Paul's Blog Entries for November 2015
Sunday 1st November 2015
Fedora Project
Updated GeoIP to 1.6.7 in Rawhide:
Fixed a MSVC parser stack overflow when parsing 'regionName.c' and 'timeZone.c' (GH#64)
- Updated region codes and timezones
When using 'GEOIP_MEMORY_CACHE' with an invalid database file, the search tree traversal could attempt to read memory outside of the memory allocated for the memory cache, resulting in a segmentation fault; a check was added to ensure that the traversal code does not try to read beyond the end of the file, whether in memory, memory mapped, or on disk
- Previously the return values from file reads were ignored; we now check these values to ensure that there were no errors
Local Packages
Updated GeoIP to 1.6.7 as per the Fedora version
Updated perl-Class-Tiny to 1.004:
Refactored accessor generation to allow subclasses of Class::Tiny to implement alternate accessors
Monday 2nd November 2015
Fedora Project
Updated milter-greylist to 4.5.16 in Rawhide:
Reflect config syntax in addhheader logs
Honour daemon option in Redhat startup script
- Fix crash in SPF code
Local Packages
Updated perl-Module-Info to 0.37:
Added a has_pod() method, which returns the path to the file containing the pod (it could be a .pod file), if there is one
Listed NEILB as the current maintainer in the AUTHOR section
- Added link to github repo to doc
Updated perl-Pod-Simple to 3.32:
- Fixed failing tests on Windows
Switched debugging output from STDOUT to STDERR; should rarely be used, but modules that do depend on debugging output might need to change how they handle it (GitHub Pull Request #76)
Added errata_seen() to make POD errors easily accessible
Thursday 5th November 2015
Fedora Project
Updated perl-Math-BigInt-GMP to 1.44 in Rawhide:
Sync test files with Math-BigInt-1.999707
Update the README file
Replace 'use vars ...' with 'our ...'; we require a Perl newer than 5.6.0 anyway
Required version of Math-BigInt is now 1.999706
Add 'Test::More' to TEST_REQUIRES in Makefile.PL
Enable 'use warnings'; we require a Perl newer than 5.6.0 anyway
Add 'assertlib.*\.exe' to MANIFEST.SKIP, since make generates temporary files like 'assertlibzxjE4WfG.exe' on Cygwin
- Update author information
Updated perl-strictures to 2.000002 in Rawhide:
Use ExtUtils::HasCompiler to detect compiler rather than ExtUtils::CBuilder
- More comprehensive testing
Local Packages
Updated cdrtools to 3.02 alpha release 01; I've left the stable release 3.01 in the repository for now so users can revert to it if necessary
Updated perl-strictures to 2.000002 as per the Fedora version
Sunday 8th November 2015
Fedora Project
Updated perl-DateTime-Format-Strptime to 1.60 in Rawhide:
- Backwards Incompatibilities
- The error messages for various types of failures have changed
- The never-documented diagnostic parameter for the constructor has been removed
The never-documented feature to allow you to use arbitrary DateTime.pm methods in the parsing pattern has been removed; this never made much sense anyway, since most DateTime.pm methods are not constructor params, but they were used that way
Using the pattern, locale, and time_zone to set the respective attribute is now deprecated; make a new object instead of changing one of these values
- Bug Fixes
Fixed a warning from the tests with newer Perl versions (CPAN RT#107620)
Clarified docs to note that %Y and %G require 4-digit years (CPAN RT#103147)
Using the 24-hour token (%H) with an AM/PM specifier (%p) now leads to an error if you try to parse something like "23:01 AM" (CPAN RT#92445)
Updated perl-Moose to 2.1604 in Rawhide:
Minimum perl requirement is now set in configure-requires, as well as runtime-requires, to ensure that smokers bail out early enough to declare the installation N/A rather than FAIL
Local Packages
Updated perl-DateTime-Format-Strptime to 1.60 as per the Fedora version
Updated perl-DateTime-Locale to 1.01:
- Enhancements
- This release uses the locale data from CLDR version 28; the last major update of the locale data used CLDR 1.7.1, released in 2009, so this is a big change - many things have changed in terms of locale data
- Some locales are no longer available because they are not in the CLDR data
- The CLDR data no longer includes default date and time format lengths; this is now "medium" for every locale, simply to provide some level of backwards compatibility
Loading DateTime::Locale itself is now quite a bit faster; the whole locale registration system has been removed entirely, except for custom locales (CPAN RT#78794)
A long-standing issue with the Austrian locale not using the Austrian name for January has been fixed (CPAN RT#52337)
- Backwards Incompatibilities
This is a big new release, and includes a number of backwards-incompatible changes, though most users should be unaffected by this change; if you only use this module via DateTime.pm, you are unlikely to notice any changes other than changes to the locale data
- The old API deprecated since 0.40 has been removed (almost) entirely
- We now refer to things as "code" in the docs and method names where we used to call them "ids"; this includes locale, language, script, territory, and variant codes - this is more in line with the various ISO standards and the CLDR packages
All the $locale->*_id methods (including $locale->id) are deprecated; use the relevant $locale->*_code method instead
The canonical form of the locale codes now uses dashes (-) instead of underscores (_); loading a locale with an underscore in the name (e.g. en_US) still works
The way that locale data is packaged has changed quite a bit; we no longer package each locale in its own class: instead, all locale data is in a single module (mostly in a __DATA__ section) and loaded into memory as needed, so if you have any code that checks $locale->isa, that code may break
Locales are no longer subclasses of DateTime::Locale::Base; this module is still included in the distribution in case someone has a custom locale that inherits from this module, but this module will go away in a future release
The "ii-*" aliases for the "he-*" locales have been removed
The "no-*" aliases for the "nn-*" locales have been removed
The value of $locale->code no longer reflects the value passed to DateTime::Locale->load; this only affects aliases and non-canonical forms of the code, e.g. if you load "en_US" then $locale->code will return "en-US" and if you load "C" or "POSIX" the returned code will be "en-US-POSIX"
- All of the documentation related to creating aliases and registering custom locales has been removed; all of these methods still work, but I don't think this system got much use, so I don't want to emphasize it in the docs (but let me know if you are using this and want to see these docs restored)
Updated perl-Moose to 2.1604 as per the Fedora version
Updated perl-Net-DNS to 1.03:
Fix CPAN RT#107897: t/10-recurse.t freezes, never completes
Fix CPAN RT#101978: Update Net::DNS to use IO::Socket::IP
Fix CPAN RT#84375: Timeout doesn't work with bgsend/bgread
Fix CPAN RT#47050: Persistent sockets for Resolver::bg(send|read|isready)
Fix CPAN RT#15515: bgsend on TCP
Monday 9th November 2015
fedora Project
Updated GeoIP-GeoLite-data to the November 2015 databases in Rawhide
Local Packages
Updated GeoIP-GeoLite-data to the November 2015 databases as per the Fedora version
Tuesday 10th November 2015
Fedora Project
Updated pari to 2.7.5 in F-21, F-22, F-23 and Rawhide (periodic bugfix update)
Wednesday 11th November 2015
Fedora Project
Updated libssh2 (1.6.0) to fix pkg-config --libs output (Bug #1279966) in F-23 and Rawhide
Updated perl-B-Keywords to 1.15 in Rawhide:
Fixed $OUTPUT_AUTOFLUSH (CPAN RT#108572)
Made $* $MULTILINE_MATCHING version specific, deprecated with 5.8.1, removed with 5.10
Updated perl-Math-BigInt-GMP to 1.45 in Rawhide:
Sync test files with Math-BigInt-1.999709
Required version of Test::More is 0.47
Updated perl-MIME-Types to 2.12 in Rawhide:
- Downgrade prereq perl to 5.6
- Update IANA
Local Packages
Updated libssh2 as per the Fedora version
Updated perl-B-Keywords to 1.15 as per the Fedora version
Updated perl-MIME-Types to 2.12 as per the Fedora version
Thursday 12th November 2015
Fedora Project
Updated libpng10 to 1.0.64 in F-21, F-22, F-23, Rawhide and EPEL-6:
Fix typecast in a png_debug2() statement in png_set_text_2() to avoid a compiler warning in PNG_DEBUG builds
Fixed printf formats in pngtest.c to avoid compiler warnings and a Coverity warning in PNG_DEBUG builds
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds
Removed WRITE_WEIGHTED_FILTERED code
Avoid potentially dereferencing NULL info_ptr in png_info_init_3()
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c because usleep() is deprecated (port from libpng16)
- Fixed some bad links in the man page
Added a safety check in png_set_tIME() (CVE-2015-7981)
- Prevent writing over-length PLTE chunk
- Silently truncate over-length PLTE chunk while reading
Clarified COPYRIGHT information to state explicitly that versions are derived from previous versions
Removed much of the long list of previous versions from png.h and libpng.3
Local Packages
Updated libpng10 to 1.0.64 as per the Fedora version
Friday 13th November 2015
Fedora Project
Updated perl-DateTime to 1.21 in Rawhide (Bug #1267774):
Make all tests pass with the current DateTime::Locale
Saturday 14th November 2015
Fedora Project
Updated perl-DateTime-Format-Strptime to 1.61 in Rawhide:
If you loaded this module with warnings globally enabled, you'd get a warning about the import subroutine being redefined, which broke the Package::DeprecationManager API for turning off deprecation warnings; this has been fixed in Package::DeprecationManager 0.15 (CPAN RT#108871)
Updated perl-Package-DeprecationManager to 0.15 in Rawhide:
Made this module co-operate with existing import() subs in packages that use this module, as long as you use this module last
Local Packages
Rebuilt libxml2 (2.9.2) and py-bcrypt (0.4) for Python 3.5 in Rawhide
Updated perl-DateTime-Format-Strptime to 1.61 as per the Fedora version
Updated perl-Package-DeprecationManager to 0.15 as per the Fedora version
Sunday 15th November 2015
Fedora Project
Updated perl-Test-Valgrind to 1.17 in Rawhide:
The Test::Valgrind tests will now be skipped when the default and user-supplied suppressions files do not refer to any perl-related symbol; this behaviour can be overridden by passing 'allow_no_supp => 1' to Test::Valgrind->import
Fix CPAN RT#101934: t/20-bad.t failing on armv7hl; while the root cause of this issue is probably not at Test::Valgrind's level, it should nevertheless not run the tests when the suppression files are obviously insufficient
- The accuracy of the default perl suppression file has been improved
The tests will be more reliably skipped when no valgrind or no suppressions are found
- Segmentation faults during the analysis are now more gracefully handled
'no_def_supp => 1' will no longer cause the extra suppressions to be ignored
t/20-bad.t will no longer run the extra tests when no valgrind can be found (this was a regression in version 1.15)
Local Packages
Updated perl-Test-Valgrind to 1.17 as per the Fedora version
Monday 16th November 2015
Fedora Project
Updated perl-Convert-BinHex to 1.125 in Rawhide:
Made the Test:: modules TEST_REQUIRES (CPAN RT#108523)
Updated perl-Path-Tiny to 0.076 in Rawhide:
- Tilde expansion on Windows was resulting in backslashes; now they are correctly normalized to forward slashes
- Typos fixed
- Fixed spewing to a symlink that crosses a filesystem boundary
Add Test::MockRandom to META as a recommended test prerequisite
Updated perl-Test-Valgrind to 1.18 in Rawhide:
A new Test::Valgrind::Version class has been added to represent valgrind version numbers, instead of lazily relying on version.pm
The detection of the valgrind executable has been slightly improved to cover some edge cases
Test failures on Windows, or with old versions of Test::More or File::Temp, have been addressed
A few extraneous warnings displayed by some tests when they were run with old versions of Test::Harness were silenced
Updated proftpd (1.3.3g) in EPEL-7 to add support for specifying TLSv1.1 and TLSv1.2 as values for TLSProtocol in the mod_tls configuration (Bug #1281493)
Local Packages
Updated perl-BSD-Resource to 1.2909:
The new RLIMIT_ values in 1.2908 were not added quite right; our own tests didn't detect this, but the mod_perl2 ones did (CPAN RT#108955)
Updated perl-Convert-BinHex to 1.125 as per the Fedora version
Updated perl-Path-Tiny to 0.076 as per the Fedora version
Updated perl-Test-Valgrind to 1.18 as per the Fedora version
Sunday 22nd November 2015
Local Packages
Updated perl-Exception-Base to 0.2501:
- Fixes "Redundant argument in sprintf" warning on Perl 5.21.2
Updated perl-PPIx-Regexp to 0.043:
Beginning with version 0.035, PPIx::Regexp was incorrectly reporting the sense of modifiers when the same token both asserted and negated modifiers (e.g. '(?x-i:...)'); this release should correct the problem
- Document policy when Perl changes in such a way that the proper parse for a regular expression changes; in this case the more modern parse is preferred
- Parse white space inside bracketed character classes inside extended bracketed character classes (whew!) as literals, except for the space character itself and the horizontal tab; this tracks the corresponding change in Perl 5.23.4, and will be reverted if the corresponding Perl change does not make it into 5.24.0
Clear error when lexer identifies unknown token; those who peruse the changes in this release will see that a bunch of refactoring was done as part of this
Parse \U and friends as meta-characters inside \Q...\E; this turns out to be what Perl itself does, as shown by "perl -E 'say qr{\Q\Ufoo}'"
Do not end regex set prematurely on finding '])'; the problem is that '])' can occur within an extended bracketed character class if it contains grouping parentheses and the last item in a group is a regular bracketed character class and there is no white space between the end of the character class and the end of the group
Record parse failure if switch condition is unknown; the structure was being reblessed to PPIx::Regexp::Structure::Unknown, but the number of parse failures was not being incremented
Tuesday 24th November 2015
Fedora Project
Updated gtkwave to 3.3.68 in Rawhide:
- Update copyright date
Added named markers capability to From: and To: time value input boxes
- Added support for fixed point binary numbers for both signed and unsigned decimal display types
Updated perl-Test-Differences to 0.64 in Rawhide:
Bump dependency version for Text::Diff to avoid a buggy release
Make tests pass with relocation perl (CPAN RT#103133)
Local Packages
Updated cdrtools to 3.02 alpha release 02
Updated gtkwave to 3.3.68 as per the Fedora version
Updated libxml2 to 2.9.3:
CVE-2015-1819 Enforce the reader to run in constant memory
CVE-2015-5312 Another entity expansion issue
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey
CVE-2015-7498 Avoid processing entities after encoding conversion failures
CVE-2015-7941-1 Stop parsing on entities boundaries errors
CVE-2015-7941-2 Cleanup conditional section error handling
CVE-2015-7942-1 Another variation of overflow in Conditional sections
CVE-2015-7942-2 Fix an error in previous Conditional section patch
CVE-2015-7499-1 Add xmlHaltParser() to stop the parser
CVE-2015-7499-2 Detect incoherency on GROW
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries
CVE-2015-8035 Fix XZ compression support loop
CVE-2015-8242 Buffer overread with HTML parser in push mode
Various other bug fixes (see https://mail.gnome.org/archives/xml/2015-November/msg00012.html)
Updated nmap to 7.00 (see http://nmap.org/changelog.html for details)
Updated perl-Module-CoreList to 5.20151120:
- Updated for v5.23.5
Updated perl-Test-Differences to 0.64 as per the Fedora version
Wednesday 25th November 2015
Local Packages
Updated unrar to 5.30, updating the associated debian files to 5.3.2-1 too
Thursday 26th November 2015
Fedora Project
Updated perl-Cpanel-JSON-XS to 3.0203 in Rawhide:
Simplify handling of references, removing all the complicated work-around for reblessing; breaks overloaded values, but fixes serialising refs to read-only values (GH#21); schmorp thinks that overloading is broken with this patch, but reblessing and breaking read-only is worse
Stabilize Test::Kwalitee with missing XS dependencies
Suggests common::sense, not recommend (GH#36)
Boolean interop: use only JSON::PP::Boolean (GH#40)
Remove our own JSON::XS::Boolean, and solely use JSON::PP::Boolean and accept Mojo::JSON::_Bool (GH#37) and Types::Serialiser::Boolean, which is aliased to JSON::PP::Boolean
JSON::YAJL::Parser just produces an unbless IV (0|1)
- Fix overload of our bools
Stringify true to "true", false to "0"
Accept is_bool as method call also
Implement native encode_sv of the internal sv_yes/sv_no values (GH#39) and map them to json true/false (YAML::XS compatible)
pod: add SECURITY CONSIDERATIONS; added a table of safe and unsafe serializers for comparison (only JSON and Data::MessagePack are safe by default)
New feature: convert_blessed for encode; stringify overloaded perl objects and with allow_blessed even without string overload (GH#37)
New optional decode_json() argument to set allow_nonref as in RFC 7159 and PHP; before 3.02, JSON::XS and Cpanel::JSON::XS always allowed nonref values for decode_json due to an internal bug
With canonical, only skip hash keys sorting for actually tied hashes (GH#42)
Local Packages
Updated perl-Cpanel-JSON-XS to 3.0203 as per the Fedora version
Rebuilt perl-XML-LibXML against the latest libxml2
Friday 27th November 2015
Fedora Project
Updated perl-Cpanel-JSON-XS to 3.0204 in Rawhide:
Fix is_bool with JSON::XS >3.0 interop (GH#44)
Local Packages
Updated perl-Cpanel-JSON-XS to 3.0204 as per the Fedora version
Monday 30th November 2015
Fedora Project
Updated perl-Cpanel-JSON-XS to 3.0205 in Rawhide:
Add t/20_unknown.t tests from JSON::PP, extended
Fix convert_blessed, disallow invalid JSON (GH#46); convert_blessed always now returns a string, even for numbers
Fix encountered GLOB error message (still in JSON::XS, and JSON::PP took over the wrong message too)
Fixed regression of immediate raw values for null/true/false to be modifiable again (GH#45, broken with 3.0201-3.0204)
Updated perl-Test-Deep to 1.120 in Rawhide:
Add none() test; it's like any(), but negative
Fix stringification of any() expectations
Local Packages
Updated perl-Cpanel-JSON-XS to 3.0205 as per the Fedora version
Updated perl-Test-Deep to 1.120 as per the Fedora version
Updated python-twisted to 15.5.0 (see NEWS for details)
Previous Month: October 2015
Next Month: December 2015