#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Wednesday 26th March 2014 ===

==== Fedora Project ====

 * Updated `perl-CPAN-Meta` to 2.140640 in Rawhide:
  * Improved bad version handling during META conversion
  * When downgrading multiple licenses to version 1.x META formats, if all the licenses are open source, the downgraded license will be "`open_source`", not "`unknown`"
  * Added a '`load_string`' method that guesses whether the string is YAML or JSON
 * Updated `perl-IO-Socket-SSL` to 1.973 in Rawhide:
  * With `SSL_ca`, certificate handles can now be used in addition to `SSL_ca_file` and `SSL_ca_path`
  * No longer complain if `SSL_ca_file` and `SSL_ca_path` are both given; instead, add both as options to the CA store
  * Shortcut '`issuer`' to give both `issuer_cert` and `issuer_key` in `CERT_create`
 * Updated `perl-Scalar-List-Utils` to 1.38 in Rawhide:
  * Skip `pairmap()`'s `MULTICALL` implementation 5.8.9/5.10.0 as it doesn't work ([[CPAN:87857|CPAN RT#87857]])
  * Comment on the fact that package "`0`" is defined but false ([[CPAN:88201|CPAN RT#88201]])
  * `TODO` test in `t/readonly.t` now passes since 5.19.3 ([[CPAN:88223|CPAN RT#88223]])
  * Added `any`, `all`, `none`, `notall` list reduction functions (inspired by `List::MoreUtils`)
  * Added `List::Util::product()`
  * Added `Scalar::Util::unweaken()`
  * Avoid C99/C++-style comments in XS code
  * Fix `dualvar` tests for `perl` 5.6; fix `skip()` test counts in `dualvar.t`
  * Neater documentation examples of other functions that can be built using `reduce`
  * Implement `reduce()` and `first()` even in the absence of `MULTICALL`
  * Various documentation changes/updates
  * Correct uses of overload operators in unit tests ([[CPAN:91969|CPAN RT#91969]])
 * Updated `perl-Test-Modern` to 0.005 in Rawhide:
  * Support Perl 5.6.1+

==== Local Packages ====

 * Updated `curl` to 7.36.0:
 . This release includes the following security advisories:
  * Wrong re-use of connections ([[CVE:2014-0138|CVE-2014-0138]])
  * IP address wildcard certificate validation ([[CVE:2014-0139|CVE-2014-0139]])
  * Not verifying certs for TLS to IP address / Darwinssl ([[CVE:2014-1263|CVE-2014-1263]])
  * Not verifying certs for TLS to IP address / Winssl ([[CVE:2014-2522|CVE-2014-2522]])
 . This release includes the following changes:
  * ntlm: added support for NTLMv2
  * Tool: added support for URL specific options
  * openssl: add ALPN support
  * gtls: add ALPN support
  * nss: add ALPN and NPN support
  * Added `CURLOPT_EXPECT_100_TIMEOUT_MS`
  * Tool: add `--no-alpn` and `--no-npn`
  * Added `CURLOPT_SSL_ENABLE_NPN` and `CURLOPT_SSL_ENABLE_ALPN`
  * winssl: enable TLSv1.1 and TLSv1.2 by default
  * winssl: TLSv1.2 disables certificate signatures using MD5 hash
  * winssl: enable hostname verification of IP address using SAN or CN
  * darwinssl: don't omit CN verification when an IP address is used
  * http2: build with current `nghttp2` version
  * polarssl: dropped support for PolarSSL < 1.3.0
  * openssl: info message with SSL version used
 . This release includes the following bugfixes:
  * nss: allow to use ECC ciphers if NSS implements them
  * netrc: fixed a memory leak in an OOM condition
  * ftp: fixed a memory leak on wildcard error path
  * pipeline: fixed a `NULL` pointer dereference on OOM
  * nss: prefer highest available TLS version
  * `100-continue`: fix timeout condition
  * ssh: fixed a `NULL` pointer dereference on OOM condition
  * formpost: use semicolon in multipart/mixed
  * `--help`: add missing `--tlsv1.x` options
  * formdata: fixed memory leak on OOM condition
  * `ConnectionExists`: reusing possible HTTP+NTLM connections better
  * mingw32: fix compilation
  * Chunked decoder: track overflows correctly
  * `curl_easy_setopt.3`: add `CURL_HTTP_VERSION_2_0`
  * dict: fix memory leak in OOM exit path
  * `valgrind`: added suppression on optimized code
  * `curl`: output protocol headers using binary mode
  * Tool: added URL index to password prompt for multiple operations
  * `ConnectionExists`: re-use non-NTLM connections better
  * axtls: call `ssl_read` repeatedly
  * `multi`: make `MAXCONNECTS` default 4 x number of `easy` handles function
  * `configure`: fix the `--disable-crypto-auth` option
  * `multi`: ignore `SIGPIPE` internally
  * `curl.1`: update the description of `--tlsv1`
  * SFTP: skip reading the dir when `NOBODY=1`
  * `easy`: fixed a memory leak on OOM condition
  * Tool: fixed incorrect return code when setting HTTP request fails
  * `configure`: tiny fix to honour POSIX
  * Tool: do not output `libcurl` source for the information-only parameters
  * Rework Open Watcom make files to use standard `Wmake` features
  * `x509asn`: moved out `Curl_verifyhost` from NSS builds
  * `configure`: call it `GSS-API`
  * `hostcheck`: `Curl_cert_hostcheck` is not used by NSS builds
  * `multi_runsingle`: move timestamp into `INIT`
  * `remote_port`: allow `connect` to port `0`
  * `parse_remote_port`: error out on illegal port numbers better
  * ssh: pass errors from `libssh2_sftp_read` up the stack
  * docs: remove documentation on setting up krb4 support
  * polarssl: build fixes to work with PolarSSL 1.3.x
  * polarssl: fix possible handshake timeout issue in `multi`
  * nss: allow to enable/disable cipher-suites better
  * ssh: prevent a logic error that could result in an infinite loop
  * http2: free resources on disconnect
  * polarssl: avoid extra newlines in debug messages
  * rtsp: parse "`Session:`" header properly
  * `trynextip`: don't store '`ai`' on failed connects
  * `Curl_cert_hostcheck`: strip trailing dots in host name and wildcard
 * Updated `perl-IO-Socket-SSL` to 1.973 as per the Fedora version
 * Updated `perl-Test-Modern` to 0.005 as per the Fedora version

----