PaulHowarth/Blog/2012-05-08

Tuesday 8th May 2012

Fedora Project

  • Updated perl-Compress-Raw-Zlib to 2.054 in Rawhide:

  • Updated perl-IO-Socket-SSL to 1.70 in Rawhide:

    • Changes for CPAN RT#76929:

      • If no explicit cipher list is given, default to ALL:!LOW instead of the openssl default, which usually includes weak ciphers like DES

      • New config key SSL_honor_cipher_order and document how to use it to fight BEAST attack

      • Fix behaviour for empty cipher list (use default)

      • Re-added workaround in t/dhe.t

    • Make it possible to disable protocols using SSL_version, and make SSL_version default to 'SSLv23:!SSLv2'

Local Packages

  • Updated dovecot to 2.1.6:

    • Session ID is now included by default in auth and login process log lines; it can be added to mail processes also by adding %{session} to mail_log_prefix

    • Added ssl_require_crl setting, which specifies if CRL check must be successful when verifying client certificates

    • Added mail_shared_explicit_inbox setting to specify if a shared INBOX should be accessible as "shared/$user" or "shared/$user/INBOX"

    • v2.1.5: using "~/" as mail_location or elsewhere failed to actually expand it to home directory

    • dbox: fixed potential assert-crash when reading dbox files

    • trash plugin: fixed behaviour when quota is already over limit

    • mail_log plugin: logging "copy" event didn't work

    • Proxying to backend server with SSL: verifying server certificate name always failed, because it was compared to an IP address

  • Updated perl-Compress-Raw-Zlib to 2.054 as per the Fedora version

  • Updated perl-Error to 0.17018:

    • Add a $VERSION variable for Error::Simple

    • Add scripts/bump-version-number.pl, which can be used to bump the version numbers globally

  • Updated perl-IO-Socket-SSL to 1.70 as per the Fedora version

  • Updated perl-Moose to 2.0602:

    • Ensure that the Moose::Exporter-generated init_meta returns the same value that it did previously; this isn't really a bug, since the return value has never been tested or documented, but since the generated init_meta is nothing more than a compatibility shim at this point, there's no reason to not make it as compatible as possible

Recent