Wednesday 15th November 2017
Fedora Project
Updated spamass-milter (0.4.0) in Rawhide to replace /bin/* dependencies with coreutils etc. (Bug #1512898)
Local Packages
Updated libgcrypt to 1.7.9:
Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With You" (CVE-2017-0379)
Updated perl-Compress-Raw-Zlib to 2.075:
Update bundled zlib to 1.2.11
perl 5.26.1 is vulnerable to CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842 (CPAN RT#123245)
Zlib.xs: Don't allow offset to be greater than length of buffer in crc32
Zlib.xs: Change my_zcalloc to use safecalloc
The link, https://github.com/madler/zlib/issues/253, is the upstream report for the remaining valgrind errors not already dealt with by 1.2.11; using calloc in Zlib.xs for now as a workaround (CPAN RT#121074)
I also tweaked the build to use the bundled zlib if the system version was older than 1.2.11
Updated perl-Filter to 1.58:
Updated perl-Search-Elasticsearch to 6.00:
Released 6.00 with default API for 6_0
Legacy 5_0 API now released separately
Trace logging now includes content-type headers where appropriate
- Deprecation warnings are now parsed to extract the message only
Improved boolean value handling in query string parameters - now accepts true, false, \1, \0, or a JSON::PP::Boolean object
Handle removal of '.' from @INC in perl 5.26
Updated spamass-milter (0.4.0) as per the Fedora version