Paul's Blog Entries for May 2018

Wednesday 2nd May 2018

Fedora Project

Local Packages

  • Updated perl-File-HomeDir to 1.004 as per the Fedora version

Thursday 3rd May 2018

Fedora Project

  • Updated mod_fcgid (2.3.9) in F-28 and Rawhide with SELinux fix required for use with httpd on F28, EL-7 onwards (Bug #1564219, Bug #1574390, PR#1)

Local Packages

  • New package perl-Test-More-UTF8 (0.05)

  • Updated mod_fcgid as per the Fedora version

  • Updated perl-IPC-Cmd to 1.02:

  • Updated perl-Text-Template to 1.53:

    • Add support for decoding template files via ENCODING constructor arg (GH#11)

    • Docs clean-up: Replace indirect-object style examples and use class method style constructor calls in the POD docs
    • Docs clean-up: Remove hard tabs from POD, replace dated, unfair synopsis (GH#5), convert "THANKS" section to a POD list

Monday 7th May 2018

Fedora Project

  • Updated perl-autobox to 3.0.1 in Rawhide:

    • Breaking change:
      • The behaviour of UNIVERSAL methods like $native->can and $native->isa is now defined as being the same as when autobox is not enabled rather than "undefined" (technically, this still falls under the rubric of "undefined", but the switch from "don't know" to "don't" could break buggy code, so bump for safety)

      • Add DOES to the list of non-autoboxed methods

    • Switch to semantic versioning scheme
    • Upgrade ppport.h from 3.35 → 3.42

    • Fix version declaration on 5.8 (GH#11)

Tuesday 8th May 2018

Fedora Project

  • Updated perl-Test-Manifest to 2.021 in Rawhide:

    • Clarify that it's the Artistic License 2.0

Local Packages

  • Updated libidn (1.3.4) to fix ABI compatibility with libidn-1.33 and earlier (Bug #1566414, Bug #1573961)

  • Updated perl-DateTime-Locale to 1.20:

    • Fix test failures on Windows (GH#23)

  • Updated perl-Mouse to 2.5.4:

    • Follow Devel::PPPort 3.42 (GH#87)

  • Updated perl-Test-Manifest to 2.021 as per the Fedora version

  • Updated perl-Test-MockModule to 0.14:

    • Fixes a bug where the 'redefine()' function was dying when attempting to mock a function that was defined further up a module's inheritance chain; it now only dies when the mocked function does not exist in the module being mocked, or any of its parent modules

Wednesday 9th May 2018

Local Packages

  • Updated perl-PPIx-Regexp to 0.059:

    • Install @CARP_NOT everywhere so that warnings and exceptions generated in the bowels of the system appear to come from the point where the system is entered

    • Further deprecate string (versus regexp) parsing: the first use of the 'parse' argument to new() will result in a warning; if the value of the argument is 'guess' or 'string', the warning refers to PPIx::QuoteLike

  • Updated perl-Test-MockModule to 0.15:

    • Fix LICENSE file content to match actual license

    • Ship t/redefine.t

Friday 11th May 2018

Fedora Project

  • Updated geoipupdate to 2.5.0 in F-27, as the default configuration of the previous 2.4.0 package no longer works (due to the legacy databases having been discontinued by Maxmind) (Bug #1576034)

  • Updated perl-ExtUtils-InstallPaths to 0.012 in Rawhide:

    • Allow an argument to install_map with source dirs

    • Make tests prove and 5.6 friendly

Local Packages

  • Updated perl-ExtUtils-InstallPaths to 0.012 as per the Fedora version

Saturday 12th May 2018

Fedora Project

  • Rebuilt perl-Compress-Raw-Lzma (2.082) for xz 5.2.4 in Fedora 28 and Rawhide

  • Updated perl-YAML to 1.25 in Rawhide:

    • Support trailing comments (GH#189, GH#190, GH#191)

    • Remove unused code (GH#192)

    • Use Test::Deep to actually test correctly for class names (GH#193)

    • Fix loading of mapping key that starts with '' (GH#194)

    • Fix loading strings with multiple spaces (GH#172)

    • Allow more characters in anchor name (GH#196)

    • Add $YAML::LoadBlessed for disabling loading objects (GH#197)

    • Disable test with long string under certain conditions (GH#201)

    • Quote scalar if it equals '=' (GH#202)

    • Multiple regexp roundtrip does not grow (GH#203)

    • Add support for compact nested block sequences (GH#204)

    • Support reverse order of block scalar indicators (GH#205)

    • Support nested mappings in sequences (GH#206)

Local Packages

  • Rebuilt perl-Compress-Raw-Lzma (2.082) for xz 5.2.4 in Fedora 28 and Rawhide

  • Updated perl-YAML to 1.25 as per the Fedora version

  • Updated xz to 5.2.4 in F-28 and Rawhide:

  • liblzma:

    • Allow 0 as memory usage limit instead of returning LZMA_PROG_ERROR; now 0 is treated as if 1 byte was specified, which effectively is the same as 0

    • Use "noexcept" keyword instead of "throw()" in the public headers when a C++11 (or newer standard) compiler is used

    • Added a portability fix for recent Intel C Compilers
    • Microsoft Visual Studio build files have been moved under windows/vs2013 and windows/vs2017

  • xz:

    • Fix "xz --list --robot missing_or_bad_file.xz", which would try to print an uninitialized string and thus produce garbage output; since the exit status is non-zero, most uses of such a command won't try to interpret the garbage output

    • "xz --list foo.xz" could print "Internal error (bug)" in a corner case where a specific memory usage limit had been set

Monday 14th May 2018

Fedora Project

  • Updated perl-File-ShareDir-Install to 0.13 in Rawhide:

    • Add rules files for 'prove' and Test::Harness to specify that tests need to be run serially for now

    • Support spaces (and other special characters too) in share files (GH#2)

Local Packages

  • Updated libidn to 1.35 (from Fedora 29):

    • Reflect ABI/API breakage in version 1.34 (Stringprep_profile has a new struct member)

    • Added new gnulib files to repository

  • Updated perl-DateTime-TimeZone to 2.19:

    • This release is based on version 2018e of the Olson database
    • Contemporary changes for North Korea
  • Rebuilt perl-Net-LibIDN (0.12) for libidn 1.3.5 in Fedora 29 onwards

  • Updated unrar to 5.60 beta 4

Tuesday 15th May 2018

Fedora Project

  • Updated gtkwave to 3.3.90 in Rawhide:

    • For Cut Traces, fix up scroll position if there are traces above the current row being cut

    • Bits to real crash fix for very large floats
    • Fixed gray code conversions that were incomplete for right justified vectors such that the vector length is not a multiple of the radix size (4 for hex, 3 for oct)
    • Warray-bounds warning fix for 32-bit conversions in BitsToReal

  • Rebuilt perl-Net-LibIDN (0.12) for libidn 1.3.5 in Rawhide

Local Packages

  • Updated gtkwave to 3.3.90 as per the Fedora version

Wednesday 16th May 2018

Fedora Project

  • Updated perl-Moose to 2.2011 in Rawhide:

  • Bug Fixes
    • Various native trait methods would refuse "0" where they expected a string; they have been fixed to allow all defined, non-reference values, and all objects with string, number, or boolean overloads

  • Documentation
    • Moose::Manual::Construction now notes that roles can modify the BUILD sub

  • Other
    • Adjustments have been made to the Makefile for 'bmake', so it now works when not run in compatibility mode

Local Packages

  • Updated curl to 7.60.0:

    • Add CURLOPT_HAPROXYPROTOCOL, support for the HAProxy PROXY protocol

    • Add --haproxy-protocol for the command line tool

    • Add CURLOPT_DNS_SHUFFLE_ADDRESSES, shuffle returned IP addresses

    • FTP: Shutdown response buffer overflow CVE-2018-1000300

    • RTSP: Bad headers buffer over-read CVE-2018-1000301

    • FTP: Fix typo in recursive callback detection for seeking
    • test1208: Marked flaky

    • HTTP: Make header-less responses still count correct body size
    • user-agent.d: Mention --proxy-header as well

    • http2: fixes typo
    • Clean up: Misc typos in strings and comments
    • rate-limit: Use three second window to better handle high speeds
    • examples/hiperfifo.c: Improved

    • pause: When changing pause state, update socket state
    • multi: Improved pending transfers handling ⇒ improved performance

    • curl_version_info.3: Fix ssl_version description

    • add_handle/easy_perform: Clear errorbuffer on start if set

    • darwinssl: Fix iOS build
    • cmake: Add support for brotli

    • parsedate: Support UT timezone
    • vauth/ntlm.h: Fix the #ifdef header guard

    • lib/curl_path.h: Added #ifdef header guard

    • vauth/cleartext: Fix integer overflow check

    • CURLINFO_COOKIELIST.3: Made the example not leak memory

    • cookie.d: Mention that "-" as filename means stdin

    • CURLINFO_SSL_VERIFYRESULT.3: Fixed the example

    • http2: Read pending frames (including GOAWAY) in connection-check

    • timeval: Remove compilation warning by casting

    • cmake: Avoid warn-as-error during config checks
    • travis-ci: Enable -Werror for CMake builds

    • openldap: Fix for NULL return from ldap_get_attribute_ber()

    • Threaded resolver: Track resolver time and set suitable timeout values
    • cmake: Add advapi32 as explicit link library for win32

    • Docs: Fix CURLINFO_*_T examples use of CURL_FORMAT_CURL_OFF_T

    • test1148: Set a fixed locale for the test

    • cookies: When reading from a file, only remove_expired once

    • cookie: Store cookies per top-level-domain-specific hash table
    • openssl: Fix build with LibreSSL 2.7
    • tls: Fix mbedTLS 2.7.0 build + handle sha256 failures
    • openssl: RESTORED verify locations when verifypeer==0

    • file: Restore old behaviour for file:////foo/bar URLs

    • FTP: Allow PASV on IPv6 connections when a proxy is being used

    • build-openssl.bat: Allow custom paths for VS and perl

    • winbuild: Make the clean target work without build-type

    • build-openssl.bat: Refer to VS2017 as VC14.1 instead of VC15

    • curl: Retry on FTP 4xx, ignore other protocols

    • configure: Detect (and use) sa_family_t

    • examples/sftpuploadresume: Fix Windows large file seek

    • build: Clean up to fix clang warnings/errors

    • winbuild: Updated the documentation
    • lib: Silence null-dereference warnings
    • travis: Bump to clang 6 and gcc 7

    • travis: Build libpsl and make builds use it

    • proxy: Show getenv proxy use in verbose output

    • duphandle: Make sure CURLOPT_RESOLVE is duplicated

    • all: Refactor malloc+memset to use calloc

    • checksrc: Fix typo

    • system.h: Add sparcv8plus to oracle/sunpro 32-bit detection

    • vauth: Fix typo

    • ssh: Show libSSH2 error code when closing fails

    • test1148: Tolerate progress updates better

    • urldata: Make service names unconditional

    • configure: Keep LD_LIBRARY_PATH changes local

    • ntlm_sspi: Fix authentication using Credential Manager

    • schannel: Add client certificate authentication
    • winbuild: Support custom devel paths for each dependency

    • schannel: Add support for CURLOPT_CAINFO

    • http2: Handle on_begin_headers() called more than once

    • openssl: Support OpenSSL 1.1.1 verbose-mode trace messages
    • openssl: Fix subjectAltName check on non-ASCII platforms

    • http2: Avoid strstr() on data not zero terminated

    • http2: Clear the "drain counter" when a stream is closed
    • http2: Handle GOAWAY properly

    • tool_help: Clarify --max-time unit of time is seconds

    • curl.1: Clarify that options and URLs can be mixed

    • http2: Convert an assert to run-time check

    • curl_global_sslset: Always provide available backends

    • ftplistparser: Keep state between invokes

    • Curl_memchr: Zero length input can't match

    • examples/sftpuploadresume: typecast fseek argument to long

    • examples/http2-upload: Expand buffer to avoid silly warning

    • ctype: Restore character classification for non-ASCII platforms
    • mime: Avoid NULL pointer dereference risk

    • cookies: Ensure that we have cookies before writing jar
    • os400.c: Fix checksrc warnings

    • configure: Provide --with-wolfssl as an alias for --with-cyassl

    • cyassl: Adapt to libraries without TLS 1.0 support built-in

    • http2: Get rid of another strstr

    • checksrc: Force indentation of lines after an else

    • cookies: Remove unused macro
    • CURLINFO_PROTOCOL.3: Mention the existing defined names

    • tests: Provide 'manual' as a feature to optionally require

    • travis: Enable libssh2 on both macos and Linux

    • CURLOPT_URL.3: Added ENCODING section

    • wolfssl: Fix non-blocking connect
    • vtls: Don't define MD5_DIGEST_LENGTH for wolfssl

    • docs: Remove extraneous commas in man pages
    • URL: Fix ASCII dependency in strcpy_url and strlen_url

    • ssh-libssh.c: Fix left shift compiler warning

    • configure: Only check for CA bundle for file-using SSL backends

    • travis: Add an mbedtls build
    • http: Don't set the "rewind" flag when not uploading anything

    • configure: Put CURLDEBUG and DEBUGBUILD in lib/curl_config.h

    • transfer: Don't unset writesockfd on set-up of multiplexed conns

    • vtls: Use unified "supports" bitfield member in backends

    • URLs: Fix one more http url
    • travis: Add a build using WolfSSL
    • openssl: Change FILE ops to BIO ops

    • travis: Add build using NSS
    • smb: Reject negative file sizes
    • cookies: Accept parameter names as cookie name
    • http2: getsock fix for uploads

    • All over: Fixed format specifiers
    • http2: Use the correct function pointer typedef

  • Updated perl-Moose to 2.2011 as per the Fedora version

Sunday 20th May 2018

Fedora Project

  • Updated perl-YAML to 1.26 in Rawhide:

    • Fix bug introduced in 1.25 - loading of quoted string with colon as sequence element (GH#208)

    • Support zero indented block sequences (GH#207)

Local Packages

  • Updated perl-YAML to 1.26 as per the Fedora version

Monday 21st May 2018

Fedora Project

  • Updated pari to 2.9.5 in F-27, F-28 and Rawhide (cumulative bug-fix release, see CHANGES for details)

  • Updated perl-DateTime to 1.49 in Rawhide:

    • Updated the ppport.h with the latest version of Devel::PPPort, which fixes a compilation warning when compiling with 5.27.11 (GH#81)

  • Updated perl-DBD-CSV to 0.53 in Rawhide:

    • No folder scanning during automated tests
    • Fix col_names set to empty [] incorrectly skipping first row (GH#6)

    • Small doc fix
    • Tested on FreeBSD
  • Updated perl-DBM-Deep to 2.0016 in Rawhide:

    • Fix for tests failing on 5.28
  • Updated perl-File-pushd to 1.016 in Rawhide:

    • Directories created with tempd will only be cleaned up by the PID that created them, not by forked children

Local Packages

  • Updated perl-DateTime to 1.49 as per the Fedora version

  • Updated perl-DBD-CSV to 0.53 as per the Fedora version

  • Updated perl-DBM-Deep to 2.0016 as per the Fedora version

  • Updated perl-File-pushd to 1.016 as per the Fedora version

Thursday 24th May 2018

Fedora Project

  • Updated perl-Error to 0.17026 in Rawhide:

    • Convert to Dist::Zilla

  • Updated perl-File-Find-Object-Rule to 0.0307 in Rawhide:

    • Convert to Dist::Zilla

  • Updated perl-IPC-Run to 20180523.0 in Rawhide:

    • Fix using fd in child process when it happens to be the same number in the child as it was in the parent (GH#99)

Local Packages

  • Updated perl-Error to 0.17026 as per the Fedora version

  • Updated perl-File-Find-Object-Rule to 0.0307 as per the Fedora version

  • Updated perl-IPC-Run to 20180523.0 as per the Fedora version

Tuesday 29th May 2018

Fedora Project

Local Packages

  • Updated dovecot (2.2):

    • Updated dovecot to 2.2.36:

      • login-proxy: If ssl_require_crl=no, allow revoked certificates; also don't do CRL checks for incoming client certificates

      • stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io; this may still cause security problems if the process is ptrace()d at the same time - instead, open it while still running as root

      • doveadm: Added mailbox cache decision & remove commands; see doveadm-mailbox(1) man page for details

      • doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails; see doveadm-rebuild(1) man page for details

      • cassandra: Use fallback_consistency on more types of errors

      • cassandra: Fix consistency=quorum to work

      • dsync: Lock file generation failed if home directory didn't exist

      • In some configs if namespace root directory didn't yet exist, Dovecot failed to create mailboxes.lock when trying to create mailboxes

      • Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets

      • imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone

      • pop3c: Handle unexpected server disconnections without assert-crash

      • fts: Fixes to indexing mails via virtual mailboxes
      • fts: If mails contained NUL characters, the text around it wasn't indexed

      • Obsolete dovecot.index.cache offsets were sometimes used; trying to fetch a field that was just added to cache file may not have always found it

      • dict-sql: Fix crash when reading NULL value from database

    • Updated pigeonhole to 0.4.24:

      • Implement plugin for the a vendor-defined IMAP capability called "FILTER=SIEVE"; it adds the ability to manually invoke Sieve filtering in IMAP (more information can be found in doc/plugins/imap_filter_sieve.txt)

      • Fix assert panics triggered by empty messages that are being forwarded using redirect or; this does not likely normally occur, but this is seen as a result of certain benign failures in object storage

      • Make the length of the subject header for the vacation response configurable and enforce the limit in UTF-8 codepoints rather than bytes; the subject header for a vacation response was statically truncated to 256 bytes, which is too limited for multi-byte UTF-8 characters
      • Sieve editheader extension: Fix assertion panic occurring when it is used to manipulate a message header with a very large header field

      • Properly abort execution of the sieve_discard script upon error; before, the LDA Sieve plugin attempted to execute the sieve_discard script when an error occurs, which can lead to the message being lost

      • Fix the interaction between quota and the sieve_discard script; when quota was used together with a sieve_discard script, the message delivery did not bounce when the quota was exceeded

  • Updated perl-List-SomeUtils-XS to 0.57:

    • Fix C compiler warnings (GH#2)

  • Updated perl-Test-Warn to 0.33 as per the Fedora version

Thursday 31st May 2018

Fedora Project

  • Updated perl-Test-Warn to 0.34 in Rawhide:

    • Added a note that XS warnings might not be caught (CPAN RT#42070, GH#1)

    • Removed TODO section

    • Updated Copyright section

Local Packages

  • Updated perl-Test-Warn to 0.34 as per the Fedora version

  • Updated sendmail (8.15.2) to reflect changed libnsl2 paths (Bug #1543933)

Previous Month: April 2018
Next Month: June 2018