Paul's Blog Entries for August 2021
Monday 2nd August 2021
Local Packages
Updated perl-DBD-SQLite to 1.70:
Updated perl-Type-Tiny to 1.012004:
Fixed typo in Types::Standard documentation where StrMatch regexp parameter didn't use qr// properly
Tuesday 3rd August 2021
Fedora Project
Merged PR#1 for perl-Algorithm-C3 (Package tests) and built the package (version 0.11) in Rawhide
Updated perl-Software-License to 0.104001 in Rawhide:
- Update the text of Artistic License 1.0 to match upstream source
- When using Apache 2.0, replace year and copyright holder
- Improve guessing at CC0
- Update author contact info
Documentation tweaks about non-core licenses and the use of guess_license_from_pod
Add "program" and "Program" arguments; this allows text generation like "CoolClient is license..." instead of "This software is..."
Local Packages
Updated perl-HTTP-Tiny to 0.078:
Added a 'patch' helper method for the HTTP 'PATCH' verb
If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY replaces HTTP_PROXY
- Unsupported scheme errors early without giving an uninitialized value warning first
Sends Content-Length: 0 on empty body PUT/POST; this is not in the spec, but some servers require this
- Allows optional status line reason, as clarified in RFC 7230
Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that SSL reads can also send writes as a side effect
- Check if a server has closed a connection before preserving it for reuse
Clarified documentation that exceptions/errors result in 599 status codes
Optional IO::Socket::IP prereq must be at least version 0.32 to be used; this ensures correct timeout support
Updated perl-Software-License to 0.104001 as per the Fedora version
Friday 6th August 2021
Fedora Project
Hirotaka Wakabayashi kindly reviewed and approved my perl-Date-Range package submission
Local Packages
Updated perl-Date-Range (1.41) to make Date::Simple a run-time dependency, not just a test dependency (Bug #1977229)
Saturday 7th August 2021
Fedora Project
Imported and built perl-Date-Range (1.41) for F-33, F-34, Rawhide, EPEL-7 and EPEL-8
Sunday 8th August 2021
Fedora Project
Updated perl-Finance-Quote to 1.51 in Rawhide:
New modules: CurrencyRates
Updated modules: ASX, TIAA-CREF, Fool, Currencies
- Corrected some POD issues (thanks to the Debian Perl Group)
Fix bugs in t/fq-object-methods.t
Add code to hide warning in t/currency_lookup.t
Monday 9th August 2021
Local Packages
Updated dovecot:
Updated dovecot to 2.3.16:
Any unexpected exit() will now result in a core dump; this can especially help notice problems when a Lua script causes exit(0)
auth-worker process is now restarted when the number of auth requests reaches service auth-worker { service_count }; the default is still unlimited
Event improvements: Added data_stack_grow event and http-client category; see https://doc.dovecot.org/admin_manual/list_of_events/
oauth2: Support RFC 7628 openid-configuration element, which allows clients to support OAUTH2 for any server, not just a few hardcoded servers like they do now (see openid_configuration_url setting in dovecot-oauth2.conf.ext)
mysql: Single statements are no longer enclosed with BEGIN/COMMIT
dovecot-sysreport --core supports multiple core files now and does not require specifying the binary path
imapc: When imap_acl plugin is loaded and imapc_features=acl is used, IMAP ACL commands are proxied to the remote server; see https://doc.dovecot.org/configuration_manual/mail_location/imapc/
dict-sql now supports the "UPSERT" syntax for SQLite and PostgreSQL
imap: If IMAP client disconnects during a COPY command, the copying is aborted, and changes are reverted; this may help to avoid many email duplicates if client disconnects during COPY and retries it after reconnecting
master process was using 100% CPU if service attempted to create more processes due to process_min_avail, but process_limit was already reached (v2.3.15 regression)
- Using attachment detection flags wrongly logged unnecessary "Failed to add attachment keywords" errors (v2.3.13 regression)
IMAP QRESYNC: Expunging UID 1 mail resulted in broken VANISHED response, which could have confused IMAP clients (v2.3.13 regression)
imap: STORE didn't send untagged replies for \Seen changes for (shared) mailboxes using INDEXPVT (v2.3.10 regression)
rawlog_dir setting would not log input that was pipelined after authentication command
- Fixed potential infinite looping with autoexpunging
- Log event exporter: Truncate long fields to 1000 bytes
LAYOUT=index: ACL inheritance didn't work when creating mailboxes
Event filters: Unquoted '?' wildcard caused a crash at startup
fs-metawrap: Fix to handling zero sized files
imap-hibernate: Fixed potential crash at de-init
acl: dovecot-acl-list files were written for acl_ignore_namespaces
program-client (used by Sieve extprograms, director_flush_socket) may have missed status response from UNIX and network sockets, resulting in unexpected failures
Updated pigeonhole to 0.5.16:
.dovecot.sieve.log file now includes year in the header
- Change Sieve script result execution to delay definitive action execution to the end of a successful Sieve script execution session, which is part of an effort to solve problems with the Sieve duplicate test; as a side-effect, some rare temporary-error cases yield different results, in which partial failure is more likely
Updated nmap to 7.92 (see CHANGELOG for details)
Tuesday 10th August 2021
Fedora Project
Updated perl-Apache-Session-Browseable to 1.3.9 in Rawhide:
Return number of deleted rows when called in array context (https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2428)
Local Packages
Updated c-ares to 1.17.2:
- Security:
NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on systems where malloc(0) returns NULL, which would cause a crash
When building c-ares with CMake, the RANDOM_FILE would not be set and therefore downgrade to the less secure random number generator
If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause a crash
Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response
- Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
- Perform validation on hostnames to prevent possible XSS due to applications not performing validation themselves
- Changes:
Use non-blocking /dev/urandom for random data to prevent early startup performance issues
- z/OS port
ares_malloc(0) is now defined behaviour (returns NULL) rather than system-specific to catch edge cases
- Bug fixes:
- Fuzz testing files were not distributed with official archives
- Building tests should not force building of static libraries except on Windows
Windows builds of the tools would fail if built as static due to a missing CARES_STATICLIB definition
- Relative headers must use double quotes to prevent pulling in a system library
Fix OpenBSD building by implementing portability updates for including arpa/nameser.h
- Fix building out-of-tree for autotools
make install on MacOS/iOS with CMake was missing the bundle destination so libraries weren't actually installed
- Fix retrieving DNS server configuration on MacOS and iOS if the configuration did not include search domains
ares_parse_a_reply and ares_parse_aaaa_reply were erroneously using strdup() instead of ares_strdup()
Updated perl-Search-Elasticsearch to 7.714:
- Stable release for Elasticsearch 7.14
Monday 16th August 2021
Local Packages
Branched the development repository for Fedora 35
Updated schily to 2021.08.14
Tuesday 17th August 2021
Fedora Project
Updated perl-IO-Socket-SSL to 2.072 in F-35 and Rawhide:
Local Packages
Updated perl-IO-Socket-SSL to 2.072 as per the Fedora version
Monday 23rd August 2021
Local Packages
Updated perl-Module-CoreList to 5.20210820:
- Updated for v5.35.3
Updated sendmail to 8.17.1 (see release announcement for details)
Friday 27th August 2021
Fedora Project
Submitted a review request for a perl-File-TreeCreate package (version 0.0.1)
Local Packages
New package perl-File-TreeCreate (0.0.1)
Updated perl-File-Find-Object to 0.3.6:
Split File::TreeCreate off to its own distribution
Updated perl-File-Find-Object-Rule to 0.0313:
Split File::TreeCreate off to its own distribution
Updated perl-Test-TrailingSpace to 0.0601:
Split File::TreeCreate off to its own distribution
Monday 30th August 2021
Fedora Project
Updated libssh2 to 1.10.0 in F-35 and Rawhide:
- Adds agent forwarding support
- Adds OpenSSH Agent support on Windows
- Adds ECDSA key support using the Mbed TLS backend
- Adds ECDSA cert authentication
Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 key exchanges
Adds support for PKIX key reading when using ed25519 with OpenSSL
Adds support for EWOULDBLOCK on VMS systems
- Adds support for building with OpenSSL 3
- Adds support for using FIPS mode in OpenSSL
- Adds debug symbols when building with MSVC
- Adds support for building on the 3DS
- Adds unicode build support on Windows
- Restores os400 building
Increases min, max and opt Diffie Hellman group values
Improves portability of the make file
- Improves timeout behaviour with 2FA keyboard auth
- Various improvements to the Wincng backend
- Fixes reading partial packet replies when using an agent
- Fixes Diffie Hellman key exchange on Windows 1903+ builds
- Fixes building tests with older versions of OpenSSL
- Fixes possible multiple definition warnings
Fixes potential cast issues in _libssh2_ecdsa_key_get_curve_type() & Fixes potential use after free if libssh2_init() is called twice
- Improved linking when using Mbed TLS
Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
- Fixes crash when loading public keys with no id
- Fixes possible out of bounds read when exchanging keys
- Fixes possible out of bounds read when reading packets
- Fixes possible out of bounds read when opening an X11 connection
- Fixes possible out of bounds read when using ECDH host keys
- Fixes possible hang when trying to read a disconnected socket
- Fixes a crash when using the delayed compression option
- Fixes read error with large known host entries
- Fixes various warnings
- Fixes various small memory leaks
- Improved error handling, various detailed errors will now be reported
- Builds are now using OSS-Fuzz
Builds now use autoreconf instead of a custom build script
cmake now respects install directory
- Improved CI backend
Updated HACKING-CRYPTO documentation
- Use markdown file extensions
- Improved unit tests
Local Packages
Updated libssh2 to 1.10.0 as per the Fedora version
Tuesday 31st August 2021
Fedora Project
Jitka Plesnikova kindly reviewed and approved my perl-File-TreeCreate package submission
Updated proftpd to 1.3.7c in F-33, F-34, F-35, Rawhide and EPEL-8 playground:
Improve mod_tls log messages for unsupported older TLS protocol requests (GH#1273)
Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)
Properly handle <VirtualHost> sections that use interface/device names (GH#1282)
PCRE expressions with capture groups are not being handled properly (GH#1300)
AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop (GH#1307)
Local Packages
Updated proftpd to 1.3.7c as per the Fedora version
Updated proftpd (1.3.8) to 1.3.8rc2, building with libidn2 support:
mod_sftp crashes when handling aes256-ctr OpenSSH-specific key with some old OpenSSL versions (Bug #4401)
Improve mod_tls log messages for unsupported older TLS protocol requests (GH#1273)
Fix memory disclosure to RADIUS servers by mod_radius (GH#1284)
Properly handle <VirtualHost> sections that use interface/device names (GH#1282)
mod_ifsession failed to reset directory config lookup after <Directory> section merges (Bug #4315)
Support <Limit> configurations for HELP command (GH#1296)
PCRE expressions with capture groups are not being handled properly (GH#1300)
AuthUserFile permissions check fails during SIGHUP, causing ProFTPD to stop (GH#1307)
Add support for the libidn2 library, over libidn, for e.g. mod_rewrite mappings (GH#1286)
Changed the default behaviour of mod_tls, such that TLS renegotiations on control/data connections are not requested by default - TLS renegotiations have a long and sordid history; many SSL/TLS libraries no longer implement them, or disable them by default (Bug #4443)
mod_auth_otp should honour RequireTableEntry semantics for SFTP logins (GH#1319)
Previous Month: July 2021
Next Month: September 2021