Paul's Blog Entries for June 2019

Saturday 1st June 2019

Local Packages

  • Cleaned up and rebuilt perl-Data-OptList (0.110), perl-Data-Section-Simple (0.07), perl-Devel-Symdump (2.18) and perl-Hook-LexWrap (0.26)

Sunday 2nd June 2019

Fedora Project

  • Updated perl-Modern-Perl to 1.20190601 in Rawhide:

Local Packages

  • Updated dovecot (2.3.6) to disable gcc 9 stack reuse temporarily (tests fail with gcc 9 otherwise), and to use /run instead of /var/run (#1706372)

  • Cleaned up and rebuilt perl-CPAN-Changes (0.400002)

Monday 3rd June 2019

Fedora Project

  • Updated perl-SUPER to 1.20190531 in Rawhide:

    • Allow main->SUPER::... to work when is loaded (GH#1)

  • Updated perltidy to 20190601 in Rawhide (see for details)

Local Packages

  • Updated libxslt (1.1.32) to apply an extra patch to make it possible to co-install libxslt-devel.x86_64 and libxslt-devel.i686 (Bug #1467435)

  • Updated perl-Perl-Tidy to 20190601 as per the Fedora perltidy package

  • Updated perl-PPIx-QuoteLike to 0.007:

    • Prohibit interpolation inside \N{...}

    • Fix error message in eg/pqldump

    • Allow PPIx::QuoteLike::Utils::__variables() to take a PPI::Element (rather than PPI::Node), PPIx::Regexp::Element, PPIx::QuoteLike, or PPIx::QuoteLike::Token

    • Add eg/variables

  • Updated perl-SUPER to 1.20190531 as per the Fedora version

  • Updated perl-Test-TrailingSpace (0.0301) to avoid use of Test::Kwalitee::Extra, which is broken with Module::CPANTS::Analyse ≥ 1.00 (CPAN RT#128602)

  • Cleaned up and rebuilt perl-Class-Data-Inheritable (0.08), perl-Config-Tiny (2.23), perl-Data-Dump (1.23)

Tuesday 4th June 2019

Local Packages

  • Cleaned up and rebuilt perl-aliased (0.34), perl-Class-Method-Modifiers (2.12), perl-Data-Dumper-Names (0.03), perl-Env-Sanctify (1.12), perl-File-Find-Rule (0.34) and perl-File-Find-Rule-Perl (1.15)

Wednesday 5th June 2019

Local Packages

  • Updated curl to 7.65.1:

    • CURLOPT_LOW_SPEED_* repaired

    • NTLM: Reset proxy "multipass" state when CONNECT request is done

    • PolarSSL: Deprecate support step 1 - removed from configure

    • appveyor: Add Visual Studio solution build
    • cmake: Check for if_nametoindex()

    • cmake: Support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables

    • config-win32: Add support for if_nametoindex and getsockname

    • conncache: Remove the DEBUGASSERT on length check

    • conncache: Make "bundles" per host name when doing proxy tunnels
    • curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version

    • curl_share_setopt.3: Improve wording

    • dump-header.d: Spell out that no headers == empty file

    • example/http2-download: Fix format specifier

    • examples: Clean-ups and compiler warning fixes
    • http2: Stop drain from being permanently set

    • http: Don't parse body-related headers in bodyless responses
    • md4: Build correctly with openssl without MD4
    • md4: include the mbedtls config.h to get the MD4 info

    • multi: Track users of a socket better
    • nss: Allow to specify TLS 1.3 ciphers if supported by NSS
    • parse_proxy: Make sure portptr is initialized

    • parse_proxy: Use the IPv6 zone id if given

    • sectransp: Handle errSSLPeerAuthCompleted from SSLRead()

    • singlesocket: Use separate variable for inner loop
    • ssl: Update outdated "openssl-only" comments for supported backends
    • tests: Add HAProxy keywords

    • tests: Add support to test against OpenSSH for Windows
    • tests: Make test 1420 and 1406 work with rtsp-disabled libcurl

    • tls13-docs: Mention it is only for OpenSSL ≥ 1.1.1
    • tool_parse_cfg: Avoid 2 fopen() for WIN32

    • tool_setopt: For builds with disabled-proxy, skip all proxy setopts()

    • url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows

    • url: Fix bad feature-disable #ifdef

    • url: Use correct port in ConnectionExists()

    • winbuild: Use two space indentation
  • Cleaned up and rebuilt perl-Child (0.013), perl-Data-Section (0.200007) and perl-File-Find-Object (0.3.2)

Thursday 6th June 2019

Local Packages

  • Cleaned up and rebuilt perl-AnyEvent-AIO (1.1), perl-AnyEvent-BDB (1.1), perl-Archive-Any-Lite (0.11), perl-autodie (2.29), perl-Class-Tiny (1.006), perl-Crypt-SmbHash (0.12), perl-Cwd-Guard (0.05), perl-Data-Tumbler (0.010), perl-Devel-CheckCompiler (0.07), perl-Devel-GlobalDestruction (0.14), perl-Dist-CheckConflicts (0.11) and perl-Import-Into (1.002005)

Friday 7th June 2019

Fedora Project

Local Packages

  • Cleaned up and rebuilt perl-CPAN-DistnameInfo (0.12), perl-Exporter-Declare (0.114) and perl-File-ShareDir-ProjectDistDir (1.000009)

Saturday 8th June 2019

Local Packages

  • Cleaned up and rebuilt perl-Convert-BinHex (1.125), perl-Convert-TNEF (0.18)

Sunday 9th June 2019

Fedora Project

Local Packages

  • Cleaned up and rebuilt perl-Class-Singleton (1.5), perl-Const-Fast (0.014), perl-constant-boolean (0.02), perl-Data-Compare (1.25), perl-DateTime-Format-MySQL (0.06), perl-Declare-Constraints-Simple (0.03) and perl-File-MMagic (1.30)

Monday 10th June 2019

Fedora Version

  • Updated geoipupdate to 4.0.3 in Rawhide:

    • Update flock dependency from 'theckman/go-flock' to 'gofrs/flock' (GH#22)

    • Switch to Go modules and update dependencies
    • Fix version output on Ubuntu PPA and Homebrew releases
  • I had to revert the switch to Go modules as our tooling isn't ready for that yet (tests don't recognize packaged dependencies)
  • Updated python-paramiko to 2.5.0 in F-30 and Rawhide:

    • Add support for encrypt-then-MAC (ETM) schemes and two newer Diffie-Hellman group key exchange algorithms ('group14', using SHA256; and 'group16', using SHA512)
    • Add support for Curve25519 key exchange
    • Raise Cryptography dependency requirement to version 2.5 (from 1.5) and update some deprecated uses of its API

    • Add support for the modern (as of Python 3.3) import location of 'MutableMapping' (used in host key management) to avoid the old location becoming deprecated in Python 3.8

Local Packages

  • Updated geoipupdate to 4.0.3 as per the Fedora version

  • Updated libxslt to 1.1.33 and added patch to address CVE-2019-11068 (Bug #1709698)

  • Cleaned up and rebuilt perl-Data-Visitor (0.30) and perl-Hash-Util-FieldHash-Compat (0.11)

Tuesday 11th June 2019

Fedora Project

  • Updated perl-Authen-Radius to 0.30 in Rawhide:

    • Fixed warning when NodeList parameter used without Host

  • Updated perl-Cpanel-JSON-XS to 4.12 in Rawhide:

    • Make encoder independent of Math::BigInt version (GH#140)

    • Rethrow error from eval_sv() and eval_pv() (GH#138, GH#139), e.g. when Math::BigInt/BigFloat fails

    • Fix encoding Inf and NaN from PV and NV slots to JSON_TYPE_INT (GH#137)

    • Fix memory corruption in sv_to_ivuv() function (GH#136)

    • Add new method ->require_types (GH#135)

    • Fix typed json encoder conversion from scalar's PV and NV slot to JSON_TYPE_INT (GH#133, GH#134)

    • Fix inconsistency with warnings in typed json encoder (GH#131)

    • Fix Perl 5.8.0 support (GH#130)

    • Fixed minor pod typo (GH#129)

    • Document invalid recursive callbacks or overloads (GH#128)

  • Cleaned up and rebuilt perl-Archive-Peek (0.35) in Rawhide

Local Packages

  • Updated perl-Cpanel-JSON-XS to 4.12 as per the Fedora version

  • Cleaned up and rebuilt perl-Archive-Peek (0.35) as per the Fedora version

Wednesday 12th June 2019

Local Packages

  • Updated perl-YAML-LibYAML to 0.79, unbundling libyaml where possible (Fedora ≥ 31):

    • Support aliasing scalars resolved as null or booleans
    • Add YAML::XS::LibYAML::libyaml_version()

    • Support standard !!int/!!float tags instead of dying

  • Cleaned up and rebuilt perl-Carp-Fix-1_25 (1.000001) and perl-Class-Factory-Util (1.7)

Thursday 13th June 2019

Local Packages

  • Updated perl-Test-Taint to 1.08:

  • Cleaned up and rebuilt perl-Devel-EnforceEncapsulation (0.51) and perl-Exception-Base (0.2501)

Friday 14th June 2019

Local Packages

  • Updated perl-XML-SAX to 1.02:

    • Spelling fixes
    • Add repo location to metadata
    • Reorganize module files under lib/XML

    • Regenerate MANIFEST using 'make manifest' to include missing test files

  • Clean up and rebuilt perl-ExtUtils-BuildRC (0.005)

Monday 17th June 2019

Fedora Project

  • Updated perl-Config-Tiny to 2.24 in Rawhide:

    • Delete from caveats in documentation where it used to say:
    • 'Config::Tiny will only recognize the first time an option is set in a config file. Any further attempts to set the same option later in the config file are ignored.'
    • In reality the code uses the 2nd and subsequent values to overwrite earlier values
    • Make this topic a new FAQ
    • Add corresponding test t/06.repeat.key.t

    • Update POD to clarify trailing comment options
    • Add corresponding test t/07.trailing.comment.t

    • Romanize Gregory Kidrenko's name so Config::IniFiles does not get 'Wide char in print'

    • Move xt/pod.t to xt/author/pod.t

    • Adopt new repo structure: see

    • Move require 5.008001 from into Makefile.PL

Local Packages

  • Updated perl-Config-Tiny to 2.24 as per the Fedora version

Wednesday 19th June 2019

Fedora Project

  • Updated perl-JSON-PP to 4.03 in Rawhide:

    • (Encode::)decode json_pp input properly by default (GH#47)

Local Packages

  • Updated perl-JSON-PP to 4.03 as per the Fedora version

  • Updated pptp (1.10.0) to use /run rather than /var/run (Bug #1722119)

Thursday 20th June 2019

Fedora Project

  • Updated libssh2 to 1.9.0 in Rawhide:

    • Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)

    • Adds ECDSA keys and host key support when using OpenSSL
    • Adds ED25519 key and host key support when using OpenSSL 1.1.1
    • Adds OpenSSH style key file reading
    • Adds AES CTR mode support when using WinCNG
    • Adds PEM passphrase protected file support for libgcrypt and WinCNG

    • Adds SHA256 hostkey fingerprint
    • Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()

    • Adds explicit zeroing of sensitive data in memory
    • Adds additional bounds checks to network buffer reads
    • Adds the ability to use the server default permissions when creating sftp directories
    • Adds support for building with OpenSSL no engine flag
    • Adds support for building with LibreSSL
    • Increased sftp packet size to 256k
    • Fixed oversized packet handling in sftp
    • Fixed building with OpenSSL 1.1
    • Fixed a possible crash if sftp stat gets an unexpected response

    • Fixed incorrect parsing of the KEX preference string value
    • Fixed conditional RSA and AES-CTR support
    • Fixed a small memory leak during the key exchange process
    • Fixed a possible memory leak of the ssh banner string
    • Fixed various small memory leaks in the backends
    • Fixed possible out of bounds read when parsing public keys from the server
    • Fixed possible out of bounds read when parsing invalid PEM files
    • No longer null terminates the scp remote exec command
    • Now handle errors when Diffie Hellman key pair generation fails
    • Fixed compiling on Windows with the flag STDCALL=ON

    • Improved building instructions
    • Improved unit tests

Local Packages

  • Updated libssh2 to 1.9.0 as per the Fedora version

Friday 21st June 2019

Local Packages

  • Updated perl-Module-CoreList to 5.20190620:

    • Updated for v5.31.1

Saturday 22nd June 2019

Fedora Project

  • Updated perl-Authen-Radius to 0.31 in F-30 and Rawhide:

    • Fixed check_pwd() method when dictionaries are not loaded and attribute ID is used instead of Name

  • Updated perl-Mail-Mbox-MessageParser to 1.5111 to fix FTBFS with Test-Compile 2.0.0

Local Packages

  • Updated perl-Mail-Mbox-MessageParser to 1.5111 as per the Fedora version

Sunday 23rd June 2019

Fedora Project

  • Updated grepmail (5.3111) in Rawhide to fix FTBFS with Test::Compile 2.0.0

Local Packages

  • Updated grepmail (5.3111) as per the Fedora version

  • Updated perl-Net-SSLeay (1.88) not to define SSL_SESSION_up_ref unless we have OpenSSL 1.1.1 or later (workaround for IO-Socket-SSL test failures in Fedora 26)

Tuesday 25th June 2019

Local Packages

  • Updated perl-EV to 4.26:

    • (libev) Included experimental Linux aio backend

    • Allow the Linux aio backend to be used by default only when explicitly configured during Makefile.PL time

Wednesday 26th June 2019

Fedora Project

  • Updated perl-IO-Socket-SSL (2.066) in Rawhide:

    • is licensed MPLv2.0 (Bug #1724169)

    • Run-time openssl dependency should be on openssl-libs since Fedora 18

Local Packages

  • Updated perl-IO-Socket-SSL (2.066) as per the Fedora version

Thursday 27th June 2019

Fedora Project

  • Updated python-paramiko to 2.5.1 in Rawhide:

    • Fix Ed25519 key handling so certain key comment lengths don't cause 'SSHException("Invalid key")' (GH#1306, GH#1400)

Local Packages

  • Updated perl-EV to 4.27:

    • (libev) Completely rewritten linuxaio back-end, may be usable as a general-use back-end

    • (libev) Use more aggressive assertions to catch more usage errors

    • Allow users to re-enable assert() in case it is disabled by perl (which is typically the case)

Saturday 29th June 2019

Fedora Project

  • Updated perl-JSON-PP to 4.04 in Rawhide:

    • Document indent_length option (GH#48)

  • Updated python-paramiko to 2.6.0 in Rawhide:

    • Add a new keyword argument to 'SSHClient.connect' and '~paramiko.transport.Transport', 'disabled_algorithms', which allows selectively disabling one or more kex/key/cipher/etc. algorithms; this can be useful when disabling algorithms your target server (or client) does not support cleanly, or to work around unpatched bugs in Paramiko's own implementation thereof (GH#1463)

    • Tweak many exception classes so their string representations are more human-friendly; this also includes incidental changes to some 'super()' calls (GH#1440, GH#1460)

    • Add backwards-compatible support for the 'gssapi' GSSAPI library, as the previous back-end ('python-gssapi') has become defunct (GH#584, GH#1166, GH#1311)

    • 'SSHClient.exec_command' now returns a new subclass, '', rather than a naïve '' object for its 'stdin' value, which fixes issues such as hangs when running remote commands that read from stdin (GH#322)

Local Packages

  • Updated perl-JSON-PP to 4.04 as per the Fedora version

Sunday 30th June 2019

Fedora Project

  • Updated perl-Finance-Quote to 1.48 in F-30 and Rawhide:

    • Alphavantage: Add a waiting mechanism to comply with alphavantage use terms

    • Alphavantage: Added support for several stock exchanges and currencies

    • Updated modules: Union, Deka, Indiamutual, ASX, Yahoojson, TSP, AEX, Fool

    • New modules: IEXTrading, MorningstarAU, MorningstarCH, IEXCloud

    • Yahoo: removed modules referring to yahoo API, which yahoo stopped

    • Bug fix: 'use of uninitialized value' returned by perl could make gnucash fail when more than 15 quotes were requested

    • Bug fix: MS Windows does not support %T in strftime call

    • Added new documentation files: Release.txt, Hackers-Guide, Modules-README.yml

    • We started moving known failing tests into TODO blocks

  • I also included by own patch to fix FTfunds (CPAN RT#129586)

  • Updated perl-Finance-Quote to 1.49 in Rawhide:

    • Alphavantage: Removed Time::HiRes dependency due to mswin32 not supporting clock_gettime calls

Previous Month: May 2019
Next Month: July 2019