setting system's PATH variable for pkgsrc #304

tlcarpenter · 2015-11-16T20:56:41Z

Is there an Apple and/or pkgsrc preferred method of setting a system-wide PATH variable appropriate for pkgsrc binary packages? There are suggestions to use OS X's "path_helper" mechanism (which XQuartz uses), edit /etc/paths, and probably others. Another approach I've seen mentioned is to have individual users modify their .profile or .bash_profile. I'd like to include the pkgsrc bootstrap package, along with a few applications installed from binary packages, in an image file I'd deploy to multiple machines, but I want (well, I think I want) to define the system PATH variable to eliminate the need for users to do such things as edit their .profile/.bash_profile. I suppose one could also go the route of creating/modifying .profile or .bash_profile in "/System/Library/User Template/English.lproj"...I just want to do things the "Apple way" to minimize the chances of future Apple updates breaking things for installed pkgsrc binary packages. Your thoughts?

jperkin · 2015-11-16T22:11:13Z

It looks like /etc/paths.d is the sensible path forward. I've always added to my own .profile so wasn't aware of this previously, but it looks like a nice solution. I'll add something to the docs along the lines of:

printf "/opt/pkg/sbin\n/opt/pkg/bin\n" >/etc/paths.d/10-pkgsrc

and may even include that file as part of the bootstrap tarball so that it's done automatically, unless there are any particular reasons not to. Input welcome here.

JohnDDuncanIII · 2015-11-16T22:17:41Z

I think that is a sane solution. Our friends over at the saveosx project (whose bootstrap I have been using recently) have been doing it for awhile now.

tlcarpenter · 2015-11-16T22:34:08Z

...guess the Apple tech I was chatting with may have given me an answer about the significance of path_helper filenames with numeric prefixes after all

http://www.softec.lu/site/DevelopersCorner/MasteringThePathHelper

"But, how does it construct these paths ?
...Moreover, it should have been specified that it reads these file in alphabetical order, so you may use filenames to decide what should comes first in your path, since path order is significant..."

jperkin · 2015-11-26T16:52:54Z

I've enabled this in the trunk tarball (https://pkgsrc.joyent.com/packages/Darwin/bootstrap/bootstrap-trunk-x86_64.tar.gz) as /etc/paths.d/10-pkgsrc. Thanks for the suggestion!

@pboling

## 3.4.3 (10/25/2015) * [#314](hashie/hashie#314): Added a `StrictKeyAccess` extension that will raise an error whenever a key is accessed that does not exist in the hash - [@pboling](https://github.com/pboling). * [#304](hashie/hashie#304): Ensured compatibility of `Hash` extensions with singleton objects - [@regexident](https://github.com/regexident). * [#306](hashie/hashie#306): Added `Hashie::Extensions::Dash::Coercion` - [@marshall-lee](https://github.com/marshall-lee). * [#310](hashie/hashie#310): Fixed `Hashie::Extensions::SafeAssignment` bug with private methods - [@marshall-lee](https://github.com/marshall-lee). * [#313](hashie/hashie#313): Restrict pending spec to only Ruby versions 2.2.0-2.2.2 - [@pboling](https://github.com/pboling). * [#315](hashie/hashie#315): Default `bin/` scripts: `console` and `setup` - [@pboling](https://github.com/pboling).

Changes: 16.0.0 (2016-03-19) ------------------- This is the first release under full stewardship of PyCA. We have made *many* changes to make local development more pleasing. The test suite now passes both on Linux and OS X with OpenSSL 0.9.8, 1.0.1, and 1.0.2. It has been moved to `py.test <https://pytest.org/>`_, all CI test runs are part of `tox <https://testrun.org/tox/>`_ and the source code has been made fully `flake8 <https://flake8.readthedocs.org/>`_ compliant. We hope to have lowered the barrier for contributions significantly but are open to hear about any remaining frustrations. Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Python 3.2 support has been dropped. It never had significant real world usage and has been dropped by our main dependency ``cryptography``. Affected users should upgrade to Python 3.3 or later. Deprecations: ^^^^^^^^^^^^^ - The support for EGD has been removed. The only affected function ``OpenSSL.rand.egd()`` now uses ``os.urandom()`` to seed the internal PRNG instead. Please see `pyca/cryptography#1636 <https://github.com/pyca/cryptography/pull/1636>`_ for more background information on this decision. In accordance with our backward compatibility policy ``OpenSSL.rand.egd()`` will be *removed* no sooner than a year from the release of 16.0.0. Please note that you should `use urandom <http://sockpuppet.org/blog/2014/02/25/safely-generate-random-numbers/>`_ for all your secure random number needs. - Python 2.6 support has been deprecated. Our main dependency ``cryptography`` deprecated 2.6 in version 0.9 (2015-05-14) with no time table for actually dropping it. pyOpenSSL will drop Python 2.6 support once ``cryptography`` does. Changes: ^^^^^^^^ - Fixed ``OpenSSL.SSL.Context.set_session_id``, ``OpenSSL.SSL.Connection.renegotiate``, ``OpenSSL.SSL.Connection.renegotiate_pending``, and ``OpenSSL.SSL.Context.load_client_ca``. They were lacking an implementation since 0.14. `#422 <https://github.com/pyca/pyopenssl/pull/422>`_ - Fixed segmentation fault when using keys larger than 4096-bit to sign data. `#428 <https://github.com/pyca/pyopenssl/pull/428>`_ - Fixed ``AttributeError`` when ``OpenSSL.SSL.Connection.get_app_data()`` was called before setting any app data. `#304 <https://github.com/pyca/pyopenssl/pull/304>`_ - Added ``OpenSSL.crypto.dump_publickey()`` to dump ``OpenSSL.crypto.PKey`` objects that represent public keys, and ``OpenSSL.crypto.load_publickey()`` to load such objects from serialized representations. `#382 <https://github.com/pyca/pyopenssl/pull/382>`_ - Added ``OpenSSL.crypto.dump_crl()`` to dump a certificate revocation list out to a string buffer. `#368 <https://github.com/pyca/pyopenssl/pull/368>`_ - Added ``OpenSSL.SSL.Connection.get_state_string()`` using the OpenSSL binding ``state_string_long``. `#358 <https://github.com/pyca/pyopenssl/pull/358>`_ - Added support for the ``socket.MSG_PEEK`` flag to ``OpenSSL.SSL.Connection.recv()`` and ``OpenSSL.SSL.Connection.recv_into()``. `#294 <https://github.com/pyca/pyopenssl/pull/294>`_ - Added ``OpenSSL.SSL.Connection.get_protocol_version()`` and ``OpenSSL.SSL.Connection.get_protocol_version_name()``. `#244 <https://github.com/pyca/pyopenssl/pull/244>`_ - Switched to ``utf8string`` mask by default. OpenSSL formerly defaulted to a ``T61String`` if there were UTF-8 characters present. This was changed to default to ``UTF8String`` in the config around 2005, but the actual code didn't change it until late last year. This will default us to the setting that actually works. To revert this you can call ``OpenSSL.crypto._lib.ASN1_STRING_set_default_mask_asc(b"default")``. `#234 <https://github.com/pyca/pyopenssl/pull/234>`_

- Fix incorrectly reporting files containing disabled formatting as being formatted. - Fix incorrect handling of quoted arguments in the options file (#321). - Fix error in identifying an enum return type as an enumeration (#322, 323). - Fix error in identifying an enum argument as an enumeration (#327). - Fix recognition of Qt keywords when used as variables in C++ (#329). - Fix recognition of a pointer in a C++ cast (#316). - Fix removing trailing whitespace after a changed pointer or reference cast. - Add new bracket style option "style=vtk" (#155). - Add new option "indent-preproc-block" to indent blocks of preprocessor directives (#21, #114, #229, #242, #294). - Add new option, "dry-run", to run AStyle without updating the files (#184, #285). - Add new options, "html" (-!") and "html=###", to display the HTML help documentation in the default browser. - Add tags "*INDENT-OFF*" and "*INDENT_ON*" to disable formatting of source code blocks (#2, #47, #55, #78, #110, #176). - Add tag *NOPAD* to disable selected formatting on a single line. - Add '__attribute__ ((visibility ("default")))' to Linux exported functions. - Remove option "style=ansi" and make it depreciated (#146). - Remove fix for broken 'case' statements from release 2.02.1, Nov 21, 2011. - Improve Korean translation (#256). - Change shared libraries to include the version number as part of the file name (#264) - Change "help" display to stdout to allow piping and redirection (#63). - Change "version" display to stdout. - Change headers to include foreach, forever, Q_FOREACH, and Q_FOREVER (#98, #154). - Change compiler definition ASTYLE_NO_VCX (no Visual Studio exports) to ASTYLE_NO_EXPORTS. - Change shared library error handler argument from "char*" to "const char*". - Fix not recognizing noexcept, interrupt, and autoreleasepool as pre-command headers (#225, #259). - Fix formatting of C++11 uniform initializer brackets (#253, #257, #260, #284). - Fix to not automatically space pad C++11 uniform initializer brackets (#275). - Fix formatting of enums with leading commas (#159, #179, #270). - Fix formatting of logical && operator in class initializers (#290). - Fix flagging a 'const' variable as a 'const' method (#275). - Fix piping and redirection adding an extra character to the output (#245, #252, #305). - Fix "indent-modifiers" to attach class access modifiers to Horstmann style brackets. - Fix ASFormatter to correctly recognize the end of a C++ raw string literal (#261). - Fix to recognize C++11 "enum class" as an enum (#303). - Fix indent of C++11 "noexecpt" statements within a class (#260, #304). - Fix not resetting templateDepth when a template was not found (#295). - Fix formatting of multiplication in a block paren (#144). - Fix whitespace padding when formatting an rvalue references (#297). - Fix to recognize an rvalue reference without a name (#265). - Fix to not identify an operator overload method as a calculation (#296). - Fix concatenating multiplication with a pointer dereference (#291). - Fix recognition of a pointer dereference following a question mark (#213). - Fix extra space after a trailing reference type (#300). - Fix _asm blocks not being identified as a block opener and the variable not cleared on exit (#163). - Fix indentation of line comments before a "class" opening bracket. - Fix indentation of line comments before a "namespace" opening bracket. - Fix isBracketType() method to correctly process a NULL_TYPE. - Fix unpad-paren to recognize additional variables (#43, #132, #143). - Fix indentation of C# "let" statements. - Fix a few omissions with "fill-empty-lines". - Fix file read to read 64K blocks of data. - Refactor to un-obfuscate (clarify) the code, and improve design and decomposition:: - Extract class Utf8_16 from ASConsole. - Replace Linux dependency on iconv with a Utf8_16 class for ASLibrary. - Move global "using" statements to the astyle namespace in astyle.h and ASLocalizer.h. - Move shared library declarations from astyle.h to astyle_main.h. - Move indentable macros from ASEnhancer to ASResource and create static pairs. - Simplify ASBeautifier procedure to identify the colon (:) type. - Major refactoring in ASBeautifier to create separate variables for an enum, a class statement and a class initializer. - This was needed to fix the processing of C++11 uniform initializers in a class initializer. - Minor changes to ASFormatter and ASBeautifier based on results of the Clang analyzer. - Change several methods in astyle_main to "const".

@carragom

Upstream changes: 0.9995 2016-07-27T09:23:55Z - Taught the `add` command not to ignore the `--change` option. - The `add` command now emits a usage statement when no change name is passed to it. - The `add` command now helpfully suggests using the --change option when attempting to add a change with the same name as a target. Thanks to Ivan Nunes for the report! - The `tag` command now helpfully suggests using the --tag option when attempting to add a tag with the same name as a target. - Added `--global` as an alias for `--user` to the `config` command. This alias benefits the muscle memory of Git users. - Added a note for Git users to the `sqitch-revert` documentation, to head off potential confusion with `git revert`. Thanks to Eric Br矇chemier for the "time travel" analogy and wording. - Fixed an "uninitialized value" error when creating a registry database on Windows. Thanks to Steven C. Buttgereit for the report (Issue #289). - Fixed editor selection to prioritize the `core.editor` configuration variable over the `$EDITOR` environment variable. The `$SQITCH_EDITOR` environment variable still trumps all. Thanks to Jim Nasby for the pull request (#296). - Added detection of the `$VISUAL` environment variable to Editor selection, prioritzed after the `core.editor` configuration variable and before the `$EDITOR` environment variable. Thanks to Jim Nasby for the pull request (#296). - Updated the DateTime code to set the locale via `set_locale()` instead of `set()`, as the latter may actually change the local time unintentionally, and has been deprecated since DateTime v1.04. Thanks to Dave Rolsky for the pull request (#304). 0.9994 2016-01-08T19:46:43Z - Reduced minimum required MySQL engine from 5.1.0 to 5.0.0. Thanks to @dgc-wh for testing it (Issue #251). - Fixed floating-point rounding issue with SQLite registry versions on Perls with 16-byte doubles. Thanks to H. Merijn Brand for the report and testing. - Fixed an error when adding an engine with the `engine` command. Thanks to Victor Mours for the report and fix! - Updated the Oracle engine to support Oracle Wallet connection strings, where no username or host is in the connection URI. Thanks to Timothy Procter for the patch! - Improved the installer's selection of the prefix in which to install `etc` files to better match the `--installdirs` option, which defaults to the "site" directories. Thanks to @carragom for the pull request (#265). - Added missing dash to `-engine` in sample calls to `sqitch init` in the tutorials. Thanks to Andrew Dunstan for the spot (Issue #268). - Fixed broken Vertica documentation links. - Attempting to revert a database with no associated registry no longer reports the registry as version 0, but correctly reports that no registry can be found. Thanks to Arnaldo Piccinelli for the spot (Issue #271). - Fixed the search for change IDs in engines to match the search for changes. Specifically, change ID seaerch now properly handles the offset characters `~` and `^`. This bug mainly affected the `verify` command, but it's good to address the inconsistency, done mainly by adding the `find_change_id` and `change_id_offset_from_id` methods to complement the `find_change` and `change_offset_from_id` methods. Thanks to Andrew Dunstan for the spot (Issue #272). - Fixed the `flips` table example in the MySQL tutorial. It was inappropriately copied from the PostgreSQL tutorial at some point. Thanks to Jeff Carpenter for the spot (Issue #254)! 0.9993 2015-08-17T17:55:26Z [Bug Fixes] - Eliminated test failures due to warnings from DateTime::Locale when `LC_TIME` is set to C.UTF-8. Thanks to Shantanu Bhadoria for the report and Dave Rolsky for the workaround. - Fixed an error checking the registry version when the local uses a comma for decimal values. Thanks to Steffen M羹ller for the report (Issue #234). - Worked around an error setting the MySQL storage engine using versions of DBI prior to 1.631. Thanks to melon-babak for the report! - Fixed an error from the Oracle engine when deploying more than 1000 changes. Thanks to Timothy Procter and Minh Hoang for the report and testing the fix. - Fixed a bunch of typos in error messages, comments, and documentation. Thanks to Dmitriy for the pull request! - Fixed test failures due to new warnings from File::Path on Perl 5.23.1. - On Firebird, Looking up a change and tag in the database (via the `--onto` option to `rebase` or the `--to` option to `revert`, among others) would sometimes return the incorrect change if the change has been reworked two or more times. Was fixed for the other engines in v0.9991. - Fixed the `--all` option used to apply a command to all known targets so that it loads only targets specified by the local configuration. Otherwise, user and system configuration can get in the way when they specify engines and targets not used by the current project. [Improvements] - Added support for the `--set` option when deploying to MySQL. Thanks to Chris Bandy for figuring out how to do it! - Added support for a "reworked directory". By default, reworked change scripts live in the deploy, revert, and verify directories along with all the other change scripts. But if that starts to get too messy, or you simply don't want to see them, add a `reworked_dir` setting to the core, engine, or target config and reworked scripts will be stored there, instead. Also supported are `reworked_deploy_dir`, `reworked_revert_dir`, and `reworked_verify_dir`. - Added the `--dir` option to the `init`, `engine`, and `target` commands. - Copied the core configuration options (`--engine`, `--target`, `--plan-file`, `--registry`, etc.) to the `init`, `engine`, and `target` commands. This means that they can be specified after the command, which is a bit more natural. It also means that the `--registry` and `--client` options of the `target` are no longer deprecated. - The `init` command on longer writes out commented values for the `deploy_dir`, `revert_dir`, or `verify_dir` settings. I think these settings are not commonly used, and it would start to get crowded if we also added their "reworked" variants, which will be used still less. - Added the `alter` action to the `engine` and `target` commands to set engine and target properties. - Added support for setting reworked directories to the `engine` and `target` commands. - Reformatted the output of the `engine` and `target` command `show` actions to include reworked directories, and to bit a bit less flat. - Attempting to add or alter an engine with a target URI that connects to a different engine now triggers an error. For example, you can't set the target for engine `pg` to `db:sqlite:`. - The `add` and `alter` actions of the `engine` and `target` commands now create script directories if they don't already exist. - The `add` action of the `engine` and `target` commands now creates a plan file if one does not exist in the specified location for the engine or target. - Added the `deploy_dir`, `revert_dir`, and `verify_dir` methods to App::Sqitch::Plan::Change. Each points to the proper directory for the target depending on whether or not the change has been reworked. - In the MySQL engine, the following URI query params will be converted to options passed to the command-line client, if they're present: * mysql_compression=1 => --compress * mysql_ssl=1 => --ssl * mysql_connect_timeout => --connect_timeout * mysql_init_command => --init-command * mysql_socket => --socket * mysql_ssl_client_key => --ssl-key * mysql_ssl_client_cert => --ssl-cert * mysql_ssl_ca_file => --ssl-ca * mysql_ssl_ca_path => --ssl-capath * mysql_ssl_cipher => --ssl-cipher [Documentation] - Added the "Overworked" section to sqitch-configuration guide with an example of how to move reworked change scripts into a `reworked_dir`. [Deprecations] - Deprecated the `set-*` actions in the `engine` and `target` commands in favor of the new `alter` action. - The core `--deployed-dir`, `--revert-dir`, and `--verify-dir` options are deprecated in favor of the `--dir` option on the `init`, `engine`, and `target` command. 0.9992 2015-05-20T23:51:41Z - On PostgreSQL, Sqitch now sets the `client_encoding` parameter to `UTF8` for its own connection to the database. This ensures that data sent to and from the databse should always be properly encoded and decoded. Users should still set the proper encodings for change scripts as appropriate. - Fixed test failures due to path differences on Windows. - DateTime::TimeZone is now explicitly required in an attempt to head off "Cannot determine local time zone" errors. - Corrected some typos and thinkos in `sqitchtutorial-oracle`, thanks to George Hartzell. - Improved the script to upgrade an Oracle registry to v1.0 to support versions prior to Oracle 12, thanks to Timothy Procter. - Added missing closing parenthesis to the "Nothing to deploy" message. Thanks to George Hartzell for the pull request (Issue #226). - Replaced the unique constraint on the `script_hash` column in the `changes` registry table with a unique constraint on `project` and `script_hash`. This is to allow a deploy script to be used in more than one project in a single database. This change increments the registry version to v1.1. Thanks to Timothy Procter for the report. - Updated the registry check constraints to have consistent names on the engines that support them. This will make it easier to modify the constraints in the future. - Fixed precision issues with the registry version on MySQL and Firebird. - Added comment to sqitch-passwords guide that MySQL::Config is required to read passwords from the MySQL configuration files. Thanks to Sterling Hanenkamp for the patch! 0.9991 2015-04-03T23:14:39Z [Improvements] - Reduced minimum required MySQL engine from 5.6.4 to 5.1.0. Versions prior to 5.6.4 lose the following features: * Versions earlier than 5.6.4 is fractional second precision on registry `DATETIME` columns. Since the ordering of those timestamps is so important to the functioning of Sqitch, it will sleep in 100 ms increments between logging changes to the registry until the time has ticked over to the next second. Naturally, reverts and deploys will be a little slower on versions of MySQL before 5.6.4, but accurate. * Versions earlier than 5.5.0 lose the `checkit()` functions, which would otherwise be used to emulate CHECK constraints in the registry, as well as in user-created verify scripts, as recommended in the MySQL tutorial, `sqitchtutorial-mysql`. - Added a script to update the `DATETIME` columns in a MySQL Sqitch registry that was upgraded to MySQL 5.6.4 or higher. It will be installed as `tools/upgrade-registry-to-mysql-5.6.4.sql` in the directory returned by `sqitch --etc`. - Added a script to add the `checkit()` function and registry triggers to emulate CHECK constraints to a MySQL Sqitch registry that was upgraded to MySQL 5.5.0 or higher. It will be installed as `tools/upgrade-registry-to-mysql-5.5.0.sql` in the directory returned by `sqitch --etc`. - The `init` command now throws an error when the plan file already exists and is invalid or defined for a different project. Thanks to Gabriel Potk獺ny for the suggestion (Issue #214). - All commands that take target arguments can now specify them as engine names or plan file paths as well as target names and URIs. - Added the `--all` option and the `$command.all` configuration variable to the `add`, `rework`, `tag`, and `bundle` commands. This option tells the commands to do their thing for all plans known from the configuration, not just the default plan. - Pass engine, target, or plan file names to the `add`, `rework`, `tag`, and `bundle` commands` commands to specify specify one or more targets, engines, and plans to act on. - Added the `--change` option to the `add`, `rework`, and `tag` commands to distinguish the change to be added, reworked, or tagged from plan-specifying arguments, if necessary. - Added the `--tag` option to the `tag` command to distinguish the tag to be added from plan-specifying arguments, if necessary. - Changed the short variant of the `--conflicts` option to the `add` and `rework` commands from `-c` to `-x`. The `-c` option is now used as the short variant for `--change` (and `--conflicts` has almost certainly never been used, anyway). - Added the `engine` and `project` variables to the execution of script templates by the `add` command. The default templates now use it to make their first lines one of: * -- Deploy [% project %]:[% change %] to [% engine] * -- Revert [% project %]:[% change %] from [% engine] * -- Verify [% project %]:[% change %] on [% engine] [Bug Fixes] - DateTime::TimeZone::Local::Win32 is now required on Windows. - The MySQL engine no longer passes `--skip-pager` on Windows, since it is not supported there. Thanks to Gabriel Potk獺ny for the report (Issue #213). - Fixed "no such table: changes" error when upgrading the SQLite registry. - Fixed upgrade failure on PostgreSQL 8.4. Thanks to Phillip Smith for the report! - Fixed an error when the `status` command `show_changes` and `show_tags` configuration variables were set. Thanks to Adrian Klaver for the report (Issue #219). - Fixed `log` and `plan` usage statements to properly spell `--abbrev`. Thanks to Adrian Klaver for the report (Issue #220). - Fixed the formatting of change notes so that a space precedes the `#` character whether the note was added by the `--note` option or via an editor. - Fixed a bug when parsing plan files with DOS/Windows line endings. Thanks to Timothy Procter for the report (Issue #212). - Looking up a change and tag in the database (via the `--onto` option to `rebase` or the `--to` option to `revert`, among others) would sometimes return the incorrect change if the change has been reworked two or more times. Thanks to BryLo for the report! [Documentation] - Updated docs to be consistent in referring to the location of the system configuration and template location as `$(prefix)/etc/sqitch`. Also added notes pointing to the `--etc-dir` to find out exactly what that resolves to. Suggested by Joseph Anthony Pasquale Holsten (Issue #167). [Deprecations] - Reverted deprecation of the database connection options. Target URIs are still generally preferred, but sometimes you want to use a target but just change the user name or database name. Retaining the options is the easiest way to do this. Plus, a fair number of people have scripts that use these options, and it seems petty to break them. Sorry for the double-take here! The list of un-deprecated options is: * `--db-client` * `--db-host` * `--db-port` * `--db-username` * `--db-password` * `--db-name` 0.999 2015-02-12T19:43:45Z - Improved MySQL missing table error detection by relying on error codes instead of matching a (possibly localized) error string. - Made the registry upgrade more transparent when deploying. Sqitch is now is a little more vigilent in checking for things being out-of-date and updating them. - Fixed an issue where the `status` command would return an error when run against a an older version of the registry. - Fixed a Postgres test failure when DBD::Pg is installed but psql is not in the path. - Now require Config::GitLike 1.15 to build on Windows in order to avoid test failures when Cwd::abs_path dies on non-existant paths. - Clarified the behavior of each `deploy` reversion mode with regard to deploy script vs. verify script failures, and with the expectation that deploy scripts are atomic. - Target passwords can now be set via a single environment variable, `$SQITCH_PASSWORD`. Its value will override URI-specified password. - Added the sqitch-passwords and sqitch-environment guides. 0.998 2015-01-15T22:17:44Z - Fixed a bug in `sqitch engine update-config` where it would add data to config files that did not previously have them, or report that data was present in nonexistent config files. - Added the `releases` table to the databases. This table will keep track of releases of the Sqitch registry schema. - The Oracle `registry` variable is now always `DEFINE`d when Oracle scripts run. - Added the `upgrade` command, which upgrades the schema for the Sqitch registry for a target database. - Added the `script_hash` column to the `changes` registry table. This column contains a SHA-1 hash of the deploy script for the change at the time it was deployed. For existing registries, the upgrade script sets its value to be the same as the change ID. This value is update the next time a project is deployed to the database. - The error message when `deploy` cannot find the currently-deployed change ID in the plan now includes more contextual information, including the change name, associated tags, and the plan file name. Suggested by Curtis Poe (Issue #205). - Comments on Firebird registry objects are now created with the `COMMENT` command, rather than INSERTs into catalog tables. - Added support for "merge" events, though none are logged, yet.

@byroot

## [1.11.3][] (2016-09-16) * Fix known_hosts caching to match on the entire hostlist [PR #364](capistrano/sshkit#364) @byroot ## [1.11.2][] (2016-07-29) ### Bug fixes * Fixed a crash occurring when `Host@keys` was set to a non-Enumerable. @xavierholt [PR #360](capistrano/sshkit#360) ## [1.11.1][] (2016-06-17) ### Bug fixes * Fixed a regression in 1.11.0 that would cause `ArgumentError: invalid option(s): known_hosts` in some older versions of net-ssh. @byroot [#357](capistrano/sshkit#357) ## [1.11.0][] (2016-06-14) ### Bug fixes * Fixed colorized output alignment in Logger::Pretty. @xavierholt [PR #349](capistrano/sshkit#349) * Fixed a bug that prevented nested `with` calls [#43](capistrano/sshkit#43) ### Other changes * Known hosts lookup optimization is now enabled by default. @byroot ## 1.10.0 (2016-04-22) * You can now opt-in to caching of SSH's known_hosts file for a speed boost when deploying to a large fleet of servers. Refer to the [README](https://github.com/capistrano/sshkit/tree/v1.10.0#known-hosts-caching) for details. We plan to turn this on by default in a future version of SSHKit. [PR #330](capistrano/sshkit#330) @byroot * SSHKit now explicitly closes its pooled SSH connections when Ruby exits; this fixes `zlib(finalizer): the stream was freed prematurely` warnings [PR #343](capistrano/sshkit#343) @mattbrictson * Allow command map entries (`SSHKit::CommandMap#[]`) to be Procs [PR #310](capistrano/sshkit#310) @mikz ## 1.9.0 **Refer to the 1.9.0.rc1 release notes for a full list of new features, fixes, and potentially breaking changes since SSHKit 1.8.1.** There are no changes since 1.9.0.rc1. ## 1.9.0.rc1 ### Potentially breaking changes * The SSHKit DSL is no longer automatically included when you `require` it. **This means you must now explicitly `include SSHKit::DSL`.** See [PR #219](capistrano/sshkit#219) for details. @beatrichartz * `SSHKit::Backend::Printer#test` now always returns true [PR #312](capistrano/sshkit#312) @mikz ### New features * `SSHKit::Formatter::Abstract` now accepts an optional Hash of options [PR #308](capistrano/sshkit#308) @mattbrictson * Add `SSHKit::Backend.current` so that Capistrano plugin authors can refactor helper methods and still have easy access to the currently-executing Backend without having to use global variables. * Add `SSHKit.config.default_runner` options that allows to override default command runner. This option also accepts a name of the custom runner class. * The ConnectionPool has been rewritten in this release to be more efficient and have a cleaner internal API. You can still completely disable the pool by setting `SSHKit::Backend::Netssh.pool.idle_timeout = 0`. @mattbrictson @byroot [PR #328](capistrano/sshkit#328) ### Bug fixes * make sure working directory for commands is properly cleared after `within` blocks [PR #307](capistrano/sshkit#307) @steved * display more accurate string for commands with spaces being output in `Formatter::Pretty` [PR #304](capistrano/sshkit#304) @steved [PR #319](capistrano/sshkit#319) @mattbrictson * Fix a race condition experienced in JRuby that could cause multi-server deploys to fail. [PR #322](capistrano/sshkit#322) @mattbrictson

Changes in 2.8.2 Aug 15, 2016 - version 2.8.2 * Bug o 2.8.1 introduced JRuby + SSL connection problem; in some cases it cannot connect to trusted TLS server. 2.8.1 failed to load multiple CA certificates in a file. #327. Aug 16, 2016 - version 2.8.2.1 * Bug o 2.8.1 introduced another bug that causes NPE from JRuby when JRuby program loads httpclient and uses OpenSSL::X509::Store outside of httpclient. 2.8.3 fixed this problem. #325 Aug 28, 2016 - version 2.8.2.3 * Bug o 2.8.2 fixed VERIFY_NONE at JRuby but the fix was not enough. Sep 11, 2016 - version 2.8.2.4 * Bug o 2.8.2 caused unexpected resulting value change of OpenSSL::X509::Store#add_cert method. Fixed. Changes in 2.8.1 Aug 8, 2016 - version 2.8.1 * Changes o Use TLSv1.2 always on JRuby #320 o Do not reset keep-alive connection by configuration change #315 o Add strict_response_size_check option #316 false by default, meaning it behavies like browsers by default. o Add MIME type for XML #308 * Bug o Direct access to SSLConfig#cert_store in JRuby was broken from 2.7 #276 #317 o OpenSSL::SSL::VERIFY_NONE does not work in JRuby #319 o Allow receiving response body in block when follow_redirects => true. #304 o Fix blocking issue with request_async when Encoding.default_internal is set. #307 o Apply timeouts for chunked transfer encoding #309 Changes in 2.8.0 Apr 24, 2016 - version 2.8.0 * Changes o Force using RSA 2048bit CA cert set Use RSA 2048bit CA cert set every time if it runs with OpenSSL (== except JRuby.) Old openssl (<1.0.1p or <1.0.2d) cannot handle this CA set and causes SSL connection failure against some SSL servers including AWS S3 API. For such case you can manually specify RSA 1024bit CA cert set as a workaround. c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert1024.pem") } c.get("https://www.ruby-lang.org/") RSA 1024bit CA cert set is not maintained over years so you should consider updating OpenSSL version so that HTTPClient uses RSA 2048 bit CA cert set. Changes in 2.7.2 Apr 22, 2016 - version 2.7.2 * Changes o Use RSA 1024bit CA cert when linked to old openssl Based on comments to #297 this commit silently (without warning) accepts RSA 1024bit certificate set when runtime ruby is liked with old OpenSSL (<1.0.1p or <1.0.2d.) If you're unsure that your OpenSSL is patched or not, and want to make sure to use RSA 2048bit certificate set, please call HTTPClient::SSLConfig#add_trust_ca("cacert.pem"). c = HTTPClient.new { |c| c.ssl_config.add_trust_ca("cacert.pem") } c.get("https://www.ruby-lang.org/") I'm going to remove RSA 1024bit certificate set and bump httpclient version to 2.8.0 soon after I release this as 2.7.2. I believe almost all OpenSSL installation is patched quickly these days so it should not cause SSL connectivity problem.

Upstream Changelog: Security gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) double-free in gdImageWebPtr() (CVE-2016-6912) potential unsigned underflow in gd_interpolation.c DOS vulnerability in gdImageCreateFromGd2Ctx() Fixed Fix #354: Signed Integer Overflow gd_io.c Fix #340: System frozen Fix OOB reads of the TGA decompression buffer Fix DOS vulnerability in gdImageCreateFromGd2Ctx() Fix potential unsigned underflow Fix double-free in gdImageWebPtr() Fix invalid read in gdImageCreateFromTiffPtr() Fix OOB reads of the TGA decompression buffer Fix #68: gif: buffer underflow reported by AddressSanitizer Avoid potentially dangerous signed to unsigned conversion Fix #304: test suite failure in gif/bug00006 [2.2.3] Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border Fix #330: Integer overflow in gdImageScaleBilinearPalette() Fix 321: Null pointer dereferences in gdImageRotateInterpolated Fix whitespace and add missing comment block Fix #319: gdImageRotateInterpolated can have wrong background color Fix color quantization documentation Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag Fix #300: gdImageClone() assigns res_y = res_x Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness() Replace GNU old-style field designators with C89 compatible initializers Fix #297: gdImageCrop() converts palette image to truecolor image Fix #290: TGA RLE decoding is broken Fix unnecessary non NULL checks Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files Fix #280: gdImageWebpEx() quantization parameter is a misnomer Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx() Fix issue #276: Sometimes pixels are missing when storing images as BMPs Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts Fix copy&paste error in gdImageScaleBicubicFixed() Added More documentation Documentation on GD and GD2 formats More tests

graphics/gd: security fix Revisions pulled up: - graphics/gd/Makefile 1.113 - graphics/gd/distinfo 1.43 - graphics/gd/patches/patch-src_gd__webp.c deleted --- Module Name: pkgsrc Committed By: spz Date: Sat Feb 4 23:05:52 UTC 2017 Modified Files: pkgsrc/graphics/gd: Makefile distinfo Removed Files: pkgsrc/graphics/gd/patches: patch-src_gd__webp.c Log Message: update of gd to 2.2.4. Upstream Changelog: Security gdImageCreate() doesn't check for oversized images and as such is prone to DoS vulnerabilities. (CVE-2016-9317) double-free in gdImageWebPtr() (CVE-2016-6912) potential unsigned underflow in gd_interpolation.c DOS vulnerability in gdImageCreateFromGd2Ctx() Fixed Fix #354: Signed Integer Overflow gd_io.c Fix #340: System frozen Fix OOB reads of the TGA decompression buffer Fix DOS vulnerability in gdImageCreateFromGd2Ctx() Fix potential unsigned underflow Fix double-free in gdImageWebPtr() Fix invalid read in gdImageCreateFromTiffPtr() Fix OOB reads of the TGA decompression buffer Fix #68: gif: buffer underflow reported by AddressSanitizer Avoid potentially dangerous signed to unsigned conversion Fix #304: test suite failure in gif/bug00006 [2.2.3] Fix #329: GD_BILINEAR_FIXED gdImageScale() can cause black border Fix #330: Integer overflow in gdImageScaleBilinearPalette() Fix 321: Null pointer dereferences in gdImageRotateInterpolated Fix whitespace and add missing comment block Fix #319: gdImageRotateInterpolated can have wrong background color Fix color quantization documentation Fix #309: gdImageGd2() writes wrong chunk sizes on boundaries Fix #307: GD_QUANT_NEUQUANT fails to unset trueColor flag Fix #300: gdImageClone() assigns res_y = res_x Fix #299: Regression regarding gdImageRectangle() with gdImageSetThickness() Replace GNU old-style field designators with C89 compatible initializers Fix #297: gdImageCrop() converts palette image to truecolor image Fix #290: TGA RLE decoding is broken Fix unnecessary non NULL checks Fix #289: Passing unrecognized formats to gdImageGd2 results in corrupted files Fix #280: gdImageWebpEx() quantization parameter is a misnomer Publish all gdImageCreateFromWebp*() functions and gdImageWebpCtx() Fix issue #276: Sometimes pixels are missing when storing images as BMPs Fix issue #275: gdImageBmpCtx() may segfault for non-seekable contexts Fix copy&paste error in gdImageScaleBicubicFixed() Added More documentation Documentation on GD and GD2 formats More tests

v1.2.1 * Add accessor to @internal_file_attributes #304 * Extended globbing #303 * README updates #283, #289 * Cleanup after tests #298, #306 * Fix permissions on new zip files #294, #300 * Fix examples #297 * Support cp932 encoding #308 * Fix Directory traversal vulnerability #315 * Allow open_buffer to work without a given block #314

jperkin self-assigned this Nov 16, 2015

jperkin closed this as completed Nov 26, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

setting system's PATH variable for pkgsrc #304

setting system's PATH variable for pkgsrc #304

tlcarpenter commented Nov 16, 2015

jperkin commented Nov 16, 2015

JohnDDuncanIII commented Nov 16, 2015

tlcarpenter commented Nov 16, 2015

jperkin commented Nov 26, 2015