---
- branch: MAIN
  date: Thu Sep 10 23:05:53 UTC 2015
  files:
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/security/liboauth/Makefile
    pathrev: pkgsrc/security/liboauth/Makefile@1.8
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/security/liboauth/distinfo
    pathrev: pkgsrc/security/liboauth/distinfo@1.3
    type: modified
  - new: '1.2'
    old: 1.1.1.1
    path: pkgsrc/security/liboauth/patches/patch-aa
    pathrev: pkgsrc/security/liboauth/patches/patch-aa@1.2
    type: modified
  id: 20150910T230553Z.0b56f16a8c97ca534051d4569915690a24ec6084
  log: |
    Update liboauth to 1.0.3

    version 1.0.3
      - clarify documentation of oauth_curl
      - fix possible memleak in oauth_curl (only relevant if an error occurs)
      - fix TOCTOU in oauth_curl_post_file: the file may change between stat() and fopen()

    version 1.0.2
      - fix typos in documentation
      - add xfree, xstrdup patch from Kedar Sovani
      - prepare repository migration to github
      - built-in sha1 support big&little endian
      - (no changes to the actual library API or ABI)

    version 1.0.1
      - do not url-escape RSA-key for signature

    version 1.0.0
      - fix body-hash example code
      - mark all oauth_http functions as deprecated
      - freeze interface definitions for good
      - enter maintenance/bug-fix only cycle

    version 0.9.7
      - fixed tiny memory leak when oauth_curl_get() fails
      - fixed double-encoding of plaintext signature

    version 0.9.6
      - fixed typo, do not print a separator before first parameter
            when serializing url for auth-header.

    version 0.9.5
      - added "built-in" hmac-sha1 hashing (no RSA).
      - added some CURL options available via enviroment variables
      - fixed issue with decoding already encoded characters
        in the base-URL (not parameters).
        reported by L. Alberto Gimenez
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/liboauth'
  unixtime: '1441926353'
  user: prlw1