The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-42af0c4375 libcaca-0.99-0.59.beta20.el8 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1edabe7090 openssl3-3.0.1-18.el8.1 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-883139a5ce openvpn-2.4.12-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing castxml-0.4.5-1.el8 copr-cli-1.99-1.el8 distrobox-1.2.14-1.el8 lagrange-1.11.2-1.el8 python-copr-1.116-1.el8 python-pdfminer-20220319-2.el8 rsh-0.17-94.el8 uARMSolver-0.2.4-1.el8 uglify-js3-3.15.3-1.el8 unrealircd-6.0.2-1.el8 Details about builds: ================================================================================ castxml-0.4.5-1.el8 (FEDORA-EPEL-2022-bb90079d1a) C-family abstract syntax tree XML output tool -------------------------------------------------------------------------------- Update Information: CastXML 0.4.5 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 20 2022 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 0.4.5-1 - Update to version 0.4.5 * Wed Jan 19 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2061959 - castxml-0.4.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2061959 -------------------------------------------------------------------------------- ================================================================================ copr-cli-1.99-1.el8 (FEDORA-EPEL-2022-39e4fd10dc) Command line interface for COPR -------------------------------------------------------------------------------- Update Information: ### python-copr: - add support for resetting fields - allow setting modules in 'edit-chroot' methods ### copr-cli: - add 'edit-chroot --reset' option - add 'edit-chroot --rpmbuild-with{,out}' - add 'edit-chroot --modules' option -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 18 2022 Pavel Raiskup <praiskup@xxxxxxxxxx> 1.99-1 - add 'edit-chroot --reset' option - add 'edit-chroot --rpmbuild-with{,out}' - add 'edit-chroot --modules' option -------------------------------------------------------------------------------- ================================================================================ distrobox-1.2.14-1.el8 (FEDORA-EPEL-2022-a016fbd4e2) Another tool for containerized command line environments on Linux -------------------------------------------------------------------------------- Update Information: Update to 1.2.14 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 21 2022 Alessio <alciregi@xxxxxxxxxxxxxxxxx> 1.2.14-1 - Update to 1.2.14 -------------------------------------------------------------------------------- ================================================================================ lagrange-1.11.2-1.el8 (FEDORA-EPEL-2022-aaf5f62667) A Beautiful Gemini Client -------------------------------------------------------------------------------- Update Information: - Added a keybinding for focusing the URL field. - Sidebar items (bookmarks, feed entries, history) can be middle-clicked to open in a new tab. Holding Shift will open the tab in the foreground. - Flags can be used as link icons. Note that additional fonts and HarfBuzz are required for all the flag symbols to be visible. - Updated UI translations. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 21 2022 Michel Alexandre Salim <salimma@xxxxxxxxxxxxxxxxx> 1.11.2-1 - Update to 1.11.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2065801 - lagrange-1.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2065801 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.116-1.el8 (FEDORA-EPEL-2022-39e4fd10dc) Python interface for Copr -------------------------------------------------------------------------------- Update Information: ### python-copr: - add support for resetting fields - allow setting modules in 'edit-chroot' methods ### copr-cli: - add 'edit-chroot --reset' option - add 'edit-chroot --rpmbuild-with{,out}' - add 'edit-chroot --modules' option -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 18 2022 Pavel Raiskup <praiskup@xxxxxxxxxx> 1.116-1 - add support for resetting fields - allow setting modules in 'edit-chroot' methods -------------------------------------------------------------------------------- ================================================================================ python-pdfminer-20220319-2.el8 (FEDORA-EPEL-2022-501ece2607) Tool for extracting information from PDF documents -------------------------------------------------------------------------------- Update Information: Update to 20220319, and add PDF documentation in a new `python-pdfminer-doc` subpackage. ## 20220319 ### Added - Export type annotations from pypi package per PEP561 ([#679](https://github.com/pdfminer/pdfminer.six/pull/679)) - Support for identity cmap's ([#626](https://github.com/pdfminer/pdfminer.six/pull/626)) - Add support for PDF page labels ([#680](https://github.com/pdfminer/pdfminer.six/pull/680)) - Installation of Pillow as an optional extra dependency ([#714](https://github.com/pdfminer/pdfminer.six/pull/714)) ### Fixed - Hande decompression error due to CRC checksum error ([#637](https://github.com/pdfminer/pdfminer.six/pull/637)) - Regression (since 20191107) in `LTLayoutContainer.group_textboxes` that returned some text lines out of order ([#659](https://github.com/pdfminer/pdfminer.six/pull/659)) - Add handling of JPXDecode filter to enable extraction of images for some pdfs ([#645](https://github.com/pdfminer/pdfminer.six/pull/645)) - Fix extraction of jbig2 files, which was producing invalid files ([#652](https://github.com/pdfminer/pdfminer.six/pull/653)) - Crash in `pdf2txt.py --boxes-flow=disabled` ([#682](https://github.com/pdfminer/pdfminer.six/pull/682)) - Only use xref fallback if `PDFNoValidXRef` is raised and `fallback` is True ([#684](https://github.com/pdfminer/pdfminer.six/pull/684)) - Ignore empty characters when analyzing layout ([#499](https://github.com/pdfminer/pdfminer.six/pull/499)) ### Changed - Replace warnings.warn with logging.Logger.warning in line with [recommended use](https://docs.python.org/3/howto/logging.html#when-to-use-logging) ([#673](https://github.com/pdfminer/pdfminer.six/pull/673)) - Switched from nose to pytest, from tox to nox and from Travis CI to GitHub Actions ([#704](https://github.com/pdfminer/pdfminer.six/pull/704)) ### Removed - Unnecessary return statements without argument at the end of functions ([#707](https://github.com/pdfminer/pdfminer.six/pull/707)) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 21 2022 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> 20220319-2 - Build the documentation * Mon Mar 21 2022 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> 20220319-1 - Update to 20220319 (close RHBZ#2065998) * Mon Mar 21 2022 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> 20211012-5 - Minor spec file style changes * Mon Mar 21 2022 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> 20211012-4 - Use %python3 macro instead of %__python3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2065998 - python-pdfminer-20220319 is available https://bugzilla.redhat.com/show_bug.cgi?id=2065998 -------------------------------------------------------------------------------- ================================================================================ rsh-0.17-94.el8 (FEDORA-EPEL-2022-85bd5fc48f) Clients for remote access commands (rsh, rlogin, rcp) -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2019-7282 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 21 2022 Michal Ruprich <mruprich@xxxxxxxxxx> - 0.17-94 - Fix for CVE-2019-7282 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2065721 - CVE-2019-7282 netkit-rsh: rcp access restriction bypass https://bugzilla.redhat.com/show_bug.cgi?id=2065721 -------------------------------------------------------------------------------- ================================================================================ uARMSolver-0.2.4-1.el8 (FEDORA-EPEL-2022-95cc984b9e) Universal Association Rule Mining Solver -------------------------------------------------------------------------------- Update Information: New release -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 20 2022 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 0.2.4-1 - New upstream's release -------------------------------------------------------------------------------- ================================================================================ uglify-js3-3.15.3-1.el8 (FEDORA-EPEL-2022-f741b435e2) JavaScript parser, mangler/compressor and beautifier toolkit -------------------------------------------------------------------------------- Update Information: UglifyJS 5.15.3 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 20 2022 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.15.3-1 - Update to 3.15.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2062551 - uglify-js-3.15.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2062551 -------------------------------------------------------------------------------- ================================================================================ unrealircd-6.0.2-1.el8 (FEDORA-EPEL-2022-c5da356c8d) Open Source IRC server -------------------------------------------------------------------------------- Update Information: # UnrealIRCd 6.0.2 UnrealIRCd 6.0.2 comes with several nice feature enhancements along with some fixes. It also includes a fix for a crash bug that can be triggered by ordinary users. ## Fixes * Fix crash that can be triggered by regular users if you have any `deny dcc` blocks in the config or any spamfilters with the `d` (DCC) target. * Fix infinite hang on "Loading IRCd configuration" if DNS is not working. For example if the 1st DNS server in `/etc/resolv.conf` is down or refusing requests. * Some `MODE` server-to- server commands were missing a timestamp at the end, even though this is mandatory for modes coming from a server. * The [channeldb](https://www.unrealircd.org/docs/Set_block#set::channeldb) module now converts letter extbans to named extbans (e.g. `~a` to `~account`). Previously it did not, which caused letter extbans to appear in the banlist. Later on, when linking servers, this would cause duplicate entries to appear as well, with both the old and new format. The extbans were still effective though, so this is mostly a visual `+b`/`+e`/`+I` list issue. * Some [Extended Server Bans](https://www.unrealircd.org/docs/Extended_server_bans) were not working correctly for WEBIRC proxies. In particular, a server ban or exempt (ELINE) on `~country:XX` was only checked against the WEBIRC proxy. ## Enhancements * Support for [logging to a channel](https://www.unrealircd.org/docs/Log_block#Logging_to_a_channel). Similar to snomasks but then for channels. * Command line interface changes: * The CLI tool now communicates to the running UnrealIRCd process via a UNIX socket to send commands and retrieve output. * The command `unrealircdctl rehash` will now show the rehash output, including warnings and errors, and return a proper exit code. * The same for `unrealircdctl reloadtls` * The command `unrealircdctl status` to show if UnrealIRCd is running, the version, channel and user count, .. * The command `unrealircdctl genlinkblock` is now [documented](https://www.unrealircd.org/docs/Linking_servers_(genlinkblock)) and is referred to from the [Linking servers tutorial](https://www.unrealircd.org/docs/Tutorial:_Linking_servers). * New option [set::server-notice-show- event](https://www.unrealircd.org/docs/Set_block#set::server-notice-show-event) which can be set to `no` to hide the event information (e.g. `connect.LOCAL_CLIENT_CONNECT`) in server notices. This can be overridden per- oper in the [Oper block](https://www.unrealircd.org/docs/Oper_block) via `oper::server-notice-show-event`. * Support for IRC over UNIX sockets (on the same machine), if you specify a file in the [listen block](https://www.unrealircd.org/docs/Listen_block) instead of an ip/port. This probably won't be used much, but the option is there. Users will show up with a host of `localhost` and IP `127.0.0.1` to keep things simple. * The `MAP` command now shows percentages of users * Add `WHO` option to search clients by time connected (e.g. `WHO <300 t` to search for less than 300 seconds) * Rate limiting of `MODE nick -x` and `-t` via new `vhost-flood` option in [set::anti- flood block](https://www.unrealircd.org/docs/Anti-flood_settings). ## Changes * Update Russian `help.ru.conf`. ## Protocol * `SVSMODE #chan -b nick` will now correctly remove extbans that prevent `nick` from joining. This fixes a bug where it would remove too much (for `~time`) or not remove extbans (most other extbans, e.g. `~account`). `SVSMODE #chan -b` has also been fixed accordingly (remove all bans preventing joins). Note that all these commands do not remove bans that do not affect joins, such as `~quiet` or `~text`. # UnrealIRCd 6.0.1.1 ## Fixes * In 6.0.1.1: extended bans were not properly synced between U5 and U6. This caused missing extended bans on the U5 side (MODE was working OK, this only happened when linking servers) * Text extbans did not have any effect (`+b ~text:censor:*badword*`) * Timed bans were not expiring if all servers on the network were on U6 * Channel mode `+f` could place a timed extban with `~t` instead of `~time` * Crash when unloading any of the vhoaq modules at runtime * Some log messages being wrong (`CHGIDENT`, `CHGNAME`) * Remove confusing high cpu load warning ## Enhancements * Error on unknown snomask in `set::snomask-on-oper` and `oper::snomask`. * TKL add/remove/expire messages now show `[duration: 60m]` instead of the `[expires: ZZZ GMT]` string since that is what people are more interested in and is not affected by time zones. The format in all the 3 notices is also consistent now. # UnrealIRCd 6.0.0 Many thanks (by upstream) to k4be for his help during development, other contributors for their feedback and patches, the people who tested the beta's and release candidates, translators and everyone else who made this release happen! ## Summary UnrealIRCd 6 comes with a completely redone logging system (with optional JSON support), named extended bans, four new IRCv3 features, geoip support and remote includes support built-in. Additionally, things are more customizable such as what gets sent to which snomask. All the +vhoaq channel modes are now modular as well, handy for admins who don't want or need halfops or `+q`/`+a`. For `WHOIS` it is now customizable in detail who gets to see what. A summary of the features is available at [What's new in UnrealIRCd 6](https://www.unrealircd.org/docs/What's_new_in_UnrealIRCd_6). For complete information, continue reading the release notes below. The sections below contain all the details. ## Upgrading from UnrealIRCd 5 When upgrading from UnrealIRCd 5 to 6 then you can use your existing configuration and files. There's no need to start from scratch. However, you will need to make a few updates, see [Upgrading from 5.x to 6.x](https://www.unrealircd.org/docs/Upgrading_from_5.x). ## Enhancements * Completely new log system and snomasks overhaul * Both logging and snomask sending is done by a single logging function * Support for [JSON logging](https://www.unrealircd.org/docs/JSON_logging) to disk, instead of the default text format. JSON logging adds lot of detail to log messages and consistently expands things like *client* with properties like *hostname*, *connected_since*, *reputation*, *modes*, etc. * The JSON data is also sent to all IRCOps who request the `unrealircd.org/json-log` capability. The data is then sent in a message-tag called `unrealircd.org/json-log`. This makes it ideal for client scripts and bots to do automated things. * A new style `log { }` block is used to map what log messages should be logged to disk, and which ones should be sent to snomasks. * The default logging to snomask configuration is in `snomasks.default.conf` which everyone should include from unrealircd.conf. That is, unless you wish to completely reconfigure which logging goes to which snomasks yourself, which is also an option now. * See [Snomasks](https://www.unrealircd.org/docs/Snomasks#UnrealIRCd_6) on the new snomasks - lots of letters changed! * See [FAQ: Converting log { } block](https://www.unrealircd.org/docs/FAQ#old-log-block) on how to change your existing `log { }` blocks for disk logging. * We now have a consistent log format and log messages can be multiline. * Colors are enabled by default in snomask server notices, these can be disabled via [set::server-notice- colors](https://www.unrealircd.org/docs/Set_block#set::server-notice-colors) and also in [oper::server-notice-colors](https://www.unrealircd.org/docs/Oper_block) * Support for [logging to a channel](https://www.unrealircd.org/docs/Log_block#Logging_to_a_channel). Similar to snomasks but then for channels. *Requires UnrealIRCd 6.0.2 or later* * Almost all channel modes are modularized * Only the three list modes (`+b`/`+e`/`+I`) are still in the core * The five level modes (`+vhoaq`) are now also modular. They are all loaded by default but you can blacklist one or more if you don't want them. For example to disable halfop: `blacklist-module chanmodes/halfop`; * Support for compiling without `PREFIX_AQ` has been removed because people often confused it with disabling `+a`/`+q` which is something different. * Named extended bans * Extbans now no longer show up with single letters but with names. For example `+b ~c:#channel` is now `+b ~channel:#channel`. * Extbans are automatically converted from the old to the new style, both from clients and from/to older UnrealIRCd 5 servers. The auto-conversion also works fine with complex extbans such as `+b ~t:5:~q:nick!user@host` to `+b ~time:5:~quiet:nick!user@host`. * New IRCv3 features * [MONITOR](https://ircv3.net/specs/extensions/monitor.html): an alternative for `WATCH` to monitor other users ("notify list"). * draft/extended-monitor: extensions for `MONITOR`, still in draft. * [invite- notify](https://ircv3.net/specs/extensions/invite-notify): report channel invites to other chanops (or users) in a machine readable way. * [setname](https://ircv3.net/specs/extensions/setname.html): notify clients about realname (gecos) changes. * GeoIP lookups can be configured * This shows the country of the user to IRCOps in `WHOIS` and in the "user connecting" line. * By downstream default, no module is loaded. * Options are the `geoip_maxmind` and `geoip_csv` modules. * Configure `WHOIS` output in a very precise way * You can now decide which fields (e.g. modes, geo, certfp, etc) you want to expose to who (everyone, self, oper). * See [set::whois- details](https://www.unrealircd.org/docs/Set_block#set::whois-details) for more details. * We now ship with 3 cloaking modules and you need to load 1 explicitly via `loadmodule`: * `cloak_sha256`: the recommended module for anyone starting a *new* network. It uses the SHA256 algorithm under the hood. * `cloak_md5`: for anyone who is upgrading their network from older UnrealIRCd versions. Use this so your cloaked host bans remain the same. * `cloak_none`: if you don't want any cloaking, not even as an option to your users (rare) * Remote includes are now supported everywhere in the config file. * Support for `https://` fetching is now always available, even if you don't compile with libcurl support. * Anywhere an URL is encountered on its own, it will be fetched automatically. This makes it work not only for includes and motd (which was already supported) but also for any other file. * To prevent something from being interpreted as a remote include URL you can use 'value' instead of "value". * Invite notification: set `set::normal-user- invite-notification yes;` to make chanops receive information about normal users inviting someone to their channel. The name of this setting may change in a later version. * Websocket: you can add a `listen::options::websocket::forward 1.2.3.4` option to make unrealircd accept a `Forwarded` (RFC 7239) header from a reverse proxy connecting from `1.2.3.4` (plans to accept legacy `X-Forwarded- For` and a proxy password too). This feature is currently experimental. ## Changes * TLS cipher and some other information is now visible for remote clients as well, also in `[secure: xyz]` connect line. * Error messages in remote includes use the url instead of a temporary file * Downgrading from UnrealIRCd 6 is only supported down to 5.2.0 (so not lower like 5.0.x). If this is a problem then make a copy of your db files (e.g.: `reputation.db`). ## Removed * `/REHASH -motd` and `-opermotd` are gone, just use `/REHASH` ## Breaking changes See https://www.unrealircd.org/docs/Upgrading_from_5.x, but in short: You can use the unrealircd.conf from UnrealIRCd 5, but you need to make a few changes: * You need to add `include "snomasks.default.conf"`; * You need to load a cloaking module explicitly. Assuming you already have a network then add: `loadmodule "cloak_md5"`; * The log block(s) need to be updated, use something like: ``` log { source { !debug; all; } destination { file "ircd.log" { maxsize 100M; } } } ``` ## Server protocol * When multiple related `SJOIN` messages are generated for the same channel then we now only send the current channel modes (e.g. `+sntk key`) in the first SJOIN and not in the other ones as they are unneeded for the immediate followup SJOINs, they waste unnecessary bytes and CPU. Such messages may be generated when syncing a channel that has dozens of users and/or bans/exempts/invexes. Ideally this should not need any changes in other software, since we already supported such messages in the past and code for handling it exists way back to 3.2.x, but you better check to be sure! * If you send `PROTOCTL NEXTBANS` then you will receive extended bans with Named EXTended BANs instead of letters (e.g.: `+b ~account:xyz`), otherwise you receive them with letters (e.g.: `+b ~a:xyz`). * Some ModData of users is (also) communicated in the UID message while syncing using a message tag that only appears in server-to-server traffic, `s2s-md/moddataname=value`. Thus, data such as operinfo, tls cipher, geoip, certfp, sasl and webirc is communicated at the same time as when a remote connection is added. This makes it that a "connecting from" server notice can include all this information and also so code can make an immediate decission on what to do with the user in hooks. ModData modules need to set `mreq.sync = MODDATA_SYNC_EARLY`; if they want this. Servers of course need to enable `MTAGS` in `PROTOCTL` to see this. * The `SLOG` command is used to broadcast logging messages. This is done for `log::destination` remote, as used in doc/conf/snomasks.default.conf, for example for link errors, oper ups, flood messages, etc. It also includes all JSON data in a message tag when `PROTOCTL MTAGS` is used. * Bounced modes are gone: these were MODEs that started with a `&` which servers were to act on with reversed logic (add becoming remove and vice versa) and never to send something back to that server. In practice this was almost never used and complicated the code (way) too much. ## Client protocol * Extended bans now have names instead of letters. If a client sends the old format with letters (e.g. `+b ~a:XYZ`) then the server will convert it to the new format with names (e.g.: `+b ~account:XYZ`) * Support for `MONITOR` and the other IRCv3 features (see *Enhancements*) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 21 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.0.2-1 - Upgrade to 6.0.2 (#2038245) * Sat Jan 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 6.0.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Dec 31 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.0.1.1-1 - Upgrade to 6.0.1.1 (#2033813) * Thu Dec 30 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.0.1-1 - Upgrade to 6.0.1 (#2033813) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2048669 - unrealircd: Denial of service when a certain command is sent https://bugzilla.redhat.com/show_bug.cgi?id=2048669 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure