Paul's Blog Entries for July 2018
Monday 2nd July 2018
Fedora Project
Updated perl-Mail-Mbox-MessageParser to 1.5106 in Rawhide:
- Add standard tests
- Detect mailboxes that contain a mix of newline types; complain about it, but also allow the force option to continue processing
Avoid OO interface to File::Temp, which in some versions and on some operating systems, deletes the file when it is closed (CPAN RT#103835)
Fix compatibility issue with newer versions of perl, which remove "." from @INC (CPAN RT#121466)
Updated perl-Modern-Perl to 1.20180701 in Rawhide:
- Added support for Perl 5.26 and 5.28
Local Packages
Updated dovecot (2.3):
Updated dovecot to 2.3.2
old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening /proc/self/io (this may still cause security problems if the process is ptrace()d at the same time); instead, open it while still running as root
doveadm: Added mailbox cache decision and remove commands; see doveadm-mailbox(1) man page for details
doveadm: Added rebuild attachments command for rebuilding $HasAttachment or $HasNoAttachment flags for matching mails; see doveadm-rebuild(1) man page for details
cassandra: Use fallback_consistency on more types of errors
- lmtp proxy: Support outgoing SSL/TLS connections
lmtp: Add lmtp_rawlog_dir and lmtp_proxy_rawlog_dir settings
submission: Add support for rawlog_dir
submission: Add submission_client_workarounds setting
lua auth: Add password_verify() function and additional fields in auth request
doveadm-server: TCP connections are hanging when there is a lot of network output; this especially caused hangs in dsync-replication
Using multiple type=shared mdbox namespaces crashed
mail_fsync setting was ignored; it was always set to "optimized"
- lua auth: Fix potential crash at deinit
- SSL/TLS servers may have crashed if client disconnected during handshake
- SSL/TLS servers: Don't send extraneous certificates to client when alt certs are used
lda, lmtp: Return-Path header without '<' may have assert-crashed
lda, lmtp: Unencoded UTF-8 in email address headers may assert-crash
lda: -f parameter didn't allow empty/null/domainless address
- lmtp, submission: Message size limit was hard-coded to 40 MB; exceeding it caused the connection to get dropped during transfer
lmtp: Fix potential crash when delivery fails at DATA stage
lmtp: login_greeting setting was ignored
- Fix to work with OpenSSL v1.0.2f
- systemd unit restrictions were too strict by default
- Fix potential crashes when a lot of log output was produced
SMTP client may have assert-crashed when sending mail
IMAP COMPRESS: Send "end of compression" marker when disconnecting
cassandra: Fix consistency=quorum to work
- dsync: Lock file generation failed if home directory didn't exist
Snippet generation for HTML mails didn't ignore &entities inside blockquotes, producing strange looking snippets
imapc: Fix assert-crash if getting disconnected and after reconnection all mails in the selected mailbox are gone
pop3c: Handle unexpected server disconnections without assert-crash
- fts: Fixes to indexing mails via virtual mailboxes
fts: If mails contained NUL characters, the text around it wasn't indexed
Obsolete dovecot.index.cache offsets were sometimes used; trying to fetch a field that was just added to cache file may not have always found it
I had to add a patch to fix a crash in the test suite on i686 (https://github.com/dovecot/core/pull/88)
Updated pigeonhole to 0.5.2
Implement plugin for the a vendor-defined IMAP capability called "FILTER=SIEVE"; it adds the ability to manually invoke Sieve filtering in IMAP (more information can be found in doc/plugins/imap_filter_sieve.txt)
- The Sieve address test caused an assertion panic for invalid addresses with UTF-8 codepoints in the localpart; fixed by properly detecting invalid addresses with UTF-8 codepoints in the localpart and skipping these like other invalid addresses while iterating addresses for the address test
- Make the length of the subject header for the vacation response configurable and enforce the limit in UTF-8 codepoints rather than bytes
- The subject header for a vacation response was statically truncated to 256 bytes, which is too limited for multi-byte UTF-8 characters
Sieve editheader extension: Fix assertion panic occurring when it is used to manipulate a message header with a very large header field
Properly abort execution of the sieve_discard script upon error; before, the LDA Sieve plugin attempted to execute the sieve_discard script when an error occurs, which can lead to the message being lost
Fix the interaction between quota and the sieve_discard script; when quota was used together with a sieve_discard script, the message delivery did not bounce when the quota was exceeded
Updated perl-Mail-Mbox-MessageParser to 1.5106 as per the Fedora version
Rebuilt perl-MCE for Perl 5.28 in Rawhide
Updated sendmail (8.15.2) to use SSL_CTX_use_certificate_chain_file() to handle intermediate certificates passed additionally in confSERVER_CERT (Bug #1565341)
Tuesday 3rd July 2018
Fedora Project
Updated grepmail to 5.3105 in Rawhide:
- Add standard tests
- Search headers of attachments, such as filename
Detect when someone accidentally makes STDOUT or STDERR also an input file
Fix compatibility issue with newer versions of perl, which remove "." from @INC
Updated perl-FileHandle-Unget to 0.1629 in Rawhide:
- Add standard tests
Fix compatibility issue with newer versions of perl, which remove "." from @INC
Updated perl-String-CRC32 to 1.7 in Rawhide:
Perldoc tweaks (GH#2)
Local Packages
Updated grepmail to 5.3105 as per the Fedora version
Updated perl-FileHandle-Unget to 0.1629 as per the Fedora version
Wednesday 4th July 2018
Fedora Project
Cleaned up and rebuilt proxytunnel (1.9.1) in Rawhide
Local Packages
Updated curl (7.60.0) not to hard-wire path of the Python 3 interpreter (used for the test suite)
Updated ppp (2.4.70:
Updated EAP-TLS patch to v1.101 (CVE-2018-11574)
Replaced initscripts requirement by network-scripts from Fedora 29 (Bug #1592384)
Remove %clean section and buildroot cleaning in %install section
Drop support for building with old distributions prior to Fedora 21 (which have ppp < 2.4.7)
Thursday 5th July 2018
Fedora Project
Cleaned up and rebuilt perl-Authen-DigestMD5 (0.04)
Cleaned up and rebuilt perl-Class-Trigger (0.14)
Cleaned up and rebuilt perl-Crypt-Cracklib (1.7)
Cleaned up and rebuilt perl-DateTime-Calendar-Mayan (0.0601)
Cleaned up and rebuilt perl-Digest-BubbleBabble (0.02)
Cleaned up and rebuilt perl-Email-Date (1.104)
Updated proftpd (1.3.6):
Local Packages
Cleaned up and rebuilt perl-DateTime-Calendar-Mayan (0.0601) as per the Fedora version
Cleaned up and rebuilt perl-Digest-BubbleBabble (0.02) as per the Fedora version
Updated proftpd (1.3.6) as per the Fedora version
Friday 6th July 2018
Local Packages
Updated perl-Params-Coerce (0.14) to switch upstream from search.cpan.org to metacpan.org
Saturday 7th July 2018
Fedora Project
Updated perl-parent to 0.237 in Rawhide:
Don't load vars.pm (Perl RT#132077)
Local Packages
Updated perl-parent to 0.237 as per the Fedora version
Sunday 8th July 2018
Fedora Project
Updated grepmail to 5.3108 in Rawhide:
- Check in standard tests, including one that skips the compile check on Windows
- Attempt to be more compatible with CPAN testing, which apparently doesn't support symlinks
- Disable "check redirect to input file" feature on Windows, where apparently it doesn't work
Updated perl-Authen-Radius to 0.27 in Rawhide:
Force FreeRADIUS dictionary format when BEGIN-VENDOR directive is found
- Load included files using the requested format
- Added full support for octets type
Local Packages
Updated grepmail to 5.3108 as per the Fedora version
Monday 9th July 2018
Fedora Project
Updated grepmail to 5.3109 in Rawhide:
Switch from File::Slurp to File::Slurper
Updated perl-FileHandle-Unget to 0.1633 in Rawhide:
- Check in standard tests, including one that skips the compile check on Windows
Add missing URI::Escape dependency
Switch from File::Slurp to File::Slurper
Updated perl-Mail-Mbox-MessageParser to 1.5110 in Rawhide:
- Check in standard tests, including one that skips the compile check on Windows
Switch from File::Slurp to File::Slurper
Updating META.yml
Local Packages
New package perl-File-Slurper (0.012)
Updated grepmail to 5.3109 as per the Fedora version
Updated perl-FileHandle-Unget to 0.1633 as per the Fedora version
Updated perl-Mail-Mbox-MessageParser to 1.5110 as per the Fedora version
Updated perl-YAML-LibYAML to 0.72:
Update to libyaml 0.2.1: it's forbidden now to escape single quotes inside double quotes
When disabling $LoadBlessed, return scalars rather than refs
- Save anchors also for blessed scalars
Tuesday 10th July 2018
Fedora Project
Cleaned up and rebuilt perl-Math-Random-MT-Auto (6.22) in Rawhide
Local Packages
Updated perl-MIME-Types (2.17) to switch upstream from search.cpan.org to metacpan.org
Re-rebuilt bootstrapped perl-Moose (2.2011) after Perl 5.28 rebuild
Updated perl-PPIx-QuoteLike to 0.006:
- Only standalone graphemes and non-characters allowed as delimiters starting with Perl 5.29.0
Non-ASCII delimiters started working in 5.8.3, so that is what perl_version_introduced() returns for them
Collateral with all this, accept word characters as delimiters, but only with at least one space between the operator and the expression, i.e. 'qq xyx' is OK, but 'qqxyx' is not
Updated perl-PPIx-Regexp to 0.061:
- Only standalone graphemes and non-characters allowed as delimiters starting with Perl 5.29.0
Non-ASCII delimiters started working in 5.8.3, so that is what perl_version_introduced() returns for them
Collateral with all this, accept word characters as delimiters, but only with at least one space between the operator and the expression, i.e. 'qq xyx' is OK, but 'qqxyx' is not
Updated perl-Specio (0.42) to switch upstream from search.cpan.org to metacpan.org
Rebuilt python-passlib (1.7.1) for Python 3.7 in Rawhide
Wednesday 11th July 2018
Local Packages
Updated curl (7.60.0) to disable flaky test 1455 and to enable support for brotli compression in libcurl-full from F-29 onwards
Updated curl to 7.61.0:
CVE-2018-0500: smtp: Fix SMTP send buffer overflow
getinfo: Add microsecond precise timers for seven intervals
curl: Show headers in bold, switch off with --no-styled-output
httpauth: Add support for Bearer tokens
Add CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS
curl: --tls13-ciphers and --proxy-tls13-ciphers
Add CURLOPT_DISALLOW_USERNAME_IN_URL
curl: --disallow-username-in-url
schannel: Disable client cert option if APIs not available
schannel: Disable manual verify if APIs not available
tests/libtest/Makefile: Do not unconditionally add gcc-specific flags
openssl: Acknowledge --tls-max for default version too
stub_gssapi: Fix 'unused parameter' warnings
examples/progressfunc: Make it build on both new and old libcurls
- docs: Mention it is HA Proxy protocol "version 1"
curl_fnmatch: Only allow two asterisks for matching
docs: Clarify CURLOPT_HTTPGET
configure: Replace a AC_TRY_RUN with CURL_RUN_IFELSE
configure: Do compile-time SIZEOF checks instead of run-time
checksrc: Make sure sizeof() is used with parentheses
CURLOPT_ACCEPT_ENCODING.3: Add brotli and clarify a bit
schannel: Make CAinfo parsing resilient to CR/LF
tftp: Make sure error is zero terminated before printfing it
http resume: Skip body if http code 416 (range error) is ignored
configure: Add basic test of --with-ssl prefix
cmake: Set -d postfix for debug builds
multi: Provide a socket to wait for in Curl_protocol_getsock
content_encoding: Handle zlib versions too old for Z_BLOCK
winbuild: Only delete OUTFILE if it exists
winbuild: In MakefileBuild.vc fix typo DISTDIR⇒DIRDIST
schannel: Add failf calls for client certificate failures
cmake: Fix the test for fsetxattr and strerror_r
curl.1: Fix cmdline-opts reference errors
cmdline-opts/gen.pl: Warn if mutexes: or see-also: list non-existing options
cmake: Check for getpwuid_r
configure: Fix ssh2 linking when built with a static mbedtls
psl: Use latest psl and refresh it periodically
fnmatch: Insist on escaped bracket to match
KNOWN_BUGS: Restore text regarding #2101
INSTALL: LDFLAGS=-Wl,-R/usr/local/ssl/lib
configure: Override AR_FLAGS to silence warning
os400: Implement mime api EBCDIC wrappers
curl.rc: Embed manifest for correct Windows version detection
strictness: Correct {infof, failf} format specifiers
tests: Update .gitignore for libtests
configure: Check for declaration of getpwuid_r
fnmatch: Use the system one if available
CURLOPT_RESOLVE: Always purge old entry first
multi: Remove a potentially bad DEBUGF()
curl_addrinfo: Use same #ifdef conditions in source as header
- build: Remove the Borland specific makefiles
axTLS: Not considered fit for use
cmdline-opts/cert-type.d: Mention "p12" as a recognized type
system.h: Add support for IBM xlc C compiler
tests/libtest: Add lib1521 to nodist_SOURCES
mk-ca-bundle.pl: Leave certificate name untouched
boringssl + schannel: undef X509_NAME in lib/schannel.h
openssl: Assume engine support in 1.0.1 or later
cppcheck: Fix warnings
- test 46: Make test pass after year 2025
schannel: Support selecting ciphers
Curl_debug: Remove dead printhost code
- test 1455: Unflakified
Curl_init_do: Handle NULL connection pointer passed in
progress: Remove a set of unused defines
mk-ca-bundle.pl: Make -u delete certdata.txt if found not changed
GOVERNANCE.md: Explains how this project is run
configure: Use pkg-config for c-ares detection
configure: Enhance ability to build with static openssl
maketgz: Fix sed issues on OSX
multi: Fix memory leak when stopped during name resolve
CURLOPT_INTERFACE.3: Interface names not supported on Windows
url: Fix dangling conn->data pointer
cmake: Allow multiple SSL backends
system.h: Fix for gcc on 32 bit OpenServer
ConnectionExists: Make sure conn->data is set when "taking" a connection
multi: Fix crash due to dangling entry in connect-pending list
CURLOPT_SSL_VERIFYPEER.3: Add performance note
netrc: Use a larger buffer to support longer passwords
url: Check Curl_conncache_add_conn return code
configure: Add dependent libraries after crypto
easy_perform: Faster local name resolves by using *multi_timeout()
getnameinfo: Not used, removed all configure checks
travis: Add a build using the synchronous name resolver
CURLINFO_TLS_SSL_PTR.3: Improve the example
- openssl: Allow TLS 1.3 by default
openssl: Make the requested TLS version the minimum wanted
- openssl: Remove some dead code
telnet: Fix clang warnings
DEPRECATE: New doc describing planned item removals
example/crawler.c: Simple crawler based on libxml2
libssh: Goto DISCONNECT state on error, not SESSION_FREE
CMake: Remove unused functions
darwinssl: Allow High Sierra users to build the code using gcc
scripts: Include _curl as part of CLEANFILES
examples: Fix -Wformat warnings
curl_setup: Include <winerror.h> before <windows.h>
schannel: Make more cipher options conditional
CMake: Remove redundant and old end-of-block syntax
post303.d: Clarify that this is an RFC violation
I had to add a patch to fix building with OpenSSL < 1.0.1
Updated dovecot to 2.3.2.1:
- SSL/TLS servers may have crashed during client disconnection
lmtp: With lmtp_rcpt_check_quota=yes mail deliveries may sometimes have assert-crashed
- v2.3.2: "make check" may have crashed with 32-bit systems
Rebuilt libxml2 (2.9.8) for Python 3.7 in Rawhide
Re-rebuilt bootstrapped perl-Mouse (2.5.4) after Perl 5.28 rebuild
Rebuilt py-bcrypt (0.4) for Python 3.7 in Rawhide
Thursday 12th July 2018
Fedora Project
Updated grepmail to 5.3111 in Rawhide:
- Fix test case for binary data
Updating META.yml
Fix Makefile.PL warning
Fix deleting of inc during release process
Better fix for AutomatedTester warning
Updated perl-FileHandle-Unget to 0.1634 in Rawhide:
Fix Makefile.PL warning
Fix deleting of inc during release process
Better fix for AutomatedTester warning
Updated perl-Mail-Mbox-MessageParser to 1.5111 in Rawhide:
- Ensure that temp file is created in temp dir
Fix Makefile.PL warning
Fix deleting of inc during release process
Better fix for AutomatedTester warning
Updated perl-Test-Simple to 1.302138 in Rawhide:
Make it safe to fork before events in IPC
Updated proftpd (1.3.6) in Rawhide:
Local Packages
Updated grepmail to 5.3111 as per the Fedora version
Updated perl-FileHandle-Unget to 0.1634 as per the Fedora version
Updated perl-Mail-Mbox-MessageParser to 1.5111 as per the Fedora version
Updated perl-Test-Simple to 1.302138 as per the Fedora version
Updated perl-Test2-Suite to 0.000115:
Fix warning on undefined note/diag
- Improve an error message
Friday 13th July 2018
Fedora Project
Rebuilt bluefish (2.2.10) in Rawhide for the Fedora_29_Mass_Rebuild
Local Packages
Rebuilt bluefish (2.2.10), curl (7.61.0), GeoIP (1.6.12), GeoIP-GeoLite-data (June 2018 databases), geoipupdate (2.5.0), glib (1.2.10), gnome-libs (1.4.2), gtk+ (1.2.10), gtkwave (3.3.91), imlib (1.9.15), Judy (1.0.5), libglade (0.17), libssh2 (1.8.0), libxml (1.8.17), mod_fcgid (2.3.9) and ORBit (0.5.17) for the Fedora_29_Mass_Rebuild
Sunday 15th July 2018
Local Packages
Rebuilt proftpd (1.3.6), rbldnsd (0.998), smbldap-tools (0.9.11), spamass-milter (0.4.0) and tidyp (1.04) for the Fedora_29_Mass_Rebuild
Monday 16th July 2018
Fedora Project
Updated gtkwave to 3.3.92 in Rawhide:
Harden FST loader for missing .hier files (if applicable)
Fixed broken GTK+-1.2 compile of twinwave
- Fix scrolling on help window by adding scroll to end mark
Fix scrolling on status window when use_toolbutton_interface rc var is set to FALSE by adding scroll to end mark
Updated BUILT_SOURCES for vermin
extern yy_size_t yyleng fix in rtlbrowse
Updated perl-Path-Tiny to 0.106 in Rawhide:
The PERL_PATH_TINY_NO_FLOCK environment variable has been added to allow users to disable file locking (and any associated warnings)
Detection of unsupported 'flock' is no longer BSD-specific; this allows detecting and warning, for example, with the Luster filesystem on Linux
Improve reliability and diagnostics of tests run via 'do'
Updated trac-spamfilter-plugin in Rawhide to current svn snapshot (1.2.7, r16684)
Local Packages
Updated gtkwave to 3.3.92 as per the Fedora version
Updated perl-Net-DNS to 1.16:
New NSEC3 encloser(), nextcloser() and wildcard() instance methods return closest encloser, "next closer" and putative wildcard names respectively
Add new NSEC covers() instance method
New NSEC typemap() instance method interrogates type list
IO::Socket::INET6 removed from recommended module metadata; IPv6 requires IO::Socket::IP, which is now a core package
No requirement to escape @ in unquoted contiguous string
Updated perl-Path-Tiny to 0.106 as per the Fedora version
Rebuilt dovecot (2.3.2.1), libgpg-error (1.3.1), libnet (1.1.6), libxml2 (2.9.8), nmap (7.70), sendmail (8.15.2) and trac-accountmanager-plugin (0.5.0) for the Fedora_29_Mass_Rebuild
Tuesday 17th July 2018
Local Packages
Updated libxslt (1.1.32) to use Python 2 explicitly for the python bindings
Rebuilt check (0.12.0), libidn (1.35), libmetalink (0.1.3), perl-IO-AIO (4.4), perl-MCE (1.836), perl-MIME-Types (2.17), perl-Moose (2.2011) and perl-Mouse (2.5.4) for the Fedora_29_Mass_Rebuild
Wednesday 18th July 2018
Fedora Project
Updated libpng10 (1.0.69) in F-27, F-28, Rawhide and EPEL-6 to fix the calculation of row_factor in png_check_chunk_length (CVE-2018-13785)
Updated perl-Exporter-Tiny to 1.002001 in Rawhide:
Added support for generating and exporting non-code symbols such as $Foo, @Bar, and %Baz
Improved test coverage, up from 88.78% on coveralls.io to 96.74%
Local Packages
Updated java-1.8.0-oracle to Java SE 8 Update 181
Updated libpng10 (1.0.69) to fix CVE-2018-13785 as per the Fedora version
Updated perl-Exporter-Tiny to 1.002001 as per the Fedora version
Thursday 19th July 2018
Fedora Project
Updated perl-IO-Socket-SSL to 2.058 in Rawhide but didn't build it due to incompatibilities with the OpenSSL 1.1.1 build there:
Fix memory leak that occurred with explicit stop_SSL in connection with non-blocking sockets or timeout (CPAN RT#125867)
Fix redefine warnings in case Socket6 is installed but neither IO::Socket::IP nor IO::Socket::INET6 (CPAN RT#124963)
IO::Socket::SSL::Intercept - optional 'serial' argument can be starting number or callback to create serial number based on the original certificate
New function get_session_reused to check if a session got reused
IO::Socket::SSL::Utils::CERT_asHash: fingerprint_xxx now set to the correct value
Fix t/session_ticket.t: It failed with OpenSSL 1.1.* since this version expects the extKeyUsage of clientAuth in the client cert also to be allowed by the CA if CA uses extKeyUsage
Local Packages
Updated perl-IO-Socket-SSL to 2.058 as per the Fedora version, building everywhere apart from Rawhide
Saturday 21st July 2018
Local Packages
Rebuilt perl-Params-Util (1.07), perl-Specio (0.42), pptp (1.10.0) and xz (5.2.4) for the Fedora_29_Mass_Rebuild
Monday 23rd July 2018
Local Packages
Updated perl-Module-CoreList to 5.20180720:
- Updated for v5.29.1
Tuesday 24th July 2018
Local Packages
Updated check (0.12.0) to disable the unreliable timeout tests (which sometimes fail on busy builders)
Wednesday 25th July 2018
Local Packages
Updated perl-Net-DNS to 1.17:
AXFR: 1 record per packet responses (CPAN RT#125890)
New NSEC3 for empty non-terminal left type bitmap undefined (CPAN RT#125889)
RDATA name compression pointer calculated incorrectly (CPAN RT#125882)
Tuesday 31st July 2018
Local Packages
Updated curl (7.61.0) to adapt test 323 for updated OpenSSL in Rawhide
Previous Month: June 2018
Next Month: August 2018