The following Fedora EPEL 8 Security updates need testing:
Age URL
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-0128b1edbe
chromium-122.0.6261.111-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ansible-collection-awx-awx-24.0.0-1.el8
apptainer-1.3.0-1.el8
baresip-3.10.1-1.el8
keepassxc-2.7.7-2.el8
libuev-2.4.1-1.el8
nagios-plugins-check-updates-2.0.5-3.el8
xorgxrdp-0.9.20-1.el8
xrdp-0.9.25-2.el8
Details about builds:
================================================================================
ansible-collection-awx-awx-24.0.0-1.el8 (FEDORA-EPEL-2024-6ea8b17ffd)
Ansible modules and plugins for working with AWX
--------------------------------------------------------------------------------
Update Information:
Update to 24.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Andrew Heath <anheath(a)anheath-thinkpadt14sgen2i.rmtusnc.csb> -
24.0.0-1
- Update to 24.0.0
--------------------------------------------------------------------------------
================================================================================
apptainer-1.3.0-1.el8 (FEDORA-EPEL-2024-d7cc38dee9)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and
CVE-2024-28180
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Dave Dykstra <dwd(a)fnal.gov> - 1.3.0
- Update to upstream 1.3.0
* Thu Feb 15 2024 Dave Dykstra <dwd(a)fnal.gov> - 1.3.0~rc.2
- Update to upstream 1.3.0-rc.2
* Wed Jan 10 2024 Dave Dykstra <dwd(a)fnal.gov> - 1.3.0~rc.1
- Update to upstream 1.3.0-rc.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268820 - CVE-2024-28176 go-jose: resource exhaustion
https://bugzilla.redhat.com/show_bug.cgi?id=2268820
[ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed
data
https://bugzilla.redhat.com/show_bug.cgi?id=2268854
--------------------------------------------------------------------------------
================================================================================
baresip-3.10.1-1.el8 (FEDORA-EPEL-2024-092f7564a8)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
Baresip v3.10.1 (2024-03-12)
Security Release (possible Denial of Service): A wrong or manipulated incoming
RTP Timestamp can cause the baresip process to hang forever, for details see:
#2954
aureceiver: fix mtx_unlock on discard
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2024 Robert Scheck <robert(a)fedoraproject.org> 3.10.1-1
- Upgrade to 3.10.1 (#2269261)
* Mon Mar 11 2024 Robert Scheck <robert(a)fedoraproject.org> 3.10.0-2
- Added upstream patch to fix mtx_unlock on discard in aureceiver
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2269261 - baresip-3.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2269261
--------------------------------------------------------------------------------
================================================================================
keepassxc-2.7.7-2.el8 (FEDORA-EPEL-2024-2d4801a0fb)
Cross-platform password manager
--------------------------------------------------------------------------------
Update Information:
2.7.7 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Germano Massullo <germano.massullo(a)gmail.com> - 2.7.7-2
- replaced minizip depencendy for all active branches
* Wed Mar 13 2024 Germano Massullo <germano.massullo(a)gmail.com> - 2.7.7-1
- 2.7.7 release
* Wed Jan 24 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.6-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.6-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 3 2024 Jan Grulich <jgrulich(a)redhat.com> - 2.7.6-6
- Rebuild (qt5)
* Mon Dec 4 2023 Lukas Javorsky <ljavorsk(a)redhat.com> - 2.7.6-5
- Rebuilt for minizip-ng transition Fedora change
- Fedora Change:
https://fedoraproject.org/wiki/Changes/MinizipNGTransition
* Sat Nov 18 2023 Germano Massullo <germano.massullo(a)gmail.com> - 2.7.6-4
- rebuild (qt5) el9-next
* Mon Oct 9 2023 Jan Grulich <jgrulich(a)redhat.com> - 2.7.6-3
- Rebuild (qt5)
* Wed Sep 27 2023 Yaakov Selkowitz <yselkowi(a)redhat.com> - 2.7.6-2
- Build with minizip-ng for F38+
* Wed Aug 16 2023 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 2.7.6-1
- Update to 2.7.6
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Jun 14 2023 Jan Grulich <jgrulich(a)redhat.com> - 2.7.5-2
- Rebuild (qt5)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268750 - keepassxc-2.7.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2268750
--------------------------------------------------------------------------------
================================================================================
libuev-2.4.1-1.el8 (FEDORA-EPEL-2024-d241ea2238)
Simple event loop for Linux
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-48620
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2024 Alessio <alciregi(a)fedoraproject.org> - 2.4.1-1
- Update to 2.4.1
* Thu Jan 25 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.0-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.0-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.0-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Mon Oct 4 2021 Alessio <alciregi(a)fedoraproject.org> - 2.4.0-2
- New sources
* Mon Oct 4 2021 Alessio <alciregi(a)fedoraproject.org> - 2.4.0-1
- New spec
* Mon Oct 4 2021 Alessio <alciregi(a)fedoraproject.org> - 2.3.2-8
- New release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2258050 - CVE-2022-48620 libuev: buffer overflow in epoll_wait() if maxevents
is a large number
https://bugzilla.redhat.com/show_bug.cgi?id=2258050
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-check-updates-2.0.5-3.el8 (FEDORA-EPEL-2024-d2666cdedf)
A Nagios plugin to check if Red Hat or Fedora system is up-to-date
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.5
Update to 2.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Alessio <alciregi(a)fedoraproject.org> - 2.0.5-3
- Update to 2.0.5
--------------------------------------------------------------------------------
================================================================================
xorgxrdp-0.9.20-1.el8 (FEDORA-EPEL-2024-f03971a604)
Implementation of xrdp backend as Xorg modules
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.9.25 (2024/03/11)
Running xrdp and xrdp-sesman on separate hosts is still supported by this
release, but is now deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix Domain Socket,
and then cross-host running will not be possible.
General announcements
This is the last v0.9.x version which is released regularly. v0.9.x will be
maintained for a while but less actively. New releases will happen only when
severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
No new security fixes in this release.
Bug fixes
Backport touchpad inertial scrolling (#2364 #2424 #2948).
New features
If the client announces support for the Image RemoteFX codec it is logged (back-
port of #2946)
Internal changes
FreeBSD CI version bumped to 13.2 from 12.4 (#2897)
Some test timeouts have been increased for slow CI machines (#2903)
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote
Desktop client but sometimes crashes on connect (#1869)
xrdp's login dialog is not relocated at the center of the new resolution after
on-the-fly resolution change happens (#1867)
General annoucements xorgxrdp 0.9.20
This is the last v0.9.x release. v0.9.x will be maintained for a while but less
actively. New releases will happen only when severe security vulnerabilities or
critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
New features
Too fast scroll mitigation
A fundamental solution for too fast scrolling issue by @seflerZ has been
backported from devel version to v0.9 (#265 #286). This fix requires xrdp
v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together.
The following former workaround added at v0.9.19 has been removed. It takes no
effect anymore.
[SessionVariables]
(some existing lines)
XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes
What's Changed
[v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286
Bump version to v0.9.20 by @metalefty in #292
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 12 2024 Bojan Smojver <bojan(a)rexursive.com> - 0.9.20-1
- Bump up to 0.9.20
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.19-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 26 2023 Bojan Smojver <bojan(a)rexursive.com> - 0.9.19-7
- run autoreconf before build, to avoid problems on F39
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.19-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.19-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.25-2.el8 (FEDORA-EPEL-2024-f03971a604)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.9.25 (2024/03/11)
Running xrdp and xrdp-sesman on separate hosts is still supported by this
release, but is now deprecated. This is not secure. A future v1.0 release will
replace the TCP socket used between these processes with a Unix Domain Socket,
and then cross-host running will not be possible.
General announcements
This is the last v0.9.x version which is released regularly. v0.9.x will be
maintained for a while but less actively. New releases will happen only when
severe security vulnerabilities or critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
Security fixes
No new security fixes in this release.
Bug fixes
Backport touchpad inertial scrolling (#2364 #2424 #2948).
New features
If the client announces support for the Image RemoteFX codec it is logged (back-
port of #2946)
Internal changes
FreeBSD CI version bumped to 13.2 from 12.4 (#2897)
Some test timeouts have been increased for slow CI machines (#2903)
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote
Desktop client but sometimes crashes on connect (#1869)
xrdp's login dialog is not relocated at the center of the new resolution after
on-the-fly resolution change happens (#1867)
General annoucements xorgxrdp 0.9.20
This is the last v0.9.x release. v0.9.x will be maintained for a while but less
actively. New releases will happen only when severe security vulnerabilities or
critical bugs are found.
We have created a fund on Open Collective. Support us if you like xrdp! Direct
donations to each developer via GitHub Sponsors are also welcomed.
New features
Too fast scroll mitigation
A fundamental solution for too fast scrolling issue by @seflerZ has been
backported from devel version to v0.9 (#265 #286). This fix requires xrdp
v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together.
The following former workaround added at v0.9.19 has been removed. It takes no
effect anymore.
[SessionVariables]
(some existing lines)
XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes
What's Changed
[v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286
Bump version to v0.9.20 by @metalefty in #292
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2024 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.25-2
- Add upstream PR 2994
* Tue Mar 12 2024 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.25-1
- Update to 0.9.25
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:0.9.24-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------