Paul's Blog Entries for March 2018
Thursday 1st March 2018
Fedora Project
Updated perl-Lexical-SealRequireHints (0.011) and perl-Lexical-Var (0.009) in Rawhide to explicitly build-require ExtUtils::CBuilder (https://bugzilla.redhat.com/show_bug.cgi?id=1547165#c7)
Local Packages
Updated perl-Module-Build (0.4224) where weak dependencies are available, not to hard-require ExtUtils::CBuilder to allow installing Module::Build without gcc (Bug #1547165); Module::Build users have to require ExtUtils::CBuilder explicitly according to 'XS Extensions' section in Module::Build::Authoring POD
Updated perl-Net-IDN-Encode (2.400) to explicitly build-require ExtUtils::CBuilder (https://bugzilla.redhat.com/show_bug.cgi?id=1547165#c7)
Friday 2nd March 2018
Fedora Project
Updated perl-Hash-FieldHash (0.15) and perl-Params-Classify (0.015) in Rawhide to explicitly build-require ExtUtils::CBuilder (https://bugzilla.redhat.com/show_bug.cgi?id=1547165#c7)
Local Packages
- Branched repository for Fedora 28
Updated dovecot (2.3.x):
Updated dovecot to 2.3.0.1:
CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted; this happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames
CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker, e.g. these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users
CVE-2017-15132: Aborted SASL authentication leaks memory in login process
Linux: Core dumping is no longer enabled by default via PR_SET_DUMPABLE, because this may allow attackers to bypass chroot/group restrictions; nowadays core dumps can be safely enabled by using "sysctl -w fs.suid_dumpable=2", and if the old behaviour is wanted, it can still be enabled by setting: import_environment=$import_environment PR_SET_DUMPABLE=1
imap-login with SSL/TLS connections may end up in infinite loop
Updated pigeonhole to 0.5.0.1:
imap4flags extension: Fix binary corruption occurring when setflag/addflag/removeflag flag-list is a variable
sieve-extprograms plugin: Fix segfault occurring when used in IMAPSieve context
Updated dovecot (2.2.x):
Updated dovecot to 2.2.34:
CVE-2017-15130: TLS SNI config lookups may lead to excessive memory usage, causing imap-login/pop3-login VSZ limit to be reached and the process restarted; this happens only if Dovecot config has local_name { } or local { } configuration blocks and attacker uses randomly generated SNI servernames
CVE-2017-14461: Parsing invalid email addresses may cause a crash or leak memory contents to attacker, e.g. these memory contents might contain parts of an email from another user if the same imap process is reused for multiple users
CVE-2017-15132: Aborted SASL authentication leaks memory in login process
Linux: Core dumping is no longer enabled by default via PR_SET_DUMPABLE, because this may allow attackers to bypass chroot/group restrictions; nowadays core dumps can be safely enabled by using "sysctl -w fs.suid_dumpable=2", and if the old behaviour is wanted, it can still be enabled by setting: import_environment=$import_environment PR_SET_DUMPABLE=1
doveconf output now includes the hostname
New mail_attachment_detection_options setting controls when $HasAttachment and $HasNoAttachment keywords are set for mails
imap: Support fetching body snippets using FETCH (SNIPPET) or (SNIPPET (LAZY=FUZZY))
fs-compress: Automatically detect whether input is compressed or not; prefix the compression algorithm with "maybe-" to enable the detection, for example: "compress:maybe-gz:6:..."
Added settings to change dovecot.index* files' optimization behavior; see https://wiki2.dovecot.org/IndexFiles#Settings
Auth cache can now utilize auth workers to do password hash verification by setting auth_cache_verify_password_with_worker=yes
Added charset_alias plugin (https://wiki2.dovecot.org/Plugins/CharsetAlias)
imap_logout_format and pop3_logout_format settings now support all of the generic variables (e.g. %{rip}, %{session}, etc.)
Added auth_policy_check_before_auth, auth_policy_check_after_auth and auth_policy_report_after_auth settings
v2.2.33: doveadm-server: Various fixes related to log handling
v2.2.33: doveadm failed when trying to access UNIX socket that didn't require authentication
v2.2.33: doveadm log reopen stopped working
v2.2.30+: IMAP stopped advertising SPECIAL-USE capability
v2.2.30+: IMAP stopped sending untagged OK/NO storage notifications
replication: dsync sent unnecessary replication notification for changes it did internally (NOTE: Folder creates, renames, deletes and subscribes still trigger unnecessary replication notifications, but these should be rather rare)
mail_always/never_cache_fields setting changes weren't applied for existing dovecot.index.cache files
- Fix compiling and other problems with OpenSSL v1.1
- auth policy: With master user logins, lookup using login username
FTS reindexed all mails unnecessarily after loss of dovecot.index.cache file
- mdbox rebuild repeatedly failed with "missing map extension"
SSL connections may have been hanging with imapc or doveadm client
- cassandra: Using protocol v3 (Cassandra v2.1) caused memory leaks and also timestamps weren't set to queries
fs-crypt silently ignored public/private keys specified in configuration (mail_crypt_global_public/private_key) and just emitted plaintext output
lock_method=dotlock caused crashes
imapc: Reconnection may cause crashes and other errors
Updated pigeonhole to 0.4.22:
Fixed filesystem path handling problem: sieve plugin could have assert-crashed with specific path lengths with: "Panic: file realpath.c: line 86 (path_normalize): assertion failed: (npath_pos + 1 < npath + asize)"
Sieve extprograms plugin: Large output from "execute" command crashed delivery; fixed buffering issue in code that handles output from the external program
editheader extension: Extensively reworked the low-level implementation of adding and removing headers, which solved a few integer arithmetic problems reported by Clang runtime checks, but also improves code structure and reliability in general
imapsieve: Fix assert crash occurring when selected messages are expunged concurrently by the time Sieve filter is to be applied
imap4flags extension: Fix binary byte-code corruption occurring when the setflag, addflag, or removeflag command's flag-list is a variable
enotify extension: mailto method: Fixed parsing of mailto URI with only a header part
enotify extension: mailto method: Make sure "From:" header is set to a usable address and not "(null)"
- Fixed writing address headers to outgoing messages; it sometimes erroneously applied another layer of MIME header encoding
This build also removed tcp_wrappers support from the Fedora 28 build (Bug #1518761)
Updated libidn (1.33) to drop ldconfig scriptlets (replaced by RPM File Triggers) from Fedora 28 onwards
Updated libxml2 (2.9.7) to rebuild with new LDFLAGS from redhat-rpm-config
Updated nmap to add appdata file (Bug #1476506)
Updated perl-Hash-FieldHash (0.15) as per the Fedora version
Updated perl-Module-Build (0.4224) not to require a compiler if c_source is an empty list (Bug #1547165, CPAN RT#124625)
Updated perl-Params-Classify (0.015) and perl-Params-Validate (1.29) to explicitly build-require ExtUtils::CBuilder (https://bugzilla.redhat.com/show_bug.cgi?id=1547165#c7)
Monday 5th March 2018
Fedora Project
Updated perl-Pod-Coverage-TrustPod to 0.100004 in F-28 and Rawhide:
- Report more usefully when a regex can't be compiled
Updated perl-String-Format to 1.18 in F-28 and Rawhide:
Escape { and } (CPAN RT#124147)
Local Packages
Updated perl-Pod-Coverage-TrustPod to 0.100004 as per the Fedora version
Updated perl-String-Format to 1.18 as per the Fedora version
Tuesday 6th March 2018
Fedora Project
Updated gtkwave to 3.3.88 in F-28 and Rawhide:
Added --sstexclude command line option to prune unwanted clutter from the SST window
Updated "/View/Mouseover Copies To Clipboard" menu option for copying signal names into the clipboard so they can be pasted into text editors, etc.
- Fixed Write Save File to handle getting confused by initial cancel then retry
- Updated v2k input/output declarations to handle unpacked arrays
- Fix for pattern marks that could overshoot the left marker
Local Packages
Updated gtkwave to 3.3.88 as per the Fedora version
Updated perl-Test-Simple to 1.302128:
- Add optional UUID tagging
Updated perl-Test2-Suite to 0.000104:
Add verbosity to 'You must attach to an AsyncSubtest ...' errors
AsyncSubtest now works with UUIDs and adds other proper meta-data
Add Data::Dumper to dependency list (GH#154)
Wednesday 7th March 2018
Fedora Project
Updated perl-Clone (0.39) and perl-Text-Aspell (0.09) in Rawhide to explicitly build-require gcc
Local Packages
Updated libxml2 to 2.9.8 (bug fix and enhancement update - see https://mail.gnome.org/archives/xml//2018-March/msg00001.html)
I also added a small patch (from https://patchwork.openembedded.org/patch/143436/) to fix the Python tests to work with Python 3:
1 --- python/tests/tstLastError.py 2 +++ python/tests/tstLastError.py 3 @@ -25,7 +25,7 @@ class TestCase(unittest.TestCase): 4 when the exception is raised, check the libxml2.lastError for 5 expected values.""" 6 # disable the default error handler 7 - libxml2.registerErrorHandler(None,None) 8 + libxml2.registerErrorHandler(lambda ctx,str: None,None) 9 try: 10 f(*args) 11 except exc:
Updated perl-Email-Address to 1.909:
- Add some docs saying "don't use this, it can be busted"
Updated perl-Net-FTPSSL to 0.40:
- Updated the copyright to 2018
Updated README to reference the new FTPSSL_SSL_VER environment variable for the test case prompts (t/*.t); also fixed several typos in this file
Updated "_mdtm()" to allow for dates from 1999 and earlier (CPAN RT#124570)
Updated perl-Test2-Suite to 0.000106:
Fix nesting bug in Test2::Workflow
Updated perl-Text-Template to 1.51:
- Add test for nested tags breakage that happened in v1.46
Turn off strict+warnings in sections where template code is eval'ed (GH#9)
Rebuilt perl-XML-LibXML (2.0132) for libxml2 version 2.9.8
Thursday 8th March 2018
Fedora Project
Updated perl-Log-Dispatch-FileRotate to 1.35 in F-28 and Rawhide:
- Fix lockfile race condition test in Strawberry Perl
Skip file open failure test on Cygwin - chmod behaviour varies on Cygwin
- Minor test clean-ups
- Fix 'Use of "localtime" without parentheses# warning on older Perls
Migrate issues/bug tracking from rt.cpan.org to GitHub issues
Updated perl-Test-Simple to 1.302130 in F-28 and Rawhide:
- Make hubs tag events with a new facet
Local Packages
Updated perl-PPIx-Regexp to 0.056:
Support removal of un-escaped literal left curlys after left parens, which was deprecated in 5.27.8; no actual change in output yet, since deprecation is not tracked, but the perl_version_removed() logic is there
Add next_element() and kin; these are analogous to next_sibling() and kin, but will cross over from content proper into structure (beginning and end delimiters, etc.) and vice versa
Correct requirements_for_perl() for impossible regular expression; it now returns '! $]' when the components of the regexp are valid, but none are valid under any specific version of Perl - it used to think all Perls were OK when this happened
Add the alpha_assertions introduced in 5.27.9
Handle 5.27.9's change from +script_run to *script_run, and support *sr as a synonym
Updated perl-Test-Simple to 1.302130 as per the Fedora version
Friday 9th March 2018
Local Packages
Updated cdrtools (3.01 and 3.02 alpha 09) to drop ldconfig scriptlets (replaced by RPM File Triggers) from Fedora 28 onwards
Updated sendmail (8.15.2) to fix GCC 8 mis-compilation in Rawhide, to use systemd rather than systemd-units from Fedora 17 onwards, to drop SysV-to-systemd migration from Fedora 23 onwards, and to drop ldconfig scriptlets (replaced by RPM File Triggers) from Fedora 28 onwards
Updated ud (0.7.1) to use systemd rather than systemd-units from Fedora 17 onwards
Updated unrar (5.50) to update the debian files to 5.5.8-1 and to drop ldconfig scriptlets (replaced by RPM File Triggers) from Fedora 28 onwards
Cleaned up and rebuilt weblint (1.9.3) and weblint++ (1.15)
Monday 12th March 2018
Fedora Project
Updated perl-Test-Simple to 1.302133 in F-28 and Rawhide:
Make sure event puts the uuid into the about facet
- Add method to validate facet data
Add Test2::Event::V2 event class, and context helpers
- Improve how events handle facets
Break out meta_facet_data
Document and fix Facets2Legacy
Fix nested and in_subtest to look at hub facets
Fix event->related and trace with uuid
Local Packages
Updated curl (7.58.0) to mark http2 connections for close on GOAWAY
Updated perl-Test-Simple to 1.302133 as per the Fedora version
Updated perl-Test2-Suite to 0.000106:
Add rounded() and within() wrappers for approximate comparisons
Updated unrar to 5.60 beta 1
Tuesday 13th March 2018
Fedora Project
Updated perl-Pod-Coverage-TrustPod to 0.100005 in F-28 and Rawhide:
Remove an accidentally-introduced // operator
Local Packages
Updated perl-Pod-Coverage-TrustPod to 0.100005 as per the Fedora version
Cleaned up and rebuilt smf-sav (2.1) and smf-spf (2.0.2)
I have, however, decided to disable smf-sav on my own mail server as it has become more trouble than it's worth, largely due to many companies sending important emails from non-returnable email addresses (which of course means that have no idea if their emails are actually going to valid addresses)
Wednesday 14th March 2018
Fedora Project
Updated perl-MCE to 1.835 in F28 and Rawhide:
Added gather and relay demonstrations to MCE::Relay
Load IO::Handle for extra stability, preventing workers loading uniquely
Load Net::HTTP and Net::HTTPS before spawning if present LWP::UserAgent
See http://www.perlmonks.org/?node_id=1199760 and http://www.perlmonks.org/?node_id=1199891
Updated perl-MCE-Shared to 1.836 in F28 and Rawhide:
Added chameneos demonstration to MCE::Shared::Condvar
Load IO::Handle for extra stability, preventing workers loading uniquely
Load Net::HTTP and Net::HTTPS before spawning if present LWP::UserAgent
See http://www.perlmonks.org/?node_id=1199760 and http://www.perlmonks.org/?node_id=1199891
Bumped MCE dependency to 1.835
Updated perl-Net-SSLeay to 1.85 in F-28 and Rawhide:
- Preparations for transferring maintenance to a new maintainer
Fixed test failure in t/local/33_x509_create_cert.t for some versions of OpenSSL
Fixed free() error that causes "Free to wrong pool ..." message on Windows
Local Packages
Updated curl to 7.59.0
- Includes security fixes:
FTP: Reject path components with control codes (CVE-2018-1000120)
openldap: Check ldap_get_attribute_ber() results for NULL before using (CVE-2018-1000121)
readwrite: Make sure excess reads don't go beyond buffer end (CVE-2018-1000122)
- Includes security fixes:
Updated perl-MCE to 1.835 as per the Fedora version
Updated perl-MCE-Shared to 1.836 as per the Fedora version
Updated perl-Net-SSLeay to 1.85 as per the Fedora version
Thursday 15th March 2018
Fedora Project
Rebuilt perl-CPAN-Meta-YAML (0.018) and perl-Test-LeakTrace (0.16) for F-28 and Rawhide, since the existing builds hadn't been tagged properly in koji
Local Packages
Updated perl-Test2-Suite to 0.000111:
Add AsyncSubtest retrieval to hubs
Allow events from unattached processes in AsyncSubtest
Cleaned up and rebuilt php4-pcntl (4.4.9), php4-pcntl-gtk (1.0.2) and py-bcrypt (0.4)
Rebuilt smbldap-tools (0.9.11) for the Fedora_28_Mass_Rebuild
Friday 16th March 2018
Fedora Project
Updated python-paramiko to 2.4.1 in F-28 and Rawhide, to 2.3.2 in F-27, and to 2.2.3 in F-26:
CVE-2018-7750: A flaw was found in the implementation of transport.py in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step. This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g. paramiko.SSHClient), the vulnerability is not exposed and thus cannot be exploited.
Local Packages
Updated curl (7.59.0) to run the test suite using Python 3 from Fedora 28 onwards
Updated moin (1.9.9) to handle properly the upgrade from the Fedora moin package with a bundled passlib, which requires some lua trickery to deal with a directory to symlink transition
Updated python-passlib (1.7.1) to fix FTBFS in Fedora 28 and Rawhide due to crypt() via libxcrypt having bsdi_crypt and sha1_crypt support in Linux, which glibc crypt() did not have, and to add support for a Python 3.4 build for EL-7
Saturday 17th March 2018
Fedora Project
Branched and built perl-Data-HexDump (0.02) for EPEL-6 (Bug #1557560)
Updated perl-Data-HexDump (0.02) in F-26, F-27, F-28 and Rawhide not to include code that has "use lib 'lib'"
Monday 19th March 2018
Fedora Project
Branched and built perl-Authen-Radius (0.24) for EPEL-6 (Bug #1557561)
Local Packages
Cleaned up and rebuilt bw-whois (5.5.2), davfs2 (1.5.4), grepmail (5.3104), mgdiff (1.0) and perl-Algorithm-Diff-XS (0.04)
Updated perl-XML-Simple to 2.25:
Disable entity expansion when using XML::Parser, for more secure default behaviour
Call to XML::Parser constructor is now in its own method to ease overriding
Tuesday 20th March 2018
Local Packages
Updated perl-DBI to 1.641:
Updated perl-Test-Harness to 3.42:
Enable rulesfile.t to run in core
Updated perl-Text-Template to 1.52:
Fix possible 'Subroutine ... redefined' warning (GH#10)
Cleaned up and rebuilt perl-BSD-Resource (1.2911)
Wednesday 21st March 2018
Fedora Project
Updated GeoIP-GeoLite-data to the March 2018 databases in F-28 and Rawhide
Updated perl-Text-CSV_XS to 1.35 in F-28 and Rawhide:
Remove META.yml from MANIFEST.skip
Use UNIVERSAL::isa to protect against unblessed references
Fix -Wformat warning (CPAN RT#123729)
Make detect_bom result available
- It's 2018
Add csv (out => \"skip") - suppress output deliberately
- Allow sub as top-level filter
Tested against Test2::Harness-0.001062 (yath test)
Tested against perl-5.27.10
Local Packages
Updated GeoIP-GeoLite-data to the March 2018 databases as per the Fedora version
Updated nmap to 7.70 (see CHANGELOG for details)
Updated perl-Module-CoreList to 5.20180221:
- Updated for v5.27.10
Updated perl-Text-CSV_XS to 1.35 as per the Fedora version
Cleaned up and rebuilt perl-version (0.9918) and perl-WeakRef (0.01)
Thursday 22nd March 2018
Fedora Project
Updated perl-DBD-CSV to 0.50 in F-28 and Rawhide:
- Explain more about header folding
- BOM handling
- Some documentation enhancements
Ignore DBI_DSN if it is not CSV
- It's 2018
Test with perl-5.26, DBI-1.641, SQL::Statement-1.412 and Text::CSV_XS-1.35
Local Packages
Updated perl-DBD-CSV to 0.50 as per the Fedora version
Cleaned up and rebuilt perl-Term-ReadLine-Gnu (1.35), perl-Test-Taint (1.06), perl-Unicode-Map8 (0.13) and perl-Unicode-String (2.10)
Friday 23rd March 2018
Fedora Project
Updated gtkwave to 3.3.89 in F-28 and Rawhide:
Added support for 32-bit conversions in BitsToReal
- Crash fix for pattern search with reals using LXT, LXT2, VZT
Local Packages
Updated gtkwave to 3.3.89 as per the Fedora version
Cleaned up and rebuilt perl-Params-Util (1.07), perl-Taint-Runtime (0.03) and perl-Term-ReadKey (2.37)
Sunday 25th March 2018
Fedora Project
Updated perl-DBD-CSV to 0.51 in F-28 and Rawhide:
Fix tests for Perl without dot in @INC
Local Packages
Updated perl-DBD-CSV to 0.51 as per the Fedora version
Monday 26th March 2018
Fedora Project
Updated perl-Array-Compare to 3.0.1 in F-28 and Rawhide:
- Various code fixes recommended by kritika.io
- Applied doc patch from Debian
Updated perl-DateTime to 1.48 in F-28 and Rawhide:
DateTime::Duration->multiply now only allows integer multipliers (GH#73)
Added is_last_day_of_quarter() and is_last_day_of_year() methods (GH#72)
When an exception was thrown while adding a duration, the object could be left in a broken state with the duration partially applied; subsequent addition or subtraction would produce the wrong results (GH#74)
DateTime 1.47 would die if Sub::Util was not available, but this should just be an optional requirement (GH#77, GH#78)
Updated python-paramiko (2.1.1) in EPEL-7, fixing a security flaw (CVE-2018-7750) in Paramiko's server mode (Bug #1557132); this package is cloned from EL-7 Extras and then Python 3 support enabled for EPEL
Local Packages
Updated perl-Array-Compare to 3.0.1 as per the Fedora version
Updated perl-DateTime to 1.48 as per the Fedora version
Updated perl-DateTime-TimeZone to 2.18:
- This release is based on version 2018d of the Olson database
- Contemporary changes for Palestine and Casey Station
Tuesday 27th March 2018
Fedora Project
Updated perl-IPC-Run to 0.97 in F-28 and Rawhide:
Updated perl-Test-Perl-Critic to 1.04 in F-28 and Rawhide:
Local Packages
Updated perl-IPC-Run to 0.97 as per the Fedora version
Updated perl-Test-Perl-Critic to 1.04 as per the Fedora version
Cleaned up and rebuilt perl-Net-LibIDN (0.12)
Wednesday 28th March 2018
Local Packages
Updated dovecot (2.2):
Updated dovecot to 2.2.35:
charset_alias: Compile failed with Solaris Studio
- Fix local name handling in v2.2.34 SNI code
imapc: Don't try to add mails to index if they already exist there
imapc: If email is modified in istream_opened hook, mail size isn't updated
lib-dcrypt: When reading encrypted data, more data would not be read if buffer was not consumed causing panic or hang
notify: When notify plugin is used and transaction commit fails in dsync, crash occurred
sdbox: When delivering to a mailbox that is over quota, temp files were not cleaned up when saving or copying fails
Updated pigeonhole to 0.4.23:
editheader extension: Corrected the stream position calculations performed while making the modified message available as a stream; Pigeonhole Sieve crashed in LMTP with an assertion panic when the Sieve editheader extension was used before the message was redirected
fileinto extension: Fix assert panic occurring when fileinto is used without being listed in the require line, while the copy extension is listed there; this is a very old bug
imapsieve plugin: Do not log an error for messages that disappear concurrently while applying Sieve scripts; this is a further improvement on the imapsieve fix in the previous release (which fixed a panic); this event is now logged as a debug message
Updated dovecot (2.3):
Updated dovecot to 2.3.1:
- Submission server support improvements and bug fixes
- Lots of bug fixes to submission server
API Change: array_idx_modifiable will no longer allocate space
Particularly affects how you should check MODULE_CONTEXT result, or use REQUIRE_MODULE_CONTEXT
mail_attachment_detection_options setting controls when $HasAttachment and $HasNoAttachment keywords are set for mails
imap: Support fetching body snippets using FETCH (SNIPPET) or (SNIPPET (LAZY=FUZZY))
fs-compress: Automatically detect whether input is compressed or not; prefix the compression algorithm with "maybe-" to enable the detection, for example: "compress:maybe-gz:6:..."
Added settings to change dovecot.index* files' optimization behaviour (see https://wiki2.dovecot.org/IndexFiles#Settings)
Auth cache can now utilize auth workers to do password hash verification by setting auth_cache_verify_password_with_worker=yes
Added charset_alias plugin (see https://wiki2.dovecot.org/Plugins/CharsetAlias)
imap_logout_format and pop3_logout_format settings now support all of the generic variables (e.g. %{rip}, %{session}, etc.)
Added auth_policy_check_before_auth, auth_policy_check_after_auth and auth_policy_report_after_auth settings
master: Support HAProxy PP2_TYPE_SSL command and set "secured" variable appropriately
- Invalid UCS4 escape in HTML can cause crashes
imap: IMAP COMPRESS -enabled client crashes on disconnect
lmtp: Fix crash when user is over quota
lib-lda: Parsing Return-Path header address fails when it contains CFWS
auth: SASL with Exim fails for AUTH commands without an initial response
imap: SPECIAL-USE capability isn't automatically added
auth: LDAP subqueries do not support standard auth variables in var-expand
auth: SHA256-CRYPT and SHA512-CRYPT schemes do not work
lib-index: mail_always/never_cache_fields are not used for existing cache files
imap: Fetching headers leaks memory if search doesn't find any mails
lmtp: ORCPT support in RCPT TO
imap-login: Process sometimes ends up in infinite loop
sdbox: Rolled back save/copy transaction doesn't delete temp files
mail: lock_method=dotlock causes crashes
- Update pigeonhole to 0.5.1
Explicitly disallow UTF-8 in localpart in addresses parsed from Sieve script
editheader extension: Corrected the stream position calculations performed while making the modified message available as a stream; Pigeonhole Sieve crashed in LMTP with an assertion panic when the Sieve editheader extension was used before the message was redirected
fileinto extension: Fix assert panic occurring when fileinto is used without being listed in the require line, while the copy extension is listed there; this is a very old bug
imapsieve plugin: Do not assert crash or log an error for messages that disappear concurrently while applying Sieve scripts; this event is now logged as a debug message
Sieve extprograms plugin: Large output from "execute" command crashed delivery; fixed buffering issue in code that handles output from the external program
Updated perl-DBD-SQLite to 1.58:
- Made it an error to fetch attributes from a statement handle whose database handle is inactive
Cleaned up and rebuilt perl-Clone (0.39), perl-Convert-UUlib (1.50), perl-Devel-CallChecker (0.008), perl-EV (4.22), perl-FileHandle-Fmode (0.14) and perl-NetAddr-IP (4.079)
Thursday 29th March 2018
Local Packages
Cleaned up and rebuilt perl-Type-Tiny (1.002001), perl-Unicode-MapUTF8 (1.11), perl-UNIVERSAL-require (0.18), perl-Version-Requirements (0.101023), perl-XML-DTDParser (2.01), perl-XML-NamespaceSupport (1.12), perl-XML-Rules (1.16), perl-XML-SAX-Base (1.09), perl-XML-SAX-Expat (0.51) and perl-YAML-Old (1.23)
Friday 30th March 2018
Fedora Project
Updated perl-IPC-Run to 0.98 in F-28 and Rawhide:
Switch to using $!{EINTR}
Honor umask for user/group permissions on a +rw file
Remove commented code from CPAN RT#50739
Fix _write on invalid objects (GH#63)
Make slave the controlling terminal so more programs can be called from IPC::Run reliably (GH#54)
Prevent Not a GLOB reference in close_terminal by untieing before close (GH#53)
Fix '&' closing the stdin of the right process (GH#46)
Do POSIX::_exit not ::exit (GH#41)
Ensure child Win32 processes have same priority as parent (GH#40)
Add unit test for passing use of Readonly.pm (GH#38)
Fix GLOB test in IPC::Run::IO->new (GH#39)
Fix for memory leak (GH#86, CPAN RT#57990)
MANIFEST was updated; new tests may start shipping now
Updated perl-Test-Simple to 1.302135 in F-28 and Rawhide:
- Make sure all hubs, events, and contexts get a unique (per run) id
- Use a common generator for unique(enough) id's (not UUIDs)
Local Packages
Updated perl-IPC-Run to 0.98 as per the Fedora version
Updated perl-Test-Simple to 1.302135 as per the Fedora version
Saturday 31st March 2018
Fedora Project
Updated perl-IPC-Run to 0.99 in F-28 and Rawhide:
- Fixes for Windows unit tests so they skip or pass
t/autoflush.t
t/readonly.t
t/run_stdin-callback-return-array.t
- Fixes for Windows unit tests so they skip or pass
Local Packages
Updated dovecot (2.3.1) to use libxcrypt for Fedora ≥ 28 (Bug #1548520) and to fix FTBFS - murmurhash3 check fail
Updated perl-IPC-Run to 0.99 as per the Fedora version
Previous Month: February 2018
Next Month: April 2018