[DRE-commits] [ruby-httpclient] 15/18: Patch: Add upstream changelog
Hleb Valoshka
tsfgnu-guest at moszumanska.debian.org
Thu Aug 27 10:37:14 UTC 2015
This is an automated email from the git hooks/post-receive script.
tsfgnu-guest pushed a commit to branch master
in repository ruby-httpclient.
commit 16aa728d59c6c6102c4a952cb55ec268e1185bd8
Author: Hleb Valoshka <375gnu at gmail.com>
Date: Mon Aug 17 16:22:17 2015 +0300
Patch: Add upstream changelog
---
debian/patches/0004-Add-upstream-changelog.patch | 1082 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 1083 insertions(+)
diff --git a/debian/patches/0004-Add-upstream-changelog.patch b/debian/patches/0004-Add-upstream-changelog.patch
new file mode 100644
index 0000000..454b923
--- /dev/null
+++ b/debian/patches/0004-Add-upstream-changelog.patch
@@ -0,0 +1,1082 @@
+From: Hleb Valoshka <375gnu at gmail.com>
+Date: Mon, 17 Aug 2015 16:19:46 +0300
+Subject: Add upstream changelog
+
+---
+ CHANGELOG.md | 1067 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 1067 insertions(+)
+ create mode 100644 CHANGELOG.md
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+new file mode 100644
+index 0000000..c7a9fe7
+--- /dev/null
++++ b/CHANGELOG.md
+@@ -0,0 +1,1067 @@
++## Changes
++
++### Changes in 2.6.0
++
++This release includes internal CookieManager implementation change. It
++involves compatibility layer but for the case your library depends on internal
++implementation it also provides a way to restore the implementation. See below
++for more details.
++
++ * Changes
++
++ * feat: use http-cookie if available for better Cookies spec compliance.
++
++ Instead of WebAgent 0.6.2 that is not maintained over 10 years. To omit
++ maintaining that library use http-cookie for better spec compliance and
++ healthy development.
++
++ This introduces following incompatibility from existing cookies
++ implementation.
++
++ * Expired cookies are not saved. With the old implementation expired
++ cookies are saved in file and not be sent to the server. With the new
++ implementation the expired cookies are not saved to the file and not
++ be sent to the server.
++ * Cookie#domain returns dot-less domain for domain cookies. Instead,
++ Cookie#dot_domain returns with dot.
++
++ http-cookie is used by default if available but you can restore original
++ CookieManager behavior by loading 'httpclient/webagent-cookie' feature
++ before 'httpclient' like this;
++
++ ```ruby
++ require 'httpclient/webagent-cookie'
++ require 'httpclient'
++ ```
++
++ The new implementation dumps warnings to help you migrate to http-cookie.
++ Please follow the suggestion to avoid future compatibility.
++
++ ```ruby
++ e.g.
++ WebAgent::Cookie is deprecated and will be replaced with HTTP::Cookie in the near future. Please use Cookie#origin= instead of Cookie#url= for the replacement.
++ Cookie#domain returns dot-less domain name now. Use Cookie#dot_domain if you need "." at the beginning.
++ CookieManager#find is deprecated and will be removed in near future. Use HTTP::Cookie.cookie_value(CookieManager#cookies) instead
++ ```
++
++ * feat: Message#previous to get responses in negotiation
++
++ HTTP::Message#previous keeps previous response in negotiation. For
++ redirection, authorization negotiation and retry from custom filter.
++ Closes #234.
++
++ * feat: Add JSONClient
++
++ JSONClient auto-converts Hash <-> JSON in request and response.
++ * For POST or PUT request, convert Hash body to JSON String with
++ 'application/json; charset=utf-8' header.
++ * For response, convert JSON String to Hash when content-type is
++ '(application|text)/(x-)?json'
++
++ This commit include bin/jsonclient that works as same as bin/httpclient
++ not with HTTPClient but with JSONClient.
++
++ * feat: Add download command
++
++ ```
++ % httpclient download http://host/path > file
++ ```
++
++ * Bug fixes
++
++ * fix: duplicated query params by follow_redirect
++
++ When the original request has query and the server returns redirection
++ response with Location, HTTPClient wrongly adds query to the new URI. In
++ such case the Location header could include query part;
++
++ ```
++ e.g.
++ http://originalhost/api/call?limit=10
++ -> Location: http://otherhost/api/call?limit=10
++ ```
++
++ HTTPClient should just hit the new location '/api/call?limit=10' not
++ '/api/call?limit=10&limit=10'. Closes #236.
++
++ * fix: NTLM & Basic dual auth
++
++ When a server returns two or more WWW-Authenticate headers and the first
++ one is NTLM, say WWW-Authenticate: NTLM and WWW-Authenticate: Basic in
++ this order, HTTPClient sent Basic Authorization header after finishing
++ NTLM auth negotiation.
++
++ NTLM auth is a connection authentication scheme so HTTPClient deleted
++ the internal auth negotiation state so that NTLM authenticator does not
++ do anything after the negotiation has completed. In such case, for the
++ subsequent requests, NTLM authenticator does nothing but Basic
++ authenticator sends Basic Authorization header to the server that is
++ already negotiated via NTLM authenticator. This can cause authentication
++ failure.
++
++ This commit changes the internal state handling not to delete the state
++ but introduce :done state. NTLM authenticator returns :skip for the
++ request to the server that auth negotiation has completed. WWWAuth skips
++ other authenticator to avoid above issue. Closes #157.
++
++ * fix: transplant IO positions to new request in negotiation
++
++ In authorization negotiation HTTP::Message for request is generated for
++ each request, of course, but HTTPClient did not care the IO position
++ recorded in the previous requests in the subsequent requests. Closes #130.
++
++ * fix: avoid inconsistent Content-Length and actual body
++
++ If lengths of all posted arguments are known HTTPClient sends
++ 'Content-Length' as a sum length of all arguments. But the length of
++ actual body was wrong because it read as much as possible regardless of
++ what IO#size returned. So if the file is getting bigger while HTTPClient
++ is processing a request the request has inconsistent Content-Length and
++ body.
++
++ This bug is found, and the fix is proposed both by @Teshootub7. Thank
++ you very much for patient trouble shooting! Fixes #117.
++
++ * fix: KeepAliveDisconnected race condition
++
++ As details explained in #84, current HTTPClient's KeepAliveDisconnected
++ handling has a race condition bug that allows a client to have
++ invalidated connection two or more times. This could be a cause of #185.
++
++ To avoid this, make HTTPClient acquire new connection for retry of
++ KeepAliveDisconnected. Closes #84. Closes #185.
++
++### Changes in 2.5.3
++
++This release includes behavior changes of POST and PUT requests that has
++nil as a body. See changes below. Emtpty String as a body is not affected.
++
++ * Changes
++
++ * Update cacert. "Certificate data from Mozilla as of: Tue Oct 28 22:03:58 2014"
++ -> Reverted in 2.5.3.3 because it caused unexpected SSLError. See
++ https://github.com/nahi/httpclient/issues/230
++
++ * Allow no content POST and PUT.
++ Previously POST or PUT with :body => nil meant that 'POST or PUT with 0
++ length entity body'. But sometimes you need to POST or PUT actually no
++ content which should not have Content-Type nor Content-Length.
++ It could be incompatible change for user who POST/PUT-ed with empty body
++ but it should be rare, actually WEBrick cannot handle such 'no content'
++ POST and PUT. #128.
++
++ * Add default_header property.
++ :default_header is for providing default headers Hash that all HTTP
++ requests should have, such as custom 'Authorization' header in API. You
++ can override :default_header with :header Hash parameter in HTTP request
++ methods.
++
++ * raise if redirect res does not have Location header. #155.
++
++ * Bug fixes
++
++ * Avoid NPE by a cookie without domain=.
++ The root cause is still uncertain though. Closes #123
++
++ * Suppress verify_callback warning.
++ Because OpenSSL can try multiple certificate chains and some of it can
++ fail, and one of them succeeds. For that case warning is irrelevant.
++ Let it warn only in $DEBUG mode. #221.
++
++### Changes in 2.5.2
++
++Oct 29, 2014 - version 2.5.2
++
++ * Changes
++ * Add :force_basic_auth config - #166, #179, #181.
++ Generally HTTP client must send Authorization header after it gets 401
++ error from server from security reason. But in some situation (e.g.
++ API client) you might want to send Authorization from the beginning.
++ You can turn on/off force_basic_auth flag for sending Authorization
++ header from the beginning. (Of cource, if a request URI matches with
++ the URI you set in set_auth method)
++
++ Syntax:
++ ```ruby
++ HTTPClient.new(:force_basic_auth => true)
++ # or
++ c = HTTPClient.new
++ c.force_basic_auth = true
++ ```
++
++ * Add :base_url to HTTPClient configuration.
++ Passing path to get, post, etc. is recognized as a request to
++ :base_url + uri. If you pass full URL :base_url is ignored.
++
++ ```ruby
++ api = HTTPClient.new(:base_url => 'https://api.example.com/v1')
++ api.get("/users.json") # => Get https://api.example.com/v1/users.json
++ api.get("https://localhost/path") # => https://localhost/path
++ ```
++
++
++### Changes in 2.5.1
++
++Oct 19, 2014 - version 2.5.1
++
++ * Changes
++ * Allow to specify :query in POST, PUT, DELETE and OPTIONS requests.
++ Closes #83.
++ * Allow to specify :body in OPTIONS request. Closes #136.
++
++
++### Changes in 2.5.0
++
++Oct 17, 2014 - version 2.5.0
++
++**IMPORTANT CHANGES**
++
++This version changes (again) default SSL options to help
++BEAST/CRIME/POODLE Attack prevension.
++
++ * Disabled SSLv3 in favor of POODLE Attack prevention.
++ * Enabled 1/n-1 fragment in favor of BEAST Attack prevention.
++ * No TLS compression in favor of CRIME Attack prevention.
++
++You can restore the previous SSL configuration like this;
++
++```ruby
++client = HTTPClient.new
++client.ssl_config.ssl_version = :SSLv23
++client.ssl_config.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2
++```
++
++ * Changes
++ * Change default SSL options. See above.
++ * Keep cause error of KeepAliveDisconnected. It allows caller to
++ investigate the cause of KeepAliveDisconnected.
++
++
++### Changes in 2.4.0
++
++Jun 8, 2014 - version 2.4.0
++
++**IMPORTANT CHANGES**
++
++This version changes default SSL version to :auto (same as nil) to use SSL/TLS
++version negotiation. Former versions use SSLv3 as default that does not connect
++via TLS. This change makes underlying OpenSSL library decide which SSL/TLS
++version to use but SSLv2 is disabled.
++
++This change makes your secure connection safer but if you see SSL connection
++failure with this version try specifying SSL version to use SSLv3 like;
++```
++client = HTTPClient.new
++client.ssl_config.ssl_version = :SSLv3
++```
++
++ * Bug fixes
++ * Avoid unnecessary connection retries for OAuth error.
++ [#203](https://github.com/nahi/httpclient/issues/203)
++ * Make authentication drivers Thread-safe. Note that HTTPClient instance is
++ Thread-safe for authentication state update but it shares authentication
++ state across threads by design. If you don't want to share authentication
++ state, such as for using different authentication username/password pair
++ per thread, create HTTPClient instance for each Thread.
++ [#200](https://github.com/nahi/httpclient/issues/200)
++ * Avoid chunked String recycle in callback block.
++ [#193](https://github.com/nahi/httpclient/issues/193)
++ * Do not send empty 'oauth_token' in signed request for compatibility.
++ [#188](https://github.com/nahi/httpclient/issues/188)
++ * Ignore negative Content-Length header from server.
++ [#175](https://github.com/nahi/httpclient/issues/175)
++ * Fix incorrect use of absolute URL for HTTPS proxy requests.
++ [#168](https://github.com/nahi/httpclient/issues/168)
++ * Handle UTF characters in chunked bodies.
++ [#167](https://github.com/nahi/httpclient/issues/167)
++ * A new cookie never be accepted if an HTTPClient has the same expired cookie.
++ [#154](https://github.com/nahi/httpclient/issues/154)
++ * Allow spaces in NO_PROXY environment like; "hosta, hostb"
++ [#141](https://github.com/nahi/httpclient/issues/141)
++ * Avoid HttpClient::Message::Body#dump causes Encoding::CompatibilityError.
++ [#140](https://github.com/nahi/httpclient/issues/140)
++
++ * Changes
++ * Change default SSL version to :auto to use version negotiation.
++ [#186](https://github.com/nahi/httpclient/issues/186),
++ [#204](https://github.com/nahi/httpclient/issues/204)
++ * Allow to pass client private key passphrase in SSLConfig.
++ [#201](https://github.com/nahi/httpclient/issues/201)
++ * Convert README to markdown syntax
++ [#198](https://github.com/nahi/httpclient/issues/198)
++ * Update default CA certificates: change the source from JDK's to Firefox's.
++ The file is downloaded from
++ https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
++ (Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014)
++ [#195](https://github.com/nahi/httpclient/issues/195)
++ * Callback block can be defined as to get 2 arguments to retrieve the
++ response object.
++ [#194](https://github.com/nahi/httpclient/issues/194)
++ * Remove [] from given address for IPv6 compat.
++ [#176](https://github.com/nahi/httpclient/issues/176)
++ * Update API endpoints to those of Twitter REST API v1.1.
++ [#150](https://github.com/nahi/httpclient/issues/150)
++
++
++### Changes in 2.3.4
++
++July 27, 2013 - version 2.3.4
++
++ * Bug fixes
++ * Make sure to read socket in BINARY buffer.
++ [#171](https://github.com/nahi/httpclient/issues/171)
++
++### Changes in 2.3.3
++
++February 24, 2013 - version 2.3.3
++
++ * Changes
++
++ * Add User-Agent field by default. You can remove the header by setting nil
++ to HTTPClient#agent_name.
++ [#144](https://github.com/nahi/httpclient/issues/144)
++
++### Changes in 2.3.2
++
++January 5, 2013 - version 2.3.2
++
++```
++ * Changes
++
++ * #138 Revert Timeout change unintentionally included in v2.3.1. It's
++ reported that the change causes background processes not terminated
++ properly.
++```
++
++### Changes in 2.3.1
++
++January 1, 2013 - version 2.3.1
++
++```
++ * Changes
++
++ * #137 Signing key is expiring for cacert_sha1.p7s.
++ Deleted p7s signature check for default cacerts. Sorry for many troubles
++ in the past. This feature is not useful without having online/real-time
++ CA certs update but I don't think I can implement it in near future.
++ Users depend on this signature check (who puts cacert.p7s in R/W
++ filesystem and ssl_config.rb in R/O filesystem) should take care the
++ tampering by themself.
++
++ * Bug fixes
++
++ * #122 Support IPv6 address in URI
++```
++
++
++### Changes in 2.3.0
++
++October 10, 2012 - version 2.3.0
++
++```
++ * Features
++
++ * Added debug mode CLI. bin/httpclient is installed as CLI.
++ Usage: 1) % httpclient get https://www.google.co.jp/ q=ruby
++ Usage: 2) %httpclient
++ For 1) it issues a GET request to the given URI and shows the wiredump
++ and the parsed result. For 2) it invokes irb shell with the binding
++ that has a HTTPClient as 'self'. You can call HTTPClient instance
++ methods like;
++ > get "https://www.google.co.jp/", :q => :ruby
++
++ * #119 Addressable gem support (only if it exists); should handle IRI
++ properly.
++
++ * Bug fixes
++
++ * #115 Cookies couldn't work properly if the path in an URI is ommited.
++ * #112, #117 Proper handling of sized IO (the IO object that responds to
++ :size) for chunked POST. HTTPClient did read till EOF even if the
++ given IO has :size method.
++ * Handle '303 See Other' properly. RFC2616 says it should be redirected
++ with GET.
++ * #116 Fix "100-continue" support. It was just ignored.
++ * #118 Support for boolean values when making POST/PUT requests with
++ multiipart/form Content-Type.
++ * #110 Allows leading dots in no_proxy hostname suffixes.
++```
++
++### Changes in 2.2.7
++
++August 14, 2012 - version 2.2.7
++
++```
++ * Bug fixes
++
++ * Fix arity incompatibility introduced in 2.2.6. It broke Webmock.
++ Thanks Andrew France for the report!
++```
++
++### Changes in 2.2.6
++
++August 14, 2012 - version 2.2.6
++
++```
++ * Bug fixes
++
++ * Make get_content doesn't raise a BadResponseError for perfectly good
++ responses like 304 Not Modified. Thanks to Florian Hars.
++
++ * Add 'Content-Type: application/x-www-form-urlencoded' for the PUT
++ request that has urlencoded entity-body.
++
++ * Features
++
++ * Add HTTPClient::IncludeClient by Jonathan Rochkind, a mix-in for easily
++ adding a thread-safe lazily initialized class-level HTTPClient object
++ to your class.
++
++ * Proxy DigestAuth support. Thanks to Alexander Kotov and Florian Hars.
++
++ * Accept an array of strings (and IO-likes) as a query value
++ e.g. `{ x: 'a', y: [1,2,3] }` is encoded into `"x=a&y=1&y=2&y=3"`.
++ Thanks to Akinori MUSHA.
++
++ * Allow body for DELETE method.
++
++ * Allow :follow_redirect => true for HEAD request.
++
++ * Fill request parameters request_method, request_uri and request_query
++ as part of response Message::Header.
++```
++
++### Changes in 2.2.5
++
++ May 06, 2012 - version 2.2.5
++
++```
++ * Bug fixes
++
++ * Added Magic encoding comment to hexdump.rb to avoid encoding error.
++ * Add workaround for JRuby issue on Windows (JRUBY-6136)
++ On Windows, calling File#size fails with an Unknown error (20047).
++ This workaround uses File#lstat instead.
++ * Require open-uri only on ruby 1.9, since it is not needed on 1.8.
++
++ * Features
++
++ * Allow symbol Header name for HTTP request.
++ * Dump more SSL certificate information under $DEBUG.
++ * Add HTTPClient::SSLConfig#ssl_version property.
++ * Add 'Accept: */*' header to request by default. Rails requies it.
++ It doesn't override given Accept header from API.
++ * Add HTTPClient::SSLConfig#set_default_paths. This method makes
++ HTTPClient instance to use OpenSSL's default trusted CA certificates.
++ * Allow to set Date header manually.
++ ex. clent.get(uri, :header => {'Date' => Time.now.httpdate})
++```
++
++### Changes in 2.2.4
++
++ Dec 08, 2011 - version 2.2.4
++
++```
++ * Bug fixes
++
++ * Do not recycle buffer String object for yielding. When the response is
++ not chunked and the size of the response > 16KB, API with block style
++ yields recycled String object for each yields.
++
++ * Set VERSION string in User-Agent header. $Id$ didn't work long time...
++
++ Bugs are reported by Seamus Abshere. Thanks!
++```
++
++### Changes in 2.2.3
++
++ Oct 28, 2011 - version 2.2.3
++
++```
++ * Bug fixes
++
++ * Ruby 1.8.6 support. It's broken from 2.2.0.
++```
++
++### Changes in 2.2.2
++
++ Oct 17, 2011 - version 2.2.2
++
++```
++ * Bug fixes
++
++ * Do not sort query params on request: Wrongly sorted query params for
++ easier debugging but the order of request parameter should be
++ preserved. #65
++
++ * Changes
++
++ * Set responce String encoding if possible. Parse content-type response
++ header with some helps from OpenURI::Meta and set response String
++ encoding. #26
++
++ * Improve connection cache strategy. Reuse cached session in MRU order,
++ not in LRU. MRU is more server friendly than LRU because it reduces
++ number of cached sessions when a number of requests drops after an
++ usaage spike.
++
++ With reusing sessions in LRU order, all sessions are equally checked if
++ it's closed or not, as far as there's a request to the same site. With
++ reusing sessions in MRU order, old cold sessions are kept in cache long
++ time even if there's a request to the same site. To avoid this leakage,
++ this version adds keep_alive_timeout property and let SessionManager
++ scrub all sessions with checking the timeout for each session. When the
++ session expires against the last used time, it's closed and collected.
++
++ keep_alive_timeout is 15[sec] by default. The value is from the default
++ value for KeepAliveTimeout of Apache httpd 2. #68 #69
++```
++
++### Changes in 2.2.1
++
++ Jun 2, 2011 - version 2.2.1
++
++```
++ * Bug fixes
++
++ * For Lighttpd + PUT/POST support, do not send a request using chunked
++ encoding when IO respond to :size, File for example.
++
++ - There is no need to send query with Transfer-Encoding: chuncked when
++ IO respond to :size.
++ - Lighttpd does not support PUT, POST with Transfer-Encoding: chuncked.
++ You will see that the lighty respond with 200 OK, but there is a file
++ whose size is zero.
++
++ LIMITATION:
++ timeout occurs certainly when you send very large file and
++ @send_timeout is default since HTTPClient::Session#query() assumes
++ that *all* write are finished in @send_timeout sec not each write.
++
++ WORKAROUND:
++ increment @send_timeout and @receive_timeout or set @send_timeout and
++ @receive_timeout to 0 not to be timeout.
++
++ This fix is by TANABE Ken-ichi <nabeken at tknetworks.org>. Thanks!
++
++ * Allow empty http_proxy ENV variable. Just treat it the same as if it's
++ nil/unset. This fix is by Ash Berlin <ash_github at firemirror.com>.
++ Thanks!
++
++ * Check EOF while reading chunked response and close the session. It
++ raised NoMethodError.
++
++ * Changes
++
++ * Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
++ CA certs are imported from
++ 'Java(TM) SE Runtime Environment (build 1.6.0_25-b06)'.
++
++ * Changed default chunk size from 4K to 16K. It's used for reading size
++ at a time.
++```
++
++### Changes in 2.2.0
++
++ Apr 8, 2011 - version 2.2.0
++
++```
++ * Features
++ * Add HTTPClient#cookies as an alias of #cookie_manager.cookies.
++
++ * Add res.cookies method. It returns parsed cookie in response header.
++ It's different from client.cookie_manager.cookies. Manager keeps
++ persistent cookies in it.
++
++ * Add res.headers method which returns a Hash of headers.
++ Hash key and value are both String. Each key has a single value so you
++ can't extract exact value when a message has multiple headers like
++ 'Set-Cookie'. Use header['Set-Cookie'] for that purpose.
++ (It returns an Array always)
++
++ * Allow keyword style argument for HTTPClient#get, post, etc.
++ Introduced keywords are: :body, :query, and :header.
++ You can write
++ HTTPClient.get(uri, :header => {'X-custom' => '1'})
++ instead of;
++ HTTPClient.get(uri, nil, {'X-custom' => '1'})
++
++ * Add new keyword argument :follow_redirect to get/post. Now you can
++ follow redirection response with passing :follow_redirect => true.
++
++ * [INCOMPAT] Rename HTTPClient::HTTP::Message#body to #http_body, then
++ add #body as an alias of #content. It's incompatible change though
++ users rarely depends on this method. (I've never seen such a case)
++ Users who are using req.body and/or res.body should follow this
++ change. (req.http_body and res.http_body)
++
++ * Bug fixes
++
++ * Reenable keep-alive for chunked response.
++ This feature was disabled by c206b687952e1ad3e20c20e69bdbd1a9cb38609e at
++ 2008-12-09. I should have written a test for keep-alive. Now I added it.
++ Thanks Takahiro Nishimura(@dr_taka_n) for finding this bug.
++```
++
++### Changes in 2.1.7
++
++ Mar 22, 2011 - version 2.1.7
++
++```
++ * Features
++ * Add MD5-sess auth support. Thanks to wimm-dking. (#47)
++ * Add SNI support. (Server Name Indication of HTTPS connection) (#49)
++ * Add GSSAPI auth support using gssapi gem. Thanks to zenchild. (#50)
++ * NTLM logon to exchange Web Services. [experimental] Thanks to curzonj and mccraigmccraig (#52)
++ * Add HTTPOnly cookie support. Thanks to nbrosnahan. (#55)
++ * Add HTTPClient#socket_local for specifying local binding hostname and port of TCP socket. Thanks to icblenke.
++```
++
++### Changes in 2.1.6
++
++ Dec 20, 2010 - version 2.1.6
++
++```
++ * IMPORTANT update for HTTPS(SSL) connection
++ * Trusted CA bundle file cacert_sha1.p7s for older environment (where
++ you cannot use SHA512 algorithm such as an old Mac OS X) included in
++ httpclient 2.1.5 expires in Dec 31, 2010. Please update to 2.1.6 if
++ you're on such an environment.
++ * Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
++ CA certs are imported from
++ 'Java(TM) SE Runtime Environment (build 1.6.0_22-b04)'.
++
++ * IMPORTANT bug fix for persistent connection
++ * #29 Resource Leak: If httpclient establishes two connections to the
++ same server in parallel, one of these connections will be leaked, patch
++ by xb.
++ * #30 When retrying a failed persistent connection, httpclient should use
++ a fresh connection, reported by xb.
++ These 2 fixes should fix 'Too many open files' error as well if you're
++ getting this. Please check 2.1.6 and let me know how it goes!
++
++ * Features
++ * #4 Added OAuthClient. See sample clients in sample/ dir.
++ * #42 Added transparent_gzip_decompression property, patch by Teshootub7.
++ All you need to use it is done by;
++ client.transparent_gzip_decompression = true
++ Then you can retrieve a document as usural in decompressed format.
++ * #38 Debug dump binary data (checking it includes \0 or not) in hex
++ encoded format, patch by chetan.
++
++ * Bug fixes
++ * #8 Opened certificate and key files for SSL not closed properly.
++ * #10 "get" method gets blocked in "readpartial" when receiving a 304
++ with no Content-Length.
++ * #11 Possible data corruption problem in asynchronous methods, patch by
++ a user. (http://dev.ctor.org/http-access2/ticket/228)
++ * #13 illegal Cookie PATH handling. When no PATH part given in Set-Cookie
++ header, URL's path part should be used for path variable.
++ * #16 httpclient doesn't support multiline server headers.
++ * #19 set_request_header clobbers 'Host' header setting if given, patch
++ by meuserj.
++ * #20 Relative Location on https redirect fails, patch by zenchild.
++ * #22 IIS/6 + MicrosoftSharePointTeamServices uses "NTLM" instead of
++ "Negotiate".
++ * #27 DigestAuth header: 'qop' parameter must not be enclosed between
++ double quotation, patch by ibc.
++ * #36 Wrong HTTP version in headers with Qt4 applications, reported by
++ gauleng.
++ * #38 DigestAuth + posting IO fails, patch by chetan.
++ * #41 https-over-proxy fails with IIS, patch by tai.
++```
++
++### Changes in 2.1.5
++
++ Jun 25, 2009 - version 2.1.5.2
++
++```
++ * Added another cacert distribution certificate which uses
++ sha1WithRSAEncryption. OpenSSL/0.9.7 cannot handle non-SHA1 digest
++ algorithm for certificate. The new certificate is
++ RSA 2048 bit + SHA1 + notAfter:2010/12/31. Corresponding CA bundle file
++ is cacert_sha1.p7s. It is loaded only when cacert.p7s cannot be loaded
++ with the original distribution certificate.
++```
++
++ Jun 11, 2009 - version 2.1.5.1
++
++```
++ * README update.
++```
++
++ Jun 8, 2009 - version 2.1.5
++
++```
++ * IMPORTANT update for HTTPS(SSL) connection
++ * Trusted CA bundle file included in httpclient <= 2.1.4 expires in
++ Nov 2009. Please update to 2.1.5 by Oct 2009 if your application
++ depends on trusted CA bundle file.
++ * Updated trusted CA certificates file (cacert.p7s). CA certs are
++ imported from 'Java(TM) SE Runtime Environment (build 1.6.0_13-b03)'.
++ * Updated a cacert distribution certificate.
++ RSA 2048 bit + SHA512 + notAfter:2037/12/31. (#215)
++
++ * Feature
++ * WWW authentication with Negotiate based on win32/sspi as same as Proxy
++ authentication. Applied a patch from Paul Casto. Thanks! (#212)
++
++ * Bug fixes
++ * Infinite loop caused by EOF error while reading response message body
++ without Content-Length. IO#readpartial does not clear the second
++ argument (buffer) when an exception raised. Fixed by a patch from an
++ user. Thanks! (#216)
++ * NoMethodError caused by the cookie string that includes a double
++ semicolons ";;". Fixed by a patch from an user. Thanks! (#211)
++ * CNONCE attribute in Digest Authentication was not properly generated by
++ itself (used same nonce sent from the connecting server). Fixed by a
++ patch from bterlson
++ [http://github.com/bterlson/httpclient/commit/6d0df734840985a7be88a2d54443bbf892d50b9a]
++ Thanks! (#209)
++ * Cookie header was not set in authentication negotiation. Fixed. This
++ bug was found and pointed out by bterlson at
++ [http://github.com/bterlson/httpclient/commits/master]. Thanks! (#210)
++ * Do not send 'Content-Length: 0' when a request doesn't have message
++ body. Some server application (!EasySoap++/0.6 for example) corrupts
++ with the request with Content-Length: 0. This bug was found by clay
++ [http://daemons.net/~clay/2009/05/03/ruby-why-do-you-torment-me/].
++ Thanks! (#217)
++ * Ensure to reset connection after invoking HTTPClient singleton methods
++ for accessing such as HTTPClient.get_content. Thanks to @xgavin! (#214)
++```
++
++### Changes in 2.1.4
++
++ Feb 13, 2009 - version 2.1.4
++
++```
++ * Bug fixes
++ * When we hit some site through http-proxy we get a response without
++ Content-Length header. httpclient/2.1.3 drops response body for such
++ case. fixed. (#199)
++ * Avoid duplicated 'Date' header in request. Fixed. (#194)
++ * Avoid to add port number to 'Host' header. Some servers like GFE/1.3
++ dislike it. Thanks to anonymous user for investigating the behavior.
++ (#195)
++ * httpclient/2.1.3 does not work when you fork a process after requiring
++ httpclient module (Passenger). Thanks to Akira Yamada for tracing down
++ this bug. (#197)
++ * httpclient/2.1.3 cannot handle Cookie header with 'expires=' and
++ 'expires=""'. Empty String for Time.parse returns Time.now unlike
++ ParseDate.parsedate. Thanks to Mark for the patch. (#200)
++```
++
++### Changes in 2.1.3
++
++ Jan 8, 2009 - version 2.1.3.1
++
++```
++ * Security fix introduced at 2.1.3.
++ * get_content/post_content of httpclient/2.1.3 may send secure cookies
++ for a https site to non-secure (non-https) site when the https site
++ redirects the request to a non-https site. httpclient/2.1.3 caches
++ request object and reuses it for redirection. It should not be cached
++ and recreated for each time as httpclient <= 2.1.2 and http-access2.
++ * I realized this bug when I was reading open-uri story on
++ [ruby-core:21205]. Ruby users should use open-uri rather than using
++ net/http directly wherever possible.
++```
++
++ Dec 29, 2008 - version 2.1.3
++
++```
++ * Features
++ * Proxy Authentication for SSL.
++ * Performance improvements.
++ * Full RDoc. Please tell me any English problem. Thanks in advance.
++ * Do multipart file upload when a given body includes a File. You don't
++ need to set 'Content-Type' and boundary String any more.
++ * Added propfind and proppatch methods.
++
++ * Changes
++ * Avoid unnecessary memory consuming for get_content/post_content with
++ block. get_content returns nil when you call it with a block.
++ * post_content with IO did not work when redirect/auth cycle is required.
++ (CAUTION: post_content now correctly follows redirection and posts the
++ given content)
++ * Exception handling cleanups.
++ * Raises HTTPClient::ConfigurationError? for environment problem.
++ (trying to do SSL without openssl installed for example)
++ * Raises HTTPClient::BadResponse? for HTTP response problem. You can
++ get the response HTTPMessage returned via $!.res.
++ * Raises SocketError? for connection problem (as same as before).
++
++ * Bug fixes
++ * Avoid unnecessary negotiation cycle for Negotiate(NTLM) authentication.
++ Thanks Rishav for great support for debugging Negotiate authentication.
++ * get_content/post_content with block yielded unexpected message body
++ during redirect/auth cycle.
++ * Relative URI redirection should be allowed from 2.1.2 but it did not
++ work... fixed.
++ * Avoid unnecessary timeout waiting when no message body returned such as
++ '204 No Content' for DAV.
++ * Avoid blocking on socket closing when the socket is already closed by
++ foreign host and the client runs under MT-condition.
++```
++
++### Changes in 2.1.2
++
++ Sep 22, 2007 - version 2.1.2
++
++```
++ * HTTP
++ * implemented Negotiate authentication with a support from exterior
++ modules. 'rubyntlm' module is required for Negotiate auth with IIS.
++ 'win32/sspi' module is required for Negotiate auth with ISA.
++ * a workaround for Ubuntu + SonicWALL timeout problem. try to send HTTP
++ request in one chunk.
++
++ * SSL
++ * create new self-signing dist-cert which has serial number 0x01 and
++ embed it in httpclient.rb.
++ * update cacert.p7s. certificates are imported from cacerts in JRE 6
++ Update 2. 1 expired CA certificate
++ 'C=US, O=GTE Corporation, CN=GTE CyberTrust Root' is removed.
++
++ * Bug fix
++ * [BUG] SSL + debug_dev didn't work under version 2.1.1.
++ * [BUG] Reason-Phrase of HTTP response status line can be empty according
++ * to RFC2616.
++```
++
++### Changes in 2.1.1
++
++ Aug 28, 2007 - version 2.1.1
++
++```
++ * bug fix
++ * domain_match should be case insensitive. thanks to Brian for the patch.
++ * before calling SSLSocket#post_connection_check, check if
++ RUBY_VERSION > "1.8.4" for CN based wildcard certificate. when
++ RUBY_VERSION <= "1.8.4", it fallbacks to the post_connection_check
++ method in HTTPClient so httpclient should run on 1.8.4 fine as before.
++
++ * misc
++ * added HTTPClient#test_loopback_http_response which accepts test
++ loopback response which contains HTTP header.
++```
++
++### Changes in 2.1.0
++
++ Jul 14, 2007 - version 2.1.0
++
++```
++ * program/project renamed from 'http-access2' to 'httpclient'.
++ there's compatibility layer included so existing programs for
++ http-access2 which uses HTTPAccess2::Client should work with
++ httpclient/2.1.0 correctly.
++
++ * misc
++ * install.rb did not install cacerts.p7s. Thanks to knu.
++ * now HTTPClient loads http_proxy/HTTP_PROXY and no_proxy/NO_PROXY
++ environment variable at initialization time. bear in mind that it
++ doesn't load http_proxy/HTTP_PROXY when a library is considered to be
++ running under CGI environment (checked by ENVREQUEST_METHOD existence.
++ cgi_http_proxy/CGI_HTTP_PROXY is loaded instead.
++```
++
++### Changes in 2.0.9
++
++ Jul 4, 2007 - version 2.0.9
++
++```
++ * bug fix
++ * fix the BasicAuth regression problem in 2.0.8. A server may return
++ "BASIC" as an authenticate scheme label instead of "Basic". It must be
++ treated as a case-insensitive token according to RFC2617 section 1.2.
++ Thanks to mwedeme for contributing the patch. (#159)
++```
++
++### Changes in 2.0.8
++
++ Jun 30, 2007 - version 2.0.8
++
++```
++ * HTTP
++ * added request/response filter interface and implemented DigestAuth
++ based on the filter interface. DigestAuth calc engine is based on
++ http://tools.assembla.com/breakout/wiki/DigestForSoap
++ Thanks to sromano. (#155)
++ * re-implemented BasicAuth based on the filter interface. send BasicAuth
++ header only if it's needed. (#31)
++ * handle a response which has 2XX status code as a successfull response
++ while retry check. applied the patch from Micah Wedemeyer.
++ Thanks! (#158)
++
++ * Connection
++ * show more friendly error message for unconnectable URL. (#156)
++
++ * bug fixes
++ * to avoid MIME format incompatibility, add empty epilogue chunk
++ explicitly. Thanks to the anonymous user who reported #154 (#154)
++ * rescue EPIPE for keep-alive reconnecting. Thanks to anonymous user
++ who posted a patch at #124. (#124)
++```
++
++### Changes in 2.0.7
++
++ May 13, 2007 - version 2.0.7
++
++```
++ * HTTP
++ * added proxyauth support. (#6)
++ * let developer allow to rescue a redirect with relative URI. (#28)
++ * changed last-chunk condition statement to allow "0000\r\n" marker from
++ WebLogic Server 7.0 SP5 instead of "0\r\n". (#30)
++ * fixed multipart form submit. (#29, #116)
++ * use http_date format as a date in a request header. (#35)
++ * avoid duplicated Date header when running under mod_ruby. (#127)
++ * reason phrase in Message#reason contains \r. (#122)
++ * trim "\n"s in base64 encoded BasicAuth value for interoperability.
++ (#149)
++ * let retry_connect return a Message not a content. (#119)
++ * rescue SocketError and dump a message when a wrong address given. (#152)
++
++ * HTTP-Cookies
++ * changed "domain" parameter matching condition statement to allow
++ followings; (#24, #32, #118, #147)
++ * [host, domain] = [rubyforge.com, .rubyforge.com]
++ * [host, domain] = [reddit.com, reddit.com]
++
++ * SSL
++ * bundles CA certificates as trust anchors.
++ * allow user to get peer_cert. (#117, #123)
++ * added wildcard certificate support. (#151)
++ * SSL + HTTP keep-alive + long wait causes uncaught exception. fixed.
++ (#120)
++
++ * Connection
++ * fixed a loop condition bug that caused intermittent empty response.
++ (#150, #26, #125)
++```
++
++### Changes in 2.0.6
++
++ September 16, 2005 - version 2.0.6
++
++```
++ * HTTP
++ * allows redirects from a "POST" request. imported a patch from sveit.
++ Thanks! (#7)
++ * add 'content-type: application/application/x-www-form-urlencoded' when
++ a request contains message-body. (#11)
++ * HTTP/0.9 support. (#15)
++ * allows submitting multipart forms. imported a patch from sveit.
++ Thanks! (#7)
++
++ * HTTP-Cookies
++ * avoid NameError when a cookie value is nil. (#10)
++ * added netscape_rule property to CookieManager (false by default). You
++ can turn on the domain attribute test of Netscape rule with the
++ property. cf. http://wp.netscape.com/newsref/std/cookie_spec.html
++ * added HTTPClient#cookie_manager property for accessing its properties.
++ (#13)
++ * added save_all_cookies method to save unused and discarded cookies as
++ well. The patch is from Christian Lademann. Thanks! (#21)
++ * allow to set cookie_manager. raise an error when set_cookie_store
++ called and cookie_store has already been set. (#20)
++
++ * SSL
++ * allows SSL connection debugging when debug_dev != nil. (#14)
++ * skip post_connection_check when
++ verify_mode == OpenSSL::SSL::VERIFY_NONE. Thanks to kdraper. (#12)
++ * post_connection_check: support a certificate with a wildcard in the
++ hostname. (#18)
++ * avoid NameError when no peer_cert and VERIFY_FAIL_IF_NO_PEER_CERT
++ given. Thanks to Christian Lademann.
++
++ * Connection
++ * insert a connecting host and port to an exception message when
++ connecting failed. (#5)
++ * added socket_sync property to HTTPClient(HTTPAccess2::Client) that
++ controls socket's sync property. the default value is true. CAUTION:
++ if your ruby is older than 2005-09-06 and you want to use SSL
++ connection, do not set socket_sync = false to avoid a blocking bug of
++ openssl/buffering.rb.
++```
++
++### Changes in 2.0.5
++
++ December 24, 2004 - version 2.0.5
++
++```
++ This is a minor bug fix release.
++ - Connect/Send/Receive timeout cannot be configured. fixed.
++ - IPSocket#addr caused SocketError? on Mac OS X 10.3.6 + ruby-1.8.1 GA.
++ fixed.
++ - There is a server which does not like 'foo.bar.com:80' style Host header.
++ The server for http://rubyforge.org/export/rss_sfnews.php seems to
++ dislike HTTP/1.1 Host header "Host: rubyforge.net:80". It returns
++ HTTP 302: Found and redirects to the page again, causes
++ HTTPAccess2::Client to raise "retry count exceeded". Keat found that the
++ server likes "Host: rubyforge.net" (not with port number).
++```
++
++### Changes in 2.0.4
++
++ February 11, 2004 - version 2.0.4
++
++```
++ - add Client#redirect_uri_callback interface.
++ - refactorings and bug fixes found during negative test.
++ - add SSL test.
++```
++
++### Changes in 2.0.3
++
++ December 16, 2003 - version 2.0.3
++
++```
++ - no_proxy was broken in 2.0.2.
++ - do not dump 'Host' header under protocol_version == 'HTTP/1.0'
++```
++
++### Changes in 2.0.2
++
++ December ?, 2003 - version 2.0.2
++
++```
++ - do not trust HTTP_PROXY environment variable. set proxy server manually.
++ http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0072.html
++ http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0241.html
++ http://curl.haxx.se/mail/archive-2001-12/0034.html
++ - follow ossl2 change.
++```
++
++### Changes in 2.0.1
++
++ October 4, 2003 - version 2.0.1
++
++```
++ Query was not escaped when query was given as an Array or a Hash. Fixed.
++ Do not use http_proxy defined by ENV['http_proxy'] or ENV['HTTP_PROXY'] if
++ the destination host is 'localhost'.
++ Hosts which matches ENV['no_proxy'] or ENV['NO_PROXY'] won't be proxyed.
++ [,:] separated. ("ruby-lang.org:rubyist.net")
++ No regexp. (give "ruby-lang.org", not "*.ruby-lang.org")
++ If you want specify hot by IP address, give full address.
++ ("192.168.1.1, 192.168.1.2")
++```
++
++### Changes in 2.0
++
++ September 10, 2003 - version 2.0
++
++```
++ CamelCase to non_camel_case.
++ SSL support (requires Ruby/OpenSSL).
++ Cookies support. lib/http-access2/cookie.rb is redistributed file which is
++ originally included in Webagent by TAKAHASHI `Maki' Masayoshi. You can
++ download the entire package from http://www.rubycolor.org/arc/.
++```
++
++ January 11, 2003 - version J
++
++```
++ ruby/1.8 support.
++```
diff --git a/debian/patches/series b/debian/patches/series
index e339bda..c1fc4fc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
0001-Fix-port-allocation-in-tests.patch
0002-Disable-tests-for-NTLM.patch
0003-Try-to-wait-until-socket-is-free.patch
+0004-Add-upstream-changelog.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-httpclient.git
More information about the Pkg-ruby-extras-commits
mailing list