Paul's Blog Entries for June 2023
Thursday 1st June 2023
Fedora Project
Updated libssh2 to 1.11.0 in Rawhide:
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
Adds Agent Forwarding and libssh2_agent_sign()
Adds support for Channel Signal message libssh2_channel_signal_ex()
Adds support to get the user auth banner message libssh2_userauth_banner()
Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake "unity" builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
Adds support for libssh2.rc for all build tools
Adds .zip, .tar.xz and .tar.bz2 release tarballs
Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: Now parses attribute extensions if they exist
- SFTP: No longer will busy loop if SFTP fails to initialize
- SFTP: Now clear various errors as expected
- SFTP: No longer skips files if the line buffer is too small
- SCP: Add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
Support for building with gcc versions older than 8
Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed "old gex" build option
- Removed no-encryption/no-mac builds
Removed support for NetWare and Watcom wmake build files
I added a patch to work around strict permissions issues that would cause the sshd tests to fail:
1 Group-writeable directories in the hierarchy above where we 2 run the tests from can cause failures due to openssh's strict 3 permissions checks. Adding this option helps the tests to run 4 more reliably on a variety of build systems. 5 6 --- tests/test_sshd.test 7 +++ tests/test_sshd.test 8 @@ -71,6 +71,7 @@ chmod go-rwx \ 9 # shellcheck disable=SC2086 10 "${SSHD}" \ 11 -f "${SSHD_FIXTURE_CONFIG:-${d}/openssh_server/sshd_config}" \ 12 + -o 'StrictModes no' \ 13 -o 'Port 4711' \ 14 -h "${d}/openssh_server/ssh_host_rsa_key" \ 15 -h "${d}/openssh_server/ssh_host_ecdsa_key" \
Updated perl-Tie-EncryptedHash (1.24) in Rawhide to use SPDX-format license tag
Updated perl-Tie-RefHash-Weak (0.09) in Rawhide to use SPDX-format license tag
Updated perl-Time-Piece-MySQL (0.06) in Rawhide to use SPDX-format license tag
Updated perl-Time-y2038 (20100403) in Rawhide to use SPDX-format license tag
Updated perl-Tree-DAG_Node (1.32) in Rawhide to use SPDX-format license tag
Updated perl-UNIVERSAL-moniker (0.08) in Rawhide to use SPDX-format license tag
Updated perl-URI-cpan (1.008) in Rawhide to use SPDX-format license tag
Updated perl-URI-Fetch (0.15) in Rawhide to use SPDX-format license tag
Local Packages
Updated libssh2 to 1.11.0 as per the Fedora version
Updated perl-Net-DNS to 1.39:
Fix udpsize uninitialized value (CPAN RT#148340)
Updated perl-Tie-RefHash-Weak (0.09) as per the Fedora version
Updated perl-Time-y2038 (20100403) as per the Fedora version
Updated perl-Tree-DAG_Node (1.32) as per the Fedora version
Updated perl-URI-cpan (1.008) as per the Fedora version
Friday 2nd June 2023
Fedora Project
Cleaned up and rebuilt perl-constant-boolean (0.02) in Rawhide
Updated perl-Module-Build-Tiny to 0.046 in Rawhide:
Add src/ to include paths
Cleaned up and rebuilt perl-Unicode-MapUTF8 (1.14) in Rawhide
Updated perl-Version-Requirements (0.101023) in Rawhide to use SPDX-format license tag
Updated perl-XML-SemanticDiff (1.0007) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-constant-boolean (0.02) as per the Fedora version
Updated perl-File-HomeDir (1.006) to use SPDX-format license tag
Updated perl-Module-Build-Tiny to 0.046 as per the Fedora version
Updated perl-Test-FailWarnings (0.008) to use SPDX-format license tag
Updated perl-Unicode-Map (0.112) to use SPDX-format license tag
Updated perl-Unicode-MapUTF8 (1.14) as per the Fedora version
Updated perl-Version-Requirements (0.101023) as per the Fedora version
Sunday 4th June 2023
Fedora Project
Updated bluefish to 2.2.14 in Rawhide:
- Fix three bugs that in certain situations could lead to a segfault:
- When deleting backup files on close
- When closing some of the dialogs in a flatpak distributed version of bluefish
- When the CSS language file was loaded on a 32bit system.
- Fix zencoding functionality with Python 3
- Add an option to store the scope of the search dialog to the session or project (this was removed in 2.2.12 because of a bug report)
- Improve the speed of the bookmarks code
The build infrastructure was also slightly modernized; intltool is no longer used
- Fix three bugs that in certain situations could lead to a segfault:
Local Packages
Updated bluefish to 2.2.14 as per the Fedora version
Updated python-passlib (1.7.4) license field with SPDX approved UnixCrypt identifier
Monday 5th June 2023
Fedora Project
Updated perl-true (1.0.2) in Rawhide to use SPDX-format license tag
Updated python-should_dsl (2.1.2) in Rawhide to update to current Python packaging guidelines, as far as possible
Local Packages
Updated c-ares to 1.19.1:
CVE-2023-32067 (High): 0-byte UDP payload causes Denial of Service
CVE-2023-31147 (Moderate): Insufficient randomness in generation of DNS query IDs
CVE-2023-31130 (Moderate): Buffer Underwrite in ares_inet_net_pton()
CVE-2023-31124 (Low): AutoTools does not set CARES_RANDOM_FILE during cross compilation
- Fix uninitialized memory warning in test
Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses
ares_getaddrinfo() should allow a port of 0
Fix memory leak in ares_send() on error
Fix comment style in ares_data.h
Remove unneeded ifdef for Windows
Fix typo in ares_init_options.3
- Re-add support for Watcom compiler
Sync ax_pthread.m4 with upstream
- Windows: Invalid stack variable used out of scope for HOSTS path
Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
Updated perl-true (1.0.2) as per the Fedora version
Updated sendmail to 8.17.2 (see RELEASE_NOTES for details)
Updated unrar to 6.22
Tuesday 6th June 2023
Fedora Project
Updated glib (1.2.10) in Rawhide to avoid use of deprecated patch syntax and drop workaround for unavailable make_build macro on EL-6
Updated gtk+ (1.2.10) in Rawhide to avoid use of deprecated patch syntax and drop workaround for unavailable make_build macro on EL-6
Wednesday 7th June 2023
Fedora Project
Updated perl-MCE to 1.886 in Rawhide:
Added dequeue_timed method to MCE::Queue
Fixed taint mode in MCE->printf and _sprintf
- Improved reliability on the Windows platform
Updated perl-MCE-Shared to 1.883 in Rawhide:
Bump MCE dependency to 1.886
Added dequeue_timed method to MCE::Shared::Queue
Fixed taint mode in MCE::Shared::Sequence _sprintf
Remove unused Queue vars in MCE::Shared::Server, since 1.867
Local Packages
Updated perl-MCE to 1.886 as per the Fedora version
Updated perl-MCE-Shared to 1.883 as per the Fedora version
Updated perl-NetAddr-IP (4.079) to use SPDX-format license tag
Thursday 8th June 2023
Fedora Project
Updated perl-MCE-Shared to 1.884 in Rawhide:
Add missing return statement(s) in Condvar and Queue
Move tests for condvar timedwait to xt/condvar_timedwait.t
RPM Fusion Project
Updated xv in F-37, F-38 and Rawhide to switch upstream to https://github.com/jasper-software/xv and add webp support, with new version 4.1.1
Local Packages
Updated perl-MCE-Shared to 1.884 as per the Fedora version
Updated perl-Text-Diff (1.45) to use SPDX-format license tag
Updated perl-Tie-IxHash (1.23) to use SPDX-format license tag
Updated xv to 4.1.1 as per the RPM Fusion version
Friday 9th June 2023
Local Packages
Updated perl-File-Which (1.27) to use SPDX-format license tag
Updated perl-Mail-Sender (0.903) to use SPDX-format license tag
Saturday 10th June 2023
Fedora Project
Updated perl-MCE to 1.887 in Rawhide:
Fix typo in Queue dequeue_timed documentation
Updated perl-MCE-Shared to 1.885 in Rawhide:
Fix typo in Queue dequeue_timed documentation
Local Packages
Updated perl-MCE to 1.887 as per the Fedora version
Updated perl-MCE-Shared to 1.885 as per the Fedora version
Tuesday 13th June 2023
Fedora Project
Updated perl-List-MoreUtils-XS (0.430) in Rawhide to disable extra test in RHEL builds (based on PR#1)
Thursday 15th June 2023
Local Packages
Updated perl-HTTP-Tiny to 0.084:
Change the 'verify_SSL' parameter default value from '0' to '1' (CVE-2023-31486)
'$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}' can be used to restore the old default if required
Tuesday 20th June 2023
Fedora Project
Updated perl-CPAN-Meta-Requirements to 2.143 in Rawhide:
Fix regression with implicit minimum value and multiple requirements (GH#38)
Local Packages
Updated libnet (1.2) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-B-Keywords to 1.26:
Add Corinna keywords (ADJUST, class, field, method), new with Perl 5.38.0 (GH#8)
Updated README
Updated perl-CPAN-Meta-Requirements to 2.143 as per the Fedora version
Thursday 22nd June 2023
Fedora Project
Updated perl-MCE to 1.888 in Rawhide:
Fix typos caught by lintian (GH#17)
Local Packages
Updated perl-MCE to 1.888 as per the Fedora version
Updated perl-XML-LibXML (2.0208) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-XML-NamespaceSupport (1.12) to use SPDX-format license tag
Updated perl-XML-Rules (1.16) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-XML-SAX (1.02) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-XML-SAX-Base (1.09) to use SPDX-format license tag
Updated perl-YAML-Old (1.23) to use SPDX-format license tag
Friday 23rd June 2023
Fedora Project
Updated rbldnsd (0.998b) in Rawhide and EPEL-9 to avoid use of the no-longer-supported systemd ".include" directive (Bug #2216790), to avoid use of deprecated patch syntax and to fix the version number reported by rbldnsd
Local Packages
Updated perl-HTTP-Tiny to 0.086:
Fix code to use $ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT} as documented
Updated perl-version (0.9929) to use SPDX-format license tag
Updated perl-WeakRef (0.01) to use SPDX-format license tag
Updated perl-XML-DTDParser (2.01) to use SPDX-format license tag
Updated rbldnsd (0.998b) as per the Fedora version
Saturday 24th June 2023
Fedora Project
Updated perl-Unicode-Map8 (0.13) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-UNIVERSAL-require (0.19) in Rawhide to use SPDX-format license tag and avoid use of deprecated patch syntax
Local Packages
Updated perl-Text-Trac (0.24) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-TimeDate (2.33) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Unicode-Map8 (0.13) as per the Fedora version
Updated perl-Unicode-String (2.10) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-UNIVERSAL-require (0.19) as per the Fedora version
Sunday 25th June 2023
Fedora Project
Updated perl-Mail-Message to 3.013 in Rawhide:
- Changes:
In header lines, leave the actual white-space related to FWS intact; you may want to add s/\t/ / before you print a header (GH#7)
When the comment in an address has no closing ')', consume the whole remaining line rather than fail parsing (GH#6)
When the charset of a ::Body is not specified, a real attempt is made to autodetect the best setting, for reading, constructing, and writing bodies (GH#12)
This may change the output of your regression tests: previously, the default interpretation was 'us-ascii' for reading and 'utf-8' for writing
- Fixes:
::Field::Full consumePhrase() should take minimal encoded phrase
::Field::Address overloaded cmp() used 'eq' where it should have been 'cmp'
Fix partNumber when the multipart parent is a nested (GH#14)
::Body::Multipart, even when there is only a single \n after the trailing boundary, then there is a epilogue (GH#16)
- Improvements:
Run regression-tests with MIME::Entity on devel system
::Body->decode autodetects missing charset
The ability to set the charset detector via ::Body::Encode method charsetDetectAlgorithm()
New release of User::Identity
When a part has message/rfc822 and also has Content-Transfer-Encoding, then do not parse it as "nested" but as a normal part (GH#17)
Local Packages
Updated perl-Test-Warn (0.37) to use SPDX-format license tag
Updated perl-Test-WriteVariants (0.014) to use SPDX-format license tag
Updated perl-Text-Glob (0.11) to use SPDX-format license tag
Updated perl-Text-Template (1.61) to use SPDX-format license tag
Monday 26th June 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20230626.001 in Rawhide:
- Data update for 20230626
Local Packages
Updated perl-Module-Signature (0.88) to use SPDX-format license tag and avoid use of deprecated patch syntax
Updated perl-Test-Portability-Files (0.10) to use SPDX-format license tag
Updated perl-Test-Script (1.29) to use SPDX-format license tag
Updated perl-Test-Taint (1.08) to use SPDX-format license tag
Updated perl-Test-utf8 (1.02) to use SPDX-format license tag
Tuesday 27th June 2023
Fedora Project
Updated perl-Test-MockModule (0.177.0) in Rawhide to use SPDX-format license tag
Local Packages
Updated perl-Test-More-UTF8 (0.05) to use SPDX-format license tag
Updated perl-Test-Object (0.08) to use SPDX-format license tag
Updated perl-Test-Pod (1.52) to use SPDX-format license tag
Thursday 29th June 2023
Local Packages
Updated perl-HTML-Tidy (1.60) to use SPDX-format license tag
Updated perl-Test-HTML-Tidy (1.00) to use SPDX-format license tag
Updated perl-Test-LongString (0.17) to use SPDX-format license tag
Updated perl-Test-MockModule (0.177.0) to use SPDX-format license tag
Friday 30th June 2023
Local Packages
Updated perl-Test-DistManifest (1.014) to use SPDX-format license file
Updated perl-Test-File-ShareDir (1.001002) to use SPDX-format license tag
Updated perl-Test-Harness (3.44) to use SPDX-format license tag