RubyGems - oauth2 - Versions diffs - 2.0.18 → 2.0.22 - Mend

oauth2 2.0.18 → 2.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +138 -5
data/CITATION.cff +6 -6
data/CONTRIBUTING.md +82 -31
data/FUNDING.md +1 -1
data/LICENSE.md +110 -0
data/README.md +341 -734
data/SECURITY.md +1 -4
data/certs/pboling.pem +27 -0
data/lib/oauth2/access_token.rb +11 -14
data/lib/oauth2/auth_sanitizer.rb +36 -0
data/lib/oauth2/authenticator.rb +9 -7
data/lib/oauth2/client.rb +46 -5
data/lib/oauth2/error.rb +2 -0
data/lib/oauth2/filtered_attributes.rb +7 -49
data/lib/oauth2/response.rb +14 -12
data/lib/oauth2/version.rb +2 -1
data/lib/oauth2.rb +39 -17
data/sig/oauth2/filtered_attributes.rbs +6 -1
data/sig/oauth2/sanitized_logger.rbs +32 -0
data/sig/oauth2/thing_filter.rbs +10 -0
data/sig/oauth2/version.rbs +1 -0
data.tar.gz.sig +0 -0
metadata +124 -103
metadata.gz.sig +0 -0
data/IRP.md +0 -107
data/LICENSE.txt +0 -22
data/OIDC.md +0 -167
data/REEK +0 -0
data/THREAT_MODEL.md +0 -85

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: oauth2
 version: !ruby/object:Gem::Version
-  version: 2.0.18
+  version: 2.0.22
 platform: ruby
 authors:
 - Peter Boling
@@ -39,6 +39,26 @@ cert_chain:
   -----END CERTIFICATE-----
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: auth-sanitizer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.2.1
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
@@ -136,7 +156,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -146,7 +166,7 @@ dependencies:
         version: '2.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.3
+        version: 2.0.5
 - !ruby/object:Gem::Dependency
   name: version_gem
   requirement: !ruby/object:Gem::Requirement
@@ -156,7 +176,7 @@ dependencies:
         version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.9
+        version: 1.1.11
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -166,139 +186,151 @@ dependencies:
         version: '1.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.9
+        version: 1.1.11
 - !ruby/object:Gem::Dependency
-  name: addressable
+  name: kettle-dev
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.8.7
+        version: 2.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.8'
+        version: '2.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.8.7
+        version: 2.1.1
 - !ruby/object:Gem::Dependency
-  name: nkf
+  name: bundler-audit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 0.9.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: 0.9.3
 - !ruby/object:Gem::Dependency
-  name: rexml
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.2.5
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.2.5
+        version: '13.0'
 - !ruby/object:Gem::Dependency
-  name: kettle-dev
+  name: require_bench
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.4
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.4
 - !ruby/object:Gem::Dependency
-  name: bundler-audit
+  name: appraisal2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.9.2
+        version: '3.1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.1.1
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: kettle-test
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '13.0'
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.3
 - !ruby/object:Gem::Dependency
-  name: require_bench
+  name: turbo_tests2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.4
+        version: 3.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.1'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.4
+        version: 3.1.1
 - !ruby/object:Gem::Dependency
-  name: appraisal2
+  name: ruby-progressbar
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '1.13'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '1.13'
 - !ruby/object:Gem::Dependency
-  name: kettle-test
+  name: stone_checksums
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -306,7 +338,7 @@ dependencies:
         version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 1.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -316,81 +348,101 @@ dependencies:
         version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.6
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
-  name: ruby-progressbar
+  name: gitmoji-regex
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.13'
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.13'
+        version: '2.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.0.1
 - !ruby/object:Gem::Dependency
-  name: stone_checksums
+  name: addressable
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.2
+        version: 2.8.7
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.8'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.2
+        version: 2.8.7
 - !ruby/object:Gem::Dependency
-  name: gitmoji-regex
+  name: backports
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.25'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 3.25.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '3.25'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.3
+        version: 3.25.1
 - !ruby/object:Gem::Dependency
-  name: backports
+  name: nkf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.25'
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.25.1
+        version: 3.2.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.25'
+        version: '3.2'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.25.1
+        version: 3.2.5
 description: "\U0001F510 A Ruby wrapper for the OAuth 2.0 Authorization Framework,
   including the OAuth 2.1 draft spec, and OpenID Connect (OIDC)"
 email:
@@ -404,30 +456,24 @@ extra_rdoc_files:
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - FUNDING.md
-- IRP.md
-- LICENSE.txt
-- OIDC.md
+- LICENSE.md
 - README.md
-- REEK
 - RUBOCOP.md
 - SECURITY.md
-- THREAT_MODEL.md
 files:
 - CHANGELOG.md
 - CITATION.cff
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
 - FUNDING.md
-- IRP.md
-- LICENSE.txt
-- OIDC.md
+- LICENSE.md
 - README.md
-- REEK
 - RUBOCOP.md
 - SECURITY.md
-- THREAT_MODEL.md
+- certs/pboling.pem
 - lib/oauth2.rb
 - lib/oauth2/access_token.rb
+- lib/oauth2/auth_sanitizer.rb
 - lib/oauth2/authenticator.rb
 - lib/oauth2/client.rb
 - lib/oauth2/error.rb
@@ -447,49 +493,24 @@ files:
 - sig/oauth2/error.rbs
 - sig/oauth2/filtered_attributes.rbs
 - sig/oauth2/response.rbs
+- sig/oauth2/sanitized_logger.rbs
 - sig/oauth2/strategy.rbs
+- sig/oauth2/thing_filter.rbs
 - sig/oauth2/version.rbs
 homepage: https://github.com/ruby-oauth/oauth2
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://oauth2.galtzo.com/
-  source_code_uri: https://github.com/ruby-oauth/oauth2/tree/v2.0.18
-  changelog_uri: https://github.com/ruby-oauth/oauth2/blob/v2.0.18/CHANGELOG.md
+  homepage_uri: https://oauth2.galtzo.com
+  source_code_uri: https://github.com/ruby-oauth/oauth2/tree/v2.0.22
+  changelog_uri: https://github.com/ruby-oauth/oauth2/blob/v2.0.22/CHANGELOG.md
   bug_tracker_uri: https://github.com/ruby-oauth/oauth2/issues
-  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.18
-  mailing_list_uri: https://groups.google.com/g/oauth-ruby
+  documentation_uri: https://www.rubydoc.info/gems/oauth2/2.0.22
   funding_uri: https://github.com/sponsors/pboling
-  wiki_uri: https://gitlab.com/ruby-oauth/oauth2/-/wiki
+  wiki_uri: https://github.com/ruby-oauth/oauth2/wiki
   news_uri: https://www.railsbling.com/tags/oauth2
   discord_uri: https://discord.gg/3qme4XHNKN
   rubygems_mfa_required: 'true'
-post_install_message: |2
-  ---+++--- oauth2 v2.0.18 ---+++---
-  (minor) ⚠️ BREAKING CHANGES ⚠️ when upgrading from < v2
-  • Summary of breaking changes: https://gitlab.com/ruby-oauth/oauth2#what-is-new-for-v20
-  • Changes in this patch: https://gitlab.com/ruby-oauth/oauth2/-/blob/v2.0.18/CHANGELOG.md#2015-2025-09-08
-  News:
-  1. New documentation website, including for OAuth 2.1 and OIDC: https://oauth2.galtzo.com
-  2. New official Discord for discussion and support: https://discord.gg/3qme4XHNKN
-  3. New org name "ruby-oauth" on Open Source Collective, GitHub, GitLab, Codeberg (update git remotes!)
-  4. Non-commercial support for the 2.x series will end by April, 2026. Please make a plan to upgrade to the next version prior to that date.
-  Support will be dropped for Ruby 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0, 3.1 and any other Ruby versions which will also have reached EOL by then.
-  5. Gem releases are cryptographically signed with a 20-year cert; SHA-256 & SHA-512 checksums by stone_checksums.
-  6. Please consider supporting this project:
-     • https://opencollective.com/ruby-oauth (new!)
-     • https://liberapay.com/pboling
-     • https://github.com/sponsors/pboling
-     • https://www.paypal.com/paypalme/peterboling
-     • https://ko-fi.com/pboling
-     • https://www.buymeacoffee.com/pboling
-     • https://tidelift.com/funding/github/rubygems/oauth
-     • Hire me - I can build anything
-     • Report issues, and star the project
-  Thanks, @pboling / @galtzo
 rdoc_options:
 - "--title"
 - "oauth2 - \U0001F510 OAuth 2.0, 2.1 & OIDC Core Ruby implementation"
@@ -513,7 +534,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 4.0.10
 specification_version: 4
 summary: "\U0001F510 OAuth 2.0, 2.1 & OIDC Core Ruby implementation"
 test_files: []

metadata.gz.sig CHANGED Viewed

Binary file

data/IRP.md DELETED Viewed

@@ -1,107 +0,0 @@
-# Incident Response Plan (IRP)
-Status: Draft
-## Purpose
-This Incident Response Plan (IRP) defines the steps the project maintainer(s) will follow when handling security incidents related to the `oauth2` gem. It is written for a small project with a single primary maintainer and is intended to be practical, concise, and actionable.
-## Scope
-Applies to security incidents that affect the `oauth2` codebase, releases (gems), CI/CD infrastructure related to building and publishing the gem, repository credentials, or any compromise of project infrastructure that could impact users.
-## Key assumptions
-- This project is maintained primarily by a single maintainer.
-- Public vulnerability disclosure is handled via Tidelift (see `SECURITY.md`).
-- The maintainer will act as incident commander unless otherwise delegated.
-## Contact & Roles
-- Incident Commander: Primary maintainer (repo owner). Responsible for coordinating triage, remediation, and communications.
-- Secondary Contact: (optional) A trusted collaborator or organization contact if available.
-### If you are an external reporter
-- Do not publicly disclose details of an active vulnerability before coordination via Tidelift.
-- See `SECURITY.md` for Tidelift disclosure instructions. If the reporter has questions and cannot use Tidelift, they may open a direct encrypted report as described in `SECURITY.md` (if available) or email the maintainer contact listed in the repository.
-## Incident Handling Workflow (high level)
-1. Identification & Reporting
-   - Reports may arrive via Tidelift, issue tracker, direct email, or third-party advisories.
-   - Immediately acknowledge receipt (within 24-72 hours) via the reporting channel.
-2. Triage & Initial Assessment (first 72 hours)
-   - Confirm the report is not duplicative and gather: reproducer, affected versions, attack surface, exploitability, and CVSS-like severity estimate.
-   - Verify the issue against the codebase and reproduce locally if possible.
-   - Determine scope: which versions are affected, whether the issue is in code paths executed in common setups, and whether a workaround exists.
-3. Containment & Mitigation
-   - If a simple mitigation or workaround (configuration change, safe default, or recommended upgrade) exists, document it clearly in the issue/Tidelift advisory.
-   - If immediate removal of a release is required (rare), consult Tidelift for coordinated takedown and notify package hosts if applicable.
-4. Remediation & Patch
-   - Prepare a fix in a branch with tests and changelog entries. Prefer minimal, well-tested changes.
-   - Include tests that reproduce the faulty behavior and demonstrate the fix.
-   - Hardening: add fuzz tests, input validation, or additional checks as appropriate.
-5. Release & Disclosure
-   - Coordinate disclosure through Tidelift per `SECURITY.md` timelines. Aim for a coordinated disclosure and patch release to minimize risk to users.
-   - Publish a patch release (increment gem version) and an advisory via Tidelift.
-   - Update `CHANGELOG.md` and repository release notes with non-sensitive details.
-6. Post-Incident
-   - Produce a short postmortem: timeline, root cause, actions taken, and follow-ups.
-   - Add/adjust tests and CI checks to prevent regressions.
-   - If credentials or infrastructure were compromised, rotate secrets and audit access.
-## Severity classification (guidance)
-- High/Critical: Remote code execution, data exfiltration, or any vulnerability that can be exploited without user interaction. Immediate action and prioritized patching.
-- Medium: Privilege escalation, sensitive information leaks that require specific conditions. Patch in the next release cycle with advisory.
-- Low: Minor information leaks, UI issues, or non-exploitable bugs. Fix normally and include in the next scheduled release.
-## Preservation of evidence
-- Preserve all reporter-provided data, logs, and reproducer code in a secure location (local encrypted storage or private branch) for the investigation.
-- Do not publish evidence that would enable exploitation before coordinated disclosure.
-## Communication templates
-Acknowledgement (to reporter)
-"Thank you for reporting this issue. I've received your report and will triage it within 72 hours. If you can, please provide reproduction steps, affected versions, and any exploit PoC. I will coordinate disclosure through Tidelift per the project's security policy."
-Public advisory (after patch is ready)
-"A security advisory for oauth2 (versions X.Y.Z) has been published via Tidelift. Please upgrade to version A.B.C which patches [brief description]. See the advisory for details and recommended mitigations."
-## Runbook: Quick steps for a maintainer to patch and release
-1. Create a branch: `git checkout -b fix/security-brief-description`
-2. Reproduce the issue locally and add a regression spec in `spec/`.
-3. Implement the fix and run the test suite: `bundle exec rspec` (or the project's preferred test command).
-4. Bump version in `lib/oauth2/version.rb` following semantic versioning.
-5. Update `CHANGELOG.md` with an entry describing the fix (avoid exploit details).
-6. Commit and push the branch, open a PR, and merge after approvals.
-7. Build and push the gem: `gem build oauth2.gemspec && gem push pkg/...` (coordinate with Tidelift before public push if disclosure is coordinated).
-8. Publish a release on GitHub and ensure the Tidelift advisory is posted.
-## Operational notes
-- Secrets: Use local encrypted storage for any sensitive reporter data. If repository or CI secrets may be compromised, rotate them immediately and update dependent services.
-- Access control: Limit who can publish gems and who has admin access to the repo. Keep an up-to-date list of collaborators in a secure place.
-## Legal & regulatory
-- If the incident involves user data or has legal implications, consult legal counsel or the maintainers' employer as appropriate. The maintainer should document the timeline and all communications.
-## Retrospective & continuous improvement
-After an incident, perform a brief post-incident review covering:
-- What happened and why
-- What was done to contain and remediate
-- What tests or process changes will prevent recurrence
-- Assign owners and deadlines for follow-up tasks
-## References
-- See `SECURITY.md` for the project's official disclosure channel (Tidelift).
-## Appendix: Example checklist for an incident
-- [ ] Acknowledge report to reporter (24-72 hours)
-- [ ] Reproduce and classify severity
-- [ ] Prepare and test a fix in a branch
-- [ ] Coordinate disclosure via Tidelift
-- [ ] Publish patch release and advisory
-- [ ] Postmortem and follow-up actions

data/LICENSE.txt DELETED Viewed

@@ -1,22 +0,0 @@
-MIT License
-Copyright (c) 2017-2025 Peter H. Boling, of Galtzo.com, and oauth2 contributors
-Copyright (c) 2011-2013 Michael Bleigh and Intridea, Inc.
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.