The following Fedora EPEL 8 Security updates need testing:
Age URL
20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-17ae719cb2
syncthing-1.18.6-3.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d431be322b
zabbix40-4.0.39-1.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-0dca326d43
abcm2ps-8.14.13-1.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ad126686cf
python-paramiko-2.4.3-2.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-42af0c4375
libcaca-0.99-0.59.beta20.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
bird-2.0.9-2.el8
libass-0.15.2-1.el8
openssl3-3.0.1-18.el8.1
slop-7.6-5.el8
xrdp-0.9.19-1.el8
Details about builds:
================================================================================
bird-2.0.9-2.el8 (FEDORA-EPEL-2022-dfb03f1d29)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
- Added patch to fix bug in babel iface reconfiguration (#2064465)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 17 2022 Robert Scheck <rob...@fedoraproject.org> - 2.0.9-2
- Added patch to fix bug in babel iface reconfiguration (#2064465)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2064465 - Babel protocol broken in bird-2.0.9
https://bugzilla.redhat.com/show_bug.cgi?id=2064465
--------------------------------------------------------------------------------
================================================================================
libass-0.15.2-1.el8 (FEDORA-EPEL-2022-081cae121c)
Portable library for SSA/ASS subtitles rendering
--------------------------------------------------------------------------------
Update Information:
Update to 0.15.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 23 2022 Nicolas Chauvet <kwiz...@gmail.com> - 0.15.2-1
- Update to 0.15.2
* Thu Jan 20 2022 Fedora Release Engineering <rel...@fedoraproject.org> -
0.14.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <rel...@fedoraproject.org> -
0.14.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <rel...@fedoraproject.org> -
0.14.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
0.14.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> -
0.14.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openssl3-3.0.1-18.el8.1 (FEDORA-EPEL-2022-1edabe7090)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-0778
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 16 2022 Michel Alexandre Salim <sali...@fedoraproject.org> 3.0.1-18.1
- Merge c9s openssl changes to pick up CVE-2022-0778 fix
* Wed Mar 16 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-18
- CVE-2022-0778 fix
- Resolves: rhbz#2062315
* Thu Mar 10 2022 Clemens Lang <cll...@redhat.com> - 1:3.0.1-17
- Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before
setting an allowed digest with EVP_PKEY_CTX_set_signature_md()
- Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch
- Resolves: rhbz#2062640
* Tue Mar 1 2022 Clemens Lang <cll...@redhat.com> - 1:3.0.1-15
- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes
- Resolves: rhbz#2060510
* Fri Feb 25 2022 Clemens Lang <cll...@redhat.com> - 1:3.0.1-14
- Prevent use of SHA1 with ECDSA
- Resolves: rhbz#2031742
* Fri Feb 25 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-13
- OpenSSL will generate keys with prime192v1 curve if it is provided using
explicit parameters
- Resolves: rhbz#1977867
* Thu Feb 24 2022 Peter Robinson <pbrobin...@fedoraproject.org> - 1:3.0.1-12
- Support KBKDF (NIST SP800-108) with an R value of 8bits
- Resolves: rhbz#2027261
* Wed Feb 23 2022 Clemens Lang <cll...@redhat.com> - 1:3.0.1-11
- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures
- Resolves: rhbz#2031742
* Wed Feb 23 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-10
- rebuilt
* Tue Feb 22 2022 Clemens Lang <cll...@redhat.com> - 1:3.0.1-9
- Allow SHA1 usage in HMAC in TLS
- Resolves: rhbz#2031742
* Tue Feb 22 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-8
- OpenSSL will generate keys with prime192v1 curve if it is provided using
explicit parameters
- Resolves: rhbz#1977867
- pkcs12 export broken in FIPS mode
- Resolves: rhbz#2049265
* Tue Feb 22 2022 Clemens Lang <cll...@redhat.com> - 1:3.0.1-8
- Disable SHA1 signature creation and verification by default
- Set rh-allow-sha1-signatures = yes to re-enable
- Resolves: rhbz#2031742
* Thu Feb 3 2022 Sahana Prasad <sah...@redhat.com> - 1:3.0.1-7
- s_server: correctly handle 2^14 byte long records
- Resolves: rhbz#2042011
* Tue Feb 1 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-6
- Adjust FIPS provider version
- Related: rhbz#2026445
* Wed Jan 26 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-5
- On the s390x, zeroize all the copies of TLS premaster secret
- Related: rhbz#2040448
* Fri Jan 21 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-4
- rebuilt
* Fri Jan 21 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.1-3
- KATS tests should be executed before HMAC verification
- Restoring fips=yes for SHA1
- Related: rhbz#2026445, rhbz#2041994
* Thu Jan 20 2022 Sahana Prasad <sah...@redhat.com> - 1:3.0.1-2
- Add enable-buildtest-c++ to the configure options.
- Related: rhbz#1990814
* Tue Jan 18 2022 Sahana Prasad <sah...@redhat.com> - 1:3.0.1-1
- Rebase to upstream version 3.0.1
- Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in
libssl
- Resolves: rhbz#2038910, rhbz#2035148
* Mon Jan 17 2022 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.0-7
- Remove algorithms we don't plan to certify from fips module
- Remove native fipsmodule.cnf
- Related: rhbz#2026445
* Tue Dec 21 2021 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.0-6
- openssl speed should run in FIPS mode
- Related: rhbz#1977318
* Wed Nov 24 2021 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.0-5
- rebuilt for spec cleanup
- Related: rhbz#1985362
* Thu Nov 18 2021 Dmitry Belyavskiy <dbely...@redhat.com> - 1:3.0.0-4
- Embed FIPS HMAC in fips.so
- Enforce loading FIPS provider when FIPS kernel flag is on
- Related: rhbz#1985362
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt()
reachable when parsing certificates
https://bugzilla.redhat.com/show_bug.cgi?id=2062202
--------------------------------------------------------------------------------
================================================================================
slop-7.6-5.el8 (FEDORA-EPEL-2022-f50d06704b)
Command line tool to perform region SeLect OPeration with mouse
--------------------------------------------------------------------------------
Update Information:
Branching slop from Fedora to EPEL-8.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 12 2022 Rajeesh KV <rajeeshknamb...@fedoraproject.org> - 7.6-5
- Enable libXext dependency for RHEL/CentOS
* Thu Feb 10 2022 Orion Poplawski <or...@nwra.com> - 7.6-4
- Rebuild for glew 2.2
* Sat Jan 22 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 7.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Alois Mahdal <amah...@redhat.com> - 7.6-2
- Bumping to allow rebuild with maim.src.rpm
* Mon Sep 13 2021 Alois Mahdal <amah...@redhat.com> - 7.6-1
- Updated upstream to 7.6
* Fri Jul 23 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 7.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Thu May 20 2021 Pete Walter <pwal...@fedoraproject.org> - 7.5-4
- Rebuild for ICU 69
* Wed May 19 2021 Pete Walter <pwal...@fedoraproject.org> - 7.5-3
- Rebuild for ICU 69
* Wed Jan 27 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Oct 29 2020 Alois Mahdal <amah...@redhat.com> - 7.5-1
- Updated upstream to 7.5
* Wed Jul 29 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 7.4-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri May 15 2020 Pete Walter <pwal...@fedoraproject.org> - 7.4-10
- Rebuild for ICU 67
* Mon Mar 16 2020 Alois Mahdal <n9042...@vornet.cz> - 7.4-9
- Fixed BZ#1800099; missing libXext build dependency
* Thu Jan 30 2020 Fedora Release Engineering <rel...@fedoraproject.org> - 7.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 7.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb 2 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 7.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 23 2019 Pete Walter <pwal...@fedoraproject.org> - 7.4-5
- Rebuild for ICU 63
* Thu Aug 23 2018 Nicolas Chauvet <kwiz...@gmail.com> - 7.4-4
- Rebuilt for glew 2.1.0
* Sat Jul 14 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 7.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 10 2018 Pete Walter <pwal...@fedoraproject.org> - 7.4-2
- Rebuild for ICU 62
* Thu Jun 28 2018 Alois Mahdal <n9042...@vornet.cz> 7.4-1
- Initial packaging.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2058954 - Please branch and build slop for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=2058954
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.19-1.el8 (FEDORA-EPEL-2022-3b0faa5cb4)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.9.19 (2022/03/17) General announcements - Running
xrdp and xrdp-sesman on separate hosts is still supported by this release, but
is now deprecated. This is not secure. A future release will replace the TCP
socket used between these processes with a Unix Domain Socket, and then cross-
host running will not be possible. New features - Both inbound and outbound
clipboards can now be restricted for text, files or images [Sponsored by
@CyberTrust @clear-code and @kenhys] (#2087) Bug fixes - CVE-2022-23613:
Privilege escalation on xrdp-sesman (This fix is also in the out-of-band
v0.9.18.1 release) - The versions of imlib2 used on RHEL 7 and 8 are now
detected correctly (#2118) - Some situations where zombie processes could exist
have been resolved (#2146, #2151, #2168) - Some null-pointer exceptions which
can happen in the logging module have been addressed (#2149) - Some minor
logging errors have been corrected (#2152) - The signal handling in sesman has
been reworked to prevent race conditions when a child exits. This has also made
it possible to reliably reload the sesman configuration with SIGHUP (#1729,
#2168) Internal changes - Versions 0.13 and later of checklib can undefine
the pre-processor symbol HAVE_STDINT_H. The xrdp tests now build successfully
against these versions (#2124) - OpenSSL packaging changes (#2130):- - The
OpenSSL 3 EVP interface is now fully supported - When building against OpenSSL
3, an internal implementation of the RC4 cipher is used instead of the
implementation from the OpenSSL legacy provider - The wrapping of the OpenSSL
library has been improved which should make it simpler to provide an alternative
cryptographic provider in the future, if required - The logging of TLS/non-TLS
security negotiation has been improved - cppcheck version used for CI bumped to
2.7 (#2140) - The s_check() macro which is easily mis-used has been removed
(#2144) - Status values for the DRDYNVC channel are now available in
libxrdp/xrdp_channel.h Changes for packagers or developers - On OpenSSL 3
systems, there is now no need to build with the -Wno-error=deprecated-
declarations flag Known issues - On-the-fly resolution change requires the
Microsoft Store version of Remote Desktop client but sometimes crashes on
connect (#1869) - xrdp's login dialog is not relocated at the center of the new
resolution after on-the-fly resolution change happens (#1867)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 17 2022 Bojan Smojver <bo...@rexurive.com> - 1:0.9.19-1
- Bump up to 0.9.19
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
