The following Fedora EPEL 8 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f282573e05 et-6.2.8-2.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-6327fb701b stb-0-0.45.20240213gitae721c5.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing bgpq4-1.13-1.el8 chromium-124.0.6367.118-2.el8 tio-3.1-1.el8 zabbix6.0-6.0.29-1.el8 Details about builds: ================================================================================ bgpq4-1.13-1.el8 (FEDORA-EPEL-2024-6d23f67317) Automate BGP filter generation based on routing database information -------------------------------------------------------------------------------- Update Information: bgpq4 1.13 Fixed a bug for macOS users by removing sx_maxsockbuf() -------------------------------------------------------------------------------- ChangeLog: * Mon May 6 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.13-1 - Upgrade to 1.13 (#2278792) -------------------------------------------------------------------------------- ================================================================================ chromium-124.0.6367.118-2.el8 (FEDORA-EPEL-2024-4edaf658b7) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: update to 124.0.6367.118 High CVE-2024-4331: Use after free in Picture In Picture High CVE-2024-4368: Use after free in Dawn -------------------------------------------------------------------------------- ChangeLog: * Sun May 5 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.118-2 - fixed build errors on el8 - refreshed clean_ffmpeg.sh - added missing files for bundle ffmpeg * Wed May 1 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.118-1 - update to 124.0.6367.118 * High CVE-2024-4331: Use after free in Picture In Picture * High CVE-2024-4368: Use after free in Dawn - use system highway * Sat Apr 27 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.91-1 - update to 124.0.6367.91 - fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error) - use system dav1d * Wed Apr 24 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.78-1 - update to 124.0.6367.78 * Critical CVE-2024-4058: Type Confusion in ANGLE * High CVE-2024-4059: Out of bounds read in V8 API * High CVE-2024-4060: Use after free in Dawn * Sat Apr 20 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.60-2 - fix waylang regression * Tue Apr 16 2024 Than Ngo <than@xxxxxxxxxx> - 124.0.6367.60-1 - update to 124.0.6367.60 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2274695 - CVE-2023-49528 chromium: FFmpeg: Heap Buffer Overflow vulnerability [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2274695 [ 2 ] Bug #2275841 - CVE-2024-31578 CVE-2024-31581 CVE-2024-31582 CVE-2024-31585 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275841 [ 3 ] Bug #2276116 - CVE-2023-49501 CVE-2023-49502 CVE-2023-51791 CVE-2023-51792 CVE-2023-51793 chromium: ffmpeg: multiple vulnerabilities [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276116 [ 4 ] Bug #2276123 - CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 chromium: ffmpeg: multiple vulnerabilites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276123 [ 5 ] Bug #2276130 - CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 chromium: ffmpeg: multiple vulnerabilitites [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2276130 [ 6 ] Bug #2278765 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278765 [ 7 ] Bug #2278766 - CVE-2024-4331 chromium: chromium-browser: Use after free in Picture In Picture [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278766 [ 8 ] Bug #2278771 - CVE-2024-4368 chromium: chromium-browser: Use after free in Dawn [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2278771 -------------------------------------------------------------------------------- ================================================================================ tio-3.1-1.el8 (FEDORA-EPEL-2024-0d1d43583b) Simple TTY terminal I/O application -------------------------------------------------------------------------------- Update Information: tio v3.1 Improve --list feature on non-linux platform List available profiles in --list output Always message when saving log file Add support for using TID as device in config file Fix use of invalid flag with regexec() Fix potential buffer overflow in match_and_replace() Fix profile autocompletion Remove inih dependency from CI builds Replace use of stat() with fstat() For better security. Fix hexN output mode Update pattern matching example Fix submenu response when invalid key hit Replace inih with glib key file parser After including the use of glib we might as well replace inih with the glib key file parser. All configuraiton file parsing has been reworked and also the options parsing has been cleaned up, resulting in better and stricter configuration file and option value checks. Compared to old, configuration files now requires any default configurations to be put in a group/section named [default]. Configuration file keywords such as enable, disable, on, off, yes, no, 0, 1 have been retired. Now only true and false apply to boolean configuration options. This is done to simplify things and avoid any confusion. The pattern option feature has been reworked so now the user can now access the full match string and any matching subexpression using the%mN syntax. For example: [usb devices] pattern = usb([0-9]*) device = /dev/ttyUSB%m1 Then when using tio: $ tio usb12 %m0 = 'usb12' // Full match string %m1 = 12 // First match subexpression Which results in device = `/dev/ttyUSB12` Remove CircleCI Replaced with GitHub workflow CI. Add GitHub workflow for Ubuntu build Enable extended pattern matching So that the exclude options can also work as include using special pattern syntax. For example, to only include /dev/ttyUSB* devices simply do: $ tio --exclude- devices=!(/dev/ttyUSB*) --list See the man page of fnmatch() for all available extended pattern options. Update lua read() description Fix: add build patch for FNM_EXTMATCH Feat: add macOS workflow Fix: add macOS build patch for fs_get_creation_time tio v3.0 Simplify lua line manipulation API Collapses lua high(), low(), toggle(), config_high(), config_low(), config_apply() into one simple function: set{<line>=<state>, ...} Line can be any of DTR, RTS, CTS, DSR, CD, RI. State is high, low, or toggle. Example: script = set{DTR=high, RTS=low}; msleep(100); set{DTR=low, RTS=high}; msleep(100); set{RTS=low} Notice the use of {} instad of () when calling the set function. This is required to pass parameters by name in lua. Disable DEC Special Graphics at exit if vt100 If a vt100 terminal receives the Shift In character \016 it will enable the 7 bit DEC Special Graphics character set used for line drawing. For most users this can happen due to line noise from the tty device and will likely mess up your terminal even after tio exits. To better handle this we want to make sure that tio disables this mode by sending the Shift Out character \017 at exit. This mechanism will only activate if environment variable TERM assumes value vt100. Add hexN output mode Adds support for hexN mode where N is a number in the range 1 to 4096 which defines how many hex values will be printed before a line break. In short, it defines the width of the hex output. In this mode, if timestamps are enabled they will be added to each hex line. Rename sub-config to profile Because better naming. Use lua io.write() instead of print() io.write() gives better output control as print() is hardcoded to always print a newline. Add new ways to manage serial devices Rename --list-devices to --list Rename --no-autoconnect to --no-reconnect Switch -l and -L options -l now lists available serial devices -L enables log to file Add option --auto-connect <strategy> Supported strategies: new - Waits to connect first new appearing serial device latest - Connects to latest registered serial device direct - Connect directly to specified serial device (default) Add options to exclude serial devices from auto connect strategy by pattern Supported exclude options: --exclude-devices <pattern> Example: --exclude-devices "/dev/ttyUSB2,/dev/ttyS?" --exclude-drivers <pattern> Example: --exclude-drivers "cdc_acm" --exclude-tids <pattern> Example: --exclude-tids "yW07,bCC2" Patterns support * and ? Connect to same port/device combination via unique topology ID (TID) Topology ID is a 4 digit base62 encoded hash of a device topology string coming from the Linux kernel. This means that whenever you plug in the same e.g. USB serial port device to the same USB hub port connected via the exact same hub topology all the way to your computer, you will get the same unique TID. Useful for stable reconnections when serial device has no serial device by ID For now, only tested on Linux. Reworked and improved listing of serial devices to show serial devices: By device Including TID, uptime, driver, and description. Sorted by uptime (newest device listed last) By unique topology ID By ID By path Add script interface list = tty_search() for searching for serial devices. Clean up timestamp enum definition Add missing options to show configuration Update description of mute option Add lua read_string() function Don't forget to log output in lua expect() Generalize automatic login example for Linux Fix log output in hex output mode Add timeout based timestamps in hex output mode This change reintroduces timestamping in hex output mode but based on timeout instead of new lines which made no sense. This means that timestamps will only be printed when timeout time has elapsed with no output activity from serial device. Adds option --timestamp-timeout <ms> for setting the timeout value in milliseconds. Defaults to 200 ms. Improve switched messages Extend lua expect() to also return matched string Add automatic login script example Organize examples directory Introduce basic line input mode Cleanup global variable name shadowing Updated login example with new expect logic Reset buffer size at start of expect Return 1 when expect matches -------------------------------------------------------------------------------- ChangeLog: * Sun May 5 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.1-1 - Upgrade to 3.1 (#2277784) * Wed May 1 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.0-1 - Upgrade to 3.0 (#2277784) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2277784 - tio-3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2277784 -------------------------------------------------------------------------------- ================================================================================ zabbix6.0-6.0.29-1.el8 (FEDORA-EPEL-2024-247f7a626a) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 6.0.29 Hopefully really get the zabbix_run_sudo SELinux boolean working for zabbix- agent and allow it to run lvm when enabled -------------------------------------------------------------------------------- ChangeLog: * Fri May 3 2024 Orion Poplawski <orion@xxxxxxxx> - 6.0.29-1 - Update to 6.0.29 - Hopefully really get the zabbix_run_sudo SELinux boolean working for zabbix-agent and allow it to run lvm when enabled -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
