The following Fedora 32 Security updates need testing: Age URL 55 https://bodhi.fedoraproject.org/updates/FEDORA-2020-062e2c016b qutebrowser-1.11.1-1.fc32 17 https://bodhi.fedoraproject.org/updates/FEDORA-2020-eca8f3489f dnsmasq-2.81-4.fc32 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbf149f3b podofo-0.9.6-12.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-83d2616f81 targetcli-2.1.53-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4f4c778096 mingw-LibRaw-0.19.5-4.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-46ec9e748b python-rtslib-2.1.73-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2f88bad887 php-horde-kronolith-4.2.29-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-dfb11916cc mingw-python3-3.8.3-3.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8a15713da2 cacti-1.2.13-1.fc32 cacti-spine-1.2.13-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-fa74e15364 mbedtls-2.16.7-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-716d38e751 singularity-3.6.0-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-48653597f1 tor-0.4.3.6-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2ca6e97024 python3-3.8.4-1.fc32 python3-docs-3.8.4-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-aeea04cd13 origin-3.11.2-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cfbed9c9ff mod_authnz_pam-1.2.1-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-6584a641ae clamav-0.102.4-1.fc32
The following Fedora 32 Critical Path updates have yet to be approved: Age URL 17 https://bodhi.fedoraproject.org/updates/FEDORA-2020-eca8f3489f dnsmasq-2.81-4.fc32 15 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbe0f7b25 cpio-2.13-6.fc32 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e5226c4023 libnma-1.8.30-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2aaafc27ed libdrm-2.4.102-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2ca6e97024 python3-3.8.4-1.fc32 python3-docs-3.8.4-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-30d3ad8250 pcre2-10.35-4.fc32
The following builds have been pushed to Fedora 32 updates-testing
golang-github-klauspost-compress-1.10.10-1.fc32 gpgme-1.14.0-1.fc32 java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 ncl-6.6.2-12.fc32 paraview-5.8.0-9.fc32 perl-HTTP-Entity-Parser-0.23-1.fc32 python-dask-2.21.0-1.fc32~bootstrap python-social-auth-core-3.3.3-1.fc32 zabbix-4.0.22-1.fc32
Details about builds:
================================================================================ golang-github-klauspost-compress-1.10.10-1.fc32 (FEDORA-2020-dd3c7bf491) Optimized compression packages -------------------------------------------------------------------------------- Update Information:
* s2: Simplify mem-move * zstd: Skip entropy on random data -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Dominik Mierzejewski dominik@greysector.net - 1.10.10-1 - update to 1.10.10 (#1850299) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1850299 - golang-github-klauspost-compress-1.10.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1850299 --------------------------------------------------------------------------------
================================================================================ gpgme-1.14.0-1.fc32 (FEDORA-2020-902bd5b07a) GnuPG Made Easy - high level crypto API -------------------------------------------------------------------------------- Update Information:
Update to 1.14.0 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Igor Raits ignatenkobrain@fedoraproject.org - 1.14.0-1 - Update to 1.14.0 * Fri May 22 2020 Miro Hron��ok mhroncok@redhat.com - 1.13.1-8 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1857900 - gpgme-1.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1857900 --------------------------------------------------------------------------------
================================================================================ java-1.8.0-openjdk-1.8.0.262.b10-1.fc32 (FEDORA-2020-e418151dc3) OpenJDK Runtime Environment 8 -------------------------------------------------------------------------------- Update Information:
# July 2020 OpenJDK security update for OpenJDK 8. Full release notes: https://bitly.com/oj8u262 ## New features * [JDK-8223147](https://bugs.openjdk.java.net/browse/JDK-8223147): JFR Backport ## Security fixes - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() - JDK-8230613: Better ASCII conversions - JDK-8231800: Better listing of arrays - JDK-8232014: Expand DTD support - JDK-8233255: Better Swing Buttons - JDK-8234032: Improve basic calendar services - JDK-8234042: Better factory production of certificates - JDK-8234418: Better parsing with CertificateFactory - JDK-8234836: Improve serialization handling - JDK-8236191: Enhance OID processing - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - JDK-8237592, CVE-2020-14577: Enhance certificate verification - JDK-8238002, CVE-2020-14581: Better matrix operations - JDK-8238804: Enhance key handling process - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - JDK-8238843: Enhanced font handing - JDK-8238920, CVE-2020-14583: Better Buffer support - JDK-8238925: Enhance WAV file playback - JDK-8240119, CVE-2020-14593: Less Affine Transformations - JDK-8240482: Improved WAV file playback - JDK-8241379: Update JCEKS support - JDK-8241522: Manifest improved jar headers redux - JDK-8242136, CVE-2020-14621: Better XML namespace handling ## [JDK-8240687](https://bugs.openjdk.java.net/browse/JDK-8240687): JDK Flight Recorder Integrated to OpenJDK 8u OpenJDK 8u now contains the backport of JEP 328: Flight Recorder (https://openjdk.java.net/jeps/328) from later versions of OpenJDK. JFR is a low-overhead framework to collect and provide data helpful to troubleshoot the performance of the OpenJDK runtime and of Java applications. It consists of a new API to define custom events under the jdk.jfr namespace and a JMX interface to interact with the framework. The recording can also be initiated with the application startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces the +XX:EnableTracing feature introduced in JEP 167, providing a more efficient way to retrieve the same information. For compatibility reasons, +XX:EnableTracing is still accepted, however no data will be printed. While JFR is not built by default upstream, it is included in Fedora binaries for supported architectures (x86_64, AArch64 & PowerPC 64) ## [JDK-8205622](https://bugs.openjdk.java.net/browse/JDK-8205622): JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording JFR will be disabled with a warning message if it is enabled during CDS dumping. The user will see the following warning message: OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping if JFR is enabled during CDS dumping such as in the following command line: $ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true ## [JDK-8244167](https://bugs.openjdk.java.net/browse/JDK-8244167): Removal of Comodo Root CA Certificate The following expired Comodo root CA certificate was removed from the `cacerts` keystore: + alias name "addtrustclass1ca [jdk]" Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE ## [JDK-8244166](https://bugs.openjdk.java.net/browse/JDK-8244166): Removal of DocuSign Root CA Certificate The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: + alias name "keynectisrootca [jdk]" Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR ## [JDK-8240191](https://bugs.openjdk.java.net/browse/JDK-8240191): Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database The SunPKCS11 security provider can now be initialized with NSS when FIPS-enabled external modules are configured in the Security Modules Database (NSSDB). Prior to this change, the SunPKCS11 provider would throw a RuntimeException with the message: "FIPS flag set for non-internal module" when such a library was configured for NSS in non-FIPS mode. This change allows the JDK to work properly with recent NSS releases on GNU/Linux operating systems when the system-wide FIPS policy is turned on. Further information can be found in [JDK-8238555](https://bugs.openjdk.java.net/browse/JDK-8238555). -------------------------------------------------------------------------------- ChangeLog:
* Mon Jul 13 2020 Jiri Vanek jvanek@redhat.com - 1:1.8.0.262.b10-1 - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS * Sun Jul 12 2020 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.262.b10-0 - Update to aarch64-shenandoah-jdk8u262-b10. - Update release notes for 8u262 release. - Remove issues in NEWS file duplicated between 8u252 & 8u262 releases. - Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve. - Add the -'4curve' suffix to the tarball name. - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR - Adjust RH1648644 following context changes due to introduction of JFR packages - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Remove JDK-8244461 & JDK-8233880 backports included upstream in 8u262-b03. - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file. - Introduce jfr_arches for architectures which support JFR. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Add jfr binary to devel package and alternatives set - With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Use sa_arches for libsaproc.so inclusion. * Wed May 27 2020 Jiri Andrlik jandrlik@redhat.com - 1:1.8.0.252.b09-2 - backports of provides fixes from master --------------------------------------------------------------------------------
================================================================================ ncl-6.6.2-12.fc32 (FEDORA-2020-3d7cbc5979) NCAR Command Language and NCAR Graphics -------------------------------------------------------------------------------- Update Information:
Fix segfault reading grib files -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Orion Poplawski orion@nwra.com - 6.6.2-12 - Change link order to fix issue with gdal and g2clib (bz#1856959) * Thu Jun 25 2020 Orion Poplawski orion@cora.nwra.com - 6.6.2-11 - Rebuild for hdf5 1.10.6 * Fri Jun 5 2020 Orion Poplawski orion@nwra.com - 6.6.2-10 - Add extra needed symlinks to /usr/lib/ncarg (bz#1288083) * Thu Jun 4 2020 Orion Poplawski orion@nwra.com - 6.6.2-9 - Fix format patch * Thu May 21 2020 Sandro Mani manisandro@gmail.com - 6.6.2-8 - Rebuild (gdal) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1856959 - NCL error while trying to read GRIB2 files https://bugzilla.redhat.com/show_bug.cgi?id=1856959 --------------------------------------------------------------------------------
================================================================================ paraview-5.8.0-9.fc32 (FEDORA-2020-a68dfba673) Parallel visualization application -------------------------------------------------------------------------------- Update Information:
Enable GDAL ---- Require qt5-qtsvg for icons -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 16 2020 Orion Poplawski orion@nwra.com - 5.8.0-9 - Build with GDAL support (bz#1857498) * Fri Jul 10 2020 Orion Poplawski orion@nwra.com - 5.8.0-8 - Require qt5-qtsvg for icons * Thu Jun 25 2020 Orion Poplawski orion@cora.nwra.com - 5.8.0-7 - Rebuild for hdf5 1.10.6 * Sun Jun 21 2020 Adrian Reber adrian@lisas.de - 5.8.0-6 - Rebuilt for protobuf 3.12 * Fri Jun 19 2020 Orion Poplawski orion@nwra.com - 5.8.0-5 - Drop _python_bytecompile_extra * Sat May 30 2020 Bj��rn Esser besser82@fedoraproject.org - 5.8.0-4 - Rebuild (jsoncpp) * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 5.8.0-3 - Rebuilt for Python 3.9 * Fri May 8 2020 Bj��rn Esser besser82@fedoraproject.org - 5.8.0-2 - Rebuild (cgnslib) - Add patch to fix build with CGNS >= 4.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1857498 - [enhancement request] build paraview with gdal enabled https://bugzilla.redhat.com/show_bug.cgi?id=1857498 --------------------------------------------------------------------------------
================================================================================ perl-HTTP-Entity-Parser-0.23-1.fc32 (FEDORA-2020-c6f57bf2ce) PSGI compliant HTTP Entity Parser -------------------------------------------------------------------------------- Update Information:
-------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Ralf Cors��pius corsepiu@fedoraproject.org - 0.23-1 - Update to 0.23. --------------------------------------------------------------------------------
================================================================================ python-dask-2.21.0-1.fc32~bootstrap (FEDORA-2020-40c39c101e) Parallel PyData with Task Scheduling -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.21.0-1 - Update to latest version * Fri Jul 10 2020 Miro Hron��ok mhroncok@redhat.com - 2.20.0-2 - Add metadata for Python extras subpackages -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1858429 - python-dask-2.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1858429 --------------------------------------------------------------------------------
================================================================================ python-social-auth-core-3.3.3-1.fc32 (FEDORA-2020-5efe22d5f8) Python Social Auth is an easy to setup social authentication/registration mechanism with support for several frameworks and auth providers. -------------------------------------------------------------------------------- Update Information:
Rebuilt for version 3.3.3 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Chenxiong Qi qcxhome@gmail.com - 3.3.3-1 - Rebuilt version 3.3.3 * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 1.7.0-11 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1697076 - python-social-auth-core-3.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1697076 [ 2 ] Bug #1808664 - python-social-auth-core fails to build with Python 3.9: base64.encodestring() was removed https://bugzilla.redhat.com/show_bug.cgi?id=1808664 --------------------------------------------------------------------------------
================================================================================ zabbix-4.0.22-1.fc32 (FEDORA-2020-02cf7850ca) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information:
Update to 4.0.22 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jul 18 2020 Orion Poplawski orion@nwra.com - 1:4.0.22-1 - Update to 4.0.22 (bz#1858259) CVE-2020-15803 - Fix alert/external scripts directories * Mon Apr 20 2020 Orion Poplawski orion@nwra.com - 1:4.0.19-3 - Fix chmod/chown in scriptlet * Mon Apr 20 2020 Vit Mojzis vmojzis@redhat.com - 1:4.0.19-2 - Add SELinux subpackage * Sun Apr 19 2020 Orion Poplawski orion@nwra.com - 1:4.0.19-1 - Update to 4.0.19 - Upstream now uses jquery 3, so link to that * Thu Apr 2 2020 Bj��rn Esser besser82@fedoraproject.org - 1:4.0.16-3 - Fix string quoting for rpm >= 4.16 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1858259 - CVE-2020-15803 zabbix: stored XSS in the URL Widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1858259 --------------------------------------------------------------------------------