PaulHowarth/Blog/2019-02-06

Wednesday 6th February 2019

Fedora Project

  • Updated perl-Perl-PrereqScanner-NotQuiteLite (0.9903) submission to address issues raised in the Fedora package review by Jitka Plesnikova

    • Switch upstream URL from search.cpan.org to metacpan.org

    • Build-Require perl(if) for test suite

  • I also modernized the spec using %make_build and %make_install

  • Imported and built perl-Perl-PrereqScanner-NotQuiteLite (0.9903) for F-29 and Rawhide

  • Updated perl-Test-Simple to 1.302162 in Rawhide:

    • Remove SHM Optimization
    • Typo fixes in documentation

Local Packages

  • Updated curl to 7.64.0:

    • CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

    • CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow

    • CVE-2019-3823: SMTP end-of-response out-of-bounds read

    • cookies: Leave secure cookies alone
    • hostip: Support wildcard hosts
    • http: Implement trailing headers for chunked transfers
    • http: Added options for allowing HTTP/0.9 responses
    • timeval: Use high resolution timestamps on Windows
    • FAQ: Remove mention of sourceforge for github
    • OS400: Handle memory error in list conversion
    • OS400: Upgrade ILE/RPG binding
    • README: Add codacy code quality badge

    • Revert http_negotiate: do not close connection

    • THANKS: Added several missing names from year ≤ 2000

    • build: Make 'tidy' target work for metalink builds

    • cmake: Added checks for variadic macros

    • cmake: Updated check for HAVE_POLL_FINE to match autotools

    • cmake: Use lowercase for function name like the rest of the code
    • configure: Detect xlclang separately from clang

    • configure: Fix recv/send/select detection on Android

    • configure: Rewrite --enable-code-coverage

    • conncache_unlock: Avoid indirection by changing input argument type
    • cookie: Fix comment typo
    • cookies: Allow secure override when done over HTTPS
    • cookies: Extend domain checks to non psl builds
    • cookies: Skip custom cookies when redirecting cross-site

    • curl --xattr: Strip credentials from any URL that is stored

    • curl -J: Refuse to append to the destination file

    • curl/urlapi.h: include "curl.h" first

    • curl_multi_remove_handle() don't block terminating c-ares requests

    • darwinssl: Accept setting max-tls with default min-tls
    • disconnect: Separate connections and easy handles better

    • disconnect: Set conn->data for protocol disconnect

    • docs/version.d: Mention MultiSSL

    • docs: Fix the --tls-max description

    • docs: Use $(INSTALL_DATA) to install man page

    • docs: Use meaningless port number in CURLOPT_LOCALPORT example

    • gopher: Always include the entire gopher-path in request
    • http2: Clear pause stream id if it gets closed

    • if2ip: Remove unused function Curl_if_is_interface_name

    • libssh: Do not let libssh create socket

    • libssh: Enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh

    • libssh: free sftp_canonicalize_path() data correctly

    • libtest/stub_gssapi: Use "real" snprintf

    • mbedtls: Use VERIFYHOST

    • multi: Multiplexing improvements

    • multi: Set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time

    • ntlm: Fix NTMLv2 compliance
    • ntlm_sspi: Add support for channel binding

    • openssl: Adapt to 3.0.0, OpenSSL_version_num() is deprecated

    • openssl: Fix the SSL_get_tlsext_status_ocsp_resp call
    • openvms: Fix OpenSSL discovery on VAX
    • openvms: Fix typos in documentation
    • os400: Add a missing closing bracket
    • os400: Fix extra parameter syntax error
    • pingpong: Change default response timeout to 120 seconds
    • pingpong: Ignore regular timeout in disconnect phase
    • printf: Fix format specifiers

    • runtests.pl: Fix perl call to include srcdir

    • schannel: Fix compiler warning
    • schannel: Preserve original certificate path parameter
    • schannel: Stop calling it "winssl"

    • sigpipe: If mbedTLS is used, ignore SIGPIPE

    • smb: Fix incorrect path in request if connection reused
    • ssh: Log the libssh2 error message when ssh session startup fails

    • test1558: Verify CURLINFO_PROTOCOL on file:// transfer

    • test1561: Improve test name
    • test1653: Make it survive torture tests
    • tests: Allow tests to pass by 2037-02-12

    • tests: Move objnames-* from lib into tests

    • timediff: Fix math for unsigned time_t

    • timeval: Disable MSVC Analyzer GetTickCount warning

    • tool_cb_prg: Avoid integer overflow
    • travis: Added cmake build for osx
    • urlapi: Fix port parsing of eol colon
    • urlapi: Distinguish possibly empty query
    • urlapi: Fix parsing ipv6 with zone index

    • urldata: Rename easy_conn to just conn

    • winbuild: Conditionally use /DZLIB_WINAPI

    • wolfssl: Fix memory-leak in threaded use
    • spnego_sspi: Add support for channel binding

  • Updated perl-Perl-PrereqScanner-NotQuiteLite (0.9903) to switch upstream URL from search.cpan.org to metacpan.org

  • Updated perl-Test-Simple to 1.302162 as per the Fedora version

  • Rebuilt c-ares (1.15.0), perl-Net-DNS (1.19) and perl-Specio (0.43) for the Fedora_30_Mass_Rebuild

Recent