Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

    PaulHowarth/Blog/2021-08

Paul's Blog Entries for August 2021

Monday 2nd August 2021

Local Packages

  • Updated perl-DBD-SQLite to 1.70:

    • Fix typo (GH#85)

    • Silenced deprecation warning of sqlite_unicode so as not to break tests of existing applications

    • Fix docs to use the correct attribute with sqlite_ (GH#86)

    • Fix an encoding issue of naïve (GH#83)

  • Updated perl-Type-Tiny to 1.012004:

    • Fixed typo in Types::Standard documentation where StrMatch regexp parameter didn't use qr// properly

Tuesday 3rd August 2021

Fedora Project

  • Merged PR#1 for perl-Algorithm-C3 (Package tests) and built the package (version 0.11) in Rawhide

  • Updated perl-Software-License to 0.104001 in Rawhide:

    • Update the text of Artistic License 1.0 to match upstream source
    • When using Apache 2.0, replace year and copyright holder
    • Improve guessing at CC0
    • Update author contact info

    • Documentation tweaks about non-core licenses and the use of guess_license_from_pod

    • Add "program" and "Program" arguments; this allows text generation like "CoolClient is license..." instead of "This software is..."

Local Packages

  • Updated perl-HTTP-Tiny to 0.078:

    • Added a 'patch' helper method for the HTTP 'PATCH' verb

    • If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY replaces HTTP_PROXY

    • Unsupported scheme errors early without giving an uninitialized value warning first

    • Sends Content-Length: 0 on empty body PUT/POST; this is not in the spec, but some servers require this

    • Allows optional status line reason, as clarified in RFC 7230

    • Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that SSL reads can also send writes as a side effect

    • Check if a server has closed a connection before preserving it for reuse

    • Clarified documentation that exceptions/errors result in 599 status codes

    • Optional IO::Socket::IP prereq must be at least version 0.32 to be used; this ensures correct timeout support

  • Updated perl-Software-License to 0.104001 as per the Fedora version

Friday 6th August 2021

Fedora Project

Local Packages

  • Updated perl-Date-Range (1.41) to make Date::Simple a run-time dependency, not just a test dependency (Bug #1977229)

Saturday 7th August 2021

Fedora Project

  • Imported and built perl-Date-Range (1.41) for F-33, F-34, Rawhide, EPEL-7 and EPEL-8

Sunday 8th August 2021

Fedora Project

  • Updated perl-Finance-Quote to 1.51 in Rawhide:

    • New modules: CurrencyRates

    • Updated modules: ASX, TIAA-CREF, Fool, Currencies

    • Corrected some POD issues (thanks to the Debian Perl Group)

    • Fix bugs in t/fq-object-methods.t

    • Add code to hide warning in t/currency_lookup.t

Monday 9th August 2021

Local Packages

  • Updated dovecot:

    • Updated dovecot to 2.3.16:

      • Any unexpected exit() will now result in a core dump; this can especially help notice problems when a Lua script causes exit(0)

      • auth-worker process is now restarted when the number of auth requests reaches service auth-worker { service_count }; the default is still unlimited

      • Event improvements: Added data_stack_grow event and http-client category; see https://doc.dovecot.org/admin_manual/list_of_events/

      • oauth2: Support RFC 7628 openid-configuration element, which allows clients to support OAUTH2 for any server, not just a few hardcoded servers like they do now (see openid_configuration_url setting in dovecot-oauth2.conf.ext)

      • mysql: Single statements are no longer enclosed with BEGIN/COMMIT

      • dovecot-sysreport --core supports multiple core files now and does not require specifying the binary path

      • imapc: When imap_acl plugin is loaded and imapc_features=acl is used, IMAP ACL commands are proxied to the remote server; see https://doc.dovecot.org/configuration_manual/mail_location/imapc/

      • dict-sql now supports the "UPSERT" syntax for SQLite and PostgreSQL

      • imap: If IMAP client disconnects during a COPY command, the copying is aborted, and changes are reverted; this may help to avoid many email duplicates if client disconnects during COPY and retries it after reconnecting

      • master process was using 100% CPU if service attempted to create more processes due to process_min_avail, but process_limit was already reached (v2.3.15 regression)

      • Using attachment detection flags wrongly logged unnecessary "Failed to add attachment keywords" errors (v2.3.13 regression)

      • IMAP QRESYNC: Expunging UID 1 mail resulted in broken VANISHED response, which could have confused IMAP clients (v2.3.13 regression)

      • imap: STORE didn't send untagged replies for \Seen changes for (shared) mailboxes using INDEXPVT (v2.3.10 regression)

      • rawlog_dir setting would not log input that was pipelined after authentication command

      • Fixed potential infinite looping with autoexpunging
      • Log event exporter: Truncate long fields to 1000 bytes

      • LAYOUT=index: ACL inheritance didn't work when creating mailboxes

      • Event filters: Unquoted '?' wildcard caused a crash at startup

      • fs-metawrap: Fix to handling zero sized files

      • imap-hibernate: Fixed potential crash at de-init

      • acl: dovecot-acl-list files were written for acl_ignore_namespaces

      • program-client (used by Sieve extprograms, director_flush_socket) may have missed status response from UNIX and network sockets, resulting in unexpected failures

    • Updated pigeonhole to 0.5.16:

      • .dovecot.sieve.log file now includes year in the header

      • Change Sieve script result execution to delay definitive action execution to the end of a successful Sieve script execution session, which is part of an effort to solve problems with the Sieve duplicate test; as a side-effect, some rare temporary-error cases yield different results, in which partial failure is more likely

  • Updated nmap to 7.92 (see CHANGELOG for details)

Tuesday 10th August 2021

Fedora Project

Local Packages

  • Updated c-ares to 1.17.2:

  • Security:

    • NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on systems where malloc(0) returns NULL, which would cause a crash

    • When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator

    • If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash

    • Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response

    • Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
    • Perform validation on hostnames to prevent possible XSS due to applications not performing validation themselves
  • Changes:

    • Use non-blocking /dev/urandom for random data to prevent early startup performance issues

    • z/OS port

    • ares_malloc(0) is now defined behaviour (returns NULL) rather than system-specific to catch edge cases

  • Bug fixes:
    • Fuzz testing files were not distributed with official archives
    • Building tests should not force building of static libraries except on Windows

    • Windows builds of the tools would fail if built as static due to a missing CARES_STATICLIB definition

    • Relative headers must use double quotes to prevent pulling in a system library

    • Fix OpenBSD building by implementing portability updates for including arpa/nameser.h

    • Fix building out-of-tree for autotools

    • make install on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed

    • Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains

    • ares_parse_a_reply and ares_parse_aaaa_reply were erroneously using strdup() instead of ares_strdup()

  • Updated perl-Search-Elasticsearch to 7.714:

    • Stable release for Elasticsearch 7.14

Monday 16th August 2021

Local Packages

  • Branched the development repository for Fedora 35

  • Updated schily to 2021.08.14

Tuesday 17th August 2021

Fedora Project

  • Updated perl-IO-Socket-SSL to 2.072 in F-35 and Rawhide:

    • Add PEM_certs2file and PEM_file2certs in IO::Socket::SSL::Utils based on idea in GH#101

    • certs/*.p12 used for testing should now work with OpenSSL 3.0 too (GH#108)

    • Update public suffix database

Local Packages

  • Updated perl-IO-Socket-SSL to 2.072 as per the Fedora version

Monday 23rd August 2021

Local Packages

  • Updated perl-Module-CoreList to 5.20210820:

    • Updated for v5.35.3

  • Updated sendmail to 8.17.1 (see release announcement for details)

Friday 27th August 2021

Fedora Project

Local Packages

  • New package perl-File-TreeCreate (0.0.1)

  • Updated perl-File-Find-Object to 0.3.6:

    • Split File::TreeCreate off to its own distribution

  • Updated perl-File-Find-Object-Rule to 0.0313:

    • Split File::TreeCreate off to its own distribution

  • Updated perl-Test-TrailingSpace to 0.0601:

    • Split File::TreeCreate off to its own distribution

Monday 30th August 2021

Fedora Project

  • Updated libssh2 to 1.10.0 in F-35 and Rawhide:

    • Adds agent forwarding support
    • Adds OpenSSH Agent support on Windows
    • Adds ECDSA key support using the Mbed TLS backend
    • Adds ECDSA cert authentication

    • Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges

    • Adds support for PKIX key reading when using ed25519 with OpenSSL

    • Adds support for EWOULDBLOCK on VMS systems

    • Adds support for building with OpenSSL 3
    • Adds support for using FIPS mode in OpenSSL
    • Adds debug symbols when building with MSVC
    • Adds support for building on the 3DS
    • Adds unicode build support on Windows
    • Restores os400 building

    • Increases min, max and opt Diffie Hellman group values

    • Improves portability of the make file

    • Improves timeout behaviour with 2FA keyboard auth
    • Various improvements to the Wincng backend
    • Fixes reading partial packet replies when using an agent
    • Fixes Diffie Hellman key exchange on Windows 1903+ builds
    • Fixes building tests with older versions of OpenSSL
    • Fixes possible multiple definition warnings

    • Fixes potential cast issues in _libssh2_ecdsa_key_get_curve_type() & Fixes potential use after free if libssh2_init() is called twice

    • Improved linking when using Mbed TLS

    • Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized

    • Fixes crash when loading public keys with no id
    • Fixes possible out of bounds read when exchanging keys
    • Fixes possible out of bounds read when reading packets
    • Fixes possible out of bounds read when opening an X11 connection
    • Fixes possible out of bounds read when using ECDH host keys
    • Fixes possible hang when trying to read a disconnected socket
    • Fixes a crash when using the delayed compression option
    • Fixes read error with large known host entries
    • Fixes various warnings
    • Fixes various small memory leaks
    • Improved error handling, various detailed errors will now be reported
    • Builds are now using OSS-Fuzz

    • Builds now use autoreconf instead of a custom build script

    • cmake now respects install directory

    • Improved CI backend

    • Updated HACKING-CRYPTO documentation

    • Use markdown file extensions
    • Improved unit tests

Local Packages

  • Updated libssh2 to 1.10.0 as per the Fedora version

Tuesday 31st August 2021

Fedora Project

  • Jitka Plesnikova kindly reviewed and approved my perl-File-TreeCreate package submission

  • Updated proftpd to 1.3.7c in F-33, F-34, F-35, Rawhide and EPEL-8 playground:

    • Improve mod_tls log messages for unsupported older TLS protocol requests (GH#1273)

    • Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)

    • Properly handle <VirtualHost> sections that use interface/device names (GH#1282)

    • PCRE expressions with capture groups are not being handled properly (GH#1300)

    • AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop (GH#1307)

Local Packages

  • Updated proftpd to 1.3.7c as per the Fedora version

  • Updated proftpd (1.3.8) to 1.3.8rc2, building with libidn2 support:

    • mod_sftp crashes when handling aes256-ctr OpenSSH-specific key with some old OpenSSL versions (Bug #4401)

    • Improve mod_tls log messages for unsupported older TLS protocol requests (GH#1273)

    • Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)

    • Properly handle <VirtualHost> sections that use interface/device names (GH#1282)

    • mod_ifsession failed to reset directory config lookup after <Directory> section merges (Bug #4315)

    • Support <Limit> configurations for HELP command (GH#1296)

    • PCRE expressions with capture groups are not being handled properly (GH#1300)

    • AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop (GH#1307)

    • Add support for the libidn2 library, over libidn, for e.g. mod_rewrite mappings (GH#1286)

    • Changed the default behaviour of mod_tls, such that TLS renegotiations on control/data connections are not requested by default - TLS renegotiations have a long and sordid history; many SSL/TLS libraries no longer implement them, or disable them by default (Bug #4443)

    • mod_auth_otp should honour RequireTableEntry semantics for SFTP logins (GH#1319)

Previous Month: July 2021
Next Month: September 2021

Recent