Paul's Blog Entries for August 2020
Saturday 1st August 2020
Fedora Project
Updated perl-Compress-Raw-Bzip2 to 2.096 in Rawhide (no changes)
Updated perl-Compress-Raw-Lzma to 2.096 in Rawhide (no changes)
Updated perl-Compress-Raw-Zlib to 2.096 in Rawhide (no changes)
Updated perl-IO-Compress to 2.096 in Rawhide:
Add Zip support for Zstd
Add support for Zip/Unzip with XZ compression
Updated perl-IO-Compress-Lzma to 2.096:
Add test for Zip with XZ compression
Local Packages
Updated perl-Compress-Raw-Bzip2 to 2.096 as per the Fedora version
Updated perl-Compress-Raw-Lzma to 2.096 as per the Fedora version
Updated perl-Compress-Raw-Zlib to 2.096 as per the Fedora version
Updated perl-IO-Compress to 2.096 as per the Fedora version
Updated perl-IO-Compress-Lzma to 2.096 as per the Fedora version
Sunday 2nd August 2020
Fedora Project
Updated perl-MCE to 1.873 in Rawhide:
Removed unused variable in MCE::Mutex::Channel
Updated perl-MCE-Shared to 1.873 in Rawhide:
Resolved construction MCE::Shared->share hanging when specifying a module that does not exist
Local Packages
Rebuilt check (1.15.1), perl-DBI (1.643), perl-Object-HashBase (0.009), pptp (1.10.0) for the Fedora_33_Mass_Rebuild
Updated perl-MCE to 1.873 as per the Fedora version
Updated perl-MCE-Shared to 1.873 as per the Fedora version
Rebuilt python2-xapian (1.4.14) to sync with xapian-bindings-1.4.14-5 in Rawhide
Monday 3rd August 2020
Fedora Project
Updated perl-Data-Visitor to 0.31 in Rawhide:
Updated distribution tooling (resolves CPAN RT#133059, a problem with the compilation test when the installed perl has whitespace in its path)
Local Packages
Updated perl-Data-Visitor to 0.31 as per the Fedora version
Tuesday 4th August 2020
Local Packages
Updated check (0.15.1) to add an extra NULL argument to the deprecated fail* macros (https://github.com/libcheck/check/commit/82540c54)
Updated libmetalink (0.1.3) to fix null pointer dereference in initial_state_start_fun (Upstream Bug #1888672, RH BZ#1860976)
Wednesday 5th August 2020
Local Packages
Thursday 6th August 2020
Local Packages
Updated curl (7.71.1) to fix the CURLOPT_NOBODY syntax for referring to options
Friday 7th August 2020
Local Packages
Updated davfs2 to 1.6.0:
davfs2 no longer supports the use of the Coda kernel file system (it would have required some changes); the fuse kernel file system is better suited anyway and is part of the official Linux kernel for many years now, so Coda is no longer required
The Neon library from version 0.31 on has a workaround for some XML bugs of SharePoint concerning file names; option "sharepoint_href_bug 1" will activate this workaround
- Some bug fixes
Updated perl-Net-DNS to 1.26:
Add HTTPS/SVCB packages
Fix EDNS OPT handling (CPAN RT#132921)
Updated perl-Test-Simple to 1.302177:
Fix Test::More's $TODO inside intercept (GH#862)
- Minor fix to author downstream test
Updated perl-Test2-Suite to 0.000132:
Fix the grabber tool to inherit Test::Builder $TODO functionality
Fix minimum Test2 version
Sunday 9th August 2020
Fedora Project
Updated gtkwave to 3.3.106 in Rawhide:
- Fix Shift-Up/Down highlight to traverse inside groups
Resync ghwlib to handle unbounded array
Local Packages
Updated gtkwave to 3.3.106 as per the Fedora version
Updated perl-Type-Tiny to 1.010003:
ClassName type constraint should treat empty @ISA as if no @ISA were defined, like Type::Tiny::XS (CPAN RT#132583)
Fix for Type::Tiny->can called as a class method (GH#57)
Fix predeclared types in Type::Library (GH#58)
Document some edge cases for Types::Standard Int (CPAN RT#132754)
Monday 10th August 2020
Fedora Project
Updated perl-DateTime-Format-Builder to 0.83 in Rawhide:
Switched to GitHub issues
Updated perl-Test-Fatal to 0.016 in Rawhide:
- Add default descriptions to tests
Work on ancient Test::Builder code
Local Packages
Updated check to 0.15.2 (see NEWS for details)
Updated perl-DateTime-Format-Builder to 0.83 as per the Fedora version
Updated perl-Test-Fatal to 0.016 as per the Fedora version
Tuesday 11th August 2020
Fedora Project
Updated perl-MetaCPAN-Client to 2.027000 in Rawhide:
Local Packages
Updated perl-MetaCPAN-Client to 2.027000 as per the Fedora version
Wednesday 12th August 2020
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.20 in F-33 and Rawhide:
New feature: sort tied hashes with canonical (GH#167)
Fix encode of threads::shared boolean (GH#166); this was broken with 4.00
Fix some stringify overload cases via convert_blessed (GH#105)
Fix a compat case with JSON::XS, when convert_blessed is set, but allow_blessed not (GH#105)
Improve blessed and stringify tests
Work on better inf/nan detection on AIX (GH#165)
Fix documentation for booleans and their types (GH#162)
Updated perl-MetaCPAN-Client (2.027000) in F-33 and Rawhide to package fav.pl as documentation rather than as a module
Local Packages
Updated perl-Cpanel-JSON-XS to 4.20 as per the Fedora version
Updated perl-MetaCPAN-Client (2.027000) as per the Fedora version
Updated schily to 2020.08.12
Thursday 13th August 2020
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.21 in F-33 and Rawhide:
Fix not enough HEK memory allocation for the new canonical tied hashes feature (GH#168)
TODO broken JSON::PP::Boolean versions 2.9x-4.0 with threads::shared in 125_shared_boolean.t
Local Packages
Updated perl-Cpanel-JSON-XS to 4.21 as per the Fedora version
Sunday 16th August 2020
Local Packages
- Created repository for Fedora 33, branched from Rawhide
Updated dovecot:
Updated dovecot to 2.3.11.3:
CVE-2020-12100: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory
CVE-2020-12673: Dovecot's NTLM implementation did not correctly check message buffer size, which lead to reading past allocation, which could lead to crash
CVE-2020-10967: lmtp/submission: Issuing the RCPT command with an address that has the empty quoted string as local-part caused the lmtp service to crash
CVE-2020-12674: Dovecot's RPA mechanism implementation accepted zero-length messages, which lead to assert-crashes later on
Events: Fix inconsistency in events (see event documentation at https://doc.dovecot.org/)
imap_command_finished event's cmd_name field now contains "unknown" for unknown commands; a new "cmd_input_name" field contains the command name exactly as it was sent
lib-index: Renamed mail_cache_compress_* settings to mail_cache_purge_*; note that these settings are mainly intended for testing and usually shouldn't be changed
- Events: Renamed "index" event category to "mail-index"
Events: service:<name> category is now using the name from configuration file
dns-client: service dns_client was renamed to dns-client
log: Prefixes generally use the service name from configuration file; for example, dict-async service will now use "dict-async(pid): " log prefix instead of "dict(pid): "
*-login: Changed logging done by proxying to use a consistent prefix containing the IP address and port
*-login: Changed disconnection log messages to be slightly clearer
- dict: Add events for dictionaries
lib-index: Finish logging with events
oauth2: Support local validation of JWT tokens
stats: Add support for dynamic histograms and grouping (see https://doc.dovecot.org/configuration_manual/stats/)
imap: Implement RFC 8514: IMAP SAVEDATE
lib-index: If a long-running transaction (e.g. SORT/FETCH on a huge folder) adds a lot of data to dovecot.index.cache file, commit those changes periodically to make them visible to other concurrent sessions as well
stats: Add OpenMetrics exporter for statistics (see https://doc.dovecot.org/configuration_manual/stats/openmetrics/)
stats: Support disabling stats-writer socket by setting stats_writer_socket_path=""
auth-worker: Process keeps slowly increasing its memory usage and eventually dies with "out of memory" due to reaching vsz_limit
auth: Prevent potential timing attacks in authentication secret comparisons: OAUTH2 JWT-token HMAC, imap-urlauth token, crypt() result
- auth: Several auth-mechanisms allowed input to be truncated by NUL, which can potentially lead to unintentional issues or even successful logins that should have failed
auth: When auth policy returned a delay, auth_request_finished event had policy_result=ok field instead of policy_result=delayed
auth: auth process crash when auth_policy_server_url is set to an invalid URL
dict-ldap: Crash occurs if var_expand template expansion fails
dict: If dict client disconnected while iteration was still running, dict process could have started using 100% CPU, although it was still handling clients
doveadm: Running doveadm commands via proxying may hang, especially when doveadm is printing a lot of output
imap: "MOVE * destfolder" goes to a loop copying the last mail to the destination until the imap process dies due to running out of memory
imap: Running "UID MOVE 1:* Trash" on an empty folder goes to infinite loop
imap: SEARCH doesn't support $
lib-compress: Buffer over-read in zlib stream read
lib-dns: If DNS lookup times out, lib-dns can cause crash in calling process
lib-index: Fixed several bugs in dovecot.index.cache handling that could have caused cached data to be lost
lib-index: Writing to ≥1 GB dovecot.index.cache files may cause assert-crashes
lib-ssl-iostream: Fix buggy OpenSSL error handling without assert-crashing; if there is no error available, log it as an error instead of crashing
lib-ssl-iostream: ssl_key_password setting did not work
Submission: A segfault crash may occur when the client or server disconnects while a non-transaction command like NOOP or VRFY is still being processed
virtual: Copying/moving mails with IMAP into a virtual folder assert-crashes
auth: Lua passdb/userdb leaks stack elements per call, eventually causing the stack to become too deep and crashing the auth or auth-worker process
lib-mail: v2.3.11 regression: MIME parts not returned correctly by Dovecot MIME parser
pop3-login: Login would fail with "Input buffer full" if the initial response for SASL was too long
pop3-login: Login didn't handle commands in multiple IP packets properly; this mainly affected large XCLIENT commands or a large SASL initial response parameter in the AUTH command
pop3: pop3_deleted_flag setting was broken, causing assert-crash
Updated pigeonhole to 0.5.11:
managesieve: managesieve_max_line_length setting is now a "size" type instead of just number of bytes; this allows using e.g. "64k" as the value
lib-sieve: When folding white space is used in the Message-ID header, it is not stripped away correctly before the message ID value is used, causing e.g. garbled log lines at delivery
I added a patch to fix test failures on 32-bit systems (GH#134)
Monday 17th August 2020
Fedora Project
Updated perl-Return-MultiLevel (0.05) in F-33 and Rawhide to fix compatibility with Test::Fatal ≥ 0.016 (GH#1)
Local Packages
Updated perl-Importer to 0.026:
Work with strict on by default
Updated perl-Test2-Suite to 0.000135:
- Add summary of missing/extra elements in compare diagnostics
Updated python-bcrypt to 3.2.0, dropping python2 sub-package (Python 2 no longer supported)
- Added typehints for library functions
- Dropped support for Python versions less than 3.6 (2.7, 3.4, 3.5)
Shipped 'abi3' Windows wheels (requires pip ≥ 20)
New package python2-bcrypt (3.1.7)
- Last version supporting Python 2
Tuesday 18th August 2020
Local Packages
Updated perl-Type-Tiny to 1.010004:
Fix XSifying Enum[] where the strings contain certain non-word characters (Type::Tiny::XS GH#12, Type::Tiny::XS GH#59)
Type::Params compile_named using both the head and named_to_list options would cause compilation error (CPAN RT#132419)
Work around CPAN RT#121957 by avoiding attempting to XSify Enum type constraints with more than 50 possible strings
Link to HTTPS version of Type::Tiny web page
Wednesday 19th August 2020
Fedora Project
Updated perl-MCE to 1.874 in F-33 and Rawhide:
Improved MCE->yield when used together with MCE::Relay
Local Packages
Updated curl to 7.72.0:
content_encoding: Add zstd decoding support
CURL_PUSH_ERROROUT: Allow the push callback to fail the parent stream
CURLINFO_EFFECTIVE_METHOD: Added
CVE-2020-8231: libcurl: Wrong connect-only connection
appveyor: Collect libcurl.dll variants with prefix or suffix
- asyn-ares: Correct some bad comments
- bearssl: Fix build with disabled proxy support
buildconf: Avoid array concatenation in die()
buildconf: Retire ares buildconf invocation
checksrc: Ban gmtime/localtime
checksrc: Invoke script with -D to find .checksrc proper
CI/azure: Install libssh2 for use with msys2-based builds
- CI/azure: Unconditionally enable warnings-as-errors with autotools
- CI/macos: Enable warnings as errors for CMake builds
- CI/macos: Set minimum macOS version
- CI/macos: Unconditionally enable warnings-as-errors with autotools
CI: Add muse CI analyzer
cirrus-ci: Upgrade 11-STABLE to 11.4
CMake: Don't complain about missing nroff
- CMake: Fix test for warning suppressions
- CMake: Fix Windows XP build
configure.ac: Sort features name in summary
configure: Allow disabling warnings
configure: Clean up wolfssl + pkg-config conflicts when cross-compiling
configure: Show zstd "no" in summary when built without it
connect: Remove redundant message about connect failure
curl-config: Ignore REQUIRE_LIB_DEPS in --libs output
curl.1: Add a few missing valid exit codes
curl: Add %{method} to the -w variables
curl: Improve the existing file check with -J
curl_multi_setopt: Fix compiler warning "result is always false"
curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
CURLINFO_CERTINFO.3: Fix typo
CURLOPT_NOBODY.3: Clarify what setting to 0 means
docs: Add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
docs: Add video link to docs/CONTRIBUTE.md
- docs: Change "web site" to "website"
docs: Clarify MAX_SEND/RECV_SPEED functionality
- docs: Update a few leftover mentions of DarwinSSL
- doh: Remove redundant cast
file2memory: Use a define instead of -1 unsigned value
ftp: Don't do ssl_shutdown instead of ssl_close
ftpserver: Don't verify SMTP MAIL FROM names
getinfo: Reset retry-after value in initinfo
gnutls: Repair the build with 'CURL_DISABLE_PROXY'
- gtls: Survive not being able to get name/issuer
- h2: Repair trailer handling
- http2: Close the http2 connection when no more requests may be sent
http2: Fix nghttp2_strerror → nghttp2_http2_strerror in debug messages
libssh2: s/ssherr/sftperr/
libtest/Makefile.am: Add -no-undefined for libstubgss for Cygwin
md(4|5): Don't use deprecated macOS functions
mprintf: Fix dollar string handling
mprintf: Fix stack overflows
multi: Condition 'extrawait' is always true
multi: Remove 10-year old commented-out code
multi: Remove two checks always true
multi: Update comment to say easyp list is linear
multi_remove_handle: Close unused connect-only connections
ngtcp2: Adapt to error code rename
ngtcp2: Adjust to recent sockaddr updates
ngtcp2: Update to modified qlog callback prototype
- nss: Fix build with disabled proxy support
ntlm: free target_info before (re-)malloc
openssl: Fix build with LibreSSL < 2.9.1
page-header: Provide protocol details in the curl.1 man page
- quiche: Handle calling disconnect twice
runtests.pl: Treat LibreSSL and BoringSSL as OpenSSL
runtests: Move the gnutls-serv tests to a dynamic port
runtests: Move the smbserver to use a dynamic port number
runtests: Move the telnet server to a dynamic port
runtests: Run the dict server on a random port number
runtests: Run the http2 tests on a random port number
runtests: Support dynamically base64 encoded sections in tests
setopt: Unset NOBODY switches to GET if still HEAD
smtp_parse_address: Handle blank input string properly
socks: Use size_t for size variable
strdup: Remove the odd strlen check
test1119: Verify stdout in the test
test1139: Make it display the difference on test failures
test1140: Compare stdout
test1908: Treat file as text
tests/FILEFORMAT.md: Mention %HTTP2PORT
tests/sshserver.pl: Fix compatibility with OpenSSH for Windows
- TLS naming: Fix more Winssl and Darwinssl leftovers
tls-max.d: This option is only for TLS-using connections
tlsv1.3.d. Only for TLS-using connections
tool_doswin: Simplify Windows version detection
tool_getparam: Make --krb option work again
TrackMemory tests: Ignore realloc and free in getenv.c
transfer: Fix data_pending for builds with both h2 and h3 enabled
transfer: Fix memory-leak with CURLOPT_CURLU in a duped handle
transfer: Move retrycount from connect struct to easy handle
travis/script.sh: Fix use of '-n' with unquoted envvar
travis: Add ppc64le and s390x builds
travis: Update quiche builds for new boringssl layout
url: Fix CURLU and location following
- url: Silence MSVC warning
- util: Silence conversion warnings
Win32: Add Curl_verify_windows_version() to curlx
- Win32: Stop forcing narrow-character API
- Windows: Add unicode to feature list
Windows: Disable Unix Sockets for old mingw
Updated perl-MCE to 1.874 as per the Fedora version
Thursday 20th August 2020
Fedora Project
Retired perl-perl5i in F-33 and Rawhide:
The package is FTBFS since Perl was updated to 5.32 and perl-Devel-Declare was updated to a version compatible with 5.32 (GH#307)
The perl5i module uses Devel::Declare to implement function and method signatures, in a similar fashion to the Function::Parameters module, so it shouldn't be too hard to fix but upstream has been inactive for a few years now
Cleaned up and rebuilt perl-DBIx-ContextualFetch (1.03) in F-33 and Rawhide
Built perl-Class-C3 (0.34) for EPEL-8
Built perl-Class-Trigger(0.15) for EPEL-8
Built perl-Date-Simple (3.03) for EPEL-8
Built perl-DBIx-ContextualFetch (1.03) for EPEL-8
Built perl-Ima-DBI (0.35) for EPEL-8
Built perl-SQL-Abstract (1.87) for EPEL-8 (bootstrap build only)
Built perl-Time-Piece-MySQL (0.06) for EPEL-8
Built perl-UNIVERSAL-moniker (0.08) for EPEL-8
Friday 21st August 2020
Fedora Project
Branched and built perl-Class-DBI (3.0.17) for EPEL-8
Branched and built perl-Class-DBI-Plugin (0.03) for EPEL-8
Local Packages
Rebuilt nmap (7.80) for the Fedora_33_Mass_Rebuild
Updated perl-Module-CoreList to 5.20200820:
- Updated for v5.33.1
Updated perl-Module-Load-Conditional to 0.74:
strictify the test suite packages
Updated perl-version to 0.9927:
Fix stack usage in vcmp method
- Drop Perl 5.5 compatibility
Use PERL_VERSION_GE for Perl 7 compatibility
- Fix typo in pod example for comparing versions
Add usage error to pure-perl vcmp
- Quote version classname in test for 5.8 compatibility
Use base instead of parent for tests
Update ppport.h for future compatibility
Saturday 22nd August 2020
Fedora Project
Updated perl-IO-Tty (1.14) in F-33 and Rawhide to fix FTBFS due to false detection of strlcpy() and _getpty() (GH#24)
Updated perltidy to 20200822 in F-33 and Rawhide (see CHANGES.md for details)
Local Packages
Updated perl-IO-Tty (1.14) as per the Fedora version
Updated perl-Perl-Tidy to 2020082 as per the Fedora perltidy package
Sunday 23rd August 2020
Fedora Project
Updated golang-github-gofrs-flock to 0.7.3 in F-33 and Rawhide:
Local Packages
Updated golang-github-gofrs-flock to 0.7.3 as per the Fedora version
Monday 24th August 2020
Fedora Project
Updated perl-MetaCPAN-Client to 2.028000 in F-33 and Rawhide:
Support specific versions in download_url (GH#107)
Branched and built perl-MetaCPAN-Client (2.028000) for EPEL-8
Local Packages
Updated perl-MetaCPAN-Client to 2.028000 as per the Fedora version
Wednesday 26th August 2020
Local Packages
Updated perl-Type-Tiny to 1.010005:
Improvements to $AvoidCallbacks support for Type::Tiny::{Class,Role,Duck,Enum,Union,Intersection}, and LaxNum, Ref, RegexpRef, FileHandle, Object, Overload, and Tied types from Types::Standard
Thursday 27th August 2020
Fedora Project
Updated golang-github-gofrs-flock to 0.8.0 in F-33 and Rawhide:
Add AIX support with fcntl (GH#40)
Local Packages
Rebuilt dovecot (2.3.11.3) to sync with Rawhide build
Updated golang-github-gofrs-flock to 0.8.0 as per the Fedora version
Updated mod_fcgid (2.3.9) to merge fixes from RHEL, e.g. fix for setting FCGI CONTENT_LENGTH with "chunked" encoding (Bug #1652493)
Saturday 29th August 2020
Fedora Project
Updated perl-File-LibMagic to 1.23 in F-33 and Rawhide:
Fixed a bug with the Makefile.PL that caused every call to "make" to recompile the object file for the package's XS code (GH#28)
Local Packages
Updated perl-DateTime-Locale to 1.28:
The $locale->locale_data method now returns a deep clone of the locale's data; this allows you to modify safely any elements of the returned hash without breaking the original locale (GH#26)
We now support loading locale data from relative directories in @INC (GH#25)
When loading locale data, we now check $! for read errors, as well as checking for an error eval'ing the file's contents in $@ (GH#24)
Sunday 30th August 2020
Local Packages
Updated perl-DBD-SQLite to 1.66:
- Upgraded bundled SQLite to 3.32.3
Added several SQL_ types as aliases
- Fixed two initialization issues
Allowed create_function to return an array reference to specify the type of the value
Monday 31st August 2020
Fedora Project
Updated milter-greylist to 4.6.4 in F-33 and Rawhide:
Fix crash when GeoIP2 is not configured
MacOSX build fix for --enable-dnsrbl
Updated python-paramiko to 2.7.2 in F-33 and Rawhide:
Update our CI to catch issues with sdist generation, installation and testing
Add missing test suite fixtures directory to MANIFEST.in, reinstating the ability to run Paramiko's tests from an sdist tarball (GH#1727)
Remove leading whitespace from OpenSSH RSA test suite static key fixture, to conform better to spec. (GH#1722)
- Fix incorrect string formatting causing unhelpful error message annotation when using Kerberos/GSSAPI
Fix incorrectly swapped order of 'p' and 'q' numbers when loading OpenSSH-format RSA private keys; at minimum this should address a slowdown when using such keys, and it also means Paramiko works with Cryptography 3.1 and above, which complains strenuously when this problem appears (GH#1723)
Previous Month: July 2020
Next Month: September 2020