The following Fedora EPEL 8 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-17d14b279e python-bottle-0.12.21-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
inn-2.6.5-1.el8 lagrange-1.13.6-1.el8 php-pear-CodeGen-1.0.7-24.el8 php-pear-CodeGen-PECL-1.1.3-26.el8 restic-0.13.1-1.el8
Details about builds:
================================================================================ inn-2.6.5-1.el8 (FEDORA-EPEL-2022-5ab74f467e) The InterNetNews system, an Usenet news server -------------------------------------------------------------------------------- Update Information:
* An up-to-date nocem.ctl file is provided with this release. You should manually update your nocem.ctl file with the new information recorded about NoCeM issuers, and make sure the right PGP keys are present on your system. * Up-to-date control.ctl and moderators files are provided with this release. You should manually update them (notably for the `fido7.*` hierarchy). * Added a stricter validation of article numbers given in NNTP commands so that numbers superior to 2^31 are correctly considered invalid. Thanks to Richard Kettlewell for the patch. * Added a check in `rc.news` for the existence of the **`pathrun`** directory. INN won't start until this directory is writable. Previously, it bailed out quickly after starting, without clear logs about why it failed. * Fixed parallel builds using `make -j`. Thanks to Richard Kettlewell for the patch. * `nnrpd` now properly gathers timer statistics when a compression layer is active. * `nnrpd` now properly discards data received from a news client after a timeout when a TLS layer is active. It previously tried to read incoming data before closing the socket, leading to decoding errors from an underlying compression or SASL layer. * `innfeed` and `ovdb_stat` now generate status reports in valid HTML syntax. * Fixed a bug in the buffindexed overview that prevented it from working on several systems, amongst them FreeBSD. Unsupported, and useless, permission bits were given to semaphores. * Fixed the detection of library paths at configure time: multilib directories (lib32 or lib64) are now also used if they exist, even if the system does not use multilib. It will notably fix the detection of the OpenSSL 3.0.0 library. * The **`tlscertfile`** parameter in inn.conf now permits the use of a complete certificate chain, instead of necessarily having to use **`tlscafile`** for additional certificates. * Added support for the new OpenSSL 3.0.0 API, which deprecated a few functions. * The `inn.conf` default value for **`tlsprotocols`** no longer contains TLS versions 1.0 and 1.1, which have been deprecated by RFC 8996. * A new `inn.conf` parameter has been added to tune the length of the queue of pending connections to `innd`, `nnrpd` and the `ovdb` overview storage method: the **`maxlisten`** parameter now permits configuring their listen backlog, whose previously hard-coded values were 128 for `nnrpd` and 25 for the others, which was not high enough for some uses. The default value is now 128 for all of them, and configurable in `inn.conf`. Thanks to Kevin Bowling for the patch. * The name of seven man pages for routines built in `libinn(3)` are now prefixed with `libinn_` so as not to consume namespace and conflict with other packages (notably, the `list(3)` and `uwildmat(3)` man pages are now named `libinn_list(3)` and `libinn_uwildmat(3)`). * Other minor bug fixes and documentation improvements, notably a revised installation checklist and a section summarizing the most used configuration at the beginning of a few complex man pages. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 15 2022 Dominik Mierzejewski dominik@greysector.net - 2.6.5-1 - update to 2.6.5 (#2058851) - drop obsolete patch - point to /run/news in tmpfiles.d drop-in - re-enable parallel build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2041676 - /usr/lib/tmpfiles.d/inn.conf needs to reference /run instead of /var/run https://bugzilla.redhat.com/show_bug.cgi?id=2041676 [ 2 ] Bug #2058851 - inn-2.6.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2058851 --------------------------------------------------------------------------------
================================================================================ lagrange-1.13.6-1.el8 (FEDORA-EPEL-2022-81d545e699) A Beautiful Gemini Client -------------------------------------------------------------------------------- Update Information:
###1.13.6 - Added option to split tabs evenly, excluding sidebar widths (default: no). - Fixed crash when switching view to plain text. - Fixed manually entered image URLs inadvertently opening inline. - Fixed mouse event handling in split view mode when a dialog is open on one side. The other side would not receive wheel events unless input focus was first switched over. - Fixed issues with popup menu positioning. - Fixed drawing of the widget scroll indicator when a widget doesn't fit vertically in the window. - Possible workaround for an issue with mouse hover autoscrolling on an external displays. - Don't open an endless number of bookmark creation/edit dialogs when holding down the keyboard shortcut (Ctrl+D/���D). - Percent-encode backslashes in externally opened URLs, for improved compatibility. - Custom link icons are allowed with unsupported/unrecognized protocols (i.e., Emoji at the start of link label). - Use file name as the tab/window title if the content has no headings. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 2 2022 Yizheng Xie yizhengxie@fb.com 1.13.6-1 - Update to 1.13.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2090821 - lagrange-1.13.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=2090821 --------------------------------------------------------------------------------
================================================================================ php-pear-CodeGen-1.0.7-24.el8 (FEDORA-EPEL-2022-2ebffc69d4) Framework to create code generators that operate on XML descriptions -------------------------------------------------------------------------------- Update Information:
- Updated patch to avoid warnings and errors with PHP 8.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 16 2022 Robert Scheck robert@fedoraproject.org 1.0.7-24 - Updated patch to avoid warnings and errors with PHP 8.0 * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.0.7-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ php-pear-CodeGen-PECL-1.1.3-26.el8 (FEDORA-EPEL-2022-886beeda73) Tool to generate PECL extensions from an XML description -------------------------------------------------------------------------------- Update Information:
- Updated patch to avoid warnings and errors with PHP 8.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 16 2022 Robert Scheck robert@fedoraproject.org 1.1.3-26 - Updated patch to avoid warnings and errors with PHP 8.0 * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.1.3-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ restic-0.13.1-1.el8 (FEDORA-EPEL-2022-8d638fabd8) Fast, secure, efficient backup program -------------------------------------------------------------------------------- Update Information:
- Upgrade to upstream 0.13.1 - Updated Go build dependencies to resolve #2074251, #2084694, and #2084874 -------------------------------------------------------------------------------- ChangeLog:
* Wed Jun 15 2022 Steve Miller (copart) code@rellims.com - 0.13.1-1 - Upgrade to upstream 0.13.1 - Updated Go build dependencies, resolves #2074251, #2084694, and #2084874 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2074251 - CVE-2022-27191 restic: golang: crash in a golang.org/x/crypto/ssh server [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2074251 [ 2 ] Bug #2084694 - CVE-2022-24675 restic: golang: encoding/pem: fix stack overflow in Decode [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2084694 [ 3 ] Bug #2084874 - CVE-2022-28327 restic: golang: crypto/elliptic: panic caused by oversized scalar [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2084874 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org