Paul's Blog Entries for May 2024
Wednesday 1st May 2024
Fedora Project
Updated perl-GD to 2.79 in Rawhide:
Improve image type auto-detection (CPAN RT#153212) and add a test
- Fix Avif without Heif config
Improve gdlib.pc reader for supported library features
Friday 3rd May 2024
Fedora Project
Updated perl-CPAN-Changes to 0.500004 in Rawhide:
- Fix tests on Windows
Updated perl-GD to 2.80 in Rawhide:
Fix broken copyTranspose and copyReverseTranspose (CPAN RT#153300)
- Add transformation tests
- Fix wrong WBMP name and detection
Fix wrong filename extension auto-detection for gd, gd2, wbmp
Fix wrong filename extension auto-detection for xpm; newFromXpm needs the filename, not handle
Fix wrong libgd doc link (GH#52)
Local Packages
New packages php-kolab-net-ldap3 and php-pear-Net-LDAP2, retired from Fedora and needed for roundcubemail LDAP support; hopefully I never need to touch these apart from rebuilding them for new Fedora releases
Updated metamail (2.7) to fix for gcc14 compatibility and some other stuff (rightfully) generating warnings, and to avoid use of deprecated patch syntax
Updated moin (1.9.11) to avoid use of deprecated patch syntax
Updated perl-AnyEvent (7.17), perl-BDB (1.92) and perl-Exception-Base (0.2501) to avoid use of the %{rpmversion} macro, now an rpm built-in
Updated perl-CPAN-Changes to 0.500004 as per the Fedora version
Updated perl-Coro (6.57) to build-require valgrind-devel rather than /usr/include/valgrind/valgrind.h, no longer supported with DNF5
Updated perl-Net-DNS to 1.45:
- Resync with IANA DNS Parameters registry
- Resync with IANA DNSSEC Algorithm Numbers registry
- Resync with IANA DS Digest Algorithms registry
- Add support for EDNS CO flag
Net::DNS::Resolver::UNIX created $ENV{PATH} key if one didn't exist (CPAN RT#152756)
Updated perl-Net-IDN-Encode (2.500) to adapt to perl-5.38.0 and stricter GCC (Bug #2241714)
Updated perl-PPIx-Regexp (0.088) to add workaround for "Subroutine name is a homonym for builtin keyword class" in Critic test
Updated perl-Test-Portability-Files (0.10) not use try to use Test::Vars after Fedora 39 where it is no longer available
Tuesday 7th May 2024
Fedora Project
Updated perl-GD to 2.81 in Rawhide:
Change GD::Polygon::transform to match old demos (CPAN RT#140043) and GD::Polyline
Add GD::Polygon::rotate(cw-radian) helper
Allow GD::Polygon::scale(2.0)
Local Packages
Updated perl-ExtUtils-HasCompiler to 0.025:
- Skip static test on dynamic perls
Friday 10th May 2024
Fedora Project
Updated perl-Business-ISBN-Data to 20240509.001 in Rawhide:
- Data update for 20240509
Updated perl-Path-Tiny to 0.146 in Rawhide:
- Improved error message spewing to a file in a non-existent directory
Local Packages
Updated perl-Path-Tiny to 0.146 as per the Fedora version
Sunday 12th May 2024
Fedora Project
Updated perltidy to 20240511 in Rawhide (see CHANGES.md for details)
Local Packages
Updated perl-Perl-Tidy to 20240511 as per the Fedora perltidy package
Thursday 16th May 2024
Fedora Project
Imported and built perl-CPAN-Requirements-Dynamic (0.001) for F-39, F-40 and Rawhide (Bug #2277753)
Updated perl-Email-MIME to 1.954 in F-39, F-40, Rawhide, EPEL-8 and EPEL-9:
Fix for CVE-2024-4140: An excessive memory use issue (CWE-770) exists in Email-MIME before version 1.954, which can cause denial of service when parsing multipart MIME messages; the fix is the new $MAX_PARTS configuration, which limits how many parts we will consider parsing (the default $MAX_PARTS is 100)
Updated perl-MetaCPAN-Client to 2.032000 in Rawhide:
Updated perl-Module-Build-Tiny to 0.048 in Rawhide:
- Implement dynamic prerequisites
Local Packages
Updated perl-MetaCPAN-Client to 2.032000 as per the Fedora version
Updated unrar to 7.01
Friday 17th May 2024
Fedora Project
Updated perl-Devel-Cover to 1.42 in Rawhide:
- Improve tests
Updated perl-Finance-Quote to 1.62 to F-39, F-40, Rawhide and EPEL-9:
Fixed AEX.pm
Removed throttling from AlphaVantage.pm (GH#363)
Added CurrencyFreaks.pm - new currency module
YahooJSON.pm - added more error handling (GH#390)
Fixed MarketWatch.pm module (GH#389)
Rewrote Fool.pm and added back to F::Q (GH#379)
Added StockData.pm - methods stockdata, nyse, nasdaq
Modified YahooJSON.pm module in order handle EU consent redirects better
TwelveData.pm - Added "last" to data being returned
Added BorsaItaliana.pm - module for Borsa Italiana, Italian traded bonds using ISIN
YahooWeb.pm - modified YahooWeb to account for changes from Yahoo (GH#377)
Tuesday 21st May 2024
Fedora Project
Updated perl-Authen-DigestMD5 (0.04) in Rawhide to avoid use of deprecated patch syntax
Branched and built perl-Authen-DigestMD5 (0.04) for EPEL-8 and EPEL-9
Wednesday 22nd May 2024
Local Packages
Updated check (0.15.2) to fix check-devel for cmake users (Bug #2161231)
Updated curl to 8.8.0:
curl_version_info: Provide librtmp version
file: Add support for directory listings
idn: Add native !AppleIDN (icucore) support for macOS/iOS
lib: Add curl_multi_waitfds
mbedTLS: Implement CURLOPT_SSL_CIPHER_LIST option
- NTLM_WB: Drop support
- TLS: Add support for ECH (Encrypted Client Hello)
urlapi: Add CURLU_GET_EMPTY for empty queries and fragments
appveyor: Drop unnecessary '--clean-first' cmake option
appveyor: Guard against crash-build with VS2008
appveyor: Make gcc 6 mingw64 job build-only
asyn-thread: Fix curl_global_cleanup crash in Windows
asyn-thread: Fix Curl_thread_create result check
- autotools: Delete unused functions
autotools: Fix 'HAVE_IOCTLSOCKET_FIONBIO' test for gcc 14
- autotools: Only probe for SGI MIPS compilers on IRIX
bearssl: Fix compiler warnings
bearssl: Use common code for cipher suite lookup
bufq: Remove duplicate word in comment
BUG-BOUNTY.md: Clarify the third party situation
build: Prefer 'USE_IPV6' macro internally (was: 'ENABLE_IPV6')
- build: Remove MacOSX-Framework script
cd2nroff/manage: Use UTC when SOURCE_DATE_EPOCH is set
cf-https-connect: Use timeouts as unsigned ints
cf-socket: Don't try getting local IP without socket
cf-socket: Remove references to l_ip, l_port
- ci: Add curl-for-win builds: Linux MUSL, macOS, Windows
cmake: Add 'BUILD_EXAMPLES' option to build examples
cmake: Add librtmp/rtmpdump option and detection
cmake: Check fseeko after detecting HAVE_FILE_OFFSET_BITS
- cmake: Do not pass linker flags to the static library tool
cmake: Enable '-pedantic-errors' for clang when 'CURL_WERROR=ON'
cmake: FindNGHTTP2 add static lib name to find_library call
- cmake: Fix 'CURL_WERROR=ON' for old CMake and use it in GHA/linux-old
cmake: Fix 'HAVE_IOCTLSOCKET_FIONBIO' test with gcc 14
cmake: Fix up 'DEPENDS' filename
cmake: Forward 'USE_LIBRTMP' option to C
cmake: Generate misc manpages and install 'mk-ca-bundle.pl'
cmake: Initialize 'BUILD_TESTING' before first use
cmake: Speed up libcurl doc building again
cmake: Tidy-up to use 'WORKING_DIRECTORY'
- cmake: Use namespaced custom target names
cmdline-docs: Fix make install with configure --disable-docs
- configure: Error on missing perl if docs or manual is enabled
configure: Make --disable-docs imply --disable-manual
content_encoding: Brotli and others, pass through 0-length writes
content_encoding: Ignore duplicate chunked encoding
content_encoding: Reject transfer-encoding after chunked
contrithanks: Honor 'CURLWWW' variable
curl-confopts.m4: Define CARES_NO_DEPRECATED when c-ares is used
curl.h: Change CURL_SSLVERSION_* from enum to defines
curl: Make --help adapt to the terminal width
curl: Use curl_getenv instead of the curlx_ version
Curl_creader_read: Init two variables to avoid using them uninited
curl_easy_pause.md: Use correct defines in example
curl_getdate.md: Document two-digit year handling
curl_global_trace.md: Shorten the description
curl_multibyte: Remove access() function wrapper for Windows
curl_path: Make Curl_get_pathname use dynbuf
curl_setup.h: Add support for IAR compiler
curl_setup.h: Detect 'inline' support
curl_sha512_256: Do not use workaround for NetBSD when not needed
curl_sha512_256: Fix detection of OpenSSL 1.1.1 or later
curl_url_get.md: Clarify queries and fragments and CURLU_GET_EMPTY
CURLINFO_REQUEST_SIZE: Fixed, add tests for transfer infos reported
CURLOPT_WRITEFUNCTION.md: Fix the callback proto in the example
- cw-out: improved error handling
DEPRECATE.md: TLS libraries without 1.3 support
digest: Replace strcpy for empty string with simple assignment
dist: 'set -eu', fix shellcheck, make reproducible and smaller tarballs
- dist: Add files missing from release tarball
- dist: Add reproducible dir entries to tarballs
dist: Do not require Perl in 'maketgz'
dist: Remove the curl-config.1 from the tarball
- dist: Verify tarball reproducibility in CI
DISTROS: Add patch and issues link for curl-for-win
DISTROS: Cygwin updates
- dllmain: Call OpenSSL thread clean-up for Windows and Cygwin
doc: pytest '--repeat' -> '--count'
docs/cmdline-opts: Invoke managen using a relative path
docs/cmdline-opts: Mention STARTTLS for --ssl and --ssl-reqd
docs: Add CURLOPT_NOPROGRESS to CURLOPT_XFERINFOFUNCTION example
docs: Clarify CURLOPT_MAXFILESIZE and CURLOPT_MAXFILESIZE_LARGE
docs: Fix some CURLINFO examples
- doh: Fix typo in comment
- doh: Remove unused function prototype
- dynbuf: Fix return code on memory error
examples: Fix/silence '-Wsign-conversion'
EXPERIMENTAL: Add graduation requirements for each feature
- file: Remove useless assignment
- ftp: Add tracing support
ftp: Fix build for CURL_DISABLE_VERBOSE_STRINGS
- ftp: Fix socket leak on rare error
- GHA: Add NetBSD, OpenBSD, FreeBSD/arm64 and OmniOS jobs
- GHA: Add shellcheck job and fix warnings, shell tidy-ups
GHA: Add valgrind to a wolfSSL build
GHA: On macOS remove $HOME/.curlrc
- GHA: Pin dependencies
- gnutls: Lazy init the trust settings
- h3/ngtcp2: Improve error handling
hash: Change 'slots' to size_t from int
- hash: Delete unused debug function
- hsts: Explicitly skip blank lines
- hsts: Remove single-use single-line function
http tests: In CI skip test_02_23* for quiche
http2+ngtcp2: Pass CURLcode errors from callbacks
- http2, http3: Decouple stream state from easy handle
- http2: Emit RST when client write fails
- http3: quiche+ngtcp2 improvements
- http: Acknowledge a returned error code
http: HEAD response body tolerance
- http: Reject HTTP major version switch mid-connection
- http: Remove redundant check
http: With chunked POST forced, disable length check on read callback
http_aws_sigv4: Remove useless assignment
idn: Make Curl_idnconvert_hostname() use Curl_idn_decode()
if2ip: Make the buf_size arg a size_t
INSTALL-CMAKE.md: Explain 'cmake -G <generator-name>'
- krb5: Use dynbuf
- ldap: Fix unused variables (seen on OmniOS)
lib/cf-h1-proxy: Silence compiler warnings (gcc 14)
- lib: Add trace support for client reads and writes
lib: Bump hash sizes to 'size_t'
lib: Clear the easy handle's saved errno before transfer
- lib: Fix compiler warnings (gcc)
- lib: Make protocol handlers store scheme name lowercase
lib: Merge 'ENABLE_QUIC' C macro into 'USE_HTTP3'
- lib: Remove two instances of "only only" messages
lib: Silence '-Wsign-conversion' in base64, strcase, mprintf
- lib: Silence warnings on comma misuse
lib: Use '#error' instead of invalid syntax in 'curl_setup_once.h'
lib: Use multi instead of multi_easy for the active multi
- libcurl-opts: Mention pipelining less
libssh2: Delete redundant feature guard
libssh2: Replace 'access()' with 'stat()'
libssh2: Set length to 0 if strdup failed
- m4: Fix rustls pkg-config codepath
MAIL-ETIQUETTE: Convert to markdown
- makefile: Remove the sorting from the vc-ide action
maketgz: Put docs/RELEASE-TOOL.md into the tarball
- managen: Fix the option sort order
mbedtls: Call mbedtls_ssl_setup() after RNG callback is set
- mbedtls: Cut off trailing newlines from debug logs
- mbedtls: Fix building with v3 in CMake Unity mode
- mbedtls: Support TLS 1.3
mime: Avoid using access()
- misc: Fix typos, quoting and spelling
mprintf: Check fputc error rather than matching returned character
mqtt: When Curl_xfer_recv returns error, don't use nread
- multi: Avoid memory-leak risk
multi: Introduce SETUP state for better timeouts
multi: multi_wait improvements
multi: Remove the unused Curl_preconnect function
- multi: Remove useless assignment
- multi: Timeout handles even without connection
- openldap: Create ldap URLs correctly for IPv6 addresses
openssl: Do not set SSL_MODE_RELEASE_BUFFERS
openssl: Revert keylog_callback support for LibreSSL
- OS400: Fix shellcheck warnings in scripts
- projects: Drop MSVC project files for recent versions
pytest: Add DELETE tests, check server version
- pytest: Fixes for recent python, add FTP tests
- quic: Fix up duplicate static function name (for cmake unity)
- quiche: Expire all active transfers on connection close
- quiche: Trust its timeout handling
RELEASE-PROCEDURE: Mention an initial working build
request: Make Curl_req_init return void
- request: Paused upload on completed download, assess connection
reuse: Add copyright + license info to individual docs/*.md files
ROADMAP: Remove completed entries, mention websocket
- rustls: Fix handshake done handling
- rustls: Fix partial send handling
rustls: Remove incorrect SSLSUPP_TLS13_CIPHERSUITES flag
- rustsls: Fix error code on receive
- sendf: Fix two typos in comments
sendf: Useless assignment in cr_lc_read()
setopt: Acknowledge errors proper for CURLOPT_COOKIEJAR
setopt: Make the setstropt_userpwd args compulsory
- setopt: Remove check for 'option' that is always true
setopt: Warn on Curl_set*opt() uses not using the return value
smtp: Result of Curl_bufq_cread was not used
socket: Remove redundant call to getsockname
socketpair: Fix compilation when USE_UNIX_SOCKETS is not defined
- src: Tidy up types, add necessary casts
telnet: Check return code from fileno()
- tests/http: Fix compiler warning
tests: Add -q as first option when invoking curl for tests
- tests: Check caddy server version to match test expectations
- tests: Enable test 1117 for hyper
tests: Fix feature case in test1481
- tests: Fix test 1167 to skip digit-only symbols
tests: Make the unit test result type 'CURLcode'
tests: Mark tftpd timer function as noreturn
- tests: Tidy up types in server code
tls: Fix SecureTransport + BearSSL cmake unity builds
tls: Remove EXAMPLEs from deprecated options
- tls: Use shared init code for TCP+QUIC
tool: Move tool_ftruncate64 to tool_util.c
tool_cb_rea: Limit rate unpause for -T . uploads
tool_cfgable: free {proxy_}cipher13_list on exit
tool_getparam: Output warning for leading unicode quote character
tool_getparam: Remove two redundant conditions
tool_operate: Don't truncate the etag save file by default
tool_operate: Initialize vars unconditionally in post_per_transfer
tool_paramhlp: Remove duplicate assign
tool_xattr: "Guess" URL scheme if none is provided
tool_xattr: In debug builds, act normally if CURL_FAKE_XATTR is not set
- transfer: Remove useless assignment
- url: Do not URL decode proxy credentials
- url: Fix use of an uninitialized variable
url: Make parse_login_details use memdup0
url: Remove duplicate call to Curl_conncache_remove_conn when pruning
- urlapi: Allow setting port number zero
- urlapi: Fix relative redirects to fragment-only
- urldata: Remove fields not used depending on used features
vauth: Make two functions void that always just returned OK
version: Use msnprintf instead of strncpy
- vquic-tls: Use correct cert name check API for wolfSSL
vquic: Use CURL_FORMAT_CURL_OFF_T for 64-bit printf output
- vtls: TLS session storage overhaul
wakeup_create: Use FD_CLOEXEC/SOCK_CLOEXEC
- warnless: Delete orphan declarations
- websocket: Avoid memory leak in error path
winbuild: Add ENABLE_WEBSOCKETS option
winbuild: Use $(RC) correctly
wolfssl: Plug memory leak in wolfssl_connect_step2()
x509asn1: Return error on missing OID
Updated libxml2 to 2.12.7:
- Security:
Fix buffer overread with 'xmllint --htmlout' (CVE-2024-34459)
- Regressions:
xmllint: Fix --pedantic option
save: Handle invalid parent pointers in xhtmlNodeDumpOutput
Friday 24th May 2024
Fedora Project
Updated perl-Business-ISBN-Data to 20240523.001 in Rawhide:
- Data update for 20240523
Sunday 26th May 2024
Fedora Project
Updated perl-MCE to 1.890 in Rawhide:
Improve reaping of completed workers in MCE::Child
Fix the _sprintf function, failing multiple arguments
Updated perl-MCE-Shared to 1.887 in Rawhide:
Improve reaping of completed workers in MCE::Hobo
Local Packages
Updated c-ares to 1.29.0:
- This is a feature and bugfix release
- Features:
When using 'ARES_OPT_EVENT_THREAD', automatically reload system configuration when network conditions change (GH#759)
Apple: Re-implement DNS configuration reading to more accurately pull DNS settings (GH#750)
Add observability into DNS server health via a server state callback, invoked whenever a query finishes (GH#744)
Add server failover retry behaviour, where failed servers are retried with small probability after a minimum delay (GH#731)
- Changes:
Mark 'ares_channel_t *' as const in more places in the public API (GH#758)
- Bugfixes:
Due to a logic flaw, DNS name compression writing was not properly implemented, which would result in the name prefix not being written for a partial match; this could cause issues in various record types such as MX records when using the deprecated API (regression introduced in 1.28.0 (GH#757))
Revert OpenBSD 'SOCK_DNS' flag: it doesn't do what the docs say it does and causes c-ares to become non-functional (GH#754)
'ares_getnameinfo()': Loosen validation on 'salen' parameter (GH#752)
cmake: Android requires C99 (GH#748)
'ares_queue_wait_empty()' does not honour timeout_ms ≥ 0 (GH#742)
Updated perl-MCE to 1.890 as per the Fedora version
Updated perl-MCE-Shared to 1.887 as per the Fedora version
Monday 27th May 2024
Fedora Project
Updated perl-B-Keywords to 1.27 in Rawhide:
Add bareword __CLASS__ since 5.39.2
Updated perl-GD to 2.82 in Rawhide:
Improve HEIF/AVIF autodetection (CPAN RT#153305)
Fix Strawberry Perl default libgd path (GH#54)
Fix AVIF and Webp autodetection in tests (GH#54)
Local Packages
Updated drive-google (0.4.0) to build using go modules since the old method no longer works (GH#1144)
Updated perl-B-Keywords to 1.27 as per the Fedora version
Tuesday 28th May 2024
Fedora Project
Updated perl-Cpanel-JSON-XS to 4.38 in Rawhide:
Local Packages
Updated perl-Cpanel-JSON-XS to 4.38 as per the Fedora version
Previous Month: April 2024
Next Month: June 2024