Monday 3rd March 2025

Fedora Project

• Updated gtkwave (3.3.121) in F-42 and Rawhide to add dependency on gdk-pixbuf2-modules-extra, needed for XPM support on F-41, EL-10 onwards (GH#417)

• Updated perl-Test-Fixme to 0.17 in F-42 and Rawhide:

  • Skip tests requiring symlinks on Windows, where for newer versions of Strawberry Perl (at least) they are supported, but the environment is not typically configured for them (GH#8, GH#9)

Local Packages

• Updated gtkwave (3.3.121) as per the Fedora version

Thursday 6th March 2025

Fedora Project

• Became co-maintainer of perl-Lockfile-Simple (Bug #2344464)

• Cleaned up and rebuilt perl-Lockfile-Simple (0.208) in F-42 and Rawhide

• Branched and built perl-Lockfile-Simple (0.208) for EPEL-10

Sunday 9th March 2025

Fedora Project

• Updated perl-Net-CIDR to 0.22 in Rawhide:

  • Improve several error messages
  • Allow unabbreviated IPv6 addresses

Local Packages

• Updated perl-Net-CIDR to 0.22 as per the Fedora version

• Rebuilt pptp (1.10.0) for the Fedora_42_Mass_Rebuild

Monday 10th March 2025

Fedora Project

• Updated perl-Business-ISBN-Data to 20250309.001 in F-42 and Rawhide:

  • Data update for 2025-03-09

• Updated perl-Net-CIDR to 0.23 in Rawhide:

  • Allow unabbreviated IPv6 addresses

Local Packages

• Updated perl-Net-CIDR to 0.23 as per the Fedora version

Tuesday 11th March 2025

Local Packages

• Added branch for curl release candidate builds and built curl 8.13.0-rc1 for Rawhide

Wednesday 12th March 2025

Fedora Project

• Updated libssh2 to 1.11.1 in F-40, F-41 and EPEL-10:

  • This update, to the current upstream libssh2 release, addresses a couple of security issues:

    • CVE-2023-6918 (missing checks for return values for digests)

    • CVE-2023-48795 (prefix truncation attack on Binary Packet Protocol (BPP) - "Terrapin")

  • It also removes support for a number of legacy algorithms that were disabled by default or removed from OpenSSH in the 2015-2018 time period; see the RELEASE_NOTES file for full details

  • In addition, there are a large number of bug fixes and enhancements, which again are described in the RELEASE_NOTES file

• Updated perltidy to 20250311 in F-42 and Rawhide (see CHANGES.md for details)

Local Packages

• Updated perl-Perl-Tidy to 20250311 as per the Fedora perltidy package

Thursday 13th March 2025

Local Packages

• Updated curl (8.13.0-rc1) to fix --cert parameter (Bug #2351531)

• Updated libxslt to 1.1.43 and build with --with-plugins:

• Major changes:

  • The non-standard EXSLT crypto extensions and support for dynamically loaded plugins are now disabled by default, but can be enabled by passing --with-crypto or --with-plugins to configure; in a future release, these features will be removed

  • Debug output and the debugger are disabled by default and can be enabled by passing --with-debug or --with-debugger

• Security:

  • Fix use-after-free of XPath context node (CVE-2025-24855)

  • Fix use-after-free related to excluded namespaces (CVE-2024-55549)

• Bug fixes:
  • variables: Fix non-deterministic generated IDs

• libxml2 related clean-up:

  • python: Don't use removed libxml2 macro

  • tests: Skip test_bad.xsl with libxml2 before 2.13

  • python: Don't include nanoftp.h and nanohttp.h

  • tests: Avoid namespace warning on Windows

  • numbers: Stop using libxml2 XPath axis API

  • numbers: Use private copy of xmlCopyCharMultiByte

  • documents: Use xmlCtxtParseDocument if available

  • tests: Make runtest compile with older libxml2 versions

  • utils: Account for libxml2 change

  • tests: Make bug-219.xsl compatible with older libxml2

  • extensions: Always include stdlib.h

  • extensions: Don't use libxml2's "modules" feature

• Code clean-up:

  • numbers: Make static variables const

  • variables: Remove debug code
• Portability:

  • python: Declare init func with PyMODINIT_FUNC

  • exslt: Use C99 NAN macro

• Build:
  • cmake: Always build Python module as shared library
  • cmake: Fix compatibility in package version file

  • configure.ac: Find libgcrypt via pkg-config

Monday 17th March 2025

Fedora Project

• Updated perl-Business-ISBN-Data to 20250315.001 in F-42 and Rawhide:

  • Data update for 2025-03-14

• Updated perl-Path-Tiny to 0.148 in F-42 and Rawhide:

  • Invalid arguments when hash references are expected throw exceptions
  • Fixed problems with exceptions

  • Cross-referenced slurp and lines in documentation

Local Packages

• Updated libxml2 to 2.12.10:

• Security:

  • Fix stack-buffer-overflow in xmlSnprintfElements (CVE-2025-24928)

  • Fix use-after-free after xmlSchemaItemListAdd (CVE-2024-56171)

  • pattern: Fix compilation of explicit child axis
• Regressions:
  • parser: Fix detection of duplicate attributes
• Bug fixes:
  • xpath: Fix parsing of non-ASCII names
• Portability:

  • python: Declare init func with PyMODINIT_FUNC

  • tests: Fix sanitizer version check on old Apple clang

• Build:

  • autotools: Set AC_CONFIG_AUX_DIR

  • cmake: Always build Python module as shared library
  • cmake: Fix compatibility in package version file

• Updated perl-Path-Tiny to 0.148 as per the Fedora version

Tuesday 18th March 2025

Fedora Project

• Updated proftpd to 1.3.8d in F-40, F-41, F-42, Rawhide and EPEL-9:

  • Use of HideNoAccess for SFTP sessions can lead to segfault and/or unexpected behaviour (GH#1855)

  • SFTP channel allocations can lead to high memory utilization over time (GH#1876)

  • Avoid NULL pointer dereferences in mod_ls (GH#1866, CVE-2024-57392)

Local Packages

• Updated curl (rc) to new upstream release candidate 8.13.0-rc2

• Updated proftpd to 1.3.8d as per the Fedora version

Wednesday 19th March 2025

Fedora Project

• Updated perl-ExtUtils-Depends to 0.8002 in F-42 and Rawhide:

  • Fix UNC path bug (CPAN RT#102436)

  • Fix get_makefile_vars losing path components if space-quoted and more than one dependency, which was breaking CPAN module "true" - dependent on two modules

• Updated proftpd to 1.3.9 in F-42, Rawhide and EPEL-10:

  • See RELEASE_NOTES for details)

• Updated mod_proxy to 0.9.5:

  • Implemented new IgnoreForeignAddress ProxyOption

  • Fixed passive data transfers to backend IPv4 address when IPv6 support is enabled

Local Packages

• Updated perl-ExtUtils-Depends to 0.8002 as per the Fedora version

• Updated proftpd to 1.3.9 and mod_proxy to 0.9.5 as per the Fedora version

Saturday 22nd March 2025

Fedora Project

• Updated perl-Business-ISBN-Data to 20250322.001 in Rawhide:

  • Data update for 2025-03-21

Local Packages

• Updated perl-Module-CoreList to 5.20250321:

  • Updated for v5.41.10

Monday 24th March 2025

Fedora Project

• Became maintainer of perl-DateTime-Format-XSD

• Cleaned up and rebuilt perl-DateTime-Format-XSD (0.4) in Rawhide

Local Packages

• Updated libidn to 1.43:

  • The release tarball is now reproducible

  • We publish a minimal source-only tarball generated by 'git archive', containing only the files stored in version controlled sources, and no auxiliary files

  • A use of uninitialized value bug was fixed in idna_to_unicode_4z4z; if the call to idna_to_unicode_44i failed due to an out of memory condition (malloc() returning NULL) then the code would copy the content of allocated but uninitialized memory into the output buffer; the bug was found using GCC's static analyzer

  • The C# Libidn.dll can now be built with .NET as well as Mono/SSCLI

  • Fix self-check tst-version due to broken strverscmp on Windows/musl

  • The release tarball uses tar --format=ustar

  • The idn tool now binds the "gnulib" domain for translations

  • Unicode tables are now rebuilt from source again
  • Update gnulib files and build fixes

• Updated unrar to 7.11

Wednesday 26th March 2025

Fedora Project

• Updated perl-Net-SSLeay (1.94) in Rawhide to fix test suite compatibility with OpenSSL 3.4 (GH#514)

Local Packages

• Updated perl-Net-SSLeay (1.94) as per the Fedora version

Thursday 27th March 2025

Local Packages

• Updated curl (rc) to new upstream release candidate 8.13.0-rc3

• Updated perl-DateTime-TimeZone to 2.65:

  • This release is based on version 2025b of the Olson database
  • Contemporary changes for Chile

Saturday 29th March 2025

Local Packages

• Rebuilt perl-Compress-Raw-Lzma against xz 5.8.0 in Rawhide

• Updated perl-Pod-Coverage-TrustMe to 0.002001:

  • Encode test output when needed to avoid wide character warnings

  • Fix tests when Pod::Coverage is installed but not Test::Pod::Coverage

Sunday 30th March 2025

Fedora Project

• Updated perl-Test-Simple to 1.302210 in F-42 and Rawhide:

  • Fix typo in Test2::Util::Trace docs

  • Documentation fixes throughout for affect vs. effect

  • Test2::Tools::Warnings warns called in void context

  • Remove unnecessary empty list assignments

  • Calculate CAN_SIGSYS when called rather than as a constant

• Updated perl-Tree-DAG_Node to 1.33 in F-42 and Rawhide:

  • Replace the discouraged File::Slurp::Tiny with File::Slurper

  • Add a security policy file SECURITY.md

  • Update Makefile.PL to include both ExtUtils::MakeMaker and perl

Local Packages

• Updated perl-Test-Simple to 1.302210 as per the Fedora version

• Updated perl-Tree-DAG_Node to 1.33 as per the Fedora version

Monday 31st March 2025

Local Packages

• Updated perl-Type-Tiny to 2.008000:

  • Added: The 'signature_for' function in Type::Params now includes most of the functionality of Return::Type (a separate CPAN distribution not bundled with Type::Tiny)

  • Added: The 'signature_for' function in Type::Params now returns a value, though in most contexts you'll probably want to call it in void context anyway

  • Added: New Type::Params feature 'list_to_named' automatically extracts named parameters from a list of positional arguments

  • Added: Type::Params optionally exports two shortcut keywords: 'signature_for_func' and 'signature_for_method'; the exact behaviour of these may change in the future

  • Added: New Type::Params feature 'allow_dash' automatically supports '-foo' as an alias for 'foo'

  • Added: Types::Standard::Dict::combine() function

  • The 'goto_next' option in 'Type::Params' is now just called 'next'; the original name is still supported for backwards compatibility

  • Added: Error::TypeTiny::WrongNumberOfParameters now has a 'target' attribute indicating what thing you provided the wrong number of parameters for

  • Added: There's now a Type::Tiny::check_parameter_count_for_parameterized_type utility function intended to be used for parameterizable types to throw an error when parameterized with the wrong number of parameters

  • Added: Type::Params now has a per-parameter 'default_on_undef' option

  • Added: Types::Standard::ArrayRef can now export shortcuts for parameterized versions of the ArrayRef type constraint

  • Added: Types::Standard::CycleTuple can now export shortcuts for parameterized versions of the CycleTuple type constraint

  • Added: Types::Standard::Dict can now export shortcuts for parameterized versions of the Dict type constraint

  • Added: Types::Standard::HashRef can now export shortcuts for parameterized versions of the HashRef type constraint

  • Added: Types::Standard::Map can now export shortcuts for parameterized versions of the Map type constraint

  • Added: Types::Standard::ScalarRef can now export shortcuts for parameterized versions of the ScalarRef type constraint

  • Added: Types::Standard::StrMatch can now export shortcuts for parameterized versions of the StrMatch type constraint

  • Added: Types::Standard::Tuple can now export shortcuts for parameterized versions of the Tuple type constraint

  • Added: When creating 'multi' signatures with Type::Params, the different alternatives can now be given a string identifier

  • Type::Params 'named_to_list' option now accepts blessed boolean objects; certain other options should be more permissive accepting them too

  • Types::TypeTiny::BoolLike now accepts boolean.pm's bools

  • Parameterizable types defined by Types::Standard, Types::Common::String, Types::Common::Numeric, and Type::Params will throw an Error::TypeTiny::WrongNumberOfParameters exception if parameterized with the wrong number of parameters

  • Passing unknown options to Type::Params functions will now result in warnings

• Bug Fixes:

  • If Perl has been built with -Dusequadmath then cowardly refuse to use Type::Tiny::XS's implementation of is_Int

  • Localize $@ before stringifying Error::TypeTiny objects

  • Expressing return types for Type::Params as strings now works as documented

  • Warnings for unknown Type::Params signature options introduced in 2.007_008 broke Mite, which passes it 'mite_signature' and 'is_wrapper' options and checks no warnings are thrown in its test suite; those options are now silently allowed, even though Type::Params makes no use of them <https://metacpan.org/dist/Mite>

• Test Suite:

  • Improved tests for the 'ArgsObject' type constraint that is optionally exported by Type::Params

  • Improved tests for the 'goto_next' feature of Type::Params

• Documentation:
  • Update most examples to use features (postfix derefs, sub signatures) from more modern versions of Perl that allow for cleaner, tidier code
  • Minor pod fixed and improvements
  • Update copyright dates to 2025

  • Major rewrite of 'Type::Params' documentation to prioritize 'signature_for' and modern Perl, and some corresponding adjustments to 'Type::Tiny::Manual'

  • Use Perl's new 'try' feature instead of Try::Tiny in SYNOPSIS for Error::TypeTiny

  • Fix documentation for the coercion_generator attribute of Type::Tiny

• Updated sendmail (8.18.1):

  • Add sysusers.d config file to allow rpm to create users/groups automatically

  • Build with gnu17 C standard (Bug #2336394)

  • Move files managed by alternatives back to /usr/sbin