PaulHowarth/Blog/2017-10-31

Tuesday 31st October 2017

Fedora Project

  • Updated geoipupdate to 2.5.0 in Rawhide:

    • Replace use of strnlen() due to lack of universal availability (GH#71)

    • Document the 'LockFile' option in the 'GeoIP.conf' man page (GH#64)

    • Remove unused base64 library (GH#68)

    • Add the new configuration option 'PreserveFileTimes'; if set, the downloaded files will get the same modification times as their original on the server (default is '0') (GH#63)

    • Use the correct types when calling 'curl_easy_setopt()'; this fixes warnings generated by libcurl's 'typecheck-gcc.h' (GH#61)

    • In 'GeoIP.conf', the 'UserId' option was renamed to 'AccountID' and the 'ProductIds' option was renamed to 'EditionIDs'; the old options will continue to work, but upgrading to the new names is recommended for forward compatibility

  • Updated perl-Net-SSLeay to 1.82 in Rawhide:

    • Added support for building under Linuxbrew (a linuxbrew version of MacOS Homebrew)
    • Implement SSL_CTX_set_psk_client_callback() and SSL_set_psk_client_callback()

    • Skip the NPN test if the SSL library is LibreSSL
    • Fixed a problem with a variable declaration in ssleay_session_secret_cb_invoke

    • Bugfix: tlsext_status_cb_invoke(...): free ocsp_response only when allocated; the same callback is used on a server side for OCSP stapling and in that case ocsp_response is NULL and not used

    • New feature: Added a binding SSL_set_session_ticket_ext_cb(ssl, callback, data); a callback used by EAP-FAST/EAP-TEAT to parse and process TLS session ticket

    • New feature: Added a binding SSL_set_session_ticket_ext(ssl, ticket); used by EAP-FAST/EAP-TEAP to define TLS session ticket value

    • Bugfix: tlsext_ticket_key_cb_invoke(...): allow SHA256 HMAC key to be 32 bytes instead of 16 bytes (which OpenSSL will pad with zeros up to 32 bytes)

    • New feature: Added following bindings:
      • X509_get_ex_data(cert, idx)

      • X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func)

      • X509_get_app_data(cert)

      • X509_set_ex_data(cert, idx, data)

      • X509_set_app_data(cert, arg)

      • X509_STORE_CTX_get_ex_new_index(argl, argp, new_func, dup_func, free_func)

      • X509_STORE_CTX_get_app_data(x509_store_ctx)

      • X509_STORE_CTX_set_app_data(x509_store_ctx, arg)

    • New feature: Added an implementation for SSL_get_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)

    • New feature: Added an implementation for SSL_get_peer_finished(ssl, buf, count=2*EVP_MAX_MD_SIZE)

    • Bugfix: SSL_get_keyblock_size(s): Calculate key block size correctly also with AEAD ciphers, which don’t use digest functions

    • New feature: Added a binding SSL_set_tlsext_status_ocsp_resp(ssl, staple); used by a server side to include OCSP staple in ServerHello

    • Bugfix: SSL_OCSP_response_verify(ssl, rsp, svreq, flags): check that chain and last are not NULL before trying to use them

    • Bugfix: inc/Module/Install/PRIVATE/Net/SSLeay.pm: Don’t quote include and lib paths

  • Updated perl-YAML to 1.24 in Rawhide:

Local Packages

  • Updated geoipupdate to 2.5.0 as per the Fedora version

  • Updated perl-Net-SSLeay to 1.82 as per the Fedora version

  • Updated perl-PPIx-Regexp to 0.053:

    • Recognize \px as Unicode char class; at least, when the x is C, L, M, N, P, S or Z

    • The 'parse' argument to new() is now deprecated

  • Updated perl-YAML to 1.24 as per the Fedora version


Recent