#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Tuesday 10th August 2021 ===

==== Fedora Project ====

 * Updated `perl-Apache-Session-Browseable` to 1.3.9 in Rawhide:
  * Return number of deleted rows when called in array context (https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2428)

==== Local Packages ====

 * Updated `c-ares` to 1.17.2:
 . Security:
  * NodeJS passes `NULL` for `addr` and `0` for `addrlen` to `ares_parse_ptr_reply()` on systems where `malloc(0)` returns `NULL`, which would cause a crash
  * When building `c-ares` with CMake, the `RANDOM_FILE` would not be set and therefore downgrade to the less secure random number generator
  * If `ares_getaddrinfo()` was terminated by an `ares_destroy()`, it would cause a crash
  * Crash in `sortaddrinfo()` if the list size equals 0 due to an unexpected DNS response
  * Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
  * Perform validation on hostnames to prevent possible XSS due to applications not performing validation themselves
 . Changes:
  * Use non-blocking `/dev/urandom` for random data to prevent early startup performance issues
  * z/OS port
  * `ares_malloc(0)` is now defined behaviour (returns `NULL`) rather than system-specific to catch edge cases
 . Bug fixes:
  * Fuzz testing files were not distributed with official archives
  * Building tests should not force building of static libraries except on Windows
  * Windows builds of the tools would fail if built as static due to a missing `CARES_STATICLIB` definition
  * Relative headers must use double quotes to prevent pulling in a system library
  * Fix OpenBSD building by implementing portability updates for including `arpa/nameser.h`
  * Fix building out-of-tree for autotools
  * `make install` on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed
  * Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains
  * `ares_parse_a_reply` and `ares_parse_aaaa_reply` were erroneously using `strdup()` instead of `ares_strdup()`
 * Updated `perl-Search-Elasticsearch` to 7.714:
  * Stable release for Elasticsearch 7.14

----