The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-31e354d8e4 syslog-ng-3.23.1-3.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4c460336cc shapelib-1.5.0-12.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c1bf7ff735 radare2-5.8.2-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
boost169-1.69.0-5.el8 cc1541-4.0-5.el8 livesys-scripts-0.3.6-1.el8 openssl3-3.0.7-5.el8.1 qoauth-2.0.0-16.el8
Details about builds:
================================================================================ boost169-1.69.0-5.el8 (FEDORA-EPEL-2023-b65ce27bee) The free peer-reviewed portable C++ source libraries -------------------------------------------------------------------------------- Update Information:
Now differentiates between Python2 and Python3 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 6 2022 Edward Maros ed.maros@ligo.org - 1.69.0-5 - Cleaned up building to have python version specific development files be associated with the matching python development package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2130012 - boost169-devel brings in python 2 dependency https://bugzilla.redhat.com/show_bug.cgi?id=2130012 --------------------------------------------------------------------------------
================================================================================ cc1541-4.0-5.el8 (FEDORA-EPEL-2023-a5ac8618bb) Tool for creating Commodore Floppy disk images in D64, G64, D71 or D81 format -------------------------------------------------------------------------------- Update Information:
- Update patches from upstream git. -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 11 2023 Bj��rn Esser besser82@fedoraproject.org - 4.0-5 - Update patches from upstream git --------------------------------------------------------------------------------
================================================================================ livesys-scripts-0.3.6-1.el8 (FEDORA-EPEL-2023-7c5665fe60) Scripts for auto-configuring live media during boot -------------------------------------------------------------------------------- Update Information:
Numerous fixes for various desktop sessions -------------------------------------------------------------------------------- ChangeLog:
* Mon Feb 13 2023 Neal Gompa ngompa@fedoraproject.org - 0.3.6-1 - Update to 0.3.6 * Mon Feb 6 2023 Neal Gompa ngompa@fedoraproject.org - 0.3.5-1 - Update to 0.3.5 * Sun Feb 5 2023 Neal Gompa ngompa@fedoraproject.org - 0.3.4-1 - Update to 0.3.4 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 0.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sun Dec 18 2022 Neal Gompa ngompa@fedoraproject.org - 0.3.3-1 - Update to 0.3.3 * Sun Dec 11 2022 Neal Gompa ngompa@fedoraproject.org - 0.3.2-1 - Update to 0.3.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2152416 - livesys-scripts-0.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2152416 --------------------------------------------------------------------------------
================================================================================ openssl3-3.0.7-5.el8.1 (FEDORA-EPEL-2023-7407b60f95) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information:
Security fix for CVEs, based on CentOS Stream 9's openssl -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 9 2023 Michel Alexandre Salim salimma@fedoraproject.org 3.0.7-5.1 - Merge c9s openssl changes to pick up CVE fixes - Back out f2a49ef424f831aac988356fc8b2b910e443dc42 as that caused test failures * Wed Feb 8 2023 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.7-5 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - Fixed Invalid pointer dereference in d2i_PKCS7 functions Resolves: CVE-2023-0216 - Fixed NULL dereference validating DSA public key Resolves: CVE-2023-0217 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - Fixed NULL dereference during PKCS7 data verification Resolves: CVE-2023-0401 * Wed Jan 11 2023 Clemens Lang cllang@redhat.com - 1:3.0.7-4 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2142121 * Thu Jan 5 2023 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.7-3 - Refactor OpenSSL fips module MAC verification Resolves: rhbz#2157965 * Thu Nov 24 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.7-2 - Various provider-related imrovements necessary for PKCS#11 provider correct operations Resolves: rhbz#2142517 - We should export 2 versions of OPENSSL_str[n]casecmp to be compatible with upstream Resolves: rhbz#2133809 - Removed recommended package for openssl-libs Resolves: rhbz#2093804 - Adjusting include for the FIPS_mode macro Resolves: rhbz#2083879 - Backport of ppc64le Montgomery multiply enhancement Resolves: rhbz#2130708 - Fix explicit indicator for PSS salt length in FIPS mode when used with negative magic values Resolves: rhbz#2142087 - Update change to default PSS salt length with patch state from upstream Related: rhbz#2142087 * Tue Nov 22 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.7-1 - Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063 * Mon Nov 14 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-44 - SHAKE-128/256 are not allowed with RSA in FIPS mode Resolves: rhbz#2144010 - Avoid memory leaks in TLS Resolves: rhbz#2144008 - FIPS RSA CRT tests must use correct parameters Resolves: rhbz#2144006 - FIPS-140-3 permits only SHA1, SHA256, and SHA512 for DRBG-HASH/DRBG-HMAC Resolves: rhbz#2144017 - Remove support for X9.31 signature padding in FIPS mode Resolves: rhbz#2144015 - Add explicit indicator for SP 800-108 KDFs with short key lengths Resolves: rhbz#2144019 - Add explicit indicator for HMAC with short key lengths Resolves: rhbz#2144000 - Set minimum password length for PBKDF2 in FIPS mode Resolves: rhbz#2144003 - Add explicit indicator for PSS salt length in FIPS mode Resolves: rhbz#2144012 - Clamp default PSS salt length to digest size for FIPS 186-4 compliance Related: rhbz#2144012 - Forbid short RSA keys for key encapsulation/decapsulation in FIPS mode Resolves: rhbz#2145170 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2134745 - CVE-2022-3358 openssl3: openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2134745 [ 2 ] Bug #2167849 - CVE-2023-0401 openssl3: openssl: NULL dereference during PKCS7 data verification [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167849 [ 3 ] Bug #2167866 - CVE-2023-0286 openssl3: openssl: X.400 address type confusion in X.509 GeneralName [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167866 [ 4 ] Bug #2167881 - CVE-2023-0217 openssl3: openssl: NULL dereference validating DSA public key [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167881 [ 5 ] Bug #2167884 - CVE-2023-0216 openssl3: openssl: invalid pointer dereference in d2i_PKCS7 functions [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167884 [ 6 ] Bug #2167887 - CVE-2023-0215 openssl3: openssl: use-after-free following BIO_new_NDEF [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167887 [ 7 ] Bug #2167904 - CVE-2022-4450 openssl3: openssl: double free after calling PEM_read_bio_ex [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167904 [ 8 ] Bug #2167912 - CVE-2022-4203 openssl3: openssl: a read buffer overflow in X.509 certificate verification [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167912 [ 9 ] Bug #2167914 - CVE-2022-4304 openssl3: openssl: timing attack in RSA Decryption implementation [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2167914 --------------------------------------------------------------------------------
================================================================================ qoauth-2.0.0-16.el8 (FEDORA-EPEL-2023-18f99fb1b7) Qt library OAuth authorization scheme -------------------------------------------------------------------------------- Update Information:
Initial build on epel8 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jul 23 2018 Rex Dieter rdieter@fedoraproject.org - 2.0.0-7 - BR: gcc-c++ - use %_qt5_archdatadir (#1606038) * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Jan 20 2017 Rex Dieter rdieter@fedoraproject.org - 2.0.0-1 - qoauth-2.0.0, -qt5 support (#1415070) * Thu Feb 4 2016 Fedora Release Engineering releng@fedoraproject.org - 1.0.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Thu Jun 18 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 2 2015 Kalev Lember kalevlember@gmail.com - 1.0.1-12 - Rebuilt for GCC 5 C++11 ABI change * Mon Dec 1 2014 Rex Dieter rdieter@fedoraproject.org 1.0.1-11 - rebuild(qca) * Mon Dec 1 2014 Rex Dieter rdieter@fedoraproject.org 1.0.1-10 - pkgconfig-style build deps, use %qmake_qt4 macro, tighten %files * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Aug 4 2014 Rex Dieter rdieter@fedoraproject.org 1.0.1-8 - .spec cleanup, epel7: ExcludeArch: ppc64 * Sun Jun 8 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun Aug 4 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Sat Jul 21 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.0.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sun Aug 8 2010 Chen Lei supercyper@163.com - 1.0.1-1 - Update to 1.0.1 * Fri Jun 25 2010 Chen Lei supercyper@163.com - 1.0.1-0.3.20100625git726325d - New upstream version * Tue Jun 22 2010 Chen Lei supercyper@163.com - 1.0.1-0.2.20100622git7f69e33 - New upstream version - Add %check section * Tue May 25 2010 Chen Lei supercyper@163.com - 1.0.1-0.1.20100525gitec7e4d5 - initial rpm build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1849802 - Please build qoauth for EPEL8 https://bugzilla.redhat.com/show_bug.cgi?id=1849802 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org