Paul's Blog Entries for December 2022
Thursday 1st December 2022
Local Packages
Rebuilt perl-Compress-Raw-Lzma (2.201) in Rawhide for xz 5.2.9
Updated xz to version 5.2.9 in Rawhide (see NEWS for details)
Friday 2nd December 2022
Fedora Project
Updated perl-Path-Tiny to 0.144 in Rawhide:
Fixed tilde expansion tests where ~root expands to '/'
Local Packages
Updated perl-Data-Alias to 1.27:
- Fix localized alias-assignment to previously non-existing hash element
- Avoid testing threading on broken perl versions
- Fix certain linker errors by making sure perl's global variables are accessed through their accessor functions when applicable
- Fix compile error when using perl 5.37.2 or later
- Improve diagnostic output from tests
Updated perl-Net-Server to 2.012:
Default to IO::Socket::IP with continued fallback to IO::Socket::INET6
Add double_reverse_lookups configuration and code
Clean up hostname lookup under both IO::Socket::IP and IO::Socket::INET6
Change SSL to use IO::Socket::SSL SSL_startHandshake
- Fix semaphore release
- Update various POD issues
Finally add register_child method, called if a child process is started
Bugfix Net::Server::PSGI
- Allow groups to be comma separated
Allow . in usernames and groups
- Allow space in config file values
Retro-actively acknowledge that 2.008 changed default Net::Server::HTTP type to PreFork (and update docs)
- Fix Location bounce with other status set
Return status 400 under request_denied_hook in Net::Server::HTTP
- More code/documentation typo fixes
Add /simple routes to HTTP and PSGI echo handlers for doing static request samples
Updated perl-Path-Tiny to 0.144 as per the Fedora version
Saturday 3rd December 2022
Fedora Project
Updated perl-MCE to 1.882 in Rawhide:
Added ABRT to the list of signals to trap in MCE::Signal
Added a guard to MCE::Core::Worker for checking if exited prematurely
Added init_relay and use_threads import options to MCE and MCE Models
- Separated input mutexes from the rest of IPC for lesser latency
Auto-detect if init_relay is defined and set chunk_size to 1 in MCE::Grep, MCE::Map, and MCE::Stream
Update the import function in MCE models, detecting if the caller is another MCE module, to not export model functions
Update the error status if MCE::Child died due to receiving a signal
Improved reaping in MCE::Child, before creating a new child
Improved the timeout handler in MCE::Child and MCE::Mutex::Channel
Fixed private functions _quit and _trap not setting the return value
Updated perl-MCE-Shared to 1.879 in Rawhide:
Update the error status if MCE::Hobo died due to receiving a signal
Improved the timeout handler in MCE::Hobo and MCE::Shared::Condvar
Fixed private functions _quit and _trap not setting the return value
Local Packages
Updated perl-MCE to 1.882 as per the Fedora version
Updated perl-MCE-Shared to 1.879 as per the Fedora version
Updated perl-Net-Server to 2.013:
Update MANIFEST for missing files (CPAN RT#145285)
Add Net::Server::Thread personality
Monday 5th December 2022
Fedora Project
Updated proftpd to 1.3.8 in Rawhide and EPEL-9 (see RELEASE_NOTES for details)
Also updated mod_vroot to 0.9.11:
Addresses a bad interaction with mod_auth_file, and failed login attempts, which can lead to inexplicably "stuck" processes that cannot be terminated (GH#1384)
Updated proftpd to 1.3.7f in F-35, F-36 and F-37
Also updated mod_vroot to 0.9.11 as per the Rawhide version
Local Packages
Updated proftpd to 1.3.8 (and mod_vroot to 0.9.11) as per the Fedora version
Tuesday 6th December 2022
Fedora Project
Updated perl-Perl-Critic to 1.144 in Rawhide:
Perl::Critic now requires Perl 5.10.1
- New features
The ProhibitAugmentedAssignmentInDeclaration policy now allows augmented assignments to "our" variables, if the allow_our option is enabled (GH#993)
ProhibitExplicitISA now recommends "use parent" instead of "use base" (GH#987)
RequireUseWarnings now recognizes that "use v5.36" implies warnings (GH#984)
Subroutines::ProhibitNestedSubs now allows that lexical subroutines can be inside other subroutines (GH#946, GH#971, GH#972)
RequireUseStrict now knows that Test::Spec enables it (GH#906)
ProhibitUnusedCapture now understands @{^CAPTURE} and %{^CAPTURE_ALL} that were added in Perl 5.26.0 (GH#778)
Allow numeric operators on special number strings 'NaN' and 'inf' (GH#803)
- Fixes
- Internals
- Updated to using Perl 5.10.1; starting migrating to Perl 5.10-isms like defined-or
- Documentation
Updated some outdated docs in Perl::Critic::Utils (GH#951)
Local Packages
Updated perl-Perl-Critic to 1.144 as per the Fedora version
Wednesday 7th December 2022
Fedora Project
Updated perl-parent to 0.239:
Harden against changes to require error messages: the '@INC contains' may change in a future release of perl; this hardens the test to be insensitive to the exact words chosen (https://github.com/Perl/perl5/pull/20547)
Local Packages
Updated perl-parent to 0.239 as per the Fedora version
Friday 9th December 2022
Local Packages
Updated perl-Module-Build to 0.4232:
Drop Pod::Man dependency for 5.8 compatibility
Monday 12th December 2022
Fedora Project
Updated perl-IO-Socket-SSL to 2.078 in Rawhide:
Revert decision from 2014 to not verify hostname by default if hostname is IP address but no explicit verification scheme given (GH#121)
Local Packages
Updated perl-IO-Socket-SSL to 2.078 as per the Fedora version
Updated perl-List-SomeUtils to 0.59:
Require Module::Implementation 0.04; without this tests fail (GH#11)
Rebuilt perl-Object-HashBase (0.009) using SPDX-format license tag
Updated perl-Test-Without-Module to 0.21:
- Harden test suite against changed error message coming with 5.38
Wednesday 14th December 2022
Local Packages
Updated perl-DateTime-TimeZone to 2.57:
- This release is based on version 2022g of the Olson database
- Contemporary changes for Greenland and Mexico
Updated perl-PPIx-Regexp to 0.086:
Add width(), which returns the number of characters matched
- Note that an indefinite upper boumd is represented as IEEE 754 Inf if that appears to be supported; otherwise by a singleton object overloaded to allow stringification, numification, and numeric tests
Use width() to enhance the detection of variable-width look-behinds
Serious clean-up on accepts_perl() subsystem
Rebuilt perl-Test-Output (1.033) using SPDX-format license tag
Friday 16th December 2022
Fedora Project
Updated perl-Sendmail-PMilter to 1.24 in Rawhide:
Make no reply to MTA from the abort callback: such replies seem to cause problems for Postfix (CPAN RT#145263)
Local Packages
Updated perl-Sendmail-PMilter to 1.24 as per the Fedora version
Sunday 18th December 2022
Fedora Project
Updated perl-Crypt-Curve25519 to 0.07 in Rawhide:
Fix compilation issues with fmul name clash
Local Packages
Updated perl-Crypt-Curve25519 to 0.07 as per the Fedora version
Updated perl-File-Slurper to 0.014:
- Always return an empty file as an empty string
Updated unrar to 6.20 beta 3
Wednesday 21st December 2022
Fedora Project
Rebuilt perl-Compress-Raw-Zlib (2.202) in Rawhide for zlib 1.2.13
Local Packages
Rebuilt perl-Compress-Raw-Zlib (2.202) as per the Fedora version
Rebuilt perl-IO-Compress (2.201) using SPDX-format license tag
Updated perl-Module-CoreList to 5.20221220:
- Updated for v5.37.7
Thursday 22nd December 2022
Fedora Project
Updated perl-Perl-Critic to 1.146 in Rawhide:
- New features
ProhibitBarewordDirHandles now checks for sysopen as well as open (GH#732)
Added a Dockerfile in the extras/ directory for those who want to run P::C in a container (GH#832)
Subroutines::ProhibitBuiltinHomonyms now can take an "allows" parameter to specify subroutines that won't violate the policy (GH#14, GH#932)
ProhibitStringyEval now allows package declarations in evals when allow_includes = true; this is a common way packages are declared (GH#908)
- Bug Fixes
Fixed some problems with how Perl::Critic determined scope (GH#793)
Fixed improper violation for lexical subroutines in Subroutines::ProhibitBuiltinHomonyms (GH#973, GH#955, GH#546)
ValuesAndExpressions::RequireNumberSeparators no longer complains if your version numbers do not have number separators in them (GH#856, GH#904)
Fixed a false positive with split() in ProhibitUnusedCapture (GH#888)
- Internals
We no longer use or need IO::String (GH#997)
- Removed requirements and mentions of modules no longer used:
Fatal
IO::String
IPC::Open2
Pod::Parser
Task::Weaken
Local Packages
Updated perl-Data-Alias to 1.28:
- Fix compatibility with perl 5.37.3 and later
Fix support for state-variables (alias state $x = ...)
Fix handling of negative literal array index (alias $x[-1] = ...)
Updated perl-Perl-Critic to 1.146 as per the Fedora version
Friday 23rd December 2022
Local Packages
Updated curl to 7.87.0:
curl: Add --url-query
CURLOPT_QUICK_EXIT: Don't wait for DNS thread on exit
lib: Add CURL_WRITEFUNC_ERROR to signal write callback error
- openssl: Reduce CA certificate bundle reparsing by caching
version: Add a feature names array to curl_version_info_data
- altsvc: Fix rejection of negative port numbers
aws_sigv4: Consult x-%s-content-sha256 for payload hash
aws_sigv4: Fix typos in aws_sigv4.c
base64: Better alloc size
base64: Encode without using snprintf
base64: Faster base64 decoding
build: Assume assert.h is always available
build: Assume errno.h is always available
c-hyper: CONNECT responses are not server responses
- c-hyper: Fix multi-request mechanism
- CI: Change FreeBSD image from 12.3 to 12.4
- CI: LGTM.com will be shut down in December 2022
CI: Remove zuul fuzzing job as it's superseded by CIFuzz
- cmake: Check for cross-compile, not for toolchain
cmake: Fix build with 'CURL_USE_GSSAPI'
- cmake: Really enable warnings with clang
- cmake: Set the soname on the shared library
cmdline-opts/gen.pl: Fix the linkifier
cmdline-opts/page-footer: Remove long option nroff formatting
config-mac: Define HAVE_SYS_IOCTL_H
config-mac: Fix typo: size_T → size_t
config-mac: Remove HAVE_SYS_SELECT_H
config-win32: Fix SIZEOF_OFF_T for MSVC and old MinGW
configure: Require fork for NTLM-WB
contributors.sh: Actually use $CURLWWW instead of just setting it
- cookie: Compare cookie prefixes case insensitively
- cookie: Expire cookies at once when max-age is negative
- cookie: Open cookie jar as a binary file
curl-openssl.m4: Do not add $prefix/include/openssl to CPPFLAGS
curl-rustls.m4: On macOS, rustls also needs the Security framework
curl.h: Include <sys/select.h> on SerenityOS
curl.h: Name all public function parameters
curl.h: Reword comment to not use deprecated option
curl: Override the numeric locale and set "C" by force
curl: Timeout in the read callback
curl_endian: Remove Curl_write64_le from header
curl_get_line: Allow last line without newline char
curl_path: Do not add '/' if homedir ends with one
curl_url_get.3: Remove spurious backtick
curl_url_set.3: Document CURLU_DISALLOW_USER
curl_url_set.3: Fix typo
CURLMOPT_SOCKETFUNCTION.3: Clarify CURL_POLL_REMOVE
CURLOPT_COOKIEFILE.3: Advice ⇒ advise
CURLOPT_DEBUGFUNCTION.3: Do not assume nul-termination in example
CURLOPT_DEBUGFUNCTION.3: Emphasize that incoming data is "raw"
CURLOPT_POST.3: Explain setting to 0 changes request type
docs/curl_ws_send: Fixed typo in websocket docs
docs/EARLY-RELEASE.md: How to determine an early release
docs/examples: Spelling correction ('Retrieve')
docs/INSTALL.md: Expand on static builds
docs/WEBSOCKET.md: Explain the URL use
docs: Add missing parameters for --retry flag
- docs: Add more "SEE ALSO" links to CA related pages
docs: Explain the noproxy CIDR notation support
- docs: Extend the dump-header documentation
docs: Remove performance note in CURLOPT_SSL_VERIFYPEER
examples/10-at-a-time: Fix possible skipped final transfers
- examples: Update descriptions
ftp: Support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
gen.pl: Do not generate CURLHELP bitmask lines > 79 characters
- GHA: Clarify workflows permissions, set least possible privilege
- GHA: NSS use clang instead of clang-9
gnutls: Use common gnutls init and verify code for ngtcp2
headers: Add endif comments
HTTP-COOKIES.md: Mention that http://localhost is a secure context
HTTP-COOKIES.md: Update the 6265bis link to draft-11
http: Do not send PROXY more than once
http: Fix the ::1 comparison for IPv6 localhost for cookies
http: Set 'this_is_a_follow' in the Location: logic
http: Use the IDN decoded name in HSTS checks (CVE-2022-43551)
hyper: Classify headers as CONNECT and 1XX
hyper: Fix handling of hyper_task-s when reusing the same address
idn: Remove Curl_win32_ascii_to_idn
INSTALL: Update operating systems and CPU archs
KNOWN_BUGS: Remove eight entries
lib1560: Add some basic IDN host name tests
lib: Connection filters (cfilter) addition to curl
lib: Feature deprecation warnings in gcc ≥ 4.3
- lib: Fix some type mismatches and remove unneeded typecasts
- lib: Parse numbers with fixed known base 10
lib: Remove bad set.opt_no_body assignments
lib: Rewind before request instead of after previous
lib: Sync guard for Curl_getaddrinfo_ex() definition and use
lib: Use size_t or int etc. instead of longs
libcurl-errors.3: Remove duplicate word
libssh2: Return error when ssh_hostkeyfunc returns error
limit-rate.d: See also --rate
log2changes.pl: Wrap long lines at 80 columns
Makefile.mk: Address minor issues
Makefile.mk: Improve a GNU Make hack
Makefile.mk: Portable Makefile.m32
maketgz: Set the right version in `lib/libcurl.plist
- mime: Relax easy/mime structures binding
- misc: Fix incorrect spelling
- misc: Remove duplicated include files
- misc: Typo and grammar fixes
negtelnetserver.py: Have it call its close() method
netrc.d: Provide mutext info
- netware: Remove leftover traces
- noproxy: Also match with adjacent comma
- noproxy: Guard against empty hostnames in noproxy check
- noproxy: Tailmatch like in 7.85.0 and earlier
nroff-scan.pl: Detect double highlights
ntlm: Improve comment for encrypt_des
ntlm: Silence ubsan warning about copying from null target_info pointer
openssl/mbedtls: Use %d for outputting port with failf (int)
- openssl: Prefix errors with '[lib]/[version]: '
os400: Use platform socklen_t in Curl_getnameinfo_a
- page-header: Grammar improvement (display transfer rate)
proxy: Refactor haproxy protocol handling as connection filter
README.md: Remove badges and xmas-tree garnish
- rtsp: Fix RTSP auth
runtests: --no-debuginfod now disables DEBUGINFOD_URLS
runtests: Do CRLF replacements per section only
scripts/checksrc.pl: Detect duplicated include files
sendf: Change Curl_read_plain to wrap Curl_recv_plain
sendf: Remove unnecessary if condition
setup: Do not require __MRC__ defined for Mac OS 9 builds
smb/telnet: Do not free the protocol struct in *_done() (CVE-2022-43552)
socks: Fix username max size is 255 (0xFF)
spellcheck.words: Remove 'github' as an accepted word
ssl-reqd.d: Clarify that this is for upgrading connections only
strcase: Use curl_str(n)equal for case insensitive matches
styled-output.d: This option does not work on Windows
system.h: Fix socklen_t, curl_off_t, long long for Classic Mac OS
system.h: Support 64-bit curl_off_t for NonStop 32-bit
test1421: Fix typo
test3026: Reduce runtime in legacy mingw builds
tests/sshserver.pl: Re-enable ssh-rsa while using openssh 8.8+
tests: Add authorityInfoAccess to generated certs
- tests: Add HTTP/3 test case, custom location for proper nghttpx
- tls: Backends use connection filters for IO, enabling HTTPS-proxy
tool: Determine the correct fopen option for -D
tool_cfgable: Free the ssl_ec_curves on exit
tool_cfgable: Make socks5_gssapi_nec a boolean
tool_formparse: Avoid clobbering on function params
tool_getparam: Make --no-get work as the opposite of --get
tool_operate: Provide better errmsg for -G with bad URL
tool_operate: When aborting, make sure there is a non-NULL error buffer
tool_paramhlp: Free the proto strings on exit
- url: Move back the IDN conversion of proxy names
urlapi: Reject more bad letters from the host name: &+()
urldata: Change port num storage to int and unsigned short
vms: Remove SIZEOF_SHORT
- vtls: Fix build without proxy support
- vtls: Localization of state data in filters
WEBSOCKET.md: Fix broken link
- Websocket: Fixes for partial frames and buffer updates
- websockets: Fix handling of partial frames
- windows: Fail early with a missing windres in autotools
windows: Fix linking .rc to shared curl with autotools
winidn: Drop WANT_IDN_PROTOTYPES
- ws: If no connection is around, return error
ws: Return CURLE_NOT_BUILT_IN when websockets not built in
x509asn1: Avoid freeing unallocated pointers
I added a patch to fix the test certificates for EL-9 compatibility (GH#10135, GH#10153)
Monday 26th December 2022
Fedora Project
Updated perl-JSON-PP to 4.14:
Break up 099_binary.t into 16 pieces that can be tested in parallel (GH#80)
Local Packages
Updated dovecot (2.3.x):
- Updated dovecot to 2.3.20:
Add dsync_features=no-header-hashes
When this setting is enabled and one dsync side doesn't support mail GUIDs (i.e. imapc), there is no fallback to using header hashes; instead, dsync assumes that all mails with identical IMAP UIDs contains the same mail contents, which can significantly improve dsync performance with some IMAP servers that don't support caching Date/Message-ID headers
lua: HTTP client has more settings now (see https://doc.dovecot.org/admin_manual/lua/#dovecot.http.client)
- replicator: "doveadm replicator status" command now outputs when the next sync is expected for the user
LAYOUT=index: Duplicate GUIDs were not cleaned out; also, the list recovery was not optimal
- auth: Assert crash would occur when iterating multiple userdb backends
director: Logging into director using master user with auth_master_user_separator character redirected user to a wrong backend, unless master_user_separator setting was also set to the same value; merged these into auth_master_user_separator
- dsync: Couldn't always fix folder GUID conflicts automatically with Maildir format; this resulted in replication repeatedly failing with "Remote lost mailbox GUID"
dsync: Failed to migrate INBOX when using namespace prefix=INBOX/, resulting in "Remote lost mailbox GUID" errors
dsync: INBOX was created too early with namespace prefix=INBOX/, resulting in a GUID conflict; this may have been resolved automatically, but not always
dsync: v2.3.18 regression: Wrong imapc password with dsync caused Panic: file lib-event.c: line 506 (event_pop_global): assertion failed: (event == current_global_event)
imapc: Requesting STATUS for a mailbox with imapc and INDEXPVT configured did not return correct (private) unseen counts
- lib-dict: Process would crash when committing data to redis without dict proxy
lib-mail: Corrupted cached BODYSTRUCTURE caused panic during FETCH (v2.3.13 regression)
Fixes: Panic: file message-part-data.c: line 579 (message_part_is_attachment): assertion failed: (data != NULL)
lib-storage: mail_attribute_dict with dict-sql failed when it tried to lookup empty dict keys
lib: ioloop-kqueue was missing include, breaking some BSD builds
- lua-http: Dovecot Lua HTTP client could not resolve DNS names in mail processes, because it expected "dns-client" socket to exist in the current directory
oauth2: Using %{oauth2:name} variables could cause useless introspections
pop3: Sending POP3 command with ':' character caused an assert-crash (v2.3.18 regression)
- replicator: Replication queue had various issues, potentially causing replication requests to become stuck
stats: Invalid Prometheus label names were created with specific histogram group_by configurations; Prometheus rejected these labels
- Updated pigeonhole to 0.5.20:
- No changes - release done to keep version numbers synced
- Updated dovecot to 2.3.20:
Updated perl-JSON-PP to 4.14 as per the Fedora version
Tuesday 27th December 2022
Fedora Project
Updated perl-Finance-Quote to 1.54 in F-36, F-37, Rawhide and EPEL-9:
Updated perl-JSON-PP to 4.15 in Rawhide:
Fix core bool test to not ignore errors (GH#82)
Local Packages
Updated perl-JSON-PP to 4.15 as per the Fedora version
Wednesday 28th December 2022
Fedora Project
Updated perl-MIME-Types to 2.24 in Rawhide:
- IANA updates
vnd.gentoo officially took 'tar' and 'tbz2', but 'application/x-tar' resp 'x-gtar' prevails
Local Packages
Updated perl-MIME-Types to 2.24 as per the Fedora version
Thursday 29th December 2022
Local Packages
Updated perl-Search-Elasticsearch to 8.00:
- Stable release for Elasticsearch 8.5
Friday 30th December 2022
Fedora Project
Updated perl-JSON-PP to 4.16 in Rawhide:
Drop support for perls < 5.8 (GH#84)
Local Packages
Updated perl-IO-Zlib to 1.12:
- Use a distinct test file, with pid in it, for each test
Updated perl-JSON-PP to 4.16 as per the Fedora version
Saturday 31st December 2022
Local Packages
Updated perl-Net-DNS to 1.36:
- Adopt JSON as presentation notation for EDNS options
Zero packet->id not allowed in outbound packet
Remove deprecated 2-argument TSIG->create() method
- Revise TSIG test scripts and documentation
Previous Month: November 2022
Next Month: January 2023