commit rubygem-rest-client for openSUSE:Factory
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package rubygem-rest-client for openSUSE:Factory checked in at 2017-04-11 09:32:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-rest-client (Old) and /work/SRC/openSUSE:Factory/.rubygem-rest-client.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "rubygem-rest-client" Tue Apr 11 09:32:26 2017 rev:9 rq:479682 version:2.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-rest-client/rubygem-rest-client.changes 2015-03-01 14:46:35.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.rubygem-rest-client.new/rubygem-rest-client.changes 2017-04-11 09:32:28.308650349 +0200 @@ -1,0 +2,149 @@ +Mon Feb 20 05:39:23 UTC 2017 - coolo@suse.com + +- updated to version 2.0.1 + see installed history.md + + # 2.0.1 + + - Warn if auto-generated headers from the payload, such as Content-Type, + override headers set by the user. This is usually not what the user wants to + happen, and can be surprising. (#554) + - Drop the old check for weak default TLS ciphers, and use the built-in Ruby + defaults. Ruby versions from Oct. 2014 onward use sane defaults, so this is + no longer needed. (#573) + +------------------------------------------------------------------- +Mon Jul 4 04:39:18 UTC 2016 - coolo@suse.com + +- updated to version 2.0.0 + see installed history.md + + # 2.0.0 + + This release is largely API compatible, but makes several breaking changes. + + - Drop support for Ruby 1.9 + - Allow mime-types as new as 3.x (requires ruby 2.0) + - Respect Content-Type charset header provided by server. Previously, + rest-client would not override the string encoding chosen by Net::HTTP. Now + responses that specify a charset will yield a body string in that encoding. + For example, `Content-Type: text/plain; charset=EUC-JP` will return a String + encoded with `Encoding::EUC_JP`. (#361) + - Change exceptions raised on request timeout. Instead of + `RestClient::RequestTimeout` (which is still used for HTTP 408), network + timeouts will now raise either `RestClient::Exceptions::ReadTimeout` or + `RestClient::Exceptions::OpenTimeout`, both of which inherit from + `RestClient::Exceptions::Timeout`. For backwards compatibility, this still + inherits from `RestClient::RequestTimeout` so existing uses will still work. + This may change in a future major release. These new timeout classes also + make the original wrapped exception available as `#original_exception`. + - Unify request exceptions under `RestClient::RequestFailed`, which still + inherits from `ExceptionWithResponse`. Previously, HTTP 304, 401, and 404 + inherited directly from `ExceptionWithResponse` rather than from + `RequestFailed`. Now _all_ HTTP status code exceptions inherit from both. + - Rename the `:timeout` request option to `:read_timeout`. When `:timeout` is + passed, now set both `:read_timeout` and `:open_timeout`. + - Change default HTTP Accept header to `*/*` + - Use a more descriptive User-Agent header by default + - Drop RC4-MD5 from default cipher list + - Only prepend http:// to URIs without a scheme + - Fix some support for using IPv6 addresses in URLs (still affected by Ruby + 2.0+ bug https://bugs.ruby-lang.org/issues/9129, with the fix expected to be + backported to 2.0 and 2.1) + - `Response` objects are now a subclass of `String` rather than a `String` that + mixes in the response functionality. Most of the methods remain unchanged, + but this makes it much easier to understand what is happening when you look + at a RestClient response object. There are a few additional changes: + - Response objects now implement `.inspect` to make this distinction clearer. + - `Response#to_i` will now behave like `String#to_i` instead of returning the + HTTP response code, which was very surprising behavior. + - `Response#body` and `#to_s` will now return a true `String` object rather + than self. Previously there was no easy way to get the true `String` + response instead of the Frankenstein response string object with + AbstractResponse mixed in. + - Response objects no longer accept an extra request args hash, but instead + access request args directly from the request object, which reduces + confusion and duplication. + - Handle multiple HTTP response headers with the same name (except for + Set-Cookie, which is special) by joining the values with a comma space, + compliant with RFC 7230 + - Rewrite cookie support to be much smarter and to use cookie jars consistently + for requests, responses, and redirection in order to resolve long-standing + complaints about the previously broken behavior: (#498) + - The `:cookies` option may now be a Hash of Strings, an Array of + HTTP::Cookie objects, or a full HTTP::CookieJar. + - Add `RestClient::Request#cookie_jar` and reimplement `Request#cookies` to + be a wrapper around the cookie jar. + - Still support passing the `:cookies` option in the headers hash, but now + raise ArgumentError if that option is also passed to `Request#initialize`. + - Warn if both `:cookies` and a `Cookie` header are supplied. + - Use the `Request#cookie_jar` as the basis for `Response#cookie_jar`, + creating a copy of the jar and adding any newly received cookies. + - When following redirection, also use this same strategy so that cookies + from the original request are carried through in a standards-compliant way + by the cookie jar. + - Don't set basic auth header if explicit `Authorization` header is specified + - Add `:proxy` option to requests, which can be used for thread-safe + per-request proxy configuration, overriding `RestClient.proxy` + - Allow overriding `ENV['http_proxy']` to disable proxies by setting + `RestClient.proxy` to a falsey value. Previously there was no way in Ruby 2.x + to turn off a proxy specified in the environment without changing `ENV`. + - Add actual support for streaming request payloads. Previously rest-client + would call `.to_s` even on RestClient::Payload::Streamed objects. Instead, + treat any object that responds to `.read` as a streaming payload and pass it + through to `.body_stream=` on the Net:HTTP object. This massively reduces the + memory required for large file uploads. + - Changes to redirection behavior: (#381, #484) + - Remove `RestClient::MaxRedirectsReached` in favor of the normal + `ExceptionWithResponse` subclasses. This makes the response accessible on + the exception object as `.response`, making it possible for callers to tell + what has actually happened when the redirect limit is reached. + - When following HTTP redirection, store a list of each previous response on + the response object as `.history`. This makes it possible to access the + original response headers and body before the redirection was followed. + - Follow redirection consistently, regardless of whether the HTTP method was + passed as a symbol or string. Under the hood rest-client now normalizes the + HTTP request method to a lowercase string. + - Add `:before_execution_proc` option to `RestClient::Request`. This makes it + possible to add procs like `RestClient.add_before_execution_proc` to a single + request without global state. + - Run tests on Travis's beta OS X support. + - Make `Request#transmit` a private method, along with a few others. + - Refactor URI parsing to happen earlier, in Request initialization. + - Improve consistency and functionality of complex URL parameter handling: + - When adding URL params, handle URLs that already contain params. + - Add new convention for handling URL params containing deeply nested arrays + and hashes, unify handling of null/empty values, and use the same code for + GET and POST params. (#437) + - Add the RestClient::ParamsArray class, a simple array-like container that + can be used to pass multiple keys with same name or keys where the ordering + is significant. + - Add a few more exception classes for obscure HTTP status codes. + - Multipart: use a much more robust multipart boundary with greater entropy. + - Make `RestClient::Payload::Base#inspect` stop pretending to be a String. + - Add `Request#redacted_uri` and `Request#redacted_url` to display the URI + with any password redacted. + + # 2.0.0.rc1 + + Changes in the release candidate that did not persist through the final 2.0.0 + release: + - RestClient::Exceptions::Timeout was originally going to be a direct subclass + of RestClient::Exception in the release candidate. This exception tree was + made a subclass of RestClient::RequestTimeout prior to the final release. + +------------------------------------------------------------------- +Tue Mar 24 05:30:07 UTC 2015 - coolo@suse.com + +- updated to version 1.8.0 + - Security: implement standards compliant cookie handling by adding a + dependency on http-cookie. This breaks compatibility, but was necessary to + address a session fixation / cookie disclosure vulnerability. + (#369 / CVE-2015-1820) + + Previously, any Set-Cookie headers found in an HTTP 30x response would be + sent to the redirection target, regardless of domain. Responses now expose a + cookie jar and respect standards compliant domain / path flags in Set-Cookie + headers. + +------------------------------------------------------------------- @@ -4,0 +154 @@ + Security: redact password in URI from logs (#349 / OSVDB-117461) Old: ---- rest-client-1.7.3.gem New: ---- rest-client-2.0.1.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-rest-client.spec ++++++ --- /var/tmp/diff_new_pack.LpZP3D/_old 2017-04-11 09:32:28.836575772 +0200 +++ /var/tmp/diff_new_pack.LpZP3D/_new 2017-04-11 09:32:28.836575772 +0200 @@ -1,7 +1,7 @@ # # spec file for package rubygem-rest-client # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -24,12 +24,12 @@ # Name: rubygem-rest-client -Version: 1.7.3 +Version: 2.0.1 Release: 0 %define mod_name rest-client %define mod_full_name %{mod_name}-%{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: %{ruby >= 1.9.2} +BuildRequires: %{ruby >= 2.0.0} BuildRequires: %{rubygem gem2rpm} BuildRequires: ruby-macros >= 5 BuildRequires: update-alternatives @@ -52,7 +52,7 @@ %install %gem_install \ --symlink-binaries \ - --doc-files="LICENSE README.rdoc history.md" \ + --doc-files="LICENSE README.md history.md" \ -f %gem_packages ++++++ rest-client-1.7.3.gem -> rest-client-2.0.1.gem ++++++ ++++ 7799 lines of diff (skipped)
participants (1)
-
root@hilbert.suse.de