---
- branch: MAIN
  date: Sun Apr 23 17:45:42 UTC 2023
  files:
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/security/dehydrated/Makefile
    pathrev: pkgsrc/security/dehydrated/Makefile@1.5
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/security/dehydrated/distinfo
    pathrev: pkgsrc/security/dehydrated/distinfo@1.5
    type: modified
  - new: '1.3'
    old: '1.2'
    path: pkgsrc/security/dehydrated/PLIST
    pathrev: pkgsrc/security/dehydrated/PLIST@1.3
    type: modified
  id: 20230423T174542Z.010f99bfeedf02cdd8540dfb4c4a49845bb4e4d2
  log: |
    Update dehydrated to version 0.7.1.

    Pkgsrc changes :
     * Project has a new home : updated distfile URL and homepage ;
     * Updated PLIST following the removal of a file ;
     * Updated checksums.

    Upstream changes :
     * version 0.7.0 :
       - Support for external account bindings
       - Special support for ZeroSSL
       - Support presets for some CAs instead of requiring URLs
       - Allow requesting preferred chain (--preferred-chain)
       - Added method to show CAs current terms of service (--display-terms)
       - Allow setting path to domains.txt using cli arguments (--domains-txt)
       - Added new cli command --cleanupdelete which deletes old files instead of
         archiving them
       - No more silent failures on broken hook-scripts
       - Better error-handling with KEEP_GOING enabled
       - Check actual order status instead of assuming it's valid
       - Don't include keyAuthorization in challenge validation (RFC compliance)
       - Using EC secp384r1 as default certificate type
       - Use JSON.sh to parse JSON
       - Use account URL instead of account ID (RFC compliance)
       - Dehydrated now has a new home: https://github.com/dehydrated-io/dehydrated
       - Added OCSP_FETCH and OCSP_DAYS to per-certificate configurable options
       - Cleanup now also removes dangling symlinks

     * version 0.7.1 :
       - --force no longer forces domain name revalidation by default, a new
         argument --force-validation has been added for that
       - Added support for EC secp521r1 algorithm (works with e.g. zerossl)
       - EC PARAMETERS are no longer written to privkey.pem (didn't seem necessary
         and was causing issues with various software)
       - Requests resulting in badNonce errors are now automatically retried (fixes
         operation with LE staging servers)
       - Deprecated egrep usage has been removed
       - Implemented EC for account keys
       - Domain list now also read from domains.txt.d subdirectory (behaviour might
         change, see docs)
       - Implemented RFC 8738 (validating/signing certificates for IP addresses
         instead of domain names) support (this will not work with most
         public CAs, if any!)
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/security/dehydrated'
  unixtime: '1682271942'
  user: nils