PaulHowarth/Blog/2012-05-24

Thursday 24th May 2012

Fedora Project

  • Updated python-crypto to 2.6 in Rawhide:

    • Fix insecure ElGamal key generation (launchpad bug #985164, CVE-2012-2417)

    • Huge documentation clean-up
    • Added more tests, including test vectors from NIST 800-38A
    • Remove broken MODE_PGP, which never actually worked properly

    • A new mode, MODE_OPENPGP, has been added for people wishing to write OpenPGP implementations (see also launchpad bug #996814)

    • Fix: getPrime with invalid input causes Python to abort with fatal error (launchpad bug #988431)

    • Fix: Segfaults within error-handling paths (launchpad bug #934294)

    • Fix: Block ciphers allow empty string as IV (launchpad bug #997464)

    • Fix DevURandomRNG to work with Python3's new I/O stack

    • Remove automagic dependencies on libgmp and libmpir; let the caller disable them using args

    • Many other minor bug fixes and improvements

Local Packages

  • Updated curl to 7.26.0:

    • nss: the minimal supported version of NSS bumped to 3.12.x

    • nss: human-readable names are now provided for NSS errors if available

    • Add a manual page for mk-ca-bundle

    • Added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR

    • smtp: add support for DIGEST-MD5 authentication

    • pop3: added support for additional pop3 commands

    • nss: libcurl now uses NSS_InitContext() to prevent collisions if available

    • URL parse: reject numerical IPv6 addresses outside brackets
    • MD5: fix OOM memory leak

    • OpenSSL cert: provide more details when cert check fails

    • HTTP: empty chunked POST ended up in two zero size chunks

    • Fixed a regression when curl resolved to multiple addresses and the first isn't supported

    • -# progress meter: avoid superfluous updates and duplicate lines

    • Headers: surround GCC attribute names with double underscores

    • PolarSSL: correct return code for CRL matches

    • PolarSSL: include version number in version string

    • PolarSSL: add support for asynchronous connect

    • mk-ca-bundle: revert the LWP usage

    • IPv6 cookie domain: get rid of the first bracket before the second
    • connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails

    • OpenSSL: made cert hostname check conform to RFC 6125

    • HTTP: reset expected DL/UL sizes on redirects

    • CMake: fix Windows LDAP/LDAPS option handling

    • CMake: fix MS Visual Studio x64 unsigned long long literal suffix

    • configure: update detection logic of getaddrinfo() thread-safeness

    • configure: check for gethostbyname in the watt lib

    • curl-config.1: fix curl-config usage in example

    • smtp: Fixed non-escaping of dot character at beginning of line

    • MakefileBuild.vc: use the correct IDN variable

    • autoconf: improve handling of versioned symbols

    • curl.1: clarify -x usage

    • curl: shorten user-agent

    • smtp: issue with the multi-interface always sending postdata

    • compile error with GnuTLS+Nettle fixed

    • winbuild: fix IPv6 enabled build

  • Updated libidn to 1.25:

    • Fix build with MSVC related to _GL_ATTRIBUTE_CONST and _GL_ATTRIBUTE_PURE

    • Fix compiler warning about ignoring return value from fgets in examples

    • Ship with a valgrind suppressions file for the strlen issue in the tests

    • Update gnulib files and translations

  • Updated libxml2 to 2.8.0

    • Add lzma compression support

    • Various documentation updates
    • Lots of portability fixes, particularly for Windows targets
    • Lots of bug fixes and other improvements
  • I also updated the package to run its test suite during the build
  • Updated perl-Archive-Tar to 1.86:

  • Rebuilt perl-XML-LibXML for libxml2 2.8.0

  • Updated python-crypto to 2.6 as per the Fedora version


Recent