. thanks to Alban Peignier <alban.peignier@gmail.com> o Issue #30: Segmentation Fault when creating file with fileAddDate, fixed thanks to Filipe Roque <flip.roque@gmail.com> 27-10-2011 Darkice 1.1 released o Updated aac+ encoding to use libaacplus-2.0.0 api. thanks to Sergiy <piratfm@gmail.com> o Added pulseaudio support closes ticket #25 thanks to Filipe Roque <flip.roque@gmail.com> and and Johann Fot <johann.fot@dunkelfuerst.com> o Added rtprio parameter and revisited realtime priority closes ticket #21 thanks to Adrian Knoth <adi@drcomp.erfurt.thur.de> o Fixed a call to a deprecated jack call closes ticket #22 thanks to Adrian Knoth again. 09-05-2010 Darkice 1.0 released o fixed a bug in BufferedSink.cpp that leads to some buffers being written twice, causing corruption of datastream, closes ticked #20 thanks to Edwin van den Oetelaar <oetelaar.automatisering@gmail.com> o implemented samplerate conversion for all codecs using libsamplerate, and keeping internal aflibConverter as fallback, thanks to Sergiy <piratfm@gmail.com> o bugfix: fix for alsa driver - closes ticked #8 thanks to Clemens Ladisch <clemens@ladisch.de> 14-11-2009 Darkice 0.20.1 released o added rc.darkice init script thanks to Niels Dettenbach <nd@syndicat.com> o bugfix: fix for gcc 4.4 05-11-2009 Darkice 0.20 released o new maintainer: Rafael Diniz <rafael@riseup.net> o added AAC HEv2 encoding support (branch darkice-aacp merged) through libaacplus, http://tipok.org.ua/ru/node/17 thanks to tipok <piratfm@gmail.com> and others for the contribution. o bugfix: the configure script recognizes Ogg Vorbis shared objects now, not just static libraries. Thanks to omroepvenray. o bugfix: enabling jack source compilation on Debian Lenny, thanks to Alessandro Beretta <alessandro.baretta@radiomaria.org> 07-07-2008 Darkice 0.19 released o added mount point option for Darwin Streaming Server thanks to Pierre Souchay <pierre@souchay.net> o fix for some reliablity issues when using a Jack source thanks to Pierre Souchay <pierre@souchay.net> o enable easier finding of jack libraries on MacOS X, thanks to Daniel Hazelbaker <daniel@highdesertchurch.com> o added ability to specify name of jack device created by darkice, thanks to Alessandro Beretta <alessandro.baretta@radiomaria.org> 26-04-2007 DarkIce 0.18.1 released o enable real-time scheduling for non-super-users, if they have the proper operating system permissions, thanks to Jens Maurer <Jens.Maurer@gmx.net> o fix to enable compliation of the Serial ULAW code on MacOS X, thanks to Elod Horvath <elod@itfais.com> o fix to solve Shoutcast login failures, introduced in 0.18 05-03-2007 DarkIce 0.18 released o added serial ulaw input device support, thanks to Clyde Stubbs <clyde@htsoft.com> o improvements on reconnecting: added TCP connection keep-alive to TCP sockets added graceful sleep when trying to reconnect o added user-defined date formatting for the fileAddDate options, thanks to dsk <derrick@csociety.org> o added logging facility - [file-X] targets will cut the saved file and rename it as needed when darkice recieves the SIGUSR1 signal o added default configuration file handling - if no configuration file is specified, /etc/darkice.cfg is used o fix to enable compiling on 64 bit platforms thanks to Alexander Vlasov <zulu@galaradio.com> and Mariusz Mazur <mmazur@kernel.pl> o fix to enable file dump feature using ogg vorbis. thanks to dsk <derrick@csociety.org> o fix to enable compiling with jack installed at arbitrary locations

== 1.2.1 / 2013-02-09 * Bugs Fixed: * As seen in rspec/rspec-expectations#200, the release of Diff::LCS 1.2 introduced an unnecessary public API change to Diff::LCS::Hunk (see the change at rspec/rspec-expectations@3d6fc82c for details). The new method name (and behaviour) is more correct, but I should not have renamed the function or should have at least provided an alias. This release restores Diff::LCS::Hunk#unshift as an alias to #merge. Note that the old #unshift behaviour was incorrect and will not be restored. == 1.2.0 / 2013-01-21 * Minor Enhancements: * Added special case handling for Diff::LCS.patch so that it handles patches that are empty or contain no changes. * Added two new methods (#patch\_me and #unpatch\_me) to the includable module. * Bugs Fixed: * Fixed issue #1 patch direction detection. halostatue/diff-lcs#1 * Resolved issue #2 by handling string[string.size, 1] properly (it returns "" not nil). halostatue/diff-lcs#2 * Michael Granger (ged) fixed an implementation error in Diff::LCS::Change and added specs in pull request #8. Thanks! halostatue/diff-lcs#8 * Made the code auto-testable. * Vít Ondruch (voxik) provided the latest version of the GPL2 license file in pull request #10. Thanks! halostatue/diff-lcs#10 * Fixed a documentation issue with the includable versions of #patch! and #unpatch! where they implied that they would replace the original value. Given that Diff::LCS.patch always returns a copy, the documentation was incorrect and has been corrected. To provide the behaviour that was originally documented, two new methods were added to provide this behaviour. Found by scooter-dangle in issue #12. Thanks! halostatue/diff-lcs#12 * Code Style Changes: * Removed trailing spaces. * Calling class methods using '.' instead of '::'. * Vít Ondruch (voxik) removed unnecessary shebangs in pull request #9. Thanks! halostatue/diff-lcs#9 * Kenichi Kamiya (kachick) removed some warnings of an unused variable in lucky pull request #13. halostatue/diff-lcs#13 Thanks! * Embarked on a major refactoring to make the files a little more manageable and understand the code on a deeper level. * Adding to http://travis-ci.org.

* Version 3.2.1 (released 2013-06-01) ** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain openssl versions. ** libgnutls: Fixes in interrupted function resumption. Report and patch by Tim Kosse. ** libgnutls: Corrected issue when receiving client hello verify requests in DTLS. ** libgnutls: Fixes in DTLS record overhead size calculations. ** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported by Mann Ern Kang. ** API and ABI modifications: gnutls_session_set_id: Added * Version 3.2.0 (released 2013-05-10) ** libgnutls: Use nettle's elliptic curve implementation. ** libgnutls: Added Salsa20 cipher ** libgnutls: Added UMAC-96 and UMAC-128 ** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. As they are not standardized they are defined using private ciphersuite numbers. ** libgnutls: Added support for DTLS 1.2. ** libgnutls: Added support for the Application Layer Protocol Negotiation (ALPN) extension. ** libgnutls: Removed support for the RSA-EXPORT ciphersuites. ** libgnutls: Avoid linking to librt (that also avoids unnecessary linking to pthreads if p11-kit isn't used). ** API and ABI modifications: gnutls_cipher_get_iv_size: Added gnutls_hmac_set_nonce: Added gnutls_mac_get_nonce_size: Added * Version 3.1.10 (released 2013-03-22) ** certtool: When generating PKCS #12 files use by default the ARCFOUR (RC4) cipher to be compatible with devices that don't support AES with PKCS #12. ** libgnutls: Load CA certificates in android 4.x systems. ** libgnutls: Optimized CA certificate loading. ** libgnutls: Private keys are overwritten on deinitialization. ** libgnutls: PKCS #11 slots are scanned only when needed, not on initialization. This speeds up gnutls initialization when smart cards are present. ** libgnutls: Corrected issue in the (deprecated) external key signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. ** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by Joke de Buhr. ** libgnutls-dane: Updated DANE verification options. ** configure: Trust store file must be explicitly set or unset when cross compiling. ** API and ABI modifications: gnutls_x509_crt_get_issuer_dn2: Added gnutls_x509_crt_get_dn2: Added gnutls_x509_crl_get_issuer_dn2: Added gnutls_x509_crq_get_dn2: Added gnutls_x509_trust_list_remove_trust_mem: Added gnutls_x509_trust_list_remove_trust_file: Added gnutls_x509_trust_list_remove_cas: Added gnutls_session_get_desc: Added gnutls_privkey_sign_raw_data: Added gnutls_privkey_status: Added * Version 3.1.9 (released 2013-02-27) ** certtool: Option --to-p12 will now ask for a password to generate a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. ** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). ** libgnutls: Corrected parsing issue in XMPP within a subject alternative name. Reported by James Cloos. ** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 modules, and not only the ones loaded via p11-kit. ** libgnutls: Added function to check whether the private key is still available (inserted). ** libgnutls: Try to detect fork even during nonce generation. ** API and ABI modifications: gnutls_handshake_set_random: Added gnutls_transport_set_int2: Added gnutls_transport_get_int2: Added gnutls_transport_get_int: Added gnutls_record_cork: Exported gnutls_record_uncork: Exported gnutls_pkcs11_privkey_status: Added * Version 3.1.8 (released 2013-02-10) ** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation with encrypted keys. Reported by Yan Fiz. ** libgnutls: The minimum DH bits accepted by priorities NORMAL and PERFORMANCE was set to previous defaults 727 bits. Reported by Diego Elio Petteno. ** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() to operate with long keys. Reported by Erik A Jensen. ** API and ABI modifications: No changes since last version. * Version 3.1.7 (released 2013-02-04) ** certtool: Added option "dn" which allows to directly set the DN in a template from an RFC4514 string. ** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. ** libgnutls-xssl: Added a new library to simplify GnuTLS usage. ** libgnutls-dane: Added function to specify a DLV file. ** libgnutls: Heartbeat code was made optional. ** libgnutls: Fixes in server side of DTLS-0.9. ** libgnutls: DN variable 'T' was expanded to 'title'. ** libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Paterson and Nadhem Alfardan. ** libgnutls: Added functions to directly set the DN in a certificate or request from an RFC4514 string. ** libgnutls: Optimizations in the random generator. The re-seeding of it is now explicitly done on every session deinit. ** libgnutls: Simplified the DTLS sliding window implementation. ** libgnutls: The minimum DH bits accepted by a client are now set by the specified priority string. The current values correspond to the previous defaults (727 bits), except for the SECURE128 and SECURE192 strings which increase the minimum to 1248 and 1776 respectively. ** libgnutls: Added the gnutls_record_cork() and uncork API to enable buffering in sending application data. ** libgnutls: Removed default random padding, and added a length-hiding interface instead. Both the server and the client must support this extension. Whether length-hiding can be used on a given session can be checked using gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. ** libgnutls: Added the experimental %NEW_PADDING priority string. It enables a new padding mechanism in TLS allowing arbitrary padding in TLS records in all ciphersuites, which makes length-hiding more efficient and solves the issues with timing attacks on CBC ciphersuites. ** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD ciphers (i.e., AES-GCM). Reported by William McGovern. ** API and ABI modifications: gnutls_db_check_entry_time: Added gnutls_record_set_timeout: Added gnutls_record_get_random_padding_status: Added gnutls_x509_crt_set_dn: Added gnutls_x509_crt_set_issuer_dn: Added gnutls_x509_crq_set_dn: Added gnutls_range_split: Added gnutls_record_send_range: Added gnutls_record_set_max_empty_records: Added gnutls_record_can_use_length_hiding: Added gnutls_rnd_refresh: Added xssl_deinit: Added xssl_flush: Added xssl_read: Added xssl_getdelim: Added xssl_write: Added xssl_printf: Added xssl_sinit: Added xssl_client_init: Added xssl_server_init: Added xssl_get_session: Added xssl_get_verify_status: Added xssl_cred_init: Added xssl_cred_deinit: Added dane_state_set_dlv_file: Added GNUTLS_SEC_PARAM_EXPORT: Added GNUTLS_SEC_PARAM_VERY_WEAK: Added * Version 3.1.6 (released 2013-01-02) ** libgnutls: Fixed record padding parsing issue. Reported by Kenny Patterson and Nadhem Alfardan. ** libgnutls: Several updates in the ASN.1 string handling subsystem. ** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero policy qualifiers. ** libgnutls: Ignore heartbeat messages when received out-of-order, instead of issuing an error. ** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported by Kikuchi Masashi. ** libgnutls: TPM support is disabled by default because GPL programs cannot link with it. Use --with-tpm to enable it. ** libgnutls-guile: Fixed parallel compilation issue. ** gnutls-cli: It will try to connect to all possible returned addresses before failing. ** API and ABI modifications: No changes since last version. * Version 3.1.5 (released 2012-11-24) ** libgnutls: Added functions to parse the certificates policies extension. ** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished Name by translating it to UTF-8 (works on windows or systems with iconv). ** libgnutls: Added PKCS #11 key generation function that returns the public key on generation. ** libgnutls: Corrected bug in priority string parsing, that mostly affected combined levels. Patch by Tim Kosse. ** certtool: The --pubkey-info option can be combined with the --load-privkey or --load-request to print the corresponding public keys. ** certtool: It is able to set certificate policies via a template. ** certtool: Added --hex-numbers option which prints big numbers in an easier to parse format. ** p11tool: After key generation, outputs the public key (useful in tokens that do not store the public key). ** danetool: It is being built even without libgnutls-dane (the --check functionality is disabled though). ** API and ABI modifications: gnutls_pkcs11_privkey_generate2: Added gnutls_x509_crt_get_policy: Added gnutls_x509_crt_set_policy: Added gnutls_x509_policy_release: Added gnutls_pubkey_import_x509_crq: Added gnutls_pubkey_print: Added GNUTLS_CRT_PRINT_FULL_NUMBERS: Added * Version 3.1.4 (released 2012-11-10) ** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on the available revocation data validity. ** libgnutls: Added gnutls_certificate_verification_status_print(), a function to print the verification status code in human readable text. ** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. ** libgnutls: Simplified certificate verification by adding gnutls_certificate_verify_peers3(). ** libgnutls: Added support for extension to establish keys for SRTP. Contributed by Martin Storsjo. ** libgnutls: The X.509 verification functions check the key usage bits and pathlen constraints and on failure output GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. ** libgnutls: gnutls_x509_crl_verify() includes the time checks. ** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. ** libgnutls: Always tolerate key usage violation errors from the side of the peer, but also notify via an audit message. ** gnutls-cli: Added --local-dns option. ** danetool: Corrected bug that prevented loading PEM files. ** danetool: Added --check option to allow querying and verifying a site's DANE data. ** libgnutls-dane: Added pkg-config file for the library. ** API and ABI modifications: gnutls_session_get_id2: Added gnutls_sign_is_secure: Added gnutls_certificate_verify_peers3: Added gnutls_ocsp_status_request_is_checked: Added gnutls_certificate_verification_status_print: Added gnutls_srtp_set_profile: Added gnutls_srtp_set_profile_direct: Added gnutls_srtp_get_selected_profile: Added gnutls_srtp_get_profile_name: Added gnutls_srtp_get_profile_id: Added gnutls_srtp_get_keys: Added gnutls_srtp_get_mki: Added gnutls_srtp_set_mki: Added gnutls_srtp_profile_t: Added dane_cert_type_name: Added dane_match_type_name: Added dane_cert_usage_name: Added dane_verification_status_print: Added GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added GNUTLS_CERT_UNEXPECTED_OWNER: Added GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added * Version 3.1.3 (released 2012-10-12) ** libgnutls: Added support for the OCSP Certificate Status extension. ** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP certificate status extension in verification. ** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). ** libgnutls: Increased maximum password length in the PKCS #12 functions. ** libgnutls: Fixed the receipt of session tickets during session resumption. Reported by danblack at http://savannah.gnu.org/support/?108146 ** libgnutls: Added functions to export structures in an allocated buffer. ** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP response corresponds to the given certificate. ** libgnutls: In client side gnutls_init() enables the session ticket and OCSP certificate status request extensions by default. The flag GNUTLS_NO_EXTENSIONS can be used to prevent that. ** libgnutls: Several updates in the OpenPGP code. The generating code is fully RFC6091 compliant and RFC5081 support is only supported in client mode. ** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC certificate verification. ** gnutls-cli: Added --dane option to enable DANE certificate verification. ** danetool: Added tool to generate DANE TLSA Resource Records (RR). ** API and ABI modifications: gnutls_certificate_get_peers_subkey_id: Added gnutls_certificate_set_ocsp_status_request_function: Added gnutls_certificate_set_ocsp_status_request_file: Added gnutls_ocsp_status_request_enable_client: Added gnutls_ocsp_status_request_get: Added gnutls_ocsp_resp_check_crt: Added gnutls_dh_params_export2_pkcs3: Added gnutls_pubkey_export2: Added gnutls_x509_crt_export2: Added gnutls_x509_dn_export2: Added gnutls_x509_crl_export2: Added gnutls_pkcs7_export2: Added gnutls_x509_privkey_export2: Added gnutls_x509_privkey_export2_pkcs8: Added gnutls_x509_crq_export2: Added gnutls_openpgp_crt_export2: Added gnutls_openpgp_privkey_export2: Added gnutls_pkcs11_obj_export2: Added gnutls_pkcs12_export2: Added gnutls_pubkey_import_openpgp_raw: Added gnutls_pubkey_import_x509_raw: Added dane_state_init: Added dane_state_deinit: Added dane_query_tlsa: Added dane_query_status: Added dane_query_entries: Added dane_query_data: Added dane_query_deinit: Added dane_verify_session_crt: Added dane_verify_crt: Added dane_strerror: Added * Version 3.1.2 (released 2012-09-26) ** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() and gnutls_x509_trust_list_add_trust_mem() that prevented the loading of certificates in the windows platform. ** libgnutls: Corrected bug in OpenPGP subpacket encoding. ** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. (the work was done during Google Summer of Code). ** libgnutls: Added X.509 certificate verification flag GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification of unsorted certificate chains and is enabled by default for TLS certificate verification (if gnutls_certificate_set_verify_flags() does not override it). ** libgnutls: Prints warning on certificates that contain keys of an insecure level. If the %COMPAT priority flag is not specified the TLS connection fails. ** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode if interrupted during the retrasmition of handshake data. ** libgnutls: Better mingw32 support (patch by LRN). ** libgnutls: The %COMPAT keyword, if specified, will tolerate key usage violation errors (they are far too common to ignore). ** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), which provides a tool to counter compression-related attacks where parts of the data are controlled by the attacker _and_ are placed in separate records (use with care - do not use compression if not sure). ** libgnutls: Depends on libtasn1 2.14 or later. ** certtool: Prints the number of bits of the public key algorithm parameter in a private key. ** API and ABI modifications: gnutls_x509_privkey_get_pk_algorithm2: Added gnutls_heartbeat_ping: Added gnutls_heartbeat_pong: Added gnutls_heartbeat_allowed: Added gnutls_heartbeat_enable: Added gnutls_heartbeat_set_timeouts: Added gnutls_heartbeat_get_timeout: Added GNUTLS_SEC_PARAM_WEAK: Added GNUTLS_SEC_PARAM_INSECURE: Added * Version 3.1.1 (released 2012-09-02) ** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. ** certtool: Changes in password handling of certtool. Ask password when required and only if the '--password' option is not given. If the '--password' option is given during key generation then assume the PKCS #8 file format, instead of ignoring the password. ** tpmtool: No longer asks for key password in registered keys. ** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. wmNAF is now used for point multiplication and other optimizations. (the major part of the work was done during Google Summer of Code). ** libgnutls: The default pull_timeout_function only uses select instead of a combination of select() and recv() to prevent issues when used in stream sockets in some systems. ** libgnutls: Be tolerant in ECDSA signature violations (e.g. using SHA256 with a SECP384 curve instead of SHA-384), to interoperate with openssl. ** libgnutls: Fixed DSA and ECDSA signature generation in smart cards. Thanks to Andreas Schwier from cardcontact.de for providing me with ECDSA capable smart cards. ** API and ABI modifications: gnutls_sign_algorithm_get: Added gnutls_sign_get_hash_algorithm: Added gnutls_sign_get_pk_algorithm: Added * Version 3.1.0 (released 2012-08-15) ** libgnutls: Added direct support for TPM as a cryptographic module in gnutls/tpm.h. TPM keys can be used in functions accepting files using URLs of the following types: tpmkey:file=/path/to/file tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user ** libgnutls: Priority string level keywords can be combined. For example the string "SECURE256:+SUITEB128" is now allowed. ** libgnutls: requires libnettle 2.5. ** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) for encryption and signatures. ** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between generic errors and signature verification errors in the verification functions. ** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function to simplify parsing in most PKCS #12 use cases. ** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds the whole certificate chain (if any) to the credentials structure, instead of only the end-user certificate. ** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() and gnutls_x509_privkey_import_pkcs8(), return consistently GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no password was provided. ** libgnutls: Added gnutls_handshake_set_timeout() a function that allows to set the maximum time spent in a handshake. ** libgnutlsxx: Added session::set_transport_vec_push_function. Patch by Alexandre Bique. ** tpmtool: Added. It is a tool to generate private keys in the TPM. ** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx and --benchmark-tls-ciphers ** certtool: generated PKCS #12 structures may hold more than one private key. Patch by Lucas Fisher. ** certtool: Added option --null-password to generate/decrypt keys that use a NULL password (in schemas that distinguish between NULL an empty passwords). ** minitasn1: Upgraded to libtasn1 version 2.13. ** API and ABI modifications: GNUTLS_CERT_SIGNATURE_FAILURE: Added GNUTLS_CAMELLIA_192_CBC: Added GNUTLS_PKCS_NULL_PASSWORD: Added gnutls_url_is_supported: Added gnutls_pkcs11_obj_list_import_url2: Added gnutls_pkcs11_obj_set_pin_function: Added gnutls_pkcs11_privkey_set_pin_function: Added gnutls_pkcs11_get_pin_function: Added gnutls_privkey_import_tpm_raw: Added gnutls_privkey_import_tpm_url: Added gnutls_privkey_import_pkcs11_url: Added gnutls_privkey_import_openpgp_raw: Added gnutls_privkey_import_x509_raw: Added gnutls_privkey_import_ext2: Added gnutls_privkey_import_url: Added gnutls_privkey_set_pin_function: Added gnutls_tpm_privkey_generate: Added gnutls_tpm_key_list_deinit: Added gnutls_tpm_key_list_get_url: Added gnutls_tpm_get_registered: Added gnutls_tpm_privkey_delete: Added gnutls_pubkey_import_tpm_raw: Added gnutls_pubkey_import_tpm_url: Added gnutls_pubkey_import_url: Added gnutls_pubkey_verify_hash2: Added gnutls_pubkey_set_pin_function: Added gnutls_x509_privkey_import2: Added gnutls_x509_privkey_import_openssl: Added gnutls_x509_crt_set_pin_function: Added gnutls_load_file: Added gnutls_pkcs12_simple_parse: Added gnutls_certificate_set_x509_system_trust: Added gnutls_certificate_set_pin_function: Added gnutls_x509_trust_list_add_system_trust: Added gnutls_x509_trust_list_add_trust_file: Added gnutls_x509_trust_list_add_trust_mem: Added gnutls_pk_to_sign: Added gnutls_handshake_set_timeout: Added gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2)

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

=== 1.4 / 2013-07-23 * Minor enhancements * Relaxed parser to accept quoted algorithm to work with Linksys SPA922. Pull request #8 by Ismail Hanli, Issue #5 by bearded === 1.3 / 2012-03-28 * Minor enhancements * The cnonce is regenerated for every request to improve security. * SecureRandom is used to generate the cnonce instead of Kernel#rand * Bug fix * cnonce and nonce-count are no longer sent when qop was not provided per RFC 2617 section 3.2.2.

Update DEPENDS Add test target Upstream changes: 2015-03-14 -- 1.4.3 * Remove three warnings: star-args, abstract-class-little-used, abstract-class-not-used. These warnings don't add any real value and they don't imply errors or problems in the code. * Added a new option for controlling the peephole optimizer in astroid. The option ``--optimize-ast`` will control the peephole optimizer, which is used to optimize a couple of AST subtrees. The current problem solved by the peephole optimizer is when multiple joined strings, with the addition operator, are encountered. If the numbers of such strings is high enough, Pylint will then fail with a maximum recursion depth exceeded error, due to its visitor architecture. The peephole just transforms such calls, if it can, into the final resulting string and this exhibit a problem, because the visit_binop method stops being called (in the optimized AST it will be a Const node). 2015-03-11 -- 1.4.2 * Don't require a docstring for empty modules. Closes issue #261. * Fix a false positive with `too-few-format-args` string warning, emitted when the string format contained a normal positional argument ('{0}'), mixed with a positional argument which did an attribute access ('{0.__class__}'). Closes issue #463. * Take in account all the methods from the ancestors when checking for too-few-public-methods. Closes issue #471. * Catch enchant errors and emit 'invalid-characters-in-docstring' when checking for spelling errors. Closes issue #469. * Use all the inferred statements for the super-init-not-called check. Closes issue #389. * Add a new warning, 'unichr-builtin', emitted by the Python 3 porting checker, when the unichr builtin is found. Closes issue #472. * Add a new warning, 'intern-builtin', emitted by the Python 3 porting checker, when the intern builtin is found. Closes issue #473. * Add support for editable installations. * The HTML output accepts the `--msg-template` option. Patch by Dan Goldsmith. * Add 'map-builtin-not-iterating' (replacing 'implicit-map-evaluation'), 'zip-builtin-not-iterating', 'range-builtin-not-iterating', and 'filter-builtin-not-iterating' which are emitted by `--py3k` when the appropriate built-in is not used in an iterating context (semantics taken from 2to3). * Add a new warning, 'unidiomatic-typecheck', emitted when an explicit typecheck uses type() instead of isinstance(). For example, `type(x) == Y` instead of `isinstance(x, Y)`. Patch by Chris Rebert. Closes issue #299. * Add support for combining the Python 3 checker mode with the --jobs flag (--py3k and --jobs). Closes issue #467. * Add a new warning for the Python 3 porting checker, 'using-cmp-argument', emitted when the `cmp` argument for the `list.sort` or `sorted builtin` is encountered. * Make the --py3k flag commutative with the -E flag. Also, this patch fixes the leaks of error messages from the Python 3 checker when the errors mode was activated. Closes issue #437. 2015-01-16 -- 1.4.1 * Look only in the current function's scope for bad-super-call. Closes issue #403. * Check the return of properties when checking for not-callable. Closes issue #406. * Warn about using the input() or round() built-ins for Python 3. Closes issue #411. * Proper abstract method lookup while checking for abstract-class-instantiated. Closes issue #401. * Use a mro traversal for finding abstract methods. Closes issue #415. * Fix a false positive with catching-non-exception and tuples of exceptions. * Fix a false negative with raising-non-exception, when the raise used an uninferrable exception context. * Fix a false positive on Python 2 for raising-bad-type, when raising tuples in the form 'raise (ZeroDivisionError, None)'. * Fix a false positive with invalid-slots-objects, where the slot entry was an unicode string on Python 2. Closes issue #421. * Add a new warning, 'redundant-unittest-assert', emitted when using unittest's methods assertTrue and assertFalse with constant value as argument. Patch by Vlad Temian. * Add a new JSON reporter, usable through -f flag. * Add the method names for the 'signature-differs' and 'argument-differs' warnings. Closes issue #433. * Don't compile test files when installing. * Fix a crash which occurred when using multiple jobs and the files given as argument didn't exist at all. 2014-11-23 -- 1.4.0 * Added new options for controlling the loading of C extensions. By default, only C extensions from the stdlib will be loaded into the active Python interpreter for inspection, because they can run arbitrary code on import. The option `--extension-pkg-whitelist` can be used to specify modules or packages that are safe to load. * Change default max-line-length to 100 rather than 80 * Drop BaseRawChecker class which were only there for backward compat for a while now * Don't try to analyze string formatting with objects coming from function arguments. Closes issue #373. * Port source code to be Python 2/3 compatible. This drops the need for 2to3, but does drop support for Python 2.5. * Each message now comes with a confidence level attached, and can be filtered base on this level. This allows to filter out all messages that were emitted even though an inference failure happened during checking. * Improved presenting unused-import message. Closes issue #293. * Add new checker for finding spelling errors. New messages: wrong-spelling-in-comment, wrong-spelling-in-docstring. New options: spelling-dict, spelling-ignore-words. * Add new '-j' option for running checks in sub-processes. * Added new checks for line endings if they are mixed (LF vs CRLF) or if they are not as expected. New messages: mixed-line-endings, unexpected-line-ending-format. New option: expected-line-ending-format. * 'dangerous-default-value' no longer evaluates the value of the arguments, which could result in long error messages or sensitive data being leaked. Closes issue #282 * Fix a false positive with string formatting checker, when encountering a string which uses only position-based arguments. Closes issue #285. * Fix a false positive with string formatting checker, when using keyword argument packing. Closes issue #288. * Proper handle class level scope for lambdas. * Handle 'too-few-format-args' or 'too-many-format-args' for format strings with both named and positional fields. Closes issue #286. * Analyze only strings by the string format checker. Closes issue #287. * Properly handle nested format string fields. Closes issue #294. * Don't emit 'attribute-defined-outside-init' if the attribute was set by a function call in a defining method. Closes issue #192. * Properly handle unicode format strings for Python 2. Closes issue #296. * Don't emit 'import-error' if an import was protected by a try-except, which excepted ImportError. * Fix an 'unused-import' false positive, when the error was emitted for all the members imported with 'from import' form. Closes issue #304. * Don't emit 'invalid-name' when assigning a name in an ImportError handler. Closes issue #302. * Don't count branches from nested functions. * Fix a false positive with 'too-few-format-args', when the format strings contains duplicate manual position arguments. Closes issue #310. * fixme regex handles comments without spaces after the hash. Closes issue #311. * Don't emit 'unused-import' when a special object is imported (__all__, __doc__ etc.). Closes issue #309. * Look in the metaclass, if defined, for members not found in the current class. Closes issue #306. * Don't emit 'protected-access' if the attribute is accessed using a property defined at the class level. * Detect calls of the parent's __init__, through a binded super() call. * Check that a class has an explicitly defined metaclass before emitting 'old-style-class' for Python 2. * Emit 'catching-non-exception' for non-class nodes. Closes issue #303. * Order of reporting is consistent. * Add a new warning, 'boolean-datetime', emitted when an instance of 'datetime.time' is used in a boolean context. Closes issue #239. * Fix a crash which ocurred while checking for 'method-hidden', when the parent frame was something different than a function. * Generate html output for missing files. Closes issue #320. * Fix a false positive with 'too-many-format-args', when the format string contains mixed attribute access arguments and manual fields. Closes issue #322. * Extend the cases where 'undefined-variable' and 'used-before-assignment' can be detected. Closes issue #291. * Add support for customising callback identifiers, by adding a new '--callbacks' command line option. Closes issue #326. * Add a new warning, 'logging-format-interpolation', emitted when .format() string interpolation is used within logging function calls. * Don't emit 'unbalanced-tuple-unpacking' when the rhs of the assignment is a variable length argument. Closes issue #329. * Add a new warning, 'inherit-non-class', emitted when a class inherits from something which is not a class. Closes issue #331. * Fix another false positives with 'undefined-variable', where the variable can be found as a class assignment and used in a function annotation. Closes issue #342. * Handle assignment of the string format method to a variable. Closes issue #351. * Support wheel packaging format for PyPi. Closes issue #334. * Check that various built-ins that do not exist in Python 3 are not used: apply, basestring, buffer, cmp, coerce, execfile, file, long raw_input, reduce, StandardError, unicode, reload and xrange. * Warn for magic methods which are not used in any way in Python 3: __coerce__, __delslice__, __getslice__, __setslice__, __cmp__, __oct__, __nonzero__ and __hex__. * Don't emit 'assigning-non-slot' when the assignment is for a property. Closes issue #359. * Fix for regression: '{path}' was no longer accepted in '--msg-template'. * Report the percentage of all messages, not just for errors and warnings. Closes issue #319. * 'too-many-public-methods' is reported only for methods defined in a class, not in its ancestors. Closes issue #248. * 'too-many-lines' disable pragma can be located on any line, not only the first. Closes issue #321. * Warn in Python 2 when an import statement is found without a corresponding `from __future__ import absolute_import`. * Warn in Python 2 when a non-floor division operation is found without a corresponding `from __future__ import division`. * Add a new option, 'exclude-protected', for excluding members from the protected-access warning. Closes issue #48. * Warn in Python 2 when using dict.iter*(), dict.view*(); none of these methods are available in Python 3. * Warn in Python 2 when calling an object's next() method; Python 3 uses __next__() instead. * Warn when assigning to __metaclass__ at a class scope; in Python 3 a metaclass is specified as an argument to the 'class' statement. * Warn when performing parameter tuple unpacking; it is not supported in Python 3. * 'abstract-class-instantiated' is also emitted for Python 2. It was previously disabled. * Add 'long-suffix' error, emitted when encountering the long suffix on numbers. * Add support for disabling a checker, by specifying an 'enabled' attribute on the checker class. * Add a new CLI option, --py3k, for enabling Python 3 porting mode. This mode will disable all other checkers and will emit warnings and errors for constructs which are invalid or removed in Python 3. * Add 'old-octal-literal' to Python 3 porting checker, emitted when encountering octals with the old syntax. * Add 'implicit-map-evaluation' to Python 3 porting checker, emitted when encountering the use of map builtin, without explicit evaluation. 2014-07-26 -- 1.3.0 * Allow hanging continued indentation for implicitly concatenated strings. Closes issue #232. * Pylint works under Python 2.5 again, and its test suite passes. * Fix some false positives for the cellvar-from-loop warnings. Closes issue #233. * Return new astroid class nodes when the inferencer can detect that that result of a function invocation on a type (like `type` or `abc.ABCMeta`) is requested. Closes #205. * Emit 'undefined-variable' for undefined names when using the Python 3 `metaclass=` argument. * Checkers respect priority now. Close issue #229. * Fix a false positive regarding W0511. Closes issue #149. * Fix unused-import false positive with Python 3 metaclasses (#143). * Don't warn with 'bad-format-character' when encountering the 'a' format on Python 3. * Add multiple checks for PEP 3101 advanced string formatting: 'bad-format-string', 'missing-format-argument-key', 'unused-format-string-argument', 'format-combined-specification', 'missing-format-attribute' and 'invalid-format-index'. * Issue broad-except and bare-except even if the number of except handlers is different than 1. Fixes issue #113. * Issue attribute-defined-outside-init for all cases, not just for the last assignment. Closes issue #262. * Emit 'not-callable' when calling properties. Closes issue #268. * Fix a false positive with unbalanced iterable unpacking, when encountering starred nodes. Closes issue #273. * Add new checks, 'invalid-slice-index' and 'invalid-sequence-index' for invalid sequence and slice indices. * Add 'assigning-non-slot' warning, which detects assignments to attributes not defined in slots. * Don't emit 'no-name-in-module' for ignored modules. Closes issue #223. * Fix an 'unused-variable' false positive, where the variable is assigned through an import. Closes issue #196. * Definition order is considered for classes, function arguments and annotations. Closes issue #257. * Don't emit 'unused-variable' when assigning to a nonlocal. Closes issue #275. * Do not let ImportError propagate from the import checker, leading to crash in some namespace package related cases. Closes issue #203. * Don't emit 'pointless-string-statement' for attribute docstrings. Closes issue #193. * Use the proper mode for pickle when opening and writing the stats file. Closes issue #148. * Don't emit hidden-method message when the attribute has been monkey-patched, you're on your own when you do that. * Only emit attribute-defined-outside-init for definition within the same module as the offended class, avoiding to mangle the output in some cases. * Don't emit 'unnecessary-lambda' if the body of the lambda call contains call chaining. Closes issue #243. * Don't emit 'missing-docstring' when the actual docstring uses `.format`. Closes issue #281. 2014-04-30 -- 1.2.1 * Restore the ability to specify the init-hook option via the configuration file, which was accidentally broken in 1.2.0. * Add a new warning [bad-continuation] for badly indentend continued lines. * Emit [assignment-from-none] when the function contains bare returns. Fixes BitBucket issue #191. * Added a new warning for closing over variables that are defined in loops. Fixes Bitbucket issue #176. * Do not warn about \u escapes in string literals when Unicode literals are used for Python 2.*. Fixes BitBucket issue #151. * Extend the checking for unbalanced-tuple-unpacking and unpacking-non-sequence to instance attribute unpacking as well. * Fix explicit checking of python script (1.2 regression, #219) * Restore --init-hook, renamed accidentally into --init-hooks in 1.2.0 (#211) * Add 'indexing-exception' warning, which detects that indexing an exception occurs in Python 2 (behaviour removed in Python 3). 2014-04-18 -- 1.2.0 * Pass the current python paths to pylint process when invoked via epylint. Fixes BitBucket issue #133. * Add -i / --include-ids and -s / --symbols back as completely ignored options. Fixes BitBucket issue #180. * Extend the number of cases in which logging calls are detected. Fixes bitbucket issue #182. * Improve pragma handling to not detect pylint:* strings in non-comments. Fixes BitBucket issue #79. * Do not crash with UnknownMessage if an unknown message ID/name appears in disable or enable in the configuration. Patch by Cole Robinson. Fixes bitbucket issue #170. * Add new warning 'eval-used', checking that the builtin function `eval` was used. * Make it possible to show a naming hint for invalid name by setting include-naming-hint. Also make the naming hints configurable. Fixes BitBucket issue #138. * Added support for enforcing multiple, but consistent name styles for different name types inside a single module; based on a patch written by morbo@google.com. * Also warn about empty docstrings on overridden methods; contributed by sebastianu@google.com. * Also inspect arguments to constructor calls, and emit relevant warnings; contributed by sebastianu@google.com. * Added a new configuration option logging-modules to make the list of module names that can be checked for 'logging-not-lazy' et. al. configurable; contributed by morbo@google.com. * ensure init-hooks is evaluated before other options, notably load-plugins (#166) * Python 2.5 support restored: fixed small issues preventing pylint to run on python 2.5. Bitbucket issues #50 and #62. * bitbucket #128: pylint doesn't crash when looking for used-before-assignment in context manager assignments. * Add new warning, 'bad-reversed-sequence', for checking that the reversed() builtin receive a sequence (implements __getitem__ and __len__, without being a dict or a dict subclass) or an instance which implements __reversed__. * Mark `file` as a bad function when using python2 (closes #8). * Add new warning 'bad-exception-context', checking that `raise ... from ...` uses a proper exception context (None or an exception). * Enhance the check for 'used-before-assignment' to look for 'nonlocal' uses. * Emit 'undefined-all-variable' if a package's __all__ variable contains a missing submodule (closes #126). * Add a new warning 'abstract-class-instantiated' for checking that abstract classes created with `abc` module and with abstract methods are instantied. * Do not warn about 'return-arg-in-generator' in Python 3.3+. * Do not warn about 'abstract-method' when the abstract method is implemented through assignment (#155). * Improve cyclic import detection in the case of packages, patch by Buck Golemon * Add new warnings for checking proper class __slots__: `invalid-slots-object` and `invalid-slots`. * Search for rc file in `~/.config/pylintrc` if `~/.pylintrc` doesn't exists (#121) * Don't register the newstyle checker w/ python >= 3 * Fix unused-import false positive w/ augment assignment (#78) * Fix access-member-before-definition false negative wrt aug assign (#164) * Do not attempt to analyze non python file, eg .so file (#122)

--------------------- Version 0.9.7 - for a detailed log and changed files visit GitHub ---------------------------- - Reviewed and updated README - Huge POD rewrite - Adding a small script that generates HTML from POD and applies CSS from CPAN. Useful for reviewing the POD before release. - Added a test for POD validation - Added an example file that can test GitHub Issues #8, #9, #10 - GitHub [Issue #9] [Issue #10] Fixed cell_props applied to a different row when 'Repeat Headers' is enabled - Introduced column_numbers variable to avoid using $record in a broader scope. Further improvement needed. - Header row height is copied to each new page when 'Repeat Headers' is enabled - Fixed messing up row height when repeat headers is enabled due to access by array index vs shift/unshift - Fixed row height for rows with text blocks - Headers_props variable has been wrongly initialised with 0 causing a copy of the first data row even when header props are not passed as parameter - Added initialisation of header props justify param so that column and cell properties are not affecting the default value. - Fixed an issue with messing up row properties when repeating the header row on each page. - Examples have been formatted. - One new example added (header.pl) for demonstrating how header row can be added to multiple pages. - No need to export variables. Added one more test. - Removed pad_w and pad_h local variable as useless - Fixed typo causing a bug with row_height param. Added example file for row_height. To be used for writing a test. - Added POD for row_height param - Row counting should not be skipped if it is first row. - Added one more test(duplicates existing) but only to have base. - Extracted PDF::API2 Mock as a separate package. Created New test with the very basics. Create a new package that will hold predefined data for tests so it can be reused. - Fixed a variable that masks earlier declaration. - Fixed Issue #4 - Row height is calculated correctly depending on font size. Some variables are renamed to more meaningful. Row counting is done in a new way with single counter that is used for column and cell props retrieval. - Row height is now calculated for each row based on maximum font size from all cells. Refactored some variable names and unified row counting during column size calculation phase. - Fixed doc details in POD - Cosmetic changes - Decreased indent and reduced if body. For easier review, diff with whitespace changes disabled. - Added github url in readme Version 0.9.6 ---------------------------- - Fixed typo in POD. Closes #71816 Thanks to Gregor Herrmann - Small code refactoring. - Added patch for infinite loop fix. Closes #77376 Thanks to John Bazik - Added patch for header justification. Closes #77566 Thanks to James Lance - Added horizontal_borders, vertical_borders params to table(). Closes #79883 Thanks to Eric Johnson Version 0.9.5 - 18.Oct.2011 ---------------------------- - MANIFEST was missing sample pdf file. - Accidently left alternative code for infinite loop fix commented out. Fixed. Added a test for that. Version 0.9.4 - 17.Oct.2011 ---------------------------- - Don't bump row count when row spans a page. Closes #67401. - Fixed bug: don't call text_block if record width is exactly cell width. - Fixed bug in text_block: bottom is (top - height), not (baseline - height). - Example script typo fixed. Closes #55133. - Don't set up strokes when border is 0. Apparently breaks Acrobat. Closes #40705 and #55137. - Changed print warnings to carp. Closes #38007. - Added center justification for columns and cells. Tests, too. Closes #37924. - Fixed infinite loop caused by uninitialized $2. Thanks to Petri Kaurinkoski. Closes #34017. - Fixed perl warning if $col_prop->{min_w} is undef. Thanks to Matthias Pitzl (NEPOS). Closes #30720. - Fixed default header background color bug, closes #28542. - Added mock PDF::API2 packages to test script and added tests. - Improve column width calculations so wider content gets wider columns. Added column width test. Thanks to Barrie Slaymaker (RBS). Closes #26158.

- Add comment on DEPENDS related, make test may fail # if Net::Server exists, t/60 may fail due to more test items # t/60_net_server.t ............... skipped: Net::Server not available #DEPENDS+= p5-Net-Server-[0-9]*:../../net/p5-Net-Server (upstream) - Update to 0.79 -------------- 0.79 Friday May 1, 2015, 09:00:00 AM -0700 * t/40_server.t * t/40_server_xmllibxml.t * t/41_server_hang.t * t/60_net_server.t * t/70_compression_detect.t * t/90_rt54183_sigpipe.t * t/util.pl Test clean-up/fixes to address CPAN test failures. Should address problems with having IO::Socket::IP acting in place of IO::Socket::INET and also address some issues with a dynloader bug being triggered by t/70_compression_detect.t. * t/00_load.t * t/10_data.t * t/11_base64_fh.t * t/12_nil.t * t/13_no_deep_recursion.t * t/14_datetime_iso8601.t * t/15_serialize.t * t/20_xml_parser.t * t/21_xml_libxml.t * t/25_parser_negative.t * t/29_parserfactory.t * t/30_procedure.t * t/35_namespaces.t * t/40_server.t * t/40_server_xmllibxml.t * t/41_server_hang.t * t/50_client.t * t/51_client_with_host_header.t * t/60_net_server.t * t/90_rt50013_parser_bugs.t * t/90_rt54183_sigpipe.t * t/90_rt54494_blessed_refs.t * t/90_rt58065_allow_nil.t * t/90_rt58323_push_parser.t * t/util.pl Perl::Critic clean-up of test suites. * lib/RPC/XML/Parser/XMLParser.pm Fix to prevent a new sprintf-related warning in 5.21. * README * lib/Apache/RPC/status.code Merge pull request #8 from jkg/docfixes (James Green). Replace indirect object notation with direct.

patch refresh grace of mkpatches upstream notable changes list since the 3.2 to 3.3 branch point (excerpt of the NEWS file): * Version 3.3.15 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** API and ABI modifications: No changes since last version. * Version 3.3.14 (released 2015-03-30) ** libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo structures use BER to decode them (requires libtasn1 4.3). That allows to decode some more complex structures. ** libgnutls: When an end-certificate with no name is present and there are CA name constraints, don't reject the certificate. This follows RFC5280 advice closely. Reported by Fotis Loukos. ** libgnutls: Fixed handling of supplemental data with types > 255. Patch by Thierry Quemerais. ** libgnutls: Fixed double free in the parsing of CRL distribution points certificate extension. Reported by Robert Święcki. ** libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That protocol is not enabled by default (used by openconnect VPN). ** libgnutls: The maximum user data send size is set to be the same for block and non-block ciphersuites. This addresses a regression with wine: https://bugs.winehq.org/show_bug.cgi?id=37500 ** libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, and CKA_DECRYPT when needed. ** libgnutls: Allow names with zero size to be set using gnutls_server_name_set(). That will disable the Server Name Indication. Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 ** API and ABI modifications: No changes since last version. * Version 3.3.13 (released 2015-02-25) ** libgnutls: Enable AESNI in GCM on x86 ** libgnutls: Fixes in DTLS message handling ** libgnutls: Check certificate algorithm consistency, i.e., check whether the signatureAlgorithm field matches the signature field inside TBSCertificate. ** gnutls-cli: Fixes in OCSP verification. ** API and ABI modifications: No changes since last version. * Version 3.3.12 (released 2015-01-17) ** libgnutls: When negotiating TLS use the lowest enabled version in the client hello, rather than the lowest supported. In addition, do not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 is the only protocol supported. That addresses issues with servers that immediately drop the connection when the encounter SSL 3.0 as the record version number. See: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html ** libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. ** libgnutls: Handle zero length plaintext for VIA PadLock functions. This solves a potential crash on AES encryption for small size plaintext. Patch by Matthias-Christian Ott. ** libgnutls: In DTLS don't combine multiple packets which exceed MTU. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 ** libgnutls: In DTLS decode all handshake packets present in a record packet, in a single pass. Reported by Andreas Schultz. https://savannah.gnu.org/support/?108712 ** libgnutls: When importing a CA file with a PKCS #11 URL, simply import the certificates, if the URL specifies objects, rather than treating it as trust module. ** libgnutls: When importing a PKCS #11 URL and we know the type of object we are importing, don't require the object type in the URL. ** libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 was used by the server. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** guile: Fix harmless warning during compilation of gnutls.scm Initially reported at <https://bugzilla.redhat.com/show_bug.cgi?id=1177847>. ** certtool: --pubkey-info will also attempt to load a public key from stdin. ** gnutls-cli: Added --starttls-proto option. That allows to specify a protocol for starttls negotiation. ** API and ABI modifications: No changes since last version. * Version 3.3.11 (released 2014-12-11) ** libgnutls: Corrected regression introduced in 3.3.9 related to session renegotiation. Reported by Dan Winship. ** libgnutls: Corrected parsing issue with OCSP responses. ** API and ABI modifications: No changes since last version. * Version 3.3.10 (released 2014-11-10) ** libgnutls: Refuse to import v1 or v2 certificates that contain extensions. ** libgnutls: Fixes in usage of PKCS #11 token callback ** libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. Reported by David Woodhouse. ** libgnutls: Removed superfluous random generator refresh on every call of gnutls_deinit(). That reduces load and usage of /dev/urandom. ** libgnutls: Corrected issue in export of ECC parameters to X9.63 format. Reported by Sean Burford [GNUTLS-SA-2014-5]. ** libgnutls: When gnutls_global_init() is called for a second time, it will check whether the /dev/urandom fd kept is still open and matches the original one. That behavior works around issues with servers that close all file descriptors. ** libgnutls: Corrected behavior with PKCS #11 objects that are marked as CKA_ALWAYS_AUTHENTICATE. ** certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. That option is more compatible than AES or RC4. ** API and ABI modifications: No changes since last version. * Version 3.3.9 (released 2014-10-13) ** libgnutls: Fixes in the transparent import of PKCS #11 certificates. Reported by Joseph Peruski. ** libgnutls: Fixed issue with unexpected non-fatal errors resetting the handshake's hash buffer, in applications using the heartbeat extension or DTLS. Reported by Joeri de Ruiter. ** libgnutls: When both a trust module and additional CAs are present account the latter as well; reported by David Woodhouse. ** libgnutls: added GNUTLS_TL_GET_COPY flag for gnutls_x509_trust_list_get_issuer(). That allows the function to be used in a thread safe way when PKCS #11 trust modules are in use. ** libgnutls: fix issue in DTLS retransmission when session tickets were in use; reported by Manuel Pégourié-Gonnard. ** libgnutls-dane: Do not require the CA on a ca match to be direct CA. ** libgnutls: Prevent abort() in library if getrusage() fails. Try to detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. ** guile: new 'set-session-server-name!' procedure; see the manual for details. ** certtool: The authority key identifier will be set in a certificate only if the CA's subject key identifier is set. ** API and ABI modifications: No changes since last version. * Version 3.3.8 (released 2014-09-18) ** libgnutls: Updates in the name constraints checks. No name constraints will be checked for intermediate certificates. As our support for name constraints is limited to e-mail addresses in DNS names, it is pointless to check them on intermediate certificates. ** libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple object listing would fail completely if a single object could not be exported. ** libgnutls: Improved the performance of PKCS #11 object listing/retrieving, by retrieving them in large batches. Report and suggestion by David Woodhouse. ** libgnutls: Fixed issue with certificates being sanitized by gnutls prior to signature verification. That resulted to certain non-DER compliant modifications of valid certificates, being corrected by libtasn1's parser and restructured as the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from Codenomicon. ** libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle strings with embedded spaces and escaped commas. ** libgnutls: when comparing a CA certificate with the trusted list compare the name and key only instead of the whole certificate. That is to handle cases where a CA certificate was superceded by a different one with the same name and the same key. ** libgnutls: when verifying a certificate against a p11-kit trusted module, use the attached extensions in the module to override the CA's extensions (that requires p11-kit 0.20.7). ** libgnutls: In DTLS prevent sending zero-size fragments in certain cases of MTU split. Reported by Manuel Pégourié-Gonnard. ** libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows verifying using a hostname and a purpose (extended key usage). That enhances PKCS #11 trust module verification, as it can now check the purpose when this function is used. ** libgnutls: Corrected gnutls_x509_crl_verify() which would always report a CRL signature as invalid. Reported by Armin Burgmeier. ** libgnutls: added option --disable-padlock to allow disabling the padlock CPU acceleration. ** p11tool: when listing tokens, list their type as well. ** p11tool: when listing objects from a trust module print any attached extensions on certificates. ** API and ABI modifications: gnutls_x509_crq_get_extension_by_oid2: Added gnutls_x509_crt_get_extension_by_oid2: Added gnutls_x509_trust_list_verify_crt2: Added gnutls_x509_ext_print: Added gnutls_x509_ext_deinit: Added gnutls_x509_othername_to_virtual: Added gnutls_pkcs11_obj_get_exts: Added * Version 3.3.7 (released 2014-08-24) ** libgnutls: Added function to export the public key of a PKCS #11 private key. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: Explicitly set the exponent in PKCS #11 key generation. That improves compatibility with certain PKCS #11 modules. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: When generating a PKCS #11 private key allow setting the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. ** libgnutls: gnutls_pkcs11_privkey_t will always hold an open session to the key. ** libgnutls: bundle replacements of inet_pton and inet_aton if not available. ** libgnutls: initialize parameters variable on PKCS #8 decryption. ** libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 algorithms. ** libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 requirement of checking the Common Name (CN) part of DN only if there is a single CN present in the certificate. ** libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS mode, when set to 1. ** libgnutls: In DTLS ignore only errors that relate to unexpected packets and decryption failures. ** p11tool: Added --info parameter. ** certtool: Added --mark-wrap parameter. ** danetool: --check will attempt to retrieve the server's certificate chain and verify against it. ** danetool/gnutls-cli-debug: Added --app-proto parameters which can be used to enforce starttls (currently only SMTP and IMAP) on the connection. ** danetool: Added openssl linking exception, to allow linking with libunbound. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_ATTR_MATCH: Added gnutls_pkcs11_privkey_export_pubkey: Added gnutls_pkcs11_obj_flags_get_str: Added gnutls_pkcs11_obj_get_flags: Added * Version 3.3.6 (released 2014-07-23) ** libgnutls: Use inet_ntop to print IP addresses when available ** libgnutls: gnutls_x509_crt_check_hostname and friends will also check IP addresses, and match documented behavior. Reported by David Woodhouse. ** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 bit parameters. ** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens being usable after a reinitialization. ** libgnutls: fixed PKCS #11 private key operations after a fork. ** libgnutls: fixed PKCS #11 ECDSA key generation. ** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to explicitly enable/disable the use of certain CPU capabilities. Note that CPU detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel CPU. The currently available options are: 0x1: Disable all run-time detected optimizations 0x2: Enable AES-NI 0x4: Enable SSSE3 0x8: Enable PCLMUL 0x100000: Enable VIA padlock 0x200000: Enable VIA PHE 0x400000: Enable VIA PHE SHA512 ** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. ** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. ** p11tool: ask for label when one isn't provided. ** p11tool: added --batch parameter to disable any interactivity. ** p11tool: will not implicitly enable so-login for certain types of objects. That avoids issues with tokens that require different login types. ** certtool/p11tool: Added the --curve parameter which allows to explicitly specify the curve to use. ** API and ABI modifications: gnutls_certificate_set_x509_trust_dir: Added gnutls_x509_trust_list_add_trust_dir: Added * Version 3.3.5 (released 2014-06-26) ** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). These functions provide a variant of gnutls_record_recv() that avoids the final memcpy of data. ** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a faster variant of gnutls_x509_crl_get_crt_serial() when coping with very large structures. ** libgnutls: When the decoding of a printable DN element fails, then treat it as unknown and print its hex value rather than failing. That works around an issue in a TURKTRST root certificate which improperly encodes the X520countryName element. ** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number of certificates present in a PKCS #11 token when loading it. ** libgnutls: Allow the post client hello callback to put the handshake on hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. ** certtool: option --to-p12 will now consider --load-ca-certificate ** certtol: Added option to specify the PKCS #12 friendly name on command line. ** p11tool: Allow marking a certificate copied to a token as a CA. ** API and ABI modifications: GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added gnutls_x509_crl_iter_deinit: Added gnutls_x509_crl_iter_crt_serial: Added gnutls_record_recv_packet: Added gnutls_packet_deinit: Added gnutls_packet_get: Added * Version 3.3.4 (released 2014-05-31) ** libgnutls: Updated Andy Polyakov's assembly code. That prevents a crash on certain CPUs. ** API and ABI modifications: No changes since last version. * Version 3.3.3 (released 2014-05-30) ** libgnutls: Eliminated memory corruption issue in Server Hello parsing. Issue reported by Joonas Kuorilehto of Codenomicon. ** libgnutls: gnutls_global_set_mutex() was modified to operate with the new initialization process. ** libgnutls: Increased the maximum certificate size buffer in the PKCS #11 subsystem. ** libgnutls: Check the return code of getpwuid_r() instead of relying on the result value. That avoids issue in certain systems, when using tofu authentication and the home path cannot be determined. Issue reported by Viktor Dukhovni. ** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 ** gnutls-cli: --dane will only check the end certificate if PKIX validation has been disabled. ** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot be emulated with the implicit initialization of gnutls. ** certtool: Allow multiple organizations and organizational unit names to be specified in a template. ** certtool: Warn when invalid configuration options are set to a template. ** ocsptool: Include path in ocsp request. This resolves #108582 (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. ** API and ABI modifications: gnutls_credentials_get: Added * Version 3.3.2 (released 2014-05-06) ** libgnutls: Added the 'very weak' certificate verification profile that corresponds to 64-bit security level. ** libgnutls: Corrected file descriptor leak on random generator initialization. ** libgnutls: Corrected file descriptor leak on PSK password file reading. Issue identified using the Codenomicon TLS test suite. ** libgnutls: Avoid deinitialization if initialization has failed. ** libgnutls: null-terminate othername alternative names. ** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly on a PKCS #11 trust list. ** libgnutls: Several small bug fixes identified using valgrind and the Codenomicon TLS test suite. ** libgnutls-dane: Accept a certificate using DANE if there is at least one entry that matches the certificate. Patch by simon [at] arlott.org. ** libgnutls-guile: Fixed compilation issue. ** certtool: Allow exporting a CRL on DER format. ** certtool: The ECDSA keys generated by default use the SECP256R1 curve which is supported more widely than the previously used SECP224R1. ** API and ABI modifications: GNUTLS_PROFILE_VERY_WEAK: Added * Version 3.3.1 (released 2014-04-19) ** libgnutls: Enforce more strict checks to heartbeat messages concerning padding and payload. Suggested by Peter Dettman. ** libgnutls: Allow decoding PKCS #8 files with ECC parameters from openssl. ** libgnutls: Several small bug fixes found by coverity. ** libgnutls: The conditionally available self-test functions were moved to self-test.h. ** libgnutls: Fixed issue with the check of incoming data when two different recv and send pointers have been specified. Reported and investigated by JMRecio. ** libgnutls: Fixed issue in the RSA-PSK key exchange, which would result to illegal memory access if a server hint was provided. Reported by André Klitzing. ** libgnutls: Fixed client memory leak in the PSK key exchange, if a server hint was provided. ** libgnutls: Corrected the *get_*_othername_oid() functions. ** API and ABI modifications: No changes since last version. * Version 3.3.0 (released 2014-04-10) ** libgnutls: The initialization of the library was moved to a constructor. That is, gnutls_global_init() is no longer required unless linking with a static library or a system that does not support library constructors. ** libgnutls: static libraries are not built by default. ** libgnutls: PKCS #11 initialization is delayed to first usage. That avoids long delays in gnutls initialization due to broken PKCS #11 modules. ** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" on the first PKCS #11 API call after a fork. ** libgnutls: certificate verification profiles were introduced that can be specified as flags to verification functions. They are enumerations in gnutls_certificate_verification_profiles_t and can be converted to flags for use in a verification function using GNUTLS_PROFILE_TO_VFLAGS(). ** libgnutls: Added the ability to read system-specific initial keywords, if they are prefixed with '@'. That allows a compile-time specified configuration file to be used to read pre-configured priority strings from. That can be used to impose system specific policies. ** libgnutls: Increased the default security level of priority strings (NORMAL and PFS strings require at minimum a 1008 DH prime), and set a verification profile by default. The LEGACY keyword is introduced to set the old defaults. ** libgnutls: Added support for the name constraints PKIX extension. Currently only DNS names and e-mails are supported (no URIs, IPs or DNs). ** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. ** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. This API handles the X.509 extensions in isolation, allowing to parse similarly formatted extensions stored in other structures. ** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS can be used to specify a particular subgroup as the number of bits in gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). ** libgnutls: DH parameter generation is now delegated to nettle. That unfortunately has the side-effect that DH parameters longer than 3072 bits, cannot be generated (not without a nettle update). ** libgnutls: Separated nonce RNG from the main RNG. The nonce random number generator is based on salsa20/12. ** libgnutls: The buffer alignment provided to crypto backend is enforced to be 16-byte aligned, when compiled with cryptodev support. That allows certain cryptodev drivers to operate more efficiently. ** libgnutls: Return error when a public/private key pair that doesn't match is set into a credentials structure. ** libgnutls: Depend on p11-kit 0.20.0 or later. ** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has been removed. It was not approved by IETF. ** libgnutls: The experimental xssl library is removed from the gnutls distribution. ** libgnutls: Reduced the number of gnulib modules used in the main library. ** libgnutls: Added priority string %DISABLE_WILDCARDS. ** libgnutls: Added the more extensible verification function gnutls_certificate_verify_peers(), that allows checking, in addition to a peer's DNS hostname, for the key purpose of the end certificate (via PKIX extended key usage). ** certtool: Timestamps for serial numbers were increased to 8 bytes, and in batch mode to 12 (appended with 4 random bytes). ** certtool: When no CRL number is provided (or value set to -1), then a time-based number will be used, similarly to the serial generation number in certificates. ** certtool: Print the SHA256 fingerprint of a certificate in addition to SHA1. ** libgnutls: Added --enable-fips140-mode configuration option (unsupported). That option enables (when running on FIPS140-enabled system): o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. o Self-tests on initialization on ciphers/MACs, public key algorithms and the random generator. o HMAC-SHA256 verification of the library on load. o MD5 is included for TLS purposes but cannot be used by the high level hashing functions. o All ciphers except AES are disabled. o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). o All keys (temporal and long term) are zeroized after use. o Security levels are adjusted to the FIPS140-2 recommendations (rather than ECRYPT). ** API and ABI modifications: GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added gnutls_certificate_verify_peers: Added gnutls_privkey_generate: Added gnutls_pkcs11_crt_is_known: Added gnutls_fips140_mode_enabled: Added gnutls_sec_param_to_symmetric_bits: Added gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) gnutls_pubkey_verify_params: Added gnutls_privkey_export_ecc_raw: Added gnutls_privkey_export_dsa_raw: Added gnutls_privkey_export_rsa_raw: Added gnutls_privkey_import_ecc_raw: Added gnutls_privkey_import_dsa_raw: Added gnutls_privkey_import_rsa_raw: Added gnutls_privkey_verify_params: Added gnutls_x509_crt_check_hostname2: Added gnutls_openpgp_crt_check_hostname2: Added gnutls_x509_name_constraints_init: Added gnutls_x509_name_constraints_deinit: Added gnutls_x509_crt_get_name_constraints: Added gnutls_x509_name_constraints_add_permitted: Added gnutls_x509_name_constraints_add_excluded: Added gnutls_x509_crt_set_name_constraints: Added gnutls_x509_name_constraints_get_permitted: Added gnutls_x509_name_constraints_get_excluded: Added gnutls_x509_name_constraints_check: Added gnutls_x509_name_constraints_check_crt: Added gnutls_x509_crl_get_extension_data2: Added gnutls_x509_crt_get_extension_data2: Added gnutls_x509_crq_get_extension_data2: Added gnutls_subject_alt_names_init: Added gnutls_subject_alt_names_deinit: Added gnutls_subject_alt_names_get: Added gnutls_subject_alt_names_set: Added gnutls_x509_ext_import_subject_alt_names: Added gnutls_x509_ext_export_subject_alt_names: Added gnutls_x509_crl_dist_points_init: Added gnutls_x509_crl_dist_points_deinit: Added gnutls_x509_crl_dist_points_get: Added gnutls_x509_crl_dist_points_set: Added gnutls_x509_ext_import_crl_dist_points: Added gnutls_x509_ext_export_crl_dist_points: Added gnutls_x509_ext_import_name_constraints: Added gnutls_x509_ext_export_name_constraints: Added gnutls_x509_aia_init: Added gnutls_x509_aia_deinit: Added gnutls_x509_aia_get: Added gnutls_x509_aia_set: Added gnutls_x509_ext_import_aia: Added gnutls_x509_ext_export_aia: Added gnutls_x509_ext_import_subject_key_id: Added gnutls_x509_ext_export_subject_key_id: Added gnutls_x509_ext_export_authority_key_id: Added gnutls_x509_ext_import_authority_key_id: Added gnutls_x509_aki_init: Added gnutls_x509_aki_get_id: Added gnutls_x509_aki_get_cert_issuer: Added gnutls_x509_aki_set_id: Added gnutls_x509_aki_set_cert_issuer: Added gnutls_x509_aki_deinit: Added gnutls_x509_ext_import_private_key_usage_period: Added gnutls_x509_ext_export_private_key_usage_period: Added gnutls_x509_ext_import_basic_constraints: Added gnutls_x509_ext_export_basic_constraints: Added gnutls_x509_ext_import_key_usage: Added gnutls_x509_ext_export_key_usage: Added gnutls_x509_ext_import_proxy: Added gnutls_x509_ext_export_proxy: Added gnutls_x509_policies_init: Added gnutls_x509_policies_deinit: Added gnutls_x509_policies_get: Added gnutls_x509_policies_set: Added gnutls_x509_ext_import_policies: Added gnutls_x509_ext_export_policies: Added gnutls_x509_key_purpose_init: Added gnutls_x509_key_purpose_deinit: Added gnutls_x509_key_purpose_set: Added gnutls_x509_key_purpose_get: Added gnutls_x509_ext_import_key_purposes: Added gnutls_x509_ext_export_key_purposes: Added gnutls_digest_self_test: Added (conditionally) gnutls_mac_self_test: Added (conditionally) gnutls_pk_self_test: Added (conditionally) gnutls_cipher_self_test: Added (conditionally) gnutls_global_set_mem_functions: Deprecated

Changes from Ant 1.9.4 TO Ant 1.9.5 =================================== Changes that could break older environments: ------------------------------------------- * The ReplaceTokens filter can now use token-separators longer than one character. This means it can be used to replace mustache-style {{patterns}} and similar templates. This is going to break code that invokes the setters on ReplaceTokens via the Java API as their parameters have been changed from char to String. It may also break build files that specified multi character tokens and relied on Ant silently ignoring all but the first character. Bugzilla Report 56584 * The changes that added <get>'s support for gzip encoding automatically uncompressed content that would not have been touched before - like when downloading .tar.gz files. A new flag has been added to control the behavior and its default will make <get> work as it did in 1.9.3. I.e. if you want it to work like 1.9.4 you have to explicitly set tryGzipEncoding to true. Bugzilla Report 57048 Fixed bugs: ----------- * TarArchiveInputStream failed to read archives with empty gid/uid fields. Bugzilla Report 56641 * TarArchiveInputStream could throw IOException when reading PAX headers from a "slow" InputStream. * XMLJunitResultFormatter could throw NullPointerException if Java cannot determine the local hostname. Bugzilla Report 56593 * URLResource#getLastModified tried to access the connection to the URL without making sure it was established, potentially leading to a NullPointerException when using FTP. Bugzilla Report 56873 * Long-Name and -link or PAX-header entries in TAR archives always had the current time as last modfication time, creating archives that are different at the byte level each time an archive was built. * runant.py should now work as well when the path of the Java executable contains spaces. github pull request #1 * <junitreport> now supports nested <classpath> and <factory> elements. Bugzilla Report 47002 * complete-ant-cmd.pl now also knows about the -file option. Bugzilla Report 57371 * the br-replace template inside the XSLT stylesheets used by <junitreport> could cause stack overflows or out-of-memory errors when applied to big outputs. Bugzilla Report 57341 * removed spurious warning about unclosed ZipFiles when reading the archive failed. Port of https://issues.apache.org/jira/browse/COMPRESS-297 * FileUtils.rename which is used by several tasks can throw a NullPointerException if the "normal" renameTo operation fails and an exception occurs while rename falls back to copying and deleting the file. Bugzilla Report 57533 * complete-ant-cmd.pl would incorrectly suggest words from the build file description. Bugzilla Report 51931 * complete-ant-cmd.pl now also completes tasks without a description. Bugzilla Report 57542 * LocalPropertyStack could run into ConcurrentModificationException when tasks spawned new child threads that accessed the properties. Bugzilla Report 55074 * TarEntry's constructor with a File and a String arg didn't normalize the name. * Between 1.8.4 and 1.9.0 TarInputStream started to parse file names using the platform's default encoding rather than as ASCII. This has been a breaking change that has never been marked as such (in fact it went unnoticed). In order to allow <untar> and <tarfileset> to work on platforms who's encoding doesn't match the encoding of file names inside the archive, both now support encoding attributes. The attribute has also been added to <tar> for symmetry. Bugzilla Report 57822 Other changes: -------------- * it is now possible to provide proxy configuration to signjar when using the timestamped authority. Bugzilla Report 56678 * complete-ant-cmd.pl now also analyzes the ANT_ARGS environment variable. Bugzilla Report 57371 * ported some of the write-optimization of Commons Compress 1.10 to the ZIP package * adapted unit tests to Java9 and added "javac1.9" as valid option for javac's compiler attribute. * performance improvements for <intersect> Bugzilla Report 57588 * MailLogger can now add CC and BCC addresses. Bugzilla Report 57789. * <scp>'s buffer size has been increased from 1k to 100k to match <ftp> and <get>. github pull requests #8 and #9 * The tar package can now deal with group and user ids bigger than 0x80000000. https://issues.apache.org/jira/browse/COMPRESS-314 https://issues.apache.org/jira/browse/COMPRESS-315 * <scp> has new attributes fileMode and dirMode that control the permissions on the remote side when sending data via SSH. Bugzilla Report 43271. * New <allbutlast> and <allbutfirst> resource collections can be used to select all but a given subset of a resource collection. Bugzilla Report 57834.

2.0.2 ----- * #22: Fix improper commas in request headers in wsgi_environ (https://bitbucket.org/ianb/paste/pull-request/22/fix-improper-commas-in-request-headers-in) Fixes issue #4 ("WSGI environ totally borked") (https://bitbucket.org/ianb/paste/issue/4/wsgi-environ-totally-borked) * #24: test_wsgirequest_charset: Use UTF-8 instead of iso-8859-1 (https://bitbucket.org/ianb/paste/pull-request/24/test_wsgirequest_charset-use-utf-8-instead) Fixes issue #7 ("Python 3 test failure") (https://bitbucket.org/ianb/paste/issue/7/python-3-test-failure) * #23: Replace cgi.parse_qsl w/ six.moves.urllib.parse.parse_qsl (https://bitbucket.org/ianb/paste/pull-request/23/replace-cgiparse_qsl-w) Fixes issue #8 ("cgi.parse_qsl is pending deprecation") (https://bitbucket.org/ianb/paste/issue/8/cgiparse_qsl-is-pending-deprecation) * #20: Escape CGI environment variables in HTTP 404 responses (https://bitbucket.org/ianb/paste/pull-request/20/escape-cgi-environment-variables-in-http) * #6: Add HTTP exception for new code 429 "Too Many Requests" (https://bitbucket.org/ianb/paste/pull-request/6/add-http-exception-for-new-code-429-too) * #25: replace ``has_key`` method to ``in`` operator #9 (https://bitbucket.org/ianb/paste/pull-request/25/replace-has_key-method-to-in-operator-9) Fixes #9 ("used methods removed from py3") (https://bitbucket.org/ianb/paste/issue/9/used-methods-removed-from-py3) * #5: Invalid error message when the socket is already in use (https://bitbucket.org/ianb/paste/issue/5/invalid-error-message-when-the-socket-is) 2.0.1 ----- * Fix setup.py for six dependency: move the six dependency from extras_require to install_requires. * Port paste.proxy to Python 3. * Fix paste.exceptions.serial_number_generator.hash_identifier() on Python 3. * Fix paste.util.threadedprint.uninstall(). Rename duplicated uninstall() function to uninstall_stdin() and fix typo in variable name (_oldstin => _oldstdin). * Add README.rst file. 2.0 --- * Experimental Python 3 support. * paste now requires the six module. * Drop support of Python 2.5 and older. * Fixed ``egg:Paste#cgi`` * In ``paste.httpserver``: give a 100 Continue response even when the server has been configured as an HTTP/1.0 server (clients may send ``Expect: 100-Continue`` before they know the version), and wrap 100 Continue ``environ['wsgi.input']`` files with LimitedLengthFile just like normal request bodies are wrapped, keeping WSGI applications from over-reading from the socket. * Fixed parsing of paths beginning with multiple forward slashes. * Add tox.ini to run tests with tox on Python 2.6, 2.7 and 3.4.

* Fixed build option * Fixed quotes for auto-build feature of the package. * Added "multido" option. * Fixes/improvements for output convert filename for the 'multi' option. * Changed \IfFileExists test for \if..tex macros to support 'htlatex'. * Issue #12: Fixed info message for mode=buildnew if generated file is already newer than source file. * Issue #8: Updated description of mode=buildnew to state that it doesn't work with XeLaTeX.

New: Support Literal IPv6 Addresses in the Database Connection URL. Ref. RFC2732 New: Honour timezone information if provided with date-time column values in Result Sets Fixed: Issue #7 Removed onstop handler Fixed: #8 Do not remove trailing SQL termination charachter ';' from statement

Upstream changes: 1.27 2016-01-14 10:50:00 MANWAR - Added LICENSE file. 1.26 2016-01-03 00:45:00 MANWAR - Merged GitHub Pull Request #9 from ESERTE. 1.25 2016-01-02 01:05:00 MANWAR - Merged GitHub Pull Request #8 from TAISNIF. 1.24 2015-12-14 11:35:00 MANWAR - Documented method version(). - Added check for version number. - Added unit test for method version(). 1.23 2015-12-05 12:40:00 MANWAR - Added parameter validation check for method new_outline().

------------------ 0.16 2015-09-22T00:17:07Z - Added new abstract class, URI::_odbc, for URIs that use ODBC in `dbi_dsn`. - The `dbi_dsn` method of URI::mssql now returns an ODBC DSN instead of DBD::Sybase, since the latter would require Sybase to build. - URI::sqlserver now inherits from URI::mssql rather than the other way around. - Fixed a bug where a URI with three slashes but no authority part after the first two would incorrectly think the databse name should be an absolute path. That is, in "db:sqlite:///foo.db", the `dbname` value is "foo.db", not "/foo.db". Thanks to Dan Book for the report (issue #8).

0.9.3 ----- * Merge pull request #8 from lnielsen/lazydomainfix Fix lazy gettext problem with domain evaluation

1.23 2016-03-26 - Fixed some Perl stack corruption bugs. Based on a proposed PR from Tony Cook plus some additional changes. GH #8. - Fixed tests with Carp 1.01 (shipped with Perl 5.8.3). Patch by Andreas Koenig. RT #113318.

----------------------------------------- 2.01 2016-03-02 - Fixed the frames method when it is called with arguments. Previously this did not work if it was called before the method was called as a reader. Fixed by Mark Fowler. PR #8.

------------------------------------- 0.14 2016-05-29 - a couple minor optimizations (dolmen, #8)

@ambs

Upstream changes: 3.093 2016-03-25 12:16:08-04:00 America/New_York - lin.kz no longer exists, so WWW::Shorten::Linkz is deprecated - added deprecation/removal notices in accordance with issue #8 - Folded ::Qurl into the deprecated modules - Folded ::Qwer into the deprecated modules - Temporarily hault live testing against TinyURL with ugly hack - Bump Perl requirement to 5.8.1 3.092 2016-03-20 - Clear note about how to contribute other shorten services. Thanks, @ambs - Updated shorten CLI app to add a lengthen option. #9 - Pared down the requirements - re-release with GNU tar 3.091 2016-03-17 - Fixed typo on ::_dead (Thanks, @neilb) - Add synopsis to ::_dead - Cleaned up contributors, alphabetized - Cleaned up the copyright and license confusion 3.090 2016-03-16 - changed to Dist::Zilla - added author tests - Cleaned up documentation - Cleaned up Changes file - added deprecation notices - Cleaned up the Readme.md quite a bit

Upstream changes: 0.16012 2016-07-19T21:37:31Z - Parsing invalid intervals with no amount and units only should have resulted in exceptions, but did not. Reported by Henrik Pauli (ssue #8) - Internal cleanup

@keyword1

* Version 3.5.4 (released 2016-09-08) ** libgnutls: Corrected the comparison of the serial size in OCSP response. Previously the OCSP certificate check wouldn't verify the serial length and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). Reported by Stefan Buehler. ** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop. ** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0. ** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0. ** libgnutls: Added support for internationalized passwords in PKCS#12 files. Previous versions would only encrypt or decrypt using passwords from the ASCII set. ** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA keys. The signature is now written as unsigned integers into the DSASignatureValue structure. Previously signed integers could be written depending on what the underlying module would produce. Addresses #122. ** gnutls-cli: Fixed starttls regression from 3.5.3. ** API and ABI modifications: GNUTLS_E_MALFORMED_CIDR: Added gnutls_x509_cidr_to_rfc5280: Added gnutls_oid_to_mac: Added * Version 3.5.3 (released 2016-08-09) ** libgnutls: Added support for TCP fast open (RFC7413), allowing to reduce by one round-trip the handshake process. Based on proposal and patch by Tim Ruehsen. ** libgnutls: Adopted a simpler with less memory requirements DTLS sliding window implementation. Based on Fridolin Pokorny's implementation for AF_KTLS. ** libgnutls: Use getrandom where available via the syscall interface. This works around an issue of not-using getrandom even if it exists since glibc doesn't declare such function. ** libgnutls: Fixed DNS name constraints checking in the case of empty intersection of domain names in the chain. Report and fix by Martin Ukrop. ** libgnutls: Fixed name constraints checking in the case of chains where the higher level certificates contained different types of constraints than the ones present in the lower intermediate CAs. Report and fix by Martin Ukrop. ** libgnutls: Dropped support for the EGD random generator. ** libgnutls: Allow the decoding of raw elements (starting with #) in RFC4514 DN string decoding. ** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ignoring flags if all certificates in the list fit within the initially allocated memory. Patch by Tim Kosse. ** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() to return invalid pointers when returned more than a single certificate. Report and fix by Stefan Sørensen. ** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain, even when the extra_certs was non-null. Report and fix by Stefan Sørensen. ** certtool: Added the "add_extension" and "add_critical_extension" template options. This allows specifying arbitrary extensions into certificates and certificate requests. ** gnutls-cli: Added the --fastopen option. ** API and ABI modifications: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added gnutls_x509_crq_set_extension_by_oid: Added gnutls_x509_dn_set_str: Added gnutls_transport_set_fastopen: Added * Version 3.5.2 (released 2016-07-06) ** libgnutls: Address issue when utilizing the p11-kit trust store for certificate verification (GNUTLS-SA-2016-2). ** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by Guillaume Roguez. ** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects from SafeNet Network HSM. Reported by Anthony Alba in #108. ** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report and fix by Stanislav Židek. ** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE instructions. Uses Andy Polyakov's assembly code. ** API and ABI modifications: No changes since last version. * Version 3.5.1 (released 2016-06-14) ** libgnutls: The SSL 3.0 protocol support can completely be removed using a compile time option. The configure option is --disable-ssl3-support. ** libgnutls: The SSL 2.0 client hello support can completely be removed using a compile time option. The configure option is --disable-ssl2-support. ** libgnutls: Added support for OCSP Must staple PKIX extension. That is, implemented the RFC7633 TLSFeature for OCSP status request extension. Feature implemented by Tim Kosse. ** libgnutls: More strict OCSP staple verification. That is, no longer ignore invalid or too old OCSP staples. The previous behavior was to rely on application use gnutls_ocsp_status_request_is_checked(), while the new behavior is to include OCSP verification by default and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error. ** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This improves interoperability with several old intermediate CA certificates carrying these legacy OIDs. ** libgnutls: Re-read the system wide priority file when needed. Patch by Daniel P. Berrange. ** libgnutls: Allow for fallback in system-specific initial keywords (prefixed with '@'). That allows to specify a keyword such as "@keyword1,KEYWORD2" which will use the first available of these two keywords. Patch by Daniel P. Berrange. ** libgnutls: The SSLKEYLOGFILE environment variable can be used to log session keys. These session keys are compatible with the NSS Key Log Format and can be used to decrypt the session for debugging using wireshark. ** API and ABI modifications: GNUTLS_CERT_INVALID_OCSP_STATUS: Added gnutls_x509_crt_set_crq_extension_by_oid: Added gnutls_x509_ext_import_tlsfeatures: Added gnutls_x509_ext_export_tlsfeatures: Added gnutls_x509_tlsfeatures_add: Added gnutls_x509_tlsfeatures_init: Added gnutls_x509_tlsfeatures_deinit: Added gnutls_x509_tlsfeatures_get: Added gnutls_x509_crt_get_tlsfeatures: Added gnutls_x509_crt_set_tlsfeatures: Added gnutls_x509_crq_get_tlsfeatures: Added gnutls_x509_crq_set_tlsfeatures: Added gnutls_ext_get_name: Added * Version 3.5.0 (released 2016-05-09) ** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA, based on http://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html ** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07). This curve is disabled by default as it is still on specification status. It can be enabled using the priority string modifier +CURVE-X25519. ** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01) by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73). ** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable RSA and DSA parameter generation from a seed. ** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This cipher is prioritized after AES-GCM. ** libgnutls: On a rehandshake ensure that the certificate of the peer or its username remains the same as in previous handshakes. That is to protect applications which do not check user credentials on rehandshakes. The threat to address depends on the application protocol. Primarily it protects against applications which authenticate the peer initially and perform accounting using the session's information, from being misled by a rehandshake which switches the peer's identity. Applications can disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in gnutls_init(). ** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate parsing errors in the extensions field and treat it as a typical Hello message structure. Reported by Hubert Kario (#40). ** libgnutls: Old and unsupported version numbers in client hellos are rejected with a "protocol_version" alert message. Reported by Hubert Kario (#42). ** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*() functions, only on non-resumed sessions. This brings the API in par with its usage (#79). ** libgnutls: Follow RFC5280 strictly in name constraints computation. The permitted subtrees is intersected with any previous values. Report and patch by Daiki Ueno. ** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on session resumption. Reported by Hubert Kario (#69). ** libgnutls: Consider the max-record TLS extension even when under DTLS. Reported by Peter Dettman (#61). ** libgnutls: Replaced writev() system call with sendmsg(). ** libgnutls: Replaced select() system call with poll() on POSIX systems. ** libgnutls: Preload the system priority file on library load. This allows applications that chroot() to also use the system priorities. ** libgnutls: Applications are allowed to override the built-in key and certificate URLs. ** libgnutls: The gnutls.h header marks constant and pure functions explictly. ** certtool: Added the ability to sign certificates using SHA3. ** certtool: Added the --provable and --verify-allow-broken options. ** gnutls-cli: The --dane option will cause verification failure if gnutls is not compiled with DANE support. ** crywrap: The tool was unbundled from gnutls' distribution. It can be found at https://github.com/nmav/crywrap ** guile: .go files are now built and installed ** guile: Fix compatibility issue of the test suite with Guile 2.1 ** guile: When --with-guile-site-dir is passed, modules are installed in a versioned directory, typically $(datadir)/guile/site/2.0 ** guile: Tests no longer leave zombie processes behind ** API and ABI modifications: GNUTLS_FORCE_CLIENT_CERT: Added GNUTLS_ENABLE_FALSE_START: Added GNUTLS_INDEFINITE_TIMEOUT: Added GNUTLS_ALPN_SERVER_PRECEDENCE: Added GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added gnutls_check_version_numeric: Added gnutls_x509_crt_equals: Added gnutls_x509_crt_equals2: Added gnutls_x509_crt_set_subject_alt_othername: Added gnutls_x509_crt_set_issuer_alt_othername: Added gnutls_x509_crt_get_signature_oid: Added gnutls_x509_crt_get_pk_oid: Added gnutls_x509_crq_set_subject_alt_othername: Added gnutls_x509_crq_get_pk_oid: Added gnutls_x509_crq_get_signature_oid: Added gnutls_x509_crl_get_signature_oid: Added gnutls_x509_privkey_generate2: Added gnutls_x509_privkey_get_seed: Added gnutls_x509_privkey_verify_seed: Added gnutls_privkey_generate2: Added gnutls_privkey_get_seed: Added gnutls_privkey_verify_seed: Added gnutls_decode_ber_digest_info: Added gnutls_encode_ber_digest_info: Added gnutls_dh_params_import_dsa: Added gnutls_session_get_master_secret: Added * Version 3.4.3 (released 2015-07-12) ** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for dates prior to 2050. ** libgnutls: Force 16-byte alignment to all input to ciphers (previously it was done only when cryptodev was enabled). ** libgnutls: Removed support for pthread_atfork() as it has undefined semantics when used with dlopen(), and may lead to a crash. ** libgnutls: corrected failure when importing plain files with gnutls_x509_privkey_import2(), and a password was provided. ** libgnutls: Don't reject certificates if a CA has the URI or IP address name constraints, and the end certificate doesn't have an IP address name or a URI set. ** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. ** p11tool: Added --list-token-urls option, and print the token module name in list-tokens. ** API and ABI modifications: gnutls_ecc_curve_get_oid: Added gnutls_digest_get_oid: Added gnutls_pk_get_oid: Added gnutls_sign_get_oid: Added gnutls_ecc_curve_get_id: Added gnutls_oid_to_digest: Added gnutls_oid_to_pk: Added gnutls_oid_to_sign: Added gnutls_oid_to_ecc_curve: Added gnutls_pkcs7_get_signature_count: Added * Version 3.4.2 (released 2015-06-16) ** libgnutls: DTLS blocking API is more robust against infinite blocking, and will notify of more possible timeouts. ** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported by Manuel Pegourie-Gonnard. ** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That allows to disable SIGPIPE for writes done within gnutls. ** libgnutls: Enhanced the PKCS #7 API to allow signing and verification of structures. API moved to gnutls/pkcs7.h header. ** certtool: Added options to generate PKCS #7 bundles and signed structures. ** API and ABI modifications: gnutls_x509_dn_get_str: Added gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added gnutls_x509_crt_verify_data2: Added gnutls_pkcs7_get_crt_raw2: Added gnutls_pkcs7_signature_info_deinit: Added gnutls_pkcs7_get_signature_info: Added gnutls_pkcs7_verify_direct: Added gnutls_pkcs7_verify: Added gnutls_pkcs7_get_crl_raw2: Added gnutls_pkcs7_sign: Added gnutls_pkcs7_attrs_deinit: Added gnutls_pkcs7_add_attr: Added gnutls_pkcs7_get_attr: Added gnutls_pkcs7_print: Added * Version 3.4.1 (released 2015-05-03) ** libgnutls: gnutls_certificate_get_ours: will return the certificate even if a callback was used to send it. ** libgnutls: Check for invalid length in the X.509 version field. Without the check certificates with invalid length would be detected as having an arbitrary version. Reported by Hanno Böck. ** libgnutls: Handle DNS name constraints with a leading dot. Patch by Fotis Loukos. ** libgnutls: Updated system-keys support for windows to compile in more versions of mingw. Patch by Tim Kosse. ** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. ** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout by default. That caused issues with non-blocking programs. ** certtool: It can generate SHA256 key IDs. ** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. ** configure: re-enabled the --enable-local-libopts flag ** API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added * Version 3.4.0 (released 2015-04-08) ** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) ciphersuites. The former are enabled by default, the latter need to be explicitly enabled, since they reduce the overall security level. ** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there is no guarrantee of compatibility between draft versions. The ciphersuite priority string to enable it is "+CHACHA20-POLY1305". ** libgnutls: Added support for encrypt-then-authenticate in CBC ciphersuites (RFC7366 -taking into account its errata text). This is enabled by default and can be disabled using the %NO_ETM priority string. ** libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). ** libgnutls: SSL 3.0 is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+VERS-SSL3.0". ** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities list. It has to be explicitly enabled, e.g., with a string like "NORMAL:+ARCFOUR-128". ** libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The DSA ciphersuites were dropped because they had no deployment at all on the internet, to justify their inclusion. ** libgnutls: The priority string EXPORT was completely removed. The string was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. ** libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview and is restricted to windows CNG keys. ** libgnutls: gnutls_x509_crt_check_hostname() and friends will use RFC6125 comparison of hostnames. That introduces a dependency on libidn. ** libgnutls: Depend on p11-kit 0.23.1 to comply with the final PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). ** libgnutls: Depend on nettle 3.1. ** libgnutls: Use getrandom() or getentropy() when available. That avoids the complexity of file descriptor handling and issues with applications closing all open file descriptors on startup. ** libgnutls: Use pthread_atfork() to detect fork when available. ** libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. ** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in combination with PKCS #11, or TPM URLs, it will utilize the provided password as PIN if required. That removes the requirement for the application to set a callback for PINs in that case. ** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols only, and the VERS-ALL string is introduced to catch all possible protocols. ** libgnutls: Added helper functions to obtain information on PKCS #8 structures. ** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. ** libgnutls: Added functions to export and set the record state. That allows for gnutls_record_send() and recv() to be offloaded (to kernel, hardware or any other subsystem). ** libgnutls: Added the ability to register application specific URL types, which express certificates and keys using gnutls_register_custom_url(). ** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., to override AES-GCM using a system-specific accelerator. That is, (crypto.h) gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). ** libgnutls: Added gnutls_ext_register() to register custom extensions. Contributed by Thierry Quemerais. ** libgnutls: Added gnutls_supplemental_register() to register custom supplemental data handshake messages. Contributed by Thierry Quemerais. ** libgnutls-openssl: it is no longer built by default. ** certtool: Added --p8-info option, which will print PKCS #8 information even if the password is not available. ** certtool: --key-info option will print PKCS #8 encryption information when available. ** certtool: Added the --key-id and --fingerprint options. ** certtool: Added the --verify-hostname, --verify-email and --verify-purpose options to be used in certificate chain verification, to simulate verification for specific hostname and key purpose (extended key usage). ** certtool: --p12-info option will print PKCS #12 MAC and cipher information when available. ** certtool: it will print the A-label (ACE) names in addition to UTF-8. ** p11tool: added options --set-id and --set-label. ** gnutls-cli: added options --priority-list and --save-cert. ** guile: Deprecated priority API has been removed. The old priority API, which had been deprecated for some time, is now gone; use 'set-session-priorities!' instead. ** guile: Remove RSA parameters and related procedures. This API had been deprecated. ** guile: Fix compilation on MinGW. Previously only the static version of the 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. ** API and ABI modifications: gnutls_record_get_state: Added gnutls_record_set_state: Added gnutls_aead_cipher_init: Added gnutls_aead_cipher_decrypt: Added gnutls_aead_cipher_encrypt: Added gnutls_aead_cipher_deinit: Added gnutls_pkcs12_generate_mac2: Added gnutls_pkcs12_mac_info: Added gnutls_pkcs12_bag_enc_info: Added gnutls_pkcs8_info: Added gnutls_pkcs_schema_get_name: Added gnutls_pkcs_schema_get_oid: Added gnutls_pcert_export_x509: Added gnutls_pcert_export_openpgp: Added gnutls_pcert_import_x509_list: Added gnutls_pkcs11_privkey_cpy: Added gnutls_x509_crq_get_signature_algorithm: Added gnutls_x509_trust_list_iter_get_ca: Added gnutls_x509_trust_list_iter_deinit: Added gnutls_x509_trust_list_get_issuer_by_dn: Added gnutls_pkcs11_get_raw_issuer_by_dn: Added gnutls_certificate_get_trust_list: Added gnutls_privkey_export_x509: Added gnutls_privkey_export_pkcs11: Added gnutls_privkey_export_openpgp: Added gnutls_privkey_import_ext3: Added gnutls_certificate_get_x509_key: Added gnutls_certificate_get_x509_crt: Added gnutls_certificate_get_openpgp_key: Added gnutls_certificate_get_openpgp_crt: Added gnutls_record_discard_queued: Added gnutls_session_ext_master_secret_status: Added gnutls_priority_string_list: Added gnutls_dh_params_import_raw2: Added gnutls_memset: Added gnutls_memcmp: Added gnutls_pkcs12_bag_set_privkey: Added gnutls_ocsp_resp_get_responder_raw_id: Added gnutls_system_key_iter_deinit: Added gnutls_system_key_iter_get_info: Added gnutls_system_key_delete: Added gnutls_system_key_add_x509: Added gnutls_system_recv_timeout: Added gnutls_register_custom_url: Added gnutls_pkcs11_obj_list_import_url3: Added gnutls_pkcs11_obj_list_import_url4: Added gnutls_pkcs11_obj_set_info: Added gnutls_crypto_register_cipher: Added gnutls_crypto_register_aead_cipher: Added gnutls_crypto_register_mac: Added gnutls_crypto_register_digest: Added gnutls_ext_register: Added gnutls_supplemental_register: Added gnutls_supplemental_recv: Added gnutls_supplemental_send: Added gnutls_openpgp_crt_check_email: Added gnutls_x509_crt_check_email: Added gnutls_handshake_set_hook_function: Modified gnutls_pkcs11_privkey_generate3: Added gnutls_pkcs11_copy_x509_crt2: Added gnutls_pkcs11_copy_x509_privkey2: Added gnutls_pkcs11_obj_list_import_url: Removed gnutls_pkcs11_obj_list_import_url2: Removed gnutls_certificate_client_set_retrieve_function: Removed gnutls_certificate_server_set_retrieve_function: Removed gnutls_certificate_set_rsa_export_params: Removed gnutls_certificate_type_set_priority: Removed gnutls_cipher_set_priority: Removed gnutls_compression_set_priority: Removed gnutls_kx_set_priority: Removed gnutls_mac_set_priority: Removed gnutls_protocol_set_priority: Removed gnutls_rsa_export_get_modulus_bits: Removed gnutls_rsa_export_get_pubkey: Removed gnutls_rsa_params_cpy: Removed gnutls_rsa_params_deinit: Removed gnutls_rsa_params_export_pkcs1: Removed gnutls_rsa_params_export_raw: Removed gnutls_rsa_params_generate2: Removed gnutls_rsa_params_import_pkcs1: Removed gnutls_rsa_params_import_raw: Removed gnutls_rsa_params_init: Removed gnutls_sign_callback_get: Removed gnutls_sign_callback_set: Removed gnutls_x509_crt_verify_data: Removed gnutls_x509_crt_verify_hash: Removed gnutls_pubkey_get_verify_algorithm: Removed gnutls_x509_crt_get_verify_algorithm: Removed gnutls_pubkey_verify_hash: Removed gnutls_pubkey_verify_data: Removed gnutls_record_set_max_empty_records: Removed guile: set-session-cipher-priority!: Removed set-session-mac-priority!: Removed set-session-compression-method-priority!: Removed set-session-kx-priority!: Removed set-session-protocol-priority!: Removed set-session-certificate-type-priority!: Removed set-session-default-priority!: Removed set-session-default-export-priority!: Removed make-rsa-parameters: Removed rsa-parameters?: Removed set-certificate-credentials-rsa-export-parameters!: Removed pkcs1-import-rsa-parameters: Removed pkcs1-export-rsa-parameters: Removed

Upstream changes: 0.07 2016-09-21T01:35:56Z - Allow quoted cookie values, as per RFC 6265. #8

## 1.1.0 / 2016-06-28 ### Minor Enhancements * Support jruby (#8) ## 1.0.0 / 2016-04-28 ### Major enhancements - Merge Simple::ANSI and Colorator. (#7) ### Minor Enhancements - Delete unnecessary `Symbol#to_sym` (#2) - Change argument name of `Enumerator#each` for better code legibility (#3) ### Development Fixes - Convert to new RSpec expectation syntax (#1) - Fix `String#blue` result in README (#4)

* Moved the "ping?" and "pingecho" aliases to the `Ping` superclass. * Fix issue #8 (the specification for net-ping-2.0.0 has corupped).

Upstream changes: 0.07046 2016-09-05 - Introspect view definitions for PostgreSQL, MySQL, Oracle, Firebird, and InterBase. - When a file's md5sum was wrong but no other content in the file had changed, it would not be rewritten even when overwrite_modifications was true. Fixed by Dave Rolsky. GH TritonDataCenter#8.

0.21 2016-12-06 - Switched to using GitHub issues. 0.20 2016-12-05 - The keys for parameter specifications are now validated. If an unknown key is seen then an exception will be thrown. This will help you catch typos in your parameter specification. Implemented by Greg Oschwald. PR #8.

-------------------------------------- 0.28 2016-11-27 - Follow the current mime-apps-spec (fixes #8, #20) The current version of the mime-apps spec locates the per-user defaults file in `$XDG_CONFIG_HOME/mimeapps.list`. Use that location, and fall back to the per-system and distribution defaults as specified, with the previous legacy defaults file as a final fallback. Fix by Patrick Burroughs (Celti)

1.42 2017-01-04 - Generated exception classes are now added to %INC. If you subclass a generated class with "use base" then base.pm will no longer attempt to load the requested class. Patch by Todd Rinaldo. PR #8.

1.40: 2016-09-07 Add warnings about stock CVS vs. the MirOS patched version. 1.39: 2016-09-06 Fix GitLab issue #8: Exporting with commitids does not coalesce changesets. 1.38: 2016-02-28 All Python code in the suite is 2 & 3 polyglot and 8-bit clean. 1.37: 2016-01-29 New -c option for when you can't trust commit-IDs. Port patch for Sun systems. 1.36: 2015-12-22 Avoid a core dump in another pathological case. 1.35: 2015-11-23 Properly handle CVS masters with nonempty access lists. Bail out gracefully on pathological masters with no revisions. 1.34: 2015-09-25 Another Python compatibility fix. Fix inconsistent license header in revdir.c.

0.36 2017-02-19 - Inlined coercions would attempt to coerce for every type which matched the value given, instead of stopping after the first type. Fixed by Graham Knop (GH #11). - Inlined coercions did not include the inline environment variables needed by the type from which the coercion was being performed. Fixed by Graham Knop (GH #8). - When you use the same type repeatedly as coderef (for example, as a constraint with Moo), it will only generated its subified form once, rather than regenerating it each time it is de-referenced. - Added an API to Specio::Subs to allow you to combine type libraries and helper subs in one package for exporting. See the Specio::Exporter docs for more details.

Add test target. Changes in version 0.21 *********************** Released on October 23rd, 2014. * Restored the atf(7) manual page to serve as a reference to all the other manual pages shipped by ATF. * Added the -s flag to atf-sh to support specifying the shell interpreter to be used. * Removed ATF_WORKDIR. The only remaining consumers have been converted to use the standard TMPDIR environment variable. As a benefit, and because Kyua forces the TMPDIR to live within the test case's work directory, any stale files left behind by ATF will be automatically cleaned up. * Documented the environment variables recognized by each component in the relevant manual pages. This information was lost with the atf-config(1) removal. * Added a new "require.diskspace" metadata property to test cases so that they can specify the minimum amount of disk space required for the test to run. * Renamed the atf-{c,c++,sh}-api(3) manual pages to atf-{c,c++,sh}(3) for discoverability purposes. Symbolic links are provided for the time being to still make the old names visible. * Issue #5: Recommend the (expected, actual) idiom for calls to the test macros in the manual pages. * Issue #7: Stopped catching unhandled exceptions in atf-c++ tests. This propagates the crash to the caller, which in turn allows it to obtain proper debugging information. In particular, Kyua should now be able to extract a stacktrace pinpointing the problem. * Issue #8: Fixed atf-c/macros_test:use test failures spotted by the clang that ships with FreeBSD 11.0-CURRENT. * Issue #12: Improved documentation of atf-sh(3) and atf-check(1) by better explaining how they relate to each other. * Issue #14: Stopped setting 'set -e' in atf-sh. This setting was initially added as a way to enable a "strict" mode in the library and to make test cases fail fast when they run unprotected commands. However, doing so in the library is surprising as the responsibility of enabling 'set -e' should be on the user's code. Also, 'set -e' introduces inconsistent behavior on subshells and users do not expect that. * Issue #15: Fixed atf_utils_{fork,wait} to support nested calls. * Issue #16: Fixed test failures (by removing a long-standing hack) on systems that lack \e support in printf(1). * Issue #19: Removed stale references to atf-config and atf-run.

Release date: 2017-03-08 14:32 UTC Changelog: * Set minimum PHP version to 5.4.0 * Set minimum PEAR version to 1.10.1 * Bug #18262: Incomplete buffer sent with fwrite after bugfix #14619 * Bug #20113: package.xml does not validate * Bug #21031: Warning on connection error(stream_socket_client) * PR #7: Fix for "Maximum execution time of 30 seconds exceeded" error * PR #8: Make PHP5 compatible

1.7.1 (2016-08-12) * Allow applications to query if they've got loggers #18 (thommay) 1.7.0 (2016-08-04) * test with updated ruby versions and run cucumber #16 (thommay) * Add dev dependency on chefstyle #15 (tas50) * Misc cleanup + add Travis #14 (tas50) * File log devices opened by mixlib-log should be closed. #13 (mhorbul) * Include the license type in the .gemspec #9 (benders) * MIXLIB-10: don't be so pessimistic about development libraries #8 (jkeiser) Fixed bugs: * Ensure that arguments to Mixlib::Log#add are passed as is to all loggers #7 (ketan) * Fixing RDoc formatting of README.rdoc. #4 (ampledata)

ghost closed this as completed Mar 6, 2013

jperkin pushed a commit that referenced this issue Sep 16, 2013

Update heel to 3.1.0.

ab08014

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

jperkin pushed a commit that referenced this issue Dec 9, 2013

Update ruby-rcairo to 1.10.2.

29029aa

Release 1.10.2 (2011-11-20) Kouhei Sutou <kou@cozmixng.org>) ============================================================ Fixes ----- * Added missing pkg-config dependency. #8 [Will Bryant]

jperkin pushed a commit that referenced this issue Dec 9, 2013

Update heel to 3.1.0.

4ff9c2d

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

jperkin pushed a commit that referenced this issue Jan 21, 2014

Update heel to 3.1.0.

7445435

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

jperkin pushed a commit that referenced this issue Mar 14, 2014

Update heel to 3.1.0.

2bf3365

# Changelog ## Version 3.1.0 - 2013-07-07 * Update dependencies * Switch to template contributed by brianflanagan [#8] * Add support for multiple independent heel servers [#9]

jperkin pushed a commit that referenced this issue Feb 11, 2016

Update py-flask-babelex to 0.9.3.

bc216a3

0.9.3 ----- * Merge pull request #8 from lnielsen/lazydomainfix Fix lazy gettext problem with domain evaluation

jperkin pushed a commit that referenced this issue Jun 7, 2016

Updated devel/p5-Eval-Closure to 0.14

e652104

------------------------------------- 0.14 2016-05-29 - a couple minor optimizations (dolmen, #8)

jperkin pushed a commit that referenced this issue Oct 5, 2016

Update to 0.07

de42b2f

Upstream changes: 0.07 2016-09-21T01:35:56Z - Allow quoted cookie values, as per RFC 6265. #8

jperkin pushed a commit that referenced this issue Oct 18, 2016

Update ruby-net-ping to 2.0.1.

c750ec1

* Moved the "ping?" and "pingecho" aliases to the `Ping` superclass. * Fix issue #8 (the specification for net-ping-2.0.0 has corupped).

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pkgsrc bash has problems with locale #8

pkgsrc bash has problems with locale #8

ghost commented Oct 23, 2012

jperkin commented Oct 23, 2012

pkgsrc bash has problems with locale #8

pkgsrc bash has problems with locale #8

Comments

ghost commented Oct 23, 2012

jperkin commented Oct 23, 2012