#acl PaulHowarth:read,write,admin,revert,delete All:read === Wednesday 15th November 2017 === ==== Fedora Project ==== * Updated `spamass-milter` (0.4.0) in Rawhide to replace `/bin/*` dependencies with `coreutils` etc. ([[RedHatBugzilla:1512898|Bug #1512898]]) ==== Local Packages ==== * Updated `libgcrypt` to 1.7.9: * Mitigate a local side-channel attack on `Curve25519` dubbed "May the Fourth be With You" ([[CVE:2017-0379|CVE-2017-0379]]) * Updated `perl-Compress-Raw-Zlib` to 2.075: * Update bundled `zlib` to 1.2.11 * `perl` 5.26.1 is vulnerable to [[CVE:2016-9843|CVE-2016-9843]], [[CVE:2016-9841|CVE-2016-9841]], [[CVE:2016-9840|CVE-2016-9840]], [[CVE:2016-9842|CVE-2016-9842]] ([[CPAN:123245|CPAN RT#123245]]) * `Zlib.xs`: Don't allow offset to be greater than length of buffer in `crc32` * `Zlib.xs`: Change `my_zcalloc` to use `safecalloc` . The link, https://github.com/madler/zlib/issues/253, is the upstream report for the remaining valgrind errors not already dealt with by 1.2.11; using `calloc` in `Zlib.xs` for now as a workaround ([[CPAN:121074|CPAN RT#121074]]) . I also tweaked the build to use the bundled `zlib` if the system version was older than 1.2.11 * Updated `perl-Filter` to 1.58: * Drop 5.005 support * Switch from `DynaLoader` to `XSLoader` ([[https://github.com/rurban/Filter/pull/5|GH#5]]) * Replace `use vars` by `our` ([[https://github.com/rurban/Filter/pull/5|GH#5]]) * Lazy load `Carp` only when required ([[https://github.com/rurban/Filter/pull/5|GH#5]]) * Minor test improvements * Fix v5.8 cast warnings * Updated `perl-Search-Elasticsearch` to 6.00: * Released 6.00 with default API for `6_0` * Legacy `5_0` API now released separately * Trace logging now includes `content-type` headers where appropriate * Deprecation warnings are now parsed to extract the message only * Improved boolean value handling in query string parameters - now accepts `true`, `false`, `\1`, `\0`, or a `JSON::PP::Boolean` object * Handle removal of '`.`' from `@INC` in `perl` 5.26 * Updated `spamass-milter` (0.4.0) as per the Fedora version ----