PaulHowarth/Blog/2024-07-08

Monday 8th July 2024

Fedora Project

  • Updated perl-IO-Socket-SSL to 2.087 in Rawhide:

    • Internal optimzation: implement _touch_entry in session cache instead of using del+add

    • Support for PSK, see SSL_psk in documentation

Local Packages

  • Updated c-ares to 1.32.1:

  • This is a feature and bugfix release
  • Features:

    • Add support for DNS 0x20 to help prevent cache poisoning attacks, enabled by specifying 'ARES_FLAG_DNS0x20', disabled by default (GH#800)

    • Rework query timeout logic to automatically adjust timeouts based on network conditions; the timeout specified is now only used as a hint until there is enough history to calculate a more valid timeout (GH#794)

  • Changes:

    • Enable Query Cache by default (GH#786)

    • DNS RR TXT strings should not be automatically concatenated as there are use cases outside of RFC 7208; in order to maintain ABI compliance, the ability to retrieve TXT strings concatenated is retained as well as a new API to retrieve the individual strings, which restores behaviour from c-ares 1.20.0 (GH#801)

    • Clean up header inclusion logic to make hacking on code easier (GH#797)

    • GCC/Clang: Enable even more strict warnings to catch more coding flaws

    • MSVC: Enable '/W4' warning level (GH#792)

  • Bugfixes:

    • Enhance Windows DNS configuration change detection to also detect manual DNS configuration changes (GH#785)

    • Various legacy MacOS Build fixes (GH#782)

    • Ndots value of zero in resolv.conf was not being honoured

    • Watt-32 build support had been broken for some time (GH#781)

    • Distribute 'ares_dns_rec_type_tostr' manpage (GH#778)

    • Tests: Fix thread race condition in test cases for EventThread (GH#803)

    • Windows: Fix building with UNICODE (GH#802)

    • Thread Safety: 'ares_timeout()' was missing lock

    • Fix building with DJGPP (32-bit protected mode DOS) (GH#789)

    • Channel lock needs to be recursive to ensure calls into c-ares functions can be made from callbacks, otherwise deadlocks will occur (fixes regression introduced in 1.32.0)

  • Updated perl-IO-Socket-SSL to 2.087 as per the Fedora version

  • Updated perl-Module-CoreList to 5.20240702:

    • Updated for v5.41.0 and v5.41.1

Recent