Bug 194491 - www/rubygem-httpclient: Bump to version 2.5.1
Summary: www/rubygem-httpclient: Bump to version 2.5.1
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Po-Chuan Hsieh
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-20 17:26 UTC by robmessick
Modified: 2015-06-21 10:16 UTC (History)
1 user (show)

See Also:
robmessick: maintainer-feedback? (ruby)

Attachments
Update to version 2.5.3.3 (820 bytes, patch)
2014-11-25 17:23 UTC, robmessick 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description robmessick 2014-10-20 17:26:55 UTC 
There are some changes to defaults in httpclient 2.5.0+ to mitigate susceptibility to some recent(ish) SSL atack vectors.

See: https://github.com/nahi/httpclient/blob/master/CHANGELOG.md

Relevant changes in 2.5.0:
"""
    Disabled SSLv3 in favor of POODLE Attack prevention.
    Enabled 1/n-1 fragment in favor of BEAST Attack prevention.
    No TLS compression in favor of CRIME Attack prevention.
"""
Comment 1 Bugzilla Automation freebsd_committer freebsd_triage 2014-10-20 17:26:55 UTC 
Auto-assigned to maintainer ruby@FreeBSD.org
Comment 2 robmessick 2014-11-25 17:23:25 UTC 
Created attachment 149831 [details]
Update to version 2.5.3.3
Comment 3 Po-Chuan Hsieh freebsd_committer freebsd_triage 2015-06-21 10:16:10 UTC 
I've updated this port to 2.6.0.1 in r387573. Thanks for your submission.