Paul's Blog Entries for February 2023
Wednesday 1st February 2023
Fedora Project
Updated perl-String-Util to 1.33 in Rawhide:
Remove a bunch of old deprecated functions: crunch, cellfill, define, randword, fullchomp, randcrypt, equndef, neundef
- Update documentation
Updated perl-Sereal-Decoder, perl-Sereal-Encoder and perl-Sereal to 5.002 in Rawhide:
Fix up Decoder tests to run on perl 5.8, which has no defined-or
Ensure that Encoder depends on the correct version of the Decoder
- Test compatibility fixes when no perl is already installed
Add t/195_backcompat.t to check if the latest decoder will seamlessly handle reading output from older versions
- Test compatibility fixes with version 3 and earlier
Thursday 2nd February 2023
Fedora Project
Updated perl-String-Util to 1.34 in Rawhide:
- Re-release because the required Perl version was wrong
Friday 3rd February 2023
Fedora Project
Updated perl-Test-Simple to 1.302192 in Rawhide:
- Silence deprecation warning when testing smartmatch
Local Packages
Updated perl-Test-Simple to 1.302192 as per the Fedora version
Saturday 4th February 2023
Fedora Project
Updated proftpd (1.3.8) in Rawhide and EPEL-9 to ensure that mod_rewrite is linked against libidn2 so that it loads properly (Bug #2166454, GH#1590)
Local Packages
Updated proftpd (1.3.8) as per the Fedora version
Monday 6th February 2023
Fedora Project
Updated glib (1.2.10) in Rawhide to build in C89 mode (Bug #2167383)
Local Packages
Updated glib (1.2.10) as per the Fedora version
Wednesday 8th February 2023
Fedora Project
Updated perl-Sereal, perl-Sereal-Decoder and perl-Sereal-Encoder to 5.003 in Rawhide:
Update Miniz to 3.0.2, Zstd to 1.5.2 and Devel::CheckLib to 1.16 (note: the packaging uses the system versions of these)
- Assorted build fixes related to these updates
- OpenBSD build fixes
Local Packages
Updated metamail (2.7) to use SPDX-format license tag
Updated smf-sav (2.1) to support only systemd init, to use an SPDX-format license tag and to do a hardened build where possible
Updated smf-spf (2.0.2) to support only systemd init, to use an SPDX-format license tag and to do a hardened build where possible
Thursday 9th February 2023
Fedora Project
Updated perl-Compress-Raw-Lzma to 2.204 in F-38 and Rawhide:
Use GIMME_V instead of GIMME
Local Packages
Updated perl-Compress-Raw-Bzip2 to 2.204:
- Trim trailing spaces from bzip2-src
- Typo fixes
Use GIMME_V instead of GIMME
Cast isdigit argument as unsigned char
Updated perl-Compress-Raw-Lzma to 2.204 as per the Fedora version
Updated perl-Compress-Raw-Zlib to 2.204:
Update zlib sources to zlib-1.2.13
Use GIMME_V instead of the deprecated GIMME
Friday 10th February 2023
Fedora Project
Updated perl-IO-Compress-Lzma to 2.204 in F-38 and Rawhide (no functional changes)
Local Packages
Updated perl-IO-Compress to 2.204:
Update Gzip.pm POD
Allow Z_NULL
Updated perl-IO-Compress-Lzma to 2.204 as per the Fedora version
Updated perl-XML-LibXSLT to 2.002001:
Corrections and refactorings in Makefile.PL
Tuesday 14th February 2023
Fedora Project
Updated perl-parent to 0.240 in Rawhide:
Use Test::More::isnt() instead of Test::More::isn't in tests, which is deprecated, as ' isn't allowed as package separator in an upcoming version of Perl (GH#13)
Local Packages
- Branched the development repository for Fedora 38
Updated check (0.15.2) to add optional Fedora mingw packages from Fedora 38 onwards
Updated dovecot (2.3.20) to drop SHA1 OTP from F-39/EL-9 onwards
Updated perl-parent to 0.240 as per the Fedora version
Updated python2-nose (1.3.7) to use an SPDX-format license tag
Wednesday 15th February 2023
Fedora Project
Updated perl-parent to 0.241 in F-38 and Rawhide:
- Actually include the changes documented for version 0.240
Local Packages
Updated curl to 7.88.0:
curl.h: Add CURL_HTTP_VERSION_3ONLY
share: Add sharing of HSTS cache among handles (CVE-2023-23914)
src: Add --http3-only
tool_operate: Share HSTS between handles (CVE-2023-23915)
urlapi: Add CURLU_PUNYCODE
writeout: Add %{certs} and %{num_certs}
cf-socket: Fix build when not HAVE_GETPEERNAME
cf-socket: Keep sockaddr local in the socket filters
cfilters: Curl_conn_get_select_socks: Use the first non-connected filter
- CI: Add a workflow to automatically label pull requests
CI: Add pytest GHA to CI test/tests-httpd on a HTTP/3 setup
- CI: Retry failed downloads to reduce spurious failures
- CI: Update wolfssl / wolfssh to 5.5.4 / 1.4.12
- cmake: Bump requirement to 3.7
cmake: Check for sendmsg
cmake: Delete redundant macro definition 'SECURITY_WIN32'
- cmake: Fix dev warning due to mismatched arg
cmake: Fix the snprintf detection
- cmake: Remove deprecated symbols check
cmake: Set SOVERSION also for macOS
cmake: Use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS
cmdline-opts/Makefile: On error, do not leave a partial
CODEOWNERS: Remove the peeps mentioned as CI owners
connect: Fix access of pointer before NULL check
connect: Fix build when not ENABLE_IPV6
connect: Fix strategy testing for attempts, timeouts and happy-eyeball
- connections: Introduce http/3 happy eyeballs
content_encoding: Do not reset stage counter for each header (CVE-2023-23916)
CONTRIBUTE: More formally specify the commit description
cookies: fp is always not NULL
copyright.pl: Cease doing year verifications
- copyright: Update all copyright lines and remove year ranges
curl.1: Make help, version and manual sections "custom"
curl.h: Allow up to 10M buffer size
curl.h: Mark CURLSSLBACKEND_MESALINK as deprecated
curl/websockets.h: Extend the websocket frame struct
curl: Output warning at --verbose output for debug-enabled version
curl_free.3: Fix return type of 'curl_free'
curl_global_sslset.3: Clarify the openssl situation
curl_log: For failf/infof and debug logging implementations
curl_setup: Disable by default recv-before-send in Windows
curl_version_info.3: Fix typo
curl_ws_send.3: Clarify how to send multi-frame messages
CURLOPT_HEADERDATA.3: Warn DLL users must set write function
CURLOPT_READFUNCTION.3: The callback 'size' arg is always 1
CURLOPT_WRITEFUNCTION.3: Fix memory leak in example
dict: URL decode the entire path always
docs/DEPRECATE.md: Deprecate gskit
docs: Add link to GitHub Discussions
docs: Mention indirect effects of --insecure
docs: POSTFIELDSIZE must be set to -1 with read function
doh: ifdef IPv6 code
- easyoptions: Fix header printing in generation script
- escape: Hex decode with a lookup-table
escape: Use table lookup when adding %-codes to output
examples: Remove the curlgtk.c example
fopen: Remove unnecessary assignment
ftpserver: Lower the DATA connect timeout to speed up torture tests
GHA/macos.yml: Bump to gcc-12
GHA/macos: Use Xcode_14.0.1 for cmake builds
GHA: Add job on Slackware 15.0
GHA: Bump ngtcp2 workflow dependencies
GHA: Enable websockets in the torture job
GHA: Move the quiche job here from zuul
GHA: Use designated ngtcp2 and its dependencies versions
haxproxy: Send before TLS handshake
header.d: Add a header file example
hsts.d: Explain HSTS more
- hsts: Handle adding the same host name again
HTTP/[23]: Continue upload when state.drain is set
http2: Aggregate small SETTINGS/PRIO/WIN_UPDATE frames
http2: Fix compiler warning due to uninitialized variable
http2: Minor buffer and error path fixes
http2: When using printf %.*s, the length arg must be 'int'
HTTP3: Mention what needs to be in place to remove EXPERIMENTAL label
http: Add additional condition for including stdint.h
http: Decode transfer encoding first
http: Fix "part of conditional expression is always false"
http: Remove the trace message "Mark bundle... multiuse"
http_aws_sigv4: Remove typecasts from HMAC_SHA256 macro
http_proxy: Do not assign data->req.p.http, use local copy
INSTALL: Document how to use multiple TLS backends
lib670: Make test.h the first include
lib: connect/h2/h3 refactor
- lib: Fix typos
- lib: Fix typos in comments that repeat a word
libssh2: Try sha2 algos for hostkey methods
libtest: Add a sleep macro for Windows
- Linux CI: Update some dependencies to latest tag
Makefile.mk: Fix wolfssl and mbedtls default paths
man pages: Call the custom user pointer 'clientp' consistently
- md4: Fix build with GnuTLS + OpenSSL v1
- misc: Fix grammar and spelling
- misc: Fix spelling
- misc: Reduce struct and struct field sizes
- msh3: Add support for request payload
- msh3: Update to v0.5 Release
- msh3: Update to v0.6
- multi: Stop sending empty HTTP/3 UDP datagrams on Windows
multihandle: Turn bool struct fields into bits
ngtcp2: Add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl
ngtcp2: Fix the build without 'sendmsg'
ngtcp2: Replace removed define and stop using removed function
no-clobber.d: Only use long form options in man page text
noproxy: Support for space-separated names is deprecated
nss: Implement data_pending method
openldap: Fix missing sasl symbols at build in specific configs
openssl: Adapt to boringssl's error code type
openssl: Don't ignore CA paths when using Windows CA store (redux)
openssl: Don't log raw record headers
openssl: Make the BIO_METHOD a local variable in the connection filter
openssl: Only use CA_BLOB if verifying peer
openssl: Remove attached easy handles from SSL instances
openssl: Store the CA after first send (ClientHello)
os400: Fixes to make-lib.sh and initscript.sh
packages: Remove Android, update README
release-notes.pl: Check fixes/closes lines better
- Revert "x509asn1: avoid freeing unallocated pointers"
runtest.pl: Add expected fourth return value
runtests: Tear down http2/http3 servers when https server is stopped
runtests: Consider warnings fatal and error on them
runtests: Fix detection of TLS backends
runtests: Make 'mbedtls' a testable feature
rustls: Improve error messages
scripts/delta: Show percent of number of files changed since last tag
scripts: Fix Appveyor job detection in cijobs.pl
scripts: Set file mode +x on all perl and shell scripts
- sectransp: Fix for incomplete read/writes
SECURITY-PROCESS.md: Document severity levels
setopt: Address undefined behaviour by checking for null
setopt: Move the SHA256 opt within #ifdef libssh2
setopt: Use >, not >=, when checking if uarg is larger than uint-max
- smb: Return error on upload without size
- socketpair: Allow localhost MITM sniffers
strdup: Name it Curl_strdup
system.h: Assume OS400 is always built with ILEC compiler
test1560: Use a UTF8-using locale when run
test2304: Remove stdout verification
tests-httpd: Basic infra to run curl against an apache httpd
tests: Add 3 new HTTP/2 test cases, plus https: support for nghttpx
tests: Add tests for HTTP/2 and HTTP/3 to verify the header API
tests: Avoid use of sha1 in certificates
- tls: Fixes for wolfssl + openssl combo builds
tool_getparam: Fix hiding of command line secrets
tool_operate: Fix 'CURLOPT_SOCKS5_GSSAPI_NEC' type
tool_operate: Fix error codes during DOS filename sanitize
tool_operate: Fix error codes on bad URL and OOM
tool_operate: Fix headerfile writing
tool_operate: Repair --rate
transfer: Break the read loop when RECV is cleared
typecheck: Accept expressions for option/info parameters
- url: Fix part of conditional expression is always true
urlapi: Avoid Curl_dyn_addf() for hex outputs
urlapi: Fix part of conditional expression is always true: qlen
urlapi: Skip path checks if path is just "/"
urlapi: Skip the extra dedotdot alloc if no dot in path
urldata: Cease storing TLS auth type
urldata: Make 'ftp_create_missing_dirs' depend on FTP || SFTP
urldata: Make set.http200aliases conditional on HTTP being present
urldata: Move the cookefilelist to the 'set' struct
urldata: Remove unused struct fields, made more conditional
vquic: Stabilization and improvements
- vtls: Fix hostname handling in filters
vtls: Manage current easy handle in nested cfilter calls
- vtls: Use ALPN HTTP/1.0 when HTTP/1.0 is used
winbuild: Document that arm64 is supported
Windows: Always use curl's basename() implementation
- wolfssl: Remove deprecated post-quantum algorithms
workflows/linux.yml: Merge 3 common packages
write-out.d: Add 'since version' to %{header_json} documentation
write-out.d: Clarify Windows % symbol escaping
ws: Fix autoping handling
ws: Fix multiframe send handling
ws: Fix recv of larger frames
- ws: Remove bad assert
ws: Unstick connect-only shutdown
ws: Use %Ou for outputting curl_off_t with info()
x509asn1: Fix compile errors and warnings
- zuul: Stop using this CI service
I added a patch from Fedora to disable the upstream warnings-as-fatal behaviour in runtests.pl since the tests do actually generate some warnings that need to be fixed upstream
Updated perl-parent to 0.241 as per the Fedora version
Thursday 16th February 2023
Local Packages
Updated curl (7.88.0) to fix data corruption with some http/2 transfers (GH#10525)
Friday 17th February 2023
Local Packages
Cleaned up and rebuilt moin (1.9.11)
Sunday 19th February 2023
Fedora Project
Updated gtkwave to 3.3.114 in F-38 and Rawhide:
- Buffer overflow fixes in FST reader
Local Packages
Updated gtkwave to 3.3.114 as per the Fedora version
Monday 20th February 2023
Fedora Project
Updated perl-Package-DeprecationManager to 0.18 in F-38 and Rawhide:
Use Sub::Util instead of Sub::Name, which is part of Scalar-List-Utils, which itself is already a dependency (GH#3)
Local Packages
Updated curl to 7.88.1:
build-openssl.bat: Keep OpenSSL 3 engine binaries
cmake: Fix Windows check for CryptAcquireContext
connect: Fix timeout handling to use full duration
curl: Make --silent work stand-alone
curl_setup: Suppress OpenSSL 3 deprecation warnings
CURLOPT_WS_OPTIONS.3: Fix the availability version
GHA: Update rustls dependency to 0.9.2
http2: Buffer/pausedata and output flush fix
http2: Set drain on stream end
http: include stdint.h more readily
- krb5: Silence cast-align warning
lib1560: Add IPv6 canonicalization tests
os400: Correct Curl_os400_sendto()
remote-header-name.d: Mention that filename* is not supported
runtests: Fix "uninitialized value $port"
setopt: Allow HTTP3 when HTTP2 is not defined
socketpair: Allow EWOULDBLOCK when reading the pair check bytes
socks: Allow using DoH to resolve host names
tests-httpd: Add proxy tests
tests: Make sure gnuserv-tls has SRP support before using it
tests: Make the telnet server shut down a socket gracefully
tool_getparam: Make --get a true boolean
tool_operate: Allow debug builds to set buffersize
urlapi: Do the port number extraction without using sscanf()
urldata: Remove 'now' from struct SingleRequest - not needed
Updated perl-Coro (6.57) to use an SPDX-format license tag
Updated perl-Package-DeprecationManager to 0.18 as per the Fedora version
Updated unrar to 6.21
Tuesday 21st February 2023
Fedora Project
Updated perl-Data-Dump-Streamer to 2.42 in F-38 and Rawhide:
- Perltidy source to preferred format
- Fixed issues serializing the global stash
- Added test to detect if serializing the global stash breaks anything
Local Packages
Updated perl-Data-Dump-Streamer to 2.42 as per the Fedora version
Updated perl-Module-CoreList to 5.20230220:
- Updated for v5.37.9
Wednesday 22nd February 2023
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.35 in F-38 and Rawhide:
Local Packages
Updated perl-Cpanel-JSON-XS to 4.35 as per the Fedora version
Friday 24th February 2023
Fedora Project
Updated bluefish to 2.2.13 in F-38 and Rawhide:
- Bluefish 2.2.13 is a very minor maintenance release
- The biggest update is in the CSS syntax support
- Next to that it improves a few user interface parts, and fixes some very minor bugs
- It also has some minor improvements for the syntax highlighting in a few other languages, most notably python
Local Packages
Updated bluefish to 2.2.13 as per the Fedora version
Sunday 26th February 2023
Fedora Project
Updated perl-Digest-SHA to 6.04 in F-38 and Rawhide:
Modified SHA_INIT/sharewind to silence warnings from gcc 12 (CPAN RT#146585)
Local Packages
Updated perl-Digest-SHA to 6.04 as per the Fedora version
Monday 27th February 2023
Local Packages
Updated perl-Test-Directory to 0.052:
Fix error message on failure to remove directory in 'clean' (GH#2, CPAN RT#130570)
Tuesday 28th February 2023
Local Packages
Updated perl-PPIx-Regexp to 0.088:
Remove support for (**{ ... code ... })
- This was introduced in Perl 5.37.8 along with a single-splat version
- The double-splat version was removed without deprecation in Perl 5.37.9, so it is being removed without deprecation here as well, per my stated policy about development functionality
- The single-splat version still exists (and is documented) in Perl 5.37.9, and in this package
Previous Month: January 2023
Next Month: March 2023