PaulHowarth/Blog/2025-06

Paul's Blog Entries for June 2025

Tuesday 3rd June 2025

Fedora Project

  • Updated perl-IO-Socket-SSL to 2.090 in Rawhide:

    • Fix OCSP live test after Let's Encrypt has disabled OCSP support (GH#169)

    • public_suffix now preserves trailing dot (GH#167)

Local Packages

  • Updated perl-IO-Socket-SSL to 2.090 as per the Fedora version

Wednesday 4th June 2025

Fedora Project

  • Updated curl to 8.14.1:

    • asyn-thrdd: Fix clean-up when RR fails due to OOM

    • autotools: Recognize more Linux targets when setting '-D_GNU_SOURCE'

    • BUG-BOUNTY.md: Mention the medium bounty amount in 2025

    • cmake: Fix missed version number for multi-pkg-config detections
    • cmdline-docs: Mention HTTP resumed uploads to be shaky

    • curl: make -N handled correctly

    • curl: Upload from '.' fix

    • dllmain: Exclude from Cygwin builds

    • docs/tests: Remove mention of hyper

    • docs: Fix typos

    • ftp: Fix tear-down of DATA connection in done

    • http: Fail early when rewind of input failed when following redirects
    • license: Update some copyright links to curl.se

    • memanalyze.pl: Fix getaddrinfo/freeaddrinfo checks

    • misc: Fix spelling

    • misc: We write an IPv6 address

    • multi: Fix add_handle resizing

    • spelling: 'a' vs. 'an'
    • spelling: Call it null-terminate consistently

    • test1510: Fix expectation

    • tests: Await portfile to be complete

    • tests: Fix checks for https-mtls proto

    • tests: Improve server start reliability

    • tests: Move test docs into /docs

    • tests: Re-enable 1510, document heimdal memleak
    • tests: Test mtls also with clientAuth EKU only

    • tests: Test mtls with --insecure

    • tls BIOs: Handle BIO_CTRL_EOF correctly

    • tool_getparam: Make --no-anyauth not be accepted

    • tool_getparam: Refactored, simplified

    • tool_getparam: Remove two nextarg NULL checks

    • VULN-DISCLOSURE-POLICY.md: The distros list wants ≤ 7 days embargo

    • wolfssl: Fix sending of early data

    • ws: Handle blocked sends better (CVE-2025-5399)

    • ws: Tests and fixes

Friday 6th June 2025

Fedora Project

  • Updated perl-Business-ISBN-Data to 20250605.001 in Rawhide:

    • Data update for 2025-06-05

  • Updated perl-File-Find-Rule to 0.35 in EPEL-10.0 and EPEL-10.1:

    • Use 3-argument version of open() to avoid arbitrary code execution vulnerability (GH#4, CVE-2011-10007)

Local Packages

  • Updated perl-File-Find-Rule to 0.35 as per the EPEL version

Sunday 8th June 2025

Fedora Project

  • Updated perl-Modern-Perl to 1.20250607 in Rawhide:

    • Update for 2025 year bundle
    • Enhance documentation to discourage this module for v5.38 and newer

Previous Month: May 2025

Recent