Paul's Blog Entries for May 2023
Monday 1st May 2023
Fedora Project
Updated perl-Module-Build-Tiny to 0.045 in Rawhide:
- Fix compilation issue on Windows
Updated perl-MooseX-InsideOut (0.106) in Rawhide to use SPDX-format license tag
Updated perl-MooseX-NonMoose (0.26) in Rawhide to use SPDX-format license tag
Updated perl-MooseX-Role-Parameterized (1.11) in Rawhide to use SPDX-format license tag
Updated perl-MooseX-Role-WithOverloading (0.17) in Rawhide to use SPDX-format license tag
Updated perl-URI to 5.19 in Rawhide:
Form parameters without values are now represented by undef (GH#65)
Local Packages
Updated perl-Module-Build-Tiny to 0.045 as per the Fedora version
Updated perl-MooseX-InsideOut (0.106) as per the Fedora version
Updated perl-MooseX-NonMoose (0.26) as per the Fedora version
Updated perl-MooseX-Role-Parameterized (1.11) as per the Fedora version
Updated perl-MooseX-Role-WithOverloading (0.17) as per the Fedora version
Tuesday 2nd May 2023
Fedora Project
Became maintainer of orphaned perl-TAP-Formatter-JUnit package
Updated perl-MooseX-SimpleConfig (0.11) in Rawhide to use SPDX-format license tag
Updated perl-MooseX-Types (0.50) in Rawhide to use SPDX-format license tag
Cleaned up and rebuilt perl-MooseX-Types-Path-Class (0.09) in Rawhide
Updated perl-MooseX-Types-Path-Tiny (0.012) in Rawhide to use SPDX-format license tag
Updated perl-MooseX-Types-Stringlike (0.003) in Rawhide to use SPDX-format license tag
Updated perl-MouseX-ConfigFromFile (0.05) in Rawhide to use SPDX-format license tag
Cleaned up and rebuilt perl-TAP-Formatter-JUnit (0.16) in Rawhide
Local Packages
Updated perl-MooseX-Types (0.50) as per the Fedora version
Wednesday 3rd May 2023
Fedora Project
Updated perl-Config-Any to 0.33 in Rawhide:
- Update docs to describe which modules are needed for which formats
Update Config::General requirement for conf files to a non-broken version (2.48)
Don't try to upgrade old Config::General versions
Fix is_supported method verifying the version of required modules
- Documentation clean-ups
Cleaned up and rebuilt perl-MouseX-Getopt (0.38) in Rawhide
Updated perl-MouseX-SimpleConfig (0.11) in Rawhide to use SPDX-format license tag
Updated perl-MouseX-Types (0.06) in Rawhide to use SPDX-format license tag
Updated perl-MouseX-Types-Path-Class (0.07) in Rawhide to use SPDX-format license tag
Updated perl-Net-CIDR (0.21) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-namespace-autoclean (0.29) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-namespace-clean (0.27) to use SPDX-format license tag, drop support for building with perl < 5.14, and drop support for building with rpm < 4.9
Updated perl-Net-CIDR (0.21) as per the Fedora version
Thursday 4th May 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20230426.002 in Rawhide:
Fix a problem with the MANIFEST (GH#30) - no data updates
Local Packages
Updated perl-common-sense (3.7.5) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Spellunker (0.4.0) to use SPDX-format license tag
Updated perl-Spiffy (0.46) to use SPDX-format license tag
Updated perl-SUPER (1.20190531) to use SPDX-format license tag
Friday 5th May 2023
Fedora Project
Updated perl-Net-IP (1.26) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Net-SSH-Perl (2.14) in Rawhide to use SPDX-format license tag and drop hobbled CryptX support
Prior to Fedora 36, the perl-CryptX package was hobbled in that it did not include ECC support; there is no longer any need to support this
Updated perl-Object-ID (0.1.2) in Rawhide to use SPDX-format license tag
Updated perl-YAML-LibYAML to 0.87 in Rawhide:
Turn off internal POK flag for number scalars
Local Packages
Rebuilt perl-Compress-Raw-Lzma (2.204) for xz 5.4.3 in Fedora 39 onwards
Updated perl-Net-IP (1.26) as per the Fedora version
Updated perl-YAML-LibYAML to 0.87 as per the Fedora version
Updated xz to 5.4.3 in Fedora 39 onwards (see NEWS for details)
Sunday 7th May 2023
Fedora Project
Updated perl-Data-OptList to 0.114 in Rawhide:
Data::OptList now requires perl v5.12.0
Tests no longer add "-T" to shebang, so do not invoke taint mode
Updated perl-Finance-Quote to 1.5402 in Rawhide:
Local Packages
Updated perl-Data-OptList to 0.114 as per the Fedora version
Updated perl-PAR-Dist to 0.52:
Change bug tracker to GitHub issues
Quote all version numbers in META.yml files in test *.par files
Updated proftpd (1.3.8) to port configure script to C99 (GH#1665)
Monday 8th May 2023
Fedora Project
Updated perl-Net-CIDR-Lite (0.22) in Rawhide to use SPDX-format license tag
Updated perl-Object-InsideOut (4.05) in Rawhide to use SPDX-format license tag
Updated perl-Package-Anon (0.05) in Rawhide to use SPDX-format license tag
Updated perl-Package-Stash (0.40) in Rawhide to use SPDX-format license tag
Updated perl-Package-Stash-XS (0.30) in Rawhide to use SPDX-format license tag
Updated perl-PPI (1.276) in Rawhide to use SPDX-format license tag
Updated perl-PPIx-Utilities (1.001000) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Net-CIDR-Lite (0.22) as per the Fedora version
Updated perl-Package-Anon (0.05) as per the Fedora version
Updated perl-Package-Stash (0.40) as per the Fedora version
Updated perl-Package-Stash-XS (0.30) as per the Fedora version
Updated perl-PPI (1.276) as per the Fedora version
Updated perl-PPIx-Utilities (1.001000) as per the Fedora version
Tuesday 9th May 2023
Fedora Project
Updated perl-CPAN-Meta-Requirements to 2.142 in Rawhide:
confess() replaced with croak(): fewer stack traces
Broke the version range handling into the Range class
- Note: this version now requires perl v5.10 rather than v5.6
Updated perl-PadWalker (2.5) in Rawhide to use SPDX-format license tag
Updated perl-Parse-Distname (0.05) in Rawhide to use SPDX-format license tag
Updated perl-Path-Class (0.37) in Rawhide to use SPDX-format license tag
Local Packages
Updated libxslt to 1.1.38 (see NEWS for details)
Updated pperl-aliased (0.34) to use SPDX-format license tag
Updated perl-CPAN-Meta-Requirements to 2.142 as per the Fedora version
Updated perl-Net-DNS to 1.38:
Mailbox.pm: Improve robustness of address parsing
Deprecate packet->edns->size() method
Deprecate rdatastr() historical RR subtype method
- Major overhaul of pre-installation test scripts
Add new t/TestToolkit.pm
Refactor socket code and control structure in Nameserver.pm and improve efficiency of zonefile data storage and retrieval
Nameserver.pm: Fix peerhost undefined after $sock->accept (CPAN RT#147507)
EDNS extended rcode was not handled correctly (CPAN RT#148273)
Multicast DNS flag broke Net::DNS::Parameters::classbyval (CPAN RT#148274)
Updated perl-PadWalker (2.5) as per the Fedora version
Updated perl-Parse-Distname (0.05) as per the Fedora version
Updated perl-Path-Class (0.37) as per the Fedora version
Updated perl-PerlIO-gzip (0.20) to use SPDX-format license tag
Updated perl-Readonly-XS (1.05) to use SPDX-format license tag
Updated perl-Test-Perl-Critic (1.04) to use SPDX-format license tag
Wednesday 10th May 2023
Fedora Project
Updated perl-Perl-Critic-Deprecated (1.119) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Perl-Critic-Pulp (99) in Rawhide to use SPDX-format license tag
Updated perl-Perl-Destruct-Level (0.02) in Rawhide to use SPDX-format license tag
Updated perl-Perl-OSType (1.010) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Pod-Coverage-Moose (0.07) in Rawhide to use SPDX-format license tag
Updated perl-Ref-Util (0.204) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Perl-Critic-Deprecated (1.119) as per the Fedora version
Updated perl-Perl-Critic-Pulp (99) as per the Fedora version
Updated perl-Perl-Destruct-Level (0.02) as per the Fedora version
Updated perl-Perl-OSType (1.010) as per the Fedora version
Cleaned up and rebuilt perl-Pod-Coverage-Moose (0.07)
Updated perl-Ref-Util (0.204) as per the Fedora version
Thursday 11th May 2023
Fedora Project
Updated geoipupdate to 5.1.1 in Rawhide:
Fixed the Docker health-check script to use the correct time of the last update attempt (GH#225)
Added new '--output' flag to print JSON to standard output describing the result of the run
- Compilation with Go versions before 1.19 is no longer supported
Updated perl-Devel-CallParser (0.002) in Rawhide to drop optional test dependency Lexical::Sub for now: t/leximport.t fails with Lexical::Sub 0.010 (CPAN RT#147376, Bug #2182352)
Updated perl-Perl6-Caller (0.100) in Rawhide to use SPDX-format license tag
Updated perl-Perl6-Junction (1.60000) in Rawhide to use SPDX-format license tag
Updated perl-Perl6-Slurp (0.051005) in Rawhide to use SPDX-format license tag
Updated perl-Ref-Util-XS (0.117) in Rawhide to use SPDX-format license tag
Updated perl-Role-Tiny (2.002004) in Rawhide to use SPDX-format license tag
Local Packages
Updated geoipupdate to 5.1.1 as per the Fedora version
Updated perl-Perl6-Caller (0.100) as per the Fedora version
Updated perl-Perl6-Junction (1.60000) as per the Fedora version
Updated perl-Perl6-Slurp (0.051005) as per the Fedora version
Updated perl-Ref-Util-XS (0.117) as per the Fedora version
Updated perl-Role-Tiny (2.002004) as per the Fedora version
Friday 12th May 2023
Fedora Project
Updated perl-PerlIO-via-Timeout (0.32) in Rawhide to use SPDX-format license tag
Updated perl-Pod-Readme (1.2.3) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Pod-Strip (1.100) in Rawhide to use SPDX-format license tag
Updated perl-Scalar-Properties (1.100860) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Sub-Exporter-Progressive (0.001013) in Rawhide to use SPDX-format license tag
Updated perl-YAML-LibYAML in Rawhide to 0.88:
Revert "Turn off internal POK flag for number scalars"
Local Packages
Updated perl-Pod-Readme (1.2.3) as per the Fedora version
Updated perl-Pod-Strip (1.100) as per the Fedora version
Updated perl-Scalar-Properties (1.100860) as per the Fedora version
Updated perl-Sub-Exporter-Progressive (0.001013) as per the Fedora version
Updated perl-YAML-LibYAML to 0.88 as per the Fedora version
Saturday 13th May 2023
Fedora Project
Updated perl-Sub-Uplevel (0.2800) in Rawhide to use SPDX-format license tag
Updated perl-Taint-Runtime (0.03) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Sub-Uplevel (0.2800) as per the Fedora version
Updated perl-Taint-Runtime (0.03) as per the Fedora version
Sunday 14th May 2023
Fedora Project
Updated perl-Finance-Quote to 1.55 in Rawhide:
Updated perl-Task-Weaken (1.06) in Rawhide to use SPDX-format license tag
Updated perl-Test-CleanNamespaces (0.24) in Rawhide to use SPDX-format license tag
Updated perl-Test-CPAN-Meta-JSON (0.16) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Local Packages
Updated perl-Task-Weaken (1.06) as per the Fedora version
Updated perl-Term-ReadKey (2.38) to port Configure.pm to C99
Updated perl-Test-CleanNamespaces (0.24) as per the Fedora version
Updated perl-Test-CPAN-Meta-JSON (0.16) as per the Fedora version
Monday 15th May 2023
Fedora Project
Updated perl-Regexp-Assemble (0.38) in Rawhide to use SPDX-format license tag
Updated perl-Test-Differences (0.69) in Rawhide to use SPDX-format license tag
Updated perl-Test-Exception (0.43) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-Manifest (2.023) in Rawhide to use SPDX-format license tag
Updated perl-Test-Memory-Cycle (1.06) in Rawhide to use SPDX-format license tag
Updated perl-Test-Refcount (0.10) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Test-Differences (0.69) as per the Fedora version
Updated perl-Test-Exception (0.43) as per the Fedora version
Updated perl-Test-Manifest (2.023) as per the Fedora version
Updated perl-Test-Memory-Cycle (1.06) as per the Fedora version
Updated perl-Test-Regexp (2017040101) to use SPDX-format license tag
Updated unrar to 6.22 beta 1
Tuesday 16th May 2023
Fedora Project
Updated perl-Regexp-Trie (0.02) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Return-MultiLevel (0.08) in Rawhide to use SPDX-format license tag
Updated perl-Safe-Isa (1.000010) in Rawhide to use SPDX-format license tag
Cleaned up and rebuilt perl-Set-Array (0.30) in Rawhide
Updated perl-Software-License-CCpack (1.11) in Rawhide to use SPDX-format license tag
Updated perl-Test-RequiresInternet (0.05) in Rawhide to use SPDX-format license tag
Updated perl-Test-Synopsis (0.17) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Pod-Simple to 3.45:
Use Test::More and clean up tests
Reorganize Makefile.PL warnings
use warnings
- Clean up of whitespace and for prehistoric perls
Fix precedence issue in PullParser
- Minor parallelism fixes to test files
- Refactor XHTML index generation into own method
- Fix tab expansion when not 0 nor 8
- Various fixes to links
Updated perl-Regexp-Trie (0.02) as per the Fedora version
Updated perl-Safe-Isa (1.000010) as per the Fedora version
Updated perl-Software-License-CCpack (1.11) as per the Fedora version
Updated perl-Test-RequiresInternet (0.05) as per the Fedora version
Updated perl-Test-Synopsis (0.17) as per the Fedora version
Wednesday 17th May 2023
Fedora Project
Updated perl-Test-Valgrind (1.19) in Rawhide to use SPDX-format license tag
Updated perl-Test-Warnings (0.031) in Rawhide to use SPDX-format license tag
Updated perl-Test2-Plugin-NoWarnings (0.09) in Rawhide to use SPDX-format license tag
Updated perl-Types-Serialiser (1.01) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Unicode-UTF8 (0.62) in Rawhide to use SPDX-format license tag
Local Packages
Updated curl to 8.1.0:
curl: Add --proxy-http2
CURLPROXY_HTTPS2: For HTTPS proxy that may speak HTTP/2
hostip: Refuse to resolve the .onion TLD
tool_writeout: Add URL component variables
- amiga: Fix CA certificate paths for AmiSSL and MorphOS
- autotools: Sync up clang picky warnings with cmake
aws-sigv4.d: Fix region identifier in example
bufq: Simplify since expression is always true
cf-h1-proxy: Skip an extra NULL assign
cf-h2-proxy: Fix processing ingress to stop too early
cf-socket: Add socket recv buffering for most tcp cases
- cf-socket: Disable socket receive buffer by default
- cf-socket: Remove dead code discovered by PVS
cf-socket: Turn off IPV6_V6ONLY on Windows if it is supported
checksrc: Check for spaces before the colon of switch labels
checksrc: Find bad indentation in conditions without open brace
checksrc: Fix SPACEBEFOREPAREN for conditions starting with "*"
ci: '-Wno-vla' no longer necessary
- CI: Fix brew retries on GHA
CI: Set minimal permissions on workflow ngtcp2-quictls.yml
- CI: Skip Azure for commits that change only GHA
- CI: Use another glob syntax for matching files on Appveyor
- cmake: Bring in the network library on Haiku
cmake: Do not add zlib headers for openssl
- CMake: Make config version 8 compatible with 7
- cmake: Picky-linker fixes for openssl, ZLIB, H3 and more
- cmake: Set SONAME for SunOS too
cmake: Speed up and extend picky clang/gcc options
CMakeLists.txt: Fix typo for Haiku detection
compressed.d: Clarify the words on "not notifying headers"
config-dos.h: Fix SIZEOF_CURL_OFF_T for MS-DOS/DJGPP
configure: Don't set HAVE_WRITABLE_ARGV on Windows
configure: Fix detection of apxs (for httpd)
configure: Make quiche require quiche_conn_send_ack_eliciting
connect: Fix https connection setup to treat ssl_mode correctly
content_encoding: Only do transfer-encoding compression if asked to
- cookie: Address PVS nits
cookie: Clarify that init with data set to NULL reads no file
curl: Do not append file name to path for upload when there's a query
curl_easy_getinfo.3: Typo fix (duplicated "from the")
curl_easy_unescape.3: Rename the argument
curl_path: Bring back support for SFTP path ending in /~
curl_url_set.3: Mention that users can set content rather freely
CURLOPT_IPRESOLVE.3: This for host names, not IP addresses
data.d: Emphasize no conversion
- digest: Clear target buffer
doc: curl_mime_init() strong easy binding was relaxed in 7.87.0
docs/cmdline-opts: Document the dotless config path
docs/examples/protofeats.c: Outputs all protocols and features
docs/libcurl/curl_*escape.3: Rename "url" argument to "input"/"string"
docs/SECURITY-ADVISORY.md: How to write a curl security advisory
- docs: Bump the minimum perl version to 5.6
- docs: Clarify that more backends have HTTPS proxy support
dynbuf: Never allocate larger than "toobig"
easy_cleanup: Require a "good" handle to act
ftp: Fix 'portsock' variable was assigned the same value
- ftp: Remove dead code
ftplistparser: Move out private data from public struct
ftplistparser: Replace realloc with dynbuf
gen.pl: Error on duplicated See-Also fields
getpart: Better handle case of file not found
- GHA-linux: Add an address-sanitizer build
- GHA: Add a memory-sanitizer job
GHA: Run all linux test jobs with valgrind
GHA: Suppress git clone output
GIT-INFO: Add --with-openssl
- gskit: Various compile errors in OS400
h2/h3: Replace 'state.drain' counter with 'state.dselect_bits'
- hash: Fix assigning same value
- headers: Clear (possibly) lingering pointer in init
hostcheck: Fix host name wildcard checking (CVE-2023-28321)
hostip: Add locks around use of global buffer for alarm() (CVE-2023-28320)
hostip: Enforce a maximum DNS cache size independent of timeout value
HTTP-COOKIES.md: Mention the #HttpOnly_ prefix
http2: Always EXPIRE_RUN_NOW unpaused http/2 transfers
- http2: Do flow window accounting for cancelled streams
- http2: Enlarge the connection window
- http2: Flow control and buffer improvements
- http2: Move HTTP/2 stream vars into local context
http2: Pass 'stream' to http2_handle_stream_close to avoid NULL checks
http2: Remove unused Curl_http2_strerror function declaration
- HTTP3/quiche: Terminate h1 response header when no body is sent
http3: Check stream_ctx more thoroughly in all backends
HTTP3: Document the ngtcp2/nghttp3 versions to use for building curl
- http3: Expire unpaused transfers in all HTTP/3 backends
- http3: Improvements across backends
- http: Free the url before storing a new copy
http: Skip a double NULL assign
ipv4.d/ipv6.d: They are "mutex", not "boolean"
KNOWN_BUGS: Remove fixed or outdated issues, move non-bugs
lib/cmake: Add HAVE_WRITABLE_ARGV check
lib/sha256.c: Typo fix in comment (duplicated "is available")
lib1560: Verify that more bad host names are rejected
lib: Add 'bufq' and 'dynhds'
lib: Remove CURLX_NO_MEMORY_CALLBACKS
lib: Unify the upload/method handling (CVE-2023-28322)
lib: Use correct printf flags for sockets and timediffs
libssh2: Fix crash in keyboard callback
libssh2: Free fingerprint better (CVE-2023-28319)
libssh: Tell it to use SFTP non-blocking
man pages: Simplify the .TH sections
MANUAL.md: Add dict example for looking up a single definition
md(4|5): Don't use deprecated iOS functions
md4: Only build when used
mime: Skip NULL assigns after Curl_safefree()
multi: Add handle asserts in DEBUG builds
multi: Add multi-ignore logic to multi_socket_action
multi: Free up more data earlier in DONE
- multi: Remove a few superfluous assigns
multi: Remove PENDING + MSGSENT handles from the main linked list
- ngtcp2: Adapted to 0.15.0
- ngtcp2: Adjust config and code checks for ngtcp2 without nghttp3
noproxy: Pointer to local array 'hostip' is stored outside scope
ntlm: Clear lm and nt response buffers before use
- openssl: Interop with AWS-LC
- OS400: Fix and complete ILE/RPG binding
- OS400: Implement EBCDIC support for recent features
OS400: Improve vararg emulation
- OS400: Provide ILE/RPG usage examples
pingpong: Fix compiler warning "assigning an enum to unsigned char"
pytest: Improvements for suitable curl and error output
- quiche: Disable pacing while pacing is not actually performed
quiche: Enable IDLE egress handling
RELEASE-PROCEDURE: Update to new schedule
rtsp: Convert mallocs to dynbuf for RTP buffering
- rtsp: Skip malformed RTSP interleaved frame data
rtsp: Skip NULL assigns after Curl_safefree()
runtests: Die if curl version can be found
runtests: Don't start servers if -l is given
runtests: Fix -c option when run with valgrind
runtests: Fix quoting in Appveyor and Azure test integration
runtests: Lots of refactoring
runtests: Refactor into more packages
runtests: Show error message if file can't be written
runtests: Spawn a new process for the test runner
rustls: Fix error in recv handling
- schannel: Add clarifying comment
server/getpart: Clear target buffer before load
- smb: Remove double assign
- smbserver: Remove temporary files before exit
- socketpair: Verify with a random value
ssh: Add support for libssh2 read timeout
telnet: Simplify the implementation of str_is_nonascii()
test1169: Fix so it works properly everywhere
test1592: Add flaky keyword
test1960: Point to the correct path for the precheck tool
test303: Kill server after test
tests/http: Add timeout to running curl in test cases
tests/http: Fix log formatting on wrong exit code
tests/http: Fix out-of-tree builds
tests/http: Improved httpd detection
tests/http: More tests with specific clients
tests/http: Relax connection check in test_07_02
tests/keywords.pl: Remove
tests/libtest/lib1900.c: Remove
tests/sshserver.pl: Define AddressFamily earlier
- tests: 1078 1288 1297 use valid IPv4 addresses
tests: Document that the unittest keyword is special
- tests: Increase sws timeout for more robust testing
tests: Log a too-long Unix socket path in sws and socksd
tests: Make test_12_01 a bit more forgiving on connection counts
- tests: Move pidfiles and portfiles under the log directory
- tests: Move server config files under the pid dir
tests: Silence some Perl::Critic warnings in test suite
tests: Stop using strndup(), which isn't portable
tests: Switch to 3-argument open in test suite
- tests: Turn perl modules into full packages
tests: Use %LOGDIR to refer to the log directory
tool_cb_hdr: Fix 'Location:' formatting for early VTE terminals
tool_operate: Pass a long as CURLOPT_HEADEROPT argument
tool_operate: Refuse (--data or --form) and --continue-at combo
transfer: Refuse POSTFIELDS + RESUME_FROM combo
- transfer: Skip extra assign
url: Fix null dispname for --connect-to option
- url: Fix PVS nits
url: Remove call to Curl_llist_destroy in Curl_close
- urlapi: Clean-ups and improvements
- urlapi: Detect and error on illegal IPv4 addresses
urlapi: Prevent setting invalid schemes with *url_set()
- urlapi: Skip a pointless assign
- urlapi: URL encoding for the URL missed the fragment
urldata: Copy CURLOPT_AWS_SIGV4 value on handle duplication
urldata: Shrink *select_bits int => unsigned char
- vlts: Use full buffer size when receiving data if possible
- vtls and h2 improvements
- Websocket: Enhanced en-/decoding
wolfssl.yml: Bump to version 5.6.0
write-out.d: use response_code in example
ws: Handle reads before EAGAIN better
Updated perl-Test-Valgrind (1.19) as per the Fedora version
Updated perl-Test-Warnings (0.031) as per the Fedora version
Updated perl-Test2-Plugin-NoWarnings (0.09) as per the Fedora version
Updated perl-Types-Serialiser (1.01) as per the Fedora version
Updated perl-Unicode-UTF8 (0.62) as per the Fedora version
Thursday 18th May 2023
Fedora Project
Updated perl-IO-Socket-SSL to 2.083 in Rawhide:
SSL_version default now TLS 1.2+ since TLS 1.1 and lower are deprecated (GH#122)
Fix output of alert string when debugging (GH#132)
Add can_ciphersuites subroutine for feature checking (GH#127)
Utils::CERT_create - die if unexpected arguments are given instead of ignoring these
Fix t/protocol_version.t for OpenSSL versions that don't support SECLEVEL (regression from GH#122)
Updated perl-Unix-Syslog (1.1) in Rawhide to use SPDX-format license tag
Updated perl-XString (0.005) in Rawhide to use SPDX-format license tag
Updated perl-YAML-Syck (1.34) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-IO-Socket-SSL to 2.083 as per the Fedora version
Updated perl-Unix-Syslog (1.1) as per the Fedora version
Updated perl-XString (0.005) as per the Fedora version
Updated perl-YAML-Syck (1.34) as per the Fedora version
Updated python2-xapian to 1.4.22
Friday 19th May 2023
Fedora Project
Updated perl-autovivification (0.18) in Rawhide to use SPDX-format license tag
Updated perl-Software-License to 0.104003 in Rawhide:
- Add Artistic 1.0 Perl license and make Perl license use it
- Remove extra "59" from LGPL-2.1
Updated perl-Statistics-ChiSquare (1.0000) in Rawhide to use SPDX-format license tag
Updated rgb (1.0.6) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Software-License to 0.104003 as per the Fedora version
Updated perl-Statistics-ChiSquare (1.0000) as per the Fedora version
Saturday 20th May 2023
Fedora Project
Updated perl-String-CRC32 (2.100) in Rawhide to use SPDX-format license tag
Updated perl-String-Format (1.18) in Rawhide to use SPDX-format license tag
Updated perl-Symbol-Util (0.0203) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-String-Format (1.18) as per the Fedora version
Updated perl-Symbol-Util (0.0203) as per the Fedora version
Sunday 21st May 2023
Fedora Project
Updated perl-Sys-Hostname-Long (1.5) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Sys-Hostname-Long (1.5) as per the Fedora version
Monday 22nd May 2023
Fedora Project
Updated perl-Sysadm-Install (0.48) in Rawhide to use SPDX-format license tag
Updated perl-Taint-Util (0.08) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-API (0.010) in Rawhide to use SPDX-format license tag
Updated perl-TeX-Hyphen (1.18) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Taint-Util (0.08) as per the Fedora version
Updated perl-Test-API (0.010) as per the Fedora version
Tuesday 23rd May 2023
Fedora Project
Updated perl-Test-CheckChanges (0.14) in Rawhide to use SPDX-format license tag
Updated perl-Test-CheckDeps (0.010) in Rawhide to use SPDX-format license tag
Cleaned up and rebuilt perl-Test-Command (0.11) in Rawhide
Cleaned up and rebuilt perl-Test-ConsistentVersion (0.3.1) in Rawhide
Updated perl-Test-CPAN-Meta-YAML (0.25) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Local Packages
Updated curl to 8.1.1:
cf-socket: Completely remove the disabled USE_RECV_BEFORE_SEND_WORKAROUND
checksrc: Disallow spaces before labels
cmake: Avoid 'list(PREPEND)' for compatibility
- cmake: Repair cross compiling
configure: Fix --help alignment
configure: Generate a script to run the compiler
curl_easy_getinfo: Clarify on return data types
docs: Document that curl_url_cleanup(NULL) is a safe no-op
hostip: Move easy_lock.h include above curl_memory.h
- http2: Double http request parser max line length
- http2: Increase stream window size to 10 MB
- http2: Upload improvements
lib: Fix conversion warnings with gcc on macOS
lib: Rename struct 'http_req' to 'httpreq'
- ngtcp2: Fix compiler warning about possible null-deref
ngtcp2: Proper handling of uint64_t when adjusting send buffer
os400: Update chkstrings.c
runtests: Handle interrupted reads from IPC pipes
runtests: Use the correct fd after select
sectransp.c: Make the code c89 compatible
select: Avoid returning an error on EINTR from select() or poll()
test425: Fix the log directory for the upload
- url: Provide better error message when URLs fail to parse
- urlapi: Allow numerical parts in the host name
vquic.c: Make recvfrom_packets static, avoid compiler warning
I added a patch to fix the quoting in run-compiler.sh (GH#11179, GH#11180)
Updated perl-DBM-Deep (2.0016) to remove use of ' as a package name separator (CPAN RT#148417), which is a fix for the upcoming Perl 5.38
Updated perl-Params-Check (0.38) to use SPDX-format license tag
Updated perl-Test-CheckChanges (0.14) as per the Fedora version
Updated perl-Test-CheckDeps (0.010) as per the Fedora version
Updated perl-Test-CPAN-Meta-YAML (0.25) as per the Fedora version
Wednesday 24th May 2023
Fedora Project
Updated perl-Software-License to 0.104004 in Rawhide:
- Rename Perl Artistic License to avoid confusion in detecting license
Updated perl-Test-Distribution (2.00) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-EOL (2.02) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Software-License to 0.104004 as per the Fedora version
Updated perl-Test-Distribution (2.00) as per the Fedora version
Updated perl-Test-EOL (2.02) as per the Fedora version
Thursday 25th May 2023
Fedora Project
Updated perl-Test-HasVersion (0.014) in Rawhide to use SPDX-format license tag
Updated perl-Test-Kwalitee (1.28) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-Kwalitee-Extra (0.4.0) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-Modern (0.013) in Rawhide to use SPDX-format license tag
Updated perl-Test-Simple (1.302195) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Test-HasVersion (0.014) as per the Fedora version
Updated perl-Test-Kwalitee (1.28) as per the Fedora version
Updated perl-Test-Kwalitee-Extra (0.4.0) as per the Fedora version
Updated perl-Test-Modern (0.013) as per the Fedora version
Updated perl-Test-Simple (1.302195) as per the Fedora version
Friday 26th May 2023
Fedora Project
Updated perl-Number-Format to 1.76 in Rawhide:
- Fix for Perl 5.38 compatibility
Updated perl-Test-Mojibake (1.3) in Rawhide to use SPDX-format license tag
Updated perl-Test-NoTabs (2.02) in Rawhide to use SPDX-format license tag
Cleaned up and rebuilt perl-Test-Pod-Content (0.0.6) in Rawhide
Updated perl-Test-Prereq (2.003) in Rawhide to use SPDX-format license tag
Updated perl-Test-Signature (1.11) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-Spelling (0.25) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Test-Mojibake (1.3) as per the Fedora version
Updated perl-Test-NoTabs (2.02) as per the Fedora version
Updated perl-Test-Prereq (2.003) as per the Fedora version
Updated perl-Test-Signature (1.11) as per the Fedora version
Updated perl-Test-Spelling (0.25) as per the Fedora version
Saturday 27th May 2023
Fedora Project
Updated perl-Test-SubCalls (1.10) in Rawhide to use SPDX-format license tag
Updated python-paramiko to 3.2.0 in Rawhide:
- Fixed a very sneaky bug found at the apparently rarely-travelled intersection of RSA-SHA2 keys, certificates, SSH agents, and stricter-than-OpenSSH server targets, which manifested as yet another "well, if we turn off SHA2 at one end or another, everything works again" problem, for example with version 12 of the Teleport server endpoint
The 'server-sig-algs' and 'RSA-SHA2' features added around Paramiko 2.9 or so, had the annoying side effect of not working with servers that don't support either of those feature sets, requiring use of 'disabled_algorithms' to forcibly disable the SHA2 algorithms on Paramiko's end (GH#1961, GH#2012 and countless others)
The experimental '~paramiko.transport.ServiceRequestingTransport' (noted in its own entry in this changelog) includes a fix for this issue, specifically by falling back to the same algorithm as the in-use pubkey if it's in the algorithm list (leaving the "first algorithm in said list" as an absolute final fallback)
Implement '_fields()' on '~paramiko.agent.AgentKey' so that it may be compared (via '==') with other '~paramiko.pkey.PKey' instances
Since its inception, Paramiko has (for reasons lost to time) implemented authentication as a side effect of handling affirmative replies to 'MSG_SERVICE_REQUEST' protocol messages; what this means is Paramiko makes one such request before every 'MSG_USERAUTH_REQUEST', i.e. every auth attempt (GH#23)
- OpenSSH doesn't care if clients send multiple service requests, but other server implementations are often stricter in what they accept after an initial service request (due to the RFCs not being clear), which can result in odd behaviour when a user doesn't authenticate successfully on the very first try (for example, when the right key for a target host is the third in one's ssh-agent)
This version of Paramiko now contains an opt-in '~paramiko.transport.Transport' subclass, '~paramiko.transport.ServiceRequestingTransport', which more-correctly implements service request handling in the Transport, and uses an auth-handler subclass internally that has been similarly adapted; users wanting to try this new experimental code path may hand this class to 'SSHClient.connect as its 'transport_factory`' kwarg
This feature is experimental and its code may be subject to change
Minor backwards incompatible changes exist in the new code paths, most notably the removal of the (inconsistently applied and rarely used) 'event' arguments to the 'auth_xxx' methods
- GSSAPI support has only been partially implemented, and is untested
Some minor backwards-compatible changes were made to the existing Transport and AuthHandler classes to facilitate the new code; for example, 'Transport._handler_table' and 'AuthHandler._client_handler_table' are now properties instead of raw attributes
Users of '~paramiko.client.SSHClient' can now configure the authentication logic Paramiko uses when connecting to servers; this functionality is intended for advanced users and higher-level libraries such as 'Fabric' (https://fabfile.org/); see '~paramiko.auth_strategy' for details (GH#387)
Fabric's co-temporal release includes a proof-of-concept use of this feature, implementing an auth flow much closer to that of the OpenSSH client (versus Paramiko's legacy behaviour); it is strongly recommended that if this interests you, investigate replacing any direct use of 'SSHClient' with Fabric's 'Connection'
This feature is experimental; please see its docs for details
Enhanced '~paramiko.agent.AgentKey' with new attributes, such as:
Added a 'comment' attribute (and constructor argument); 'Agent.get_keys()' now uses this kwarg to store any comment field sent over by the agent; the original version of the agent feature inexplicably did not store the comment anywhere
Agent-derived keys now attempt to instantiate a copy of the appropriate key class for access to other algorithm-specific members (e.g. key size); this is available as the '.inner_key' attribute
This functionality is now in use in Fabric's new '--list-agent-keys' feature, as well as in Paramiko's debug logging
- '~paramiko.pkey.PKey' now offers convenience "meta-constructors", static methods that simplify the process of instantiating the correct subclass for a given key input
For example, 'PKey.from_path' can load a file path without knowing a priori what type of key it is (thanks to some handy methods within our cryptography dependency); going forwards, we expect this to be the primary method of loading keys by user code that runs on "human time" (i.e. where some minor efficiencies are worth the convenience)
In addition, 'PKey.from_type_string' now exists, and is being used in some internals to load ssh-agent keys
As part of these changes, '~paramiko.pkey.PKey' and friends grew a '~paramiko.pkey.PKey.identifiers' classmethod; this is inspired by the '~paramiko.ecdsakey.ECDSAKey.supported_key_format_identifiers' classmethod (which now refers to the new method); this also includes adding a '.name' attribute to most key classes (which will eventually replace '.get_name()')
'~paramiko.pkey.PKey' grew a new '.algorithm_name' property that displays the key algorithm; this is typically derived from the value of '~paramiko.pkey.PKey.get_name'; for example, ED25519 keys have a 'get_name' of 'ssh-ed25519' (the SSH protocol key type field value), and now have a 'algorithm_name' of 'ED25519'
'~paramiko.pkey.PKey' grew a new '.fingerprint' property that emits a fingerprint string matching the SHA256+Base64 values printed by various OpenSSH tooling (e.g. 'ssh-add -l', 'ssh -v'); this is intended to help troubleshoot Paramiko-vs-OpenSSH behaviour and will eventually replace the venerable 'get_fingerprint' method
'~paramiko.agent.AgentKey' had a dangling Python 3 incompatible '__str__' method returning bytes; this method has been removed, allowing the superclass' ('~paramiko.pkey.PKey') method to run instead
Local Packages
Updated perl-Test-SubCalls (1.10) as per the Fedora version
Monday 29th May 2023
Fedora Project
Updated perl-GD to 2.77 in Rawhide:
Add BMP support with libgd 2.1.0 (GH#49J
Don't link to -lXPM with neither XPM nor X11 (GH#45)
Rename ANIMGIF feature to GIFANIM
Fix unused variable failure in GH CI (CPAN RT#141125)
Updated perl-Test-TinyMocker (0.05) in Rawhide to use SPDX-format license tag and to run the release tests
Updated perl-Test-TrailingSpace (0.0601) in Rawhide to use SPDX-format license tag
Local Packages
Updated libmetalink (0.1.3) not to number the sole Source and avoid use of deprecated patch syntax
Updated perl-DateTime-Locale to 1.39:
Fixed parsing of the 'el-polyton' locale code: this had the same issue as 'be-tarask', which was fixed in 1.36; this is now fixed in such a way that similar language+variant codes will be parsed correctly in the future (GH#37)
Updated perl-Test-TrailingSpace (0.0601) as per the Fedora version
Tuesday 30th May 2023
Fedora Project
Merged PR#1 for perl-Crypt-CBC (3.04) in Rawhide to use SPDX-format license tag
Updated perl-Finance-Quote to 1.56 in Rawhide:
Replaced Tradeville.pm with BVB.pm (GH#269)
Added new TwelveData module
Updated YahooJSON.pm and CurrencyRates/YahooJSON.pm to use https://query2.finance.yahoo.com/v11 (GH#284)
Bourso.pm - Squash anything but numbers and period in quote values
Renamed MStarUK.pm to MorningstarUK.pm
Added get_features method (GH#260)
Updated perl-MouseX-ConfigFromFile (0.05) in Rawhide to use hunspell rather than aspell and to run the tests verbosely
Updated perl-MouseX-Types-Path-Class (0.07) in Rawhide to use hunspell rather than aspell and to run the tests verbosely
Updated perl-Test-UseAllModules (0.17) in Rawhide to use SPDX-format license tag
Updated perl-Test-Vars (0.015) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Text-SpellChecker (0.14) in Rawhide to use SPDX-format license tag and drop the optional aspell test from Fedora 39 onwards
Local Packages
Updated curl to 8.1.2:
configure: Quote the assignments for run-compiler
configure: Without pkg-config and no custom path, use -lnghttp2
curl: Cache the --trace-time value for a second
- http2: Fix EOF handling on uploads with auth negotiation
- http3: Send EOF indicator as early as possible
lib1560: Verify more scheme guessing
- lib: Remove unused functions, make single-use static
libcurl.m4: Remove trailing 'dnl' that causes this to break autoconf
libssh: When keyboard-interactive auth fails, try password
- misc: Fix spelling mistakes
- page-header: Mention curl version and how to figure out current release
- page-header: Minor wording polish in the URL segment
scripts/singleuse.pl: Add more API calls
urlapi: Remove superfluous host name check
Rebuilt perl-Net-DNS (1.38) to sync with Rawhide
Updated perl-Test-UseAllModules (0.17) as per the Fedora version
Updated perl-Test-Vars (0.015) as per the Fedora version
Wednesday 31st May 2023
Fedora Project
Updated perl-CPAN-Meta-Requirements (2.142) in Rawhide to fix regression with multiple version numbers (Bug #2208279, GH#38)
Updated perl-MCE to 1.885 in Rawhide:
- Improved reliability on the Windows platform
Updated perl-MCE-Shared to 1.881 in Rawhide:
Bump MCE dependency to 1.885
- Improved reliability on the Windows platform
Updated perl-Test-Version (2.09) in Rawhide to use SPDX-format license tag
Updated perl-Test-XML (0.08) in Rawhide to use SPDX-format license tag
Updated perl-Test-YAML (1.07) in Rawhide to use SPDX-format license tag
Updated perl-Test-YAML-Valid (0.04) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test2-Tools-Explain (0.02) in Rawhide to use SPDX-format license tag
Updated perl-Text-Hunspell (2.16) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Local Packages
Updated perl-CPAN-Meta-Requirements (2.142) as per the Fedora version
Updated perl-MCE to 1.885 as per the Fedora version
Updated perl-MCE-Shared to 1.881 as per the Fedora version
Updated perl-Test-Version (2.09) as per the Fedora version
Updated perl-Test-YAML (1.07) as per the Fedora version
Updated perl-Test-YAML-Valid (0.04) as per the Fedora version
Updated perl-Test2-Tools-Explain (0.02) as per the Fedora version
Updated perl-Text-Hunspell (2.16) as per the Fedora version
Previous Month: April 2023
Next Month: June 2023