The following Fedora EPEL 8 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0128b1edbe chromium-122.0.6261.111-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing ansible-collection-awx-awx-24.0.0-1.el8 apptainer-1.3.0-1.el8 baresip-3.10.1-1.el8 keepassxc-2.7.7-2.el8 libuev-2.4.1-1.el8 nagios-plugins-check-updates-2.0.5-3.el8 xorgxrdp-0.9.20-1.el8 xrdp-0.9.25-2.el8 Details about builds: ================================================================================ ansible-collection-awx-awx-24.0.0-1.el8 (FEDORA-EPEL-2024-6ea8b17ffd) Ansible modules and plugins for working with AWX -------------------------------------------------------------------------------- Update Information: Update to 24.0.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Andrew Heath <anheath@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> - 24.0.0-1 - Update to 24.0.0 -------------------------------------------------------------------------------- ================================================================================ apptainer-1.3.0-1.el8 (FEDORA-EPEL-2024-d7cc38dee9) Application and environment virtualization formerly known as Singularity -------------------------------------------------------------------------------- Update Information: Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0 - Update to upstream 1.3.0 * Thu Feb 15 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0~rc.2 - Update to upstream 1.3.0-rc.2 * Wed Jan 10 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0~rc.1 - Update to upstream 1.3.0-rc.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268820 - CVE-2024-28176 go-jose: resource exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2268820 [ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data https://bugzilla.redhat.com/show_bug.cgi?id=2268854 -------------------------------------------------------------------------------- ================================================================================ baresip-3.10.1-1.el8 (FEDORA-EPEL-2024-092f7564a8) Modular SIP user-agent with audio and video support -------------------------------------------------------------------------------- Update Information: Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954 aureceiver: fix mtx_unlock on discard -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.1-1 - Upgrade to 3.10.1 (#2269261) * Mon Mar 11 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.0-2 - Added upstream patch to fix mtx_unlock on discard in aureceiver -------------------------------------------------------------------------------- References: [ 1 ] Bug #2269261 - baresip-3.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2269261 -------------------------------------------------------------------------------- ================================================================================ keepassxc-2.7.7-2.el8 (FEDORA-EPEL-2024-2d4801a0fb) Cross-platform password manager -------------------------------------------------------------------------------- Update Information: 2.7.7 release -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Germano Massullo <germano.massullo@xxxxxxxxx> - 2.7.7-2 - replaced minizip depencendy for all active branches * Wed Mar 13 2024 Germano Massullo <germano.massullo@xxxxxxxxx> - 2.7.7-1 - 2.7.7 release * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.6-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.6-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jan 3 2024 Jan Grulich <jgrulich@xxxxxxxxxx> - 2.7.6-6 - Rebuild (qt5) * Mon Dec 4 2023 Lukas Javorsky <ljavorsk@xxxxxxxxxx> - 2.7.6-5 - Rebuilt for minizip-ng transition Fedora change - Fedora Change: https://fedoraproject.org/wiki/Changes/MinizipNGTransition * Sat Nov 18 2023 Germano Massullo <germano.massullo@xxxxxxxxx> - 2.7.6-4 - rebuild (qt5) el9-next * Mon Oct 9 2023 Jan Grulich <jgrulich@xxxxxxxxxx> - 2.7.6-3 - Rebuild (qt5) * Wed Sep 27 2023 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 2.7.6-2 - Build with minizip-ng for F38+ * Wed Aug 16 2023 Mikel Olasagasti Uranga <mikel@xxxxxxxxxxxxxxx> - 2.7.6-1 - Update to 2.7.6 * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.7.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jun 14 2023 Jan Grulich <jgrulich@xxxxxxxxxx> - 2.7.5-2 - Rebuild (qt5) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268750 - keepassxc-2.7.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268750 -------------------------------------------------------------------------------- ================================================================================ libuev-2.4.1-1.el8 (FEDORA-EPEL-2024-d241ea2238) Simple event loop for Linux -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2022-48620 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.4.1-1 - Update to 2.4.1 * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Mon Oct 4 2021 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.4.0-2 - New sources * Mon Oct 4 2021 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.4.0-1 - New spec * Mon Oct 4 2021 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.3.2-8 - New release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2258050 - CVE-2022-48620 libuev: buffer overflow in epoll_wait() if maxevents is a large number https://bugzilla.redhat.com/show_bug.cgi?id=2258050 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-check-updates-2.0.5-3.el8 (FEDORA-EPEL-2024-d2666cdedf) A Nagios plugin to check if Red Hat or Fedora system is up-to-date -------------------------------------------------------------------------------- Update Information: Update to 2.0.5 Update to 2.0.5 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Alessio <alciregi@xxxxxxxxxxxxxxxxx> - 2.0.5-3 - Update to 2.0.5 -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.9.20-1.el8 (FEDORA-EPEL-2024-f03971a604) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.25 (2024/03/11) Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. General announcements This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. Security fixes No new security fixes in this release. Bug fixes Backport touchpad inertial scrolling (#2364 #2424 #2948). New features If the client announces support for the Image RemoteFX codec it is logged (back- port of #2946) Internal changes FreeBSD CI version bumped to 13.2 from 12.4 (#2897) Some test timeouts have been increased for slow CI machines (#2903) Known issues On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869) xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867) General annoucements xorgxrdp 0.9.20 This is the last v0.9.x release. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. New features Too fast scroll mitigation A fundamental solution for too fast scrolling issue by @seflerZ has been backported from devel version to v0.9 (#265 #286). This fix requires xrdp v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together. The following former workaround added at v0.9.19 has been removed. It takes no effect anymore. [SessionVariables] (some existing lines) XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes What's Changed [v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286 Bump version to v0.9.20 by @metalefty in #292 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.20-1 - Bump up to 0.9.20 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 26 2023 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.19-7 - run autoreconf before build, to avoid problems on F39 * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.25-2.el8 (FEDORA-EPEL-2024-f03971a604) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.25 (2024/03/11) Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. General announcements This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. Security fixes No new security fixes in this release. Bug fixes Backport touchpad inertial scrolling (#2364 #2424 #2948). New features If the client announces support for the Image RemoteFX codec it is logged (back- port of #2946) Internal changes FreeBSD CI version bumped to 13.2 from 12.4 (#2897) Some test timeouts have been increased for slow CI machines (#2903) Known issues On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869) xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867) General annoucements xorgxrdp 0.9.20 This is the last v0.9.x release. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. New features Too fast scroll mitigation A fundamental solution for too fast scrolling issue by @seflerZ has been backported from devel version to v0.9 (#265 #286). This fix requires xrdp v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together. The following former workaround added at v0.9.19 has been removed. It takes no effect anymore. [SessionVariables] (some existing lines) XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes What's Changed [v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286 Bump version to v0.9.20 by @metalefty in #292 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1:0.9.25-2 - Add upstream PR 2994 * Tue Mar 12 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1:0.9.25-1 - Update to 0.9.25 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:0.9.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
