PaulHowarth/Blog/2019-05

Paul's Blog Entries for May 2019

Wednesday 1st May 2019

Local Packages

  • Updated dovecot (2.3):

    • Updated dovecot to 2.3.6:

      • CVE-2019-11494: Submission-login crashed with signal 11 due to null pointer access when authentication was aborted by disconnecting

      • CVE-2019-11499: Submission-login crashed when authentication was started over TLS secured channel and invalid authentication message was sent

      • auth: Support password grant with passdb oauth2

      • Use system default CAs for outbound TLS connections
      • Simplify array handling with new helper macros

      • fts_solr: Enable configuring batch_size and soft_commit features

      • lmtp/submission: Fixed various bugs in XCLIENT handling, including a hang when XCLIENT commands were sent infinitely to the remote server

      • lmtp/submission: Forwarded multi-line replies were erroneously sent as two replies to the client

      • lib-smtp: client: Message was not guaranteed to contain CRLF consistently when CHUNKING was used

      • fts_solr: Plugin was no longer compatible with Solr 7

      • Make it possible to disable certificate checking without setting ssl_client_ca_* settings

      • pop3c: SSL support was broken

      • mysql: Closing connection twice lead to crash on some systems
      • auth: Multiple oauth2 passdbs crashed auth process on deinit
      • HTTP client connection errors infrequently triggered a segmentation fault when the connection was idle and not used for a particular client instance

    • Updated pigeonhole to 0.5.6:

      • sieve: Redirect loop prevention is sometimes ineffective; improve existing loop detection by also recognizing the X-Sieve-Redirected-From header in incoming messages and dropping redirect actions when it points to the sending account (this header is already added by the redirect action, so this improvement only adds an additional use of this header)

      • sieve: Prevent execution of implicit keep upon temporary failure occurring at runtime

Friday 3rd May 2019

Fedora Project

  • Updated ORBit (0.5.17) in Rawhide to remove hardcoded gzip suffix from GNU info pages and adjust scriptlets accordingly

Local Packages

  • Updated ORBit (0.5.17) as per the Fedora version

Saturday 4th May 2019

Fedora Project

  • Updated perl-Apache-Session-Browseable to 1.3.1 in Rawhide:

    • Fix typo in Oracle.pm (GH#15)

    • Postgres: Ensure that returned @fields keep their original case (GH#17)

Wednesday 8th May 2019

Fedora Project

  • Updated perl-Array-Diff to 0.08 in Rawhide:

    • Switched to Dist::Zilla

    • Added version dependency for Algorithm::Diff in Array/Diff.pm

    • Added a bunch of entries to SEE ALSO

Local Packages

  • Updated nmap (7.70) to fix double free when ssh connection fails

  • Updated perl-Array-Diff to 0.08 as per the Fedora version

  • Updated perl-Test2-Suite to 0.000121:

    • Tracking for mocked methods
    • Include raw table in facet data when compare fails

Thursday 9th May 2019

Local Packages

  • Updated curl (7.64.1) not to treat failure of gss_init_sec_context() with --negotiate as fatal

Friday 10th May 2019

Fedora Project

  • Updated perl-Array-Diff to 0.09 in Rawhide:

    • Set minimum Perl version in metadata (GH#1)

    • Clarified in the documentation that the arrays must be sorted (CPAN RT#39184)

  • Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9905 in Rawhide:

    • Changed scan-perl-prereqs-nqlite to use only :bundled parsers by default

    • Added perl_minimum_version option

    • Added feature pragma arg parser

    • Added indented heredoc and <<$fh>> support

    • Fixed eval shortcut handling

    • Fixed parsers to treat several keywords as ops

    • Fixed various small parser issues (//, regexp after return, heredoc terminator, package version/block, when modifier etc.)

    • Renamed internal flags

Local Packages

  • Updated perl-Array-Diff to 0.09 as per the Fedora version

  • Updated perl-Perl-PrereqScanner-NotQuiteLite to 0.9905 as per the Fedora version

Saturday 11th May 2019

Fedora Project

  • Updated perl-Net-SSLeay to 1.88 in Rawhide:

  • Summary of major changes since version 1.85

    • Mike McCauley has stepped down as maintainer: the new maintainers are Chris Novakovic, Heikki Vatiainen and Tuure Vartiainen

    • The source code has moved from the now-defunct Debian Subversion server (alioth.debian.org) to GitHub

    • Net-SSLeay is provided under the terms of the Artistic License 2.0; this has been the case since version 1.66, but references to other licenses remained in the source code, causing ambiguity

    • Perl 5.8.1 or newer is now required to use Net-SSLeay; this has already been the case for some time in practice, as the test suite hasn't fully passed on Perl 5.6 for several years

    • Much-improved compatibility with OpenSSL 1.1.1, and improved support for TLS 1.3

    • Fixed a long-standing bug in cb_data_advanced_put() that caused memory leaks when callbacks were frequently added and removed

    • Support in the test suite for "hardened" OpenSSL configurations that set a default security level of 2 or higher (e.g., in the OpenSSL packages that ship with recent versions of Debian, Fedora and Ubuntu)

  • Updated perl-YAML to 1.29 in Rawhide:

    • Fix regex for alias to match the one for anchors (GH#214)

Local Packages

  • Updated perl-Net-SSLeay to 1.88 as per the Fedora version

  • Updated perl-YAML to 1.29 as per the Fedora version

Wednesday 15th May 2019

Fedora Project

  • Updated perl-Net-CIDR to 0.20 in EPEL-6 and EPEL-7 for better IPv6 supprt

  • Updated perl-PPI to 1.265 in Rawhide:

    • Simplified a code construct

Local Packages

  • Updated perl-PPI to 1.265 as per the Fedora version

Thursday 16th May 2019

Fedora Project

  • Updated perl-PPI to 1.268 in Rawhide:

    • Prevent heredoc terminator detection triggering regex errors

    • Make PPI::Test::Run more OS-agnostic

    • Fix a broken link in the pod
    • Small clean-ups

Local Packages

  • Updated perl-PPI to 1.268 as per the Fedora version

Sunday 19th May 2019

Fedora Project

  • Updated perl-PPI to 1.269 in Rawhide:

    • Many small documentation improvements

  • Updated perl-YAML-LibYAML to 0.78 in Rawhide:

    • Fix double free/core dump when Dump()ing binary data (GH#91)

    • Update config.h from libyaml

Local Packages

  • Updated perl-PPI to 1.269 as per the Fedora version

  • Updated perl-Test2-Suite to 0.000122:

    • Fix diag issues with ClassicCompare

  • Updated perl-YAML-LibYAML to 0.78 as per the Fedora version

Monday 20th May 2019

Local Packages

Tuesday 21st May 2019

Fedora Project

  • Updated perl-MailTools to 2.21 in Rawhide:

    • Fix metadata

    • Add more to the README

    • Add Mail::Mailer option StartSSL for smtp backend (CPAN RT#125871)

    • Deprecate Mail::Mailer backend smtps

    • Document need for escaping docs for Mail::Send (CPAN RT#129627)

    • Document limit on parameters for Mail::Send::new() (CPAN RT#129633)

Local Packages

  • Updated perl-MailTools to 2.21 as per the Fedora version

Wednesday 22nd May 2019

Fedora Project

  • Updated perl-Test-Spelling to 0.23 in Rawhide:

    • Fixed some documentation errors

    • Added unicode support (GH#10)

    • Bump Perl prereq to 5.8 now that we support unicode

    • Don't inherit from Exporter (GH#9)

    • Bump Exporter prereq to 5.57

Local Packages

  • Updated curl to 7.65.0:

    • CURLOPT_DNS_USE_GLOBAL_CACHE: removed

    • CURLOPT_MAXAGE_CONN: Set the maximum allowed age for connection reuse

    • pipelining: Removed

    • CVE-2019-5435: Integer overflows in curl_url_set

    • CVE-2019-5436: tftp: Use the current blksize for recvfrom()

    • --config: Clarify that initial : and = might need quoting

    • AppVeyor: Enable testing for WinSSL build

    • CURLMOPT_TIMERFUNCTION.3: Warn about the recursive risk

    • CURLOPT_ADDRESS_SCOPE: Fix range check and more

    • CURLOPT_CAINFO.3: With Schannel, you want Windows 8 or later

    • CURLOPT_CHUNK_BGN_FUNCTION.3: Document the struct and time value

    • CURLOPT_READFUNCTION.3: See also CURLOPT_UPLOAD_BUFFERSIZE

    • CURL_MAX_INPUT_LENGTH: Largest acceptable string input size

    • Curl_disconnect: Treat all CONNECT_ONLY connections as "dead"

    • INTERNALS: Add code highlighting

    • OS400/ccsidcurl: Replace use of Curl_vsetopt

    • OpenSSL: Report -fips in version if OpenSSL is built with FIPS

    • README.md: Fix no-consecutive-blank-lines Codacy warning

    • VC15 project: Remove MinimalRebuild

    • VS projects: Use Unicode for VC10+

    • WRITEFUNCTION: Add missing set_in_callback around callback

    • altsvc: Fix building with cookies disabled
    • auth: Rename the various authentication clean up functions
    • base64: Build conditionally if there are users

    • build-openssl.bat: Fixed support for OpenSSL v1.1.0+

    • build: Fix "clarify calculation precedence" warnings

    • checksrc.bat: Ignore snprintf warnings in docs/examples

    • cirrus: Customize the disabled tests per FreeBSD version

    • cleanup: Remove FIXME and TODO comments

    • cmake: Avoid linking executable for some tests with cmake 3.6+

    • cmake: Clear CMAKE_REQUIRED_LIBRARIES after each use

    • cmake: Rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP

    • cmake: Set SSL_BACKENDS

    • configure: Avoid unportable '==' test(1) operator

    • configure: Error out if OpenSSL wasn't detected when asked for

    • configure: Fix default location for fish completions

    • cookie: Guard against possible NULL pointer dereference

    • curl: Make code work with protocol-disabled libcurl

    • curl: Report error for "--no-" on non-boolean options

    • curl_easy_getinfo.3: Fix minor formatting mistake

    • curlver.h: Use parenthesis in CURL_VERSION_BITS macro

    • docs/BUG-BOUNTY: Bug bounty time

    • docs/INSTALL: Fix broken link

    • docs/RELEASE-PROCEDURE: Link to live iCalendar

    • documentation: Fix several typos

    • doh: Acknowledge CURL_DISABLE_DOH

    • doh: Disable DOH for the cases it doesn't work
    • examples: Remove unused variables
    • ftplistparser: Fix LGTM alert "Empty block without comment"

    • hostip: Acknowledge CURL_DISABLE_SHUFFLE_DNS

    • http: Ignore HTTP/2 prior knowledge setting for HTTP proxies

    • http: Acknowledge CURL_DISABLE_HTTP_AUTH

    • http: Mark bundle as not for multiuse on < HTTP/2 response

    • http_digest: Don't expose functions when HTTP and Crypto Auth are disabled

    • http_negotiate: Do not treat failure of gss_init_sec_context() as fatal

    • http_ntlm: Corrected the name of the include guard
    • http_ntlm_wb: Handle auth for only a single request
    • http_ntlm_wb: Return the correct error on receiving an empty auth message

    • lib509: Add missing include for strdup

    • lib557: Initialize variables

    • makedebug: Fix ERRORLEVEL detection after running where.exe

    • mbedtls: Enable use of EC keys

    • mime: Acknowledge CURL_DISABLE_MIME

    • multi: Improved HTTP_1_1_REQUIRED handling

    • netrc: Acknowledge CURL_DISABLE_NETRC

    • nss: Allow fifos and character devices for certificates
    • nss: Provide more specific error messages on failed init

    • ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup

    • ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4

    • openssl: Mark connection for close on TLS close_notify

    • openvms: Remove pre-processor for SecureTransport

    • openvms: Remove pre-processors for Windows
    • parse_proxy: Use the URL parser API

    • parsedate: Disabled on CURL_DISABLE_PARSEDATE

    • pingpong: Disable more when no pingpong protocols are enabled

    • polarssl_threadlock: Remove conditionally unused code

    • progress: Acknowledge CURL_DISABLE_PROGRESS_METER

    • proxy: Acknowledge DISABLE_PROXY more

    • resolve: Apply Happy Eyeballs philosophy to parallel c-ares queries

    • revert "multi: Support verbose conncache closure handle"

    • sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616

    • sasl: Only enable if there's a protocol enabled using it
    • scripts: Fix typos
    • singleipconnect: Show port in the verbose "Trying ..." message
    • smtp: Fix compiler warning
    • socks5: User name and passwords must be shorter than 256
    • socks: Fix error message
    • socksd: New SOCKS 4+5 server for tests

    • spnego_gssapi: Fix return code on gss_init_sec_context() failure

    • ssh-libssh: Remove unused variable

    • ssh: Define USE_SSH if SSH is enabled (any backend)

    • ssh: Move variable declaration to where it's used

    • test1002: Correct the name

    • test2100: Fix typos in test description

    • tests/server/util: Fix Windows Unicode build

    • tests: Run global cleanup at end of tests
    • tests: Make Impacket (SMB server) Python 3 compatible

    • tool_cb_wrt: Fix bad-function-cast warning

    • tool_formparse: Remove redundant assignment

    • tool_help: Warn if curl and libcurl versions do not match

    • tool_help: include <strings.h> for strcasecmp

    • transfer: Fix LGTM alert "Comparison is always true"
    • travis: Add an osx http-only build
    • travis: Allow builds on branches named "ci"
    • travis: Install dependencies only when needed
    • travis: Update some builds do Xenial
    • travis: Updated mesalink builds

    • url: Always clone the CUROPT_CURLU handle

    • url: Convert the zone id from a IPv6 URL to correct scope id

    • urlapi: Add CURLUPART_ZONEID to set and get

    • urlapi: Increase supported scheme length to 40 bytes
    • urlapi: Require a non-zero host name length when parsing URL

    • urlapi: Stricter CURLUPART_PORT parsing

    • urlapi: Strip off zone id from numerical IPv6 addresses
    • urlapi: urlencode characters above 0x7f correctly

    • vauth/cleartext: Update the PLAIN login to match RFC 4616

    • vauth/oauth2: Fix OAUTHBEARER token generation

    • vauth: Fix incorrect function description for Curl_auth_user_contains_domain

    • vtls: Fix potential ssl_buffer stack overflow

    • wildcard: Disable from build when FTP isn't present
    • winbuild: Support MultiSSL builds
    • xattr: Skip unittest on unsupported platforms

  • Updated perl-Test-Spelling to 0.23 as per the Fedora version

Thursday 23rd May 2019

Fedora Project

  • Updated gtkwave to 3.3.101 in Rawhide:

    • Added gtkwave::getFacDir, gtkwave::getFacVtype and gtkwave::getFacDtype Tcl accessor functions, which operate similarly to gtkwave::getFacName

    • Pair $end with $dumpvars in VCD writers

    • Make %.16g printing in baseconvert.c more resistant to power of 10 roundoff errors

    • Remove register keyword where applicable as it is deprecated

    • Added --saveonexit gtkwave command line option

  • Updated perl-Perl-Critic to 1.134 in Rawhide:

  • New Features

    • Added new policy BuiltinFunctions::ProhibitShiftRef (GH#837)

    • Support indented heredocs (GH#861)

    • In Subroutines::ProhibitManyArgs, you can now omit the object variable (C<$self> or C<$class>) from the argument count (GH#815)

  • Policy Changes

    • The policy Documentation::RequirePodLinksIncludeText is obsolete and has been removed (GH#494)

  • Dependencies

    • Removed use of File::HomeDir

    • Upgrade to PPI 1.265 (GH#860)

    • Fix failed tests caused by new PPI (GH#858)

  • Internals

    • Updated the Appveyor config (GH#851)

Local Packages

  • Updated gtkwave to 3.3.101 as per the Fedora version

  • Updated perl-Module-CoreList to 5.20190522:

    • Updated for v5.30.0

  • Updated perl-Perl-Critic to 1.134 as per the Fedora version

  • Updated perl-Pod-Simple to 3.36:

    • Added Pod::Simple::JustPod to extract the pod lines from a file

    • Improved detection of input encoding CP1252 vs. UTF-8

    • Fixed =cut event out of order (GH#79)

    • Fixed verbatim_indent doesn't work on HTML (GH#85)

    • Fixed css files refer to themselves (GH#89)

    • Fixed broken RTF with Unicode inputs (GH#92)

    • Extended RTF to handle Unicode code points above 0xFFFF

    • Nested L<> is now flagged as an error

    • Turned off negative repeat count does nothing warnings
    • Fixed/improved some docs about this distribution

Friday 24th May 2019

Fedora Project

  • Updated perl-Test-Synopsis (0.15) in Rawhide to fix FTBFS with Test::Spelling 0.23 (Bug #1713565)

Local Packages

  • Updated perl-Test-Synopsis (0.15) as per the Fedora version

Saturday 25th May 2019

Local Packages

  • Updated perl-Devel-StackTrace to 2.04:

    • Add a partial workaround for "Bizarre copy" errors (GH#11) that come when attempting to look at arguments in the call stack; this is only a partial fix (GH#21) as there are cases that can lead to a SEGV - ultimately, this needs to be fixed in the Perl core (Perl RT#131046)

  • Updated perl-Module-CoreList to 5.20190524:

    • Updated for v5.31.0

  • Updated perl-PPIx-Regexp to 0.065:

    • Quash undef error in __is_ppi_regexp_element() when passed a PPI::Token::Regexp::Transliterate

    • Support proper version for qr'\N{name}'

      • Until 5.29.10 this construction failed to parse because it did not interpolate, but PPIx::Regexp blithely ignored this detail

      • As of 5.29.10, something like m'\N{LATIN CAPITAL LETTER L}' matches identically to m'L', so I implemented introduction as of that version

    • Have explain() recognize Unicode property wildcards

Sunday 26th May 2019

Local Packages

  • Updated perl-XML-LibXML to 2.0201:

    • Set MIN_PERL_VERSION to 5.8.1

    • Alien::Libxml2 Makefile.PL clean-ups

    • Update the README for grammar and info

    • Link to XML-LibXML "by Example" (GH#36)

Tuesday 28th May 2019

Fedora Project

  • Updated perl-Test-Spelling to 0.24 in Rawhide:

    • Fix up the prereqs somewhat
    • Revert the unicode support added in the last release as it caused some test breakage

  • Updated perl-Test-Synopsis to 0.16 in Rawhide:

    • Fix test failures when version 0.23 of Test::Spelling is in use (GH#21)

Local Packages

  • Updated perl-Test-Spelling to 0.24 as per the Fedora version

  • Updated perl-Test-Synopsis to 0.16 as per the Fedora version

Wednesday 29th May 2019

Fedora Project

  • Updated perl-Test-Spelling to 0.25 in Rawhide:

    • Re-worded the documentation
    • Ordered documented functions in alphabetical order
    • Fixed up the synopsis
    • Put function usage examples directly below the function name; this makes it easier to get clickable links for functions in metacpan

    • Documented get_pod_parser

    • Moved hunspell up to the preferred checker

Local Packages

  • Updated perl-Test-Spelling to 0.25 as per the Fedora version

Thursday 30th May 2019

Local Packages

  • Updated curl (7.65.0) to fix spurious timeout events with speed-limit (Bug #1714893)

  • Updated perl-Text-Diff (1.45) to avoid all optional build requirements when bootstrapping

  • Cleaned up and rebuilt perl-Algorithm-Diff (1.1903)

Friday 31st May 2019

Local Packages

  • Updated perl-Pod-Simple to 3.38:

    • Removed some alien files that somehow got in the tar, including a copy of Pod::Escapes

  • Cleaned up and rebuilt perl-Algorithm-C3 (0.10), perl-Devel-CheckBin (0.04), perl-Eval-Closure (0.14), perl-ExtUtils-PkgConfig (1.16), perl-File-Slurp-Tiny (0.004) and perl-Task-Weaken (1.06)

Previous Month: April 2019
Next Month: June 2019

Recent