The following Fedora 31 Security updates need testing: Age URL 56 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fcd5fd47bd qutebrowser-1.11.1-1.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-76cf2b0f0a xen-4.12.3-3.fc31 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-218ab035b1 knot-resolver-5.1.2-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-07f0a49a9e mingw-LibRaw-0.19.5-4.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-62f2df3ca4 mailman-2.1.34-1.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0fbd043bcf php-horde-kronolith-4.2.29-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-7dddce530c cacti-1.2.13-1.fc31 cacti-spine-1.2.13-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-198fdb12a1 singularity-3.6.0-1.fc31 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5b60029fe2 mbedtls-2.16.7-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fe82e2a834 python38-3.8.4-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-45041afb19 evolution-data-server-3.34.4-2.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e30a990f5a tor-0.4.3.6-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-16741ac7ff nspr-4.26.0-1.fc31 nss-3.54.0-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-54e4356732 bashtop-0.9.24-1.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e92a61688 glibc-2.30-13.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-dd0c20d985 clamav-0.102.4-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-519516feec zabbix-4.0.22-1.fc31 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-508df53719 java-1.8.0-openjdk-1.8.0.262.b10-1.fc31 The following Fedora 31 Critical Path updates have yet to be approved: Age URL 50 https://bodhi.fedoraproject.org/updates/FEDORA-2020-03e14f6120 dracut-050-61.git20200529.fc31 35 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5ccd452c8e gnutls-3.6.14-2.fc31 17 https://bodhi.fedoraproject.org/updates/FEDORA-2020-56e5d11739 python3-3.7.8-1.fc31 python3-docs-3.7.8-1.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-76cf2b0f0a xen-4.12.3-3.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e53a8f609e net-snmp-5.8-23.fc31 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ae00b3db48 perl-Socket-2.030-1.fc31 11 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1f26a8f191 firewalld-0.7.5-2.fc31 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8a6ee2aa06 thunderbird-68.10.0-1.fc31 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-025ab83d69 pam-1.3.1-25.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-83b2ee6e63 nfs-utils-2.5.1-0.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-54c4dc151a perl-5.30.3-454.fc31 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4567712788 tar-1.32-3.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-16741ac7ff nspr-4.26.0-1.fc31 nss-3.54.0-1.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-45041afb19 evolution-data-server-3.34.4-2.fc31 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6502a12961 pcre2-10.35-4.fc31 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e92a61688 glibc-2.30-13.fc31 The following builds have been pushed to Fedora 31 updates-testing Carla-2.2.0-0.1.rc1.fc31 igt-gpu-tools-1.25-1.20200719git9b964d7.fc31 java-11-openjdk-11.0.8.10-2.fc31 kernel-5.7.9-100.fc31 plasma-applet-translator-0.4-1.fc31 python-pytest-cov-2.10.0-2.fc31 Details about builds: ================================================================================ Carla-2.2.0-0.1.rc1.fc31 (FEDORA-2020-96e2ccfb1c) Audio plugin host -------------------------------------------------------------------------------- Update Information: Update to 2.2.0-0.1.rc1 -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 19 2020 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 1:2.2.0-0.1.rc1 - Update to 2.2.0-0.1.rc1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1858532 - Carla-2.2.0-RC1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1858532 -------------------------------------------------------------------------------- ================================================================================ igt-gpu-tools-1.25-1.20200719git9b964d7.fc31 (FEDORA-2020-789e89e279) Test suite and tools for DRM drivers -------------------------------------------------------------------------------- Update Information: New git snapshot -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 19 2020 Lyude Paul <lyude@xxxxxxxxxx> - 1.25-1.20200719git9b964d7 - New git snapshot -------------------------------------------------------------------------------- ================================================================================ java-11-openjdk-11.0.8.10-2.fc31 (FEDORA-2020-93cc9c3ef2) OpenJDK Runtime Environment 11 -------------------------------------------------------------------------------- Update Information: # July 2020 OpenJDK security update for OpenJDK 11 Full release notes: https://bitly.com/openjdk1108 ## Security fixes - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233234: Better Zip Naming - JDK-8233239, CVE-2020-14562: Enhance TIFF support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238013: Enhance String writing - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling ## [JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of Comodo Root CA Certificate The following expired Comodo root CA certificate was removed from the `cacerts` keystore: + alias name "addtrustclass1ca [jdk]" Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ## [JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of DocuSign Root CA Certificate The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: + alias name "keynectisrootca [jdk]" Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ## [JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a RuntimeException with the message: "FIPS flag set for non-internal module" when such a library was configured for NSS in non-FIPS mode. This change allows the JDK to work properly with recent NSS releases in GNU/Linux operating systems when the system-wide FIPS policy is turned on. Further information can be found in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555). ## [JDK-8245077](https://bugs.openjdk.java.net/browse/JDK-8245077): Default SSLEngine Should Create in Server Role In JDK 11 and later, `javax.net.ssl.SSLEngine` by default used client mode when handshaking. As a result, the set of default enabled protocols may differ to what is expected. `SSLEngine` would usually be used in server mode. From this JDK release onwards, `SSLEngine` will default to server mode. The `javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may be used to configure the mode. ## [JDK-8242147](https://bugs.openjdk.java.net/browse/JDK-8242147): New System Properties to Configure the TLS Signature Schemes Two new System Properties are added to customize the TLS signature schemes in JDK. `jdk.tls.client.SignatureSchemes` is added for TLS client side, and `jdk.tls.server.SignatureSchemes` is added for server side. Each System Property contains a comma-separated list of supported signature scheme names specifying the signature schemes that could be used for the TLS connections. The names are described in the "Signature Schemes" section of the *Java Security Standard Algorithm Names Specification*. -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 18 2020 Severin Gehwolf <sgehwolf@xxxxxxxxxx> - 1:11.0.8.10-2 - Build static-libs-image and add resulting files via -static-libs sub-package. - Disable stripping of debug symbols for static libraries part of the -static-libs sub-package. * Mon Jul 13 2020 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:11.0.8.10-1 - Sync JDK-8247874 patch with upstream status in 11.0.9. * Mon Jul 13 2020 Jayashree Huttanagoudar <jhuttana@xxxxxxxxxx> -1:11.0.8.10-1 - Moved vendor_version_string to better place - Added a patch jdk8247874-fix_ampersand_in_vm_bug_url.patch * Mon Jul 13 2020 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:11.0.8.10-1 - Set vendor property and vendor URLs - Made urls to be preconfigured by OS * Sat Jul 11 2020 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:11.0.8.10-0 - Update to shenandoah-jdk-11.0.8+10 (GA) - Add release notes for 11.0.7 & 11.0.8 releases. - Amend release notes, removing issue actually fixed in 11.0.6. - Update release notes with last minute fix (JDK-8248505). - Drop JDK-8237396, JDK-8228407 & JDK-8243541 backports now applied upstream. - Make use of --with-extra-asflags introduced in jdk-11.0.6+1. -------------------------------------------------------------------------------- ================================================================================ kernel-5.7.9-100.fc31 (FEDORA-2020-a02630b3b5) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 5.7.9 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 17 2020 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 5.7.9-100 - Linux v5.7.9 * Wed Jul 15 2020 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - Make some killer wireless ac 1550 cards work again * Sun Jul 12 2020 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - selinux: allow reading labels before policy is loaded (rhbz 1845210) -------------------------------------------------------------------------------- ================================================================================ plasma-applet-translator-0.4-1.fc31 (FEDORA-2020-c66f66caef) Plasma 5 applet for translate-shell -------------------------------------------------------------------------------- Update Information: Update to 0.4. -------------------------------------------------------------------------------- ChangeLog: * Sun Jul 19 2020 Vasiliy Glazov <vascom2@xxxxxxxxx> - 0.4-1 - Update to 0.4 -------------------------------------------------------------------------------- ================================================================================ python-pytest-cov-2.10.0-2.fc31 (FEDORA-2020-14128f32c1) Pytest plugin for coverage reporting -------------------------------------------------------------------------------- Update Information: reverting the python2 package -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1858556 - python2 subpackage removed in stable release https://bugzilla.redhat.com/show_bug.cgi?id=1858556 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx
