Saturday 1st February 2020
Fedora Project
Updated perl-Modern-Perl to 1.20200201 in F-30, F-31, Rawhide, EPEL-7 and EPEL-8:
Fix tests for Perl 5.32 (CPAN RT#131608)
- Update for 2020
Local Packages
Updated check (0.14.0) to disable tests on s390x
Updated perl-DBI to 1.643:
- Fix memory corruption in XS functions when Perl stack is reallocated
Fix calling dbd_db_do6 API function
Fix potentially calling newSV(0) in malloc_using_sv()
Fix order of XS preparse() ps_accept and ps_return argument names
Fix a potential NULL profile dereference in dbi_profile()
Fix a buffer overflow on an over-long DBD class name
Remove remnants of support for perl ≤ v5.8.0
Update Devel::PPPort and remove redundant compatibility macros
- Correct minor typo in documentation
Correct documentation introducing $dbh->selectall_array()
Introduce select and do wrappers earlier in the documentation
- Mark as deprecated old API functions that overflow or are affected by Unicode issues
Add new attribute RaiseWarn, similar to RaiseError
Sunday 2nd February 2020
Local Packages
Updated perl-Archive-Tar to 2.36:
Add xz support
Use 4 digit year in Time::Local call
Monday 3rd February 2020
Local Packages
Updated perl-Test2-Suite to 0.000129:
Improve error handling of mock->override with AUTOLOADed methods
Tuesday 4th February 2020
Fedora Project
Updated libpari23 (2.3.5) in Rawhide to fix the patch that enforces use of the distribution compilation flags to work with GCC 10
Updated proftpd (1.3.6b) in EPEL-8:
Fix API tests compile failure with GCC 10 (GH#886)
mod_sftp: When handling the 'keyboard-interactive' authentication mechanism, as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE, DISCONNECT and UNIMPLEMENTED messages, per RFC 4253 (ProFTPD Bug#4385)
Thursday 6th February 2020
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.19 in Rawhide:
Fix typed decode memory leak (GH#160)
Local Packages
Updated perl-Cpanel-JSON-XS to 4.19 as per the Fedora version
Rebuilt perl-IO-AIO (4.72), perl-MCE (1.865), perl-Net-DNS (1.21), perl-Object-HashBase (0.009), perl-Specio (0.45) and pptp (1.10.0) for the Fedora_32_Mass_Rebuild
Friday 7th February 2020
Fedora Project
Updated perl-parent to 0.238 in Rawhide:
Move the prerequisite Test::More from being a runtime prerequisite to a test time / build time prerequisite (GH#11)
Local Packages
Updated perl-parent to 0.238 as per the Fedora version
Saturday 8th February 2020
Local Packages
Updated perl-PPIx-Regexp to 0.069:
The PPIx::Regexp->new() 'parse' option is now fatal; this selected either string or regex parse (I consider the string parse a failed experiment and this is the latest step in removing it in favour of the PPIx::QuoteLike package)
Sunday 9th February 2020
Fedora Project
Updated perl-MCE to 1.866 in Rawhide:
Bug fix for restart_worker, race condition introduced in 1.863
RPM Fusion Project
Updated xv (3.10a) in Rawhide to fix FTBFS with GCC 10
Local Packages
Updated perl-MCE to 1.866 as per the Fedora version
Updated xv (3.10a) to fix FTBFS with GCC 10 as per the RPM Fusion version
Monday 10th February 2020
Fedora Project
Updated perl-Math-GMP to 2.20 in Rawhide:
Try to fix tests when using libgmp version 6.2.0 (CPAN RT#131718)
Tuesday 11th February 2020
Fedora Project
Updated perl-Modern-Perl to 1.20200211 in Rawhide:
Bash doesn't like !' in double quotes, so it stuck up for awk
Wednesday 12th February 2020
Local Packages
Updated schily to 2020.02.11, adding patch to fix FTBFS with GCC 10
Updated sendmail (8.15.2) to de-fuzzify the fix-covscan-issues patch
Rebuilt perl-DBI (1.643)
Thursday 13th February 2020
Fedora Project
Updated perl-Devel-Hide to 0.0011 in F-32 and Rawhide:
@INC hook should die directly (CPAN RT#120220)
Match core error more closely (CPAN RT#120221)
Add -quiet option to suppress some notices
Local Packages
Updated dovecot to 2.3.9.3:
Truncated UTF-8 could be used to DoS submission-login and lmtp processes (CVE-2020-7046)
Specially crafted mail could crash snippet generation (CVE-2020-7957)
Updated perl-Devel-Hide to 0.0011 as per the Fedora version
Updated python2-subversion to sync with subversion-1.12.2-7 in Rawhide
Friday 14th February 2020
Fedora Project
Updated gtkwave to 3.3.104 in F-32 and Rawhide:
Added support for loading .vf files (provided FSDB reader libraries are enabled)
Added support for dumping variable types in vcd saver, not just using "wire" for non-reals/strings
Fix for uninitialized values at time 0 for FST, FSDB loaders
Local Packages
Updated gtkwave to 3.3.104 as per the Fedora version
Updated perl-Compress-Raw-Lzma (2.093) and perl-IO-Compress-Lzma (2.093) to unbundle test dependencies
Updated perl-Net-DNS to 1.22:
Fix parse issue in Net::DNS::RR->token (CPAN RT#131579)
- Provide rudimentary decode and print for DSO packet
Saturday 15th February 2020
Fedora Project
Updated perl-IO-Socket-SSL to 2.067 in F-32 and Rawhide:
Fix memory leak on incomplete handshake (GH#92)
Add support for SSL_MODE_RELEASE_BUFFERS via SSL_mode_release_buffers; this can decrease memory usage at the costs of more allocations (CPAN RT#129463)
More detailed error messages when loading of certificate file failed (GH#89)
Fix for ip_in_cn == 6 in verify_hostname scheme (CPAN RT#131384)
Deal with new MODE_AUTO_RETRY default in OpenSSL 1.1.1
- Fix warning when no ecdh support is available
Documentation update regarding use of select and TLS 1.3
Stability fix for t/core.t
Local Packages
- Branched F-32 repository from the development branch
Updated libxml2 (2.9.10) to fix memory leak in xmlSchemaValidateStream (CVE-2019-20388) and to fix infinite loop in xmlStringLenDecodeEntities (CVE-2020-7595)
Updated perl-IO-Socket-SSL to 2.067 as per the Fedora version
Sunday 16th February 2020
Fedora Project
Updated perl-Devel-Hide to 0.0012 in F-32 and Rawhide:
Add -lexically argument to import() to support hiding modules just during the current scope
Updated perl-Text-CSV_XS to 1.41 in F-32 and Rawhide:
Update to Devel::PPPort-3.56
csv2xls uses sheetname as csv2xlsx
csv2xlsx: support images (each image gets its own tab)
- More docs (data validation)
- It's 2020
- No binary literals in fixed error messages
Fix auto_diag > 2 to die when headers are used (GH#19)
Local Packages
Updated perl-Devel-Hide to 0.0012 as per the Fedora version
Updated perl-Text-CSV_XS to 1.41 as per the Fedora version
Monday 17th February 2020
Fedora Project
Updated perl-Devel-Hide to 0.0013 in F-32 and Rawhide:
- Cope with changes to how the hints hash works in perl 5.31.7
Took orphaned packages perl-PerlIO-via-Timeout, perl-IO-Socket-Timeout, perl-Return-MultiLevel and perl-Compress-LZF
Cleaned up and rebuilt perl-Return-MultiLevel (0.05) in F-32 and Rawhide
Local Packages
Updated perl-Devel-Hide to 0.0013 as per the Fedora version
Updated python2-xapian to 1.4.14
Tuesday 18th February 2020
Local Packages
Updated perl-Convert-UUlib to 1.62:
Major performance improvement by simplifying code in _FP_gets to not use fscanf; this might slow things down on platforms with very slow fgetc
Lint uulib: fix some format string type mismatches and some other minor issues
Updated perl-Specio (0.45) to correct the license to be "Artistic 2.0 and (GPL+ or Artistic)"
Rebuilt python2-xapian to sync with xapian-bindings-1.4.14-3
Wednesday 19th February 2020
Fedora Project
Updated perl-Net-SSLeay (1.88) with some spec file clean-ups from Tom Stellard (PR#1)
Updated proftpd to 1.3.6c in F-30, F-31, F-32, Rawhide and EPEL-8:
Use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, GH#903)
Fix mod_tls compilation with LibreSSL 2.9.x (GH#810)
MaxClientsPerUser was not enforced for SFTP logins when mod_digest was enabled (GH#750)
mod_sftp now handles an OpenSSH-specific private key format; it detects such keys, and logs a hint about reformatting them to a supported format (GH#793)
Directory listing was slower compared to previous ProFTPD versions (GH#793)
mod_sftp crashed when using pubkey-auth with DSA keys (GH#866)
Fix improper handling of TLS CRL lookups (CVE-2019-19269, CVE-2019-19270, GH#859)
Leaking PAM handler and data in case of unsuccessful authentication (GH#870)
SSH authentication failed for many clients due to receiving of SSH_MSG_IGNORE packet (ProFTPD Bug#4385)
SFTP publickey authentication failed unexpectedly when user had no shadow password info. (GH#890)
ftpasswd failed to restore password file permissions in some cases (GH#898)
Out-of-bounds read in mod_cap getstateflags() function; this has been addressed by updating the bundled version of libcap (CVE-2020-9272, GH#902)
Note that the Fedora builds of ProFTPD uses the system version of libcap and not the bundled version, and are not vulnerable to this issue
Local Packages
Updated proftpd to 1.3.6c as per the Fedora version
Thursday 20th February 2020
Local Packages
Updated perl-Test-MockModule to 0.172.0:
Make sure we can redefine a function in 'main'
Updated perl-Type-Tiny to 1.010000:
Subclasses of Moose::Meta::TypeConstraint are now converted to the appropriate subclasses of Type::Tiny by Types::TypeTiny::to_TypeTiny, instead of always being converted to the base class; this improves inlining amongst other things
When types are declared by Type::Library's -declare import parameter, the temporary subs installed can now generate placeholder type constraints that allow the types to be used in recursive type definitions
Added: Type::Tiny::Enum now has an 'as_regexp' method
In some edge cases, the regexps used by Type::Tiny::Enum will now be slightly faster
- More tests for recursively defined type constraints
Added: Type::Params now supports 'head' and 'tail' options for 'compile', 'compile_named', and 'compile_named_oo'
Parameterized 'Ref' type constraint in Types::Standard now checks that its parameter is a known Perl ref type
Fix importing multiple type libraries into a type registry at once (CPAN RT#131744)
Type::Params on Perl older than 5.10 now uses its own B::perlstring implementation to quote strings instead of using B::cstring
Mention MooX::Pression in documentation
Fix typo in documentation of 'my_methods'
Correct documentation of slurpy with compile_named (CPAN RT#131720)
Friday 21st February 2020
Fedora Project
Updated proftpd (1.3.5e) in EPEL-7:
Fix compatibility with modern SFTP clients like FileZilla:
mod_sftp: When handling the 'keyboard-interactive' authentication mechanism, as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE, DISCONNECT and UNIMPLEMENTED messages, per RFC 4253 (ProFTPD Bug#4385)
Fix use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, GH#903)
Backported fix from https://github.com/proftpd/proftpd/commit/e845abc1
Updated proftpd (1.3.3g) in EPEL-6:
Fix use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, GH#903)
Backported fix from https://github.com/proftpd/proftpd/commit/e845abc1
Local Packages
Updated perl-Module-CoreList to 5.20200220:
- Updated for v5.31.9
Updated ppp to 2.4.8:
New pppd options have been added:
ifname, to set the name for the PPP interface device
defaultroute-metric, to set the metric for the default route
defaultroute6, to add an IPv6 default route (with nodefaultroute6 to prevent adding an IPv6 default route)
up_sdnotify, to have pppd notify systemd when the link is up
The rp-pppoe plugin has new options:
host-uniq, to set the Host-Uniq value to send
pppoe-padi-timeout, to set the timeout for discovery packets
pppoe-padi-attempts, to set the number of discovery attempts
Added the CLASS attribute in radius packets
- Sundry bug fixes
- Fixed warnings and issues found by static analysis
Added Submitting-patches.md
A patch was added to fix a buffer overflow in the eap_request and eap_response functions (CVE-2020-8597)
Monday 24th February 2020
Fedora Project
Updated geoipupdate to 4.2.2 in F-32 and Rawhide:
The major version of the module is now included at the end of the module path; previously, it was not possible to import the module in projects that were using Go modules (GH#81)
- A valid account ID and license key combination is now required for database downloads, so those configuration options are now required
The error handling when closing a local database file would previously ignore errors and, upon upgrading to 'github.com/pkg/errors' 0.9.0, would fail to ignore expected errors (GH#69, GH#70)
The RPM release was previously lacking the correct owner and group on files and directories: among other things, this caused the package to conflict with the 'GeoIP' package in CentOS 7 and 'GeoIP-GeoLite-data' in CentOS 8; the files are now owned by 'root' (GH#76)
Local Packages
Updated geoipupdate to 4.2.2 as per the Fedora version
Wednesday 26th February 2020
Fedora Project
Updated perl-Getopt-Long-Descriptive to 0.105 in F-32 and Rawhide:
one_of sub-options now get accessors
Local Packages
Dropped pptpconfig and libpng10 from F-33, EL-8 onwards as I'm retiring most of the ancient Gnome-1 stack both locally and in Fedora
Updated xv (3.10a) so that builds for Fedora 33 and RHEL 8 onwards use libpng rather than libpng10
Friday 28th February 2020
Local Packages
Updated libgpg-error to 1.37 (https://dev.gnupg.org/T4772)
Fix a build problem when using Gawk 5.0 (https://dev.gnupg.org/T4459)
Fix Bourne shell incompatibilities on Solaris (https://dev.gnupg.org/T4574)
Improve cross-compiling support (https://dev.gnupg.org/T4643)
On Windows, strerror_s is now used to emulate strerror_r (https://dev.gnupg.org/T4539)
- New error codes to map SQLite primary error codes
Now uses poll(2) instead of select(2) in gpgrt_poll if possible
Fix a bug in gpgrt_close (https://dev.gnupg.org/T4698)
Fix build problem under Cygwin (https://dev.gnupg.org/T4474)
- Fix a few minor portability bugs
New symbols: GPG_ERR_NO_KEYBOXD, GPG_ERR_KEYBOXD, GPG_ERR_NO_SERVICE, GPG_ERR_SERVICE, GPG_ERR_SQL_OK, GPG_ERR_SQL_ERROR, GPG_ERR_SQL_INTERNAL, GPG_ERR_SQL_PERM, GPG_ERR_SQL_ABORT, GPG_ERR_SQL_BUSY, GPG_ERR_SQL_LOCKED, GPG_ERR_SQL_NOMEM, GPG_ERR_SQL_READONLY, GPG_ERR_SQL_INTERRUPT, GPG_ERR_SQL_IOERR, GPG_ERR_SQL_CORRUPT, GPG_ERR_SQL_NOTFOUND, GPG_ERR_SQL_FULL, GPG_ERR_SQL_CANTOPEN, GPG_ERR_SQL_PROTOCOL, GPG_ERR_SQL_EMPTY, GPG_ERR_SQL_SCHEMA, GPG_ERR_SQL_TOOBIG, GPG_ERR_SQL_CONSTRAINT, GPG_ERR_SQL_MISMATCH, GPG_ERR_SQL_MISUSE, GPG_ERR_SQL_NOLFS, GPG_ERR_SQL_AUTH, GPG_ERR_SQL_FORMAT, GPG_ERR_SQL_RANGE, GPG_ERR_SQL_NOTADB, GPG_ERR_SQL_NOTICE, GPG_ERR_SQL_WARNING, GPG_ERR_SQL_ROW, GPG_ERR_SQL_DONE
Updated perl-PPIx-QuoteLike to 0.009:
Add new() argument index_locations, which causes locations to be indexed during the parse; this defaults based on whether a location argument was provided, and whether the string being parsed is a PPI::Element
Add method statement(), which returns the PPI statement containing the string element, or nothing if none
Add PPI::Element location methods, to wit: location(), column_number(), line_number(), logical_filename(), logical_line_number(), and visual_column_number()
Add PPIx::QuoteLike::Utils::is_ppi_quotelike_element(), which returns true if the argument is a PPI::Element of interest to us
All objects now have a variables() method inherited from PPIx::QuoteLike::Token, which returns nothing unless overridden; it was added to eliminate $elem->can( 'variables' ) ad-hocery
- Eliminate redirections in POD URL links
Updated perl-PPIx-Regexp to 0.070:
Add index_locations option to PPIx::Regexp->new(), which defaults to true if the regexp is specified as a PPI::Element object; the locations are consistent with the containing PPI::Document
Add methods location(), column_number(), line_number(), logical_filename(), logical_line_number(), and visual_column_number() to PPIx::Regexp::Element; all return undef if the locations could not be determined
Add method statement() to PPIx::Regexp::Element, which returns the PPI statement containing the regexp element, or nothing if none
Add method is_matcher() to PPIx::Regexp::Element, which classifies objects as to whether they actually match something in the target string; possible returns are true (they do), false but defined (they do not) and undef (no clue)
Add methods first_token() and last_token() to PPIx::Regexp::Node
Add methods next_token() and previous_token() to PPIx::Regexp::Element
Updated ppp (2.4.8) to use %{make_build} and %{_rundir} macros
Updated ppp (2.4.5 and 2.4.7) to fix buffer overflow in the eap_request and eap_response functions (CVE-2020-8597)
Previous Month: January 2020
Next Month: March 2020