PaulHowarth/Blog/2021-08

Paul's Blog Entries for August 2021

Monday 2nd August 2021

Local Packages

  • Updated perl-DBD-SQLite to 1.70:

    • Fix typo (GH#85)

    • Silenced deprecation warning of sqlite_unicode so as not to break tests of existing applications

    • Fix docs to use the correct attribute with sqlite_ (GH#86)

    • Fix an encoding issue of naïve (GH#83)

  • Updated perl-Type-Tiny to 1.012004:

    • Fixed typo in Types::Standard documentation where StrMatch regexp parameter didn't use qr// properly

Tuesday 3rd August 2021

Fedora Project

  • Merged PR#1 for perl-Algorithm-C3 (Package tests) and built the package (version 0.11) in Rawhide

  • Updated perl-Software-License to 0.104001 in Rawhide:

    • Update the text of Artistic License 1.0 to match upstream source
    • When using Apache 2.0, replace year and copyright holder
    • Improve guessing at CC0
    • Update author contact info
    • Documentation tweaks about non-core licenses and the use of guess_license_from_pod

    • Add "program" and "Program" arguments; this allows text generation like "CoolClient is license..." instead of "This software is..."

Local Packages

  • Updated perl-HTTP-Tiny to 0.078:

    • Added a 'patch' helper method for the HTTP 'PATCH' verb

    • If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY replaces HTTP_PROXY

    • Unsupported scheme errors early without giving an uninitialized value warning first
    • Sends Content-Length: 0 on empty body PUT/POST; this is not in the spec, but some servers require this

    • Allows optional status line reason, as clarified in RFC 7230
    • Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that SSL reads can also send writes as a side effect

    • Check if a server has closed a connection before preserving it for reuse
    • Clarified documentation that exceptions/errors result in 599 status codes

    • Optional IO::Socket::IP prereq must be at least version 0.32 to be used; this ensures correct timeout support

  • Updated perl-Software-License to 0.104001 as per the Fedora version

Friday 6th August 2021

Fedora Project

Local Packages

  • Updated perl-Date-Range (1.41) to make Date::Simple a run-time dependency, not just a test dependency (Bug #1977229)

Saturday 7th August 2021

Fedora Project

  • Imported and built perl-Date-Range (1.41) for F-33, F-34, Rawhide, EPEL-7 and EPEL-8

Sunday 8th August 2021

Fedora Project

  • Updated perl-Finance-Quote to 1.51 in Rawhide:

    • New modules: CurrencyRates

    • Updated modules: ASX, TIAA-CREF, Fool, Currencies

    • Corrected some POD issues (thanks to the Debian Perl Group)
    • Fix bugs in t/fq-object-methods.t

    • Add code to hide warning in t/currency_lookup.t

Monday 9th August 2021

Local Packages

  • Updated dovecot:

    • Updated dovecot to 2.3.16:

      • Any unexpected exit() will now result in a core dump; this can especially help notice problems when a Lua script causes exit(0)

      • auth-worker process is now restarted when the number of auth requests reaches service auth-worker { service_count }; the default is still unlimited

      • Event improvements: Added data_stack_grow event and http-client category; see https://doc.dovecot.org/admin_manual/list_of_events/

      • oauth2: Support RFC 7628 openid-configuration element, which allows clients to support OAUTH2 for any server, not just a few hardcoded servers like they do now (see openid_configuration_url setting in dovecot-oauth2.conf.ext)

      • mysql: Single statements are no longer enclosed with BEGIN/COMMIT

      • dovecot-sysreport --core supports multiple core files now and does not require specifying the binary path

      • imapc: When imap_acl plugin is loaded and imapc_features=acl is used, IMAP ACL commands are proxied to the remote server; see https://doc.dovecot.org/configuration_manual/mail_location/imapc/

      • dict-sql now supports the "UPSERT" syntax for SQLite and PostgreSQL

      • imap: If IMAP client disconnects during a COPY command, the copying is aborted, and changes are reverted; this may help to avoid many email duplicates if client disconnects during COPY and retries it after reconnecting

      • master process was using 100% CPU if service attempted to create more processes due to process_min_avail, but process_limit was already reached (v2.3.15 regression)

      • Using attachment detection flags wrongly logged unnecessary "Failed to add attachment keywords" errors (v2.3.13 regression)
      • IMAP QRESYNC: Expunging UID 1 mail resulted in broken VANISHED response, which could have confused IMAP clients (v2.3.13 regression)

      • imap: STORE didn't send untagged replies for \Seen changes for (shared) mailboxes using INDEXPVT (v2.3.10 regression)

      • rawlog_dir setting would not log input that was pipelined after authentication command

      • Fixed potential infinite looping with autoexpunging
      • Log event exporter: Truncate long fields to 1000 bytes
      • LAYOUT=index: ACL inheritance didn't work when creating mailboxes

      • Event filters: Unquoted '?' wildcard caused a crash at startup

      • fs-metawrap: Fix to handling zero sized files

      • imap-hibernate: Fixed potential crash at de-init

      • acl: dovecot-acl-list files were written for acl_ignore_namespaces

      • program-client (used by Sieve extprograms, director_flush_socket) may have missed status response from UNIX and network sockets, resulting in unexpected failures

    • Updated pigeonhole to 0.5.16:

      • .dovecot.sieve.log file now includes year in the header

      • Change Sieve script result execution to delay definitive action execution to the end of a successful Sieve script execution session, which is part of an effort to solve problems with the Sieve duplicate test; as a side-effect, some rare temporary-error cases yield different results, in which partial failure is more likely
  • Updated nmap to 7.92 (see CHANGELOG for details)

Tuesday 10th August 2021

Fedora Project

Local Packages

  • Updated c-ares to 1.17.2:

  • Security:
    • NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on systems where malloc(0) returns NULL, which would cause a crash

    • When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator

    • If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash

    • Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response

    • Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
    • Perform validation on hostnames to prevent possible XSS due to applications not performing validation themselves
  • Changes:
    • Use non-blocking /dev/urandom for random data to prevent early startup performance issues

    • z/OS port
    • ares_malloc(0) is now defined behaviour (returns NULL) rather than system-specific to catch edge cases

  • Bug fixes:
    • Fuzz testing files were not distributed with official archives
    • Building tests should not force building of static libraries except on Windows
    • Windows builds of the tools would fail if built as static due to a missing CARES_STATICLIB definition

    • Relative headers must use double quotes to prevent pulling in a system library
    • Fix OpenBSD building by implementing portability updates for including arpa/nameser.h

    • Fix building out-of-tree for autotools
    • make install on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed

    • Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains
    • ares_parse_a_reply and ares_parse_aaaa_reply were erroneously using strdup() instead of ares_strdup()

  • Updated perl-Search-Elasticsearch to 7.714:

    • Stable release for Elasticsearch 7.14

Monday 16th August 2021

Local Packages

  • Branched the development repository for Fedora 35

  • Updated schily to 2021.08.14

Tuesday 17th August 2021

Fedora Project

  • Updated perl-IO-Socket-SSL to 2.072 in F-35 and Rawhide:

    • Add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based on idea in GH#101

    • certs/*.p12 used for testing should now work with OpenSSL 3.0 too (GH#108)

    • Update public suffix database

Local Packages

  • Updated perl-IO-Socket-SSL to 2.072 as per the Fedora version

Monday 23rd August 2021

Local Packages

  • Updated perl-Module-CoreList to 5.20210820:

    • Updated for v5.35.3
  • Updated sendmail to 8.17.1 (see release announcement for details)

Friday 27th August 2021

Fedora Project

Local Packages

  • New package perl-File-TreeCreate (0.0.1)

  • Updated perl-File-Find-Object to 0.3.6:

    • Split File::TreeCreate off to its own distribution

  • Updated perl-File-Find-Object-Rule to 0.0313:

    • Split File::TreeCreate off to its own distribution

  • Updated perl-Test-TrailingSpace to 0.0601:

    • Split File::TreeCreate off to its own distribution

Monday 30th August 2021

Fedora Project

  • Updated libssh2 to 1.10.0 in F-35 and Rawhide:

    • Adds agent forwarding support
    • Adds OpenSSH Agent support on Windows
    • Adds ECDSA key support using the Mbed TLS backend
    • Adds ECDSA cert authentication
    • Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges

    • Adds support for PKIX key reading when using ed25519 with OpenSSL

    • Adds support for EWOULDBLOCK on VMS systems

    • Adds support for building with OpenSSL 3
    • Adds support for using FIPS mode in OpenSSL
    • Adds debug symbols when building with MSVC
    • Adds support for building on the 3DS
    • Adds unicode build support on Windows
    • Restores os400 building
    • Increases min, max and opt Diffie Hellman group values

    • Improves portability of the make file

    • Improves timeout behaviour with 2FA keyboard auth
    • Various improvements to the Wincng backend
    • Fixes reading partial packet replies when using an agent
    • Fixes Diffie Hellman key exchange on Windows 1903+ builds
    • Fixes building tests with older versions of OpenSSL
    • Fixes possible multiple definition warnings
    • Fixes potential cast issues in _libssh2_ecdsa_key_get_curve_type() & Fixes potential use after free if libssh2_init() is called twice

    • Improved linking when using Mbed TLS
    • Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized

    • Fixes crash when loading public keys with no id
    • Fixes possible out of bounds read when exchanging keys
    • Fixes possible out of bounds read when reading packets
    • Fixes possible out of bounds read when opening an X11 connection
    • Fixes possible out of bounds read when using ECDH host keys
    • Fixes possible hang when trying to read a disconnected socket
    • Fixes a crash when using the delayed compression option
    • Fixes read error with large known host entries
    • Fixes various warnings
    • Fixes various small memory leaks
    • Improved error handling, various detailed errors will now be reported
    • Builds are now using OSS-Fuzz
    • Builds now use autoreconf instead of a custom build script

    • cmake now respects install directory

    • Improved CI backend
    • Updated HACKING-CRYPTO documentation

    • Use markdown file extensions
    • Improved unit tests

Local Packages

  • Updated libssh2 to 1.10.0 as per the Fedora version

Tuesday 31st August 2021

Fedora Project

  • Jitka Plesnikova kindly reviewed and approved my perl-File-TreeCreate package submission

  • Updated proftpd to 1.3.7c in F-33, F-34, F-35, Rawhide and EPEL-8 playground:

    • Improve mod_tls log messages for unsupported older TLS protocol requests (GH#1273)

    • Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)

    • Properly handle <VirtualHost> sections that use interface/device names (GH#1282)

    • PCRE expressions with capture groups are not being handled properly (GH#1300)

    • AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop (GH#1307)

Local Packages

  • Updated proftpd to 1.3.7c as per the Fedora version

  • Updated proftpd (1.3.8) to 1.3.8rc2, building with libidn2 support:

    • mod_sftp crashes when handling aes256-ctr OpenSSH-specific key with some old OpenSSL versions (Bug #4401)

    • Improve mod_tls log messages for unsupported older TLS protocol requests (GH#1273)

    • Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)

    • Properly handle <VirtualHost> sections that use interface/device names (GH#1282)

    • mod_ifsession failed to reset directory config lookup after <Directory> section merges (Bug #4315)

    • Support <Limit> configurations for HELP command (GH#1296)

    • PCRE expressions with capture groups are not being handled properly (GH#1300)

    • AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop (GH#1307)

    • Add support for the libidn2 library, over libidn, for e.g. mod_rewrite mappings (GH#1286)

    • Changed the default behaviour of mod_tls, such that TLS renegotiations on control/data connections are not requested by default - TLS renegotiations have a long and sordid history; many SSL/TLS libraries no longer implement them, or disable them by default (Bug #4443)

    • mod_auth_otp should honour RequireTableEntry semantics for SFTP logins (GH#1319)

Previous Month: July 2021
Next Month: September 2021

Recent