Paul's Blog Entries for March 2019
Saturday 2nd March 2019
Fedora Project
Updated perl-IO-Socket-SSL to 2.063 in F-30 and Rawhide:
- Support for both RSA and ECDSA certificate on same domain
Update PublicSuffix
Refuse to build if Net::SSLeay is compiled with one version of !OpenSSL but then linked against another API-incompatible version (i.e. more than just the patchlevel differs)
Updated perl-Math-Pari to 2.030509 in F-30 and Rawhide (more work-in-progress on compatibility with more recent pari versions)
Local Packages
Updated perl-IO-Socket-SSL to 2.063 as per the Fedora version
Sunday 3rd March 2019
Fedora Project
Updated perl-Data-UUID to 1.224 in F-30 and Rawhide:
Properly quote C strings passed in DEFINE
- Fix memory leak by decreasing reference count
Use File::Spec to get tmpdir instead of hardcoding
Local Packages
Updated perl-Data-UUID to 1.224 as per the Fedora version
Monday 4th March 2019
Fedora Project
Updated perl-DateTime-Format-Builder to 0.8200 in F-30 and Rawhide:
Removed use of Class::Factory::Util, which isn't really needed
Updated perl-IO-AIO to 4.7 in F-30 and Rawhide:
Significantly speed up scandir for the very special case of a non-POSIX filesystem that nevertheless reports valid dt_type information; the only known filesystem of this type is currently btrfs, which didn't get its act together to implement POSIX semantics in all these years
Add IO::AIO::MCL_ONFAULT for mlockall, add IO::AIO::mlockall
Neither sys/mkdev.h nor sys/sysmacros.h were included, even when they were detected by autoconf
Updated perl-IO-Socket-SSL to 2.064 in F-30 and Rawhide:
Make algorithm for fingerprint optional, i.e. detect based on length of fingerprint (CPAN RT#127773)
Fix t/sessions.t and improve stability of t/verify_hostname.t on Windows
Use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are set
- Update fingerprints for live tests
Local Packages
Updated perl-DateTime-Format-Builder to 0.8200 as per the Fedora version
Updated perl-IO-AIO to 4.7 as per the Fedora version
Updated perl-IO-Socket-SSL to 2.064 as per the Fedora version
Wednesday 6th March 2019
Fedora Project
Updated perl-IO-Socket-SSL to 2.066 in F-30 and Rawhide:
Make sure that Net::SSLeay::CTX_get0_param is defined before using X509_V_FLAG_PARTIAL_CHAIN; Net::SSLeay 1.85 defined only the second with LibreSSL 2.7.4 but not the first (CPAN RT#128716)
- Prefer AES for server side cipher default since it is usually hardware-accelerated
Fix test t/verify_partial_chain.t by using the newly exposed function can_partial_chain instead of guessing (wrongly) if the functionality is available
Updated perl-JSON-XS to 4.02 in F-30 and Rawhide:
- Undo the fix from 4.01, which breaks more things than it fixes
- Try a proper fix this time
Local Packages
Updated dovecot (2.3.x):
Updated dovecot to 2.3.5:
Lua push notification driver: mail keywords and flags are provided in MessageNew and MessageAppend events
- Submission: Implement support for plugins
auth: When auth_policy_log_only=yes, only log what the policy server response would do without actually doing it
auth: Always log policy server decisions with auth_verbose=yes
- v2.3.[34]: doveadm log errors: Output was missing user/session
- lda: Debug log lines could have shown slightly corrupted
login proxy: Login processes may have crashed in various ways when login_proxy_max_disconnect_delay was set
imap: Fix crash with Maildir+zlib if client disconnects during APPEND
lmtp proxy: Fix potential assert-crash
- lmtp/submission: Fix crash when SMTP client transaction times out
Submission: Split large XCLIENT commands to 512 bytes per command, so Postfix accepts them
Submission: Fix crash when client sends invalid BURL command
Submission: relay backend: VRFY command: Avoid forwarding 500 and 502 replies back to client
lib-http: Fix potential assert-crash when DNS lookup fails
- lib-fts: Fix search query generation when one language ignores a token (e.g. via stopwords)
Updated pigeonhole to 0.5.5:
IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting that causes messages discarded by an IMAPSieve script to be expunged immediately, rather than only being marked as "\Deleted" (which is still the default behaviour)
IMAPSieve: Fix panic crash occurring when a COPY command copies messages from a virtual mailbox where the source messages originate from more than a single real mailbox
- imap4flags extension: Fix deleting all keywords; when the action resulted in all keywords being removed, no changes were actually applied
- variables extension: Fix truncation of UTF-8 variable content; the maximum size of Sieve variables was enforced by truncating the variable string content bluntly at the limit, but this does not consider UTF-8 code point boundaries, which resulted in broken UTF-8 strings
IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message; Sieve scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that modify the message, stored the message a second time, rather than replacing the originally stored unmodified message
Fix segmentation fault occurring when both the sieve_extprograms plugin (for the Sieve interpreter) and the imap_filter_sieve plugin (for IMAP) are loaded at the same time; a symbol was defined by both plugins, causing a clash when both were loaded
Updated perl-IO-Socket-SSL to 2.066 as per the Fedora version
Updated perl-JSON-XS to 4.02 as per the Fedora version
Thursday 7th March 2019
Fedora Project
Updated perl-Test-Differences to 0.67 in F-30 and Rawhide:
- Correctly compare subroutine references
Local Packages
- Repository now available for Fedora 30 development branch
Updated perl-Test-Differences to 0.67 as per the Fedora version
Friday 8th March 2019
Local Packages
Updated perl-Capture-Tiny (0.48), perl-CPAN-Meta-Requirements (2.140), perl-File-chdir (0.1011), perl-Params-Validate (1.29) and perl-Sub-Uplevel (0.28) to work around mock locale issues by adding build requirement glibc-langpack-en when running test suites
Updated perl-Crypt-Cracklib (1.7) and py-bcrypt (0.4) to add build requirement gcc
Rebuilt perl-DBI (1.642) for the Fedora_30_Mass_Rebuild
Rebuilt perl-Term-ReadLine-Gnu (1.36) for readline 8 in F-30 and Rawhide
Sunday 10th March 2019
Fedora Project
Updated perl-IO-AIO to 4.71 in F-30 and Rawhide:
Due to an error in the linux manpages, the configure tests for readahead, sync_file_range, splice etc. failed; this has been fixed
Local Packages
Updated perl-IO-AIO to 4.71 as per the Fedora version
Updated perl-Test-Spelling (0.20) and perl-Try-Tiny (0.30) to work around mock locale issues by adding build requirement glibc-langpack-en when running test suites
Monday 11th March 2019
Local Packages
Updated perl-strictures to 2.000006:
- Update internal list of warnings for categories added in blead (v5.29.9)
Fix extras test to avoid any files in the temp directory's parent directories interfering (CPAN RT#128751)
Updated perl-Sub-Quote to 2.006003:
Don't test threads behaviour on perl < 5.8.5, since they are too unstable
- More tests
Preserve inf, nan, and false in quotify
- Improve accuracy of quotified floating point numbers
SUB_QUOTE_DEBUG can now be set to sub names, package names, or a regex to match against the code to filter which generated subs are printed to STDERR
- Avoid warnings or failures on new perls when testing quoting UTF-8 strings
Test quotify output under utf8 pragma
Fix quoting of negative NaN
Fix quotifying of backslashes in utf8-flagged strings on perl 5.10.0
Tuesday 12th March 2019
Fedora Project
Updated perl-true to 1.0.1 in F-30 and Rawhide:
Fix breakage when using Moo/Moose and Function::Parameters on perl < 5.24 (CPAN RT#124745)
Add t/rt-124745.t
Update ppport.h from 3.19 → 3.44
License changed from (GPL+ or Artistic) to Artistic 2.0
Local Packages
New package perl-Dir-Self (0.11)
New package perl-Function-Parameters (2.1.3)
Updated perl-true to 1.0.1 as per the Fedora version
Rebuilt xv (3.10a) for the Fedora_30_Mass_Rebuild
Thursday 14th March 2019
Fedora Project
Updated perl-MetaCPAN-Client to 2.026000 in F-30 and Rawhide:
Local Packages
Updated perl-MetaCPAN-Client to 2.026000 as per the Fedora version
Saturday 16th March 2019
Fedora Project
Updated perl-Text-CSV_XS to 1.39 in F-30 and Rawhide:
- It's 2019
Fix tests to skip on Encode failing (GH#17)
- Tested on Z/OS (s390x - Hercules)
Test with new Module::CPANTS::Analyse
Add options -w/-b/-Z to csvdiff
Fix strict on streaming EOF
Now also tested with cperl
Local Packages
Updated c-ares (1.15.0) to use cmake to build (from Fedora 30) so we get cmake helpers (Bug #1687844)
Updated perl-Text-CSV_XS to 1.39 as per the Fedora version
Sunday 17th March 2019
Local Packages
Updated perl-Test2-Suite to 0.000119:
Allow meta-checks in bag/array/hash
Monday 18th March 2019
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.10 in F-30 and Rawhide:
Local Packages
Updated perl-Cpanel-JSON-XS to 4.10 as per the Fedora version
Tuesday 19th March 2019
Fedora Project
Updated libssh2 to 1.8.1 in F-28, F-29, F-30 and Rawhide:
Fixed possible integer overflow when reading a specially crafted packet (CVE-2019-3855)
Fixed possible integer overflow in userauth_keyboard_interactive with a number of extremely long prompt strings (CVE-2019-3863)
Fixed possible integer overflow if the server sent an extremely large number of keyboard prompts (CVE-2019-3856)
Fixed possible out of bounds read when processing a specially crafted packet (CVE-2019-3861)
Fixed possible integer overflow when receiving a specially crafted exit signal message channel packet (CVE-2019-3857)
Fixed possible out of bounds read when receiving a specially crafted exit status message channel packet (CVE-2019-3862)
Fixed possible zero byte allocation when reading a specially crafted SFTP packet (CVE-2019-3858)
Fixed possible out of bounds reads when processing specially crafted SFTP packets (CVE-2019-3860)
Fixed possible out of bounds reads in _libssh2_packet_require(v) (CVE-2019-3859)
I added a patch to fix a mis-applied patch in the fix of CVE-2019-3859
Updated perl-Math-Pari to 2.030510 in F-30 and Rawhide
Local Packages
Updated libssh2 to 1.8.1 as per the Fedora version
Thursday 21st March 2019
Local Packages
bw-whois has been retired by its author so I won't be building it for Fedora 30 onwards
Updated curl (7.64.0) to avoid spurious "Could not resolve host: [host name]" error messages
Updated perl-Module-CoreList to 5.20190320:
- Updated for v5.29.9
Friday 22nd March 2019
Fedora Project
Updated gtkwave to 3.3.100 in F-30 and Rawhide:
- FSDB fix for variable declarations of array of reals
Added Real, Time, Enum, and Popcnt flags to Edit/Show-Change
Ensure Show-Change regenerates analog traces
- Added braces inside Tcl source command to allow spaces in filenames for Tcl scripts
Local Packages
Updated gtkwave to 3.3.100 as per the Fedora version
Sunday 24th March 2019
Fedora Project
Updated milter-greylist (4.6.2) in F-28, F-29, F-30 and Rawhide to make the /run/milter-greylist directory owned by root to avoid need for the dac_override capability (Bug #1678038)
Updated milter-regex (2.2) in F-28, F-29, F-30 and Rawhide to make the /var/spool/milter-regex directory owned by root to avoid need for the dac_override capability (Bug #1678040)
Updated perl-Math-Pari to 2.030512 in F-30 and Rawhide
Updated smf-sav (2.1) and smf-spf (2.0.2) to fix permissions of /run/smfs so that the dac_read_search capability is not needed during milter start-up
Local Packages
Updated perl-Net-DNS to 1.20:
Provide a more informative exception report if application code has no "use Net::DNS::SEC" declaration but nevertheless attempts to invoke the DNSSEC sign or verify features (CPAN RT#127307)
Recurse.pm failed to resolve domain "kickboxingireland.ie" (CPAN RT#128081)
Revise documentation examples to use AAAA instead of A records
- TSIG MAC representation changed to Base64 (align with BIND)
Update Parameters.pm to resync with IANA registry
- Refactor resolver test scripts
Updated perl-XML-LibXML to 2.0200:
Convert to use Alien::Libxml2 (GH#30)
Since Alien::Libxml2 is very heavy in terms of dependencies, I patched the build system to use ExtUtils::PkgConfig instead
Monday 25th March 2019
Fedora Project
Updated perl-Math-Pari to 2.030513 in Rawhide
Local Packages
Updated curl (7.64.0) to remove verbose "Expire in" ... messages (Bug #1690971)
Tuesday 26th March 2019
Fedora Project
Updated libssh2 to 1.8.2 in F-30 and Rawhide:
- Fixed the misapplied userauth patch that broke 1.8.1
Moved the MAX size declarations from the public header
Updated perl-Math-Pari to 2.030514 in Rawhide
Local Packages
Updated libssh2 to 1.8.2 as per the Fedora version
Wednesday 27th March 2019
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.11 in F-30 and Rawhide:
Fix unicode strings with BOM corrupt ->utf8 state (GH#125); the BOM encoding affects only its very own decode call, not its object
Local Packages
Updated curl to 7.64.1:
- alt-svc: Experimental support added
configure: Add --with-amissl
AppVeyor: Add MinGW-w64 and classic Mingw builds
AppVeyor: Switch VS 2015 builds to VS 2017 image
CURLU: Fix NULL dereference when used over proxy
Curl_easy: Remove req.maxfd - never used!
Curl_now: Figure out windows version in win32_init
Curl_resolv: Fix a gcc -Werror=maybe-uninitialized warning
- DoH: Inherit some SSL options from user's easy handle
- Secure Transport: No more "darwinssl"
- Secure Transport: tvOS 11 is required for ALPN support
- cirrus: Added FreeBSD builds using Cirrus CI
- cleanup: Make local functions static
cli tool: Do not use mime.h private structures
cmdline-opts/proxytunnel.d: The option tunnels all protocols
configure: Add additional libraries to check for LDAP support
configure: Remove the unused fdopen macro
configure: Show features as well in the final summary
conncache: Use conn->data to know if a transfer owns it
connection: Never reuse CONNECT_ONLY connections
connection_check: Restore original conn->data after the check
connection_check: Set ->data to the transfer doing the check
- cookie: Add support for cookie prefixes
- cookies: Dotless names can set cookies again
cookies: Fix NULL dereference if flushing cookies with no CookieInfo set
curl.1: --user and --proxy-user are hidden from ps output
curl.1: Mark the argument to --cookie as <data|filename>
curl.h: Use __has_declspec_attribute for shared builds
curl: Display --version features sorted alphabetically
curl: Fix FreeBSD compiler warning in the --xattr code
curl: Remove MANUAL from -M output
curl_easy_duphandle.3: Clarify that a dup-ed handle has no shares
curl_multi_remove_handle.3: Use at any time, just not from within callbacks
curl_url.3: This API is not experimental any more
- dns: Release sharelock as soon as possible
docs: Update max-redirs.d phrasing
easy: Fix win32 init to work without CURL_GLOBAL_WIN32
examples/10-at-a-time.c: Improve readability and simplify
examples/cacertinmem.c: Use multiple certificates for loading CA-chain
examples/crawler: Fix the Accept-Encoding setting
examples/ephiperfifo.c: Various fixes
examples/externalsocket: Add missing close socket calls
examples/http2-download: Cleaned up
examples/http2-serverpush: Add some sensible error checks
examples/http2-upload: Cleaned up
examples/httpcustomheader: Value stored to 'res' is never read
examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
examples/sftpuploadresume: Value stored to 'result' is never read
examples: Only include <curl/curl.h>
examples: Remove recursive calls to curl_multi_socket_action
- examples: Remove superfluous null-pointer checks
- file: Fix "Checking if unsigned variable 'readcount' is less than zero"
fnmatch: Disable if FTP is disabled
gnutls: Remove call to deprecated gnutls_compression_get_name
gopher: Remove check for path == NULL
- gssapi: Fix deprecated header warnings
hostip: Make create_hostcache_id avoid alloc + free
http2: multi_connchanged() moved from multi.c, only used for h2
http2: Verify :authority in push promise requests
- http: Make adding a blank header thread-safe
- http: Send payload when (proxy) authentication is done
http: Set state.infilesize when sending multipart formposts
makefile: Make checksrc and hugefile commands "silent"
mbedtls: Make it build even if MBEDTLS_VERSION_C isn't set
mbedtls: Release sessionid resources on error
- memdebug: Log pointer before freeing its data
memdebug: Make debug-specific functions use curl_dbg_ prefix
mime: Put the boundary buffer into the curl_mime struct
multi: Call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
- multi: Remove verbose "Expire in" ... messages
- multi: Removed unused code for request retries
- multi: Support verbose conncache closure handle
- negotiate: Fix for HTTP POST with Negotiate
- openssl: Add support for TLS ASYNC state
openssl: If cert type is ENG and no key specified, key is ENG too
pretransfer: Don't strlen() POSTFIELDS set for GET requests
- rand: Fix a mismatch between comments in source and header
runtests: Detect "schannel" as an alias for "winssl"
- schannel: Be quiet - remove verbose output
- schannel: Close TLS before removing conn from cache
schannel: Support CALG_ECDH_EPHEM algorithm
scripts/completion.pl: Also generate fish completion file
singlesocket: Fix the 'sincebefore' placement
source: Fix two 'nread' may be used uninitialized warnings
ssh: Fix Condition '!status' is always true
- ssh: Loop the state machine if not done and not blocking
strerror: Make the strerror function use local buffers
system_win32: Move win32_init here from easy.c
test578: Make it read data from the correct test
- tests: Fixed XML validation errors in some test files
tests: Add stderr comparison to the test suite
- tests: Fix multiple may be used uninitialized warnings
- threaded-resolver: Shut down the resolver thread without error message
tool_cb_wrt: Fix writing to Windows null device NUL
tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
tool_operate: Build on AmigaOS
tool_operate: Fix typecheck warning
transfer.c: Do not compute length of undefined hex buffer
travis: Add build using gnutls
- travis: Add scan-build
- travis: Bump the used wolfSSL version to 4.0.0
travis: Enable valgrind for the iconv tests
travis: Use updated compiler versions: clang 7 and gcc 8
unit1307: Require FTP support
unit1651: Survive curl_easy_init() fails
url/idnconvert: Remove scan for ≤ 32 ascii values
url: Change conn shutdown order to ensure SOCKETFUNCTION callbacks
urlapi: Reduce variable scope, remove unreachable 'break'
- urldata: Convert bools to bitfields and move to end
- urldata: Simplify byte counters
- urlglob: Argument with 'nonnull' attribute passed null
version.c: Silent scan-build even when librtmp is not enabled
- vtls: Rename some of the SSL functions
- wolfssl: Stop custom-adding curves
- x509asn1: "Dereference of null pointer"
- x509asn1: Clean up and unify code layout
zsh.pl: Escape ':' character
zsh.pl: Update regex to better match curl -h output
Updated perl-Cpanel-JSON-XS to 4.11 as per the Fedora version
Updated perl-DateTime-TimeZone to 2.34:
- This release is based on version 2019a of the Olson database
- Contemporary changes for Palestine and Metlakatla, Alaska
Updated perl-Net-SSLeay to 1.86_09 (see Changes file for details)
Thursday 28th March 2019
Fedora Project
Updated perl-Math-Pari to 2.030515 in Rawhide
Friday 29th March 2019
Local Packages
Saturday 30th March 2019
Fedora Project
Updated perl-BerkeleyDB to 0.60 in F-30 and Rawhide:
- Updates for BDB 6.2 and BDB 6.3
Expose set_lg_filemode (CPAN RT#124979)
Added meta-json.t and meta-yaml.t
Moved source to github: https://github.com/pmqs/BerkeleyDB
Add META_MERGE to Makefile.PL
I added a patch to fix a couple of typos (GH#1)
Updated perl-Net-SSLeay (1.86_09) in Rawhide to get libraries to link against from pkg-config (GH#127)
Local Packages
Updated dovecot (2.2) to 2.2.36.3 and dovecot (2.3) to 2.3.5.1:
CVE-2019-7524: Missing input buffer size validation leads into arbitrary buffer overflow when reading fts or pop3 uidl header from Dovecot index; exploiting this requires direct write access to the index files
Updated perl-BerkeleyDB to 0.60 as per the Fedora version
Updated perl-Net-SSLeay (1.86_09) as per the Fedora version
Sunday 31st March 2019
Fedora Project
Updated perl-BerkeleyDB to 0.61 in F-30 and Rawhide:
Fix a couple of typos (GH#1)
Local Packages
Updated perl-BerkeleyDB to 0.61 as per the Fedora version
Previous Month: February 2019
Next Month: April 2019