Paul's Blog Entries for November 2021
Monday 1st November 2021
Local Packages
Updated davfs2 to 1.6.1:
configure.ac: Add Neon version 0.32
mount.davfs.c, get_options: Ignore all unknown options
mount_davfs.c, write_mtab_entry: Add option _netdev to utab-entry
Updated getmail to 5.16:
Add new use_netrc and netrc_file configuration options to support reading username/password from a .netrc file
- Documentation updates
Updated mcrcon to 0.7.2:
- Quit gracefully when Ctrl-D or Ctrl+C is pressed
Remove "exit" and "quit" as quitting commands (these are actual rcon commands on some servers)
Suppress compiler warning (strncpy)
- Fix erroneous string length in packet building function
Fix typo in ANSI escape sequence for LCYAN
Make stdout and stderr unbuffered
Updated perl-Moose to 2.2200:
Replaced all uses of Sub::Name with Sub::Util, since the latter is part of core as of Perl 5.22
Friday 5th November 2021
Local Packages
Updated perl-Net-SSLeay (development repo only) to the development release 1.91_01 (see Changes for details)
Sunday 7th November 2021
Local Packages
Updated libgpg-error to 1.43 (https://dev.gnupg.org/T5352):
Fix for building against GNU libc 2.34 (https://dev.gnupg.org/T5547)
Fix build problems on macOS (https://dev.gnupg.org/T5440, https://dev.gnupg.org/T5610)
Fix gpgrt-config problems (https://dev.gnupg.org/T5381, https://dev.gnupg.org/T5595)
Fix gpgrt_free for legacy platforms
Fix truncation of error message in the middle of a character (https://dev.gnupg.org/T5048)
Fix the --disable-threads configure options (https://dev.gnupg.org/T5495)
- Improve lock-obj generation for cross-builds
Improve cross-builds (https://dev.gnupg.org/T5365)
Improve gpgrt_wait_processes (https://dev.gnupg.org/T5381)
- Allow config files to read values from the Windows Registry and from envvars
- Update the Russian and Czech translations
Updated perl-HTTP-Tiny to 0.080:
Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD environment variable is set and CGI_HTTP_PROXY is not
Updated perl-Moose to 2.2201:
Remove remaining traces of Sub::Name
Monday 8th November 2021
Fedora Project
Updated perl-Math-GMP to 2.23 in Rawhide:
Add support for bmulf() to multiply by a floating point number
Add support for bnok() (Binomial)
Wednesday 10th November 2021
Fedora Project
Updated perl-Finance-Quote (1.51) in F-35 and Rawhide to add explicit dependency on perl(LWP::Protocol::https) (Bug #2021755)
Updated python-crypto (2.6.1) in Rawhide to fix Python 3.11 compatibility (Bug #2021808)
Local Packages
Updated curl to 7.80.0:
CURLOPT_MAXLIFETIME_CONN: Maximum allowed lifetime for conn reuse
CURLOPT_PREREQFUNCTION: Add new callback
libssh2: Add SHA256 fingerprint support
urlapi: Add curl_url_strerror()
urlapi: Support UNC paths in file: URLs on Windows
- wolfssl: Allow setting of groups/curves
.github: Retry macos "brew install" command on failure
aws-sigv4: Make signature work when post data is binary
BINDINGS: URL updates
build: Remove checks for WinSock 1
c-hyper: Don't abort CONNECT responses early when auth-in-progress
c-hyper: Make Curl_http propagate errors better
c-hyper: Make CURLOPT_SUPPRESS_CONNECT_HEADERS work
- c-hyper: Make test 217 run
c-hyper: Use hyper_request_set_uri_parts to make h2 better
checksrc: Ignore preprocessor lines
CI/makefiles: Introduce dedicated test target
- ci: Update Lift config to match requirements of curl build
- cirrus: Remove FreeBSD 11.4 from the matrix
cirrus: Switch to openldap24-client
cleanup: constify unmodified static structs
cmake: Add CURL_ENABLE_SSL option
cmake: Fix error getting LOCATION property on non-imported target
cmake: Restore support for SecureTransport on iOS
cmake: With OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
cmdline-opts: Made the 'Added:' field mandatory
configure.ac: Replace krb5-config with pkg-config
configure: When hyper is selected, deselect nghttp2
connect: Use sysaddr_un from sys/un.h or custom-defined for Windows
curl-confopts.m4: Remove --enable/disable-hidden-symbols
curl-openssl.m4: Modify library order for openssl linking
curl-openssl: Pass argument to sed single-quoted
curl.1: Remove mentions of really old version changes
curl: Actually append "-" to --range without number only
curl: Correct grammar in generated libcurl code
- curl: Print help descriptions in an aligned right column
curl_gssapi: Fix link error on macOS Monterey
curl_multi_socket_action.3: Add a "RETURN VALUE" section
curl_ntlm_core: Use OpenSSL only if DES is available
Curl_updateconninfo: Store addresses for QUIC connections too
CURLOPT_ALTSVC_CTRL.3: Mention conn reuse is preferred
CURLOPT_HSTSWRITEFUNCTION.3: Using CURLOPT_HSTS_CTRL is required
CURLOPT_HTTPHEADER.3: Add description for specific headers
docs/HTTP3: Improve build instructions
docs/Makefile.am: Repair 'make html'
docs: Fix typo in CURLOPT_TRAILERFUNCTION example
docs: Provide "RETURN VALUE" section for more function manpages
- docs: Reduce use of "very"
doh: Remove experimental code for DoH with GET
examples/htmltidy: Correct wrong printf() use
examples/imap-append: Fix end-of-data check
ftp: Make the MKD retry to retry once per directory
gen.pl: Insert the current date and version in generated man page
gen.pl: Replace leading single quotes with \(aq
http2: Make getsock not wait for write if there's no remote window
- http3: Fix the HTTP/3 Explained book link
- http: Fix Basic auth with empty name field in URL
http: Reject HTTP response codes < 100
- http: Remove assert that breaks hyper
- http: Set content length earlier
http_proxy: Make hyper CONNECT() return the correct error code
http_proxy: Multiple CONNECT with hyper done better
- hyper: Disable test 1294 since hyper doesn't allow such crazy headers
hyper: Does not support disabling CURLOPT_HTTP_TRANSFER_DECODING
hyper: Pass the CONNECT line to the debug callback
- imap: Display quota information
INSTALL: Update symbol hiding option
lib/mk-ca-bundle.pl: Skip certs passed Not Valid After date
lib: Avoid fall-through cases in switch statements
libcurl.rc: Switch out the copyright symbol for plain ASCII
libssh2: Get the version at runtime if possible
limit-rate.d: This is average over several seconds
llist: Remove redundant code, branch will not be executed
Makefile.m32: Fix to not require OpenSSL with -libssh2 or -rtmp options
maketgz: Redirect updatemanpages.pl output to /dev/null
- man pages: Require all to use the same section header order
manpage: Adjust the asterisk in some SYNOPSIS sections
- md5: Fix compilation with OpenSSL 3.0 API
- misc: Fix a few issues on MidnightBSD
- misc: Fix typos in docs and comments
ngtcp2: Advertise h3 as well as h3-29
ngtcp2: Compile with the latest nghttp3
ngtcp2: Specify the missing required callback functions
ngtcp2: Use latest QUIC TLS RFC9001
NTLM: Use DES_set_key_unchecked with OpenSSL
openssl: If verifypeer is not requested, skip the CA loading
openssl: With OpenSSL 1.1.0+ a failed RAND_status means goaway
- Revert "src/tool_filetime: Disable -Wformat on mingw for this file"
- sasl: Binary messages
- schannel: Fix memory leak due to failed SSL connection
scripts/delta: Count command line options in the new file
sendf: Accept zero-length data in Curl_client_write()
- sha256: Use high-level EVP interface for OpenSSL
smooth-gtk-thread.c: Enhance the mutex lock use
- sws: Fix memory leak on exit
test1160: Edited to work with hyper
test1173: Make manpage-syntax.pl spot \n errors in examples
test1185: Verify checksrc
test1266/1267: Disabled on hyper: no HTTP/0.9 support
test1287: Make work on hyper
test207: Accept a different error code for hyper
test262: Don't attempt with hyper
test552: Updated to work with hyper
test559: Add 'HTTP' in keywords
tests/smbserver.py: Fix compatibility with impacket 0.9.23+
- tests: Add Schannel-specific tests and disable unsupported ones
- tests: Disable test 2043
- tests: Kill some test servers afterwards to avoid locked logfiles
tests: Use python3 in test 1451
tls: Remove newline from three infof() calls
tool_cb_prg: Make resumed upload progress bar show better
tool_listhelp: Easier generated with gen.pl
tool_main: Fix typo in comment
tool_operate: A failed etag save now only fails that transfer
URL-SYNTAX: Add IMAP UID SEARCH example
url: Check the return value of curl_url()
url: Set "k->size" -1 at start of request
urlapi: Skip a strlen(), pass in zero
- urlapi: URL decode percent-encoded host names
version_win32: Use actual version instead of manifested version
- vtls: Fix a memory leak if an SSL session cannot be added to the cache
- wolfssl: Use for SHA256, MD4, MD5, and setting DES odd parity
zuul: Pin the quiche build to use an older cmake-rs
I had to add a workaround for GSSAPI detection in Fedora 19 and Fedora 20, which have only krb5-config and no corresponding pkg-config file
Thursday 11th November 2021
Fedora Project
Updated python-crypto (2.6.1) in Rawhide to patch out the use of distutils, which will be going away in Python 3.12
Sunday 14th November 2021
Fedora Project
Updated curl (7.80.0) in Rawhide to add perl(Digest::SHA) as a build requirement, since it is now used by sshserver.pl in the test suite; this necessitated adding an upstream fix to skip a couple of SSH-related tests that fail when the back-end is libssh rather than libssh2
Local Packages
Updated curl (7.80.0) as per the Fedora version
Monday 15th November 2021
Fedora Project
Updated perl-Archive-Peek to 0.37 in Rawhide:
- Add repository metadata
Port from Moose to Moo and Type::Tiny
- Make prereqs more specific with respect to phase
- Add negative test
Local Packages
New package perl-Types-Path-Tiny (0.006)
Updated perl-Archive-Peek to 0.37 as per the Fedora version
Rebuilt sendmail (8.17.1) for updated libnsl2 in Rawhide
Tuesday 16th November 2021
Fedora Project
Updated perl-MCE to 1.875 in Rawhide:
Specify a percentage for max_workers (https://www.perlmonks.org/?node_id=11134439)
Added t/03_max_workers.t
Updated pperl-PPIx-QuoteLike to 0.019 in Rawhide:
Add CONRIBUTING file
Try to quell weird Win32 test failures that seem to occur only in tests where I am using 'use open' to put the standard handles into UTF-8 mode; the fix (hopefully) is to do this to the Test::Harness handles at run time instead of to the standard handles at compile time
Local Packages
Updated perl-MCE to 1.875 as per the Fedora version
Updated perl-PPIx-QuoteLike to 0.019 as per the Fedora version
Updated perl-Test2-Suite to 0.000142:
- Fix deprecation diagnostics
Fix older perls by removing //=
Updated unrar to 6.10 beta 2
Wednesday 17th November 2021
Fedora Project
Updated perl-Math-GMP to 2.24 in Rawhide:
Tests and better documentation for bnok() (Binomial)
Eliminate warning about not_here() in GMP.xs
Monday 22nd November 2021
Local Packages
Updated perl-Module-CoreList to 5.20211120:
- Updated for v5.35.6
Wednesday 24th November 2021
Fedora Project
Updated perl-Try-Tiny to 0.31 in Rawhide:
Plug Syntax::Keyword::Try and Feature::Compat::Try in the docs
Local Packages
Updated perl-Try-Tiny to 0.31 as per the Fedora version
Monday 29th November 2021
Fedora Project
Updated python-paramiko to 2.8.1 in Rawhide:
Fix listdir failure when server uses a locale (GH#985, GH#992); now on Python 2.7 SFTPAttributes will decode abbreviated month names correctly rather than raise 'UnicodeDecodeError'
Deleting items from '~paramiko.hostkeys.HostKeys' would incorrectly raise 'KeyError' even for valid keys, due to a logic bug (GH#1024)
Update RSA and ECDSA key decoding subroutines to correctly catch exception types thrown by modern versions of Cryptography (specifically 'TypeError' and its internal 'UnsupportedAlgorithm') (GH#1257, GH#1266); these exception classes will now become '~paramiko.ssh_exception.SSHException' instances instead of bubbling up
Update '~paramiko.pkey.PKey' and subclasses to compare ('__eq__') via direct field/attribute comparison instead of hashing (while retaining the existing behaviour of '__hash__' via a slight refactor) (GH#908)
Warning:
This fixes a security flaw! If you are running Paramiko on 32-bit systems with low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 that is running with 'PYTHONHASHSEED=0') it is possible for an attacker to craft a new keypair from an exfiltrated public key, which Paramiko would consider equal to the original key; this could enable attacks such as, but not limited to, the following:
- Paramiko server processes would incorrectly authenticate the attacker (using their generated private key) as if they were the victim; we see this as the most plausible attack using this flaw
- Paramiko client processes would incorrectly validate a connected server (when host key verification is enabled) while subjected to a man-in-the-middle attack; this impacts more users than the server-side version, but also carries higher requirements for the attacker, namely successful DNS poisoning or other MITM techniques
Local Packages
Updated perl-PPIx-Regexp to 0.082:
Add --version to eg/predump, and document all options with double dashes
Silence 'uninitialized' warning generated by /(?<=.{35})/
Try to quell weird Win32 test failures that seem to occur only in tests where I am using 'use open' to put the standard handles into UTF-8 mode; the fix (I hope) is to do this to the Test::Harness handles at run time instead of to the standard handles at compile time
Add file CONTRIBUTING
Previous Month: October 2021
Next Month: December 2021