PaulHowarth/Blog/2014-02-07

Friday 7th February 2014

Fedora Project

  • Updated libpng10 to 1.0.61 in F-19, F-20, Rawhide and EPEL-6:

    • Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS()

    • Replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in configure.ac

    • Changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h

    • Avoid a possible memory leak in contrib/gregbook/readpng.c

    • Revised libpng.3 so that "doclifter" can process it

    • Changed '"%s"m' to '"%s" m' in png_debug macros to improve portability among compilers

    • Rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1

    • Removed potentially misleading warning from png_check_IHDR()

    • Quiet set-but-not-used warnings in pngset.c

    • Quiet an uninitialized memory warning from VC2013 in png_get_png()

    • Quiet unused variable warnings from clang by porting PNG_UNUSED() from libpng-1.4.6

    • Added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile

    • Added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c

  • Updated perl-IO-Socket-SSL to 1.967 in Rawhide:

    • Verify the hostname inside a certificate by default with a superset of common verification schemes instead of not verifying identity at all; for now it will only complain if name verification failed but in the future it will fail certificate verification, forcing you to set the expected SSL_verifycn_name if you want to accept the certificate

    • New option SSL_fingerprint and new methods get_fingerprint and get_fingerprint_bin; together they can be used to selectively accept specific certificates that would otherwise fail verification, like self-signed, outdated or from unknown CAs

    • Utils:
      • Default RSA key length 2048
      • Digest algorithm to sign certificate in CERT_create can be given; defaults to SHA-256

      • CERT_create can now issue non-CA self-signed certificate

      • CERT_create add some more useful constraints to certificate

    • Spelling fixes
  • Updated perl-Module-Find to 0.12 in Rawhide and EPEL-7:

    • Fixed CPAN RT#81077: useall fails in taint mode

    • Fixed CPAN RT#83596: Documentation doesn't describe behaviour if a module fails to load

    • Clarified documentation for useall and usesub

    • Fixed CPAN RT#62923: setmoduledirs(undef) doesn't reset to searching @INC

    • Added more explicit tests
  • Updated perl-Test-Synopsis to 0.10 in Rawhide:

    • Fixed prereqs to allow earlier versions of Test-Simple (Issue #9)

    • Removed POD errors from test .pm's to increase Kwalitee

    • Reverted the change of renaming extract_synopsis() to _extract_synopsis(), as it appears some distros have used undocumented extract_synopsis() in their user tests, and the change is causing their distros to fail

    • Added contributors into META file through dzil plugin

Local Packages

  • Updated libpng10 to 1.0.61 as per the Fedora version

  • Updated perl-Capture-Tiny to 0.24:

    • Closed security hole in use of semaphore flag in /tmp; now opens the semaphore using O_CREAT|O_EXCL (CVE-2014-1875)

  • Updated perl-DateTime to 1.07:

    • Added a hack to get this module working on Android (CPAN RT#92671)

  • Updated perl-IO-Socket-SSL to 1.967 as per the Fedora version

  • Updated perl-Module-Find to 0.12 as per the Fedora version

  • Updated perl-Module-Runtime to 0.014:

    • Bugfix: suppress any CORE::GLOBAL::require override, where possible, to avoid use_package_optimistically() being misled into treating missing modules as broken

    • Bugfix: in use_module() and use_package_optimistically(), pass a supplied VERSION parameter through for the version check even if it is undef

    • Tighten use_package_optimistically()'s recognition of can't-locate errors (the same way that base.pm has recently been tightened), so that, when a module fails to load because a module that it uses isn't available, the outer module will be perceived as broken rather than missing

    • Update documentation notes about the state of Unicode handling for module names
    • In META.{yml,json}, point to public git repository

  • Updated perl-Moose to 2.1204:

    • Bump prereq on Module::Runtime to properly detect when a module fails to load, and fix how we call these subs (CPAN RT#92770, CPAN RT#86394, CPAN RT#92791)

    • Bump minimum prereq needed for optional test using MooseX::NonMoose (which broke with new Module::Runtime), so users can install Moose and pass tests before updating MooseX::NonMoose

  • Updated perl-MooseX-NonMoose to 0.25:

    • Fix for Module::Runtime 0.014

  • Updated perl-Test-Synopsis to 0.10 as per the Fedora version


Recent