#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Wednesday 11th March 2015 ===

==== Fedora Project ====

 * Updated `libssh2` to 1.5.0 in F-20, F-21, F-22 and Rawhide:
  * Security Advisory for [[CVE:2015-1782|CVE-2015-1782]], using `SSH_MSG_KEXINIT` data unbounded
  * Missing `_libssh2_error` in `_libssh2_channel_write`
  * `knownhost`: Fix DSS keys being detected as unknown
  * `knownhost`: Restore behaviour of '`libssh2_knownhost_writeline`' with short buffer
  * `libssh2.h`: On Windows, a socket is of type `SOCKET`, not `int`
  * `libssh2_priv.h`: A 1 bit bit-field should be unsigned
  * Windows build: Do not export externals from static library
  * Fixed two potential use-after-`free`s of the payload buffer
  * Fixed a few memory leaks in error paths
  * `userauth`: Fixed an attempt to `free` from stack on error
  * `agent_list_identities`: Fixed memory leak on OOM
  * `knownhosts`: Abort if the hosts buffer is too small
  * `sftp_close_handle`: Ensure the handle is always closed
  * `channel_close`: Close the channel even in the case of errors
  * Docs: Added missing `libssh2_session_handshake.3` file
  * Docs: Fixed a bunch of typos
  * `userauth_password`: Pass on the underlying error code
  * `_libssh2_channel_forward_cancel`: Accessed struct after `free`
  * `_libssh2_packet_add`: Avoid using uninitialized memory
  * `_libssh2_channel_forward_cancel`: Avoid memory leaks on error
  * `_libssh2_channel_write`: Client spins on `write` when window full
  * Windows build: Fix build errors
  * `publickey_packet_receive`: Avoid junk in returned pointers
  * `channel_receive_window_adjust`: Store windows size always
  * `userauth_hostbased_fromfile`: Zero assign to avoid uninitialized use
  * `configure`: Change `LIBS` not `LDFLAGS` when checking for libs
  * `agent_connect_unix`: Make sure there's a trailing zero
  * MinGW build: Fixed redefine warnings
  * `sftpdir.c`: Added authentication method detection
  * Watcom build: Added support for WinCNG build
  * `configure.ac`: Replace `AM_CONFIG_HEADER` with `AC_CONFIG_HEADERS`
  * `sftp_statvfs`: Fix for servers not supporting `statfvs` extension
  * `knownhost.c`: Use `LIBSSH2_FREE` macro instead of `free`
  * Fixed compilation using `mingw-w64`
  * `knownhost.c`: Fixed that '`key_type_len`' may be used uninitialized
  * `configure`: Display individual crypto backends on separate lines
  * Examples on Windows: Check for `WSAStartup` return code
  * Examples on Windows: Check for `socket` return code
  * `agent.c`: Check return code of `MapViewOfFile`
  * `kex.c`: Fix possible `NULL` pointer de-reference with `session->kex`
  * `packet.c`: Fix possible `NULL` pointer de-reference within `listen_state`
  * Tests on Windows: Check for `WSAStartup` return code
  * `userauth.c`: Improve readability and clarity of for-loops
  * Examples on Windows: Use native `SOCKET`-type instead of `int`
  * `packet.c`: `i < 256` was always true and `i` would overflow to `0`
  * `kex.c`: Make sure `mlist` is not set to `NULL`
  * `session.c`: Check return value of `session_nonblock` in debug mode
  * `session.c`: Check return value of `session_nonblock` during startup
  * `userauth.c`: Make sure that `sp_len` is positive and avoid overflows
  * `knownhost.c`: Fix use of uninitialized argument variable `wrote`
  * `openssl`: Initialise the digest context before calling `EVP_DigestInit()`
  * `libssh2_agent_init`: Init `->fd` to `LIBSSH2_INVALID_SOCKET`
  * configure.ac`: Add `zlib` to `Requires.private` in `libssh2.pc` if using `zlib`
  * `configure.ac`: Rework crypto library detection
  * `configure.ac`: Reorder `--with-*` options in `--help` output
  * `configure.ac`: Call `zlib` `zlib` and not `libz` in text but keep option names
  * Fix non-autotools builds: Always define the `LIBSSH2_OPENSSL` CPP macro
  * `sftp`: `seek`: Don't flush buffers on same offset
  * `sftp`: `statvfs`: Along error path, reset the correct '`state`' variable
  * `sftp`: Add support for `fsync` (OpenSSH extension)
  * `_libssh2_channel_read`: Fix data drop when out of window
  * `comp_method_zlib_decomp`: Improve buffer growing algorithm
  * `_libssh2_channel_read`: Honour `window_size_initial`
  * `window_size`: Redid window handling for flow control reasons
  * `knownhosts`: Handle unknown key types

==== Local Packages ====

 * Updated `libssh2` to 1.5.0 as per the Fedora version
 * Updated `perl-Variable-Magic` to 0.56:
  * Remove lvalue uses of `ERRSV` ([[CPAN:101410|CPAN RT#101410]])
  * Test: `$ENV{$Config{ldlibpthname}}` is now preserved on all platforms, which will address failures of `t/17-ctl.t` with unusual compilers (like `icc`) that link all their compiled objects to their own libraries
  * Test: The global destruction test is now only run on `perl` 5.13.4 and higher, and only if either `Perl::Destruct::Level` is installed or `PERL_DESTRUCT_LEVEL` is set and the `perl` is a debugging `perl`; this will solve rare crashes of `t/15-self.t` on `perl` 5.13.3 and older
 * Updated `sendmail` (8.15.1) to drop the `sysvinit` sub-package ([[https://fedorahosted.org/fesco/ticket/615|FESCO #615]])

----