[DRE-commits] [ruby-httpclient] 15/18: Patch: Add upstream changelog

Hleb Valoshka tsfgnu-guest at moszumanska.debian.org
Thu Aug 27 10:37:14 UTC 2015


This is an automated email from the git hooks/post-receive script.

tsfgnu-guest pushed a commit to branch master
in repository ruby-httpclient.

commit 16aa728d59c6c6102c4a952cb55ec268e1185bd8
Author: Hleb Valoshka <375gnu at gmail.com>
Date:   Mon Aug 17 16:22:17 2015 +0300

    Patch: Add upstream changelog
---
 debian/patches/0004-Add-upstream-changelog.patch | 1082 ++++++++++++++++++++++
 debian/patches/series                            |    1 +
 2 files changed, 1083 insertions(+)

diff --git a/debian/patches/0004-Add-upstream-changelog.patch b/debian/patches/0004-Add-upstream-changelog.patch
new file mode 100644
index 0000000..454b923
--- /dev/null
+++ b/debian/patches/0004-Add-upstream-changelog.patch
@@ -0,0 +1,1082 @@
+From: Hleb Valoshka <375gnu at gmail.com>
+Date: Mon, 17 Aug 2015 16:19:46 +0300
+Subject: Add upstream changelog
+
+---
+ CHANGELOG.md | 1067 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 1067 insertions(+)
+ create mode 100644 CHANGELOG.md
+
+diff --git a/CHANGELOG.md b/CHANGELOG.md
+new file mode 100644
+index 0000000..c7a9fe7
+--- /dev/null
++++ b/CHANGELOG.md
+@@ -0,0 +1,1067 @@
++## Changes
++
++### Changes in 2.6.0
++
++This release includes internal CookieManager implementation change. It
++involves compatibility layer but for the case your library depends on internal
++implementation it also provides a way to restore the implementation. See below
++for more details.
++
++ * Changes
++
++   * feat: use http-cookie if available for better Cookies spec compliance.
++
++     Instead of WebAgent 0.6.2 that is not maintained over 10 years. To omit
++     maintaining that library use http-cookie for better spec compliance and
++     healthy development.
++
++     This introduces following incompatibility from existing cookies
++     implementation.
++
++     * Expired cookies are not saved. With the old implementation expired
++       cookies are saved in file and not be sent to the server. With the new
++       implementation the expired cookies are not saved to the file and not
++       be sent to the server.
++     * Cookie#domain returns dot-less domain for domain cookies. Instead,
++       Cookie#dot_domain returns with dot.
++
++     http-cookie is used by default if available but you can restore original
++     CookieManager behavior by loading 'httpclient/webagent-cookie' feature
++     before 'httpclient' like this;
++
++     ```ruby
++     require 'httpclient/webagent-cookie'
++     require 'httpclient'
++     ```
++
++     The new implementation dumps warnings to help you migrate to http-cookie.
++     Please follow the suggestion to avoid future compatibility.
++
++     ```ruby
++     e.g.
++      WebAgent::Cookie is deprecated and will be replaced with HTTP::Cookie in the near future. Please use Cookie#origin= instead of Cookie#url= for the replacement.
++      Cookie#domain returns dot-less domain name now. Use Cookie#dot_domain if you need "." at the beginning.
++      CookieManager#find is deprecated and will be removed in near future. Use HTTP::Cookie.cookie_value(CookieManager#cookies) instead
++     ```
++
++   * feat: Message#previous to get responses in negotiation
++
++     HTTP::Message#previous keeps previous response in negotiation.  For
++     redirection, authorization negotiation and retry from custom filter.
++     Closes #234.
++
++   * feat: Add JSONClient
++
++     JSONClient auto-converts Hash <-> JSON in request and response.
++     * For POST or PUT request, convert Hash body to JSON String with
++       'application/json; charset=utf-8' header.
++     * For response, convert JSON String to Hash when content-type is
++       '(application|text)/(x-)?json'
++
++     This commit include bin/jsonclient that works as same as bin/httpclient
++     not with HTTPClient but with JSONClient.
++
++   * feat: Add download command
++
++     ```
++     % httpclient download http://host/path > file
++     ```
++
++ * Bug fixes
++
++   * fix: duplicated query params by follow_redirect
++
++     When the original request has query and the server returns redirection
++     response with Location, HTTPClient wrongly adds query to the new URI. In
++     such case the Location header could include query part;
++
++     ```
++     e.g.
++      http://originalhost/api/call?limit=10
++      -> Location: http://otherhost/api/call?limit=10
++     ```
++
++     HTTPClient should just hit the new location '/api/call?limit=10' not
++     '/api/call?limit=10&limit=10'. Closes #236.
++
++   * fix: NTLM & Basic dual auth
++
++     When a server returns two or more WWW-Authenticate headers and the first
++     one is NTLM, say WWW-Authenticate: NTLM and WWW-Authenticate: Basic in
++     this order, HTTPClient sent Basic Authorization header after finishing
++     NTLM auth negotiation.
++
++     NTLM auth is a connection authentication scheme so HTTPClient deleted
++     the internal auth negotiation state so that NTLM authenticator does not
++     do anything after the negotiation has completed. In such case, for the
++     subsequent requests, NTLM authenticator does nothing but Basic
++     authenticator sends Basic Authorization header to the server that is
++     already negotiated via NTLM authenticator. This can cause authentication
++     failure.
++
++     This commit changes the internal state handling not to delete the state
++     but introduce :done state. NTLM authenticator returns :skip for the
++     request to the server that auth negotiation has completed. WWWAuth skips
++     other authenticator to avoid above issue.  Closes #157.
++
++   * fix: transplant IO positions to new request in negotiation
++
++     In authorization negotiation HTTP::Message for request is generated for
++     each request, of course, but HTTPClient did not care the IO position
++     recorded in the previous requests in the subsequent requests.  Closes #130.
++
++   * fix: avoid inconsistent Content-Length and actual body
++
++     If lengths of all posted arguments are known HTTPClient sends
++     'Content-Length' as a sum length of all arguments. But the length of
++     actual body was wrong because it read as much as possible regardless of
++     what IO#size returned. So if the file is getting bigger while HTTPClient
++     is processing a request the request has inconsistent Content-Length and
++     body.
++
++     This bug is found, and the fix is proposed both by @Teshootub7. Thank
++     you very much for patient trouble shooting!  Fixes #117.
++
++   * fix: KeepAliveDisconnected race condition
++
++     As details explained in #84, current HTTPClient's KeepAliveDisconnected
++     handling has a race condition bug that allows a client to have
++     invalidated connection two or more times. This could be a cause of #185.
++
++     To avoid this, make HTTPClient acquire new connection for retry of
++     KeepAliveDisconnected.  Closes #84. Closes #185.
++
++### Changes in 2.5.3
++
++This release includes behavior changes of POST and PUT requests that has
++nil as a body. See changes below. Emtpty String as a body is not affected.
++
++ * Changes
++
++   * Update cacert. "Certificate data from Mozilla as of: Tue Oct 28 22:03:58 2014"
++     -> Reverted in 2.5.3.3 because it caused unexpected SSLError. See
++     https://github.com/nahi/httpclient/issues/230
++
++   * Allow no content POST and PUT.
++     Previously POST or PUT with :body => nil meant that 'POST or PUT with 0
++     length entity body'. But sometimes you need to POST or PUT actually no
++     content which should not have Content-Type nor Content-Length.
++     It could be incompatible change for user who POST/PUT-ed with empty body
++     but it should be rare, actually WEBrick cannot handle such 'no content'
++     POST and PUT. #128.
++
++   * Add default_header property.
++     :default_header is for providing default headers Hash that all HTTP
++     requests should have, such as custom 'Authorization' header in API.  You
++     can override :default_header with :header Hash parameter in HTTP request
++     methods.
++
++   * raise if redirect res does not have Location header. #155.
++
++ * Bug fixes
++
++   * Avoid NPE by a cookie without domain=.
++     The root cause is still uncertain though. Closes #123
++
++   * Suppress verify_callback warning.
++     Because OpenSSL can try multiple certificate chains and some of it can
++     fail, and one of them succeeds. For that case warning is irrelevant.
++     Let it warn only in $DEBUG mode. #221.
++
++### Changes in 2.5.2
++
++Oct 29, 2014 - version 2.5.2
++
++  * Changes
++    * Add :force_basic_auth config - #166, #179, #181.
++	  Generally HTTP client must send Authorization header after it gets 401
++	  error from server from security reason. But in some situation (e.g.
++	  API client) you might want to send Authorization from the beginning.
++	  You can turn on/off force_basic_auth flag for sending Authorization
++	  header from the beginning. (Of cource, if a request URI matches with
++	  the URI you set in set_auth method)
++
++    Syntax:
++    ```ruby
++      HTTPClient.new(:force_basic_auth => true)
++      # or
++      c = HTTPClient.new
++      c.force_basic_auth = true
++    ```
++
++    * Add :base_url to HTTPClient configuration.
++    Passing path to get, post, etc. is recognized as a request to
++    :base_url + uri.  If you pass full URL :base_url is ignored.
++
++    ```ruby
++      api = HTTPClient.new(:base_url => 'https://api.example.com/v1')
++      api.get("/users.json") # => Get https://api.example.com/v1/users.json
++      api.get("https://localhost/path") # => https://localhost/path
++    ```
++
++
++### Changes in 2.5.1
++
++Oct 19, 2014 - version 2.5.1
++
++  * Changes
++	* Allow to specify :query in POST, PUT, DELETE and OPTIONS requests.
++      Closes #83.
++    * Allow to specify :body in OPTIONS request. Closes #136.
++
++
++### Changes in 2.5.0
++
++Oct 17, 2014 - version 2.5.0
++
++**IMPORTANT CHANGES**
++
++This version changes (again) default SSL options to help
++BEAST/CRIME/POODLE Attack prevension.
++
++ * Disabled SSLv3 in favor of POODLE Attack prevention.
++ * Enabled 1/n-1 fragment in favor of BEAST Attack prevention.
++ * No TLS compression in favor of CRIME Attack prevention.
++
++You can restore the previous SSL configuration like this;
++
++```ruby
++client = HTTPClient.new
++client.ssl_config.ssl_version = :SSLv23
++client.ssl_config.options = OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2
++```
++
++  * Changes
++	* Change default SSL options. See above.
++    * Keep cause error of KeepAliveDisconnected. It allows caller to
++	  investigate the cause of KeepAliveDisconnected.
++
++
++### Changes in 2.4.0
++
++Jun 8, 2014 - version 2.4.0
++
++**IMPORTANT CHANGES**
++
++This version changes default SSL version to :auto (same as nil) to use SSL/TLS
++version negotiation.  Former versions use SSLv3 as default that does not connect
++via TLS.  This change makes underlying OpenSSL library decide which SSL/TLS
++version to use but SSLv2 is disabled.
++
++This change makes your secure connection safer but if you see SSL connection
++failure with this version try specifying SSL version to use SSLv3 like;
++```
++client = HTTPClient.new
++client.ssl_config.ssl_version = :SSLv3
++```
++
++  * Bug fixes
++    * Avoid unnecessary connection retries for OAuth error.
++      [#203](https://github.com/nahi/httpclient/issues/203)
++	* Make authentication drivers Thread-safe.  Note that HTTPClient instance is
++	  Thread-safe for authentication state update but it shares authentication
++	  state across threads by design.  If you don't want to share authentication
++	  state, such as for using different authentication username/password pair
++	  per thread, create HTTPClient instance for each Thread.
++      [#200](https://github.com/nahi/httpclient/issues/200)
++    * Avoid chunked String recycle in callback block.
++      [#193](https://github.com/nahi/httpclient/issues/193)
++    * Do not send empty 'oauth_token' in signed request for compatibility.
++      [#188](https://github.com/nahi/httpclient/issues/188)
++    * Ignore negative Content-Length header from server.
++      [#175](https://github.com/nahi/httpclient/issues/175)
++    * Fix incorrect use of absolute URL for HTTPS proxy requests.
++      [#168](https://github.com/nahi/httpclient/issues/168)
++    * Handle UTF characters in chunked bodies.
++      [#167](https://github.com/nahi/httpclient/issues/167)
++    * A new cookie never be accepted if an HTTPClient has the same expired cookie.
++      [#154](https://github.com/nahi/httpclient/issues/154)
++	* Allow spaces in NO_PROXY environment like; "hosta, hostb"
++      [#141](https://github.com/nahi/httpclient/issues/141)
++	* Avoid HttpClient::Message::Body#dump causes Encoding::CompatibilityError.
++      [#140](https://github.com/nahi/httpclient/issues/140)
++
++  * Changes
++	* Change default SSL version to :auto to use version negotiation.
++      [#186](https://github.com/nahi/httpclient/issues/186),
++      [#204](https://github.com/nahi/httpclient/issues/204)
++    * Allow to pass client private key passphrase in SSLConfig.
++      [#201](https://github.com/nahi/httpclient/issues/201)
++    * Convert README to markdown syntax
++      [#198](https://github.com/nahi/httpclient/issues/198)
++    * Update default CA certificates: change the source from JDK's to Firefox's.
++      The file is downloaded from
++	  https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
++	  (Certificate data from Mozilla as of: Tue Apr 22 08:29:31 2014)
++      [#195](https://github.com/nahi/httpclient/issues/195)
++	* Callback block can be defined as to get 2 arguments to retrieve the
++	  response object.
++      [#194](https://github.com/nahi/httpclient/issues/194)
++    * Remove [] from given address for IPv6 compat.
++      [#176](https://github.com/nahi/httpclient/issues/176)
++    * Update API endpoints to those of Twitter REST API v1.1.
++      [#150](https://github.com/nahi/httpclient/issues/150)
++
++
++### Changes in 2.3.4
++
++July 27, 2013 - version 2.3.4
++
++  * Bug fixes
++    * Make sure to read socket in BINARY buffer.
++	  [#171](https://github.com/nahi/httpclient/issues/171)
++
++### Changes in 2.3.3
++
++February 24, 2013 - version 2.3.3
++
++  * Changes
++
++	* Add User-Agent field by default. You can remove the header by setting nil
++	  to HTTPClient#agent_name.
++      [#144](https://github.com/nahi/httpclient/issues/144)
++
++### Changes in 2.3.2
++
++January 5, 2013 - version 2.3.2
++
++```
++  * Changes
++
++    * #138 Revert Timeout change unintentionally included in v2.3.1.  It's
++      reported that the change causes background processes not terminated
++      properly.
++```
++
++### Changes in 2.3.1
++
++January 1, 2013 - version 2.3.1
++
++```
++  * Changes
++
++    * #137 Signing key is expiring for cacert_sha1.p7s.
++      Deleted p7s signature check for default cacerts.  Sorry for many troubles
++      in the past. This feature is not useful without having online/real-time
++      CA certs update but I don't think I can implement it in near future.
++      Users depend on this signature check (who puts cacert.p7s in R/W
++      filesystem and ssl_config.rb in R/O filesystem) should take care the
++      tampering by themself.
++
++  * Bug fixes
++
++    * #122 Support IPv6 address in URI
++```
++
++
++### Changes in 2.3.0
++
++October 10, 2012 - version 2.3.0
++
++```
++    * Features
++
++      * Added debug mode CLI.  bin/httpclient is installed as CLI.
++          Usage: 1) % httpclient get https://www.google.co.jp/ q=ruby
++          Usage: 2) %httpclient
++        For 1) it issues a GET request to the given URI and shows the wiredump
++        and the parsed result.  For 2) it invokes irb shell with the binding
++        that has a HTTPClient as 'self'.  You can call HTTPClient instance
++        methods like;
++          > get "https://www.google.co.jp/", :q => :ruby
++
++      * #119 Addressable gem support (only if it exists); should handle IRI
++        properly.
++
++    * Bug fixes
++
++      * #115 Cookies couldn't work properly if the path in an URI is ommited.
++      * #112, #117 Proper handling of sized IO (the IO object that responds to
++        :size) for chunked POST. HTTPClient did read till EOF even if the
++        given IO has :size method.
++      * Handle '303 See Other' properly.  RFC2616 says it should be redirected
++        with GET.
++      * #116 Fix "100-continue" support.  It was just ignored.
++      * #118 Support for boolean values when making POST/PUT requests with
++        multiipart/form Content-Type.
++      * #110 Allows leading dots in no_proxy hostname suffixes.
++```
++
++### Changes in 2.2.7
++
++August 14, 2012 - version 2.2.7
++
++```
++    * Bug fixes
++
++      * Fix arity incompatibility introduced in 2.2.6.  It broke Webmock.
++        Thanks Andrew France for the report!
++```
++
++### Changes in 2.2.6
++
++August 14, 2012 - version 2.2.6
++
++```
++    * Bug fixes
++
++      * Make get_content doesn't raise a BadResponseError for perfectly good
++        responses like 304 Not Modified. Thanks to Florian Hars.
++
++      * Add 'Content-Type: application/x-www-form-urlencoded' for the PUT
++        request that has urlencoded entity-body.
++
++    * Features
++
++      * Add HTTPClient::IncludeClient by Jonathan Rochkind, a mix-in for easily
++        adding a thread-safe lazily initialized class-level HTTPClient object
++        to your class.
++
++      * Proxy DigestAuth support. Thanks to Alexander Kotov and Florian Hars.
++
++      * Accept an array of strings (and IO-likes) as a query value
++        e.g. `{ x: 'a', y: [1,2,3] }` is encoded into `"x=a&y=1&y=2&y=3"`.
++        Thanks to Akinori MUSHA.
++
++      * Allow body for DELETE method.
++
++      * Allow :follow_redirect => true for HEAD request.
++
++      * Fill request parameters request_method, request_uri and request_query
++        as part of response Message::Header.
++```
++
++### Changes in 2.2.5
++
++  May 06, 2012 - version 2.2.5
++
++```
++    * Bug fixes
++
++      * Added Magic encoding comment to hexdump.rb to avoid encoding error.
++      * Add workaround for JRuby issue on Windows (JRUBY-6136)
++        On Windows, calling File#size fails with an Unknown error (20047).
++        This workaround uses File#lstat instead.
++      * Require open-uri only on ruby 1.9, since it is not needed on 1.8.
++
++    * Features
++
++      * Allow symbol Header name for HTTP request.
++      * Dump more SSL certificate information under $DEBUG.
++      * Add HTTPClient::SSLConfig#ssl_version property.
++      * Add 'Accept: */*' header to request by default. Rails requies it.
++        It doesn't override given Accept header from API.
++      * Add HTTPClient::SSLConfig#set_default_paths. This method makes
++        HTTPClient instance to use OpenSSL's default trusted CA certificates.
++      * Allow to set Date header manually.
++        ex. clent.get(uri, :header => {'Date' => Time.now.httpdate})
++```
++
++### Changes in 2.2.4
++
++  Dec 08, 2011 - version 2.2.4
++
++```
++    * Bug fixes
++
++      * Do not recycle buffer String object for yielding.  When the response is
++        not chunked and the size of the response > 16KB, API with block style
++        yields recycled String object for each yields.
++
++      * Set VERSION string in User-Agent header.  $Id$ didn't work long time...
++
++      Bugs are reported by Seamus Abshere. Thanks!
++```
++
++### Changes in 2.2.3
++
++  Oct 28, 2011 - version 2.2.3
++
++```
++    * Bug fixes
++
++      * Ruby 1.8.6 support.  It's broken from 2.2.0.
++```
++
++### Changes in 2.2.2
++
++  Oct 17, 2011 - version 2.2.2
++
++```
++    * Bug fixes
++
++      * Do not sort query params on request: Wrongly sorted query params for
++        easier debugging but the order of request parameter should be
++        preserved. #65
++
++    * Changes
++
++      * Set responce String encoding if possible.  Parse content-type response
++        header with some helps from OpenURI::Meta and set response String
++        encoding. #26
++
++      * Improve connection cache strategy.  Reuse cached session in MRU order,
++        not in LRU.  MRU is more server friendly than LRU because it reduces
++        number of cached sessions when a number of requests drops after an
++        usaage spike.
++
++        With reusing sessions in LRU order, all sessions are equally checked if
++        it's closed or not, as far as there's a request to the same site.  With
++        reusing sessions in MRU order, old cold sessions are kept in cache long
++        time even if there's a request to the same site.  To avoid this leakage,
++        this version adds keep_alive_timeout property and let SessionManager
++        scrub all sessions with checking the timeout for each session.  When the
++        session expires against the last used time, it's closed and collected.
++
++        keep_alive_timeout is 15[sec] by default. The value is from the default
++        value for KeepAliveTimeout of Apache httpd 2.  #68 #69
++```
++
++### Changes in 2.2.1
++
++  Jun 2, 2011 - version 2.2.1
++
++```
++    * Bug fixes
++
++      * For Lighttpd + PUT/POST support, do not send a request using chunked
++        encoding when IO respond to :size, File for example.
++
++        - There is no need to send query with Transfer-Encoding: chuncked when
++          IO respond to :size.
++        - Lighttpd does not support PUT, POST with Transfer-Encoding: chuncked.
++          You will see that the lighty respond with 200 OK, but there is a file
++          whose size is zero.
++
++        LIMITATION:
++          timeout occurs certainly when you send very large file and
++          @send_timeout is default since HTTPClient::Session#query() assumes
++          that *all* write are finished in @send_timeout sec not each write.
++
++        WORKAROUND:
++          increment @send_timeout and @receive_timeout or set @send_timeout and
++          @receive_timeout to 0 not to be timeout.
++
++        This fix is by TANABE Ken-ichi <nabeken at tknetworks.org>. Thanks!
++
++      * Allow empty http_proxy ENV variable. Just treat it the same as if it's
++        nil/unset. This fix is by Ash Berlin <ash_github at firemirror.com>.
++        Thanks!
++
++      * Check EOF while reading chunked response and close the session. It
++        raised NoMethodError.
++
++    * Changes
++
++      * Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
++        CA certs are imported from
++        'Java(TM) SE Runtime Environment (build 1.6.0_25-b06)'.
++
++      * Changed default chunk size from 4K to 16K. It's used for reading size
++        at a time.
++```
++
++### Changes in 2.2.0
++
++  Apr 8, 2011 - version 2.2.0
++
++```
++    * Features
++      * Add HTTPClient#cookies as an alias of #cookie_manager.cookies.
++
++      * Add res.cookies method. It returns parsed cookie in response header.
++        It's different from client.cookie_manager.cookies. Manager keeps
++        persistent cookies in it.
++
++      * Add res.headers method which returns a Hash of headers.
++        Hash key and value are both String. Each key has a single value so you
++        can't extract exact value when a message has multiple headers like
++        'Set-Cookie'. Use header['Set-Cookie'] for that purpose.
++        (It returns an Array always)
++
++      * Allow keyword style argument for HTTPClient#get, post, etc.
++        Introduced keywords are: :body, :query, and :header.
++        You can write
++          HTTPClient.get(uri, :header => {'X-custom' => '1'})
++        instead of;
++          HTTPClient.get(uri, nil, {'X-custom' => '1'})
++
++      * Add new keyword argument :follow_redirect to get/post. Now you can
++        follow redirection response with passing :follow_redirect => true.
++
++      * [INCOMPAT] Rename HTTPClient::HTTP::Message#body to #http_body, then
++        add #body as an alias of #content. It's incompatible change though
++        users rarely depends on this method. (I've never seen such a case)
++        Users who are using req.body and/or res.body should follow this
++        change. (req.http_body and res.http_body)
++
++    * Bug fixes
++
++      * Reenable keep-alive for chunked response.
++        This feature was disabled by c206b687952e1ad3e20c20e69bdbd1a9cb38609e at
++        2008-12-09. I should have written a test for keep-alive. Now I added it.
++        Thanks Takahiro Nishimura(@dr_taka_n) for finding this bug.
++```
++
++### Changes in 2.1.7
++
++  Mar 22, 2011 - version 2.1.7
++
++```
++    * Features
++      * Add MD5-sess auth support. Thanks to wimm-dking. (#47)
++      * Add SNI support. (Server Name Indication of HTTPS connection) (#49)
++      * Add GSSAPI auth support using gssapi gem. Thanks to zenchild. (#50)
++      * NTLM logon to exchange Web Services. [experimental] Thanks to curzonj and mccraigmccraig (#52)
++      * Add HTTPOnly cookie support. Thanks to nbrosnahan. (#55)
++      * Add HTTPClient#socket_local for specifying local binding hostname and port of TCP socket. Thanks to icblenke.
++```
++
++### Changes in 2.1.6
++
++  Dec 20, 2010 - version 2.1.6
++
++```
++    * IMPORTANT update for HTTPS(SSL) connection
++      * Trusted CA bundle file cacert_sha1.p7s for older environment (where
++        you cannot use SHA512 algorithm such as an old Mac OS X) included in
++        httpclient 2.1.5 expires in Dec 31, 2010.  Please update to 2.1.6 if
++        you're on such an environment.
++      * Updated trusted CA certificates file (cacert.p7s and cacert_sha1.p7s).
++        CA certs are imported from
++        'Java(TM) SE Runtime Environment (build 1.6.0_22-b04)'.
++
++    * IMPORTANT bug fix for persistent connection
++      * #29 Resource Leak: If httpclient establishes two connections to the
++        same server in parallel, one of these connections will be leaked, patch
++        by xb.
++      * #30 When retrying a failed persistent connection, httpclient should use
++        a fresh connection, reported by xb.
++        These 2 fixes should fix 'Too many open files' error as well if you're
++        getting this. Please check 2.1.6 and let me know how it goes!
++
++    * Features
++      * #4 Added OAuthClient. See sample clients in sample/ dir.
++      * #42 Added transparent_gzip_decompression property, patch by Teshootub7.
++        All you need to use it is done by;
++        client.transparent_gzip_decompression = true
++        Then you can retrieve a document as usural in decompressed format.
++      * #38 Debug dump binary data (checking it includes \0 or not) in hex
++        encoded format, patch by chetan.
++
++    * Bug fixes
++      * #8 Opened certificate and key files for SSL not closed properly.
++      * #10 "get" method gets blocked in "readpartial" when receiving a 304
++        with no Content-Length.
++      * #11 Possible data corruption problem in asynchronous methods, patch by
++        a user. (http://dev.ctor.org/http-access2/ticket/228)
++      * #13 illegal Cookie PATH handling. When no PATH part given in Set-Cookie
++        header, URL's path part should be used for path variable.
++      * #16 httpclient doesn't support multiline server headers.
++      * #19 set_request_header clobbers 'Host' header setting if given, patch
++        by meuserj.
++      * #20 Relative Location on https redirect fails, patch by zenchild.
++      * #22 IIS/6 + MicrosoftSharePointTeamServices uses "NTLM" instead of
++        "Negotiate".
++      * #27 DigestAuth header: 'qop' parameter must not be enclosed between
++        double quotation, patch by ibc.
++      * #36 Wrong HTTP version in headers with Qt4 applications, reported by
++        gauleng.
++      * #38 DigestAuth + posting IO fails, patch by chetan.
++      * #41 https-over-proxy fails with IIS, patch by tai.
++```
++
++### Changes in 2.1.5
++
++  Jun 25, 2009 - version 2.1.5.2
++
++```
++    * Added another cacert distribution certificate which uses
++      sha1WithRSAEncryption.  OpenSSL/0.9.7 cannot handle non-SHA1 digest
++      algorithm for certificate.  The new certificate is
++      RSA 2048 bit + SHA1 + notAfter:2010/12/31.  Corresponding CA bundle file
++      is cacert_sha1.p7s.  It is loaded only when cacert.p7s cannot be loaded
++      with the original distribution certificate.
++```
++
++  Jun 11, 2009 - version 2.1.5.1
++
++```
++    * README update.
++```
++
++  Jun 8, 2009 - version 2.1.5
++
++```
++    * IMPORTANT update for HTTPS(SSL) connection
++      * Trusted CA bundle file included in httpclient <= 2.1.4 expires in
++        Nov 2009. Please update to 2.1.5 by Oct 2009 if your application
++        depends on trusted CA bundle file.
++      * Updated trusted CA certificates file (cacert.p7s). CA certs are
++        imported from 'Java(TM) SE Runtime Environment (build 1.6.0_13-b03)'.
++      * Updated a cacert distribution certificate.
++        RSA 2048 bit + SHA512 + notAfter:2037/12/31. (#215)
++
++    * Feature
++      * WWW authentication with Negotiate based on win32/sspi as same as Proxy
++        authentication. Applied a patch from Paul Casto. Thanks! (#212)
++
++    * Bug fixes
++      * Infinite loop caused by EOF error while reading response message body
++        without Content-Length.  IO#readpartial does not clear the second
++        argument (buffer) when an exception raised.  Fixed by a patch from an
++        user.  Thanks! (#216)
++      * NoMethodError caused by the cookie string that includes a double
++        semicolons ";;".  Fixed by a patch from an user.  Thanks! (#211)
++      * CNONCE attribute in Digest Authentication was not properly generated by
++        itself (used same nonce sent from the connecting server). Fixed by a
++        patch from bterlson
++        [http://github.com/bterlson/httpclient/commit/6d0df734840985a7be88a2d54443bbf892d50b9a]
++        Thanks! (#209)
++      * Cookie header was not set in authentication negotiation. Fixed. This
++        bug was found and pointed out by bterlson at
++        [http://github.com/bterlson/httpclient/commits/master]. Thanks! (#210)
++      * Do not send 'Content-Length: 0' when a request doesn't have message
++        body. Some server application (!EasySoap++/0.6 for example) corrupts
++        with the request with Content-Length: 0. This bug was found by clay
++        [http://daemons.net/~clay/2009/05/03/ruby-why-do-you-torment-me/].
++        Thanks! (#217)
++      * Ensure to reset connection after invoking HTTPClient singleton methods
++        for accessing such as HTTPClient.get_content. Thanks to @xgavin! (#214)
++```
++
++### Changes in 2.1.4
++
++  Feb 13, 2009 - version 2.1.4
++
++```
++    * Bug fixes
++      * When we hit some site through http-proxy we get a response without
++        Content-Length header.  httpclient/2.1.3 drops response body for such
++        case. fixed. (#199)
++      * Avoid duplicated 'Date' header in request. Fixed. (#194)
++      * Avoid to add port number to 'Host' header.  Some servers like GFE/1.3
++        dislike it. Thanks to anonymous user for investigating the behavior.
++        (#195)
++      * httpclient/2.1.3 does not work when you fork a process after requiring
++        httpclient module (Passenger). Thanks to Akira Yamada for tracing down
++        this bug. (#197)
++      * httpclient/2.1.3 cannot handle Cookie header with 'expires=' and
++        'expires=""'.  Empty String for Time.parse returns Time.now unlike
++        ParseDate.parsedate. Thanks to Mark for the patch. (#200)
++```
++
++### Changes in 2.1.3
++
++  Jan 8, 2009 - version 2.1.3.1
++
++```
++    * Security fix introduced at 2.1.3.
++      * get_content/post_content of httpclient/2.1.3 may send secure cookies
++        for a https site to non-secure (non-https) site when the https site
++        redirects the request to a non-https site.  httpclient/2.1.3 caches
++        request object and reuses it for redirection.  It should not be cached
++        and recreated for each time as httpclient <= 2.1.2 and http-access2.
++      * I realized this bug when I was reading open-uri story on
++        [ruby-core:21205].  Ruby users should use open-uri rather than using
++        net/http directly wherever possible.
++```
++
++  Dec 29, 2008 - version 2.1.3
++
++```
++    * Features
++      * Proxy Authentication for SSL.
++      * Performance improvements.
++      * Full RDoc. Please tell me any English problem. Thanks in advance.
++      * Do multipart file upload when a given body includes a File. You don't
++        need to set 'Content-Type' and boundary String any more.
++      * Added propfind and proppatch methods.
++
++    * Changes
++      * Avoid unnecessary memory consuming for get_content/post_content with
++        block.  get_content returns nil when you call it with a block.
++      * post_content with IO did not work when redirect/auth cycle is required.
++        (CAUTION: post_content now correctly follows redirection and posts the
++        given content)
++      * Exception handling cleanups.
++        * Raises HTTPClient::ConfigurationError? for environment problem.
++          (trying to do SSL without openssl installed for example)
++        * Raises HTTPClient::BadResponse? for HTTP response problem.  You can
++          get the response HTTPMessage returned via $!.res.
++        * Raises SocketError? for connection problem (as same as before).
++
++    * Bug fixes
++      * Avoid unnecessary negotiation cycle for Negotiate(NTLM) authentication.
++        Thanks Rishav for great support for debugging Negotiate authentication.
++      * get_content/post_content with block yielded unexpected message body
++        during redirect/auth cycle.
++      * Relative URI redirection should be allowed from 2.1.2 but it did not
++        work... fixed.
++      * Avoid unnecessary timeout waiting when no message body returned such as
++        '204 No Content' for DAV.
++      * Avoid blocking on socket closing when the socket is already closed by
++        foreign host and the client runs under MT-condition.
++```
++
++### Changes in 2.1.2
++
++  Sep 22, 2007 - version 2.1.2
++
++```
++    * HTTP
++      * implemented Negotiate authentication with a support from exterior
++        modules. 'rubyntlm' module is required for Negotiate auth with IIS.
++        'win32/sspi' module is required for Negotiate auth with ISA.
++      * a workaround for Ubuntu + SonicWALL timeout problem. try to send HTTP
++        request in one chunk.
++
++    * SSL
++      * create new self-signing dist-cert which has serial number 0x01 and
++        embed it in httpclient.rb.
++      * update cacert.p7s. certificates are imported from cacerts in JRE 6
++        Update 2. 1 expired CA certificate
++        'C=US, O=GTE Corporation, CN=GTE CyberTrust Root' is removed.
++
++    * Bug fix
++      * [BUG] SSL + debug_dev didn't work under version 2.1.1.
++      * [BUG] Reason-Phrase of HTTP response status line can be empty according
++      * to RFC2616.
++```
++
++### Changes in 2.1.1
++
++  Aug 28, 2007 - version 2.1.1
++
++```
++    * bug fix
++      * domain_match should be case insensitive. thanks to Brian for the patch.
++      * before calling SSLSocket#post_connection_check, check if
++        RUBY_VERSION > "1.8.4" for CN based wildcard certificate. when
++        RUBY_VERSION <= "1.8.4",  it fallbacks to the post_connection_check
++        method in HTTPClient so httpclient should run on 1.8.4 fine as before.
++
++    * misc
++      * added HTTPClient#test_loopback_http_response which accepts test
++        loopback response which contains HTTP header.
++```
++
++### Changes in 2.1.0
++
++  Jul 14, 2007 - version 2.1.0
++
++```
++    * program/project renamed from 'http-access2' to 'httpclient'.
++      there's compatibility layer included so existing programs for
++      http-access2 which uses HTTPAccess2::Client should work with
++      httpclient/2.1.0 correctly.
++
++    * misc
++      * install.rb did not install cacerts.p7s.  Thanks to knu.
++      * now HTTPClient loads http_proxy/HTTP_PROXY and no_proxy/NO_PROXY
++        environment variable at initialization time. bear in mind that it
++        doesn't load http_proxy/HTTP_PROXY when a library is considered to be
++        running under CGI environment (checked by ENVREQUEST_METHOD existence.
++        cgi_http_proxy/CGI_HTTP_PROXY is loaded instead.
++```
++
++### Changes in 2.0.9
++
++  Jul 4, 2007 - version 2.0.9
++
++```
++    * bug fix
++      * fix the BasicAuth regression problem in 2.0.8.  A server may return
++        "BASIC" as an authenticate scheme label instead of "Basic".  It must be
++        treated as a case-insensitive token according to RFC2617 section 1.2.
++        Thanks to mwedeme for contributing the patch. (#159)
++```
++
++### Changes in 2.0.8
++
++  Jun 30, 2007 - version 2.0.8
++
++```
++    * HTTP
++      * added request/response filter interface and implemented DigestAuth
++        based on the filter interface.  DigestAuth calc engine is based on
++        http://tools.assembla.com/breakout/wiki/DigestForSoap
++        Thanks to sromano. (#155)
++      * re-implemented BasicAuth based on the filter interface.  send BasicAuth
++        header only if it's needed. (#31)
++      * handle a response which has 2XX status code as a successfull response
++        while retry check.  applied the patch from Micah Wedemeyer.
++        Thanks! (#158)
++
++    * Connection
++      * show more friendly error message for unconnectable URL. (#156)
++
++    * bug fixes
++      * to avoid MIME format incompatibility, add empty epilogue chunk
++        explicitly.  Thanks to the anonymous user who reported #154 (#154)
++      * rescue EPIPE for keep-alive reconnecting.  Thanks to anonymous user
++        who posted a patch at #124. (#124)
++```
++
++### Changes in 2.0.7
++
++  May 13, 2007 - version 2.0.7
++
++```
++    * HTTP
++      * added proxyauth support. (#6)
++      * let developer allow to rescue a redirect with relative URI. (#28)
++      * changed last-chunk condition statement to allow "0000\r\n" marker from
++        WebLogic Server 7.0 SP5 instead of "0\r\n". (#30)
++      * fixed multipart form submit. (#29, #116)
++      * use http_date format as a date in a request header. (#35)
++      * avoid duplicated Date header when running under mod_ruby. (#127)
++      * reason phrase in Message#reason contains \r. (#122)
++      * trim "\n"s in base64 encoded BasicAuth value for interoperability.
++        (#149)
++      * let retry_connect return a Message not a content. (#119)
++      * rescue SocketError and dump a message when a wrong address given. (#152)
++
++    * HTTP-Cookies
++      * changed "domain" parameter matching condition statement to allow
++        followings; (#24, #32, #118, #147)
++        * [host, domain] = [rubyforge.com, .rubyforge.com]
++        * [host, domain] = [reddit.com, reddit.com]
++
++    * SSL
++      * bundles CA certificates as trust anchors.
++      * allow user to get peer_cert. (#117, #123)
++      * added wildcard certificate support. (#151)
++      * SSL + HTTP keep-alive + long wait causes uncaught exception.  fixed.
++        (#120)
++
++    * Connection
++      * fixed a loop condition bug that caused intermittent empty response.
++        (#150, #26, #125)
++```
++
++### Changes in 2.0.6
++
++  September 16, 2005 - version 2.0.6
++
++```
++    * HTTP
++      * allows redirects from a "POST" request.  imported a patch from sveit.
++        Thanks! (#7)
++      * add 'content-type: application/application/x-www-form-urlencoded' when
++        a request contains message-body. (#11)
++      * HTTP/0.9 support.  (#15)
++      * allows submitting multipart forms.  imported a patch from sveit.
++        Thanks! (#7)
++
++    * HTTP-Cookies
++      * avoid NameError when a cookie value is nil. (#10)
++      * added netscape_rule property to CookieManager (false by default).  You
++        can turn on the domain attribute test of Netscape rule with the
++        property.  cf. http://wp.netscape.com/newsref/std/cookie_spec.html
++      * added HTTPClient#cookie_manager property for accessing its properties.
++        (#13)
++      * added save_all_cookies method to save unused and discarded cookies as
++        well.  The patch is from Christian Lademann.  Thanks!  (#21)
++      * allow to set cookie_manager.  raise an error when set_cookie_store
++        called and cookie_store has already been set. (#20)
++
++    * SSL
++      * allows SSL connection debugging when debug_dev != nil. (#14)
++      * skip post_connection_check when
++        verify_mode == OpenSSL::SSL::VERIFY_NONE.  Thanks to kdraper. (#12)
++      * post_connection_check: support a certificate with a wildcard in the
++        hostname. (#18)
++      * avoid NameError when no peer_cert and VERIFY_FAIL_IF_NO_PEER_CERT
++        given.  Thanks to Christian Lademann.
++
++    * Connection
++      * insert a connecting host and port to an exception message when
++        connecting failed. (#5)
++      * added socket_sync property to HTTPClient(HTTPAccess2::Client) that
++        controls socket's sync property.  the default value is true.  CAUTION:
++        if your ruby is older than 2005-09-06 and you want to use SSL
++        connection, do not set socket_sync = false to avoid a blocking bug of
++        openssl/buffering.rb.
++```
++
++### Changes in 2.0.5
++
++  December 24, 2004 - version 2.0.5
++
++```
++    This is a minor bug fix release.
++    - Connect/Send/Receive timeout cannot be configured. fixed.
++    - IPSocket#addr caused SocketError? on Mac OS X 10.3.6 + ruby-1.8.1 GA.
++      fixed.
++    - There is a server which does not like 'foo.bar.com:80' style Host header.
++      The server for http://rubyforge.org/export/rss_sfnews.php seems to
++      dislike HTTP/1.1 Host header "Host: rubyforge.net:80".  It returns
++      HTTP 302: Found and redirects to the page again, causes
++      HTTPAccess2::Client to raise "retry count exceeded".  Keat found that the
++      server likes "Host: rubyforge.net" (not with port number).
++```
++
++### Changes in 2.0.4
++
++  February 11, 2004 - version 2.0.4
++
++```
++    - add Client#redirect_uri_callback interface.
++    - refactorings and bug fixes found during negative test.
++    - add SSL test.
++```
++
++### Changes in 2.0.3
++
++  December 16, 2003 - version 2.0.3
++
++```
++    - no_proxy was broken in 2.0.2.
++    - do not dump 'Host' header under protocol_version == 'HTTP/1.0'
++```
++
++### Changes in 2.0.2
++
++  December ?, 2003 - version 2.0.2
++
++```
++    - do not trust HTTP_PROXY environment variable. set proxy server manually.
++      http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0072.html
++      http://ftp.ics.uci.edu/pub/websoft/libwww-perl/archive/2001h1/0241.html
++      http://curl.haxx.se/mail/archive-2001-12/0034.html
++    - follow ossl2 change.
++```
++
++### Changes in 2.0.1
++
++  October 4, 2003 - version 2.0.1
++
++```
++    Query was not escaped when query was given as an Array or a Hash.  Fixed.
++    Do not use http_proxy defined by ENV['http_proxy'] or ENV['HTTP_PROXY'] if
++      the destination host is 'localhost'.
++    Hosts which matches ENV['no_proxy'] or ENV['NO_PROXY'] won't be proxyed.
++      [,:] separated. ("ruby-lang.org:rubyist.net")
++      No regexp. (give "ruby-lang.org", not "*.ruby-lang.org")
++      If you want specify hot by IP address, give full address.
++        ("192.168.1.1, 192.168.1.2")
++```
++
++### Changes in 2.0
++
++  September 10, 2003 - version 2.0
++
++```
++    CamelCase to non_camel_case.
++    SSL support (requires Ruby/OpenSSL).
++    Cookies support.  lib/http-access2/cookie.rb is redistributed file which is
++      originally included in Webagent by TAKAHASHI `Maki' Masayoshi.  You can
++      download the entire package from http://www.rubycolor.org/arc/.
++```
++
++  January 11, 2003 - version J
++
++```
++    ruby/1.8 support.
++```
diff --git a/debian/patches/series b/debian/patches/series
index e339bda..c1fc4fc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 0001-Fix-port-allocation-in-tests.patch
 0002-Disable-tests-for-NTLM.patch
 0003-Try-to-wait-until-socket-is-free.patch
+0004-Add-upstream-changelog.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-httpclient.git



More information about the Pkg-ruby-extras-commits mailing list