Paul's Blog Entries for June 2019
Saturday 1st June 2019
Local Packages
Cleaned up and rebuilt perl-Data-OptList (0.110), perl-Data-Section-Simple (0.07), perl-Devel-Symdump (2.18) and perl-Hook-LexWrap (0.26)
Sunday 2nd June 2019
Fedora Project
Updated perl-Modern-Perl to 1.20190601 in Rawhide:
- Update for 2019
Reduce scope of lexical %dates (CPAN RT#128406)
Support 'perl -Modern::Perl=20xx' (CPAN RT#96319)
Local Packages
Updated dovecot (2.3.6) to disable gcc 9 stack reuse temporarily (tests fail with gcc 9 otherwise), and to use /run instead of /var/run (#1706372)
Cleaned up and rebuilt perl-CPAN-Changes (0.400002)
Monday 3rd June 2019
Fedora Project
Updated perl-SUPER to 1.20190531 in Rawhide:
Allow main->SUPER::... to work when SUPER.pm is loaded (GH#1)
Updated perltidy to 20190601 in Rawhide (see CHANGES.md for details)
Local Packages
Updated libxslt (1.1.32) to apply an extra patch to make it possible to co-install libxslt-devel.x86_64 and libxslt-devel.i686 (Bug #1467435)
Updated perl-Perl-Tidy to 20190601 as per the Fedora perltidy package
Updated perl-PPIx-QuoteLike to 0.007:
Prohibit interpolation inside \N{...}
Fix error message in eg/pqldump
Allow PPIx::QuoteLike::Utils::__variables() to take a PPI::Element (rather than PPI::Node), PPIx::Regexp::Element, PPIx::QuoteLike, or PPIx::QuoteLike::Token
Add eg/variables
Updated perl-SUPER to 1.20190531 as per the Fedora version
Updated perl-Test-TrailingSpace (0.0301) to avoid use of Test::Kwalitee::Extra, which is broken with Module::CPANTS::Analyse ≥ 1.00 (CPAN RT#128602)
Cleaned up and rebuilt perl-Class-Data-Inheritable (0.08), perl-Config-Tiny (2.23), perl-Data-Dump (1.23)
Tuesday 4th June 2019
Local Packages
Cleaned up and rebuilt perl-aliased (0.34), perl-Class-Method-Modifiers (2.12), perl-Data-Dumper-Names (0.03), perl-Env-Sanctify (1.12), perl-File-Find-Rule (0.34) and perl-File-Find-Rule-Perl (1.15)
Wednesday 5th June 2019
Local Packages
Updated curl to 7.65.1:
CURLOPT_LOW_SPEED_* repaired
NTLM: Reset proxy "multipass" state when CONNECT request is done
PolarSSL: Deprecate support step 1 - removed from configure
- appveyor: Add Visual Studio solution build
cmake: Check for if_nametoindex()
cmake: Support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
config-win32: Add support for if_nametoindex and getsockname
conncache: Remove the DEBUGASSERT on length check
- conncache: Make "bundles" per host name when doing proxy tunnels
curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version
curl_share_setopt.3: Improve wording
dump-header.d: Spell out that no headers == empty file
example/http2-download: Fix format specifier
- examples: Clean-ups and compiler warning fixes
http2: Stop drain from being permanently set
- http: Don't parse body-related headers in bodyless responses
- md4: Build correctly with openssl without MD4
md4: include the mbedtls config.h to get the MD4 info
- multi: Track users of a socket better
- nss: Allow to specify TLS 1.3 ciphers if supported by NSS
parse_proxy: Make sure portptr is initialized
parse_proxy: Use the IPv6 zone id if given
sectransp: Handle errSSLPeerAuthCompleted from SSLRead()
- singlesocket: Use separate variable for inner loop
- ssl: Update outdated "openssl-only" comments for supported backends
tests: Add HAProxy keywords
- tests: Add support to test against OpenSSH for Windows
tests: Make test 1420 and 1406 work with rtsp-disabled libcurl
- tls13-docs: Mention it is only for OpenSSL ≥ 1.1.1
tool_parse_cfg: Avoid 2 fopen() for WIN32
tool_setopt: For builds with disabled-proxy, skip all proxy setopts()
url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows
url: Fix bad feature-disable #ifdef
url: Use correct port in ConnectionExists()
- winbuild: Use two space indentation
Cleaned up and rebuilt perl-Child (0.013), perl-Data-Section (0.200007) and perl-File-Find-Object (0.3.2)
Thursday 6th June 2019
Local Packages
Cleaned up and rebuilt perl-AnyEvent-AIO (1.1), perl-AnyEvent-BDB (1.1), perl-Archive-Any-Lite (0.11), perl-autodie (2.29), perl-Class-Tiny (1.006), perl-Crypt-SmbHash (0.12), perl-Cwd-Guard (0.05), perl-Data-Tumbler (0.010), perl-Devel-CheckCompiler (0.07), perl-Devel-GlobalDestruction (0.14), perl-Dist-CheckConflicts (0.11) and perl-Import-Into (1.002005)
Friday 7th June 2019
Fedora Project
Updated python-crypto (2.6.1) to replace the user-space RNG with a thin wrapper to os.urandom, based on the same change in pycryptodome, which fixes compatibility with Python 3.8 (Bug #1718332)
Local Packages
Cleaned up and rebuilt perl-CPAN-DistnameInfo (0.12), perl-Exporter-Declare (0.114) and perl-File-ShareDir-ProjectDistDir (1.000009)
Saturday 8th June 2019
Local Packages
Cleaned up and rebuilt perl-Convert-BinHex (1.125), perl-Convert-TNEF (0.18)
Sunday 9th June 2019
Fedora Project
Updated golang-github-gofrs-flock (0.7.1) in Rawhide to conform to the newly-approved Go Packaging Guidelines
Local Packages
Cleaned up and rebuilt perl-Class-Singleton (1.5), perl-Const-Fast (0.014), perl-constant-boolean (0.02), perl-Data-Compare (1.25), perl-DateTime-Format-MySQL (0.06), perl-Declare-Constraints-Simple (0.03) and perl-File-MMagic (1.30)
Monday 10th June 2019
Fedora Version
Updated geoipupdate to 4.0.3 in Rawhide:
Update flock dependency from 'theckman/go-flock' to 'gofrs/flock' (GH#22)
- Switch to Go modules and update dependencies
- Fix version output on Ubuntu PPA and Homebrew releases
- I had to revert the switch to Go modules as our tooling isn't ready for that yet (tests don't recognize packaged dependencies)
Updated python-paramiko to 2.5.0 in F-30 and Rawhide:
- Add support for encrypt-then-MAC (ETM) schemes and two newer Diffie-Hellman group key exchange algorithms ('group14', using SHA256; and 'group16', using SHA512)
- Add support for Curve25519 key exchange
Raise Cryptography dependency requirement to version 2.5 (from 1.5) and update some deprecated uses of its API
Add support for the modern (as of Python 3.3) import location of 'MutableMapping' (used in host key management) to avoid the old location becoming deprecated in Python 3.8
Local Packages
Updated geoipupdate to 4.0.3 as per the Fedora version
Updated libxslt to 1.1.33 and added patch to address CVE-2019-11068 (Bug #1709698)
Cleaned up and rebuilt perl-Data-Visitor (0.30) and perl-Hash-Util-FieldHash-Compat (0.11)
Tuesday 11th June 2019
Fedora Project
Updated perl-Authen-Radius to 0.30 in Rawhide:
Fixed warning when NodeList parameter used without Host
Updated perl-Cpanel-JSON-XS to 4.12 in Rawhide:
Make encoder independent of Math::BigInt version (GH#140)
Rethrow error from eval_sv() and eval_pv() (GH#138, GH#139), e.g. when Math::BigInt/BigFloat fails
Fix encoding Inf and NaN from PV and NV slots to JSON_TYPE_INT (GH#137)
Fix memory corruption in sv_to_ivuv() function (GH#136)
Add new method ->require_types (GH#135)
Fix typed json encoder conversion from scalar's PV and NV slot to JSON_TYPE_INT (GH#133, GH#134)
Fix inconsistency with warnings in typed json encoder (GH#131)
Fix Perl 5.8.0 support (GH#130)
Fixed minor pod typo (GH#129)
Document invalid recursive callbacks or overloads (GH#128)
Cleaned up and rebuilt perl-Archive-Peek (0.35) in Rawhide
Local Packages
Updated perl-Cpanel-JSON-XS to 4.12 as per the Fedora version
Cleaned up and rebuilt perl-Archive-Peek (0.35) as per the Fedora version
Wednesday 12th June 2019
Local Packages
Updated perl-YAML-LibYAML to 0.79, unbundling libyaml where possible (Fedora ≥ 31):
- Support aliasing scalars resolved as null or booleans
Add YAML::XS::LibYAML::libyaml_version()
Support standard !!int/!!float tags instead of dying
Cleaned up and rebuilt perl-Carp-Fix-1_25 (1.000001) and perl-Class-Factory-Util (1.7)
Thursday 13th June 2019
Local Packages
Updated perl-Test-Taint to 1.08:
Fixed intermittent failures in the test suite (CPAN RT#119897)
Cleaned up and rebuilt perl-Devel-EnforceEncapsulation (0.51) and perl-Exception-Base (0.2501)
Friday 14th June 2019
Local Packages
Updated perl-XML-SAX to 1.02:
- Spelling fixes
- Add repo location to metadata
Reorganize module files under lib/XML
Regenerate MANIFEST using 'make manifest' to include missing test files
Clean up and rebuilt perl-ExtUtils-BuildRC (0.005)
Monday 17th June 2019
Fedora Project
Updated perl-Config-Tiny to 2.24 in Rawhide:
- Delete from caveats in documentation where it used to say:
- 'Config::Tiny will only recognize the first time an option is set in a config file. Any further attempts to set the same option later in the config file are ignored.'
- In reality the code uses the 2nd and subsequent values to overwrite earlier values
- Make this topic a new FAQ
Add corresponding test t/06.repeat.key.t
- Update POD to clarify trailing comment options
Add corresponding test t/07.trailing.comment.t
Romanize Gregory Kidrenko's name so Config::IniFiles does not get 'Wide char in print'
Move xt/pod.t to xt/author/pod.t
Adopt new repo structure: see http://savage.net.au/Ron/html/My.Workflow.for.Building.Distros.html
Move require 5.008001 from Tiny.pm into Makefile.PL
Local Packages
Updated perl-Config-Tiny to 2.24 as per the Fedora version
Wednesday 19th June 2019
Fedora Project
Updated perl-JSON-PP to 4.03 in Rawhide:
(Encode::)decode json_pp input properly by default (GH#47)
Local Packages
Updated perl-JSON-PP to 4.03 as per the Fedora version
Updated pptp (1.10.0) to use /run rather than /var/run (Bug #1722119)
Thursday 20th June 2019
Fedora Project
Updated libssh2 to 1.9.0 in Rawhide:
Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)
- Adds ECDSA keys and host key support when using OpenSSL
- Adds ED25519 key and host key support when using OpenSSL 1.1.1
- Adds OpenSSH style key file reading
- Adds AES CTR mode support when using WinCNG
Adds PEM passphrase protected file support for libgcrypt and WinCNG
- Adds SHA256 hostkey fingerprint
Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- Adds explicit zeroing of sensitive data in memory
- Adds additional bounds checks to network buffer reads
- Adds the ability to use the server default permissions when creating sftp directories
- Adds support for building with OpenSSL no engine flag
- Adds support for building with LibreSSL
- Increased sftp packet size to 256k
- Fixed oversized packet handling in sftp
- Fixed building with OpenSSL 1.1
Fixed a possible crash if sftp stat gets an unexpected response
- Fixed incorrect parsing of the KEX preference string value
- Fixed conditional RSA and AES-CTR support
- Fixed a small memory leak during the key exchange process
- Fixed a possible memory leak of the ssh banner string
- Fixed various small memory leaks in the backends
- Fixed possible out of bounds read when parsing public keys from the server
- Fixed possible out of bounds read when parsing invalid PEM files
- No longer null terminates the scp remote exec command
- Now handle errors when Diffie Hellman key pair generation fails
Fixed compiling on Windows with the flag STDCALL=ON
- Improved building instructions
- Improved unit tests
Local Packages
Updated libssh2 to 1.9.0 as per the Fedora version
Friday 21st June 2019
Local Packages
Updated perl-Module-CoreList to 5.20190620:
- Updated for v5.31.1
Saturday 22nd June 2019
Fedora Project
Updated perl-Authen-Radius to 0.31 in F-30 and Rawhide:
Fixed check_pwd() method when dictionaries are not loaded and attribute ID is used instead of Name
Updated perl-Mail-Mbox-MessageParser to 1.5111 to fix FTBFS with Test-Compile 2.0.0
Local Packages
Updated perl-Mail-Mbox-MessageParser to 1.5111 as per the Fedora version
Sunday 23rd June 2019
Fedora Project
Updated grepmail (5.3111) in Rawhide to fix FTBFS with Test::Compile 2.0.0
Local Packages
Updated grepmail (5.3111) as per the Fedora version
Updated perl-Net-SSLeay (1.88) not to define SSL_SESSION_up_ref unless we have OpenSSL 1.1.1 or later (workaround for IO-Socket-SSL test failures in Fedora 26)
Tuesday 25th June 2019
Local Packages
Updated perl-EV to 4.26:
(libev) Included experimental Linux aio backend
Allow the Linux aio backend to be used by default only when explicitly configured during Makefile.PL time
Wednesday 26th June 2019
Fedora Project
Updated perl-IO-Socket-SSL (2.066) in Rawhide:
PublicSuffix.pm is licensed MPLv2.0 (Bug #1724169)
Run-time openssl dependency should be on openssl-libs since Fedora 18
Local Packages
Updated perl-IO-Socket-SSL (2.066) as per the Fedora version
Thursday 27th June 2019
Fedora Project
Updated python-paramiko to 2.5.1 in Rawhide:
Local Packages
Updated perl-EV to 4.27:
(libev) Completely rewritten linuxaio back-end, may be usable as a general-use back-end
(libev) Use more aggressive assertions to catch more usage errors
Allow users to re-enable assert() in case it is disabled by perl (which is typically the case)
Saturday 29th June 2019
Fedora Project
Updated perl-JSON-PP to 4.04 in Rawhide:
Document indent_length option (GH#48)
Updated python-paramiko to 2.6.0 in Rawhide:
Add a new keyword argument to 'SSHClient.connect' and '~paramiko.transport.Transport', 'disabled_algorithms', which allows selectively disabling one or more kex/key/cipher/etc. algorithms; this can be useful when disabling algorithms your target server (or client) does not support cleanly, or to work around unpatched bugs in Paramiko's own implementation thereof (GH#1463)
Tweak many exception classes so their string representations are more human-friendly; this also includes incidental changes to some 'super()' calls (GH#1440, GH#1460)
Add backwards-compatible support for the 'gssapi' GSSAPI library, as the previous back-end ('python-gssapi') has become defunct (GH#584, GH#1166, GH#1311)
'SSHClient.exec_command' now returns a new subclass, '~paramiko.channel.ChannelStdinFile', rather than a naïve '~paramiko.channel.ChannelFile' object for its 'stdin' value, which fixes issues such as hangs when running remote commands that read from stdin (GH#322)
Local Packages
Updated perl-JSON-PP to 4.04 as per the Fedora version
Sunday 30th June 2019
Fedora Project
Updated perl-Finance-Quote to 1.48 in F-30 and Rawhide:
Alphavantage: Add a waiting mechanism to comply with alphavantage use terms
Alphavantage: Added support for several stock exchanges and currencies
Updated modules: Union, Deka, Indiamutual, ASX, Yahoojson, TSP, AEX, Fool
New modules: IEXTrading, MorningstarAU, MorningstarCH, IEXCloud
Yahoo: removed modules referring to yahoo API, which yahoo stopped
Bug fix: 'use of uninitialized value' returned by perl could make gnucash fail when more than 15 quotes were requested
Bug fix: MS Windows does not support %T in strftime call
Added new documentation files: Release.txt, Hackers-Guide, Modules-README.yml
We started moving known failing tests into TODO blocks
I also included by own patch to fix FTfunds (CPAN RT#129586)
Updated perl-Finance-Quote to 1.49 in Rawhide:
Alphavantage: Removed Time::HiRes dependency due to mswin32 not supporting clock_gettime calls