PaulHowarth/Blog/2021-05-26

Wednesday 26th May 2021

Fedora Project

  • Updated perl-DateTime-Format-MySQL to 0.0701 in Rawhide:

    • If microseconds are set on provided DateTime object to time_format, use them (CPAN RT#136549)

  • Updated perl-IO-Socket-SSL to 2.071 in Rawhide:

    • Fix t/nonblock.t race on some systems (fixes GH#102, maybe GH#98 too)

Local Packages

  • Updated curl to 7.77.0:

    • CVE-2021-22297: schannel cipher selection surprise

    • CVE-2021-22298: TELNET stack contents disclosure

    • CVE-2021-22901: TLS session caching disaster

    • configure: Make the TLS library choice(s) explicit

    • curl: Ignore options asking for SSLv2 or SSLv3

    • hsts: Enable by default
    • SSL: Support in-memory CA certs for some backends
    • vtls: Refuse setting any SSL version
    • AmigaOS: Add functions definitions for SHA256
    • build: Fix compilation for Windows UWP platform

    • c-hyper: Don't write to set.writeheader if null

    • c-hyper: Fix handling of zero-byte chunk from hyper

    • c-hyper: Handle body on HYPER_TASK_EMPTY

    • checksrc: Complain on == NULL or != 0 checks in conditions

    • CI/cirrus: Add shared and static Windows release builds

    • cmake: Add CURL_ENABLE_EXPORT_TARGET option

    • cmake: Check for getppid and utimes

    • cmake: Detect CURL_SA_FAMILY_T

    • cmake: Fix two invokes result in different curl_config.h

    • cmake: Make libcurl output filename configurable

    • cmake: Use multi-threaded compilation on VS 2008+
    • config: Remove now-unused macros

    • configure: If asked for, fail if ldap is not found

    • configure: Provide --with-openssl, deprecate --with-ssl

    • conn: Add 'attach' to protocol handler, make libssh2 use it

    • connect: Use CURL_SA_FAMILY_T for portability

    • ConnectionExists: Respect requests for h1 connections better

    • cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies

    • curl-wolfssl.m4: Without custom include path, assume /usr/include

    • curl: Include libmetalink version in --version output

    • Curl_http_header: Check for colon when matching Persistent-Auth

    • Curl_http_input_auth: Require valid separator after negotiation type

    • Curl_input_digest: Require space after Digest

    • curl_mprintf.3: Add description

    • curl_setup: Provide the shutdown flags wider

    • curl_url_set.3: Add memory management information

    • CURLcode: Add CURLE_SSL_CLIENTCERT

    • CURLOPT_CAPATH.3: Defaults to a path, not NULL

    • CURLOPT_IPRESOLVE: Preventing wrong IP version from being used

    • CURLOPT_POSTFIELDS.3: Clarify how it gets the size of the data

    • data_pending: Check only SECONDARY socket for FTP(S) transfers

    • docs/TheArtOfHttpScripting: Fix markdown links

    • docs: CamelCase it like GitHub everywhere

    • docs: Cookies from HTTP headers need domain set

    • docs: Fix typo in fail-with-body doc

    • docs: Improve INTERNALS.md regarding getsock callback

    • docs: Replace dots with dashes in markdown enums

    • easy: Ignore sigpipe in curl_easy_send

    • FILEFORMAT: Mention sectransp as a feature

    • GIT-INFO: Suggest using autoreconf instead of buildconf

    • GitHub: Add a workflow with libssh2 on macOS using cmake

    • GitHub: Inhibit deprecated declarations for clang on macOS

    • GnuTLS: Don't allow TLS 1.3 for versions that don't support it

    • GnuTLS: Make setting only the MAX TLS allowed version work

    • gskit: Fix CURL_DISABLE_PROXY build

    • gskit: Fix undefined reference to 'conn'

    • hostip.h: Remove declaration of unimplemented function

    • hostip: Remove the debug code for LocalHost

    • http2: Call the handle-closed function correctly on closed stream

    • http2: Fix a resource leak in push_promise()

    • http2: Fix resource leaks in set_transfer_url()

    • http2: Make sure pause is done on HTTP
    • http2: Move the stream error field to the per-transfer storage
    • http2: Skip immediate parsing of payload following protocol switch

    • http2: Use nghttp2_session_upgrade2 instead of nghttp2_session_upgrade

    • HTTP3.md: Fix nghttp2's HTTP/3 server port

    • HTTP3.md: Make the ngtcp2 build use the quictls fork

    • http: Deal with partial CONNECT sends

    • http: Fix the check for 'Authorization' with Bearer

    • http: Limit the initial send amount to used upload buffer size
    • http: Reset the header buffer when sending the request
    • http: Use offsets inst of integer literals for header parsing

    • INSTALL: Add IBM i specific quirks

    • krb5/name_to_level: Replace checkprefix with curl_strequal

    • krb5: Don't use 'static' to store PBSZ size response

    • krb5: Remove the unused 'overhead' function

    • lib/hostip6.c: Make NAT64 address synthesis on macOS work

    • lib1564.c: Enable last wakeup test part on Windows

    • lib: Fix 0-length Curl_client_write calls

    • lib: Fix some misuse of curlx_convert_UTF8_to_tchar

    • libcurl-security.3: Be careful of setuid

    • libcurl-security.3: Don't try to filter IPv4 hosts based on the URL

    • libcurl.3: Mention the URL API

    • libssh2: Fix Value stored to 'sshp' is never read

    • libssh2: Ignore timeout during disconnect

    • libssh: Fix "empty expression statement has no effect" warnings

    • libtest: Remove lib530.c

    • m4: Add security frameworks on Mac when compiling rustls

    • multi: Don't close connection HTTP_1_1_REQUIRED

    • multi: Fix slow write/upload performance on Windows

    • multi: Reduce Win32 API calls to improve performance

    • ngtcp2: Fix the cb_acked_stream_data_offset proto

    • NSS: Add ciphers to map
    • NSS: Make colons, commas and spaces valid separators in cipher list

    • nss_set_blocking: Avoid static for sock_opt

    • ntlm: Precaution against super huge type2 offsets

    • openldap: Protect SSL-specific code with proper #ifdef

    • openldap: Replace ldap_ prefix on private functions

    • openssl: fix build error with OpenSSL < 1.0.2

    • openssl: Remove unneeded cast for CertOpenSystemStore()

    • os400: Additional support for options metadata

    • progress: Fix scan-build-11 warnings

    • progress: Reset limit_size variables at transfer start

    • progress: When possible, calculate transfer speeds with microseconds

    • README.md: Delete Codacy UTM parameters

    • Revert "Revert 'multi: implement wait using winsock events'"

    • rustls: Only return CURLE_AGAIN when TLS session is fully drained

    • rustls: Use ALPN

    • sasl: Use 'unsigned short' to store mechanism

    • schannel: Disable auto credentials; add an option to enable it

    • schannel: Support strong crypto option

    • sectransp: Allow cipher name to be specified

    • sectransp: Fix EXC_BAD_ACCESS caused by uninitialized buffer

    • sigpipe: Ignore SIGPIPE when using wolfSSL as well

    • sockfilt: Avoid getting stuck waiting for writeable socket

    • sockfilt: Fix invalid increment of handles index variable nfd

    • sws: #ifdef S_IFSOCK use

    • sws: Allow HTTP requests up to 2MB in size

    • test server: Take care of siginterrupt() deprecation

    • test2100: Make it run with and require IPv6

    • tests/disable-scan.pl: Also scan all m4 files

    • tests/getpart: Generate output URL encoded for better diffs

    • tests: Ignore case of chunked hex numbers in tests

    • tls: Add USE_HTTP2 define

    • tool_getparam: Handle failure of curlx_convert_tchar_to_UTF8()

    • tool_getparam: Replace (in-place) '%20' by '+' according to RFC1866

    • tool_operate: Don't discard failed parallel transfer result

    • tool_writeout: Fix the HTTP_CODE json output

    • travis: Disable the failing libssh build

    • URL-SYNTAX: Update IDNA section for WHATWG spec changes

    • urlapi: "normalize" numerical IPv4 host names

    • vauth: Factor base64 conversions out of authentication procedures

    • version: Add gsasl_version to curl_version_info_data

    • version: Add OpenLDAP version in the output

    • vtls: Deduplicate some DISABLE_PROXY ifdefs

    • vtls: Reset ssl use flag upon negotiation failure

    • wolfssl: Handle SSL_write() returns 0 for error

    • wolfssl: Remove SSLv3 support leftovers

  • I added this patch to kill the gophers server after testing that protocol, so that the port it uses can be re-used by later tests: 

  • There is only one gophers test, so kill the server when done with it.
This frees up the port, which was needed for curl-7.77.0 on Centos 7
(x86_64) where test 3001 wanted to reuse the port.

--- tests/data/test1272
+++ tests/data/test1272
@@ -22,6 +22,9 @@ iMenu results         error.host      1
 <server>
 gophers
 </server>
+<killserver>
+gophers
+</killserver>
  <name>
 Gophers index
  </name>

  • Rebuilt libxml2 (2.9.12) to sync with Rawhide

  • Updated perl-DateTime-Format-MySQL to 0.0701 as per the Fedora version

  • Updated perl-Exception-Base (0.2501) to avoid perl critic test, which fails on recent perls with built-in catch

  • Updated perl-IO-Socket-SSL to 2.071 as per the Fedora version

  • Updated perl-Module-CoreList to 5.20210521:

    • Updated for v5.35.0

  • Updated perl-Test-Needs to 0.002009:

    • Fix tests when @INC includes directories that shouldn't have their archname or version subdirectories added

    • Fix test compatibility with Windows

    • Fix warnings from Test::Builder if Test::Needs is loaded first, and is used to check for a Test module

    • Fix location in code reported when a module check fails
    • Support short forms of perl versions
    • Support perl versions greater than 5
    • Fix handling of v-string versions on perl 5.6
  • Updated Rawhide repository with Perl packages rebuilt for Perl 5.34.0

Recent