Paul's Blog Entries for September 2023
Sunday 3rd September 2023
Fedora Project
Updated perl-DBM-Deep to 2.0017 in F-39 and Rawhide:
Get rid of old perl4-style ' package separator and use :: instead for compatibility with perl 5.38 (CPAN RT#148417)
Updated perl-Email-Abstract to 3.010 in F-39 and Rawhide:
- Update packaging metadata
Updated perl-URI-cpan to 1.009 in F-39 and Rawhide:
- Updates to dist metadata only
Local Packages
Updated bluefish (2.2.14) to improve C99 compatibility (https://sourceforge.net/p/bluefish/code/9007/)
Updated perl-Data-UUID (1.226) to update license to SPDX format
Updated perl-DBM-Deep to 2.0017 as per the Fedora version
Updated perl-URI-cpan to 1.009 as per the Fedora version
Monday 4th September 2023
Fedora Project
Updated libssh2 to 1.10.0 in EPEL-8 to address CVE-2020-22218
Local Packages
Updated perl-ExtUtils-ParseXS to use new upstream 3.51 release rather than version 3.44 patched to 3.51 with changes from perl core release
- Changes since 3.44:
Fix OVERLOAD and FALLBACK handling (GH#19320)
Fix ExtUtils::ParseXS compatibility with perl < 5.8.8
Handle #else and #endif without blank line prefixes
Better support for duplicate ALIASes
- Allow symbolic alias of default function
Add support for elifdef and elifndef
- Disable alias value collision warnings by default
- Silence warnings about unreached code in generated XS code
Correct colon translation of $type in OUTPUT section
Make versions in ExtUtils-ParseXS consistent
Initialize $self correctly in EU::PXS::Utilities::death()
C++ builds: avoid generating C<< extern "C" extern "C" >>
Updated perl-Net-DNS to 1.40:
Add support for SVCB dohpath and ohttp parameters
More robust test of bgbusy() SpamAssassin workaround
t/05-SOA.t test would fail in 2038 (CPAN RT#149456)
Fix deep recursion on subroutine "Net::DNS::Resolver::Recurse::_recurse" (CPAN RT#149280)
Tuesday 5th September 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20230904.001 in F-39 and Rawhide:
- Data update for 2023-09-04
Updated perl-Crypt-CBC (3.04) in F-37, F-38, F-39, Rawhide and EPEL-9 to fix decryption of ciphertext created with 'header' => 'randomiv' (Bug #2235322, GH#6, GH#7)
Thursday 7th September 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20230907.001 in F-39 and Rawhide:
- Data update for 2023-09-07
Saturday 9th September 2023
Fedora Project
Updated perltidy to 20230909 (see CHANGES.md for details)
Local Packages
Updated perl-Perl-Tidy to 20230909 as per the Fedora perltidy package
Sunday 10th September 2023
Fedora Project
Updated perl-Module-CPANTS-Analyse to 1.02 in F-39 and Rawhide:
Treat use v5.36 as use_warnings (GH#49)
Skip some of the manifest test if symlink is not available (GH#50)
- Improve prereq sorting
- Improve pod detection
- Improve script detection
Use Parse::Distname to get a little more information from a distribution name
- Dedupe possible licences
Add Object::Pad as use strict equivalent (GH#42)
Fix has_license_in_source_file for distributions that contain only a script under bin or scripts (GH#37)
Local Packages
Updated perl-Module-CPANTS-Analyse to 1.02 as per the Fedora version
Wednesday 13th September 2023
Fedora Project
Updated perltidy to 20230912 in F-39 and Rawhide:
Remove a syntax error check that could cause an incorrect error message when List::Gather::gather was used (GH#124)
Local Packages
Updated curl to 8.3.0:
curl: Make %output{} in -w specify a file to write to
- gskit: Remove
lib: --disable-bindlocal builds curl without local binding support
- nss: Remove support for this TLS library
- tool: Add "variable" support
- trace: Make tracing available in non-debug builds
url: Change default value for CURLOPT_MAXREDIRS to 30
urlapi: CURLU_PUNY2IDN - convert from punycode to IDN name
- wolfssl: Support loading system CA certificates
- altsvc: Accept and parse IPv6 addresses in response headers
- asyn-ares: Reduce timeout to 2000ms
- aws-sigv4: Canonicalize the query
- aws-sigv4: Fix having date header twice in some cases
- aws-sigv4: Handle no-value user header entries
- bearssl: Don't load CA certs when peer verification is disabled
bearssl: Handshake fix, provide proper get_select_socks() implementation
build: Fix portability of mancheck and checksrc targets
- build: Streamline non-UWP wincrypt detections
c-hyper: Adjust the hyper to curlcode conversion
c-hyper: Fix memory leaks in 'Curl_http'
cf-haproxy: Make CURLOPT_HAPROXY_CLIENT_IP set the source IP
- cf-socket: Log successful interface bind
CI/cirrus: Disable python install on FreeBSD
- CI: Add a 32-bit i686 Linux build
- CI: Add caching to many jobs
CI: Move on to ngtcp2 v0.19.1
- CI: Move the Alpine build from Cirrus to GHA
- CI: ngtcp2-linux: Use separate caches for tls libraries
- CI: Remove Windows builds from Cirrus, without replacement
- CI: Switch macOS ARM build from Cirrus to Circle CI
CI: Use master again for wolfssl
cirrus: Install everything with pkg, avoid pip
- cmake: Add GnuTLS option
cmake: Add support for 'CURL_DEFAULT_SSL_BACKEND'
cmake: Add support for single libcurl compilation pass
cmake: Allow 'SHARE_LIB_OBJECT=ON' on all platforms
cmake: Assume 'wldap32' availability on Windows
- cmake: Cache more config and delete unused ones
cmake: Detect 'SSL_set0_wbio' in OpenSSL
cmake: Drop 'HAVE_LIBWINMM' and 'HAVE_LIBWS2_32' feature checks
cmake: Fix to use variable for the curl namespace
- cmake: Fixup H2 duplicate symbols for unity builds
cmake: Set SIZEOF_LONG_LONG in curl_config.h
cmake: Support building static and shared libcurl in one go
- cmdline-docs: Make sure to phrase it as "added in ...."
- cmdline-docs: Use present tense, not future
- cmdline-opts/docs: Mention the negative option part
cmdline-opts/page-header: Clarify stronger that !opt == URL
- cmdline-opts/page-header: Reorder, clean up
- configure, cmake, lib: More form API deprecation
configure: Fix 'HAVE_TIME_T_UNSIGNED' check
configure: Trust pkg-config when it's used for zlib
configure: Use the pkg-config --libs-only-l flag for libssh2
connect: Stop halving the remaining timeout when less than 600 ms left
cookie-jar.d: Emphasize that this option is only writing cookies
- crypto: Ensure crypto initialization works
curl_url_get/set.3: Add missing semicolon in SYNOPSIS
CURLINFO_CERTINFO.3: Better explain curl_certinfo struct
CURLINFO_TLS_SSL_PTR.3: Clarify a recommendation
CURLOPT_*TIMEOUT*: Extend and clarify
CURLOPT_SSL_VERIFYPEER.3: Mention it does not load CA certs when disabled
CURLOPT_URL.3: Add two URL API calls in the see-also section
CURLOPT_URL.3: Explain curl_url_set() uses the same parser
- digest: Use hostname to generate spn instead of realm
disable.d: Explain --disable not implemented prior to 7.50.0
docs/cmdline-opts/gen.pl: Hide "added in" before 7.50.0
docs/cmdline-opts: Match the current output
docs/cmdline-opts: Spellfixes, typos and polish
docs/cmdline: Add small "warning" to verbose options
docs/cmdline: Remove repeated working for negotiate + ntlm
docs/HYPER.md: Document a workaround for a link error
docs: Add curl_global_trace to some SEE ALSO sections
- docs: Link to the website versions instead of markdowns
docs: Mark --ssl-revoke-best-effort as Schannel specific
docs: Mention critical files in same directories as curl saves
docs: Removing "pausing transfers" from HYPER.md
- docs: Rewrite to present tense
easy: Remove #ifdefs to make code easier on the eye
egd: Delete feature detection and related source code
- ftp: Fix temp write of ipv6 address
gen.pl: Escape all dashes (ascii minus) to avoid unicode hyphens
gen.pl: Replace all single quotes with aq
- GHA: Adding quiche workflow
- headers: Accept leading whitespaces on first response header
- http2: Avoid too early connection re-use/multiplexing
- http2: Clean up trace messages
- http2: Disable assertion blocking OSSFuzz testing
http2: Fix in h2 proxy tunnel: progress in ingress on sending
http2: Polish things around POST
- http2: Upgrade tests and add fix for non-existing stream
- http3/ngtcp2: Shorten handshake, trace clean up
- http3: Quiche, handshake optimization, trace clean up
- http: Close the connection after a late 417 is received
http: Do not require a user name when using CURLAUTH_NEGOTIATE
- http: Fix sending of large requests
http: Remove the p_pragma struct field
http: Return error when receiving too large header set (CVE-2023-38039)
- hyper: Fix a progress upload counter bug
- hyper: Fix ownership problems
hyper: Remove 'hyptransfer->endtask'
imap: Add a check for failing strdup()
imap: Remove the only sscanf() call in the IMAP code
include.d: Explain headers not printed with --fail before 7.75.0
include/curl/mprintf.h: Add __attribute__ for the prototypes
- krb5: Fix "implicit conversion loses integer precision" warnings
- lib: Add ability to disable auths individually
- lib: Build fixups when built with most things disabled
lib: Fix a few *printf() flag mistakes
- lib: Fix null ptr derefs and uninitialized vars (h2/h3)
lib: Move mimepost data from ->req.p.http to ->state
libtest: Use curl_free() to free libcurl allocated data
list-only.d: Mention SFTP as supported protocol
- macOS: Fix target detection more
- misc: Fix various typos
multi.h: The 'revents' field of curl_waitfd is supported
multi: More efficient pollfd count for poll
multi: Remove 'processing: <url>' debug message
ngtcp2: Fix handling of large requests
openssl: Auto-detect 'SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED'
openssl: Clear error queue after SSL_shutdown
- openssl: Make aws-lc version support OCSP
- openssl: Support async cert verify callback
- openssl: Switch to modern init for LibreSSL 2.7.0+
openssl: Use 'SSL_CTX_set_ciphersuites' with LibreSSL 3.4.1
openssl: Use 'SSL_CTX_set_keylog_callback' with LibreSSL 3.5.0
openssl: When CURLOPT_SSL_CTX_FUNCTION is registered, init x509 store before
- os400: Build test servers
- os400: Do not check translatable options at build time
- os400: Implement CLI tool
page-footer: QLOGDIR works with ngtcp2 and quiche
page-header: Move up a URL paragraph from GLOBBING to URL
pytest: Fix check for slow_network skips to only apply when intended
- quic: Don't set SNI if hostname is an IP address
quiche: Adjust quiche 'QUIC_IDLE_TIMEOUT' to 60s
- quiche: Enable quiche to handle timeout events
resolve: Use PF_INET6 family lookups when CURL_IPRESOLVE_V6 is set
Revert "schannel: reverse the order of certinfo insertions"
- schannel: Fix ordering of cert chain info
- schannel: Fix user-set legacy algorithms in Windows 10 and 11
- schannel: Verify hostname independent of verify cert
- sectransp: Fix compiler warnings
sectransp: Prevent CFRelease() of NULL
secureserver.pl: Fix stunnel path quoting
secureserver.pl: Fix stunnel version parsing
SECURITY-PROCESS.md: Not a sec issue: Tricking user to run a cmdline
system.h: Add CURL_OFF_T definitions on HP-UX with HP aCC
test1304: Build and skip without netrc support
test1554: Check translatable string options in OS400 wrapper
test1608: Make it build and get skipped without shuffle DNS support
test687/688: Two more basic --xattr tests
tests/tftpd+mqttd: Make variables static to silence picky warnings
tests: Add 'large-time' as a testable feature
tests: Add support for nested %if conditions
- tests: Don't call HTTP errors OK in test cases
tests: Ensure 'libcurl.def' contains all exports
- tests: Fix h3 server check and parallel instances
- tests: TLS session sharing test
- tests: Update cookie expiry dates to far in the future
time-cond.d: Mention what happens on a missing file
tool: Avoid including leading spaces in the Location hyperlink
tool: Change some fopen failures from warnings to errors
tool: Make the length argument an int for printf()-.* flags
tool_cb_wrt: Fix invalid unicode for windows console
tool_filetime: Make -z work with file dates before 1970
tool_operate: Allow both SSL_CERT_FILE and SSL_CERT_DIR
tool_operate: Make aws-sigv4 not require TLS to be used
tool_paramhlp: Improve str2num(): Avoid unnecessary call to strlen()
tool_urlglob: Use the correct format specifier for curl_off_t in msnprintf
- transfer: Also stop the sending on closed connection
transfer: Don't set TIMER_STARTTRANSFER on first send
unit2600: Fix build warning if built without verbose messages
url: Remove infof() output for "still name resolving"
urlapi: Fix heap buffer overflow
urlapi: Make sure zoneid is also duplicated in curl_url_dup
urlapi: Return CURLUE_BAD_HOSTNAME if puny2idn encoding fails
urlapi: Setting a blank URL ("") is not an ok URL
vquic: Show stringified messages for errno
- vtls: Clarify "ALPN: offers" message
winbuild: Improve check for static zlib
- wolfSSL: Avoid the OpenSSL compat API when not needed
workflows/macos.yml: Disable zstd and alt-svc in the http-only build
write-out.d: Clarify %{time_starttransfer}
- ws: Fix spelling mistakes in examples and tests
I dropped support for EL < 8 and Fedora < 27 with this build since the native curl versions there use NSS and I don't want to replace them with an openssl-based version, which would be too risky from a compatibility perspective; I intend to keep the builds for those old distributions at version 8.2.1 and will apply patches for CVEs until the EL-7 end of life next June
Updated perl-Perl-Tidy to 20230912 as per the Fedora perltidy package
Thursday 14th September 2023
Fedora Project
Updated perl-Crypt-DES (2.07) in F-39 and Rawhide to use the new BSD-Systemics SPDX license id (PR#2)
Branched and built perl-Data-Visitor (0.32) for EPEL-8 and EPEL-9
Updated perl-MCE to 1.889 in F-39 and Rawhide:
- Add Android support
Revert "defer signal-handling in MCE::Channel (send2 method)"
Improve mutex synchronize (a.k.a. enter) with guard capability
- Fix mutex re-entrant lock on the Windows platform
Add mutex guard_lock method
Updated perl-MCE-Shared to 1.886 in F-39 and Rawhide:
Add Android support; this required moving MCE::Shared::Base::Common out of MCE::Shared::Base to separate file MCE::Shared::Common
Bump MCE dependency to 1.889
Branched and built perl-Tie-ToObject (0.03) for EPEL-8 and EPEL-9
Local Packages
Updated curl (8.2.1) to fix HTTP headers eating all memory (CVE-2023-38039)
Updated perl-MCE to 1.889 as per the Fedora version
Updated perl-MCE-Shared to 1.886 as per the Fedora version
Updated perl-Term-Table to 0.017:
Remove 'Importer' dependency
Updated perl-Test2-Suite to 0.000156:
Fix typo in POD for Test2::Util::Importer
Updated perl-version to 0.9930:
Permit a colon after a vstring, thus allowing an attrlist to follow a version declaration on a 'class' statement (GH#20891)
- Simplify and fix w.r.t. locale handling
- Make tests not fail when path to dist includes "panic"
Friday 15th September 2023
Fedora Project
Updated perl-Crypt-IDEA (1.10) in F-39 and Rawhide to use the new BSD-Systemics SPDX license id (PR#1)
Saturday 16th September 2023
Fedora Project
Updated perl-File-Copy-Recursive-Reduced to 0.007 in F-39 and Rawhide:
- Corrections to better accommodate Windows path separators
Local Packages
Updated perl-File-Copy-Recursive-Reduced to 0.007 as per the Fedora version
Monday 18th September 2023
Local Packages
Updated dovecot:
- Update dovecot to 2.3.21
lib-oauth2: Allow JWT tokens to be validated with missing typ field
The typ field is left out by some key issuers to conserve space, notably kubernetes
Now, missing typ is tolerated but if present it still must be "jwt"
auth: Auth passdb and userdb reply can contain "event_<name>=value", which will be added to login event and mail user event respectively
lib-master: Set process title during various initialization stages to clearly describe what the process is waiting on
lib-storage: The mail_temp_scan_interval is now fuzzed, incrementing it by 0..30% based on username's hash to reduce the chance of load spikes
lib-storage: The temp file scan has been moved from the open of the mailbox to the close, to reduce the latency perceived by users
- stats: If metric has fields specified, all these fields are exported as counters to prometheus exposition
See https://doc.dovecot.org/configuration_manual/stats/openmetrics/
*-login: Processes might have crashed when a SSL connection disconnects uncleanly
acl: When plugin was loaded \HasChildren and \HasNoChildren flags were calculated incorrectly for mailboxes containing '*' and '%' in their names
- auth: Crash occured if a connection to PostgreSQL database server failed during startup
auth: Logins with invalid passwords (e.g. unknown scheme) in passdb were failing with "password mismatch" instead of "internal error"
auth: XOAUTH2 and OAUTHBEARER mechanisms were not giving out protocol specific error message on all errors, which especially broke OIDC discovery
dbox: When last_temp_file_scan header wasn't set (especially after dsync migration), the next mailbox open always triggers the temp file scan; this could have caused a load spike after migrations (fixed by using the mailbox directory's atime when the header isn't set, which usually moves the scan time into the future)
dict-redis: A crash would occur on transaction rollback
dsync: Infinite loop causing out of memory would occur when handling mailbox deletion from remote end and hierarchy separators would differ
dsync: Incremental dsync failed for folder names ending with '%', unless BROKENCHAR was set; also folder names with '%' elsewhere in them caused each incremental dsync to unnecessarily rename the folder to a temporary name and back (v2.3.19 regression)
imap-hibernate: If an IMAP client unhibernation timed out with "(version received)", the unhibernation could still have successfully finished later on and continued working normally, which was rather confusing, because imap-hibernate already logged that the client got disconnected; avoid this by forcing the connection to shutdown on unhibernation timeout
imapc: Crashed when a folder mapped through the virtual plugin disappears from the storage
imapc: EXPUNGE, EXISTS or FETCH replies from a server for a previously selected mailbox could have been processed as if they belonged to the new mailbox currently being selected; this could have caused warnings
lib-http: Dovecot HTTP server (doveadm, stats/openmetrics) may have disconnected HTTP clients before the response is fully sent; this happened only on busy servers where kernel's socket buffers were rather full
lib-http: Fixed a potential crash on http-server if a client disconnected early (v2.3.18 regression)
lib-index: Index file corruption could have caused a crash
Fixes: Panic: file mail-transaction-log-view.c: line 165 (mail_transaction_log_view_set): assertion failed: (min_file_seq <= max_file_seq).
lib-index: Purging an existing >1GB cache file can crash; now, cache files still above 1GB after purging are removed
Fixes: Panic: file mail-index-util.c: line 10 (mail_index_uint32_to_offset): assertion failed: (offset < 0x40000000)
lib-lua: A HTTP client could not resolve DNS names in mail processes, because it expected "the dns-client" socket to exist in the current directory
lib-oauth2: Dovecot would send client_id and client_secret as POST parameters to the introspection server; these need to be optionally in Basic auth instead
lib-oauth2: JWT aud validation was not performed if aud was missing from a token, but was configured on Dovecot
lib-oauth2: JWT key type check was too strict
lib-oauth2: JWT token audience was not validated against client_id as required by the specification
lib-ssl-iostream: Using the ssl_require_crl=yes setting may have caused CRL check failures for outgoing SSL/TLS connections, although it was supposed to affect checking CRLs only for client-side SSL certificates (v2.3.17 regression)
lib-sql: MySQL driver leaked memory when connection failed
lib-storage: Various fixes when running into out of disk space
master: Service idle_kill setting didn't work properly on busy servers
- It was very unlikely that any process was idling long enough to become killed
Also, the idle_kill handling code was using quite a lot of CPU on the master process when there were a lot of processes (e.g. imap)
The new behaviour is to track the lowest number of idling processes every idle_kill time interval and then kill that many idling processes
mdbox: Temp file scan was done for always empty directories
mdbox: The fdatasync() call was done in wrong parent directory when writing mails (also on a failure it crashed instead of logging an error)
notify_status: The plugin crashes if any user initialization fails
pop3: Sending command with the ':' character caused an assert-crash (v2.3.18 regression)
Fixes: Panic: event_reason_code_prefix(): name has ':'
stats: Fix panic when a nonexistent event exporter was referenced while adding a new metric dynamically via doveadm stats add; this produces a proper error now
stats: If process exported a lot of events and then exited, some of the last events may have become lost
stats: Invalid Prometheus label names were created with specific histogram group_by configurations; Prometheus rejected these labels
welcome: The plugin didn't execute in some situations that created INBOX but didn't open it, e.g. if GETMETADATA was used before the INBOX was opened
Update pigeonhole to 0.5.21
sieve: Using the deleteheader action on a message with a broken/invalid header can cause the Sieve interpreter to crash with an assert panic; this can happen e.g. when the message is missing the empty EOH line between the headers and the body of the message
Fixes: Panic: file edit-mail.c: line 820 (edit_mail_headers_parse): assertion failed: (body_offset > 0).
sieve: Pigeonhole added an extra Message-ID header during mail forwarding when the existing one was invalid; now it adds the Message-ID only if it is entirely missing - existing Message-ID(s) are left unchanged
Tuesday 19th September 2023
Local Packages
Updated unrar to 6.24 beta 1
Wednesday 20th September 2023
Local Packages
Updated perl-DBD-SQLite to 1.74:
Upgraded bundled SQLite to 3.42.0
Add missing possible table_type values to POD (GH#105)
Thursday 21st September 2023
Fedora Project
Updated perl-Text-CSV_XS to 1.52 in F-39 and Rawhide:
Fix possible coredump in cache on non-IO parse (GH#49)
Local Packages
Rebuilt perl-DBI (1.643) to sync with Rawhide
Updated perl-Module-CoreList to 5.20230920:
- Updated for v5.39.3
Updated perl-PlRPC (0.2020) to avoid use of deprecated patch syntax
Updated perl-Text-CSV_XS to 1.52 as per the Fedora version
Friday 22nd September 2023
Fedora Project
Updated perl-PPI to 1.277 in Rawhide
- Parse prototypes as literal quotes: enables parens and newlines in protos
Fix false positive detection of labels (GH#289)
Since this breaks one of Perl:Critic's tests (GH#1048), I held off building for F-39
Local Packages
- Updated `perl-PPI to 1.277 as per the Fedora version
Sunday 24th September 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20230923.001 in F-39 and Rawhide:
- Data update for 20230923
Monday 25th September 2023
Fedora Project
Updated perl-Array-Compare to 4.0.0 in F-39 and Rawhide:
Switched to using Feature::Compat::Class
Added a bunch of relevant modules to SEE ALSO
Updated perl-Perl-Critic (1.150) in Rawhide with fix for Perl::Critic::Policy::Subroutines::RequireArgUnpacking compatibility with PPI 1.277 (GH#1048)
Updated perl-Perl-Critic (1.150) and PPI (to version 1.277) in F-39 to sync with the Rawhide versions
Local Packages
Updated perl-Array-Compare to 4.0.0 as per the Fedora version
Updated perl-Perl-Critic (1.150) as per the Fedora version
New package perl-Feature-Compat-Class (0.06)
Tuesday 26th September 2023
Fedora Project
Updated ansible-collection-community-libvirt to 1.3.0 in F-39 and Rawhide:
virt: add 'mutate_flags' parameter to enable XML mutation (add UUID, MAC addresses from existing domain) (GH#142)
virt: support '--diff' for 'define' command (GH#142)
libvirt_qemu: connection plugin threw a warning about an improperly configured remote target; fix adds 'inventory_hostname' to 'options.remote_addr.vars' (GH#147)
libvirt_qemu: fix encoding errors on Windows guests for non-ASCII return values (GH#157)
virt: fix virt module to undefine a domain with nvram, managed_save, snapshot_metadata or checkpoints_metadata (GH#40)
virt_pool: replace discouraged function 'listVolumes' with 'listAllVolumes' to fix potential race conditions (GH#135)
virt_pool: replace discouraged functions 'listStoragePools' and 'listDefinedStoragePools' with 'listAllStoragePools' to fix potential race conditions (GH#134)
Updated perl-Business-ISBN-Data to 20230926.001 in F-39 and Rawhide:
- Data update for 20230926
Local Packages
Updated ansible-collection-community-libvirt to 1.3.0 as per the Fedora version
Wednesday 27th September 2023
Fedora Project
Became co-maintainer of perl-HTTP-CookieJar and perl-Mozilla-PublicSuffix in Fedora/EPEL
Cleaned up and rebuilt perl-HTTP-CookieJar (0.014) in Rawhide
Branched and built perl-HTTP-CookieJar (0.014) for EPEL-9
Branched and built perl-Mozilla-PublicSuffix (1.0.6) for EPEL-9
Friday 29th September 2023
Fedora Project
Updated perl-Module-Build-Tiny to 0.047 in F-39 and Rawhide:
- Avoid using empty regex for backwards compatability
Local Packages
Updated perl-DBI (1.643) to fix CVE-2014-10401 and CVE-2014-10402
Updated perl-Module-Build-Tiny to 0.047 as per the Fedora version
Previous Month: August 2023
Next Month: October 2023