Paul's Blog Entries for May 2019
Wednesday 1st May 2019
Local Packages
Updated dovecot (2.3):
Updated dovecot to 2.3.6:
CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting
CVE-2019-11499: Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent
auth: Support password grant with passdb oauth2
- Use system default CAs for outbound TLS connections
- Simplify array handling with new helper macros
fts_solr: Enable configuring batch_size and soft_commit features
lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when XCLIENT commands were sent infinitely to the remote server
- lmtp/submission: Forwarded multi-line replies were erroneously sent as two replies to the client
lib-smtp: client: Message was not guaranteed to contain CRLF consistently when CHUNKING was used
fts_solr: Plugin was no longer compatible with Solr 7
Make it possible to disable certificate checking without setting ssl_client_ca_* settings
pop3c: SSL support was broken
- mysql: Closing connection twice lead to crash on some systems
- auth: Multiple oauth2 passdbs crashed auth process on deinit
- HTTP client connection errors infrequently triggered a segmentation fault when the connection was idle and not used for a particular client instance
Updated pigeonhole to 0.5.6:
sieve: Redirect loop prevention is sometimes ineffective; improve existing loop detection by also recognizing the X-Sieve-Redirected-From header in incoming messages and dropping redirect actions when it points to the sending account (this header is already added by the redirect action, so this improvement only adds an additional use of this header)
- sieve: Prevent execution of implicit keep upon temporary failure occurring at runtime
Friday 3rd May 2019
Fedora Project
Updated ORBit (0.5.17) in Rawhide to remove hardcoded gzip suffix from GNU info pages and adjust scriptlets accordingly
Local Packages
Updated ORBit (0.5.17) as per the Fedora version
Saturday 4th May 2019
Fedora Project
Wednesday 8th May 2019
Fedora Project
Updated perl-Array-Diff to 0.08 in Rawhide:
Switched to Dist::Zilla
Added version dependency for Algorithm::Diff in Array/Diff.pm
Added a bunch of entries to SEE ALSO
Local Packages
Updated nmap (7.70) to fix double free when ssh connection fails
Updated perl-Array-Diff to 0.08 as per the Fedora version
Updated perl-Test2-Suite to 0.000121:
- Tracking for mocked methods
- Include raw table in facet data when compare fails
Thursday 9th May 2019
Local Packages
Updated curl (7.64.1) not to treat failure of gss_init_sec_context() with --negotiate as fatal
Friday 10th May 2019
Fedora Project
Updated perl-Array-Diff to 0.09 in Rawhide:
Set minimum Perl version in metadata (GH#1)
Clarified in the documentation that the arrays must be sorted (CPAN RT#39184)
Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9905 in Rawhide:
Changed scan-perl-prereqs-nqlite to use only :bundled parsers by default
Added perl_minimum_version option
- Added feature pragma arg parser
Added indented heredoc and <<$fh>> support
Fixed eval shortcut handling
- Fixed parsers to treat several keywords as ops
Fixed various small parser issues (//, regexp after return, heredoc terminator, package version/block, when modifier etc.)
- Renamed internal flags
Local Packages
Updated perl-Array-Diff to 0.09 as per the Fedora version
Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9905 as per the Fedora version
Saturday 11th May 2019
Fedora Project
Updated perl-Net-SSLeay to 1.88 in Rawhide:
- Summary of major changes since version 1.85
Mike McCauley has stepped down as maintainer: the new maintainers are Chris Novakovic, Heikki Vatiainen and Tuure Vartiainen
The source code has moved from the now-defunct Debian Subversion server (alioth.debian.org) to GitHub
Net-SSLeay is provided under the terms of the Artistic License 2.0; this has been the case since version 1.66, but references to other licenses remained in the source code, causing ambiguity
Perl 5.8.1 or newer is now required to use Net-SSLeay; this has already been the case for some time in practice, as the test suite hasn't fully passed on Perl 5.6 for several years
- Much-improved compatibility with OpenSSL 1.1.1, and improved support for TLS 1.3
Fixed a long-standing bug in cb_data_advanced_put() that caused memory leaks when callbacks were frequently added and removed
- Support in the test suite for "hardened" OpenSSL configurations that set a default security level of 2 or higher (e.g., in the OpenSSL packages that ship with recent versions of Debian, Fedora and Ubuntu)
Updated perl-YAML to 1.29 in Rawhide:
Fix regex for alias to match the one for anchors (GH#214)
Local Packages
Updated perl-Net-SSLeay to 1.88 as per the Fedora version
Updated perl-YAML to 1.29 as per the Fedora version
Wednesday 15th May 2019
Fedora Project
Updated perl-Net-CIDR to 0.20 in EPEL-6 and EPEL-7 for better IPv6 supprt
Updated perl-PPI to 1.265 in Rawhide:
- Simplified a code construct
Local Packages
Updated perl-PPI to 1.265 as per the Fedora version
Thursday 16th May 2019
Fedora Project
Updated perl-PPI to 1.268 in Rawhide:
- Prevent heredoc terminator detection triggering regex errors
Make PPI::Test::Run more OS-agnostic
- Fix a broken link in the pod
- Small clean-ups
Local Packages
Updated perl-PPI to 1.268 as per the Fedora version
Sunday 19th May 2019
Fedora Project
Updated perl-PPI to 1.269 in Rawhide:
- Many small documentation improvements
Updated perl-YAML-LibYAML to 0.78 in Rawhide:
Fix double free/core dump when Dump()ing binary data (GH#91)
Update config.h from libyaml
Local Packages
Updated perl-PPI to 1.269 as per the Fedora version
Updated perl-Test2-Suite to 0.000122:
Fix diag issues with ClassicCompare
Updated perl-YAML-LibYAML to 0.78 as per the Fedora version
Tuesday 21st May 2019
Fedora Project
Updated perl-MailTools to 2.21 in Rawhide:
- Fix metadata
Add more to the README
Add Mail::Mailer option StartSSL for smtp backend (CPAN RT#125871)
Deprecate Mail::Mailer backend smtps
Document need for escaping docs for Mail::Send (CPAN RT#129627)
Document limit on parameters for Mail::Send::new() (CPAN RT#129633)
Local Packages
Updated perl-MailTools to 2.21 as per the Fedora version
Wednesday 22nd May 2019
Fedora Project
Updated perl-Test-Spelling to 0.23 in Rawhide:
Local Packages
Updated curl to 7.65.0:
CURLOPT_DNS_USE_GLOBAL_CACHE: removed
CURLOPT_MAXAGE_CONN: Set the maximum allowed age for connection reuse
- pipelining: Removed
CVE-2019-5435: Integer overflows in curl_url_set
CVE-2019-5436: tftp: Use the current blksize for recvfrom()
--config: Clarify that initial : and = might need quoting
AppVeyor: Enable testing for WinSSL build
CURLMOPT_TIMERFUNCTION.3: Warn about the recursive risk
CURLOPT_ADDRESS_SCOPE: Fix range check and more
CURLOPT_CAINFO.3: With Schannel, you want Windows 8 or later
CURLOPT_CHUNK_BGN_FUNCTION.3: Document the struct and time value
CURLOPT_READFUNCTION.3: See also CURLOPT_UPLOAD_BUFFERSIZE
CURL_MAX_INPUT_LENGTH: Largest acceptable string input size
Curl_disconnect: Treat all CONNECT_ONLY connections as "dead"
INTERNALS: Add code highlighting
OS400/ccsidcurl: Replace use of Curl_vsetopt
OpenSSL: Report -fips in version if OpenSSL is built with FIPS
README.md: Fix no-consecutive-blank-lines Codacy warning
VC15 project: Remove MinimalRebuild
- VS projects: Use Unicode for VC10+
WRITEFUNCTION: Add missing set_in_callback around callback
- altsvc: Fix building with cookies disabled
- auth: Rename the various authentication clean up functions
- base64: Build conditionally if there are users
build-openssl.bat: Fixed support for OpenSSL v1.1.0+
- build: Fix "clarify calculation precedence" warnings
checksrc.bat: Ignore snprintf warnings in docs/examples
- cirrus: Customize the disabled tests per FreeBSD version
cleanup: Remove FIXME and TODO comments
cmake: Avoid linking executable for some tests with cmake 3.6+
cmake: Clear CMAKE_REQUIRED_LIBRARIES after each use
cmake: Rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP
cmake: Set SSL_BACKENDS
configure: Avoid unportable '==' test(1) operator
configure: Error out if OpenSSL wasn't detected when asked for
configure: Fix default location for fish completions
- cookie: Guard against possible NULL pointer dereference
curl: Make code work with protocol-disabled libcurl
curl: Report error for "--no-" on non-boolean options
curl_easy_getinfo.3: Fix minor formatting mistake
curlver.h: Use parenthesis in CURL_VERSION_BITS macro
docs/BUG-BOUNTY: Bug bounty time
docs/INSTALL: Fix broken link
docs/RELEASE-PROCEDURE: Link to live iCalendar
- documentation: Fix several typos
doh: Acknowledge CURL_DISABLE_DOH
- doh: Disable DOH for the cases it doesn't work
- examples: Remove unused variables
- ftplistparser: Fix LGTM alert "Empty block without comment"
hostip: Acknowledge CURL_DISABLE_SHUFFLE_DNS
- http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
http: Acknowledge CURL_DISABLE_HTTP_AUTH
http: Mark bundle as not for multiuse on < HTTP/2 response
- http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
http_negotiate: Do not treat failure of gss_init_sec_context() as fatal
- http_ntlm: Corrected the name of the include guard
- http_ntlm_wb: Handle auth for only a single request
- http_ntlm_wb: Return the correct error on receiving an empty auth message
lib509: Add missing include for strdup
lib557: Initialize variables
makedebug: Fix ERRORLEVEL detection after running where.exe
- mbedtls: Enable use of EC keys
mime: Acknowledge CURL_DISABLE_MIME
multi: Improved HTTP_1_1_REQUIRED handling
netrc: Acknowledge CURL_DISABLE_NETRC
- nss: Allow fifos and character devices for certificates
- nss: Provide more specific error messages on failed init
ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
- ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
openssl: Mark connection for close on TLS close_notify
openvms: Remove pre-processor for SecureTransport
- openvms: Remove pre-processors for Windows
- parse_proxy: Use the URL parser API
parsedate: Disabled on CURL_DISABLE_PARSEDATE
- pingpong: Disable more when no pingpong protocols are enabled
polarssl_threadlock: Remove conditionally unused code
progress: Acknowledge CURL_DISABLE_PROGRESS_METER
proxy: Acknowledge DISABLE_PROXY more
resolve: Apply Happy Eyeballs philosophy to parallel c-ares queries
- revert "multi: Support verbose conncache closure handle"
sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
- sasl: Only enable if there's a protocol enabled using it
- scripts: Fix typos
- singleipconnect: Show port in the verbose "Trying ..." message
- smtp: Fix compiler warning
- socks5: User name and passwords must be shorter than 256
- socks: Fix error message
- socksd: New SOCKS 4+5 server for tests
spnego_gssapi: Fix return code on gss_init_sec_context() failure
- ssh-libssh: Remove unused variable
ssh: Define USE_SSH if SSH is enabled (any backend)
- ssh: Move variable declaration to where it's used
test1002: Correct the name
test2100: Fix typos in test description
tests/server/util: Fix Windows Unicode build
- tests: Run global cleanup at end of tests
- tests: Make Impacket (SMB server) Python 3 compatible
tool_cb_wrt: Fix bad-function-cast warning
tool_formparse: Remove redundant assignment
tool_help: Warn if curl and libcurl versions do not match
tool_help: include <strings.h> for strcasecmp
- transfer: Fix LGTM alert "Comparison is always true"
- travis: Add an osx http-only build
- travis: Allow builds on branches named "ci"
- travis: Install dependencies only when needed
- travis: Update some builds do Xenial
- travis: Updated mesalink builds
url: Always clone the CUROPT_CURLU handle
- url: Convert the zone id from a IPv6 URL to correct scope id
urlapi: Add CURLUPART_ZONEID to set and get
- urlapi: Increase supported scheme length to 40 bytes
- urlapi: Require a non-zero host name length when parsing URL
urlapi: Stricter CURLUPART_PORT parsing
- urlapi: Strip off zone id from numerical IPv6 addresses
- urlapi: urlencode characters above 0x7f correctly
vauth/cleartext: Update the PLAIN login to match RFC 4616
vauth/oauth2: Fix OAUTHBEARER token generation
vauth: Fix incorrect function description for Curl_auth_user_contains_domain
vtls: Fix potential ssl_buffer stack overflow
- wildcard: Disable from build when FTP isn't present
- winbuild: Support MultiSSL builds
- xattr: Skip unittest on unsupported platforms
Updated perl-Test-Spelling to 0.23 as per the Fedora version
Thursday 23rd May 2019
Fedora Project
Updated gtkwave to 3.3.101 in Rawhide:
Added gtkwave::getFacDir, gtkwave::getFacVtype and gtkwave::getFacDtype Tcl accessor functions, which operate similarly to gtkwave::getFacName
Pair $end with $dumpvars in VCD writers
Make %.16g printing in baseconvert.c more resistant to power of 10 roundoff errors
Remove register keyword where applicable as it is deprecated
Added --saveonexit gtkwave command line option
Updated perl-Perl-Critic to 1.134 in Rawhide:
- New Features
- Policy Changes
The policy Documentation::RequirePodLinksIncludeText is obsolete and has been removed (GH#494)
- Dependencies
- Internals
Updated the Appveyor config (GH#851)
Local Packages
Updated gtkwave to 3.3.101 as per the Fedora version
Updated perl-Module-CoreList to 5.20190522:
- Updated for v5.30.0
Updated perl-Perl-Critic to 1.134 as per the Fedora version
Updated perl-Pod-Simple to 3.36:
Added Pod::Simple::JustPod to extract the pod lines from a file
- Improved detection of input encoding CP1252 vs. UTF-8
Fixed =cut event out of order (GH#79)
Fixed verbatim_indent doesn't work on HTML (GH#85)
Fixed css files refer to themselves (GH#89)
Fixed broken RTF with Unicode inputs (GH#92)
Extended RTF to handle Unicode code points above 0xFFFF
Nested L<> is now flagged as an error
- Turned off negative repeat count does nothing warnings
- Fixed/improved some docs about this distribution
Friday 24th May 2019
Fedora Project
Updated perl-Test-Synopsis (0.15) in Rawhide to fix FTBFS with Test::Spelling 0.23 (Bug #1713565)
Local Packages
Updated perl-Test-Synopsis (0.15) as per the Fedora version
Saturday 25th May 2019
Local Packages
Updated perl-Devel-StackTrace to 2.04:
Add a partial workaround for "Bizarre copy" errors (GH#11) that come when attempting to look at arguments in the call stack; this is only a partial fix (GH#21) as there are cases that can lead to a SEGV - ultimately, this needs to be fixed in the Perl core (Perl RT#131046)
Updated perl-Module-CoreList to 5.20190524:
- Updated for v5.31.0
Updated perl-PPIx-Regexp to 0.065:
Quash undef error in __is_ppi_regexp_element() when passed a PPI::Token::Regexp::Transliterate
Support proper version for qr'\N{name}'
Until 5.29.10 this construction failed to parse because it did not interpolate, but PPIx::Regexp blithely ignored this detail
As of 5.29.10, something like m'\N{LATIN CAPITAL LETTER L}' matches identically to m'L', so I implemented introduction as of that version
Have explain() recognize Unicode property wildcards
Sunday 26th May 2019
Local Packages
Updated perl-XML-LibXML to 2.0201:
Set MIN_PERL_VERSION to 5.8.1
Alien::Libxml2 Makefile.PL clean-ups
Update the README for grammar and info
Link to XML-LibXML "by Example" (GH#36)
Tuesday 28th May 2019
Fedora Project
Updated perl-Test-Spelling to 0.24 in Rawhide:
- Fix up the prereqs somewhat
- Revert the unicode support added in the last release as it caused some test breakage
Updated perl-Test-Synopsis to 0.16 in Rawhide:
Fix test failures when version 0.23 of Test::Spelling is in use (GH#21)
Local Packages
Updated perl-Test-Spelling to 0.24 as per the Fedora version
Updated perl-Test-Synopsis to 0.16 as per the Fedora version
Wednesday 29th May 2019
Fedora Project
Updated perl-Test-Spelling to 0.25 in Rawhide:
- Re-worded the documentation
- Ordered documented functions in alphabetical order
- Fixed up the synopsis
- Put function usage examples directly below the function name; this makes it easier to get clickable links for functions in metacpan
Documented get_pod_parser
Moved hunspell up to the preferred checker
Local Packages
Updated perl-Test-Spelling to 0.25 as per the Fedora version
Thursday 30th May 2019
Local Packages
Updated curl (7.65.0) to fix spurious timeout events with speed-limit (Bug #1714893)
Updated perl-Text-Diff (1.45) to avoid all optional build requirements when bootstrapping
Cleaned up and rebuilt perl-Algorithm-Diff (1.1903)
Friday 31st May 2019
Local Packages
Updated perl-Pod-Simple to 3.38:
Removed some alien files that somehow got in the tar, including a copy of Pod::Escapes
Cleaned up and rebuilt perl-Algorithm-C3 (0.10), perl-Devel-CheckBin (0.04), perl-Eval-Closure (0.14), perl-ExtUtils-PkgConfig (1.16), perl-File-Slurp-Tiny (0.004) and perl-Task-Weaken (1.06)
Previous Month: April 2019
Next Month: June 2019