#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Wednesday 2nd November 2016 ===

==== Fedora Project ====

 * Updated `perl-MCE` to 1.807 in Rawhide:
  * Enhanced relay capabilities
   * Added Mandelbrot example to `MCE::Example`
   * Added extra demonstrations to `MCE::Relay`
   * Added test script
  * Tweaked manager-loop delay for special cases - applies to MSWin32 only
 * Updated `perl-MCE-Shared` to 1.806 in Rawhide:
  * Added a new section titled `LOCKING` to the `MCE::Shared` documentation
  * Tweaked shared-manager-loop delay - applies to MSWin32 only
 * Updated `perl-Test-TrailingSpace` to 0.0301 in Rawhide:
  * Skip "`sample-data`" in `t/dogfood.t`, which caused problems with parallel testing

==== Local Packages ====

 * Updated `curl` to 7.51.0, and to use `libidn2` rather than `libidn` from Fedora 25 onwards:
  * `nss`: Additional cipher suites are now accepted by `CURLOPT_SSL_CIPHER_LIST`
  * New option: `CURLOPT_KEEP_SENDING_ON_ERROR`
  * [[CVE:2016-8615|CVE-2016-8615]]: Cookie injection for other servers
  * [[CVE:2016-8616|CVE-2016-8616]]: Case insensitive password comparison
  * [[CVE:2016-8617|CVE-2016-8617]]: OOB write via unchecked multiplication
  * [[CVE:2016-8618|CVE-2016-8618]]: Double-free in `curl_maprintf`
  * [[CVE:2016-8619|CVE-2016-8619]]: Double-free in `krb5` code
  * [[CVE:2016-8620|CVE-2016-8620]]: glob parser write/read out of bounds
  * [[CVE:2016-8621|CVE-2016-8621]]: `curl_getdate` read out of bounds
  * [[CVE:2016-8622|CVE-2016-8622]]: URL unescape heap overflow via integer truncation
  * [[CVE:2016-8623|CVE-2016-8623]]: Use-after-free via shared cookies
  * [[CVE:2016-8624|CVE-2016-8624]]: Invalid URL parsing with '`#`'
  * [[CVE:2016-8625|CVE-2016-8625]]: IDNA 2003 makes `curl` use wrong host
  * `openssl`: Fix per-thread memory leak using 1.0.1 or 1.0.2
  * `http`: Accept "`Transfer-Encoding: chunked`" for HTTP/2 as well
  * `LICENSE-MIXING.md`: Update with `mbedTLS` dual licensing
  * `examples/imap-append`: Set size of data to be uploaded
  * `test2048`: Fix url
  * `darwinssl`: Disable RC4 cipher-suite support
  * `CURLOPT_PINNEDPUBLICKEY.3`: Fix the `AVAILABILITY` formatting
  * `openssl`: Don’t call `CRYTPO_cleanup_all_ex_data`
  * `libressl`: Fix version output
  * `easy`: Reset all statistical session info in `curl_easy_reset`
  * `curl_global_cleanup.3`: Don't unload the lib with sub threads running
  * `dist`: Add `CurlSymbolHiding.cmake` to the tarball
  * docs: Remove that `--proto` is just used for initial retrieval
  * `configure`: Fixed builds with `libssh2` in a custom location
  * `curl.1`: `--trace` supports `%` for sending to stderr!
  * cookies: Same domain handling changed to match browser behaviour
  * `formpost`: Trying to attach a directory no longer crashes
  * `CURLOPT_DEBUGFUNCTION.3`: Fixed unused argument warning
  * `formpost`: Avoid silent `snprintf()` truncation
  * `ftp`: Fix `Curl_ftpsendf`
  * `mprintf`: Return error on too many arguments
  * `smb`: Properly check incoming packet boundaries
  * `GIT-INFO`: Remove the Mac 10.1-specific details
  * `resolve`: Add error message when resolving using `SIGALRM`
  * `cmake`: Add `nghttp2` support
  * `dist`: Remove PDF and HTML converted docs from the releases
  * `configure`: Disable `poll()` in macOS builds
  * `vtls`: Only re-use session-ids using the same scheme
  * pipelining: Skip to-be-closed connections when pipelining
  * Win: Fix Universal Windows Platform build
  * `curl`: Do not set `CURLOPT_SSLENGINE` to `DEFAULT` automatically
  * `maketgz`: Make it support "`only`" generating version info
  * `Curl_socket_check`: Add extra check to avoid integer overflow
  * `gopher`: Properly return error for poll failures
  * `curl`: Set `INTERLEAVEDATA` too
  * `polarssl`: Clear thread array at init
  * `polarssl`: Fix unaligned SSL session-id lock
  * `polarssl`: Reduce `#ifdef` madness with a macro
  * `curl_multi_add_handle`: Set timeouts in closure handles
  * `configure`: Set min version flags for builds on mac
  * `INSTALL`: Converted to markdown ⇒ `INSTALL.md`
  * `curl_multi_remove_handle`: Fix a double-free
  * `multi`: Fix infinite loop in `curl_multi_cleanup()`
  * `nss`: Fix tight loop in non-blocking TLS handshake over proxy
  * `mk-ca-bundle`: Change URL retrieval to HTTPS-only by default
  * `mbedtls`: Stop using deprecated include file
  * docs: Fix `req->data` in `multi-uv` example
  * `configure`: Fix test syntax for monotonic `clock_gettime`
  * `CURLMOPT_MAX_PIPELINE_LENGTH.3`: Clarify it's not for HTTP/2
 * Updated `perl-Archive-Tar` to 2.16:
  * Make roundtrip `tar` exe finding robust for crappy tars
 * Updated `perl-MCE` to 1.807 as per the Fedora version
 * Updated `perl-MCE-Shared` to 1.806 as per the Fedora version
 * Updated `perl-Role-Tiny` to 2.000005:
  * Revert change to `MRO::Compat` usage
 * Updated `perl-Test-TrailingSpace` to 0.0301 as per the Fedora version

----