Wed Oct 1 11:43:27 2014 UTC ()
Update to 0.7.0:

* Release 0.7.0 (23-Sep-2014)

** Security Fixes

The "flappserver" feature was found to have a vulnerability in the
service-lookup code which, when combined with an attacker who has the ability
to write files to a location where the flappserver process could read them,
would allow that attacker to obtain control of the flappserver process.

Users who run flappservers should upgrade to 0.7.0, where this was fixed as
part of #226.

Each flappserver runs from a "base directory", and uses multiple files within
the basedir to track the services that have been configured. The format of
these files has changed. The flappserver tool in 0.7.0 remains capable of
reading the old format (safely), but will upgrade the basedir to the new
format when you use "flappserver add" to add a new service. Brand new
servers, created with "flappserver create", will use the new format.

The flappserver tool in 0.6.5 (or earlier) cannot handle this new format, and
will believe that no services have been configured. Therefore downgrading to
an older version of Foolscap will require manual reconstruction of the
configured services.

** Major Changes

UnauthenticatedTub has been deprecated, and will be removed in the next
release (0.8.0). This seldom-used feature provides Foolscap's RPC semantics
without any of the security, and was included to enable the use of Foolscap
without depending upon the (challenging-to-install) PyOpenSSL library.
However, in practice, the lack of a solid dependency on PyOpenSSL has made
installation more difficult for applications that *do* want the security, and
UnauthenticatedTub is a footgun waiting to go off. Foolscap's code and
packaging will be simpler without it. (#67)

** Minor Changes

The "git-foolscap" tools, which make it possible to publish and clone Git
repositories over a Foolscap (flappserver) connection, have been moved from
their hiding place in doc/examples/ into their own project, hosted at
https://github.com/warner/git-foolscap . They will also be published on PyPI,
to enable "pip install git-foolscap".

The documentation was converted from Lore to ReStructuredText (.rst). Thanks
to Koblaid for the patient work. (#148)

The connection-hint parser in 0.7.0 has been changed to handle all TCP forms
of Twisted's "Client Endpoint Descriptor" syntax, including the short
"tcp:127.0.0.1:9999" variant. A future version should handle arbitrary
endpoint descriptors (including Tor and i2p, see #203), but this small step
should improve forward compatibility. (#216, #217)


(wiz)
diff -r1.11 -r1.12 pkgsrc/net/py-foolscap/Makefile
diff -r1.3 -r1.4 pkgsrc/net/py-foolscap/PLIST
diff -r1.5 -r1.6 pkgsrc/net/py-foolscap/distinfo
cvs diff -r1.11 -r1.12 pkgsrc/net/py-foolscap/Makefile (expand / switch to unified diff)

--- pkgsrc/net/py-foolscap/Makefile 2014/08/17 17:40:04 1.11
+++ pkgsrc/net/py-foolscap/Makefile 2014/10/01 11:43:27 1.12
@@ -1,37 +1,33 @@ @@ -1,37 +1,33 @@
1# $NetBSD: Makefile,v 1.11 2014/08/17 17:40:04 wiz Exp $ 1# $NetBSD: Makefile,v 1.12 2014/10/01 11:43:27 wiz Exp $
2 2
3DISTNAME= foolscap-0.6.5 3DISTNAME= foolscap-0.7.0
4PKGNAME= ${PYPKGPREFIX}-${DISTNAME:S/.tar//} 4PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
5CATEGORIES= net python 5CATEGORIES= net python
6MASTER_SITES= http://pypi.python.org/packages/source/f/foolscap/ 6MASTER_SITES= http://pypi.python.org/packages/source/f/foolscap/
7 7
8MAINTAINER= kamel.derouiche@gmail.com 8MAINTAINER= kamel.derouiche@gmail.com
9#MAINTAINER+= gdt@NetBSD.org 9#MAINTAINER+= gdt@NetBSD.org
10HOMEPAGE= http://foolscap.lothar.com/trac 10HOMEPAGE= http://foolscap.lothar.com/trac
11COMMENT= Foolscap contains an RPC protocol for Twisted 11COMMENT= Foolscap contains an RPC protocol for Twisted
12LICENSE= mit 12LICENSE= mit
13 13
14DEPENDS+= ${PYPKGPREFIX}-ZopeInterface>=3.6.1:../../devel/py-ZopeInterface 14DEPENDS+= ${PYPKGPREFIX}-ZopeInterface>=3.6.1:../../devel/py-ZopeInterface
15DEPENDS+= ${PYPKGPREFIX}-twisted-[0-9]*:../../net/py-twisted 15DEPENDS+= ${PYPKGPREFIX}-twisted-[0-9]*:../../net/py-twisted
16DEPENDS+= ${PYPKGPREFIX}-OpenSSL>=0.6:../../security/py-OpenSSL 16DEPENDS+= ${PYPKGPREFIX}-OpenSSL>=0.6:../../security/py-OpenSSL
17 17
18PYTHON_VERSIONS_INCOMPATIBLE= 33 34 # py-twisted 18PYTHON_VERSIONS_INCOMPATIBLE= 33 34 # py-twisted
19 19
20TEST_TARGET= test 20TEST_TARGET= test
21 21
22USE_LANGUAGES= # none 22USE_LANGUAGES= # none
23 23
24INSTALLATION_DIRS+= share/doc/py-foolscap 24INSTALLATION_DIRS+= share/doc/py-foolscap
25 25
26post-install: 26post-install:
27 ${INSTALL_DATA} ${WRKSRC}/doc/*.txt \ 27 ${INSTALL_DATA} ${WRKSRC}/doc/*.txt \
28 ${DESTDIR}${PREFIX}/share/doc/py-foolscap 28 ${DESTDIR}${PREFIX}/share/doc/py-foolscap
29 ${INSTALL_DATA} ${WRKSRC}/doc/*.xhtml \ 29 ${INSTALL_DATA} ${WRKSRC}/doc/*.rst \
30 ${DESTDIR}${PREFIX}/share/doc/py-foolscap 
31 ${INSTALL_DATA} ${WRKSRC}/doc/*.css \ 
32 ${DESTDIR}${PREFIX}/share/doc/py-foolscap 
33 ${INSTALL_DATA} ${WRKSRC}/doc/*.tpl \ 
34 ${DESTDIR}${PREFIX}/share/doc/py-foolscap 30 ${DESTDIR}${PREFIX}/share/doc/py-foolscap
35 31
36.include "../../lang/python/egg.mk" 32.include "../../lang/python/egg.mk"
37.include "../../mk/bsd.pkg.mk" 33.include "../../mk/bsd.pkg.mk"
cvs diff -r1.3 -r1.4 pkgsrc/net/py-foolscap/PLIST (expand / switch to unified diff)

--- pkgsrc/net/py-foolscap/PLIST 2012/05/25 11:22:58 1.3
+++ pkgsrc/net/py-foolscap/PLIST 2014/10/01 11:43:27 1.4
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1@comment $NetBSD: PLIST,v 1.3 2012/05/25 11:22:58 gdt Exp $ 1@comment $NetBSD: PLIST,v 1.4 2014/10/01 11:43:27 wiz Exp $
2bin/flappclient 2bin/flappclient
3bin/flappserver 3bin/flappserver
4bin/flogtool 4bin/flogtool
5${PYSITELIB}/${EGG_INFODIR}/PKG-INFO 5${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
6${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt 6${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
7${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt 7${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
8${PYSITELIB}/${EGG_INFODIR}/requires.txt 8${PYSITELIB}/${EGG_INFODIR}/requires.txt
9${PYSITELIB}/${EGG_INFODIR}/top_level.txt 9${PYSITELIB}/${EGG_INFODIR}/top_level.txt
10${PYSITELIB}/foolscap/__init__.py 10${PYSITELIB}/foolscap/__init__.py
11${PYSITELIB}/foolscap/__init__.pyc 11${PYSITELIB}/foolscap/__init__.pyc
12${PYSITELIB}/foolscap/__init__.pyo 12${PYSITELIB}/foolscap/__init__.pyo
13${PYSITELIB}/foolscap/_version.py 13${PYSITELIB}/foolscap/_version.py
14${PYSITELIB}/foolscap/_version.pyc 14${PYSITELIB}/foolscap/_version.pyc
@@ -258,26 +258,23 @@ ${PYSITELIB}/foolscap/test/test_tub.pyc @@ -258,26 +258,23 @@ ${PYSITELIB}/foolscap/test/test_tub.pyc
258${PYSITELIB}/foolscap/test/test_tub.pyo 258${PYSITELIB}/foolscap/test/test_tub.pyo
259${PYSITELIB}/foolscap/test/test_util.py 259${PYSITELIB}/foolscap/test/test_util.py
260${PYSITELIB}/foolscap/test/test_util.pyc 260${PYSITELIB}/foolscap/test/test_util.pyc
261${PYSITELIB}/foolscap/test/test_util.pyo 261${PYSITELIB}/foolscap/test/test_util.pyo
262${PYSITELIB}/foolscap/tokens.py 262${PYSITELIB}/foolscap/tokens.py
263${PYSITELIB}/foolscap/tokens.pyc 263${PYSITELIB}/foolscap/tokens.pyc
264${PYSITELIB}/foolscap/tokens.pyo 264${PYSITELIB}/foolscap/tokens.pyo
265${PYSITELIB}/foolscap/util.py 265${PYSITELIB}/foolscap/util.py
266${PYSITELIB}/foolscap/util.pyc 266${PYSITELIB}/foolscap/util.pyc
267${PYSITELIB}/foolscap/util.pyo 267${PYSITELIB}/foolscap/util.pyo
268${PYSITELIB}/foolscap/vocab.py 268${PYSITELIB}/foolscap/vocab.py
269${PYSITELIB}/foolscap/vocab.pyc 269${PYSITELIB}/foolscap/vocab.pyc
270${PYSITELIB}/foolscap/vocab.pyo 270${PYSITELIB}/foolscap/vocab.pyo
271share/doc/py-foolscap/copyable.xhtml 271share/doc/py-foolscap/copyable.rst
272share/doc/py-foolscap/failures.xhtml 272share/doc/py-foolscap/failures.rst
273share/doc/py-foolscap/flappserver.xhtml 273share/doc/py-foolscap/flappserver.rst
274share/doc/py-foolscap/jobs.txt 274share/doc/py-foolscap/jobs.txt
275share/doc/py-foolscap/logging.xhtml 275share/doc/py-foolscap/logging.rst
276share/doc/py-foolscap/schema.xhtml 276share/doc/py-foolscap/schema.rst
277share/doc/py-foolscap/serializing.xhtml 277share/doc/py-foolscap/serializing.rst
278share/doc/py-foolscap/stylesheet-unprocessed.css 
279share/doc/py-foolscap/stylesheet.css 
280share/doc/py-foolscap/template.tpl 
281share/doc/py-foolscap/todo.txt 278share/doc/py-foolscap/todo.txt
282share/doc/py-foolscap/use-cases.txt 279share/doc/py-foolscap/use-cases.txt
283share/doc/py-foolscap/using-foolscap.xhtml 280share/doc/py-foolscap/using-foolscap.rst
cvs diff -r1.5 -r1.6 pkgsrc/net/py-foolscap/distinfo (expand / switch to unified diff)

--- pkgsrc/net/py-foolscap/distinfo 2014/08/17 17:40:04 1.5
+++ pkgsrc/net/py-foolscap/distinfo 2014/10/01 11:43:27 1.6
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
1$NetBSD: distinfo,v 1.5 2014/08/17 17:40:04 wiz Exp $ 1$NetBSD: distinfo,v 1.6 2014/10/01 11:43:27 wiz Exp $
2 2
3SHA1 (foolscap-0.6.5.tar.gz) = 5b95b8e97ec1dd54fcfa7daa749b60eb16c1359e 3SHA1 (foolscap-0.7.0.tar.gz) = 1571fc044e3b7f215880a122f657f33f38845164
4RMD160 (foolscap-0.6.5.tar.gz) = df514f312146aca450f8b092b51b9ab2a5c61687 4RMD160 (foolscap-0.7.0.tar.gz) = 0988ce6fb622385738536af44d048b8795a3a274
5Size (foolscap-0.6.5.tar.gz) = 481184 bytes 5Size (foolscap-0.7.0.tar.gz) = 478999 bytes