The following Fedora EPEL 8 Security updates need testing: Age URL 20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-17ae719cb2 syncthing-1.18.6-3.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d431be322b zabbix40-4.0.39-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-0dca326d43 abcm2ps-8.14.13-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-ad126686cf python-paramiko-2.4.3-2.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-42af0c4375 libcaca-0.99-0.59.beta20.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing bird-2.0.9-2.el8 libass-0.15.2-1.el8 openssl3-3.0.1-18.el8.1 slop-7.6-5.el8 xrdp-0.9.19-1.el8 Details about builds: ================================================================================ bird-2.0.9-2.el8 (FEDORA-EPEL-2022-dfb03f1d29) BIRD Internet Routing Daemon -------------------------------------------------------------------------------- Update Information: - Added patch to fix bug in babel iface reconfiguration (#2064465) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 2.0.9-2 - Added patch to fix bug in babel iface reconfiguration (#2064465) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2064465 - Babel protocol broken in bird-2.0.9 https://bugzilla.redhat.com/show_bug.cgi?id=2064465 -------------------------------------------------------------------------------- ================================================================================ libass-0.15.2-1.el8 (FEDORA-EPEL-2022-081cae121c) Portable library for SSA/ASS subtitles rendering -------------------------------------------------------------------------------- Update Information: Update to 0.15.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 23 2022 Nicolas Chauvet <kwizart@xxxxxxxxx> - 0.15.2-1 - Update to 0.15.2 * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.14.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ openssl3-3.0.1-18.el8.1 (FEDORA-EPEL-2022-1edabe7090) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-0778 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 16 2022 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> 3.0.1-18.1 - Merge c9s openssl changes to pick up CVE-2022-0778 fix * Wed Mar 16 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-18 - CVE-2022-0778 fix - Resolves: rhbz#2062315 * Thu Mar 10 2022 Clemens Lang <cllang@xxxxxxxxxx> - 1:3.0.1-17 - Fix invocation of EVP_PKEY_CTX_set_rsa_padding(RSA_PKCS1_PSS_PADDING) before setting an allowed digest with EVP_PKEY_CTX_set_signature_md() - Skipping 3.0.1-16 due to version numbering confusion with the RHEL-9.0 branch - Resolves: rhbz#2062640 * Tue Mar 1 2022 Clemens Lang <cllang@xxxxxxxxxx> - 1:3.0.1-15 - Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes - Resolves: rhbz#2060510 * Fri Feb 25 2022 Clemens Lang <cllang@xxxxxxxxxx> - 1:3.0.1-14 - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742 * Fri Feb 25 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-13 - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 * Thu Feb 24 2022 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 1:3.0.1-12 - Support KBKDF (NIST SP800-108) with an R value of 8bits - Resolves: rhbz#2027261 * Wed Feb 23 2022 Clemens Lang <cllang@xxxxxxxxxx> - 1:3.0.1-11 - Allow SHA1 usage in MGF1 for RSASSA-PSS signatures - Resolves: rhbz#2031742 * Wed Feb 23 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-10 - rebuilt * Tue Feb 22 2022 Clemens Lang <cllang@xxxxxxxxxx> - 1:3.0.1-9 - Allow SHA1 usage in HMAC in TLS - Resolves: rhbz#2031742 * Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-8 - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - Resolves: rhbz#1977867 - pkcs12 export broken in FIPS mode - Resolves: rhbz#2049265 * Tue Feb 22 2022 Clemens Lang <cllang@xxxxxxxxxx> - 1:3.0.1-8 - Disable SHA1 signature creation and verification by default - Set rh-allow-sha1-signatures = yes to re-enable - Resolves: rhbz#2031742 * Thu Feb 3 2022 Sahana Prasad <sahana@xxxxxxxxxx> - 1:3.0.1-7 - s_server: correctly handle 2^14 byte long records - Resolves: rhbz#2042011 * Tue Feb 1 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-6 - Adjust FIPS provider version - Related: rhbz#2026445 * Wed Jan 26 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-5 - On the s390x, zeroize all the copies of TLS premaster secret - Related: rhbz#2040448 * Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-4 - rebuilt * Fri Jan 21 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.1-3 - KATS tests should be executed before HMAC verification - Restoring fips=yes for SHA1 - Related: rhbz#2026445, rhbz#2041994 * Thu Jan 20 2022 Sahana Prasad <sahana@xxxxxxxxxx> - 1:3.0.1-2 - Add enable-buildtest-c++ to the configure options. - Related: rhbz#1990814 * Tue Jan 18 2022 Sahana Prasad <sahana@xxxxxxxxxx> - 1:3.0.1-1 - Rebase to upstream version 3.0.1 - Fixes CVE-2021-4044 Invalid handling of X509_verify_cert() internal errors in libssl - Resolves: rhbz#2038910, rhbz#2035148 * Mon Jan 17 2022 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.0-7 - Remove algorithms we don't plan to certify from fips module - Remove native fipsmodule.cnf - Related: rhbz#2026445 * Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.0-6 - openssl speed should run in FIPS mode - Related: rhbz#1977318 * Wed Nov 24 2021 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.0-5 - rebuilt for spec cleanup - Related: rhbz#1985362 * Thu Nov 18 2021 Dmitry Belyavskiy <dbelyavs@xxxxxxxxxx> - 1:3.0.0-4 - Embed FIPS HMAC in fips.so - Enforce loading FIPS provider when FIPS kernel flag is on - Related: rhbz#1985362 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates https://bugzilla.redhat.com/show_bug.cgi?id=2062202 -------------------------------------------------------------------------------- ================================================================================ slop-7.6-5.el8 (FEDORA-EPEL-2022-f50d06704b) Command line tool to perform region SeLect OPeration with mouse -------------------------------------------------------------------------------- Update Information: Branching slop from Fedora to EPEL-8. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 12 2022 Rajeesh KV <rajeeshknambiar@xxxxxxxxxxxxxxxxx> - 7.6-5 - Enable libXext dependency for RHEL/CentOS * Thu Feb 10 2022 Orion Poplawski <orion@xxxxxxxx> - 7.6-4 - Rebuild for glew 2.2 * Sat Jan 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Alois Mahdal <amahdal@xxxxxxxxxx> - 7.6-2 - Bumping to allow rebuild with maim.src.rpm * Mon Sep 13 2021 Alois Mahdal <amahdal@xxxxxxxxxx> - 7.6-1 - Updated upstream to 7.6 * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Thu May 20 2021 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 7.5-4 - Rebuild for ICU 69 * Wed May 19 2021 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 7.5-3 - Rebuild for ICU 69 * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Thu Oct 29 2020 Alois Mahdal <amahdal@xxxxxxxxxx> - 7.5-1 - Updated upstream to 7.5 * Wed Jul 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.4-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri May 15 2020 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 7.4-10 - Rebuild for ICU 67 * Mon Mar 16 2020 Alois Mahdal <n9042e84@xxxxxxxxx> - 7.4-9 - Fixed BZ#1800099; missing libXext build dependency * Thu Jan 30 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Feb 2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Jan 23 2019 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 7.4-5 - Rebuild for ICU 63 * Thu Aug 23 2018 Nicolas Chauvet <kwizart@xxxxxxxxx> - 7.4-4 - Rebuilt for glew 2.1.0 * Sat Jul 14 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jul 10 2018 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 7.4-2 - Rebuild for ICU 62 * Thu Jun 28 2018 Alois Mahdal <n9042e84@xxxxxxxxx> 7.4-1 - Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2058954 - Please branch and build slop for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=2058954 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.19-1.el8 (FEDORA-EPEL-2022-3b0faa5cb4) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.19 (2022/03/17) General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross- host running will not be possible. New features - Both inbound and outbound clipboards can now be restricted for text, files or images [Sponsored by @CyberTrust @clear-code and @kenhys] (#2087) Bug fixes - CVE-2022-23613: Privilege escalation on xrdp-sesman (This fix is also in the out-of-band v0.9.18.1 release) - The versions of imlib2 used on RHEL 7 and 8 are now detected correctly (#2118) - Some situations where zombie processes could exist have been resolved (#2146, #2151, #2168) - Some null-pointer exceptions which can happen in the logging module have been addressed (#2149) - Some minor logging errors have been corrected (#2152) - The signal handling in sesman has been reworked to prevent race conditions when a child exits. This has also made it possible to reliably reload the sesman configuration with SIGHUP (#1729, #2168) Internal changes - Versions 0.13 and later of checklib can undefine the pre-processor symbol HAVE_STDINT_H. The xrdp tests now build successfully against these versions (#2124) - OpenSSL packaging changes (#2130):- - The OpenSSL 3 EVP interface is now fully supported - When building against OpenSSL 3, an internal implementation of the RC4 cipher is used instead of the implementation from the OpenSSL legacy provider - The wrapping of the OpenSSL library has been improved which should make it simpler to provide an alternative cryptographic provider in the future, if required - The logging of TLS/non-TLS security negotiation has been improved - cppcheck version used for CI bumped to 2.7 (#2140) - The s_check() macro which is easily mis-used has been removed (#2144) - Status values for the DRDYNVC channel are now available in libxrdp/xrdp_channel.h Changes for packagers or developers - On OpenSSL 3 systems, there is now no need to build with the -Wno-error=deprecated- declarations flag Known issues - On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869) - xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 17 2022 Bojan Smojver <bojan@xxxxxxxxxxxx> - 1:0.9.19-1 - Bump up to 0.9.19 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
