Fedora EPEL 8 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0128b1edbe   chromium-122.0.6261.111-1.el8


The following builds have been pushed to Fedora EPEL 8 updates-testing

    ansible-collection-awx-awx-24.0.0-1.el8
    apptainer-1.3.0-1.el8
    baresip-3.10.1-1.el8
    keepassxc-2.7.7-2.el8
    libuev-2.4.1-1.el8
    nagios-plugins-check-updates-2.0.5-3.el8
    xorgxrdp-0.9.20-1.el8
    xrdp-0.9.25-2.el8

Details about builds:


================================================================================
 ansible-collection-awx-awx-24.0.0-1.el8 (FEDORA-EPEL-2024-6ea8b17ffd)
 Ansible modules and plugins for working with AWX
--------------------------------------------------------------------------------
Update Information:

Update to 24.0.0
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Andrew Heath <anheath@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> - 24.0.0-1
- Update to 24.0.0
--------------------------------------------------------------------------------


================================================================================
 apptainer-1.3.0-1.el8 (FEDORA-EPEL-2024-d7cc38dee9)
 Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:

Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and
CVE-2024-28180
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0
- Update to upstream 1.3.0
* Thu Feb 15 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0~rc.2
- Update to upstream 1.3.0-rc.2
* Wed Jan 10 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0~rc.1
- Update to upstream 1.3.0-rc.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2268820 - CVE-2024-28176 go-jose: resource exhaustion
        https://bugzilla.redhat.com/show_bug.cgi?id=2268820
  [ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data
        https://bugzilla.redhat.com/show_bug.cgi?id=2268854
--------------------------------------------------------------------------------


================================================================================
 baresip-3.10.1-1.el8 (FEDORA-EPEL-2024-092f7564a8)
 Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:

Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 12 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2269261 - baresip-3.10.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2269261
--------------------------------------------------------------------------------


================================================================================
 keepassxc-2.7.7-2.el8 (FEDORA-EPEL-2024-2d4801a0fb)
 Cross-platform password manager
--------------------------------------------------------------------------------
Update Information:

2.7.7 release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Germano Massullo <germano.massullo@xxxxxxxxx> - 2.7.7-2
- replaced minizip depencendy for all active branches
* Wed Mar 13 2024 Germano Massullo <germano.massullo@xxxxxxxxx> - 2.7.7-1
- 2.7.7 release
* Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.6-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan  3 2024 Jan Grulich <jgrulich@xxxxxxxxxx> - 2.7.6-6
- Rebuild (qt5)
* Mon Dec  4 2023 Lukas Javorsky <ljavorsk@xxxxxxxxxx> - 2.7.6-5
- Rebuilt for minizip-ng transition Fedora change
- Fedora Change: https://fedoraproject.org/wiki/Changes/MinizipNGTransition
* Sat Nov 18 2023 Germano Massullo <germano.massullo@xxxxxxxxx> - 2.7.6-4
- rebuild (qt5) el9-next
* Mon Oct  9 2023 Jan Grulich <jgrulich@xxxxxxxxxx> - 2.7.6-3
- Rebuild (qt5)
* Wed Sep 27 2023 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 2.7.6-2
- Build with minizip-ng for F38+
* Wed Aug 16 2023 Mikel Olasagasti Uranga <mikel@xxxxxxxxxxxxxxx> - 2.7.6-1
- Update to 2.7.6
* Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Jan Grulich <jgrulich@xxxxxxxxxx> - 2.7.5-2
- Rebuild (qt5)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2268750 - keepassxc-2.7.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2268750
--------------------------------------------------------------------------------


================================================================================
 libuev-2.4.1-1.el8 (FEDORA-EPEL-2024-d241ea2238)
 Simple event loop for Linux
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2022-48620
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 12 2024 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.4.1-1
- Update to 2.4.1
* Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Oct  4 2021 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.4.0-2
- New sources
* Mon Oct  4 2021 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.4.0-1
- New spec
* Mon Oct  4 2021 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.3.2-8
- New release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2258050 - CVE-2022-48620 libuev: buffer overflow in epoll_wait() if maxevents is a large number
        https://bugzilla.redhat.com/show_bug.cgi?id=2258050
--------------------------------------------------------------------------------


================================================================================
 nagios-plugins-check-updates-2.0.5-3.el8 (FEDORA-EPEL-2024-d2666cdedf)
 A Nagios plugin to check if Red Hat or Fedora system is up-to-date
--------------------------------------------------------------------------------
Update Information:

Update to 2.0.5
Update to 2.0.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.0.5-3
- Update to 2.0.5
--------------------------------------------------------------------------------


================================================================================
 xorgxrdp-0.9.20-1.el8 (FEDORA-EPEL-2024-f03971a604)
 Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:

Release notes for xrdp v0.9.25 (2024/03/11)
Running xrdp and xrdp-sesman on separate hosts is still supported by this
release, but is now deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix Domain Socket,
and then cross-host running will not be possible.
General announcements
This is the last v0.9.x version which is released regularly. v0.9.x will be
maintained for a while but less actively. New releases will happen only when
severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
No new security fixes in this release.
Bug fixes
Backport touchpad inertial scrolling (#2364 #2424 #2948).
New features
If the client announces support for the Image RemoteFX codec it is logged (back-
port of #2946)
Internal changes
FreeBSD CI version bumped to 13.2 from 12.4 (#2897)
Some test timeouts have been increased for slow CI machines (#2903)
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote
Desktop client but sometimes crashes on connect (#1869)
xrdp's login dialog is not relocated at the center of the new resolution after
on-the-fly resolution change happens (#1867)
General annoucements xorgxrdp 0.9.20
This is the last v0.9.x release. v0.9.x will be maintained for a while but less
actively. New releases will happen only when severe security vulnerabilities or
critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
New features
Too fast scroll mitigation
A fundamental solution for too fast scrolling issue by @seflerZ has been
backported from devel version to v0.9 (#265 #286). This fix requires xrdp
v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together.
The following former workaround added at v0.9.19 has been removed. It takes no
effect anymore.
[SessionVariables]
(some existing lines)
XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes
What's Changed
[v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286
Bump version to v0.9.20 by @metalefty in #292
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 12 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.20-1
- Bump up to 0.9.20
* Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 26 2023 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.19-7
- run autoreconf before build, to avoid problems on F39
* Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 xrdp-0.9.25-2.el8 (FEDORA-EPEL-2024-f03971a604)
 Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:

Release notes for xrdp v0.9.25 (2024/03/11)
Running xrdp and xrdp-sesman on separate hosts is still supported by this
release, but is now deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix Domain Socket,
and then cross-host running will not be possible.
General announcements
This is the last v0.9.x version which is released regularly. v0.9.x will be
maintained for a while but less actively. New releases will happen only when
severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
No new security fixes in this release.
Bug fixes
Backport touchpad inertial scrolling (#2364 #2424 #2948).
New features
If the client announces support for the Image RemoteFX codec it is logged (back-
port of #2946)
Internal changes
FreeBSD CI version bumped to 13.2 from 12.4 (#2897)
Some test timeouts have been increased for slow CI machines (#2903)
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote
Desktop client but sometimes crashes on connect (#1869)
xrdp's login dialog is not relocated at the center of the new resolution after
on-the-fly resolution change happens (#1867)
General annoucements xorgxrdp 0.9.20
This is the last v0.9.x release. v0.9.x will be maintained for a while but less
actively. New releases will happen only when severe security vulnerabilities or
critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
New features
Too fast scroll mitigation
A fundamental solution for too fast scrolling issue by @seflerZ has been
backported from devel version to v0.9 (#265 #286). This fix requires xrdp
v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together.
The following former workaround added at v0.9.19 has been removed. It takes no
effect anymore.
[SessionVariables]
(some existing lines)
XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes
What's Changed
[v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286
Bump version to v0.9.20 by @metalefty in #292
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 13 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1:0.9.25-2
- Add upstream PR 2994
* Tue Mar 12 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1:0.9.25-1
- Update to 0.9.25
* Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:0.9.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------

--
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux