The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1b4c7ee66c knot-resolver-5.5.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
apptainer-1.1.0-1.el7
dkms-3.0.7-1.el7
haproxy18-1.8.27-3.el7
mock-core-configs-36.13-1.el7
Details about builds:
================================================================================
apptainer-1.1.0-1.el7 (FEDORA-EPEL-2022-f501a536dd)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.0 ---- Update to upstream 1.1.0-rc.3 ---- update to upstream
1.1.0-rc.2 ---- Update to 1.1.0~rc.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0
- Update to upstream 1.1.0. Uncomment the requiring of fuse2fs on el7.
* Tue Sep 6 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0-rc.3
- Update to upstream 1.1.0~rc.3. Uncomment setting squashfuse_version and
the requiring of fuse2fs on el7.
* Wed Aug 17 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0~rc.2
- Update to upstream 1.1.0~rc.2. Remove customizations put into
1.1.0-rc.1 packaging except for f35 inclusion of golang source.
* Tue Aug 2 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0~rc.1
- Update to upstream 1.1.0~rc.1
- Require fuse2fs package on el7
- Require fuse-overlayfs everywhere for cases that kernel overlayfs
does not support
- Add patch for 32-bit compilation
* Wed Jul 6 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.3
- Update to upstream 1.0.3
* Tue May 10 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.2
- Update to upstream 1.0.2
* Wed Mar 16 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.1
- Update to upstream 1.0.1
- Remove patch from pr 299, not needed anymore
* Thu Mar 3 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.0
- Initial release from upstream 1.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130297 - apptainer-1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2130297
--------------------------------------------------------------------------------
================================================================================
dkms-3.0.7-1.el7 (FEDORA-EPEL-2022-871a539ebd)
Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 3.0.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Simone Caronni <negativo17(a)gmail.com> - 3.0.7-1
- Update to 3.0.7.
--------------------------------------------------------------------------------
================================================================================
haproxy18-1.8.27-3.el7 (FEDORA-EPEL-2022-c55b6f81ff)
HAProxy reverse proxy for high availability environments
--------------------------------------------------------------------------------
Update Information:
* Backport from 1.8.27-5: Add configuration directory and update systemd unit
file (#1943869)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 28 2022 Robert Scheck <robert(a)fedoraproject.org> 1.8.27-3
- Backport from 1.8.27-5: Add configuration directory and update
systemd unit file (#1943869)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1943869 - Provide e.g. /etc/haproxy/conf.d directory and use it in haproxy.service
https://bugzilla.redhat.com/show_bug.cgi?id=1943869
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-36.13-1.el7 (FEDORA-EPEL-2022-aa41598a0e)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- add openEuler 20.03 (yikunkero(a)gmail.com) - Adding support Oracle Linux 9 in
mock (a.samets(a)gmail.com) - change license to spdx (msuchy(a)redhat.com) - Update
to AlmaLinux Quay.io repo (srbala(a)gmail.com) - Add openEuler 22.03 support
(yikunkero(a)gmail.com) - Do not expose the EPEL Koji repo when we are on EPEL
Next (miro(a)hroncok.cz) - EL7 yum can't even install the EL9 chroot
(praiskup(a)redhat.com)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Pavel Raiskup <praiskup(a)redhat.com> 36.13-1
- add openEuler 20.03 (yikunkero(a)gmail.com)
- Adding support Oracle Linux 9 in mock (a.samets(a)gmail.com)
- change license to spdx (msuchy(a)redhat.com)
- Update to AlmaLinux Quay.io repo (srbala(a)gmail.com)
- Add openEuler 22.03 support (yikunkero(a)gmail.com)
- Do not expose the EPEL Koji repo when we are on EPEL Next (miro(a)hroncok.cz)
- EL7 yum can't even install the EL9 chroot (praiskup(a)redhat.com)
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4c26d6c15b knot-resolver-5.5.3-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-9f67252d52 chromium-105.0.5195.125-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ImageMagick-6.9.12.64-1.el8
apptainer-1.1.0-1.el8
dkms-3.0.7-1.el8
fennel-1.2.0-1.el8
mock-core-configs-37.8-1.el8
openbabel-3.1.1-14.el8
openssl3-3.0.1-41.el8.1
python-dnslib-0.9.21-1.el8
Details about builds:
================================================================================
ImageMagick-6.9.12.64-1.el8 (FEDORA-EPEL-2022-63f85dcc14)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Update ImageMagick to 6.9.12.64 (#2129597)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 S��rgio Basto <sergio(a)serjux.com> - 1:6.9.12.64-1
- Update ImageMagick to 6.9.12.64 (#2129597)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129597 - ImageMagick-6.9.12.64 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2129597
--------------------------------------------------------------------------------
================================================================================
apptainer-1.1.0-1.el8 (FEDORA-EPEL-2022-531e44bc7e)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.0 ---- Update to upstream 1.1.0-rc.3 ---- update to upstream
1.1.0-rc.2 ---- Update to 1.1.0~rc.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0
- Update to upstream 1.1.0. Uncomment the requiring of fuse2fs on el7.
* Tue Sep 6 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0-rc.3
- Update to upstream 1.1.0~rc.3. Uncomment setting squashfuse_version and
the requiring of fuse2fs on el7.
* Wed Aug 17 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0~rc.2
- Update to upstream 1.1.0~rc.2. Remove customizations put into
1.1.0-rc.1 packaging except for f35 inclusion of golang source.
* Tue Aug 2 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.1.0~rc.1
- Update to upstream 1.1.0~rc.1
- Require fuse2fs package on el7
- Require fuse-overlayfs everywhere for cases that kernel overlayfs
does not support
- Add patch for 32-bit compilation
* Wed Jul 6 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.3
- Update to upstream 1.0.3
* Tue May 10 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.2
- Update to upstream 1.0.2
* Wed Mar 16 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.1
- Update to upstream 1.0.1
- Remove patch from pr 299, not needed anymore
* Thu Mar 3 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.0.0
- Initial release from upstream 1.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130297 - apptainer-1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2130297
--------------------------------------------------------------------------------
================================================================================
dkms-3.0.7-1.el8 (FEDORA-EPEL-2022-c39424ac9e)
Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 3.0.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Simone Caronni <negativo17(a)gmail.com> - 3.0.7-1
- Update to 3.0.7.
* Tue Aug 9 2022 Simone Caronni <negativo17(a)gmail.com> - 3.0.6-2
- Adjust kernel devel subpackage requirements.
--------------------------------------------------------------------------------
================================================================================
fennel-1.2.0-1.el8 (FEDORA-EPEL-2022-4d9bf21fc5)
A Lisp that compiles to Lua
--------------------------------------------------------------------------------
Update Information:
## New Forms - Add `fcollect` macro for range ���comprehension��� ## New Features -
Make `include` splice modules in where they���re used instead of at the top - Add
`ast-source` function to API to get file/line info from AST nodes - Show errors
using terminal control codes instead of arrow indicator - Parser now includes
column information (byte-based) in AST nodes - For greater consistency, add
&into/&until to certain looping constructs ## Bug Fixes - Duplicate table keys
no longer crash the compiler - Don���t print stack trace for compiler errors in
built-in macros - Fix an issue with native modules in `--compile-binary` -
Improve argument handling so unused arguments get passed on to script - Fix a
bug where macros modifying table literals would emit incorrect output - Fix a
bug in the REPL where parser errors display the error message as `nil` - Fix a
bug when nil were emitted by unquote in a macro, and the macro was not compiled
correctly because the resulting list length was calculated incorrectly - Fix a
REPL bug where `,doc m.foo` did not resolve multisym to macro for macro modules
loaded as macro table via `(import-macros m :my.macro.module)`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 1.2.0-1
- Update to 1.2.0
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 1.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2121958 - fennel-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2121958
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-37.8-1.el8 (FEDORA-EPEL-2022-16891c41d0)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- openEuler 22.03 configs added (yikunkero(a)gmail.com) - openEuler 20.03 configs
added (yikunkero(a)gmail.com) - Oracle Linux 9 configs added (a.samets(a)gmail.com)
- change license to spdx (msuchy(a)redhat.com) - Update to AlmaLinux Quay.io repo
(srbala(a)gmail.com) - EPEL Koji repo not exposed when we are on EPEL Next
(miro(a)hroncok.cz)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Pavel Raiskup <praiskup(a)redhat.com> 37.8-1
- openEuler 22.03 configs added (yikunkero(a)gmail.com)
- openEuler 20.03 configs added (yikunkero(a)gmail.com)
- Oracle Linux 9 configs added (a.samets(a)gmail.com)
- change license to spdx (msuchy(a)redhat.com)
- Update to AlmaLinux Quay.io repo (srbala(a)gmail.com)
- EPEL Koji repo not exposed when we are on EPEL Next (miro(a)hroncok.cz)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129571 - RFE - add oraclelinux-9 configuration to mock-core-configs
https://bugzilla.redhat.com/show_bug.cgi?id=2129571
--------------------------------------------------------------------------------
================================================================================
openbabel-3.1.1-14.el8 (FEDORA-EPEL-2022-6ad4f1fee1)
Chemistry software file format converter
--------------------------------------------------------------------------------
Update Information:
- New packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-14
- Fix EPEL builds
* Tue Sep 27 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-13
- New rebuild
* Sun Aug 7 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-12
- Add profile file openbabel3.sh (rhbz#2112710)
* Thu Aug 4 2022 Scott Talbert <swt(a)techie.net> - 3.1.1-11
- Rebuild with wxWidgets 3.2
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 3.1.1-9
- Patched for rhbz#2105259
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 3.1.1-8
- Rebuilt for Python 3.11
* Mon May 30 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.1.1-7
- Perl 5.36 rebuild
* Thu Jan 27 2022 V��t Ondruch <vondruch(a)redhat.com> - 3.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.1
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openssl3-3.0.1-41.el8.1 (FEDORA-EPEL-2022-3bebee4625)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Sync with CentOS Stream 9's openssl to pick up CVE fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 3.0.1-41.1
- Merge c9s openssl changes to pick up CVE fixes
* Thu Aug 11 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-41
- Zeroize public keys as required by FIPS 140-3
Related: rhbz#2102542
- Add FIPS indicator for HKDF
Related: rhbz#2114772
* Fri Aug 5 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-40
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
Related: rhbz#2102536
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
Related: rhbz#2102537
- Use signature for RSA pairwise test according FIPS-140-3 requirements
Related: rhbz#2102540
- Reseed all the parent DRBGs in chain on reseeding a DRBG
Related: rhbz#2102541
* Mon Aug 1 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-39
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
- Use Use digest_sign & digest_verify in FIPS signature self test
- Use FFDHE2048 in Diffie-Hellman FIPS self-test
Resolves: rhbz#2102535
* Thu Jul 14 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-38
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
initialized.
Resolves: rhbz#2103289
- Improve AES-GCM performance on Power9 and Power10 ppc64le
Resolves: rhbz#2051312
- Improve ChaCha20 performance on Power10 ppc64le
Resolves: rhbz#2051312
* Tue Jul 5 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-37
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
Resolves: CVE-2022-2097
* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-36
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
- Related: rhbz#2085088
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available if key length is enough
- Related: rhbz#2053289
- Improve diagnostics when passing unsupported groups in TLS
- Related: rhbz#2070197
- Fix PPC64 Montgomery multiplication bug
- Related: rhbz#2098199
- Strict certificates validation shouldn't allow explicit EC parameters
- Related: rhbz#2058663
- CVE-2022-2068: the c_rehash script allows command injection
- Related: rhbz#2098277
* Wed Jun 8 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-35
- Add explicit indicators for signatures in FIPS mode and mark signature
primitives as unapproved.
Resolves: rhbz#2087147
* Fri Jun 3 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-34
- Some OpenSSL test certificates are expired, updating
- Resolves: rhbz#2092456
* Thu May 26 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-33
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
- Resolves: rhbz#2089444
- CVE-2022-1343 openssl: Signer certificate verification returned
inaccurate response when using OCSP_NOCHECKS
- Resolves: rhbz#2087911
- CVE-2022-1292 openssl: c_rehash script allows command injection
- Resolves: rhbz#2090362
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
Related: rhbz#2087147
- Use KAT for ECDSA signature tests, s390 arch
- Resolves: rhbz#2069235
* Thu May 19 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-32
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
- Resolves: rhbz#2083240
- Ciphersuites with RSA KX should be filterd in FIPS mode
- Related: rhbz#2085088
- In FIPS mode, signature verification works with keys of arbitrary size
above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
below 2048 bits
- Resolves: rhbz#2077884
* Wed May 18 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-31
- Disable SHA-1 signature verification in FIPS mode
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
Resolves: rhbz#2087147
* Mon May 16 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-30
- Use KAT for ECDSA signature tests
- Resolves: rhbz#2069235
* Thu May 12 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-29
- `-config` argument of openssl app should work properly in FIPS mode
- Resolves: rhbz#2083274
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
- Resolves: rhbz#2063947
* Fri May 6 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-28
- OpenSSL should not accept custom elliptic curve parameters
- Resolves rhbz#2066412
- OpenSSL should not accept explicit curve parameters in FIPS mode
- Resolves rhbz#2058663
* Fri May 6 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-27
- Change FIPS module version to include hash of specfile, patches and sources
Resolves: rhbz#2070550
* Thu May 5 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-26
- OpenSSL FIPS module should not build in non-approved algorithms
- Resolves: rhbz#2081378
* Mon May 2 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-25
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available
- Resolves: rhbz#2053289
* Thu Apr 28 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-24
- Fix regression in evp_pkey_name2type caused by tr_TR locale fix
Resolves: rhbz#2071631
* Wed Apr 20 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-23
- Fix openssl curl error with LANG=tr_TR.utf8
- Resolves: rhbz#2071631
* Mon Mar 28 2022 Dmitry Belyavskiy <dbelyavs(a)redhat.com> - 1:3.0.1-22
- FIPS provider should block RSA encryption for key transport
- Resolves: rhbz#2053289
* Tue Mar 22 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-21
- Fix occasional internal error in TLS when DHE is used
- Resolves: rhbz#2004915
* Fri Mar 18 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-20
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
no OpenSSL library context is set
- Resolves: rhbz#2065400
* Fri Mar 18 2022 Clemens Lang <cllang(a)redhat.com> - 1:3.0.1-19
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
- Resolves: rhbz#2065400
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2089472 - CVE-2022-1343 openssl3: openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2089472
[ 2 ] Bug #2095814 - CVE-2022-1292 openssl3: openssl: c_rehash script allows command injection [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2095814
[ 3 ] Bug #2099970 - CVE-2022-2068 openssl3: openssl: the c_rehash script allows command injection [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2099970
[ 4 ] Bug #2105033 - CVE-2022-2097 openssl3: openssl: AES OCB fails to encrypt some bytes [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2105033
--------------------------------------------------------------------------------
================================================================================
python-dnslib-0.9.21-1.el8 (FEDORA-EPEL-2022-6319bfdcaa)
Simple library to encode/decode DNS packets
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.9.21
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Fabian Affolter <mail(a)fabian-affolter.ch> - 0.9.21-1
- Update to latest upstream release 0.9.21
- Fix for CVE-2022-22846 (closes rhbz#2042610, closes rhbz#2042611)
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.9.14-6
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 0.9.14-3
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2042610 - CVE-2022-22846 python-dnslib: client does not validate DNS transaction ID
https://bugzilla.redhat.com/show_bug.cgi?id=2042610
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-1b4c7ee66c knot-resolver-5.5.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
perl-DateTimeX-Easy-0.091-1.el7
Details about builds:
================================================================================
perl-DateTimeX-Easy-0.091-1.el7 (FEDORA-EPEL-2022-05fe5e5848)
Parse a date/time string using the best method available
--------------------------------------------------------------------------------
Update Information:
This release improves a documentation.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 26 2022 Petr Pisar <ppisar(a)redhat.com> - 0.091-1
- 0.091 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129398 - perl-DateTimeX-Easy-0.091 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2129398
--------------------------------------------------------------------------------
That is a very good point.
I think the following are better steps
rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9
dnf install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Troy
On Mon, Sep 26, 2022 at 10:28 AM Nick Jahn <nick.jahn(a)hotmail.com> wrote:
> Wouldn't it be a better option to show in the documentation how to
> download and install the GPG key first, so you don't have to use the
> nogpgcheck option? Security people like secure options better. 😉
>
> Nicholas Jahn
> IT professional
> A.S. Network Specialist (www.madisoncollege.edu)
> ------------------------------
> *From:* Troy Dawson <tdawson(a)redhat.com>
> *Sent:* Monday, September 26, 2022 11:46 AM
> *To:* EPEL Development List <epel-devel(a)lists.fedoraproject.org>
> *Subject:* [EPEL-devel] Re: EPEL RHEL 9 mirror error
>
> I was able to reproduce the error.
> If you do a RHEL install, and select a security profile, it will
> automatically turn on gpg checking for everything.[1]
> You then get the error you were showing.
>
> To get around this you need to add the --nogpgcheck option
>
> dnf install --nogpgcheck
> https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdl.fedora…>
>
> Thank you for letting us know. We'll be sure to update the documentation.
>
> Troy
>
> [1] -
> https://www.mankier.com/5/dnf.conf#Options_for_Both_%5BMain%5D_and_Repo-loc…
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.manki…>
>
>
> On Mon, Sep 26, 2022 at 7:25 AM Nick Jahn <nick.jahn(a)hotmail.com> wrote:
>
> I will wipe out this VM, and re-install RHEL 9 and see if it happens
> again. I already know it isn't security based issues, as none of my systems
> caught anything (I'm a Security Architect), and I was able to download the
> GPG key using WGET, and install it using RPM --import.
>
> I'm fairly certain the issue was that the GPG key was not getting
> deployed.
>
> Nicholas Jahn
> IT professional
> A.S. Network Specialist (www.madisoncollege.edu
> <https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.madiso…>
> )
> ------------------------------
> *From:* Stephen Smoogen <ssmoogen(a)redhat.com>
> *Sent:* Monday, September 26, 2022 8:59 AM
> *To:* EPEL Development List <epel-devel(a)lists.fedoraproject.org>
> *Subject:* [EPEL-devel] Re: EPEL RHEL 9 mirror error
>
>
>
> On Mon, 26 Sept 2022 at 09:31, Nick Jahn <nick.jahn(a)hotmail.com> wrote:
>
> Tried that, still getting GPG check FAILED. It seems that the security key
> is not getting deployed correctly.
>
> I manually went to the EPEL repo path
> https://dl.fedoraproject.org/pub/epel/
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdl.fedora…> and
> found the EPEL 9 Key, downloaded it and installed the key, and now the
> connection is working. The reason I reached out in the first place was to
> let you know that the deployment was not working as designed, as I know the
> EPEL Key is supposed to download and install when you perform the
> installation of the REPO (which was not happening). This needs to be fixed
> or you need to update the documentation to let others know that they need
> to download and install the RPM GPG KEY for EPEL 9 before using the rest of
> the guide......
>
>
> OK I am doing a retest of the instructions with a fresh Alma 9 install.
> I have installed it with minimal functionality and done a `dnf update` to
> get it up to the latest packages.
> Then I have rebooted it and done the following commands:
> ```
> [root@localhost ~]# sudo dnf config-manager --set-enabled crb
> [root@localhost ~]# dnf install
> https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdl.fedora…>
> AlmaLinux 9 - CRB
>
> 3.3 MB/s | 2.5 MB 00:00
> Last metadata expiration check: 0:00:01 ago on Mon 26 Sep 2022 09:52:47 AM
> EDT.
> epel-release-latest-9.noarch.rpm
>
> 124 kB/s | 18 kB 00:00
> Dependencies resolved.
>
> ==============================================================================================================================================================================================
> Package Architecture
> Version Repository
> Size
>
> ==============================================================================================================================================================================================
> Installing:
> epel-release noarch
> 9-4.el9 @commandline
> 18 k
>
> Transaction Summary
>
> ==============================================================================================================================================================================================
> Install 1 Package
>
> Total size: 18 k
> Installed size: 25 k
> Is this ok [y/N]: y
> Downloading Packages:
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
> Preparing :
>
> 1/1
> Installing : epel-release-9-4.el9.noarch
>
> 1/1
> Running scriptlet: epel-release-9-4.el9.noarch
>
> 1/1
> Many EPEL packages require the CodeReady Builder (CRB) repository.
> It is recommended that you run /usr/bin/crb enable to enable the CRB
> repository.
>
> Verifying : epel-release-9-4.el9.noarch
>
> 1/1
>
> Installed:
> epel-release-9-4.el9.noarch
>
>
>
> Complete!
> [root@localhost ~]# dnf install screen
> Last metadata expiration check: 0:00:21 ago on Mon 26 Sep 2022 09:53:52 AM
> EDT.
> Dependencies resolved.
>
> =========================================================================================================
> Package Architecture
> Version
> Repository Size
>
> =========================================================================================================
> Installing:
> screen x86_64
> 4.8.0-6.el9 epel
> 649 k
>
> Transaction Summary
>
> ======================================================================================================
> Install 1 Package
>
> Total download size: 649 k
> Installed size: 957 k
> Is this ok [y/N]: y
> Downloading Packages:
> screen-4.8.0-6.el9.x86_64.rpm
>
> 1.8 MB/s | 649 kB 00:00
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Total
>
> 1.2 MB/s | 649 kB 00:00
> Extra Packages for Enterprise Linux 9 - x86_64
>
> 1.6 MB/s | 1.6 kB 00:00
> Importing GPG key 0x3228467C:
> Userid : "Fedora (epel9) <epel(a)fedoraproject.org>"
> Fingerprint: FF8A D134 4597 106E CE81 3B91 8A38 72BF 3228 467C
> From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
> Is this ok [y/N]: y
> Key imported successfully
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
> Preparing :
>
> 1/1
> Running scriptlet: screen-4.8.0-6.el9.x86_64
>
> 1/1
> Installing : screen-4.8.0-6.el9.x86_64
>
> 1/1
> Running scriptlet: screen-4.8.0-6.el9.x86_64
>
> 1/1
> Verifying : screen-4.8.0-6.el9.x86_64
>
> 1/1
>
> Installed:
> screen-4.8.0-6.el9.x86_64
>
>
>
> Complete!
> ```
> So the instructions as printed work, if everything else works fine.
> However, it is clear that something did not work for your system, but I am
> not sure how to pinpoint what it is for better documentation. If you can
> repeat the problem and see what difference in install from what I tried is,
> we can better do this.
>
> --
> Stephen Smoogen, Red Hat Automotive
> Let us be kind to one another, for most of us are fighting a hard battle.
> -- Ian MacClaren
> _______________________________________________
> epel-devel mailing list -- epel-devel(a)lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedo…>
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedorapro…>
> List Archives:
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraprojec…
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fed…>
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
> <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpagure.io…>
>
> _______________________________________________
> epel-devel mailing list -- epel-devel(a)lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraprojec…
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
I was able to reproduce the error.
If you do a RHEL install, and select a security profile, it will
automatically turn on gpg checking for everything.[1]
You then get the error you were showing.
To get around this you need to add the --nogpgcheck option
dnf install --nogpgcheck
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Thank you for letting us know. We'll be sure to update the documentation.
Troy
[1] -
https://www.mankier.com/5/dnf.conf#Options_for_Both_%5BMain%5D_and_Repo-loc…
On Mon, Sep 26, 2022 at 7:25 AM Nick Jahn <nick.jahn(a)hotmail.com> wrote:
> I will wipe out this VM, and re-install RHEL 9 and see if it happens
> again. I already know it isn't security based issues, as none of my systems
> caught anything (I'm a Security Architect), and I was able to download the
> GPG key using WGET, and install it using RPM --import.
>
> I'm fairly certain the issue was that the GPG key was not getting
> deployed.
>
> Nicholas Jahn
> IT professional
> A.S. Network Specialist (www.madisoncollege.edu)
> ------------------------------
> *From:* Stephen Smoogen <ssmoogen(a)redhat.com>
> *Sent:* Monday, September 26, 2022 8:59 AM
> *To:* EPEL Development List <epel-devel(a)lists.fedoraproject.org>
> *Subject:* [EPEL-devel] Re: EPEL RHEL 9 mirror error
>
>
>
> On Mon, 26 Sept 2022 at 09:31, Nick Jahn <nick.jahn(a)hotmail.com> wrote:
>
> Tried that, still getting GPG check FAILED. It seems that the security key
> is not getting deployed correctly.
>
> I manually went to the EPEL repo path
> https://dl.fedoraproject.org/pub/epel/ and found the EPEL 9 Key,
> downloaded it and installed the key, and now the connection is working. The
> reason I reached out in the first place was to let you know that the
> deployment was not working as designed, as I know the EPEL Key is supposed
> to download and install when you perform the installation of the REPO
> (which was not happening). This needs to be fixed or you need to update the
> documentation to let others know that they need to download and install the
> RPM GPG KEY for EPEL 9 before using the rest of the guide......
>
>
> OK I am doing a retest of the instructions with a fresh Alma 9 install.
> I have installed it with minimal functionality and done a `dnf update` to
> get it up to the latest packages.
> Then I have rebooted it and done the following commands:
> ```
> [root@localhost ~]# sudo dnf config-manager --set-enabled crb
> [root@localhost ~]# dnf install
> https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
> AlmaLinux 9 - CRB
>
> 3.3 MB/s | 2.5 MB 00:00
> Last metadata expiration check: 0:00:01 ago on Mon 26 Sep 2022 09:52:47 AM
> EDT.
> epel-release-latest-9.noarch.rpm
>
> 124 kB/s | 18 kB 00:00
> Dependencies resolved.
>
> ==============================================================================================================================================================================================
> Package Architecture
> Version Repository
> Size
>
> ==============================================================================================================================================================================================
> Installing:
> epel-release noarch
> 9-4.el9 @commandline
> 18 k
>
> Transaction Summary
>
> ==============================================================================================================================================================================================
> Install 1 Package
>
> Total size: 18 k
> Installed size: 25 k
> Is this ok [y/N]: y
> Downloading Packages:
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
> Preparing :
>
> 1/1
> Installing : epel-release-9-4.el9.noarch
>
> 1/1
> Running scriptlet: epel-release-9-4.el9.noarch
>
> 1/1
> Many EPEL packages require the CodeReady Builder (CRB) repository.
> It is recommended that you run /usr/bin/crb enable to enable the CRB
> repository.
>
> Verifying : epel-release-9-4.el9.noarch
>
> 1/1
>
> Installed:
> epel-release-9-4.el9.noarch
>
>
>
> Complete!
> [root@localhost ~]# dnf install screen
> Last metadata expiration check: 0:00:21 ago on Mon 26 Sep 2022 09:53:52 AM
> EDT.
> Dependencies resolved.
>
> =========================================================================================================
> Package Architecture
> Version
> Repository Size
>
> =========================================================================================================
> Installing:
> screen x86_64
> 4.8.0-6.el9 epel
> 649 k
>
> Transaction Summary
>
> ======================================================================================================
> Install 1 Package
>
> Total download size: 649 k
> Installed size: 957 k
> Is this ok [y/N]: y
> Downloading Packages:
> screen-4.8.0-6.el9.x86_64.rpm
>
> 1.8 MB/s | 649 kB 00:00
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Total
>
> 1.2 MB/s | 649 kB 00:00
> Extra Packages for Enterprise Linux 9 - x86_64
>
> 1.6 MB/s | 1.6 kB 00:00
> Importing GPG key 0x3228467C:
> Userid : "Fedora (epel9) <epel(a)fedoraproject.org>"
> Fingerprint: FF8A D134 4597 106E CE81 3B91 8A38 72BF 3228 467C
> From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
> Is this ok [y/N]: y
> Key imported successfully
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
> Preparing :
>
> 1/1
> Running scriptlet: screen-4.8.0-6.el9.x86_64
>
> 1/1
> Installing : screen-4.8.0-6.el9.x86_64
>
> 1/1
> Running scriptlet: screen-4.8.0-6.el9.x86_64
>
> 1/1
> Verifying : screen-4.8.0-6.el9.x86_64
>
> 1/1
>
> Installed:
> screen-4.8.0-6.el9.x86_64
>
>
>
> Complete!
> ```
> So the instructions as printed work, if everything else works fine.
> However, it is clear that something did not work for your system, but I am
> not sure how to pinpoint what it is for better documentation. If you can
> repeat the problem and see what difference in install from what I tried is,
> we can better do this.
>
> --
> Stephen Smoogen, Red Hat Automotive
> Let us be kind to one another, for most of us are fighting a hard battle.
> -- Ian MacClaren
> _______________________________________________
> epel-devel mailing list -- epel-devel(a)lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraprojec…
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
On Mon, 26 Sept 2022 at 09:31, Nick Jahn <nick.jahn(a)hotmail.com> wrote:
> Tried that, still getting GPG check FAILED. It seems that the security key
> is not getting deployed correctly.
>
> I manually went to the EPEL repo path
> https://dl.fedoraproject.org/pub/epel/ and found the EPEL 9 Key,
> downloaded it and installed the key, and now the connection is working. The
> reason I reached out in the first place was to let you know that the
> deployment was not working as designed, as I know the EPEL Key is supposed
> to download and install when you perform the installation of the REPO
> (which was not happening). This needs to be fixed or you need to update the
> documentation to let others know that they need to download and install the
> RPM GPG KEY for EPEL 9 before using the rest of the guide......
>
>
OK I am doing a retest of the instructions with a fresh Alma 9 install.
I have installed it with minimal functionality and done a `dnf update` to
get it up to the latest packages.
Then I have rebooted it and done the following commands:
```
[root@localhost ~]# sudo dnf config-manager --set-enabled crb
[root@localhost ~]# dnf install
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
AlmaLinux 9 - CRB
3.3 MB/s | 2.5 MB 00:00
Last metadata expiration check: 0:00:01 ago on Mon 26 Sep 2022 09:52:47 AM
EDT.
epel-release-latest-9.noarch.rpm
124 kB/s | 18 kB 00:00
Dependencies resolved.
==============================================================================================================================================================================================
Package Architecture
Version Repository
Size
==============================================================================================================================================================================================
Installing:
epel-release noarch
9-4.el9 @commandline
18 k
Transaction Summary
==============================================================================================================================================================================================
Install 1 Package
Total size: 18 k
Installed size: 25 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Installing : epel-release-9-4.el9.noarch
1/1
Running scriptlet: epel-release-9-4.el9.noarch
1/1
Many EPEL packages require the CodeReady Builder (CRB) repository.
It is recommended that you run /usr/bin/crb enable to enable the CRB
repository.
Verifying : epel-release-9-4.el9.noarch
1/1
Installed:
epel-release-9-4.el9.noarch
Complete!
[root@localhost ~]# dnf install screen
Last metadata expiration check: 0:00:21 ago on Mon 26 Sep 2022 09:53:52 AM
EDT.
Dependencies resolved.
=========================================================================================================
Package Architecture
Version
Repository Size
=========================================================================================================
Installing:
screen x86_64
4.8.0-6.el9 epel
649 k
Transaction Summary
======================================================================================================
Install 1 Package
Total download size: 649 k
Installed size: 957 k
Is this ok [y/N]: y
Downloading Packages:
screen-4.8.0-6.el9.x86_64.rpm
1.8 MB/s | 649 kB 00:00
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total
1.2 MB/s | 649 kB 00:00
Extra Packages for Enterprise Linux 9 - x86_64
1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x3228467C:
Userid : "Fedora (epel9) <epel(a)fedoraproject.org>"
Fingerprint: FF8A D134 4597 106E CE81 3B91 8A38 72BF 3228 467C
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-9
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing :
1/1
Running scriptlet: screen-4.8.0-6.el9.x86_64
1/1
Installing : screen-4.8.0-6.el9.x86_64
1/1
Running scriptlet: screen-4.8.0-6.el9.x86_64
1/1
Verifying : screen-4.8.0-6.el9.x86_64
1/1
Installed:
screen-4.8.0-6.el9.x86_64
Complete!
```
So the instructions as printed work, if everything else works fine.
However, it is clear that something did not work for your system, but I am
not sure how to pinpoint what it is for better documentation. If you can
repeat the problem and see what difference in install from what I tried is,
we can better do this.
--
Stephen Smoogen, Red Hat Automotive
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren