#acl PaulHowarth:read,write,admin,revert,delete All:read === Friday 7th February 2014 === ==== Fedora Project ==== * Updated `libpng10` to 1.0.61 in F-19, F-20, Rawhide and EPEL-6: * Ignore, with a warning, out-of-range value of `num_trans` in `png_set_tRNS()` * Replaced `AM_CONFIG_HEADER(config.h)` with `AC_CONFIG_HEADERS([config.h])` in `configure.ac` * Changed default value of `PNG_USER_CACHE_MAX` from `0` to `32767` in `pngconf.h` * Avoid a possible memory leak in `contrib/gregbook/readpng.c` * Revised `libpng.3` so that "`doclifter`" can process it * Changed '`"%s"m`' to '`"%s" m`' in `png_debug` macros to improve portability among compilers * Rebuilt the `configure` scripts with `autoconf`-2.69 and `automake`-1.14.1 * Removed potentially misleading warning from `png_check_IHDR()` * Quiet set-but-not-used warnings in `pngset.c` * Quiet an uninitialized memory warning from VC2013 in `png_get_png()` * Quiet unused variable warnings from `clang` by porting `PNG_UNUSED()` from `libpng`-1.4.6 * Added `-DZ_SOLO` to `CFLAGS` in `contrib/pngminim/*/makefile` * Added an `#ifdef PNG_FIXED_POINT_SUPPORTED`/`#endif` in `pngset.c` * Updated `perl-IO-Socket-SSL` to 1.967 in Rawhide: * Verify the hostname inside a certificate by default with a superset of common verification schemes instead of not verifying identity at all; for now it will only complain if name verification failed but in the future it will fail certificate verification, forcing you to set the expected `SSL_verifycn_name` if you want to accept the certificate * New option `SSL_fingerprint` and new methods `get_fingerprint` and `get_fingerprint_bin`; together they can be used to selectively accept specific certificates that would otherwise fail verification, like self-signed, outdated or from unknown CAs * Utils: * Default RSA key length 2048 * Digest algorithm to sign certificate in `CERT_create` can be given; defaults to SHA-256 * `CERT_create` can now issue non-CA self-signed certificate * `CERT_create` add some more useful constraints to certificate * Spelling fixes * Updated `perl-Module-Find` to 0.12 in Rawhide and EPEL-7: * Fixed [[CPAN:81077|CPAN RT#81077]]: `useall` fails in taint mode * Fixed [[CPAN:83596|CPAN RT#83596]]: Documentation doesn't describe behaviour if a module fails to load * Clarified documentation for `useall` and `usesub` * Fixed [[CPAN:62923|CPAN RT#62923]]: `setmoduledirs(undef)` doesn't reset to searching `@INC` * Added more explicit tests * Updated `perl-Test-Synopsis` to 0.10 in Rawhide: * Fixed prereqs to allow earlier versions of `Test-Simple` ([[https://github.com/miyagawa/test-synopsis/issues/9|Issue #9]]) * Removed POD errors from test `.pm`'s to increase Kwalitee * Reverted the change of renaming `extract_synopsis()` to `_extract_synopsis()`, as it appears some distros have used undocumented `extract_synopsis()` in their user tests, and the change is causing their distros to fail * Added contributors into `META` file through `dzil` plugin ==== Local Packages ==== * Updated `libpng10` to 1.0.61 as per the Fedora version * Updated `perl-Capture-Tiny` to 0.24: * Closed security hole in use of semaphore flag in `/tmp`; now opens the semaphore using `O_CREAT|O_EXCL` ([[CVE:2014-1875|CVE-2014-1875]]) * Updated `perl-DateTime` to 1.07: * Added a hack to get this module working on Android ([[CPAN:92671|CPAN RT#92671]]) * Updated `perl-IO-Socket-SSL` to 1.967 as per the Fedora version * Updated `perl-Module-Find` to 0.12 as per the Fedora version * Updated `perl-Module-Runtime` to 0.014: * Bugfix: suppress any `CORE::GLOBAL::require` override, where possible, to avoid `use_package_optimistically()` being misled into treating missing modules as broken * Bugfix: in `use_module()` and `use_package_optimistically()`, pass a supplied `VERSION` parameter through for the version check even if it is `undef` * Tighten `use_package_optimistically()`'s recognition of can't-locate errors (the same way that `base.pm` has recently been tightened), so that, when a module fails to load because a module that it uses isn't available, the outer module will be perceived as broken rather than missing * Update documentation notes about the state of Unicode handling for module names * In `META.{yml,json}`, point to public git repository * Updated `perl-Moose` to 2.1204: * Bump prereq on `Module::Runtime` to properly detect when a module fails to load, and fix how we call these subs ([[CPAN:92770|CPAN RT#92770]], [[CPAN:86394|CPAN RT#86394]], [[CPAN:92791|CPAN RT#92791]]) * Bump minimum prereq needed for optional test using `MooseX::NonMoose` (which broke with new `Module::Runtime`), so users can install `Moose` and pass tests before updating `MooseX::NonMoose` * Updated `perl-MooseX-NonMoose` to 0.25: * Fix for `Module::Runtime` 0.014 * Updated `perl-Test-Synopsis` to 0.10 as per the Fedora version ----