Paul's Blog Entries for November 2016
Tuesday 1st November 2016
Fedora Project
Updated perl-AnyEvent (7.13) in Rawhide to avoid interactive prompt during build (Bug #1390463), and for now, BuildConflict with perl-Net-SSLeay (Bug #1390468)
Updated perl-Devel-GlobalDestruction to 0.14 in Rawhide:
Stop relying on . being in @INC
Switch to ExtUtils::HasCompiler to detect presence of a compiler
Updated perl-Devel-GlobalDestruction-XS to 0.03 in Rawhide:
Stop relying on . being in @INC
Updated perl-Safe-Isa to 1.000006 in Rawhide:
Now falling back to $obj->isa if DOES/does is not implemented on the object, to avoid fatal errors on perls too old to have their own DOES (CPAN RT#100866)
Local Packages
Updated moin to 1.9.9 (see CHANGES for details)
Updated perl-AnyEvent (7.13) as per the Fedora version
Updated perl-Devel-GlobalDestruction to 0.14 as per the Fedora version
Updated perl-Devel-GlobalDestruction-XS to 0.03 as per the Fedora version
Updated perl-Moo to 2.002005:
Fix accessor extensions that need captured variables for clearers and predicates (CPAN RT#118453)
Avoid relying on '.' being in @INC in tests
Fix Sub::Quote test when run with perl -C or PERL_UNICODE on perl 5.10 (CPAN RT#117844)
Improved error messages for invalid sub names in Sub::Quote (CPAN RT#116416, CPAN RT#117711)
- Clarify meta method documentation
Bump Role::Tiny prereq version to get stub in role fix (CPAN RT#116674)
Updated perl-Role-Tiny to 2.000004:
Fix consuming stubs from roles (CPAN RT#116674)
- Fix error message when applying conflicting roles to an object
Drop prerequisite on MRO::Compat on perl 5.8
Updated perl-Safe-Isa to 1.000006 as per the Fedora version
Wednesday 2nd November 2016
Fedora Project
Updated perl-MCE to 1.807 in Rawhide:
- Enhanced relay capabilities
Added Mandelbrot example to MCE::Example
Added extra demonstrations to MCE::Relay
- Added test script
- Tweaked manager-loop delay for special cases - applies to MSWin32 only
- Enhanced relay capabilities
Updated perl-MCE-Shared to 1.806 in Rawhide:
Added a new section titled LOCKING to the MCE::Shared documentation
- Tweaked shared-manager-loop delay - applies to MSWin32 only
Updated perl-Test-TrailingSpace to 0.0301 in Rawhide:
Skip "sample-data" in t/dogfood.t, which caused problems with parallel testing
Local Packages
Updated curl to 7.51.0, and to use libidn2 rather than libidn from Fedora 25 onwards:
nss: Additional cipher suites are now accepted by CURLOPT_SSL_CIPHER_LIST
New option: CURLOPT_KEEP_SENDING_ON_ERROR
CVE-2016-8615: Cookie injection for other servers
CVE-2016-8616: Case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: Double-free in curl_maprintf
CVE-2016-8619: Double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: Invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
openssl: Fix per-thread memory leak using 1.0.1 or 1.0.2
http: Accept "Transfer-Encoding: chunked" for HTTP/2 as well
LICENSE-MIXING.md: Update with mbedTLS dual licensing
examples/imap-append: Set size of data to be uploaded
test2048: Fix url
darwinssl: Disable RC4 cipher-suite support
CURLOPT_PINNEDPUBLICKEY.3: Fix the AVAILABILITY formatting
openssl: Don’t call CRYTPO_cleanup_all_ex_data
libressl: Fix version output
easy: Reset all statistical session info in curl_easy_reset
curl_global_cleanup.3: Don't unload the lib with sub threads running
dist: Add CurlSymbolHiding.cmake to the tarball
docs: Remove that --proto is just used for initial retrieval
configure: Fixed builds with libssh2 in a custom location
curl.1: --trace supports % for sending to stderr!
- cookies: Same domain handling changed to match browser behaviour
formpost: Trying to attach a directory no longer crashes
CURLOPT_DEBUGFUNCTION.3: Fixed unused argument warning
formpost: Avoid silent snprintf() truncation
ftp: Fix Curl_ftpsendf
mprintf: Return error on too many arguments
smb: Properly check incoming packet boundaries
GIT-INFO: Remove the Mac 10.1-specific details
resolve: Add error message when resolving using SIGALRM
cmake: Add nghttp2 support
dist: Remove PDF and HTML converted docs from the releases
configure: Disable poll() in macOS builds
vtls: Only re-use session-ids using the same scheme
- pipelining: Skip to-be-closed connections when pipelining
- Win: Fix Universal Windows Platform build
curl: Do not set CURLOPT_SSLENGINE to DEFAULT automatically
maketgz: Make it support "only" generating version info
Curl_socket_check: Add extra check to avoid integer overflow
gopher: Properly return error for poll failures
curl: Set INTERLEAVEDATA too
polarssl: Clear thread array at init
polarssl: Fix unaligned SSL session-id lock
polarssl: Reduce #ifdef madness with a macro
curl_multi_add_handle: Set timeouts in closure handles
configure: Set min version flags for builds on mac
INSTALL: Converted to markdown ⇒ INSTALL.md
curl_multi_remove_handle: Fix a double-free
multi: Fix infinite loop in curl_multi_cleanup()
nss: Fix tight loop in non-blocking TLS handshake over proxy
mk-ca-bundle: Change URL retrieval to HTTPS-only by default
mbedtls: Stop using deprecated include file
docs: Fix req->data in multi-uv example
configure: Fix test syntax for monotonic clock_gettime
CURLMOPT_MAX_PIPELINE_LENGTH.3: Clarify it's not for HTTP/2
Updated perl-Archive-Tar to 2.16:
Make roundtrip tar exe finding robust for crappy tars
Updated perl-MCE to 1.807 as per the Fedora version
Updated perl-MCE-Shared to 1.806 as per the Fedora version
Updated perl-Role-Tiny to 2.000005:
Revert change to MRO::Compat usage
Updated perl-Test-TrailingSpace to 0.0301 as per the Fedora version
Thursday 3rd November 2016
Fedora Project
Updated perl-Params-ValidationCompiler to 0.14 in Rawhide:
Added a "named_to_list" option to support returning only the parameter values from a named parameter validator rather than the key-value pairs
Errors from calls to validation_for() now use croak so as to show up at the call site, rather than in the internals
Local Packages
Updated perl-DateTime-TimeZone to 2.07:
- This release is based on version 2016i of the Olson database
- Contemporary changes for Tonga and Antarctica/Casey
- There is also a new zone for Northern Cyprus, Asia/Famagusta, which differs from other parts of Cyprus
Updated perl-Params-ValidationCompiler to 0.14 as per the Fedora version
For older distributions that don't have the new requirement List::Util ≥ 1.29, I patched out the need for it by copying in the required function pairkeys from List::Util::PP
Friday 4th November 2016
Fedora Project
Updated perl-Params-ValidationCompiler to 0.16 in Rawhide:
Previously, using a default with a positional parameter would result in an error when compiling the validator subroutine; defaults now work with positional parameters (GH#5)
Moose and Specio types (and coercions) that provide variables to close over when being inlined did not always compile properly; most notably, this was not being handled at all for Moose types, and not completely handled for Specio coercions
Local Packages
Updated perl-Params-ValidationCompiler to 0.16 as per the Fedora version
Updated perl-Term-ReadLine-Gnu to 1.35:
readline-7.0 support:
New functions: rl_clear_visible_line, rl_tty_set_echoing, rl_pending_signal
New variable: rl_persistent_signal_handlers
Gnu.xs: Fix a bug of rl_readline_state variable manifesting on a big-endian, sizeof(int)==4, and sizeof(long)==8 platform with the GNU Readline Library 7.0 (CPAN RT#118371)
Saturday 5th November 2016
Fedora Project
Updated perl-MCE to 1.808 in Rawhide:
Workers persist unless shutdown explicitly while running alongside the Mojolicious framework
Local Packages
Updated perl-MCE to 1.808 as per the Fedora version
Sunday 6th November 2016
Fedora Project
Updated perl-Test-Deep to 1.124 in Rawhide:
Avoid an uninitialized warning when array_each() compares to a non-reference
Local Packages
Updated perl-Test-Deep to 1.124 as per the Fedora version
Monday 7th November 2016
Fedora Project
Updated perl-Params-ValidationCompiler to 0.17 in Rawhide:
- When using positional parameters, parameters with a default are now optional; for named parameters, this was already the case
Updated perl-Specio to 0.31 in Rawhide:
The stack trace contained by Specio::Exception objects no longer includes stack frames for the Specio::Exception package
Made the inline_environment() and description() methods public on type and coercion objects
Local Packages
Updated perl-Archive-Tar to 2.18:
Capture also the STDERR when checking tar exe
Updated perl-Params-ValidationCompiler to 0.17 as per the Fedora version
Updated perl-Specio to 0.31 as per the Fedora version
Tuesday 8th November 2016
Fedora Project
Updated perl-Any-Moose to 0.27 in Rawhide:
- Add deprecation warning when this module is used
Updated perl-Test2-Plugin-NoWarnings to 0.05 in Rawhide:
Skip compile.t on Windows; this test uses IPC::Run3, which doesn't seem to work well on that platform (CPAN RT#118443)
Local Packages
Updated perl-Net-FTPSSL to 0.35:
- Minor POD updates
Added catastrophic failure protection to _croak_or_return() by adding local $SIG{PIPE} = "IGNORE"; before connection termination logic
Updated perl-Test2-Plugin-NoWarnings to 0.05 as per the Fedora version
Wednesday 9th November 2016
Fedora Project
Rebuilt Singular (3.1.7) without polymake support in Rawhide as the start of a bootstrapping process for ppc64 (Singular and polymake build-require each other); unfortunately, polymake then failed to build on ppc64 so that was as far as the process got
Thursday 10th November 2016
Fedora Project
Updated perl-Math-GMP to 2.12 in Rawhide:
- Add support for testing methods that return lists
Add broot, brootrem, bsqrtrem, is_perfect_power, is_perfect_square (CPAN RT#118677)
Local Packages
Updated libxslt (1.1.29) to fix heap overread in xsltFormatNumberConversion (CVE-2016-4738)
Sunday 13th November 2016
Fedora Project
Updated perl-DateTime to 1.40 in Rawhide:
Switched from RT to the GitHub issue tracker
Local Packages
Updated perl-DateTime to 1.40 as per the Fedora version
Monday 14th November 2016
Fedora Project
Updated perl-Params-ValidationCompiler to 0.18 in Rawhide:
Using coercions with positional parameters could cause a "Modification of a read-only value attempted" exception when the generated code tried to assign to elements of @_; this is now fixed by making a copy if any of the types have a coercion
Using Moose types with coercions in a positional params check would cause invalid code to be generated; this could also happen with Type::Tiny if either the type or a coercion could not be inlined
Local Packages
New package perl-Search-Elasticsearch-Client-2_0 (5.01)
Updated perl-DateTime-Locale to 1.11:
Switched from RT to the GitHub issue tracker
Updated perl-DateTime-TimeZone to 2.08:
Switched from RT to the GitHub issue tracker
Updated perl-MetaCPAN-Client (1.028003) to make it work with Search::Elasticsearch ≥ 5.00 (https://github.com/metacpan/metacpan-client/issues/55)
Updated perl-Params-ValidationCompiler to 0.18 as per the Fedora version
Built and pushed the previously-designed update of perl-Search-Elasticsearch to 5.01, which has a number of API changes over the previous 2.x version
Tuesday 15th November 2016
Fedora Project
Submitted a review request for a perl-Crypt-IDEA package based on the one in RPM Fusion; the IDEA patent has expired and the package is being moved to Fedora proper; the package was kindly reviewed and approved by Petr Pisar
Imported and built perl-Crypt-IDEA (1.10) for F-23, F-24, F-25, Rawhide, EPEL-5, EPEL-6 and EPEL-7
Local Packages
Updated curl (7.51.0) to do stricter host name checking for file:// URLs, and to check md5 fingerprints case insensitively for the ssh protocol
Updated perl-DBD-SQLite to 1.52:
- Updated bundled SQLite to 3.13.0
As upstream disabled two-arg fts3_tokenizer() for security concern, DBD::SQLite also stopped enabling it by default; if you do need the perl tokenizer, compile/install with SQLITE_ENABLE_FTS3_TOKENIZER environment variable
- Applied a doc patch by Salvatore Bonaccorso
Enabled (experimental) FTS5
Fixed REGEXP function to work under sqlite_unicode correctly
Fixed t/62_regexp_multibyte_char_class.t failing for perl ≥ 5.22.0 and non-utf8 locale (CPAN RT#112220)
Fixed column_info not parsing sizes with spaces (CPAN RT#115465)
- Added two missing function declarations
Wednesday 16th November 2016
Fedora Project
Updated perl-Net-SSH-Perl (1.42) in Rawhide to enable IDEA algorithm support using Crypt::IDEA (Bug #1394820)
Updated perl-Sysadm-Install to 0.48 in Rawhide:
Typo fix (CPAN RT#114826)
Reopening stderr now after password_read prompt to tty closed it
RPM Fusion Project
Retired perl-Crypt-IDEA, which has moved to Fedora
Local Packages
Updated libmetalink to 0.1.3:
- Fixes a bug in which the signature element in metalink v4 was not parsed correctly
Updated moin (1.9.9) to fix wrong digestmod
Thursday 17th November 2016
Fedora Project
Updated perl-Cpanel-JSON-XS to 3.0223 in Rawhide:
Fixed decode bignum with a string prefix (GH#76)
Updated perl-DateTime to 1.41 in Rawhide:
The DateTime->add and ->subtract methods now accept DateTime::Duration objects; this used to work by accident but is now done intentionally, with docs and tests (GH#45)
Local Packages
Updated perl-Cpanel-JSON-XS to 3.0223 as per the Fedora version
Updated perl-DateTime to 1.41 as per the Fedora version
Updated perl-JSON-XS to 3.03:
Fix a bug introduced by a perl bug workaround that would cause incremental parsing to fail with an sv_chop panic
json_xs: toformat failure error message fixed
json_xs: Allow cyclic data structures in CBOR
Updated perl-Mail-Sender to 0.903:
Fixed an errant extra test requirement (GH#3)
- Marked the entire dist as DEPRECATED as it should no longer be used
Friday 18th November 2016
Fedora Project
Updated perl-Contextual-Return to 0.004009 in Rawhide:
Improved behaviour of FREEZE
Improved output of DUMP
Updated perl-Math-BigInt-GMP to 1.6000 in Rawhide:
Sync test files with Math-BigInt-1.999800
Update bundled Devel::CheckLib from v1.03 to v1.07
Math::BigInt::GMP is now a subclass of Math::BigInt::Lib, so remove pure Perl methods from Math::BigInt::GMP that are implemented in the superclass Math::BigInt::Lib; the methods removed are _digit(), _num(), _nok(), and _log_int() (the version of _log_int() implemented in Math::BigInt::GMP was buggy anyway)
Fix _check() so it doesn't give a "use of uninitialized value" warning if given an undefined "object"
- Trim whitespace in all files
Better use of the functionality in Test::More in t/bigintg.t
Updated perl-Math-GMP to 2.13 in Rawhide:
Fix the tests on older libgmps (CPAN RT#118816)
- Refactoring of the test suite
Saturday 19th November 2016
Fedora Project
Updated perl-Devel-CheckCompiler to 0.07 in Rawhide:
- Correct test dependency
Updated perl-MetaCPAN-Client to 2.000000 in Rawhide:
- Major version: v1 full support
- Removed support and default settings for v0
Corrected domain, base_url setting, using clientinfo
- Code/tests updates and cleanup
Pinned Search::Elasticsearch version to 2.03
Use @Starter in dist.ini + cpanfile cleanup
- Major version: v1 full support
Updated perl-YAML to 1.19 in Rawhide:
Updated proftpd (1.3.5b) in Rawhide to support OpenSSL 1.1.x API (upstream bug 4275)
Local Packages
Updated perl-Devel-CheckCompiler to 0.07 as per the Fedora version
Updated perl-MetaCPAN-Client to 2.000000 as per the Fedora version, but patching it to use Search::Elasticsearch::Client::2_0::Scroll for compatibility with Search::Elasticsearch 5.x
Updated perl-YAML to 1.19 as per the Fedora version
Updated proftpd (1.3.5b) to support OpenSSL 1.1.x API as per the Fedora version
Sunday 20th November 2016
Fedora Project
Updated perl-Cpanel-JSON-XS to 3.0224 in Rawhide:
Fixes for g++-6, stricter -fpermissive and -Wc++11-compat
Local Packages
Updated perl-Cpanel-JSON-XS to 3.0224 as per the Fedora version
Monday 21st November 2016
Fedora Project
Updated perl-GDGraph to 1.54 in Rawhide:
Disable two Y axes alignment when any y[12]_{min,max}_value is defined (CPAN RT#62665)
Updated perl-IO-Socket-SSL to 2.039 in Rawhide:
OpenSSL 1.1.0c changed the behavior of SSL_read so that it now returns -1 on EOF without proper SSL shutdown; since it looks like that this behaviour will be kept at least for 1.1.1+, adapt to the changed API by treating errno=NOERR on SSL_ERROR_SYSCALL as EOF
Local Packages
Updated curl (7.51.0) to map CURL_SSLVERSION_DEFAULT to NSS default, and add support for TLS 1.3 (Bug #1396719)
Updated perl-IO-Socket-SSL to 2.039 as per the Fedora version
Updated perl-Module-CoreList to 5.20161120:
- Updated for v5.25.7
Tuesday 22nd November 2016
Fedora Project
Updated perl-Params-ValidationCompiler to 0.19 in Rawhide:
Non-inlinable Specio types caused a syntax error when used with positional params
- Positional params with coercions and defaults did not work properly; the coerced value and the default would simply not be returned in any case
Local Packages
Updated perl-Params-ValidationCompiler to 0.19 as per the Fedora version
Wednesday 23rd November 2016
Local Packages
Updated perl-Class-Inspector to 1.30:
Fix Makefile.PL to work with Perls without '.' in @INC
Fix for the installed method when used with a PAR archive (CPAN RT#42846)
Minor documentation fixes (grammar, spelling: CPAN RT#74481, CPAN RT#85356)
- Update metadata to point to github repository, plus some other minor dist meta tweaks
Updated python-passlib to 1.7.0 (see history/1.7.html for details)
Thursday 24th November 2016
Fedora Project
Updated milter-greylist to 4.6.2 in Rawhide:
Add rawfrom ACL clause to match unprocessed FROM command
Fix helo ACL clause string match
- Avoid excessive GeoIP logs if database was not set
- Fix crashes on configuration reload
- Allow empty quoted strings in configuration
- Add GeoIP support for IPv6
My own testing has revealed some crashing related to GeoIP checks introduced in this version, and I have reverted to 4.6.1 locally until I can diagnose and fix this issue
Updated perl-Cpanel-JSON-XS to 3.0225 in Rawhide:
- UTF8 decode security fixes for perl 5.6
Added extra detection code for overflows and non-continuations; this broke one 5.6 test with an overlong multi-byte character, which previously worked accidentally, i.e. decode "\ud801\udc02\x{10204}"
Added tests for ill-formed utf8 sequences from Encode
Updated perl-MCE to 1.809 in Rawhide:
Bug fixes for running MCE inside threads
- Random numbers are unique between workers
Updated perl-MCE-Shared to 1.807 in Rawhide:
Refactored MCE::Hobo
- Improved reliability on the Windows platform by using threads
- Bug fixes for test scripts
Updated perl-Test-Simple to 1.302067 in Rawhide:
Fix double release when 'throw' is used in context_do()
- Repo management improvements
Better handling of info vs. diag in ->send_event
Fix test that used 'parent'
Better handling of non-bumping failures (#728)
Set the TEST_ACTIVE env var to true
Set the TEST2_ACTIVE env var to true
Fix cmp_ok output in some confusing cases (#6) ( Update travis config
- Add missing author deps
- Fix handling of negative pids on Windows
Add can() to Test::Tester::Delegate (despite deprecation)
- Fix some minor test issues
- Handle cases where SysV IPC can be available but not enabled
Import 'context' into Test2::IPC; it is used by 'cull'
Propagate warnings settings to use_ok (#736)
- Fix context test for recent blead
Local Packages
Updated perl-ConfigReader-Simple to 1.291:
- Remove the prereq test
Updated perl-Cpanel-JSON-XS to 3.0225 as per the Fedora version
Updated perl-DateTime-TimeZone to 2.09:
- This release is based on version 2016j of the Olson database
- Contemporary changes for Russia (Europe/Saratov)
Updated perl-MCE to 1.809 as per the Fedora version
Updated perl-MCE-Shared to 1.807 as per the Fedora version
Updated perl-Test2 to 1.302067, as per the Fedora perl-Test-Simple package
Friday 25th November 2016
Fedora Project
Updated GeoIP-GeoLite-data to the November 2016 databases in Rawhide
Updated perl-AnyEvent (7.13) in Rawhide to fix from Mike McCauley for segfault in SSL handling that manifests on OpenSSL 1.1.0 x86_64 (CPAN RT#118584, RHBZ#1390468)
Submitted a perl-Module-Extract-Use (1.04) package for review (new dependency of perl-Test-Prereq)
Local Packages
Updated GeoIP-GeoLite-data to the November 2016 databases as per the Fedora version
Updated perl-AnyEvent (7.13) as per the Fedora version
New package perl-Module-Extract-Use (1.04)
Updated perl-Perl-Critic-Pulp to 91:
RequireFinalCut allow no blank line before =cut (CPAN RT#118722)
RequireLinkedURLs allow example.com
Updated perl-Test-Prereq to 2.002:
Saturday 26th November 2016
Fedora Project
Updated perl-CPAN-Meta-Check to 0.014 in Rawhide:
Undef versions are now passed through to CPAN::Meta::Requirements for the check, rather than failing with "Missing version" errors
Local Packages
Updated perl-Class-Inspector to 1.31:
Migrated from Module::Install to Dist::Zilla and ExtUtils::MakeMaker
- Fixed meta for repository, which was pointing to the wrong URL
Updated perl-CPAN-Meta-Check to 0.014 as per the Fedora version
Sunday 27th November 2016
Local Packages
Updated perl-Perl-Critic-Pulp to 92:
ProhibitPOSIXimport oops, don't use // operator (CPAN RT#118959)
Monday 28th November 2016
Fedora Project
Updated milter-greylist (4.6.2) in Rawhide to address crashes when no geoipv6db was in use (patch sent upstream)
Petr Pisar kindly reviewed and approved my perl-Module-Extract-Use package submission
Imported and built perl-Module-Extract-Use (1.04) for F-24, F-25, Rawhide, EPEL-6 and EPEL-7
Updated perl-Test-Prereq to 2.002 in Rawhide:
Local Packages
Updated perl-Test2-Suite to 0.000061:
Fix mocked objects so that they respond properly to ->can when using AUTOLOAD
- Fix some meta-files
- Small build improvements
- Minor fixes
Tuesday 29th November 2016
Local Packages
Updated pptp to 1.9.0:
Close a memory leak in pqueue
Avoid spurious error about /bin/ip on FreeBSD
- Fix compiler warnings
Avoid clobbering heap (Bug #1183627)
- Fix use after free in call close request handler
make clean to clean pptpsetup.8 (Debian #831032)
Add --missing-window option (Debian #680455, Ubuntu #681617)
Randomise call-id (Debian #721963)
Replace gethostbyname(3) with getaddrinfo(3)
Fix typo in pptp_ctrl manpage
Place pptpsetup manpage in correct section
- Don't set build flags; use defaults
Remove pptpsetup.8 from source as it is generated
Fix for (null) in "pptp: GRE-to-PPP gateway on (null)"
Wednesday 30th November 2016
Fedora Project
Updated perl-Text-CSV_XS to 1.26 in Rawhide:
Disable some Unicode-related tests for unhealthy $PERL_UNICODE (CPAN RT#117856)
is_missing(0) on empty line returns 1 for keep_meta_info=true (GH#27)
Local Packages
Updated perl-Text-CSV_XS to 1.26 as per the Fedora version
Previous Month: October 2016
Next Month: December 2016