Paul's Blog Entries for October 2023
Sunday 1st October 2023
Fedora Project
Updated perl-Test-Warnings to 0.032 in Rawhide:
New config variable, $ENV{PERL_TEST_WARNINGS_ONLY_REPORT_WARNINGS}, for temporarily turning failures into reports
Local Packages
Updated perl-Test-Warnings to 0.032 as per the Fedora version
Tuesday 3rd October 2023
Fedora Project
Updated perl-IPC-Run to 20231003.0 in Rawhide:
On Windows, avoid hang under IPCRUNDEBUG (GH#157)
Refresh "cpanfile" from Makefile.PL, to allow use on Windows
Normalize shebangs to /usr/bin/perl (GH#163)
- Fix or skip all tests recently seen to fail on Windows
Include t/result.t in releases
Make full_result() and result() Windows behaviour match non-Windows (GH#168)
Local Packages
Updated perl-IPC-Run to 20231003.0 as per the Fedora version
Updated perl-Test-Harness to 3.48:
- Accept TAP version 14
Friday 6th October 2023
Fedora Project
Updated perl-Finance-Quote to 1.58 in EPEL-9, syncing with the latest Fedora version
Local Packages
Rebuilt dovecot (2.3.21) for the new libsodium in Rawhide
Updated libnet to 1.3 (see ChangeLog.md for details)
Updated unrar to 6.24
Sunday 8th October 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20231006.001 in Rawhide:
- Data update for 20231006
Monday 9th October 2023
Fedora Project
Updated proftpd to 1.3.8a in F-38, F-39, Rawhide and EPEL-9:
Fix mod_sftp failure to handle SFTP requests to truncate files to zero size (GH#1581)
Fix mod_sftp improperly handling SFTP WRITE requests for files opened for appending (GH#1584)
Build-time detection of Linux POSIX ACL support was broken since 1.3.8rc2 (GH#1568)
Fix failure to load mod_rewrite as a dynamic module due to incomplete/missing library linker flags (GH#1590)
<Class> section is allowed to be in <Global>, but From directive is not (GH#1597)
ExtendedLog SSH, SFTP classes not working as expected (GH#1617)
Fix mod_sftp not handling multiple concurrent open file handles/transfers well for logging (GH#1646)
"TLSRequired off" plus Protocols directive caused mod_tls to terminate the session abruptly (GH#1679)
Fix mod_tls failure to compile against OpenSSL 3.0.8 due to missing ENGINE_METHOD_ flags (GH#1689)
Unknown named connection error when using different SQL backends (GH#1659)
Fix mod_sql not properly closing all named backend connections on session exit (GH#1697)
SSH key exchanges failed unexpectedly with "unable to write X bytes of raw data" errors due to small ProFTPD buffer (GH#1694)
Fix high session memory usage caused by SFTP outgoing data buffering (GH#1678)
Out-of-bounds buffer read when handling FTP commands (GH#1683)
SFTP algorithm settings in <Global> section were not being used (GH#1712)
Local Packages
Updated c-ares to 1.20.1:
- This is a feature and bugfix release with some significant internal changes
- Update from 1989 MIT license text to modern MIT license text
Remove acountry from built tools as nerd.dk is gone
Add new ARES_OPT_UDP_MAX_QUERIES configuration option to limit the number of queries that can be made from a single ephemeral port
- Default per-query timeout has been reduced to 2s with a 3x retry count
Modernization: start implementing some common data structures that are easy to use and hard to misuse, which will make code refactoring easier and remove some varied implementations in use; this change also makes ares_timeout() more efficient
- Use SPDX identifiers and a REUSE CI job to verify
rand: Add support for getrandom()
- TCP back to back queries were broken
Ensure queries for ares_getaddrinfo() are not requeued during destruction
ares_getaddrinfo() should not retry other address classes if one address class has already been returned
- Avoid production of ill-formed result when qualifying a name with the root domain
Fix missing prefix for CMake generated libcares.pc
- DNS server ports will now be read from system configuration instead of defaulting to port 53
- Remove some unreachable code
Replace usages of sprintf with snprintf
- Fix Watcom instructions and update Windows URLs
- Resolve use-after-free issue when TCP connection is terminated before a response is returned
- Reduce number of queries for a load test case to prevent overloading some build systems
- Fix fuzz test build target
Updated perl-EV to 4.33:
The EV::stat->path method erroneously freed the result, causing corruption
New function EV::Child::reinit
Updated proftpd to 1.3.8a as per the Fedora version
Tuesday 10th October 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20231010.001 in Rawhide:
- Data update for 20231010
Updated perl-Math-Round to 0.08 in Rawhide:
- NEILB has taken over maintenance
Added usual directory structure with lib/ and t/
Converted test.pl to traditional Test::More suite
Added LICENSE to doc and ensured metadata has license
Switched to dzil
Local Packages
Updated perl-Math-Round to 0.08 as per the Fedora version
Added build of proftpd 1.3.9rc1:
Fix mod_tls build failing for OpenSSL before 1.1.x (Bug #4494)
Fix mod_sftp not advertising standard extensions for protocol version 3 (GH#1570)
Fix mod_sftp "check-file" extension using wrong block size when offset and length are specified (GH#1569)
Use JSON for Controls protocol messages (GH#379)
Provide richer exit status values for ftpdctl for better scripting (GH#1114)
Enforce requirement of preceding RewriteCondition for RewriteRule directives to avoid confusion (Bug #4495)
Implement LogFormat variable for data transfer average speed (GH#535)
Optimize per-connection file I/O when reading SFTPHostKey from disk (GH#1596)
ProFTPD did not detect FIPS when using OpenSSL 3.x built with FIPS support (GH#1610)
Reduce latency due to signal handling in the daemon process (GH#1623)
SSH key exchange requests should be classified into the "SEC" ExtendedLog class (GH#1626)
Update mod_exec to use the Jot API for resolving variables (GH#1630)
Use system TCP backlog value by default (GH#1636)
Gracefully handle directory creation requests when the directory already exists (GH#1639)
Remove asynchronous FTP responses emitted while computing digest values (GH#1661)
Support terminating connection after USER command when TLS is required (GH#1640)
Support OPTS commands for querying configured policy for resumed uploads, downloads (GH#1676)
MaxStoreFileSize for single user was not properly honoured for SFTP uploads (GH#1686)
DisplayChdir using absolute path should work properly with DefaultRoot (GH#1688)
Clients should be disconnected when unable to be added to the ScoreboardFile (GH#1700)
Support injecting random delay when clients connect via DelayOnEvent (GH#1701)
Support OpenSSH FIDO security keys in mod_sftp (GH#1118)
Support obtaining default UID/GID values for AD directories in mod_ldap (GH#1716)
Update upload progress in scoreboard when throttling (GH#1433)
Null pointer reference encountered for FTPS connection due to config parser ignoring Include file problem (GH#1721)
Support the chacha20-poly1305@openssh.com SSH cipher (GH#456)
mod_auth_otp should require per-user OTP entries by default (GH#1562)
I added a fix for the 'mod_sftp' build when using older OpenSSL versions, broken by the support for the OpenSSH ChaChaPoly cipher (GH#1730, GH#1731)
Wednesday 11th October 2023
Local Packages
Updated curl (8.2.1) to fix cookie injection with none file (CVE-2023-38546) and SOCKS5 heap buffer overflow (CVE-2023-38545)
Updated curl to 8.4.0:
curl: Add support for the IPFS protocols via HTTP gateway
curl_multi_get_handles: Get easy handles from a multi handle
mingw: Delete support for legacy mingw.org toolchain
acinclude.m4: Document proper system truststore on FreeBSD
appveyor: Fix yamlint issues, indent
appveyor: Rewrite batch in PowerShell + CI improvements
autotools: Adjust 'CURL_CA_PATH' value to CMake
autotools: Restore 'HAVE_IOCTL_*' detections
base64: Also build for curl
bufq: Remove Curl_bufq_skip_and_shift (unused)
- build: Delete checks for C89 standard headers
build: Do not publish 'HAVE_BORINGSSL', 'HAVE_AWSLC' macros
- cf-socket: Simulate slow/blocked receives in debug
cmake, configure: Also link with CoreServices
cmake: Add check for suseconds_t
cmake: Add feature checks for 'memrchr' and 'getifaddrs'
- cmake: Add missing checks
cmake: Delete old 'HAVE_LDAP_URL_PARSE' logic
cmake: Detect 'HAVE_CLOCK_GETTIME_MONOTONIC_RAW'
cmake: Detect 'HAVE_GETADDRINFO_THREADSAFE'
cmake: Detect 'sys/wait.h' and 'netinet/udp.h'
- cmake: Detect TLS-SRP in OpenSSL/wolfSSL/GnuTLS
cmake: Disable unity mode with Windows Unicode + TrackMemory
cmake: Fix 'HAVE_LDAP_SSL', 'HAVE_LDAP_URL_PARSE' on non-Windows
cmake: Fix 'HAVE_WRITABLE_ARGV' detection
- cmake: Fix duplicate symbols when linking tests
cmake: Fix missing 'zlib.h' when compiling 'libcurltool'
cmake: Fix stderr initialization in unity builds
cmake: Fix the help text to the static build option in CMakeLists.txt
- cmake: Fix unity builds for more build combinations
- cmake: Fix unity symbol collisions in h2 builds
cmake: Fix unity with Windows Unicode + TrackMemory
- cmake: Improve OpenLDAP builds
cmake: lib 'CURL_STATICLIB' fixes (Windows)
- cmake: Move global headers to specific checks
cmake: Pre-cache 'HAVE_BASENAME' for mingw-w64 and MSVC
cmake: Pre-cache 'HAVE_POLL_FINE' on Windows
cmake: Tidy-up 'NOT_NEED_LBER_H' detection
cmake: Validate 'CURL_DEFAULT_SSL_BACKEND' config value
configure: Check for the capath by default
- configure: Remove unused checks
- configure: Replace adhoc domain with 'localhost' in tests
configure: Sort AC_CHECK_FUNCS
connect: Expire the timeout when trying next
connect: Only start the happy eyeballs timer when needed
- cookie: Do not store the expire or max-age strings
cookie: Remove unnecessary struct fields (CVE-2023-38546)
cookie: Set ->running in cookie_init even if data is NULL
create-dirs.d: Clarify it also uses --output-dirs
curl.h: Mark CURLSSLBACKEND_NSS as deprecated since 8.3.0
curl_easy_pause.3: Mention h2/h3 buffering
curl_easy_pause.3: Mention it works within callbacks
curl_easy_pause: Set "in callback" true on exit if true
CURLOPT_DEBUGFUNCTION.3: Warn about internal handles
docs/libcurl/opts/Makefile.inc: Add missing manpage files
docs: Adapt SEE ALSO sections to new requirements
docs: Explain how PINNEDPUBLICKEY is independent of VERIFYPEER
docs: Replace made up domains with example.com
docs: Update curl man page references
docs: Use CURLSSLBACKEND_NONE
doh: Inherit DEBUGFUNCTION/DATA
escape: Replace Curl_isunreserved with ISUNRESERVED
FAQ: How do I upgrade curl.exe in Windows?
GHA/linux: Run singleuse to detect single-use global functions
- GHA: Add workflow to compare configure vs. cmake outputs
h2-proxy: Remove left-over mistake in drain_tunnel()
- h2: Test case and fix for pausing h2 streams
h3: Add support for ngtcp2 with AWS-LC builds
- http2: Refused stream handling for retry
http: Fix CURL_DISABLE_BEARER_AUTH breakage
- http: h1/h2 proxy unification
http: Remove wrong comment for http_should_fail
- http: Use per-request counter to check too large headers
http_aws_sigv4: Fix sorting with empty parts
- idn: Fix WinIDN null ptr deref on bad host
idn: If idn2_check_version returns NULL, return error
inet_ntop: Add typecast to silence Coverity
lib: Disambiguate Curl_client_write flag semantics
- lib: Enable hmac for digest as well
lib: failf/infof compiler warnings
- lib: Let the max filesize option stop too big transfers too
lib: Move handling of 'data->req.writer_stack' into Curl_client_write()
lib: Provide and use Curl_hexencode
lib: Remove TIME_WITH_SYS_TIME
lib: Use wrapper for curl_mime_data fseek callback
libssh2: Fix error message on failed pubkey-from-file
libssh: Cap SFTP packet size sent
Makefile.mk: Always set 'CURL_STATICLIB' for lib (Windows)
MANUAL.md: Change domain to example.com
- misc: Better random strings
- MQTT: Improve receive of ACKs
multi: Do CURLM_CALL_MULTI_PERFORM at two more places
- multi: Fix small timeouts
multi: Remove Curl_multi_dump
- multi: Round the timeout up to prevent early wakeups
multi: Set CURLM_CALL_MULTI_PERFORM after switch to DOING_MORE
- openssl: Improve ssl shutdown handling
openssl: Use X509_ALGOR_get0 instead of reaching into X509_ALGOR
pytest: Exclude test_03_goaway in CI runs due to timing dependency
- quic: Set ciphers/curves the same way regular TLS does
quiche: Fix build error with --with-ca-fallback
RELEASE-PROCEDURE.md: Updated coming release dates
runtests: Display the test status if tests appear hung
runtests: Eliminate a warning on old perl versions
socks: Return error if hostname too long for remote resolve (CVE-2023-38545)
src/mkhelp: Make generated code pass 'checksrc'
test1056: Disable on Windows
test1474: Disable test on NetBSD, OpenBSD and Solaris 10
test1592: Greatly increase the maximum test timeout
test1903: Actually verify the cookies after the test
test1906: Set a lower timeout since it's hit on Windows
test2600: Remove special case handling for USE_ALARM_TIMEOUT
test650: Fix an end tag typo
test661: Return from test early in case of curl error
test: Add missing <feature>s
tests: Close the shell used to start sshd
- tests: Fix a race condition in ftp server disconnect
- tests: Fix compiler warnings
- tests: Fix zombie processes left behind by FTP tests
tests: Improve SLOWDOWN test reliability by reducing sent data
tests: Increase lib571 timeout from 3s to 30s
tests: Log the test result code after each libtest
- tests: Propagate errors in libtests
tests: Set --expect100-timeout to improve test reliability
tests: Show which curl tool 'runtests.pl' is using
- tests: Stop overriding the lock timeout
tftpd: Always use curl's own tftp.h
tool: Use our own stderr variable
tool_cb_wrt: Fix debug assertion
tool_getparam: Accept variable expansion on file names too
tool_setopt: Remove unused function tool_setopt_flags
upload-file.d: Describe the file name slash/backslash handling
url: Fall back to http/https proxy env-variable if ws/wss not set
url: Fix netrc info message
- warnless: Remove unused functions
wolfssh: Do cleanup in Curl_ssh_cleanup
wolfssl: Allow capath with CURLOPT_CAINFO_BLOB
wolfssl: If CURLOPT_CAINFO_BLOB is set, ignore the CA files
- wolfssl: Ignore errors in CA path
Friday 13th October 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20231013.001 in Rawhide:
- Data update for 20231013
Updated perl-Config-Tiny to 2.30 in Rawhide:
- Add support for an array syntax for cases where you wish to assign an array of values to a key
See the new POD section called ARRAY SYNTAX
See also the updated question in the FAQ: What happens if a key is repeated?
See also the sample code in the Synopsis, in t/02.main.t and in t/test.conf
In each case, search for the word greetings to find the new code samples
- Add support for an array syntax for cases where you wish to assign an array of values to a key
Updated perl-Module-Signature (0.88) in Rawhide to drop redundant dependency of Digest::SHA1; the implementation from Digest::SHA is used instead (PR#1)
Updated perl-Test-Differences to 0.71 in Rawhide:
- Stop pointless use of taint mode in tests, so tests pass when perl is built without taint support
Document and test different behaviour regarding Booleans in perl 5.38.0 compared to earlier versions (GH#21)
Local Packages
Updated perl-Config-Tiny to 2.30 as per the Fedora version
Updated perl-Module-Signature (0.88) as per the Fedora version
Updated perl-Test-Differences to 0.71 as per the Fedora version
Tuesday 17th October 2023
Fedora Project
Updated perl-Perl-Critic to 1.152 in Rawhide:
Local Packages
Updated perl-Perl-Critic to 1.152 as per the Fedora version
Wednesday 18th October 2023
Fedora Project
Updated perl-Mail-Message to 3.014 in Rawhide:
- Changes:
- Handle utf8 in address phrases, according to RFC5335 (since 2008 experimental); may show some changes in your regression tests
- Fixes:
Local Packages
Updated java-1.8.0-oracle to Java SE 8 update 391
Friday 20th October 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20231020.001 in Rawhide:
- Data update for 20231020
Sunday 22nd October 2023
Fedora Project
Updated perl-GDGraph to 1.56 in F-37 (documentation and test updates, new version required for upcoming RT update (Bug #2245509)
Monday 23rd October 2023
Fedora Project
Updated perl-DateTime to 1.63 in Rawhide:
Switched to using the 'Perl_isfinite' function instead of trying to implement this ourselves in XS code; this should fix quadmath builds on Windows (GH#139)
Orphaned perl-Fennec, deprecated upstream since 2018 in favour of Test2::Suite and not currently used by anything in Fedora
Local Packages
Updated perl-DateTime to 1.63 as per the Fedora version
Updated perl-Object-HashBase to 0.010:
Documentation fixes (GH#3)
Updated perl-Term-Table to 0.018:
Documentation fixes (GH#17)
Updated perl-Test2-Suite to 0.000158:
Updated unrar to 7.00 beta 1 from Fedora 29 onwards (doesn't compile correctly on older releases due to use of intrinsics functions)
Wednesday 25th October 2023
Fedora Project
Updated perl-Test-Simple to 1.302196 in Rawhide:
Local Packages
Updated dovecot (2.3.21) to drop lucene to reduce dependencies from Fedora 40, EL-10 onwards (use SOLR for full text search instead); also dropped now-redundant build dependency glibc-gconv-extra
Updated perl-Test-Simple to 1.302196 as per the Fedora version
Thursday 26th October 2023
Fedora Project
Updated perl-CPAN-Changes to 0.500002 in Rawhide:
- Full rewrite
- The new version can parse nested entries to an arbitrary depth, rather than just groups
- It can parse many more formats, and can format the outputs more flexibly; this means it can better handle the change logs that actually exist on CPAN
- Parsed releases keep their original order
Pass given ChangeLog filename for --check (GH#32)
- Full rewrite
Local Packages
Updated perl-CPAN-Changes to 0.500002 as per the Fedora version
Updated perl-Module-CoreList to 5.20231025:
- Updated for v5.39.4
Updated perl-Test2-Suite to 0.000159:
Document that diag() intentionally returns false, and add a 'return 0'
Friday 27th October 2023
Local Packages
Updated c-ares to 1.21.0:
- This is a bugfix and clean-up release with some significant internal changes
- Provide better man page cross-links
Introduce ares_status_t as an enum rather than using #define list and integer data type for internal functions
Introduce ares_bool_t datatype rather than using an integer with 0/1 so it is clear based on the function prototype what it returns
- Increase compiler warning levels by default
Use size_t and other more proper datatypes internally (rather than int)
Many developers have used different code styles over the years; standardize on one and use clang-format to enforce the style
- CMake can now control symbol visibility
- Replace multiple DNS hand-made parsers with new memory-safe DNS message parser
Tools: STAYOPEN flag could make tools not terminate
Socket callbacks were passed SOCK_STREAM instead of SOCK_DGRAM on udp
Updated unrar to source to 7.0.2 (still 7.00 beta 1)
Saturday 28th October 2023
Fedora Project
Updated python-crypto (2.6.1) in Rawhide to fix compatibility with the current Python 3.13 development branch (Bug #2245851)
Monday 30th October 2023
Fedora Project
Updated perl-Pod-Markdown to 3.400 in Rawhide:
Add CLI options for local-module, man, and perldoc url prefixes (GH#25)
Tuesday 31st October 2023
Fedora Project
Updated perl-Business-ISBN-Data to 20231031.001 in Rawhide:
- Data update for 20231031
Previous Month: September 2023
Next Month: November 2023