Fedora 31 Update: fail2ban-0.11.1-6.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-caae9d7741
2020-04-30 03:42:10.988776
--------------------------------------------------------------------------------
Name : fail2ban
Product : Fedora 31
Version : 0.11.1
Release : 6.fc31
URL : http://fail2ban.sourceforge.net/
Summary : Daemon to ban hosts that cause multiple authentication errors
Description :
Fail2Ban scans log files and bans IP addresses that makes too many password
failures. It updates firewall rules to reject the IP address. These rules can
be defined by the user. Fail2Ban can read multiple log files such as sshd or
Apache web server ones.
Fail2Ban is able to reduce the rate of incorrect authentications attempts
however it cannot eliminate the risk that weak authentication presents.
Configure services to use only two factor or public/private authentication
mechanisms if you really want to protect services.
This is a meta-package that will install the default configuration. Other
sub-packages are available to install support for other actions and
configurations.
--------------------------------------------------------------------------------
Update Information:
Change default from firewalld-ipset to firewalld-rich-rules, fixes #1823746.
---- ver. 0.11.1 (2020/01/11) - this-is-the-way ----------- ### Compatibility:
* to v.0.10: - 0.11 is totally compatible to 0.10 (configuration- and API-
related stuff), but the database got some new tables and fields (auto-
converted during the first start), so once updated to 0.11, you have to
remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10
schema) if you would need to downgrade to 0.10 for some reason. * to v.0.9:
- Filter (or `failregex`) internal capture-groups: * If you've your own
`failregex` or custom filters using conditional match `(?P=host)`, you should
rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)`
instead of `(?P=host)` (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding
your `usedns` and `raw` settings). Of course you can always define your
own capture-group (like below `_cond_ip_`) to do this. ```
testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-
regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host
(?P=_cond_ip_)$" ``` * New internal groups (currently reserved for
internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user`
and another captures in lower case if mapping from tag `<F-*>` used in
failregex (e. g. `user` by `<F-USER>`). - v.0.10 and 0.11 use more precise
date template handling, that can be theoretically incompatible to some user
configurations resp. `datepattern`. - Since v0.10 fail2ban supports the
matching of IPv6 addresses, but not all ban actions are IPv6-capable now.
### Fixes * purge database will be executed now (within observer). * restoring
currently banned ip after service restart fixed (now < timeofban + bantime),
ignore old log failures (already banned) * upgrade database: update new created
table `bips` with entries from table `bans` (allows restore current bans after
upgrade from version <= 0.10) ### New Features * Increment ban time (+
observer) functionality introduced. * Database functionality extended with bad
ips. * New tags (usable in actions): - `<bancount>` - ban count of this
offender if known as bad (started by 1 for unknown) - `<bantime>` - current
ban-time of the ticket (prolongation can be retarded up to 10 sec.) * Introduced
new action command `actionprolong` to prolong ban-time (e. g. set new timeout if
expected); Several actions (like ipset, etc.) rewritten using net logic with
`actionprolong`. Note: because ban-time is dynamic, it was removed from
jail.conf as timeout argument (check jail.local). ### Enhancements * algorithm
of restore current bans after restart changed: update the restored ban-time (and
therefore end of ban) of the ticket with ban-time of jail (as maximum), for
all tickets with ban-time greater (or persistent); not affected if ban-time of
the jail is unchanged between stop/start. * added new setup-option `--without-
tests` to skip building and installing of tests files (gh-2287). * added new
command `fail2ban-client get <JAIL> banip ?sep-char|--with-time?` to get the
banned ip addresses (gh-1916). Include selinux policy in package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2020 Richard Shaw <hobbes1069(a)gmail.com> - 0.11.1-6
- Change default firewalld backend from ipset to rich-rules as ipset causes
firewalld to use legacy iptables. Fixes RHBZ#1823746.
- Remove conditionals for EL versions less than 7.
* Thu Mar 19 2020 Richard Shaw <hobbes1069(a)gmail.com> - 0.11.1-5
- Update for Python 3.9.
* Wed Feb 26 2020 Orion Poplawski <orion(a)nwra.com> - 0.11.1-4
- Add SELinux policy
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823746 - fail2ban-firewalld default action uses unsupport direct rule, should use rich-rule
https://bugzilla.redhat.com/show_bug.cgi?id=1823746
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-caae9d7741' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
Fedora 31 Update: foliate-2.1.1-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-f2ba7bb4c1
2020-04-30 03:42:10.988761
--------------------------------------------------------------------------------
Name : foliate
Product : Fedora 31
Version : 2.1.1
Release : 1.fc31
URL : https://johnfactotum.github.io/foliate/
Summary : Simple and modern GTK eBook reader
Description :
A simple and modern GTK eBook viewer, built with GJS and Epub.js.
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.1.1-1
- Update to 2.1.1
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-f2ba7bb4c1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
[SECURITY] Fedora 31 Update: python-bleach-3.1.4-2.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-e1fa96c506
2020-04-30 03:42:10.988742
--------------------------------------------------------------------------------
Name : python-bleach
Product : Fedora 31
Version : 3.1.4
Release : 2.fc31
URL : https://github.com/mozilla/bleach
Summary : An easy whitelist-based HTML-sanitizing tool
Description :
Bleach is an HTML sanitizing library that escapes or strips markup and
attributes based on a white list.
--------------------------------------------------------------------------------
Update Information:
Update to version 3.1.4, an upstream security release. See the [upstream
changelog](https://github.com/mozilla/bleach/blob/v3.1.4/CHANGES) for details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Nils Philippsen <nils(a)redhat.com> - 3.1.4-2
- skip failing tests regardless of Python version
* Wed Apr 22 2020 Nils Philippsen <nils(a)redhat.com> - 3.1.4-1
- version 3.1.4
- use pythonhosted.org source URL as the tarballs match published hashes
- only skip failing tests and only on Python 3.9
- cope with html5lib prerelease on EL8
* Wed Feb 19 2020 Matthias Runge <mrunge(a)redhat.com> - 3.1.0-5
- skip tests for python 3.9
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 3 2019 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 3.1.0-4
- Drop python2-bleach (#1746757).
* Fri Aug 16 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 3.1.0-3
- Rebuilt for Python 3.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815055 - python-bleach: Bleach: behavior parsing did not match browser behavior which could result in mutation XSS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1815055
[ 2 ] Bug #1815062 - python-bleach: Bleach: Specific calls to function bleach.clean could result in mutation XSS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1815062
[ 3 ] Bug #1820625 - CVE-2020-6817 python-bleach: behavior parsing style attributes could result in a regular expression denial of service (ReDoS) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1820625
[ 4 ] Bug #1826275 - CVE-2020-6802 python-bleach: mutation XSS vulnerability [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1826275
[ 5 ] Bug #1826639 - python bleach fails to import in EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1826639
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-e1fa96c506' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
Fedora 31 Update: vgrive-1.6.0-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-2c20423851
2020-04-30 03:42:10.988659
--------------------------------------------------------------------------------
Name : vgrive
Product : Fedora 31
Version : 1.6.0
Release : 1.fc31
URL : https://github.com/bcedu/VGrive
Summary : Google Drive client for Linux
Description :
VGrive is a client (back-end and front-end) for Google Drive made in vala.
- Start VGrive and sync your files with Google Drive through a clean and
minimalist gui.
- Automaticlly detects changes in local and remote files and sync them.
- Choose the local path where VGrive syncs your files.
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.6.0-1
- Update to 1.6.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-2c20423851' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
Fedora 31 Update: babeld-1.9.2-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-0c0b6d38ee
2020-04-30 03:42:10.988629
--------------------------------------------------------------------------------
Name : babeld
Product : Fedora 31
Version : 1.9.2
Release : 1.fc31
URL : http://www.pps.univ-paris-diderot.fr/~jch/software/babel/
Summary : Ad-hoc network routing daemon
Description :
Babel is a loop-avoiding distance-vector routing protocol roughly
based on HSDV and AODV, but with provisions for link cost estimation
and redistribution of routes from other routing protocols.
--------------------------------------------------------------------------------
Update Information:
1.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Gwyn Ciesla <gwync(a)protonmail.com> - 1.9.2-1
- 1.9.2
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1826540 - babeld-1.9.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1826540
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-0c0b6d38ee' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
Fedora 31 Update: cldr-emoji-annotation-36.12.120200305_0-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-b63303726b
2020-04-30 03:42:10.988615
--------------------------------------------------------------------------------
Name : cldr-emoji-annotation
Product : Fedora 31
Version : 36.12.120200305_0
Release : 1.fc31
URL : https://github.com/fujiwarat/cldr-emoji-annotation
Summary : Emoji annotation files in CLDR
Description :
This package provides the emoji annotation file by language in CLDR.
--------------------------------------------------------------------------------
Update Information:
Update Emoji 12.1 CLDR-13431 36.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Takao Fujiwara <tfujiwar(a)gmail.com> - 36.12.120200305_0-1
- Integrated Emoji 12.1 CLDR 36.1
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 36.12.120191002_0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-b63303726b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
Fedora 31 Update: mozilla-privacy-badger-2020.2.19-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-1cbcc27f49
2020-04-30 03:42:10.988600
--------------------------------------------------------------------------------
Name : mozilla-privacy-badger
Product : Fedora 31
Version : 2020.2.19
Release : 1.fc31
URL : https://www.eff.org/privacybadger
Summary : Protects your privacy by blocking spying ads and invisible trackers
Description :
Privacy Badger is a browser add-on that stops advertisers and other third-party
trackers from secretly tracking where you go and what pages you look at on the
web. If an advertiser seems to be tracking you across multiple websites without
your permission, Privacy Badger automatically blocks that advertiser from
loading any more content in your browser. To the advertiser, it's like you
suddenly disappeared.
--------------------------------------------------------------------------------
Update Information:
* Added website breakage warnings, shown in the popup when you block a domain
known to break websites * Removed pixel cookie sharing detection pending
security fixes * Fixed various site breakages * Fixed bug that sometimes loses
pre-trained data for new users * Added helpful text to popup on disabled sites *
Fixed display issues in popup on smaller displays * Fixed Facebook link
unwrapping on messenger.com * Fixed some cookies getting incorrectly flagged as
high entropy * Fixed various site breakages * Improved translations (Catalan,
Simplified Chinese, Traditional Chinese, Danish, Dutch, German, French, Hebrew,
Italian, Korean, Russian, Spanish, Swedish, Ukrainian)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2020 Dominik 'Rathann' Mierzejewski <rpm(a)greysector.net> - 2020.2.19-1
- update to 2020.2.19 (#1788939)
- update bundled deps
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1788939 - mozilla-privacy-badger-2020.2.19 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1788939
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-1cbcc27f49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
[SECURITY] Fedora 31 Update: cups-2.2.12-8.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-67c84f3f49
2020-04-30 03:42:10.988586
--------------------------------------------------------------------------------
Name : cups
Product : Fedora 31
Version : 2.2.12
Release : 8.fc31
URL : http://www.cups.org/
Summary : CUPS printing system
Description :
CUPS printing system provides a portable printing layer for
UNIX�� operating systems. It has been developed by Apple Inc.
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2020-3898 ---- 1822154 - cups.service doesn't execute
automatically on request
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1:2.2.12-8
- 1826330 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
* Mon Apr 20 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1:2.2.12-7
- 1822154 - cups.service doesn't execute automatically on request
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823964 - CVE-2020-3898 cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c
https://bugzilla.redhat.com/show_bug.cgi?id=1823964
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-67c84f3f49' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
Fedora 31 Update: sagator-2.0.0-0.beta38.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-855850e509
2020-04-30 03:42:10.988571
--------------------------------------------------------------------------------
Name : sagator
Product : Fedora 31
Version : 2.0.0
Release : 0.beta38.fc31
URL : http://www.salstar.sk/sagator/
Summary : Antivirus/anti-spam gateway for smtp server
Description :
This program is an email antivirus/anti-spam gateway. It is an interface to
the postfix, sendmail, or any other smtpd, which runs antivirus and/or
spam checker. Its modular architecture can use any combination of
antivirus/spam checker according to configuration.
It has some internal checkers (string_scanner and regexp_scanner). Sagator
can parse MIME mails and decompress archives, if it is configured so.
Features:
* simple chroot support
* modular antivirus/spam checker support
o attach an intrascanner to another intrascanner or realscanner
o combine intrascanners
o combine realscanners
o virus/spam level based scanners
* database support
o SQL logging
o dynamic scanner (antivirus/anti-spam) configuration
* daily reports for users
* web quarantine accessible for all users
* you don't need any perl modules or any other modules, only python
* you can return any quarantined mail to mailq/user mailbox
* mailbox/maildir scanning and cleaning
* smtp policy service (greylist)
* nice statistics via WWW or MRTG
* easy installation and configuration
--------------------------------------------------------------------------------
Update Information:
Update to upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2020 Jan ONDREJ (SAL) <ondrejj(at)salstar.sk> - 2.0.0-0.beta38
- update to upstream
* Thu Apr 2 2020 Jan ONDREJ (SAL) <ondrejj(at)salstar.sk> - 2.0.0-0.beta37
- Fix string quoting for rpm >= 4.16, suse_version used
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-855850e509' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months
[SECURITY] Fedora 31 Update: pxz-4.999.9-19.beta.20200421git.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-07fcbfddbd
2020-04-30 03:42:10.988557
--------------------------------------------------------------------------------
Name : pxz
Product : Fedora 31
Version : 4.999.9
Release : 19.beta.20200421git.fc31
URL : https://jnovy.fedorapeople.org/pxz/
Summary : Parallel LZMA compressor using XZ
Description :
Parallel XZ is a compression utility that takes advantage of running
XZ compression simultaneously on different parts of an input file on
multiple cores and processors. This significantly speeds up compression time.
--------------------------------------------------------------------------------
Update Information:
- Update to GIT 20200421 - Added patch against race condition in setting
permissions on output file (#1182024) - Added patch to revert environment
redirect allowing `export XZ_OPT="-9"` or similar
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2020 Robert Scheck <robert(a)fedoraproject.org> 4.999.9-19.beta.20200421git
- Update to GIT 20200421
- Added patch against race condition in setting permissions on output file (#1182024)
- Added patch to revert environment redirect allowing 'export XZ_OPT="-9"' or similar
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.999.9-18.beta.20120930git
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1182024 - CVE-2015-1200 pxz: race condition in setting permissions on output file
https://bugzilla.redhat.com/show_bug.cgi?id=1182024
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-07fcbfddbd' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 12 months