Paul's Blog Entries for March 2021

Tuesday 2nd March 2021

Local Packages

  • Rebuilt check (0.15.2) to sync with the Rawhide build

  • Updated perl-Search-Elasticsearch to 7.711001:

    • Fix release for Elasticsearch 7.11 (GH#202)

Wednesday 3rd March 2021

Fedora Project

  • Updated python-paramiko (2.7.2) in F-34 and Rawhide to drop invoke dependencies (invoke needs an ancient version of pytest that nobody is prepared to maintain)

RPM Fusion Project

  • Updated xv (3.10a) to fix jas_memdump replacement function

Local Packages

  • Updated sendmail (8.16.1) to drop support for old EOL distributions prior to Fedora 19

  • Updated xv (3.10a) as per the RPM Fusion package

Friday 5th March 2021

Fedora Project

  • Updated perl-Test-File to 1.448 in F-34 and Rawhide:

    • Try handling all-numeric user and group names (GH#26)

Local Packages

  • Updated dovecot (2.3.x):

    • Updated dovecot to 2.3.14:

      • Added new aliases for some variables; usage of the old ones is possible, but discouraged (these were partially added already to v2.3.13)
      • See for more information

      • Optimize imap/pop3/submission/managesieve proxies to use less CPU at the cost of extra memory usage

      • Remove autocreate, expire, snarf and mail-filter plugins

      • Remove cydir storage driver

      • Remove XZ/LZMA write support; read support will be removed in a future release
      • doveadm -D: add timestamps to debug output even when LOG_STDERR_TIMESTAMP environment variable is not set (timestamp format is taken from log_timestamp setting)

      • If BROKENCHAR or listescape plugin is used, the escaped folder names may be slightly different from before in some situations; this is unlikely to cause issues, although caching clients may redownload the folders

      • imapc: it now enables BROKENCHAR=~ by default to escape remote folder names if necessary; this also means that if there are any '~' characters in the remote folder names, they will be visible as "~7e"

      • imapc: when using local index files, folder names were escaped on the filesystem a bit differently (this has effect only if there are folder names that actually require escaping, which isn't so common); the old style folders will automatically be deleted from the filesystem

      • stats: update exported metrics to be compliant with OpenMetrics standard

      • doveadm: add an optional '-p' parameter to metadata list command; if enabled, "/private", and "/shared" metadata prefixes will be prepended to the keys in the list output

      • doveconf: support environment variables in config files; see for more details

      • indexer-worker: change indexer to disconnect from indexer-worker after each request, which allows service indexer-worker's service_count and idle_kill settings to work; these can be used to restart indexer-worker processes once in a while to reduce their memory usage

      • auth: "nodelay" with various authentication mechanisms such as apop and digest-md5 crashed AUTH process if authentication failed

      • auth: auth lua script generating an error triggered an assertion failure:

      • Panic: file db-lua.c: line 630 (auth_lua_call_password_verify): assertion failed: (lua_gettop(script->L) == 0)

      • configure: fix libunwind detection to work on other than x86_64 systems

      • doveadm-server: process could crash if logging was done outside command handling; for example http-client could have done debug logging afterwards, resulting in either segfault or:

      • Panic: file http-client.c: line 642 (http_client_context_close): assertion failed: (cctx->clients_list == NULL)

      • dsync: folder name escaping with BROKENCHAR didn't work completely correctly, which particularly caused problems with dsync-migrations using imapc where some of the remote folder names may not have been accessible

      • dsync: doveadm sync + imapc doesn't always sync all mails when doing an incremental sync (-1), which could lead to mail loss when used for migration; this happens only when GUIDs aren't used (i.e. imapc without imapc_features=guid-forced)

      • fts-tika: when tika server returns error, some mails cause

      • Panic: file message-parser.c: line 802 (message_parser_deinit_from_parts): assertion failed: (ctx->nested_parts_count == 0 || i_stream_have_bytes_left(ctx->input))

      • lib-imap: imapc parsing illegal BODYSTRUCTUREs with NILs could have resulted in crashes, which exposed that Dovecot was wrongly accepting atoms in "nstring" handling; changed the IMAP parsing to be more strict about this now

      • lib-index: if dovecot.index.cache has corrupted message size, fetching BODY/BODYSTRUCTURE may cause assert-crash:

      • Panic: file index-mail.c: line 1140 (index_mail_parse_body_finish): assertion failed: (mail-> != NULL)

      • lib-index: minor error handling and race condition fixes related to rotating dovecot.index.log; these didn't usually cause problems, unless the log files were rotated rapidly

      • lib-lua: Lua scripts using coroutines or lua libraries using coroutines (e.g., cqueues) panicked

      • Message PREVIEW handled whitespace wrong so first space would get eaten from between words

      • FTS and message PREVIEW (snippet) parsed HTML &entities case-sensitively

      • lib-mail: when max nested MIME parts were reached, IMAP BODYSTRUCTURE was written in a way that may have caused confusion for IMAP clients and also Dovecot itself when parsing it; the truncated part is now written out using application/octet-stream MIME type

      • lib-oauth2: HS512 and HS384 JWT token algorithms crash when you try to use them:

      • Panic: file hmac.c: line 26 (hmac_init): assertion failed: (meth->context_size <= MAC_MAX_CONTEXT_SIZE)

      • event filters: NOT keyword did not have the correct associativity: NOT a AND b were getting parsed as NOT (a AND b) instead of (NOT a) AND b

      • Ignore ECONNRESET when closing socket; this avoids logging useless errors on systems like FreeBSD

      • event filters: event filter syntax error may lead to
      • Panic: file event-filter.c: line 137 (event_filter_parse): assertion failed: (state.output == NULL)

      • lib: timeval_cmp_margin() was broken on 32-bit systems, which could potentially have caused HTTP timeouts to be handled incorrectly

      • log: instance_name wasn't used as syslog ident by the log process

      • master: after a service reached process_limit and client_limit, it could have taken up to 1 second to realize that more client connections became available, during which time client connections could have been rejected unnecessarily and a warning logged: Warning: service(...): process_limit (...) reached, client connections are being dropped

      • stats: crash would occur when generating openmetrics data for metrics using aggregating functions

      • stats: event filters comparing against empty strings crash the stats process

    • Updated pigeonhole to 0.5.14:

      • IMAP FILTER command: cmd-filter-sieve - do not allow NIL as script name argument

  • Updated perl-Test-File to 1.448 as per the Fedora version

Monday 8th March 2021

Local Packages

  • Updated python2-xapian to 1.4.18

  • Updated unrar to 6.01 beta 1, incorporating a number of changes from the RPM Fusion package:

    • Don't create versioned shared library, stick with upstream library name
    • Drop patch for unresolved symbol issues
    • Add rpm macro file so that dependent packages can add versioned dependency

Saturday 13th March 2021

Fedora Project

  • Updated perl-Getopt-Long-Descriptive to 0.106 in F-34 and Rawhide:

    • Improved formatting of switches
    • When available, use Term::ReadKey to get terminal width

    • When an option name is defined twice, warn about it (this will become fatal in a future version)
  • Updated perl-MouseX-Getopt (0.38) in F-34 and Rawhide to fix compatibility with Getopt::Long::Descriptive 0.106

Monday 15th March 2021

Fedora Project

  • Updated perl-Getopt-Long-Descriptive to 0.107 in F-34 and Rawhide:

    • Term::ReadKey has been dropped; caused too many problems

    • Minimum perl version is now v5.10.1, not v5.10.0
  • Updated perl-MouseX-Getopt (0.38) to fix compatibility with Getopt::Long::Descriptive 0.107

Tuesday 16th March 2021

Fedora Project

  • Updated perl-Getopt-Long-Descriptive to 0.108 in Rawhide:

    • Provide diagnostics in tests when more warnings arrive than are expected

Wednesday 17th March 2021

Fedora Project

  • Updated perl-Getopt-Long-Descriptive to 0.109 in F-34 and Rawhide:

    • Eliminate warnings-count failure by requiring an ExtUtils::MakeMaker from late 2013 or later; without this, very old EU::MM could pass -w to the tests, enabling more warnings than we wanted

Thursday 18th March 2021

Fedora Project

  • Updated perl-MooseX-Getopt to 0.75 in F-34 and Rawhide:

    • Adjust tests to deal with formatting changes in Getopt::Long::Descriptive 0.106 (RT#134754)

Friday 19th March 2021

Local Packages

  • Updated nmap (7.80) to manage nc symlink using alternatives (Bug #1653119)

  • Updated perl-File-Which to 1.24:

    • Documentation improvements
    • Moved repository to new GitHub organization

  • New package python2-six (1.15.0)

Monday 22nd March 2021

Local Packages

  • Updated perl-Module-CoreList to 5.20210320:

    • Updated for v5.33.8
  • Updated perl-Moo to 2.005003:

    • Remove MooseX::Types from developer prereqs

    • Recommend Sub::Util rather than Sub::Name, since Sub::Util is in core

    • Fix line numbers when using oo module (perl -Moo)

    • Adjust some author tests to rely less on external modules
    • Lower Exporter prereq to any version

    • Bump Role::Tiny prereq to 2.003004

    • Refactor and simplify role application code, as allowed by new Role::Tiny version

    • Switch to using normal strict+warnings rather than strictures for authors

    • Remove strictures from recommends, as Moo does not use it anywhere

    • Remove Task::Weaken prereq, as it served no purpose

    • Remove MRO::Compat prereq, using it only when user code does

    • Remove use of Devel::GlobalDestruction in code, only using Devel::GlobalDestruction::XS when it is available; Devel::GlobalDestruction is still a dependency on perl < 5.14 to facilitate the installation of the ::XS module

    • Moo now has no mandatory perl version specific dependencies; the version specific modules are now optional or not used, which means that code using Moo can be fatpacked on a new perl version without special cases, and it will work on older perl versions

    • Fix perl version check in global destruction code
    • Fix C3 test skipping properly when MRO::Compat not available on perl < 5.10

    • Silence 'once' warnings from Moo::_Utils

  • Updated perl-Net-Server to 2.010:

    • Add SSL_verify_callback

    • Fix SSLEAY connect spinloop

    • Various pod typos
    • Allow for logging to STDOUT for HTTP

    • Add PATCH verb to HTTP

Tuesday 23rd March 2021

Local Packages

Wednesday 24th March 2021

Fedora Project

  • Updated perl-Perl-Critic to 1.140 in F-34 and Rawhide:

    • Subroutines::RequireFinalReturn now lets you specify a terminal_methods parameter to specify methods that should be seen as terminal; this is like the terminal_funcs parameter, but for methods (GH#920)

    • Removed an extra /x in that caused deprecation warnings in Perl 5.22 and higher (GH#822)

    • Documentation::RequirePackageMatchesPodName now recognizes the package name if it's in 'I<>' or 'B<>' markup (GH#913)

  • Updated perl-Text-CSV_XS to 1.46 in F-34 and Rawhide:

    • It's 2021
    • New attribute comment_str (RFC 4180-bis)

    • New attribute skip_empty_rows (RFC 4180-bis)

    • httphttps in links in docs

    • Fix several issues with auto-detecting \r as EOL

    • Tested on perl-5.6.1 .. perl-5.32.1 and perl-5.33.8 (145)

Local Packages

  • Updated curl (7.75.0) to fix SIGSEGV upon disconnect of a ldaps:// transfer (Bug #1941925)

  • Updated perl-Perl-Critic to 1.140 as per the Fedora version

  • Updated perl-Text-CSV_XS to 1.46 as per the Fedora version

Thursday 25th March 2021

Local Packages

  • Updated perl-Search-Elasticsearch to 7.712:

    • Stable release for Elasticsearch 7.12

Friday 26th March 2021

Local Packages

  • Updated perl-PPIx-QuoteLike to 0.016:

    • Add back to bug reporting methods; long live RT!
    • Get prerequisites up to snuff, and add xt/author/prereq.t to ensure they stay that way

    • Refactor authortest into three, so I do not have to generate stub files to test without optional modules
  • Updated perl-PPIx-Regexp to 0.079:

    • Get prerequisites up to snuff, and add xt/author/prereq.t to ensure they stay that way

    • Add back to bug reporting methods; long live RT!

Saturday 27th March 2021

Fedora Project

  • Updated perl-UNIVERSAL-require to 0.19 in F-34 and Rawhide:

    • Noted that the module is now deprecated
    • Added a list of alternatives to SEE ALSO

Local Packages

  • Updated perl-UNIVERSAL-require to 0.19 as per the Fedora version

  • Updated sendmail (8.16.1) to disable NIS support in builds for RHEL versions after RHEL8

Monday 29th March 2021

Local Packages

  • Updated perl-Moo to 2.005004:

Tuesday 30th March 2021

Local Packages

  • Updated perl-Net-DNS to 1.30:

    • Simplify parsing of multi-line RRs in zone file
    • Improve robustness of "dry" resolver tests
    • Avoid deep recursion in non-fatal test report

Wednesday 31st March 2021

Fedora Project

  • Updated perl-Net-CIDR to 0.21 in F-34 and Rawhide:

    • Update perldoc to emphasize proper usage of ciddrvalidate()

Local Packages

  • Updated curl to 7.76.0:

    • cookies: Support multiple -b parameters

    • curl: Add --fail-with-body

    • doh: Add options to disable ssl verification
    • http: Add support to read and store the referrer header
    • sasl: Support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl

    • vtls: Initial implementation of rustls backend

    • CVE-2021-22876: Strip credentials from the auto-referer header field

    • CVE-2021-22890: Add 'isproxy' argument to Curl_ssl_get/addsessionid()

    • asyn-ares: Use consistent resolve error message

    • BUG-BOUNTY: Removed the cooperation mention

    • build: Delete unused feature guards
    • build: Fix --disable-dateparse

    • build: Fix --disable-http-auth

    • build: Remove all traces of USE_BLOCKING_SOCKETS

    • c-hyper: Remove superfluous pointer check

    • c-hyper: Support automatic content-encoding

    • CI/azure: Disable test 433 on azure-ubuntu

    • CI/azure: Replace python-impacket with python3-impacket

    • ci: Stop building on freebsd-12-1

    • cmake: Fix import library name for non-MS compiler on Windows
    • cmake: Use CMAKE_INSTALL_INCLUDEDIR indirection

    • cmake: Support WinIDN
    • config: Fix building SMB with configure using Win32 Crypto

    • config: Fix detection of restricted Windows App environment
    • configure: Fail if --with-quiche is used and quiche isn't found

    • configure: Make AC_TRY_* into AC_*_IFELSE

    • configure: Make hyper opt-in, and fail if missing

    • configure: Only add OpenSSL paths if they are defined

    • configure: Provide Largefile feature for curl-config

    • configure: Remove use of deprecated macros

    • configure: s/AC_HELP_STRING/AS_HELP_STRING/

    • cookies: Fix potential NULL pointer deref with PSL
    • curl: Set CURLOPT_NEW_FILE_PERMS if requested

    • curl_easy_setopt.3: Add curl_easy_option* functions to SEE ALSO

    • curl_multibyte: Always return a heap-allocated copy of string

    • curl_multibyte: Fall back to local code page stat/access on Windows

    • Curl_timeleft: Check both timeouts during connect

    • curl_url_set.3: Mention CURLU_PATH_AS_IS

    • CURLOPT_QUOTE.3: Clarify that libcurl doesn't parse what's sent

    • docs/HTTP2: Remove the outdated remark about multiplexing for the tool

    • docs/ Format to be update-friendly

    • docs: Add CURLOPT_CURLU to 'See also' in curl_url_ functions

    • docs: Add missing Arg tag to --stderr

    • docs: Add SSL backend names to CURL_SSL_BACKEND

    • docs: Clarify timeouts for queued transfers in multi API

    • docs: Explain DOH transfers inherit some SSL settings
    • docs: Fix FILE example URL in --metalink documentation

    • docs: Make support *italic* and **bold**

    • doh: Fix sharing user's resolve list with DOH handles
    • doh: Inherit CURLOPT_STDERR from user's easy handle

    • dynbuf: Bump the max HTTP request to 1MB
    • examples: Remove threaded-shared-conn.c due to bug

    • file: Support unicode URLs on windows
    • ftp: Add 'list_only' to the transfer state struct

    • ftp: Add 'prefer_ascii' to the transfer state struct

    • ftp: Allow SIZE to fail when doing (resumed) upload

    • ftp: Avoid SIZE when asking for a TYPE A file

    • ftp: Fix Codacy/cppcheck warning about null pointer arithmetic

    • ftp: Fix memory leak in ftp_done

    • ftp: Never set data->set.ftp_append outside setopt

    • Quote "bare" minuses in the nroff curl.1

    • github: Add torture-ftp for FTP-only torture testing

    • gnutls: Assume nettle crypto support

    • gskit: Correct the gskit_send() prototype

    • hostip: Fix build with sync resolver

    • hostip: Fix crash in sync resolver builds that use DOH

    • hsts: Remove unused defines
    • http2: Don't set KEEP_SEND when there's no more data to be sent

    • http2: Fail if connection terminated without END_STREAM

    • http: Cap body data amount during send speed limiting
    • http: Do not add a referrer header with empty value
    • http: Make 416 not fail with resume + CURLOPT_FAILONERRROR

    • http: Remove superfluous NULL assign
    • http: Strip default port from URL sent to proxy
    • http: Use credentials from transfer, not connection
    • ldap: Use correct memory free function

    • lib1536: Check ptr against NULL before dereferencing it

    • lib1537: Check ptr against NULL before dereferencing it

    • lib: Remove 'conn->data' completely

    • libssh2: kdb_callback: Get the right struct pointer

    • libssh2: ssh_connect: Clear session pointer after free

    • memdebug: Close debug logfile explicitly on exit

    • mingw: Enable using strcasecmp()

    • multi: Close the connection when h2=>h1 downgrading

    • multi: Do once-per-transfer inits in before_perform in DID state

    • multi: Rename the multi transfer states

    • multi: Update pending list when removing handle

    • ngtcp2: Adapt to the new recv_datagram callback

    • ngtcp2: Clarify calculation precedence

    • ngtcp2: Fix build error due to change in ngtcp2_addr_init

    • ngtcp2: Sync with recent API updates

    •  openldap: Avoid NULL pointer dereferences

    • openssl: Adapt to v3's new const for a few API calls

    • openssl: Ensure to check SSL_CTX_set_alpn_protos return values

    • openssl: Remove get_ssl_version_txt in favour of SSL_get_version

    • openssl: Set the transfer pointer for logging early

    • OS400: Update for CURLOPT_AWS_SIGV4

    • parse_proxy: Fix a memory leak in the OOM path

    • Fix use of pwd -L in Msys environment

    • projects: Update VS projects for OpenSSL 1.1.x
    • quiche: Fix build error: use 'int' for port number

    • quiche: Fix crash when failing to connect

    • retry-all-errors.d: Explain curl errors versus HTTP response errors

    • retry.d: Clarify transient 5xx HTTP response codes

    • Add %TESTNUMBER variable to make copying tests more convenient

    • Add a -P option to specify an external proxy

    • Kill processes locking test log files

    • setopt: Error on CURLOPT_HTTP09_ALLOWED set true with Hyper

    • test1188: Change error to check for: --fail HTTP status

    • test220/314: Adjust to run with Hyper

    • test304: Header CRLF clean-up to work with Hyper

    • test306: Make it not run with Hyper

    • tests: Disable .curlrc in more environments

    • tests: Use %TESTNUMBER instead of fixed number

    • tftp: Remove the 3600 second default timeout
    • time: Enable 64-bit time_t in supported mingw environments

    • tool_help: Add missing argument for --create-file-mode

    • tool_help: Increase space between option and description

    • tool_operate: Bail if set CURLOPT_HTTP09_ALLOWED returns error

    • travis: Add a rustls build

    • travis: Bump wolfssl to 4.7.0
    • travis: Only build wolfssl when needed
    • travis: Split "torture" into a separate "events" build
    • travis: Switch ngtcp2 build over to quictls

    • travis: Use ubuntu nghttp2 package instead of build our own

    • url.c: Use consistent error message for failed resolve

    • url: Fix memory leak if OOM in the HSTS handling

    • url: Fix possible use-after-free in default protocol

    • urldata: Don't touch data->set.httpversion at run-time

    • urldata: Fix build without HTTP and MQTT

    • urldata: Make 'actions[]' use unsigned char instead of int

    • urldata: Merge "struct DynamicStatic" into "struct UrlState"

    • urldata: Remove the 'rtspversion' field

    • urldata: Remove the _ORIG suffix from string names

    • version.d: Add missing features to the features list

    • wolfssl: Don't store a NULL sessionid

  • Updated perl-Moose to 2.2015:

    • A test has been rewritten so as to remove IO::String from the prerequisite list (GH#179)

    • Optional prereq on List::SomeUtils has been replaced with List::Util 1.56

  • Updated perl-Net-CIDR to 0.21 as per the Fedora version

Previous Month: February 2021
Next Month: April 2021