#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Thursday 6th November 2014 ===

==== Fedora Project ====

 * Updated `perl-Cpanel-JSON-XS` to 3.0105 in Rawhide:
  * Minor doc improvements ([[https://github.com/rurban/Cpanel-JSON-XS/issues/25|GH#25]])
  * Fix `d_Gconvert` test in `t/11_pc_expo.t` for 5.6
 * Updated `perl-IO-All` to 0.81 in F-21 and Rawhide:
  * Make the Role Call list link to their doc sections
  * Fixed a doc formatting bug
 * Built `perl-Net-CIDR-Lite` (0.21) for EPEL ([[RedHatBugzilla:1160801|Bug #1160801]])
 * Updated `perl-Path-Tiny` to 0.060 in F-21, Rawhide and EPEL-7:
  * Added '`truncate`' option to append for in-place replacement of file contents

==== Local Packages ====

 * Updated `curl` to 7.39.0; I had to disable test 2034 (https with certificate pinning) on EL-5/6 until such time as we can figure out why it breaks (http://curl.haxx.se/mail/lib-2014-11/0040.html):
  * SSLv3 is disabled by default
  * `CURLOPT_COOKIELIST`: added "`RELOAD`" command
  * Build: added `WinIDN` build configuration options to Visual Studio projects
  * `ssh`: improve key file search
  * SSL: public key pinning - use `CURLOPT_PINNEDPUBLICKEY` and `--pinnedpubkey`
  * `vtls`: remove `QsoSSL` support, use `gskit`!
  * `mk-ca-bundle`: added SHA-384 signature algorithm
  * Docs: added many examples for `libcurl` opts and other doc improvements
  * Build: added VC `ssh2` target to main `Makefile`
  * `MinGW`: added support to build with `nghttp2`
  * !NetWare: added support to build with `nghttp2`
  * Build: added Watcom support to build with `WinSSL`
  * Build: added optional specific version generation of VC project files
  * `curl_easy_duphandle`: `CURLOPT_COPYPOSTFIELDS` read out of bounds
  * `openssl`: build fix for versions < 0.9.8e
  * Newlines: fix mixed newlines to LF-only
  * `ntlm`: fixed HTTP proxy authentication when using Windows SSPI
  * `sasl_sspi`: fixed unicode build
  * `file`: reject paths using embedded `%00`
  * `threaded-resolver`: revert `Curl_expire_latest()` switch
  * `configure`: allow `--with-ca-path` with PolarSSL too
  * `HTTP/2`: fix busy loop when EOF is encountered
  * `CURLOPT_CAPATH`: return failure if set without backend support
  * `nss`: do not fail if a CRL is already cached
  * `smtp`: fixed intermittent "`SSL3_WRITE_PENDING: bad write retry`" error
  * Fixed 20+ nits/memory leaks identified by Coverity scans
  * `curl_schannel.c`: fixed possible memory or handle leak
  * `multi-uv.c`: call `curl_multi_info_read()` better
  * `Cmake`: check for OpenSSL before OpenLDAP
  * `Cmake`: fix library list provided to cURL tests
  * `Cmake`: avoid cycle directory dependencies
  * `Cmake`: build with GSS-API libraries (MIT or Heimdal)
  * `vtls`: provide backend defines for internal source code
  * `nss`: fix a connection failure when FTPS handle is reused
  * `tests/http_pipe.py`: Python 3 support
  * `Cmake`: build `tool_hugehelp` (`ENABLE_MANUAL`)
  * `Cmake`: enable IPv6 by default if available
  * Tests: move `TESTCASES` to `Makefile.inc`, add show for `cmake`
  * `ntlm`: avoid unnecessary buffer allocation for SSPI based type-2 token
  * `ntlm`: fixed empty/bad base-64 decoded buffer return codes
  * `ntlm`: fixed empty type-2 decoded message info text
  * `Cmake`: add `CMake/Macros.cmake` to the release tarball
  * `Cmake`: add `SUPPORT_FEATURES` and `SUPPORT_PROTOCOLS`
  * `Cmake`: use `LIBCURL_VERSION` from `curlver.h`
  * `Cmake`: generate `pkg-config` and `curl-config`
  * Fixed several superfluous variable assignements identified by `cppcheck`
  * Cleanup of '`CURLcode result`' return code
  * Pipelining: only output "`is not blacklisted`" in debug builds
  * SSL: remove SSLv3 from SSL default due to POODLE attack
  * `gskit.c`: remove SSLv3 from SSL default
  * `darwinssl`: detect possible future removal of SSLv3 from the framework
  * `ntlm`: only define `ntlm` data structure when `USE_NTLM` is defined
  * `ntlm`: return `CURLcode` from `Curl_ntlm_core_mk_lm_hash()`
  * `ntlm`: return all errors from `Curl_ntlm_core_mk_nt_hash()`
  * `sspi`: only call `CompleteAuthToken()` when complete is needed
  * `http_negotiate`: fixed missing check for `USE_SPNEGO`
  * `HTTP`: return larger than 3 digit response codes too
  * `openssl`: check for NPN / ALPN via OpenSSL version number
  * `openssl`: enable NPN separately from ALPN
  * `sasl_sspi`: allow DIGEST-MD5 to use current windows credentials
  * `sspi`: return `CURLE_LOGIN_DENIED` on `AcquireCredentialsHandle()` failure
  * `resume`: consider a resume from `[content-length]` to be OK
  * `sasl`: fixed Kerberos V5 inclusion when `CURL_DISABLE_CRYPTO_AUTH` is used
  * `build-openssl.bat`: fix x64 release build
  * `Cmake`: drop `_BSD_SOURCE` macro usage
  * `Cmake`: fix `gethostby{addr,name}_r` in `CurlTests`
  * `Cmake`: clean `OtherTests`, fixing `-Werror`
  * `Cmake`: fix `struct sockaddr_storage` check
  * `Curl_single_getsock`: fix hold/pause sock handling
  * SSL: PolarSSL default minimum SSL version TLS 1.0
  * `Cmake`: fix `ZLIB_INCLUDE_DIRS` use
  * `buildconf`: stop checking for `libtool`
 * Updated `perl-Cpanel-JSON-XS` to 3.0105 as per the Fedora version
 * Updated `perl-DateTime-TimeZone` to 1.78:
  * Fix warnings from Perl 5.8.8 and before; apparently it doesn't like when `$SIG{__DIE__}` is set to `undef` ([[https://github.com/autarch/DateTime-TimeZone/pull/4|PR#4]])
 * Updated `perl-DBI` to 1.632:
  * Fixed risk of memory corruption with many arguments to methods originally reported by OSCHWALD for Callbacks but may apply to other  functionality in `DBI` method dispatch ([[CPAN:86744|CPAN RT#86744]])
  * Fixed `DBD::PurePerl` to not set `$sth->{Active}` true by default; drivers are expected to set it true as needed
  * Fixed `DBI::DBD::SqlEngine` to complain loudly when prerequisite `driver_prefix` is not fulfilled ([[CPAN:93204|CPAN RT#93204]])
  * Fixed redundant `sprintf` argument warning ([[CPAN:97062|CPAN RT#97062]])
  * Fixed security issue where `DBD::File` drivers would open files from folders other than specifically passed using the `f_dir` attribute ([[CPAN:99508|CPAN RT#99508]])
  * Changed `delete $h->{$key}` to work for keys with '`private_`' prefix per request in [[CPAN:83156|CPAN RT#83156]]; `local $h->{$key}` works as before
  * Added security notice to `DBD::Proxy` and `DBI::ProxyServer` because they use `Storable`, which is insecure ([[CPAN:90475|CPAN RT#90475]])
  * Added note to `AutoInactiveDestroy` docs strongly recommending that it is enabled in all new code
 * Updated `perl-Moose` to 2.1402:
  * Fix a test that was using `Test::Exception` instead of `Test::Fatal`
 * Updated `perl-Path-Tiny` to 0.060 as per the Fedora version
 * Updated `perl-PerlIO-utf8_strict` to 0.005:
  * Add `PPPort` to compile on `perl` < 5.8.9

----