#acl PaulHowarth:read,write,admin,revert,delete All:read

=== Thursday 1st June 2023 ===

==== Fedora Project ====

 * Updated `libssh2` to 1.11.0 in Rawhide:
  * Adds support for encrypt-then-mac (ETM) MACs
  * Adds support for AES-GCM crypto protocols
  * Adds support for `sk-ecdsa-sha2-nistp256` and `sk-ssh-ed25519` keys
  * Adds support for RSA certificate authentication
  * Adds FIDO support with `*_sk()` functions
  * Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
  * Adds Agent Forwarding and `libssh2_agent_sign()`
  * Adds support for Channel Signal message `libssh2_channel_signal_ex()`
  * Adds support to get the user auth banner message `libssh2_userauth_banner()`
  * Adds `LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES}` options
  * Adds direct stream UNIX sockets with `libssh2_channel_direct_streamlocal_ex()`
  * Adds wolfSSL support to CMake file
  * Adds mbedTLS 3.x support
  * Adds LibreSSL 3.5 support
  * Adds support for CMake "unity" builds
  * Adds CMake support for building shared and static libs in a single pass
  * Adds symbol hiding support to CMake
  * Adds support for `libssh2.rc` for all build tools
  * Adds `.zip`, `.tar.xz` and `.tar.bz2` release tarballs
  * Enables `ed25519` key support for LibreSSL 3.7.0 or higher
  * Improves OpenSSL 1.1 and 3 compatibility
  * Now requires OpenSSL 1.0.2 or newer
  * Now requires CMake 3.1 or newer
  * SFTP: Adds `libssh2_sftp_open_ex_r()` and `libssh2_sftp_open_r()` extended APIs
  * SFTP: No longer has a packet limit when reading a directory
  * SFTP: Now parses attribute extensions if they exist
  * SFTP: No longer will busy loop if SFTP fails to initialize
  * SFTP: Now clear various errors as expected
  * SFTP: No longer skips files if the line buffer is too small
  * SCP: Add option to not quote paths
  * SCP: Enables 64-bit offset support unconditionally
  * Now skips leading `\r` and `\n` characters in `banner_receive()`
  * Enables secure memory zeroing with all build tools on all platforms
  * No longer logs `SSH_MSG_REQUEST_FAILURE` packets from `keepalive`
  * Speed up base64 encoding by 7x
  * Assert if there is an attempt to write a value that is too large
  * WinCNG: fix memory leak in `_libssh2_dh_secret()`
  * Added protection against possible null pointer dereferences
  * Agent now handles overly large comment lengths
  * Now ensure KEX replies don't include extra bytes
  * Fixed possible buffer overflow when receiving `SSH_MSG_USERAUTH_BANNER`
  * Fixed possible buffer overflow in keyboard interactive code path
  * Fixed overlapping `memcpy()`
  * Fixed Windows UWP builds
  * Fixed DLL import name
  * Renamed local `RANDOM_PADDING` macro to avoid unexpected define on Windows
  * Support for building with `gcc` versions older than 8
  * Improvements to CMake, `Makefile`, `NMakefile`, `GNUmakefile`, `autoreconf` files
  * Restores ANSI C89 compliance
  * Enabled new compiler warnings and fixed/silenced them
  * Improved error messages
  * Now uses CIFuzz
  * Numerous minor code improvements
  * Improvements to CI builds
  * Improvements to unit tests
  * Improvements to doc files
  * Improvements to example files
  * Removed "old gex" build option
  * Removed no-encryption/no-mac builds
  * Removed support for NetWare and Watcom wmake build files
 . I added a patch to work around strict permissions issues that would cause the `sshd` tests to fail:
 . {{{#!highlight diff
Group-writeable directories in the hierarchy above where we
run the tests from can cause failures due to openssh's strict
permissions checks. Adding this option helps the tests to run
more reliably on a variety of build systems.

--- tests/test_sshd.test
+++ tests/test_sshd.test
@@ -71,6 +71,7 @@ chmod go-rwx \
 # shellcheck disable=SC2086
 "${SSHD}" \
   -f "${SSHD_FIXTURE_CONFIG:-${d}/openssh_server/sshd_config}" \
+  -o 'StrictModes no' \
   -o 'Port 4711' \
   -h "${d}/openssh_server/ssh_host_rsa_key" \
   -h "${d}/openssh_server/ssh_host_ecdsa_key" \
}}}
 * Updated `perl-Tie-EncryptedHash` (1.24) in Rawhide to use SPDX-format license tag
 * Updated `perl-Tie-RefHash-Weak` (0.09) in Rawhide to use SPDX-format license tag
 * Updated `perl-Time-Piece-MySQL` (0.06) in Rawhide to use SPDX-format license tag
 * Updated `perl-Time-y2038` (20100403) in Rawhide to use SPDX-format license tag
 * Updated `perl-Tree-DAG_Node` (1.32) in Rawhide to use SPDX-format license tag
 * Updated `perl-UNIVERSAL-moniker` (0.08) in Rawhide to use SPDX-format license tag
 * Updated `perl-URI-cpan` (1.008) in Rawhide to use SPDX-format license tag
 * Updated `perl-URI-Fetch` (0.15) in Rawhide to use SPDX-format license tag

==== Local Packages ====

 * Updated `libssh2` to 1.11.0 as per the Fedora version
 * Updated `perl-Net-DNS` to 1.39:
  * Fix `udpsize` uninitialized value ([[CPAN:148340|CPAN RT#148340]])
 * Updated `perl-Tie-RefHash-Weak` (0.09) as per the Fedora version
 * Updated `perl-Time-y2038` (20100403) as per the Fedora version
 * Updated `perl-Tree-DAG_Node` (1.32) as per the Fedora version
 * Updated `perl-URI-cpan` (1.008) as per the Fedora version

----