The following Fedora 33 Security updates need testing: Age URL 192 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c shim-15.4-1 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c24b515a72 firefox-93.0-2.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5a9c85737 flatpak-1.10.5-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-45b7585d65 watchdog-5.16-2.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7f5a82ef57 libzapojit-0.0.3-19.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-84f4cf3244 vim-8.2.3512-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cbad295a90 nodejs-14.18.1-1.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b2c6765a41 thunderbird-91.2.0-1.fc33 The following Fedora 33 Critical Path updates have yet to be approved: Age URL 211 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb PackageKit-1.2.3-1.fc33 146 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3 abrt-2.14.6-1.fc33 libreport-2.15.1-1.fc33 satyr-0.37-2.fc33 62 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4ccf3840ed gnome-shell-3.38.6-1.fc33 mutter-3.38.6-1.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-50faf017ce bc-1.07.1-14.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c24b515a72 firefox-93.0-2.fc33 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3b48e0d8cb tzdata-2021c-1.fc33 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-5d0f71681e btrfs-progs-5.14.2-1.fc33 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-269ba2a5f1 perl-Encode-3.08-461.fc33 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-edc35b2812 koji-1.26.1-1.fc33 6 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c5a9c85737 flatpak-1.10.5-1.fc33 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-54093e2d55 gdb-10.2-4.fc33 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b2c6765a41 thunderbird-91.2.0-1.fc33 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7ab8c17662 kernel-5.14.13-100.fc33 The following builds have been pushed to Fedora 33 updates-testing dialect-1.4.1-1.fc33 freeradius-3.0.21-10.fc33 gsequencer-3.12.3-0.fc33 ibus-m17n-1.4.8-1.fc33 ipv6calc-4.0.0-62.fc33 java-1.8.0-openjdk-1.8.0.312.b07-1.fc33 java-11-openjdk-11.0.13.0.8-1.fc33 kicad-5.1.10-8.fc33 pdftk-java-3.3.1-1.fc33 php-7.4.25-1.fc33 python-absl-py-0.15.0-1.fc33 rabbitmq-server-3.8.23-1.fc33 setroubleshoot-plugins-3.3.14-1.1.fc33 terminology-1.10.0-1.fc33 Details about builds: ================================================================================ dialect-1.4.1-1.fc33 (FEDORA-2021-1d017aedf1) A translation app for GNOME based on Google Translate -------------------------------------------------------------------------------- Update Information: Updating to 1.4.1 ---- Updating to 1.4.0 (Fix #2015384) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2021 Lyes Saadi <fedora@xxxxxxx> - 1.4.1-1 - Updating to 1.4.1 * Tue Oct 19 2021 Lyes Saadi <fedora@xxxxxxx> - 1.4.0-1 - Updating to 1.4.0 (Fix #2015384) * Wed Jul 21 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2015384 - dialect-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2015384 -------------------------------------------------------------------------------- ================================================================================ freeradius-3.0.21-10.fc33 (FEDORA-2021-7a3f45cad8) High-performance and highly configurable free RADIUS server -------------------------------------------------------------------------------- Update Information: Allow to connect to partially open LDAP handle -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2021 Antonio Torres <antorres@xxxxxxxxxx> - 3.0.21-10 - Allow to connect to partially open LDAP handle Related: rhbz#1983063 * Thu Jul 15 2021 Antonio Torres <antorres@xxxxxxxxxx> - 3.0.21-9 - Fix coredump not being able to be enabled -------------------------------------------------------------------------------- References: [ 1 ] Bug #1983063 - freeradius ldap module fails to load (tls related) https://bugzilla.redhat.com/show_bug.cgi?id=1983063 -------------------------------------------------------------------------------- ================================================================================ gsequencer-3.12.3-0.fc33 (FEDORA-2021-6a8b339bb2) Audio processing engine -------------------------------------------------------------------------------- Update Information: updated Source to point to new minor version directory ---- updated Source to point to new minor version directory -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ ibus-m17n-1.4.8-1.fc33 (FEDORA-2021-bc466e3175) The M17N engine for IBus platform -------------------------------------------------------------------------------- Update Information: Update to 1.4.8 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2021 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.4.8-1 - Update to 1.4.8 - Remove gnome-common requirement and re-write autogen.sh (by Parag Nemade) (Resolves: https://github.com/ibus/ibus-m17n/pull/37) - Translation update from Weblate for Sinhala * Tue Oct 19 2021 Parag Nemade <pnemade AT redhat DOT com> - 1.4.7-2 - Remove BR: gnome-common and pkgconfig as it is not needed for released tarball -------------------------------------------------------------------------------- ================================================================================ ipv6calc-4.0.0-62.fc33 (FEDORA-2021-979f8d8385) IPv6 address format change and calculation utility -------------------------------------------------------------------------------- Update Information: Final release 4.0.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2021 Peter Bieringer <pb@xxxxxxxxxxxx> - 4.0.0-62 - Final release 4.0.0 -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.312.b07-1.fc33 (FEDORA-2021-1cc8ffd122) OpenJDK 8 Runtime Environment -------------------------------------------------------------------------------- Update Information: # New in release OpenJDK 8u312 (2021-10-19): Live versions of these release notes can be found at: * https://bitly.com/openjdk8u312 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt ## Security fixes * JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 * JDK-8161016: Strange behavior of URLConnection with proxy * JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference * JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close * JDK-8263314: Enhance XML Dsig modes * JDK-8265167, CVE-2021-35556: Richer Text Editors * JDK-8265574: Improve handling of sheets * JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit * JDK-8265776: Improve Stream handling for SSL * JDK-8266097, CVE-2021-35561: Better hashing support * JDK-8266103: Better specified spec values * JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization ## Major Changes - [JDK-8164200](https://bugs.openjdk.java.net/browse/JDK-8164200): Modified HttpURLConnection behavior when no suitable proxy is found - [JDK-8219551](https://bugs.openjdk.java.net/browse/JDK-8219551): Updated the Default Enabled Cipher Suites Preference ## FIPS Mode Changes - FIPS mode detection now takes place via a call to the NSS library - The `SunPKCS11` provider in FIPS mode will now eagerly login to the NSS software token on initialisation - `keytool` in FIPS mode now supports importing plain private keys by the provider adding them to the NSS database. This can be disabled using `-Dcom.redhat.fips.plainKeySupport=false`. -------------------------------------------------------------------------------- ChangeLog: * Fri Oct 15 2021 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:1.8.0.312.b07-1 - Update to aarch64-shenandoah-jdk8u312-b07 (GA) - Update release notes for 8u312-b07. - Remove "-clean" suffix as no 8u312 builds are unclean. - Port FIPS system detection support to OpenJDK 8u - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Reduce disk footprint by removing build artifacts by default. * Thu Oct 7 2021 Martin Balao <mbalao@xxxxxxxxxx> - 1:1.8.0.312.b07-1 - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. - Add patch to login to the NSS software token when in FIPS mode. - Add patch to allow plain key import. -------------------------------------------------------------------------------- ================================================================================ java-11-openjdk-11.0.13.0.8-1.fc33 (FEDORA-2021-9a51a6f8b1) OpenJDK 11 Runtime Environment -------------------------------------------------------------------------------- Update Information: # New in release OpenJDK 11.0.13 (2021-10-19): Live versions of these release notes can be found at: * https://bitly.com/openjdk11013 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt ## Security fixes - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization ## Major Changes * [JDK-8271434](https://bugs.openjdk.java.net/browse/JDK-8271434): Removed IdenTrust Root Certificate * [JDK-8261922](https://bugs.openjdk.java.net/browse/JDK-8261922): Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280 * [JDK-8210799](https://bugs.openjdk.java.net/browse/JDK-8210799): ChaCha20 and Poly1305 TLS Cipher Suites * [JDK-8219551](https://bugs.openjdk.java.net/browse/JDK-8219551): Updated the Default Enabled Cipher Suites Preference -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 13 2021 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:11.0.13.0.8-1 - Update to jdk-11.0.12.0+8 - Update release notes to 11.0.12.0+8 - Update tarball generation script to use git following OpenJDK 11u's move to github - Remove "-clean" suffix as no 11.0.13 builds are unclean. - Drop JDK-8269668 patch which is now applied upstream. - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc. - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Restructure the build so a minimal initial build is then used for the final build (with docs) - This reduces pressure on the system JDK and ensures the JDK being built can do a full build * Tue Oct 5 2021 Martin Balao <mbalao@xxxxxxxxxx> - 1:11.0.13.0.8-1 - Add patch to login to the NSS software token when in FIPS mode. - Add patch to allow plain key import. * Thu Sep 2 2021 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:11.0.13.0.8-1 - Added posttrans hook which persist sanity of dir->symlink change in case of update from ancient versions - Minor cosmetic improvements to make spec more comparable between variants -------------------------------------------------------------------------------- ================================================================================ kicad-5.1.10-8.fc33 (FEDORA-2021-f4fc143e73) EDA software suite for creation of schematic diagrams and PCBs -------------------------------------------------------------------------------- Update Information: URL no longer valid -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2021 Steven A. Falco <stevenfalco@xxxxxxxxx> - 1:5.1.10-8 - URL no longer valid * Tue Sep 14 2021 Sahana Prasad <sahana@xxxxxxxxxx> - 1:5.1.10-7 - Rebuilt with OpenSSL 3.0.0 -------------------------------------------------------------------------------- ================================================================================ pdftk-java-3.3.1-1.fc33 (FEDORA-2021-5b239955d2) GCJ-free toolkit for manipulating PDF documents -------------------------------------------------------------------------------- Update Information: If PDF is electronic paper, then pdftk-java is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses. PDFtk is a simple tool for doing everyday things with PDF documents: Merge PDF documents, split PDF pages into a new document, decrypt input as necessary (password required), encrypt output as desired, burst a PDF document into single pages, report on PDF metrics, including metadata and bookmarks, uncompress and re-compress page streams, and repair corrupted PDF (where possible). Pdftk-java is a port of the original GCJ-based PDFtk to Java. The GNU Compiler for Java (GCJ) is a portable, optimizing, ahead-of-time compiler for the Java programming language, which had no new developments since 2009 and was finally removed in 2016 from the GCC development tree before the release of GCC 7. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #2000976 - Review Request: pdftk-java - GCJ-free toolkit for manipulating PDF documents https://bugzilla.redhat.com/show_bug.cgi?id=2000976 -------------------------------------------------------------------------------- ================================================================================ php-7.4.25-1.fc33 (FEDORA-2021-4140b54de2) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 7.4.25** (21 Oct 2021) **DOM:** * Fixed bug php#81433 (DOMElement::setIdAttribute() called twice may remove ID). (Viktor Volkov) **FFI:** * Fixed bug php#79576 ("TYPE *" shows unhelpful message when type is not defined). (Dmitry) **Fileinfo:** * Fixed bug php#78987 (High memory usage during encoding detection). (Anatol) **Filter:** * Fixed bug php#61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing). (cmb, Nikita) **FPM:** * Fixed bug php#81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (**CVE-2021-21703**). (Jakub Zelenka) **SPL:** * Fixed bug php#80663 (Recursive SplFixedArray::setSize() may cause double-free). (cmb, Nikita, Tyson Andre) **Streams:** * Fixed bug php#81475 (stream_isatty emits warning with attached stream wrapper). (cmb) **XML:** * Fixed bug php#70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace). (Aliaksandr Bystry, cmb) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2021 Remi Collet <remi@xxxxxxxxxxxx> - 7.4.25-1 - Update to 7.4.25 - http://www.php.net/releases/7_4_24.php -------------------------------------------------------------------------------- ================================================================================ python-absl-py-0.15.0-1.fc33 (FEDORA-2021-ce7e2804d2) Abseil Python Common Libraries -------------------------------------------------------------------------------- Update Information: Update to 0.15.0; add Provides for python3-absl Upstream changes are generally in the test suite or for Bazel users -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 19 2021 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> 0.15.0-1 - Update to 0.15.0; add Provides for python3-absl -------------------------------------------------------------------------------- References: [ 1 ] Bug #2015709 - python-absl-py-0.15.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2015709 -------------------------------------------------------------------------------- ================================================================================ rabbitmq-server-3.8.23-1.fc33 (FEDORA-2021-542d4065d9) The RabbitMQ server -------------------------------------------------------------------------------- Update Information: RabbitMQ ver. 3.8.23 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2021 Peter Lemenkov <lemenkov@xxxxxxxxx> - 3.8.23-1 - Ver. 3.8.23 -------------------------------------------------------------------------------- ================================================================================ setroubleshoot-plugins-3.3.14-1.1.fc33 (FEDORA-2021-c10fca5b33) Analysis plugins for use with setroubleshoot -------------------------------------------------------------------------------- Update Information: - Update translations -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2021 Vit Mojzis <vmojzis@xxxxxxxxxx> - 3.3.14-1.1 - Update translations -------------------------------------------------------------------------------- ================================================================================ terminology-1.10.0-1.fc33 (FEDORA-2021-d247de9b58) EFL based terminal emulator -------------------------------------------------------------------------------- Update Information: - Upstream update to 1.10.0 - Fixes RHBZ #1917603 - terminology-1.10.0 is available - Remove BuildRequired elementary-devel because it is merged into efl- devel -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2021 Ding-Yi Chen <dchen@xxxxxxxxxx> - 1.10.0-1 - Upstream update to 1.10.0 - Fixes RHBZ #1917603 - terminology-1.10.0 is available - Remove BuildRequired elementary-devel because it is merged into efl-devel * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 25 2021 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 1.9.0-1 - update to 1.9.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1917603 - terminology-1.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1917603 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/test@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
