Fedora 22 Update: python-foolscap-0.8.0-1.fc22

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 29 01:36:41 UTC 2015 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-11629
2015-07-16 00:05:28
--------------------------------------------------------------------------------

Name        : python-foolscap
Product     : Fedora 22
Version     : 0.8.0
Release     : 1.fc22
URL         : http://foolscap.lothar.com
Summary     : Next-generation RPC protocol, intended to replace Perspective Broker
Description :
Foolscap (aka newpb) is a new version of Twisted's native RPC protocol, known
as 'Perspective Broker'. This allows an object in one process to be used by
code in a distant process. This module provides data marshaling, a remote
object reference system, and a capability-based security model.

--------------------------------------------------------------------------------
Update Information:

= Release 0.8.0 (15-Apr-2015) =

** UnauthenticatedTub is gone

As announced in the previous release, UnauthenticatedTub has been removed. All Tubs are fully authenticated now.

** Security Improvements

Foolscap now generates better TLS certificates, with 2048-bit RSA keys and SHA256 digests. Previous versions used OpenSSL's defaults, which typically meant 1024-bit MD5.

To benefit from the new certificates, you must regenerate your Tubs, which means creating new FURLs (with new TubIDs). Previously-created Tubs will continue to work normally: only new Tubs will be different.

** Packaging/Dependency Changes

setup.py now requires setuptools

Foolscap now requires pyOpenSSL unconditionally, because all Tubs are authenticated.

We now recommend "pip install ." to install Foolscap and all its
dependencies, instead of "python setup.py install". See #231 for details.


= Release 0.7.0 (23-Sep-2014) =

** Security Fixes

The "flappserver" feature was found to have a vulnerability in the
service-lookup code which, when combined with an attacker who has the ability to write files to a location where the flappserver process could read them, would allow that attacker to obtain control of the flappserver process.

Users who run flappservers should upgrade to 0.7.0, where this was fixed as
part of #226.

Each flappserver runs from a "base directory", and uses multiple files within the basedir to track the services that have been configured. The format of these files has changed. The flappserver tool in 0.7.0 remains capable of reading the old format (safely), but will upgrade the basedir to the new format when you use "flappserver add" to add a new service. Brand new servers, created with "flappserver create", will use the new format.

The flappserver tool in 0.6.5 (or earlier) cannot handle this new format, and will believe that no services have been configured. Therefore downgrading to an older version of Foolscap will require manual reconstruction of the configured services.

** Major Changes

UnauthenticatedTub has been deprecated, and will be removed in the next release (0.8.0). This seldom-used feature provides Foolscap's RPC semantics without any of the security, and was included to enable the use of Foolscap without depending upon the (challenging-to-install) PyOpenSSL library.
However, in practice, the lack of a solid dependency on PyOpenSSL has made installation more difficult for applications that *do* want the security, and UnauthenticatedTub is a footgun waiting to go off. Foolscap's code and packaging will be simpler without it. (#67)

** Minor Changes

The "git-foolscap" tools, which make it possible to publish and clone Git repositories over a Foolscap (flappserver) connection, have been moved from their hiding place in doc/examples/ into their own project, hosted at https://github.com/warner/git-foolscap . They will also be published on PyPI, to enable "pip install git-foolscap".

The documentation was converted from Lore to ReStructuredText (.rst). Thanks to Koblaid for the patient work. (#148)

The connection-hint parser in 0.7.0 has been changed to handle all TCP forms of Twisted's "Client Endpoint Descriptor" syntax, including the short "tcp:127.0.0.1:9999" variant. A future version should handle arbitrary endpoint descriptors (including Tor and i2p, see #203), but this small step should improve forward compatibility. (#216, #217)


= Release 0.6.5 (12-Aug-2014) =

** Compatibility Fixes

This release is compatible with Twisted-14.0.0.

Foolscap no longer claims compatability with python-2.4.x or 2.5.x . These old versions might still work, but there are no longer automated tests to ensure this. Future versions will almost certainly *not* work with anything older than python-2.6.x . Foolscap remains incompatible with py3, sorry.

** Forward Compatibility

When parsing FURLs, the connection hints can now use TCP sockets described with the Twisted Endpoints syntax (e.g. "tcp:host=127.0.0.1:port=9999"), in addition to the earlier host:port "127.0.0.1:9999" form. Foolscap-0.6.5 ignores any hint that is not in one of these two forms. This should make it easier to introduce new hint types in the future.

** Minor Changes

The "ChangeLog" file is no longer updated.

Violation reports now include the method name. (#201)

The "flappserver" tool explicitly rejects unicode input, rather than
producing hard-to-diagnose errors later. (#209)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 13 2015 Christopher Meng <rpm at cicku.me> - 0.8.0-1
- Update to 0.8.0
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1214129 - Upgrade Version Request
        https://bugzilla.redhat.com/show_bug.cgi?id=1214129
  [ 2 ] Bug #1239839 - python-foolscap: FTBFS in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=1239839
  [ 3 ] Bug #1106775 - python-foolscap: FTBFS in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=1106775
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update python-foolscap' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list