Paul's Blog Entries for February 2019
Friday 1st February 2019
Local Packages
Rebuilt bluefish (2.2.10), check (0.12.0), curl (7.63.0), GeoIP (1.6.12), GeoIP-GeoLite-data (June 2018), gtkwave (3.3.98), libpng10 (1.0.69) and mod_fcgid (2.3.9) for the Fedora_30_Mass_Rebuild
Updated geoipupdate (3.1.1) not to try to update the free legacy GeoIP databases as they are no longer distributed by upstream, and to drop the cron6 sub-package as the files it tries to download are no longer distributed by upstream
Updated glib (1.2.10) to fix compilation error on ix86 with GCC 9
Saturday 2nd February 2019
Fedora Project
Updated glib (1.2.10) in Rawhide to fix compilation error on ix86 with GCC 9
Local Packages
Rebuilt Judy (1.0.5), proftpd (1.3.6), rbldnsd (0.998), smbldap-tools (0.9.11) for the Fedora_30_Mass_Rebuild
Sunday 3rd February 2019
Local Packages
New package perl-Perl-PrereqScanner-NotQuiteLite (0.9902)
New package perl-Regexp-Trie (0.02)
Fixed FTBFS for gnome-libs (1.4.2) with --as-needed linker flags:
The configure script was putting the output of glib-config --libs gmodule into the LDFLAGS variable instead of the LIBS variable, which broke detection of libgmodule
- I also addressed some compiler warnings:
Use _DEFAULT_SOURCE rather than _BSD_SOURCE
Some memset() invocations had arguments the wrong way around:
#define ZERO(Dbt) memset (&(Dbt), sizeof (DBT), 0)
- Should have been:
#define ZERO(Dbt) memset (&(Dbt), 0, sizeof (DBT))
Rebuilt spamass-milter (0.4.0) for the Fedora_30_Mass_Rebuild
Monday 4th February 2019
Fedora Project
Submitted a review request for a perl-Regexp-Trie (0.02) package
Submitted a review request for a perl-Perl-PrereqScanner-NotQuiteLite (0.9903) package
Updated libssh2 (1.8.0) in Rawhide to explicitly run the test suite in the en_US.UTF-8 locale to work around flaky locale settings in mock builders
Local Packages
Updated libssh2 (1.8.0) as per the Fedora version
Updated perl-Module-CPANTS-Analyse to 1.00:
Module::CPANTS::Kwalitee::Uses now uses a different prereq scanner (Perl::PrereqScanner::NotQuiteLite)
Added new kwalitee metrics: no_maniskip_error, no_missing_files_in_provides, no_files_to_be_skipped
- Delayed plugin loading
Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9903:
Added an option to de-dupe modules that belong to the same distribution with the help of CPAN::Common::Index
Updated perl-Test-Kwalitee to 1.28:
Fix taint-mode tests to accommodate failures with Module::CPANTS::Analyse 0.99 (insecure loading of a backend implementation)
Rebuilt libxml2 (2.9.9), sendmail (8.15.2) and xz (5.2.4) for the Fedora_30_Mass_Rebuild
Tuesday 5th February 2019
Fedora Project
Petr Pisar kindly reviewed and approved my perl-Regexp-Trie package submission
Imported and built perl-Regexp-Trie (0.02) for F-28, F-29, Rawhide, EPEL-6 and EPEL-7
Local Packages
Updated dovecot to 2.3.4.1:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing
ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service)
Updated dovecot (2.2) to 2.2.36.1:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted certificate with missing username field (ssl_cert_username_field), under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing
ssl_cert_username_field setting was ignored with external SMTP AUTH, because none of the MTAs (Postfix, Exim) currently send the cert_username field; this may have allowed users with trusted certificate to specify any username in the authentication (this bug didn't affect Dovecot's Submission service)
pop3_no_flag_updates=no: Don't expunge RETRed messages without QUIT
director: Kicking a user assert-crashes if login process is very slow
lda/lmtp: Fix assert-crash with some Sieve scripts when mail_attachment_detection_options=add-flags-on-save
fs-compress: Using maybe-gz assert-crashed when reading 0 sized file
Snippet generation crashed with invalid Content-Type:multipart
Also updated pigeonhole to 0.4.24.1:
imapsieve: Added imapsieve_expunge_discarded setting, which causes discarded messages to be expunged immediately
Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that modify the message, store the message a second time, rather than replacing the originally stored unmodified message
imapsieve: Fix crash when COPYing mails from a virtual mailbox when the source messages originate from more than a single real mailbox
imap_filter_sieve plugin: Implement the missing UID FILTER command
imap_filter_sieve plugin: Fix FILTER to work with pipelining
Updated perl-Regexp-Trie (0.02) to improve test coverage by running t/01-dict.t (long test) as well as the default tests
Rebuilt libgpg-error (1.33), libidn (1.35), libmetalink (0.1.3), libnet (1.1.6), libxslt (1.1.32), perl-HTML-Tidy (1.60), perl-Moose (2.2011), perl-Mouse (2.5.6) and perl-Perl-Critic (1.132) for the Fedora_30_Mass_Rebuild
Wednesday 6th February 2019
Fedora Project
Updated perl-Perl-PrereqScanner-NotQuiteLite (0.9903) submission to address issues raised in the Fedora package review by Jitka Plesnikova
Switch upstream URL from search.cpan.org to metacpan.org
Build-Require perl(if) for test suite
I also modernized the spec using %make_build and %make_install
Imported and built perl-Perl-PrereqScanner-NotQuiteLite (0.9903) for F-29 and Rawhide
Updated perl-Test-Simple to 1.302162 in Rawhide:
- Remove SHM Optimization
- Typo fixes in documentation
Local Packages
Updated curl to 7.64.0:
CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
CVE-2019-3823: SMTP end-of-response out-of-bounds read
- cookies: Leave secure cookies alone
- hostip: Support wildcard hosts
- http: Implement trailing headers for chunked transfers
- http: Added options for allowing HTTP/0.9 responses
- timeval: Use high resolution timestamps on Windows
- FAQ: Remove mention of sourceforge for github
- OS400: Handle memory error in list conversion
- OS400: Upgrade ILE/RPG binding
- README: Add codacy code quality badge
Revert http_negotiate: do not close connection
- THANKS: Added several missing names from year ≤ 2000
build: Make 'tidy' target work for metalink builds
- cmake: Added checks for variadic macros
cmake: Updated check for HAVE_POLL_FINE to match autotools
- cmake: Use lowercase for function name like the rest of the code
- configure: Detect xlclang separately from clang
configure: Fix recv/send/select detection on Android
configure: Rewrite --enable-code-coverage
- conncache_unlock: Avoid indirection by changing input argument type
- cookie: Fix comment typo
- cookies: Allow secure override when done over HTTPS
- cookies: Extend domain checks to non psl builds
- cookies: Skip custom cookies when redirecting cross-site
curl --xattr: Strip credentials from any URL that is stored
curl -J: Refuse to append to the destination file
curl/urlapi.h: include "curl.h" first
curl_multi_remove_handle() don't block terminating c-ares requests
- darwinssl: Accept setting max-tls with default min-tls
- disconnect: Separate connections and easy handles better
disconnect: Set conn->data for protocol disconnect
docs/version.d: Mention MultiSSL
docs: Fix the --tls-max description
docs: Use $(INSTALL_DATA) to install man page
docs: Use meaningless port number in CURLOPT_LOCALPORT example
- gopher: Always include the entire gopher-path in request
- http2: Clear pause stream id if it gets closed
if2ip: Remove unused function Curl_if_is_interface_name
- libssh: Do not let libssh create socket
libssh: Enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
libssh: free sftp_canonicalize_path() data correctly
libtest/stub_gssapi: Use "real" snprintf
mbedtls: Use VERIFYHOST
- multi: Multiplexing improvements
multi: Set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
- ntlm: Fix NTMLv2 compliance
- ntlm_sspi: Add support for channel binding
openssl: Adapt to 3.0.0, OpenSSL_version_num() is deprecated
- openssl: Fix the SSL_get_tlsext_status_ocsp_resp call
- openvms: Fix OpenSSL discovery on VAX
- openvms: Fix typos in documentation
- os400: Add a missing closing bracket
- os400: Fix extra parameter syntax error
- pingpong: Change default response timeout to 120 seconds
- pingpong: Ignore regular timeout in disconnect phase
- printf: Fix format specifiers
runtests.pl: Fix perl call to include srcdir
- schannel: Fix compiler warning
- schannel: Preserve original certificate path parameter
- schannel: Stop calling it "winssl"
sigpipe: If mbedTLS is used, ignore SIGPIPE
- smb: Fix incorrect path in request if connection reused
- ssh: Log the libssh2 error message when ssh session startup fails
test1558: Verify CURLINFO_PROTOCOL on file:// transfer
- test1561: Improve test name
- test1653: Make it survive torture tests
- tests: Allow tests to pass by 2037-02-12
tests: Move objnames-* from lib into tests
timediff: Fix math for unsigned time_t
timeval: Disable MSVC Analyzer GetTickCount warning
- tool_cb_prg: Avoid integer overflow
- travis: Added cmake build for osx
- urlapi: Fix port parsing of eol colon
- urlapi: Distinguish possibly empty query
- urlapi: Fix parsing ipv6 with zone index
urldata: Rename easy_conn to just conn
winbuild: Conditionally use /DZLIB_WINAPI
- wolfssl: Fix memory-leak in threaded use
- spnego_sspi: Add support for channel binding
Updated perl-Perl-PrereqScanner-NotQuiteLite (0.9903) to switch upstream URL from search.cpan.org to metacpan.org
Updated perl-Test-Simple to 1.302162 as per the Fedora version
Rebuilt c-ares (1.15.0), perl-Net-DNS (1.19) and perl-Specio (0.43) for the Fedora_30_Mass_Rebuild
Thursday 7th February 2019
Fedora Project
Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9904 in Rawhide:
- Made sure to exclude local/core/private modules from feature prereqs
Added scan_also/parser/private options
Local Packages
Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9904 as per the Fedora version
Updated perl-XML-LibXML to 2.0133:
Rebuilt trac-accountmanager-plugin (0.5.0) for the Fedora_30_Mass_Rebuild
Friday 8th February 2019
Fedora Project
Updated perl-Apache-Session-Browseable to 1.3.0 in Rawhide:
Use either Redis::Fast or Redis
Fix error when searchOn is used without fields
Also fix PgHstore error when searchOn is used without fields
Updated perl-DateTime-Format-Strptime to 1.76 in Rawhide:
The ability to set the pattern, time_zone, and locale via accessor methods has been removed; this was deprecated over three years ago in version 1.60 (it also turns out that the setting was actually broken for a long time but no one seemed to notice)
Updated perl-Module-CPANTS-Analyse to 1.00 in Rawhide:
Module::CPANTS::Kwalitee::Uses now uses a different prereq scanner (Perl::PrereqScanner::NotQuiteLite)
- Added new kwalitee metrics:
no_maniskip_error
no_missing_files_in_provides
no_files_to_be_skipped
- Delayed plugin loading
Local Packages
Updated getmail to 5.9:
- Documentation update: add note with workaround for Gmail SSL connections with OpenSSL 1.1.1 and later
- Update copyright dates
Updated perl-DateTime-Format-Strptime to 1.76 as per the Fedora version
Saturday 9th February 2019
Fedora Project
Updated perl-Test-Kwalitee 1.28 in Rawhide:
Fix taint-mode tests to accommodate failures with Module::CPANTS::Analyse 0.99 (insecure loading of a backend implementation)
Sunday 10th February 2019
Fedora Project
Updated gtkwave to 3.3.99 in Rawhide:
Added visible single bit glitches as a yellow dot (if enabled with --rcvar 'vcd_preserve_glitches on')
Fixed print routine broken by bsearch_trunc() optimization in version 3.3.96
Local Packages
Updated gtkwave to 3.3.99 as per the Fedora version
Monday 11th February 2019
Local Packages
Updated curl (7.64.0) to make zsh completion work again
Updated perl-IO-Socket-SSL (2.060) to get the client to send a post-handshake-authentication extension if a client key and a certificate are available (Bug #1632660)
Updated perl-Module-Load to 0.34:
Added SEE ALSO section to documentation (CPAN RT#100575)
Unreachable code clean-up (https://github.com/jib/cpanplus-devel/pull/15)
Updated perl-XML-LibXML to 2.0134:
Fix overzealous POD escaping in the docs' synopses (GH#26)
Tuesday 12th February 2019
Fedora Project
Updated gnome-libs (1.4.2) in Rawhide to fix FTBFS on ARM due to broken library detection
Updated perl-GD to 2.71 in Rawhide:
Skip Test::Fork on freebsd (GH#25)
Local Packages
Updated gnome-libs (1.4.2) as per the Fedora version
Updated nmap (7.70) to fix ipv6 literals parsing in proxy connection
Updated unrar to 5.70 beta 1
Rebuilt geoipupdate (4.0.2), perl-HTML-Lint (2.32), perl-IO-AIO (4.6), perl-MCE (1.838), perl-MIME-Types (2.17) and pptp (1.10.0) for the Fedora_30_Mass_Rebuild
Wednesday 13th February 2019
Local Packages
Updated getmail to 5.10:
- Experimental: When SSL SNI support is present in the underlying Python (and OpenSSL), send SNI by default in the SSL setup; this should work around Gmail's brokenness with TLSv.1.3 connections when SNI is not sent
Thursday 14th February 2019
Local Packages
Updated getmail to 5.11:
Bugfix: The SNI change in version 5.10 did not work correctly with Python < 2.7.13
Updated perl-File-Slurp to 9999.26:
Reduce the size of handle.t to prevent failures on systems with limits set
Skip all tests in the suite that relied on overriding syswrite to test failure mechanisms as CORE::print cannot be overridden
Refactor write_file to use print rather than syswrite:
- When performing an atomic write, make sure we find a good temporary file so that we don't accidentally overwrite a file that may already exist in the working directory
Stop re-working the line endings on write_file when on Windows as the use of print now allows layers to provide that functionality
Add File::Basename, File::Spec, File::Temp, and IO::Handle to the runtime prereqs; these were already testing prereqs and are core
- Perl 5.30 compliance is complete at this point
Friday 15th February 2019
Fedora Project
Updated perl-B-Keywords to 1.20 in Rawhide:
extern was added with 5.29.0c
Updated perl-Cpanel-JSON-XS to 4.09 in Rawhide:
Local Packages
Updated perl-B-Keywords to 1.20 as per the Fedora version
Updated perl-Cpanel-JSON-XS to 4.09 as per the Fedora version
Wednesday 20th February 2019
Fedora Project
Updated perl-Test-Differences to 0.65 in F-30 and Rawhide:
Canonical repo is now https://github.com/DrHyde/perl-modules-Test-Differences
- Fix discrepancies in copyright notices
- Make the tests more consistent
- Add unicode tests
Fix whitespace issue in tests when using recent Test::More in verbose mode
Get rid of Build.PL, just use Makefile.PL
Local Packages
Updated perl-Test-Differences to 0.65 as per the Fedora version
Thursday 21st February 2019
Local Packages
Updated perl-Mail-IMAPClient to 3.41:
unseen(), messages() and related POD clean-up (CPAN RT#128220)
parse_message() minor code/POD clean-up (CPAN RT#128264)
Verb missing in messages() POD (CPAN RT#128215)
Simplify capability handling via has_capability enhancements (CPAN RT#127271):
has_capability() success returns true with server response data, not always '1'
Enhanced t/capability.t test cases
Updated POD for capability() and has_capability()
Use of IO::Socket::IP led to connect(empty args) regression (CPAN RT#122373)
Fix minor POD typo for search() (CPAN RT#128127)
folders()/subscribed() remove mailboxes with \Noselect attribute
fetch_hash() remove quotes around header names (seen with outlook.com)
Use first over grep for minor efficiency gains
- Other minor POD cleanup
Friday 22nd February 2019
Fedora Project
Updated perl-JSON-PP to 4.01 in F-30 and Rawhide:
Allow to pass indent_length to json_pp (GH#46)
Local Packages
Updated perl-JSON-PP to 4.01 as per the Fedora version
Updated perl-Module-CoreList to 5.20190220:
- Updated for v5.29.8
Updated unrar to 5.70 beta 2
Saturday 23rd February 2019
Fedora Project
Updated perl-IO-Socket-SSL to 2.061 in F-30 and Rawhide:
Support for TLS 1.3 session reuse (needs Net::SSLeay ≥ 1.86); note that the previous (and undocumented) API for the session cache has been changed
Support for multiple curves, automatic setting of curves and setting of supported curves in client (needs Net::SSLeay ≥ 1.86)
Enable Post-Handshake-Authentication (TLSv1.3 feature) client-side when client certificates are provided (needs Net::SSLeay ≥ 1.86)
Updated perl-JSON-PP to 4.02 in F-30 and Rawhide:
Fix a test that breaks if perl is compiled with -Dquadmath (CPAN RT#128589)
Updated perl-JSON to 4.02 in F-30 and Rawhide:
Fix a test that breaks if perl is compiled with -Dquadmath (CPAN RT#128589)
Local Packages
Updated perl-IO-Socket-SSL to 2.061 as per the Fedora version
Updated perl-JSON-PP to 4.02 as per the Fedora version
Updated perl-JSON to 4.02 as per the Fedora version
Monday 25th February 2019
Fedora Project
Updated golang-github-gofrs-flock to 0.7.1 in F-30 and Rawhide:
Fix linting issues and add goreportcard badge (GH#35)
Updated perl-IO-Socket-SSL to 2.062 in F-30 and Rawhide:
Enable X509_V_FLAG_PARTIAL_CHAIN if supported by Net::SSLeay (1.83+) and OpenSSL (1.1.0+); this makes leaf certificates or intermediate certificates in the trust store be usable as full trust anchors too
Updated perl-JSON-XS to 4.01 in F-30 and Rawhide:
- Fix some stack corruption caused mostly when calling methods in list context
Updated perl-Math-Pari to 2.030508 in F-30 and Rawhide (mainly in-progress work with more recent pari versions)
Local Packages
Updated curl (7.64.0) to prevent NetworkManager from leaking file descriptors (Bug #1680198)
Updated getmail to 5.13:
Bugfix: The SNI changes in versions 5.10 and 5.11 did not work correctly with Python < 2.7
Updated perl-IO-Socket-SSL to 2.062 as per the Fedora version
Updated perl-JSON-XS to 4.01 as per the Fedora version
Updated perl-Mail-IMAPClient to 3.42:
has_capability() changes in 3.41 broke imap4rev1() (CPAN RT#128595)
Updated http:// to https:// URLs for referenced resources
- Updated copyright for 2019
Tuesday 26th February 2019
Fedora Project
Updated perl-AnyEvent to 7.15 in F-30 and Rawhide:
Incompatible Change: AnyEvent::Handle's tls_detect documentation gave separate major and minor versions, while code passed only a single value; this version follows the documentation and now passes separate major and minor values
Work around Net::SSLeay not having been ported to openssl 1.1, but many distributions compiling it against openssl 1.1, which unfortunately succeeds and results in a very broken module
AnyEvent::DNS::dns_unpack now stores the original DNS packet in the __ member, to allow decoding of undecodable resource records containing compressed domain names
AnyEvent::Socket::parse_ipv6 would not, as advertised, accept ipv4 addresses; it now does and converts them to ipv4 mapped addresses
- Support CAA records
- Add freenom and cloudflare nameservers as DNS fallback
AnyEvent::Strict would not properly ward against io watchers on files when the handle passed was a file descriptor
- Document "internal" variables used by the DNS en-/decoder to allow enterprising users to extend them in a semi-official way
Local Packages
Updated perl-AnyEvent to 7.15 as per the Fedora version
Updated perl-Text-Template to 1.55:
Improve AppVeyor tests for older Perls
Check for Test::More 0.94 and skip tests if not installed where done_testing() is used
Improve workaround for broken Win32 File::Temp taint failure
Skip/todo tests that fail under Devel::Cover
Add checks and skip_all checks for non-core test modules
Wednesday 27th February 2019
Local Packages
Updated unrar to 5.70
Thursday 28th February 2019
Fedora Project
Updated perl-Test-Differences to 0.66 in F-30 and Rawhide:
- Fix tests on Windows
Local Packages
Updated curl (7.64.0) to fix NULL dereference if flushing cookies with no CookieInfo set (Bug #1683676)
Updated perl-Test-Differences to 0.66 as per the Fedora version
Previous Month: January 2019
Next Month: March 2019