The following Fedora EPEL 7 Security updates need testing: Age URL 267 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 75 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2 tor-0.3.5.8-1.el7 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7 35 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd afflib-3.7.18-2.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d28d3135da python36-3.6.8-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-de28ce6966 drupal7-7.66-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cekit-3.0.1-1.el7 davix-0.7.3-1.el7 fstransform-0.9.3-5.el7 python-SecretStorage-2.1.1-2.el7 snapd-2.39-1.el7
Details about builds:
================================================================================ cekit-3.0.1-1.el7 (FEDORA-EPEL-2019-94f7c027b2) Container image creation tool -------------------------------------------------------------------------------- Update Information:
Release 3.0.1 -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 30 2019 Marek Goldmann mgoldman@redhat.com - 3.0.1-1 - Release 3.0.1 --------------------------------------------------------------------------------
================================================================================ davix-0.7.3-1.el7 (FEDORA-EPEL-2019-92c1dd6a6b) Toolkit for Http-based file management -------------------------------------------------------------------------------- Update Information:
New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Wed May 8 2019 Georgios Bitzes <georgios.bitzes at cern.ch> - 0.7.3-1 - New upstream release --------------------------------------------------------------------------------
================================================================================ fstransform-0.9.3-5.el7 (FEDORA-EPEL-2019-85ee4df316) Tool for in-place file-system conversion without backup -------------------------------------------------------------------------------- Update Information:
- Add upstream patch fixing data loss bug -------------------------------------------------------------------------------- ChangeLog:
* Wed May 8 2019 Bj��rn Esser besser82@fedoraproject.org - 0.9.3-5 - Add upstream patch fixing data loss bug (#1705564) * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 0.9.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.9.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 0.9.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1705564 - fstransform 0.9.3 has data loss bug https://bugzilla.redhat.com/show_bug.cgi?id=1705564 --------------------------------------------------------------------------------
================================================================================ python-SecretStorage-2.1.1-2.el7 (FEDORA-EPEL-2019-deeeba55a8) Python 2.x module for secure storing of passwords and secrets -------------------------------------------------------------------------------- Update Information:
enable support for python3 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 8 2019 Robert Scheck robert@fedoraproject.org - 2.1.1-2 - Build python3 support for RHEL/CentOS 7 --------------------------------------------------------------------------------
================================================================================ snapd-2.39-1.el7 (FEDORA-EPEL-2019-6e09a2903d) A transactional software package manager -------------------------------------------------------------------------------- Update Information:
Update to `snapd-2.39`. * SELinux policy has been completely revamped * Rudimentary SELinux integration is in snap-confine and enabled -------------------------------------------------------------------------------- ChangeLog:
* Mon May 6 2019 Neal Gompa ngompa13@gmail.com - 2.39-1 - Release 2.39 to Fedora (RH#1699087) - Enable basic SELinux integration - Fix changelog entry to fix build for EPEL 7 - Exclude bash and POSIX sh shebangs from mangling (LP:1824158) - Drop some old pre Fedora 28 logic * Fri May 3 2019 Michael Vogt mvo@ubuntu.com - New upstream release 2.39 - overlord/ifacestate: update static attributes of "content" interface - data/selinux: tweak the policy for runuser and s-c, interpret audit entries - snapshotstate: disable automatic snapshots on core for now - overlord/corecfg: make expiration of automatic snapshots configurable - snapstate: auto-install snapd when needed - interfaces: add support for the snapd snap in the dbus backend - overlord/snapstate: tweak autorefresh logic if network is not available - interfaces/apparmor: allow running /usr/bin/od - osutil,cmdutil: move CommandFromCore and make it use the snapd snap (if available) - daemon: also verify snap instructions for multi-snap requests - data/selinux: allow snap-confine to mount on top of bin - data/selinux: auto transition /var/snap to snappy_var_t - cmd: add `snap debug validate-seed <path>` cmd - interfaces/builtin/desktop: fonconfig v6/v7 cache handling on Fedora - interfaces/builtin/intel_mei: fix /dev/mei* AppArmor pattern - tests: make snap-connections test work on boards with snaps pre- installed - tests: check for /snap/core16/current in core16-provided-by-core - tests: run livepatch test on 18.04 as well - devicestate: deal correctly with the "required" flag on Remodel - snapstate,state: add TaskSet.AddAllWithEdges() and use in doUpdate - snapstate: add new NoReRefresh flag and use in Remodel() - many: allow core as a fallback for core16 - snapcraft: build static fontconfig in the snapd snap - cmd/snap-confine: remove unused sc_open_snap_{update,discard}_ns - data/selinux: allow snapd to execute runuser under snappy_t - spread, tests: do not leave mislabeled files in restorecon test, attempt to catch similar files - interfaces: cleanup internal tool lookup in system-key - many: move auth.AuthContext to store.DeviceAndAuthContext, the implemention to a separate storecontext packageThis: - overlord/devicestate: measurements around ensure and related tasks - cmd: tweak internal tool lookup to accept more possible locations - overlord/snapstate,snapshotstate: create snapshot on snap removal - tests: run smoke tests on (almost) pristine systems - tests: system disable ssh for config defaults in gadget - cmd/debug: integrate new task timings with "snap debug timings" - tests/upgrade/basic, packaging/fedoar: restore SELinux context of /var/cache/fontconfig, patch pre-2.39 mount units - image: simplify prefer local logic and fixes - tests/main/selinux-lxd: make sure LXD from snaps works cleanly with enforcing SELinux - tests: deny ioctl - TIOCSTI with garbage in high bits - overlord: factor out mocking of device service and gadget w. prepare-device for registration tests - data/selinux, tests/main/selinux-clean: fine tune the policy, make sure that no denials are raised - cmd/libsnap,osutil: fix parsing of mountinfo - ubuntu: disable -buildmode=pie on armhf to fix memory issue - overlord/snapstate: inhibit refresh for up to a week - cmd/snap-confine: prevent cwd restore permission bypass - overlord/ifacestate: introduce HotplugKey type use short key in change summaries - many: make Remodel() download everything first before installing - tests: fixes discovered debugging refresh-app-awareness - overlord/snapstate: track time of postponed refreshes - snap-confine: set rootfs_dir in sc_invocation struct - tests: run create-user on core devices - boot: add flag file "meta/force-kernel-extraction" - tests: add regression test for systemctl race fix - overlord/snapshotstate: helpers for snapshot expirations - overlord,tests: perform soft refresh check in doInstall - tests: enable tests that write /etc/{hostname,timezone} on core18 - overlord/ifacestate: implement String() method of HotplugDeviceInfo for better logs/messages - cmd/snap-confine: move ubuntu-core fallback checks - testutil: fix MockCmd for shellcheck 0.5 - snap, gadget: move gadget read/validation into separate package, tweak naming - tests: split travis spread execution in 2 jobs for ubuntu and non ubuntu systems - testutil: make mocked command work with shellcheck from snaps - packaging/fedora, tests/upgrade/basic: patch existing mount units with SELinux context on upgrade - metautil, snap: extract yaml value normalization to a helper package - tests: use apt via eatmydata - dirs,overlord/snapstate: add Soft and Hard refresh checks - cmd/snap-confine: allow using tools from snapd snap - cmd,interfaces: replace local helpers with cmd.InternalToolPath - tweak: fix "make hack" on Fedora - snap: add validation of gadget.yaml - cmd/snap-update-ns: refactor of profile application - cmd/snap,client,daemon,store: layout and sanity tweaks for find/search options - tests: add workaround for missing cache reset on older snapd - interfaces: deal with the snapd snap correctly for apparmor 2.13 - release-tools: add debian-package-builder - tests: enable opensuse 15 and add force-resolution installing packages - timings: AddTag helper - testutil: run mocked commands through shellcheck - overlord/snapshotstate: support auto flag - client, daemon, store: search by common-id - tests: all the systems for google backend with 6 workers - interfaces: hotplug nested vm test, updated serial-port interface for hotplug. - sanity: use proper SELinux context when mounting squashfs - cmd/libsnap: neuter variables in cleanup functions - interfaces/adb-support: account for hubs on sysfs path - interfaces/seccomp: regenerate changed profiles only - snap: reject layouts to /lib/{firmware,modules} - cmd/snap-confine, packaging: support SELinux - selinux, systemd: support mount contexts for snap images - interfaces/builtin/opengl: allow access to Tegra X1 - cmd/snap: make 'snap warnings' output yamlish - tests: add check to detect a broken snap on reset - interfaces: add one-plus devices to adb-support - cmd: prevent umask from breaking snap-run chain - tests/lib/pkgdb: allow downgrade when installing packages in openSUSE - cmd/snap-confine: use fixed private tmp directory - snap: tweak parsing errors of gadget updates - overlord/ifacemgr: basic measurements - spread: refresh metadata on openSUSE - cmd/snap-confine: pass sc_invocation instead of numerous args around - snap/gadget: introduce volume update info - partition,bootloader: rename 'partition' package to 'bootloader' - interfaces/builtin: add dev/pts/ptmx access to docker_support - tests: restore sbuild test - strutil: make SplitUnit public, allow negative numbers - overlord/snapstate,: retry less for auto-stuff - interfaces/builtin: add add exec "/" to docker-support - cmd/snap: fix regression of snap saved command - cmd/libsnap: rename C enum for feature flag - cmd: typedef mountinfo structures - tests/main/remodel: clean up before reverting the state - cmd/snap-confine: umount scratch dir using UMOUNT_NOFOLLOW - timings: add new helpers, Measurer interface and DurationThreshold - cmd/snap-seccomp: version-info subcommand - errortracker: fix panic in Report if db cannot be opened - sandbox/seccomp: a helper package wrapping calls to snap-seccomp - many: add /v2/model API, `snap remodel` CLI and spread test - tests: enable opensuse tumbleweed back - overlord/snapstate, store: set a header when auto-refreshing - data/selinux, tests: refactor SELinux policy, add minimal tests - spread: restore SELinux context when we mess with system files - daemon/api: filter connections with hotplug-gone=true - daemon: support returning assertion information as JSON with the "json" query parameter - cmd/snap: hide 'interfaces' command, show deprecation notice - timings: base API for recording timings in state - cmd/snap-confine: drop unused dependency on libseccomp - interfaces/apparmor: factor out test boilerplate - daemon: extract assertions api endpoint implementation into api_asserts.go - spread.yaml: bump delta reference - cmd/snap-confine: track per-app and per-hook processes - cmd/snap-confine: make sc_args helpers const-correct - daemon: move a function that was between an other struct and its methods - overlord/snapstate: fix restoring of "old-current" revision config in undoLinkSnap - cmd/snap, client, daemon, ifacestate: show a leading attribute of a connection - cmd/snap-confine: call sc_should_use_normal_mode once - cmd/snap-confine: populate enter_non_classic_execution_environment - daemon: allow downloading snaps blobs via .../file - cmd/snap-confine: introduce sc_invocation - devicestate: add initial Remodel support - snap: remove obsolete license-* fields in the yaml - cmd/libsnap: add cgroup-pids-support module - overlord/snapstate/backend: make LinkSnap clean up more - snapstate: only keep 2 snaps on classic - ctlcmd/tests: tests tweaks (followup to #6322) * Tue Apr 23 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.38-3 - Rebuilt for fix in golang-github-seccomp-libseccomp-golang * Fri Apr 5 2019 Neal Gompa ngompa13@gmail.com - 2.38-2 - Readd snapd-login-service Provides for gnome-software for F29 and older -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1699087 - snapd-2.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1699087 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org