Fedora EPEL 8 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d55abd83c7   perl-HTML-StripScripts-1.06-22.el8
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e14003b86d   syncthing-1.23.5-1.el8
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3dd846c7ab   radare2-5.8.6-1.el8
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c018b37680   chromium-114.0.5735.106-1.el8


The following builds have been pushed to Fedora EPEL 8 updates-testing

    iniparser-4.1-6.el8
    ipv6calc-4.1.0-70.el8
    libmd-1.1.0-1.el8
    trafficserver-9.2.1-1.el8
    unrealircd-6.1.1-1.el8
    whichfont-1.0.6-1.el8
    xstream-1.4.20-1.el8

Details about builds:


================================================================================
 iniparser-4.1-6.el8 (FEDORA-EPEL-2023-f48765fe4c)
 C library for parsing "INI-style" files
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-33461
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 14 2023 David Cantrell <dcantrell@xxxxxxxxxx> - 4.1-6
- Fix for CVE-2023-33461 (BZ#2211620)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2211618 - CVE-2023-33461 iniparser: NULL pointer cause crash in iniparser_getboolean
        https://bugzilla.redhat.com/show_bug.cgi?id=2211618
--------------------------------------------------------------------------------


================================================================================
 ipv6calc-4.1.0-70.el8 (FEDORA-EPEL-2023-16ac76f320)
 IPv6 address format change and calculation utility
--------------------------------------------------------------------------------
Update Information:

add support for IP2Location DB-26
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 13 2023 Peter Bieringer <pb@xxxxxxxxxxxx> - 4.1.0-70
- Increase build requirement IP2Location 8.6.0 to support new DB-26
- Final release 4.1.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2214164 - ipv6calc-4.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2214164
--------------------------------------------------------------------------------


================================================================================
 libmd-1.1.0-1.el8 (FEDORA-EPEL-2023-57e88a83df)
 Library that provides message digest functions from BSD systems
--------------------------------------------------------------------------------
Update Information:

# libmd 1.1.0    * man: Add new libmd(7) man page   * doc: Move mailing list
reference to the end   * build: Fix version script linker support detection   *
build: Fix `configure.ac` indentation   * build: Require automake 1.11   *
build: Rename `libmd_alias()` to `libmd_strong_alias()`   * Remove unused
`<assert.h>`   * Sync MD2 changes from NetBSD   * Sync MD4 changes from OpenBSD
* Sync MD5 changes from OpenBSD   * Sync RMD160 changes from OpenBSD   * Sync
SHA1 changes from OpenBSD   * Sync SHA2 changes from OpenBSD   * test: Add a new
`test_eq()` helper function   * test: Add cases for SHA224 and SHA512-256   *
build: Terminate lists in variables with `# EOL`
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 14 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.1.0-1
- Upgrade to 1.1.0 (#2214865)
* Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2214865 - libmd-1.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2214865
--------------------------------------------------------------------------------


================================================================================
 trafficserver-9.2.1-1.el8 (FEDORA-EPEL-2023-600bc2a0d2)
 Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:

Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631,
CVE-2023-33933
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 13 2023 Jered Floyd <jered@xxxxxxxxxx> 9.2.1-1
- Update to upstream 9.2.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2213425 - trafficserver-9.2.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2213425
  [ 2 ] Bug #2214995 - CVE-2022-47184 trafficserver: The TRACE method can be used to disclose network information [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2214995
  [ 3 ] Bug #2214999 - CVE-2023-30631 trafficserver: Configuration option to block the PUSH method in ATS didn't work [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2214999
  [ 4 ] Bug #2215003 - CVE-2023-33933 trafficserver: s3_auth plugin problem with hash calculation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2215003
--------------------------------------------------------------------------------


================================================================================
 unrealircd-6.1.1-1.el8 (FEDORA-EPEL-2023-ea9a5c8178)
 Open Source IRC server
--------------------------------------------------------------------------------
Update Information:

# UnrealIRCd 6.1.1  UnrealIRCd 6.1.1 comes with various bug fixes and
performance improvements, especially for channels with thousands of users.  It
also has more options to override settings per security group, for example if
you want to give trusted users or bots more rights or higher flood rates than
regular users. All these options are now in a single [Special
users](https://www.unrealircd.org/docs/Special_users) article on the UnrealIRCd
wiki.  Other notable features are better connection errors to SSL/TLS users and
a new `proxy { }` block for websocket reverse proxies.  ## Enhancements * Two
new features that are conditionally on:   * SSL/TLS users will now correctly
receive the error message if they are rejected due to throttling (connect-flood)
and some other situations.   * DNS lookups are done before throttling. This
allows exempting a hostname from both maxperip and connect-flood restrictions.
A good example for IRCCloud would be:     ```     except ban {         mask
*.irccloud.com;         type { maxperip; connect-flood; }     }     ```   * Both
features are temporarily disabled whenever a [high rate of connection
attempts](https://www.unrealircd.org/docs/FAQ#hi-conn-rate) is detected, to save
CPU and other resources during such an attack. The default rate is 1000 per
second, so this would be unusual to trigger accidentally. * It is now possible
to override some set settings per-security group by having a set block with a
name, like `set unknown-users { }`   * You could use this to set more
limitations for unknown-users:     ```     set unknown-users {             max-
channels-per-user 5;             static-quit "Quit";             static-part
yes;     }     ```   * Or to set higher values (higher than the normal set
block) for trusted users:     ```     security-group trusted-bots {
account { BotOne; BotTwo; }     }     set trusted-bots {             max-
channels-per-user 25;     }     ```   * Currently the following settings can be
used in a `set xxx { }` block: `set::auto-join`, `set::modes-on-connect`,
`set::restrict-usermodes`, `set::max-channels-per-user`, `set::static-quit`,
`set::static-part.`   * See also [Special
users](https://www.unrealircd.org/docs/Special_users) in the documentation for
applying settings to a security groups. * New [`proxy { }`
block](https://www.unrealircd.org/docs/Proxy_block) that can be used for
spoofing IP addresses when:   * Reverse proxying websocket connections (eg. via
NGINX, a load balancer or other reverse proxy)   * WEBIRC/CGI:IRC gateways. This
will replace the old `webirc { }` block in the future, though the old one will
still work for now. * New setting [`set::handshake-boot-
delay`](https://www.unrealircd.org/docs/Set_block#set%3A%3Ahandshake-boot-delay)
which allows server linking autoconnects to kick in (and incoming servers on
serversonly ports), before allowing clients in. This potentially avoids part of
the mess when initially linking on-boot. This option is not turned on by
default, you have to set it explicitly.   * This is not a useful feature on
hubs, as they don't have clients.   * It can be useful on client servers, if you
`autoconnect` to your hub.   * If you connect services to a server with clients
this can be useful as well, especially in single-server setups. You would have
to set a low `retrywait` in your anope conf (or similar services package) of
like `5s` instead of the default `60s`. Then after an IRCd restart, your
services link in before your clients and your IRC users have SASL available
straight from the start. * JSON-RPC:   * New call
[`log.list`](https://www.unrealircd.org/docs/JSON-RPC:Log#log.list) to fetch
past 1000 log entries. This functionality is only loaded if you include
`rpc.modules.default.conf`, so not wasting any memory on servers that are not
used for JSON-RPC.  ## Changes * [`set::topic-
setter`](https://www.unrealircd.org/docs/Set_block#set::topic-setter) and
[`set::ban-setter`](https://www.unrealircd.org/docs/Set_block#set::ban-setter)
are now by default set to `nick-user-host` instead of `nick`, so you can see the
full nick!user@host of who set the topic/ban/exempt/invex. * Some small DNS
performance improvements:   * We now 'negatively cache' unresolved hosts for 60
seconds.   * The maximum number of cached records (positive and negative) was
raised to 4096.   * We no longer use "search domains" to avoid silly lookups for
like `4.3.2.1.dnsbl.dronebl.org.mydomain.org`. * Data buffer chunks bumped from
512 bytes to ~4K. This results in less write calls (lower CPU usage) and more
data per TCP/IP packet. * We now cache sending of lines in `sendto_channel` via
a new "LineCache" system. It saves CPU on (very) large channels. * Several other
performance improvements such as checking maxperip via a hash table and faster
invisibility checks for delayjoin. * Blacklist hits are now logged globally.
This means they show up in snomask `B`, are logged, and show up in the webpanel
"Logs" view. * The event `REMOTE_CLIENT_JOIN` was mass-triggered when servers
were syncing. They are now hidden, like `REMOTE_CLIENT_CONNECT`.  ## Fixes *
Crash when removing a `listen { }` block for websocket or rpc (or changing the
port number) * When using the webpanel, if an IRC client tried to connect with
the same IP as the webpanel server, it would often receive the error "Too many
unknown connections". This only affected non-localhost connections. * The
[`require module` block](https://www.unrealircd.org/docs/Require_module_block)
was only checked of one side of the link, thus partially not working.  ##
Removed * [`set::maxbanlength`](https://www.unrealircd.org/docs/Set_block#set::m
axbanlength) has been removed as it was not deemed useful and only confusing to
users and admins.  ## Developers and protocol * Server to server lines can now
be 16384 bytes in size when `PROTOCTL BIGLINES` is set. This will allow us to do
things more efficiently and possibly raise some other limits in the future. This
16k is the size of the complete line, including sender, message tags, content
and `\r\n`. Also, in server-to-server traffic we now allow 30 parameters
(`MAXPARA`*2).    The original input size limits for non-servers remain the
same: the complete line can be 4k+512, with the non-mtag portion limit set at
512 bytes (including `\r\n`), and `MAXPARA` is still 15 as well. * In command
handlers, individual `parv[]` elements can be 510 bytes max, even if they add up
like `parv[1]` and `parv[2]` both being 510 bytes each. If you need more than
that, then you need to set the flag `CMD_BIGLINES` in `CommandAdd()`, then an
individual parameter can be near ~16k. This is so, because a lot of the code
does not expect parameters bigger than 512 bytes (but can still handle the total
of parameters being greater than 512). The new flag allows gradually opting in
commands to allow bigger parameters, after such code has been checked and
modified to handle it.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 14 2023 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.1.1-1
- Upgrade to 6.1.1 (#2211354)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2211354 - unrealircd-6.1.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2211354
--------------------------------------------------------------------------------


================================================================================
 whichfont-1.0.6-1.el8 (FEDORA-EPEL-2023-a5b6f16ddc)
 Querying Fontconfig
--------------------------------------------------------------------------------
Update Information:

help section changed
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 13 2023 Sudip Shil <sshil@xxxxxxxxxx> - 1.0.6-1
- help section changed
--------------------------------------------------------------------------------


================================================================================
 xstream-1.4.20-1.el8 (FEDORA-EPEL-2023-3e2af74f4d)
 Java XML serialization library
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2021-43859, CVE-2022-40151, CVE-2022-41966
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 20 2023 Didik Supriadi <didiksupriadi41@xxxxxxxxxxxxxxxxx> - 1.4.20-1
- New upstream release 1.4.20
* Sat Jan 29 2022 Didik Supriadi <didiksupriadi41@xxxxxxxxxxxxxxxxx> - 1.4.19-1
- New upstream release 1.4.19
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=2049783
  [ 2 ] Bug #2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks
        https://bugzilla.redhat.com/show_bug.cgi?id=2134292
  [ 3 ] Bug #2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=2170431
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux