PaulHowarth/Blog/2016-11-02

Wednesday 2nd November 2016

Fedora Project

  • Updated perl-MCE to 1.807 in Rawhide:

    • Enhanced relay capabilities
      • Added Mandelbrot example to MCE::Example

      • Added extra demonstrations to MCE::Relay

      • Added test script
    • Tweaked manager-loop delay for special cases - applies to MSWin32 only
  • Updated perl-MCE-Shared to 1.806 in Rawhide:

    • Added a new section titled LOCKING to the MCE::Shared documentation

    • Tweaked shared-manager-loop delay - applies to MSWin32 only
  • Updated perl-Test-TrailingSpace to 0.0301 in Rawhide:

    • Skip "sample-data" in t/dogfood.t, which caused problems with parallel testing

Local Packages

  • Updated curl to 7.51.0, and to use libidn2 rather than libidn from Fedora 25 onwards:

    • nss: Additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST

    • New option: CURLOPT_KEEP_SENDING_ON_ERROR

    • CVE-2016-8615: Cookie injection for other servers

    • CVE-2016-8616: Case insensitive password comparison

    • CVE-2016-8617: OOB write via unchecked multiplication

    • CVE-2016-8618: Double-free in curl_maprintf

    • CVE-2016-8619: Double-free in krb5 code

    • CVE-2016-8620: glob parser write/read out of bounds

    • CVE-2016-8621: curl_getdate read out of bounds

    • CVE-2016-8622: URL unescape heap overflow via integer truncation

    • CVE-2016-8623: Use-after-free via shared cookies

    • CVE-2016-8624: Invalid URL parsing with '#'

    • CVE-2016-8625: IDNA 2003 makes curl use wrong host

    • openssl: Fix per-thread memory leak using 1.0.1 or 1.0.2

    • http: Accept "Transfer-Encoding: chunked" for HTTP/2 as well

    • LICENSE-MIXING.md: Update with mbedTLS dual licensing

    • examples/imap-append: Set size of data to be uploaded

    • test2048: Fix url

    • darwinssl: Disable RC4 cipher-suite support

    • CURLOPT_PINNEDPUBLICKEY.3: Fix the AVAILABILITY formatting

    • openssl: Don’t call CRYTPO_cleanup_all_ex_data

    • libressl: Fix version output

    • easy: Reset all statistical session info in curl_easy_reset

    • curl_global_cleanup.3: Don't unload the lib with sub threads running

    • dist: Add CurlSymbolHiding.cmake to the tarball

    • docs: Remove that --proto is just used for initial retrieval

    • configure: Fixed builds with libssh2 in a custom location

    • curl.1: --trace supports % for sending to stderr!

    • cookies: Same domain handling changed to match browser behaviour
    • formpost: Trying to attach a directory no longer crashes

    • CURLOPT_DEBUGFUNCTION.3: Fixed unused argument warning

    • formpost: Avoid silent snprintf() truncation

    • ftp: Fix Curl_ftpsendf

    • mprintf: Return error on too many arguments

    • smb: Properly check incoming packet boundaries

    • GIT-INFO: Remove the Mac 10.1-specific details

    • resolve: Add error message when resolving using SIGALRM

    • cmake: Add nghttp2 support

    • dist: Remove PDF and HTML converted docs from the releases

    • configure: Disable poll() in macOS builds

    • vtls: Only re-use session-ids using the same scheme

    • pipelining: Skip to-be-closed connections when pipelining
    • Win: Fix Universal Windows Platform build
    • curl: Do not set CURLOPT_SSLENGINE to DEFAULT automatically

    • maketgz: Make it support "only" generating version info

    • Curl_socket_check: Add extra check to avoid integer overflow

    • gopher: Properly return error for poll failures

    • curl: Set INTERLEAVEDATA too

    • polarssl: Clear thread array at init

    • polarssl: Fix unaligned SSL session-id lock

    • polarssl: Reduce #ifdef madness with a macro

    • curl_multi_add_handle: Set timeouts in closure handles

    • configure: Set min version flags for builds on mac

    • INSTALL: Converted to markdown ⇒ INSTALL.md

    • curl_multi_remove_handle: Fix a double-free

    • multi: Fix infinite loop in curl_multi_cleanup()

    • nss: Fix tight loop in non-blocking TLS handshake over proxy

    • mk-ca-bundle: Change URL retrieval to HTTPS-only by default

    • mbedtls: Stop using deprecated include file

    • docs: Fix req->data in multi-uv example

    • configure: Fix test syntax for monotonic clock_gettime

    • CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2

  • Updated perl-Archive-Tar to 2.16:

    • Make roundtrip tar exe finding robust for crappy tars

  • Updated perl-MCE to 1.807 as per the Fedora version

  • Updated perl-MCE-Shared to 1.806 as per the Fedora version

  • Updated perl-Role-Tiny to 2.000005:

    • Revert change to MRO::Compat usage

  • Updated perl-Test-TrailingSpace to 0.0301 as per the Fedora version


Recent