Wednesday 1st February 2023

Fedora Project

• Updated perl-String-Util to 1.33 in Rawhide:

  • Remove a bunch of old deprecated functions: crunch, cellfill, define, randword, fullchomp, randcrypt, equndef, neundef

  • Update documentation

• Updated perl-Sereal-Decoder, perl-Sereal-Encoder and perl-Sereal to 5.002 in Rawhide:

  • Fix up Decoder tests to run on perl 5.8, which has no defined-or

  • Ensure that Encoder depends on the correct version of the Decoder

  • Test compatibility fixes when no perl is already installed

  • Add t/195_backcompat.t to check if the latest decoder will seamlessly handle reading output from older versions

  • Test compatibility fixes with version 3 and earlier

Thursday 2nd February 2023

Fedora Project

• Updated perl-String-Util to 1.34 in Rawhide:

  • Re-release because the required Perl version was wrong

Friday 3rd February 2023

Fedora Project

• Updated perl-Test-Simple to 1.302192 in Rawhide:

  • Silence deprecation warning when testing smartmatch

Local Packages

• Updated perl-Test-Simple to 1.302192 as per the Fedora version

Saturday 4th February 2023

Fedora Project

• Updated proftpd (1.3.8) in Rawhide and EPEL-9 to ensure that mod_rewrite is linked against libidn2 so that it loads properly (Bug #2166454, GH#1590)

Local Packages

• Updated proftpd (1.3.8) as per the Fedora version

Monday 6th February 2023

Fedora Project

• Updated glib (1.2.10) in Rawhide to build in C89 mode (Bug #2167383)

Local Packages

• Updated glib (1.2.10) as per the Fedora version

Wednesday 8th February 2023

Fedora Project

• Updated perl-Sereal, perl-Sereal-Decoder and perl-Sereal-Encoder to 5.003 in Rawhide:

  • Update Miniz to 3.0.2, Zstd to 1.5.2 and Devel::CheckLib to 1.16 (note: the packaging uses the system versions of these)

  • Assorted build fixes related to these updates
  • OpenBSD build fixes

Local Packages

• Updated metamail (2.7) to use SPDX-format license tag

• Updated smf-sav (2.1) to support only systemd init, to use an SPDX-format license tag and to do a hardened build where possible

• Updated smf-spf (2.0.2) to support only systemd init, to use an SPDX-format license tag and to do a hardened build where possible

Thursday 9th February 2023

Fedora Project

• Updated perl-Compress-Raw-Lzma to 2.204 in F-38 and Rawhide:

  • Use GIMME_V instead of GIMME

Local Packages

• Updated perl-Compress-Raw-Bzip2 to 2.204:

  • Trim trailing spaces from bzip2-src
  • Typo fixes

  • Use GIMME_V instead of GIMME

  • Cast isdigit argument as unsigned char

• Updated perl-Compress-Raw-Lzma to 2.204 as per the Fedora version

• Updated perl-Compress-Raw-Zlib to 2.204:

  • Update zlib sources to zlib-1.2.13

  • Use GIMME_V instead of the deprecated GIMME

Friday 10th February 2023

Fedora Project

• Updated perl-IO-Compress-Lzma to 2.204 in F-38 and Rawhide (no functional changes)

Local Packages

• Updated perl-IO-Compress to 2.204:

  • Update Gzip.pm POD

  • Allow Z_NULL

• Updated perl-IO-Compress-Lzma to 2.204 as per the Fedora version

• Updated perl-XML-LibXSLT to 2.002001:

  • Corrections and refactorings in Makefile.PL

Tuesday 14th February 2023

Fedora Project

• Updated perl-parent to 0.240 in Rawhide:

  • Use Test::More::isnt() instead of Test::More::isn't in tests, which is deprecated, as ' isn't allowed as package separator in an upcoming version of Perl (GH#13)

Local Packages

• Branched the development repository for Fedora 38

• Updated check (0.15.2) to add optional Fedora mingw packages from Fedora 38 onwards

• Updated dovecot (2.3.20) to drop SHA1 OTP from F-39/EL-9 onwards

• Updated perl-parent to 0.240 as per the Fedora version

• Updated python2-nose (1.3.7) to use an SPDX-format license tag

Wednesday 15th February 2023

Fedora Project

• Updated perl-parent to 0.241 in F-38 and Rawhide:

  • Actually include the changes documented for version 0.240

Local Packages

• Updated curl to 7.88.0:

  • curl.h: Add CURL_HTTP_VERSION_3ONLY

  • share: Add sharing of HSTS cache among handles (CVE-2023-23914)

  • src: Add --http3-only

  • tool_operate: Share HSTS between handles (CVE-2023-23915)

  • urlapi: Add CURLU_PUNYCODE

  • writeout: Add %{certs} and %{num_certs}

  • cf-socket: Fix build when not HAVE_GETPEERNAME

  • cf-socket: Keep sockaddr local in the socket filters

  • cfilters: Curl_conn_get_select_socks: Use the first non-connected filter

  • CI: Add a workflow to automatically label pull requests

  • CI: Add pytest GHA to CI test/tests-httpd on a HTTP/3 setup

  • CI: Retry failed downloads to reduce spurious failures
  • CI: Update wolfssl / wolfssh to 5.5.4 / 1.4.12
  • cmake: Bump requirement to 3.7

  • cmake: Check for sendmsg

  • cmake: Delete redundant macro definition 'SECURITY_WIN32'

  • cmake: Fix dev warning due to mismatched arg

  • cmake: Fix the snprintf detection

  • cmake: Remove deprecated symbols check

  • cmake: Set SOVERSION also for macOS

  • cmake: Use list APPEND syntax for CMAKE_REQUIRED_DEFINITIONS

  • cmdline-opts/Makefile: On error, do not leave a partial

  • CODEOWNERS: Remove the peeps mentioned as CI owners

  • connect: Fix access of pointer before NULL check

  • connect: Fix build when not ENABLE_IPV6

  • connect: Fix strategy testing for attempts, timeouts and happy-eyeball

  • connections: Introduce http/3 happy eyeballs

  • content_encoding: Do not reset stage counter for each header (CVE-2023-23916)

  • CONTRIBUTE: More formally specify the commit description

  • cookies: fp is always not NULL

  • copyright.pl: Cease doing year verifications

  • copyright: Update all copyright lines and remove year ranges

  • curl.1: Make help, version and manual sections "custom"

  • curl.h: Allow up to 10M buffer size

  • curl.h: Mark CURLSSLBACKEND_MESALINK as deprecated

  • curl/websockets.h: Extend the websocket frame struct

  • curl: Output warning at --verbose output for debug-enabled version

  • curl_free.3: Fix return type of 'curl_free'

  • curl_global_sslset.3: Clarify the openssl situation

  • curl_log: For failf/infof and debug logging implementations

  • curl_setup: Disable by default recv-before-send in Windows

  • curl_version_info.3: Fix typo

  • curl_ws_send.3: Clarify how to send multi-frame messages

  • CURLOPT_HEADERDATA.3: Warn DLL users must set write function

  • CURLOPT_READFUNCTION.3: The callback 'size' arg is always 1

  • CURLOPT_WRITEFUNCTION.3: Fix memory leak in example

  • dict: URL decode the entire path always

  • docs/DEPRECATE.md: Deprecate gskit

  • docs: Add link to GitHub Discussions

  • docs: Mention indirect effects of --insecure

  • docs: POSTFIELDSIZE must be set to -1 with read function

  • doh: ifdef IPv6 code

  • easyoptions: Fix header printing in generation script
  • escape: Hex decode with a lookup-table

  • escape: Use table lookup when adding %-codes to output

  • examples: Remove the curlgtk.c example

  • fopen: Remove unnecessary assignment

  • ftpserver: Lower the DATA connect timeout to speed up torture tests

  • GHA/macos.yml: Bump to gcc-12

  • GHA/macos: Use Xcode_14.0.1 for cmake builds

  • GHA: Add job on Slackware 15.0

  • GHA: Bump ngtcp2 workflow dependencies

  • GHA: Enable websockets in the torture job

  • GHA: Move the quiche job here from zuul

  • GHA: Use designated ngtcp2 and its dependencies versions

  • haxproxy: Send before TLS handshake

  • header.d: Add a header file example

  • hsts.d: Explain HSTS more

  • hsts: Handle adding the same host name again

  • HTTP/[23]: Continue upload when state.drain is set

  • http2: Aggregate small SETTINGS/PRIO/WIN_UPDATE frames

  • http2: Fix compiler warning due to uninitialized variable

  • http2: Minor buffer and error path fixes

  • http2: When using printf %.*s, the length arg must be 'int'

  • HTTP3: Mention what needs to be in place to remove EXPERIMENTAL label

  • http: Add additional condition for including stdint.h

  • http: Decode transfer encoding first

  • http: Fix "part of conditional expression is always false"

  • http: Remove the trace message "Mark bundle... multiuse"

  • http_aws_sigv4: Remove typecasts from HMAC_SHA256 macro

  • http_proxy: Do not assign data->req.p.http, use local copy

  • INSTALL: Document how to use multiple TLS backends

  • lib670: Make test.h the first include

  • lib: connect/h2/h3 refactor

  • lib: Fix typos
  • lib: Fix typos in comments that repeat a word

  • libssh2: Try sha2 algos for hostkey methods

  • libtest: Add a sleep macro for Windows

  • Linux CI: Update some dependencies to latest tag

  • Makefile.mk: Fix wolfssl and mbedtls default paths

  • man pages: Call the custom user pointer 'clientp' consistently

  • md4: Fix build with GnuTLS + OpenSSL v1
  • misc: Fix grammar and spelling
  • misc: Fix spelling
  • misc: Reduce struct and struct field sizes
  • msh3: Add support for request payload
  • msh3: Update to v0.5 Release
  • msh3: Update to v0.6
  • multi: Stop sending empty HTTP/3 UDP datagrams on Windows

  • multihandle: Turn bool struct fields into bits

  • ngtcp2: Add CURLOPT_SSL_CTX_FUNCTION support for openssl+wolfssl

  • ngtcp2: Fix the build without 'sendmsg'

  • ngtcp2: Replace removed define and stop using removed function

  • no-clobber.d: Only use long form options in man page text

  • noproxy: Support for space-separated names is deprecated

  • nss: Implement data_pending method

  • openldap: Fix missing sasl symbols at build in specific configs

  • openssl: Adapt to boringssl's error code type

  • openssl: Don't ignore CA paths when using Windows CA store (redux)

  • openssl: Don't log raw record headers

  • openssl: Make the BIO_METHOD a local variable in the connection filter

  • openssl: Only use CA_BLOB if verifying peer

  • openssl: Remove attached easy handles from SSL instances

  • openssl: Store the CA after first send (ClientHello)

  • os400: Fixes to make-lib.sh and initscript.sh

  • packages: Remove Android, update README

  • release-notes.pl: Check fixes/closes lines better

  • Revert "x509asn1: avoid freeing unallocated pointers"

  • runtest.pl: Add expected fourth return value

  • runtests: Tear down http2/http3 servers when https server is stopped

  • runtests: Consider warnings fatal and error on them

  • runtests: Fix detection of TLS backends

  • runtests: Make 'mbedtls' a testable feature

  • rustls: Improve error messages

  • scripts/delta: Show percent of number of files changed since last tag

  • scripts: Fix Appveyor job detection in cijobs.pl

  • scripts: Set file mode +x on all perl and shell scripts

  • sectransp: Fix for incomplete read/writes

  • SECURITY-PROCESS.md: Document severity levels

  • setopt: Address undefined behaviour by checking for null

  • setopt: Move the SHA256 opt within #ifdef libssh2

  • setopt: Use >, not >=, when checking if uarg is larger than uint-max

  • smb: Return error on upload without size
  • socketpair: Allow localhost MITM sniffers

  • strdup: Name it Curl_strdup

  • system.h: Assume OS400 is always built with ILEC compiler

  • test1560: Use a UTF8-using locale when run

  • test2304: Remove stdout verification

  • tests-httpd: Basic infra to run curl against an apache httpd

  • tests: Add 3 new HTTP/2 test cases, plus https: support for nghttpx

  • tests: Add tests for HTTP/2 and HTTP/3 to verify the header API

  • tests: Avoid use of sha1 in certificates

  • tls: Fixes for wolfssl + openssl combo builds

  • tool_getparam: Fix hiding of command line secrets

  • tool_operate: Fix 'CURLOPT_SOCKS5_GSSAPI_NEC' type

  • tool_operate: Fix error codes during DOS filename sanitize

  • tool_operate: Fix error codes on bad URL and OOM

  • tool_operate: Fix headerfile writing

  • tool_operate: Repair --rate

  • transfer: Break the read loop when RECV is cleared

  • typecheck: Accept expressions for option/info parameters

  • url: Fix part of conditional expression is always true

  • urlapi: Avoid Curl_dyn_addf() for hex outputs

  • urlapi: Fix part of conditional expression is always true: qlen

  • urlapi: Skip path checks if path is just "/"

  • urlapi: Skip the extra dedotdot alloc if no dot in path

  • urldata: Cease storing TLS auth type

  • urldata: Make 'ftp_create_missing_dirs' depend on FTP || SFTP

  • urldata: Make set.http200aliases conditional on HTTP being present

  • urldata: Move the cookefilelist to the 'set' struct

  • urldata: Remove unused struct fields, made more conditional

  • vquic: Stabilization and improvements

  • vtls: Fix hostname handling in filters

  • vtls: Manage current easy handle in nested cfilter calls

  • vtls: Use ALPN HTTP/1.0 when HTTP/1.0 is used

  • winbuild: Document that arm64 is supported

  • Windows: Always use curl's basename() implementation

  • wolfssl: Remove deprecated post-quantum algorithms

  • workflows/linux.yml: Merge 3 common packages

  • write-out.d: Add 'since version' to %{header_json} documentation

  • write-out.d: Clarify Windows % symbol escaping

  • ws: Fix autoping handling

  • ws: Fix multiframe send handling

  • ws: Fix recv of larger frames

  • ws: Remove bad assert

  • ws: Unstick connect-only shutdown

  • ws: Use %Ou for outputting curl_off_t with info()

  • x509asn1: Fix compile errors and warnings

  • zuul: Stop using this CI service

• I added a patch from Fedora to disable the upstream warnings-as-fatal behaviour in runtests.pl since the tests do actually generate some warnings that need to be fixed upstream

• Updated perl-parent to 0.241 as per the Fedora version

Thursday 16th February 2023

Local Packages

• Updated curl (7.88.0) to fix data corruption with some http/2 transfers (GH#10525)

Friday 17th February 2023

Local Packages

• Cleaned up and rebuilt moin (1.9.11)

Sunday 19th February 2023

Fedora Project

• Updated gtkwave to 3.3.114 in F-38 and Rawhide:

  • Buffer overflow fixes in FST reader

Local Packages

• Updated gtkwave to 3.3.114 as per the Fedora version

Monday 20th February 2023

Fedora Project

• Updated perl-Package-DeprecationManager to 0.18 in F-38 and Rawhide:

  • Use Sub::Util instead of Sub::Name, which is part of Scalar-List-Utils, which itself is already a dependency (GH#3)

Local Packages

• Updated curl to 7.88.1:

  • build-openssl.bat: Keep OpenSSL 3 engine binaries

  • cmake: Fix Windows check for CryptAcquireContext

  • connect: Fix timeout handling to use full duration

  • curl: Make --silent work stand-alone

  • curl_setup: Suppress OpenSSL 3 deprecation warnings

  • CURLOPT_WS_OPTIONS.3: Fix the availability version

  • GHA: Update rustls dependency to 0.9.2

  • http2: Buffer/pausedata and output flush fix

  • http2: Set drain on stream end

  • http: include stdint.h more readily

  • krb5: Silence cast-align warning

  • lib1560: Add IPv6 canonicalization tests

  • os400: Correct Curl_os400_sendto()

  • remote-header-name.d: Mention that filename* is not supported

  • runtests: Fix "uninitialized value $port"

  • setopt: Allow HTTP3 when HTTP2 is not defined

  • socketpair: Allow EWOULDBLOCK when reading the pair check bytes

  • socks: Allow using DoH to resolve host names

  • tests-httpd: Add proxy tests

  • tests: Make sure gnuserv-tls has SRP support before using it

  • tests: Make the telnet server shut down a socket gracefully

  • tool_getparam: Make --get a true boolean

  • tool_operate: Allow debug builds to set buffersize

  • urlapi: Do the port number extraction without using sscanf()

  • urldata: Remove 'now' from struct SingleRequest - not needed

• Updated perl-Coro (6.57) to use an SPDX-format license tag

• Updated perl-Package-DeprecationManager to 0.18 as per the Fedora version

• Updated unrar to 6.21

Tuesday 21st February 2023

Fedora Project

• Updated perl-Data-Dump-Streamer to 2.42 in F-38 and Rawhide:

  • Perltidy source to preferred format
  • Fixed issues serializing the global stash
  • Added test to detect if serializing the global stash breaks anything

Local Packages

• Updated perl-Data-Dump-Streamer to 2.42 as per the Fedora version

• Updated perl-Module-CoreList to 5.20230220:

  • Updated for v5.37.9

Wednesday 22nd February 2023

Fedora Project

• Updated perl-Cpanel-JSON-XS to 4.35 in F-38 and Rawhide:

  • Fix a security issue, decoding hash keys without ending ':' (GH#208)

  • Check all bare hash keys for utf8 (GH#209)

  • Improve overload warnings (GH#205)

  • Fix a croak leak (GH#206)

  • Fix utf8 object stringification (GH#212)

Local Packages

• Updated perl-Cpanel-JSON-XS to 4.35 as per the Fedora version

Friday 24th February 2023

Fedora Project

• Updated bluefish to 2.2.13 in F-38 and Rawhide:

  • Bluefish 2.2.13 is a very minor maintenance release
  • The biggest update is in the CSS syntax support
  • Next to that it improves a few user interface parts, and fixes some very minor bugs
  • It also has some minor improvements for the syntax highlighting in a few other languages, most notably python

Local Packages

• Updated bluefish to 2.2.13 as per the Fedora version

Sunday 26th February 2023

Fedora Project

• Updated perl-Digest-SHA to 6.04 in F-38 and Rawhide:

  • Modified SHA_INIT/sharewind to silence warnings from gcc 12 (CPAN RT#146585)

Local Packages

• Updated perl-Digest-SHA to 6.04 as per the Fedora version

Monday 27th February 2023

Local Packages

• Updated perl-Test-Directory to 0.052:

  • Fix error message on failure to remove directory in 'clean' (GH#2, CPAN RT#130570)

Tuesday 28th February 2023

Local Packages

• Updated perl-PPIx-Regexp to 0.088:

  • Remove support for (**{ ... code ... })

  • This was introduced in Perl 5.37.8 along with a single-splat version
  • The double-splat version was removed without deprecation in Perl 5.37.9, so it is being removed without deprecation here as well, per my stated policy about development functionality
  • The single-splat version still exists (and is documented) in Perl 5.37.9, and in this package