September 2020 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 31 Update: lua-5.3.5-8.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-c83556709c 2020-09-03 16:25:10.755342 -------------------------------------------------------------------------------- Name : lua Product : Fedora 31 Version : 5.3.5 Release : 8.fc31 URL : http://www.lua.org/ Summary : Powerful light-weight programming language Description : Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and extensible semantics. Lua is dynamically typed, interpreted from bytecodes, and has automatic memory management with garbage collection, making it ideal for configuration, scripting, and rapid prototyping. -------------------------------------------------------------------------------- Update Information: Fix CVE-2020-24370 . -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 19 2020 Tom Callaway <spot(a)fedoraproject.org> - 5.3.5-8 - fix CVE-2020-24370 * Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.3.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1870290 - CVE-2020-24370 lua: segmentation fault in getlocal and setlocal functions in ldebug.c https://bugzilla.redhat.com/show_bug.cgi?id=1870290 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-c83556709c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

[SECURITY] Fedora 31 Update: curl-7.66.0-3.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-126a0dd319 2020-09-03 16:25:10.755327 -------------------------------------------------------------------------------- Name : curl Product : Fedora 31 Version : 7.66.0 Release : 3.fc31 URL : https://curl.haxx.se/ Summary : A utility for getting files from remote servers (FTP, HTTP, and others) Description : curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer resume, proxy tunneling and a busload of other useful tricks. -------------------------------------------------------------------------------- Update Information: - fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set (CVE-2020-8231) -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 19 2020 Kamil Dudka <kdudka(a)redhat.com> - 7.66.0-3 - libcurl: wrong connect-only connection (CVE-2020-8231) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1868032 - CVE-2020-8231 curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set https://bugzilla.redhat.com/show_bug.cgi?id=1868032 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-126a0dd319' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 31 Update: python-productmd-1.27-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-724817ea52 2020-09-03 16:25:10.755231 -------------------------------------------------------------------------------- Name : python-productmd Product : Fedora 31 Version : 1.27 Release : 1.fc31 URL : https://github.com/release-engineering/productmd Summary : Library providing parsers for metadata related to OS installation Description : Python library providing parsers for metadata related to composes and installation media. -------------------------------------------------------------------------------- Update Information: New upstream release fixing validation of treeinfo files for optional variants. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 19 2020 Lubom��r Sedl�� <lsedlar(a)redhat.com> - 1.27-1 - New upstream release 1.27 - Switch sources to tar.gz * Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.26-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sun May 24 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1.26-2 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-724817ea52' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 33 Update: kbd-2.3.0-2.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-81fea835a4 2020-09-02 19:48:37.720145 -------------------------------------------------------------------------------- Name : kbd Product : Fedora 33 Version : 2.3.0 Release : 2.fc33 URL : http://www.kbd-project.org/ Summary : Tools for configuring the console (keyboard, virtual terminals, etc.) Description : The kbd package contains tools for managing a Linux system's console's behavior, including the keyboard, the screen fonts, the virtual terminals and font files. -------------------------------------------------------------------------------- Update Information: This update backports a [change to the behaviour of `grep -L`](https://git.savan nah.gnu.org/cgit/grep.git/commit/?id=0435ebca64fbafcd62008c991dd9377d8a79...) that, more or less, returns it to the behaviour from grep 3.1. Changes in grep 3.2 and 3.3 introduced some consequences that people [found bizarre](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28105), and the change in 3.3 also [broke `zgrep -L`](https://www.mail-archive.com/zutils- bug(a)nongnu.org/msg00119.html). The `zgrep -L` bug actually caused a problem in kbd, which is why that package is also in this update. The kbd spec relies on a `zgrep -L` call to filter out console keyboard maps converted from xkb maps which cannot input ASCII. These are usually layouts for inputting non-Latin alphabets which, in graphical environments, the user expects to switch with a Latin-capable layout; there is no corresponding ability to easily switch between console layouts, so there are usually 'internally switchable' layouts for the languages that use those alphabets, which use modifier keys to allow inputting of both the Latin alphabet and the 'native' alphabet within a single console layout. We do not want to 'override' these carefully built 'legacy' console layouts with converted xkb layouts that cannot input Latin characters at all, so we intend to strip those from the shipped package. However, because `kbd-2.3.0-1.fc33` was built with the broken `zgrep -L` behaviour, the `zgrep -L` call which is supposed to strip non-Latin-capable layouts instead left those in but stripped out a bunch of other layouts, so the set of console layouts shipped in `kbd-misc-2.3.0-1.fc33` was very badly wrong. The `kbd- misc-2.3.0-2.fc33` build in this update corrects this and includes the correct set of layouts. The bug meant that many languages which should use an 'internally switchable' console layout, including Russian, instead got a broken xkb-converted layout which could not input Latin characters. This could render encrypted or console-only installs difficult or impossible to use at all. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2020 Adam Williamson <awilliam(a)redhat.com> - 2.3.0-2 - Rebuild with grep #1872913 fix to correctly drop non-ASCII layouts Resolves: #1872922 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1863830 - grep: FTBFS in Fedora rawhide/f33 https://bugzilla.redhat.com/show_bug.cgi?id=1863830 [ 2 ] Bug #1872913 - zgrep -l / zgrep -L behaviour broken in Fedora 33+ https://bugzilla.redhat.com/show_bug.cgi?id=1872913 [ 3 ] Bug #1872922 - xkb-converted console layouts that cannot input ASCII not stripped due to grep / zgrep -L bug ; causes several languages to have broken console layouts https://bugzilla.redhat.com/show_bug.cgi?id=1872922 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-81fea835a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 33 Update: grep-3.4-5.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-81fea835a4 2020-09-02 19:48:37.720145 -------------------------------------------------------------------------------- Name : grep Product : Fedora 33 Version : 3.4 Release : 5.fc33 URL : http://www.gnu.org/software/grep/ Summary : Pattern matching utilities Description : The GNU versions of commonly used grep utilities. Grep searches through textual input for lines which contain a match to a specified pattern and then prints the matching lines. GNU's grep utilities include grep, egrep and fgrep. GNU grep is needed by many scripts, so it shall be installed on every system. -------------------------------------------------------------------------------- Update Information: This update backports a [change to the behaviour of `grep -L`](https://git.savan nah.gnu.org/cgit/grep.git/commit/?id=0435ebca64fbafcd62008c991dd9377d8a79...) that, more or less, returns it to the behaviour from grep 3.1. Changes in grep 3.2 and 3.3 introduced some consequences that people [found bizarre](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28105), and the change in 3.3 also [broke `zgrep -L`](https://www.mail-archive.com/zutils- bug(a)nongnu.org/msg00119.html). The `zgrep -L` bug actually caused a problem in kbd, which is why that package is also in this update. The kbd spec relies on a `zgrep -L` call to filter out console keyboard maps converted from xkb maps which cannot input ASCII. These are usually layouts for inputting non-Latin alphabets which, in graphical environments, the user expects to switch with a Latin-capable layout; there is no corresponding ability to easily switch between console layouts, so there are usually 'internally switchable' layouts for the languages that use those alphabets, which use modifier keys to allow inputting of both the Latin alphabet and the 'native' alphabet within a single console layout. We do not want to 'override' these carefully built 'legacy' console layouts with converted xkb layouts that cannot input Latin characters at all, so we intend to strip those from the shipped package. However, because `kbd-2.3.0-1.fc33` was built with the broken `zgrep -L` behaviour, the `zgrep -L` call which is supposed to strip non-Latin-capable layouts instead left those in but stripped out a bunch of other layouts, so the set of console layouts shipped in `kbd-misc-2.3.0-1.fc33` was very badly wrong. The `kbd- misc-2.3.0-2.fc33` build in this update corrects this and includes the correct set of layouts. The bug meant that many languages which should use an 'internally switchable' console layout, including Russian, instead got a broken xkb-converted layout which could not input Latin characters. This could render encrypted or console-only installs difficult or impossible to use at all. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 26 2020 Adam Williamson <awilliam(a)redhat.com> - 3.4-5 - Backport fix for upstream #28105 to fix zgrep Resolves: rhbz#1872913 - Remove some non-portable tests that fail on armv7hl (Paul Eggert) Resolves: rhbz#1863830 * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 13 2020 Tom Stellard <tstellar(a)redhat.com> - 3.4-2 - Use make macros - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro -------------------------------------------------------------------------------- References: [ 1 ] Bug #1863830 - grep: FTBFS in Fedora rawhide/f33 https://bugzilla.redhat.com/show_bug.cgi?id=1863830 [ 2 ] Bug #1872913 - zgrep -l / zgrep -L behaviour broken in Fedora 33+ https://bugzilla.redhat.com/show_bug.cgi?id=1872913 [ 3 ] Bug #1872922 - xkb-converted console layouts that cannot input ASCII not stripped due to grep / zgrep -L bug ; causes several languages to have broken console layouts https://bugzilla.redhat.com/show_bug.cgi?id=1872922 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-81fea835a4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 33 Update: gjs-1.65.91-3.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-2de3731beb 2020-09-02 15:41:58.309936 -------------------------------------------------------------------------------- Name : gjs Product : Fedora 33 Version : 1.65.91 Release : 3.fc33 URL : https://wiki.gnome.org/Projects/Gjs Summary : Javascript Bindings for GNOME Description : Gjs allows using GNOME libraries from Javascript. It's based on the Spidermonkey Javascript engine from Mozilla and the GObject introspection framework. -------------------------------------------------------------------------------- Update Information: This update backports the [proposed fix](https://gitlab.gnome.org/GNOME/gjs/-/merge_requests/483) for a bug which causes a warning/error "g_variant_unref: assertion 'value != NULL' failed" to appear frequently in the system logs when running GNOME. There are no other changes. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 28 2020 Adam Williamson <awilliam(a)redhat.com> - 1.65.91-3 - Backport MR #483 to fix frequent g_variant_unref errors in journal -------------------------------------------------------------------------------- References: [ 1 ] Bug #1873644 - Frequent "g_variant_unref: assertion 'value != NULL' failed" journal messages https://bugzilla.redhat.com/show_bug.cgi?id=1873644 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-2de3731beb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

[SECURITY] Fedora 33 Update: selinux-policy-3.14.6-25.fc33

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-8f3381648b 2020-09-02 15:41:58.309847 -------------------------------------------------------------------------------- Name : selinux-policy Product : Fedora 33 Version : 3.14.6 Release : 25.fc33 URL : https://github.com/fedora-selinux/selinux-policy Summary : SELinux policy configuration Description : SELinux Base package for SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 -------------------------------------------------------------------------------- Update Information: New F33 selinux-policy build. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 27 2020 Zdenek Pytela <zpytela(a)redhat.com> - 3.14.6-25 - Allow certmonger fowner capability - The nfsdcld service is now confined by SELinux - Change transitions for ~/.config/Yubico - Allow all users to connect to systemd-userdbd with a unix socket - Add file context for ~/.config/Yubico - Allow syslogd_t domain to read/write tmpfs systemd-bootchart files - Allow login_pgm attribute to get attributes in proc_t - Allow passwd to get attributes in proc_t - Revert "Allow passwd to get attributes in proc_t" - Revert "Allow login_pgm attribute to get attributes in proc_t" - Allow login_pgm attribute to get attributes in proc_t - Allow passwd to get attributes in proc_t - Allow traceroute_t and ping_t to bind generic nodes. - Create macro corenet_icmp_bind_generic_node() - Allow unconfined_t to node_bind icmp_sockets in node_t domain -------------------------------------------------------------------------------- References: [ 1 ] Bug #1848929 - ping causes AVC https://bugzilla.redhat.com/show_bug.cgi?id=1848929 [ 2 ] Bug #1853730 - Multiple "denied { getattr } for pid=856 comm="login" name="/" dev="proc"" AVCs with Fedora-Rawhide-20200703.n.0 https://bugzilla.redhat.com/show_bug.cgi?id=1853730 [ 3 ] Bug #1865748 - SELinux prevents systemd-nspawn from launching a machine https://bugzilla.redhat.com/show_bug.cgi?id=1865748 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-8f3381648b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 31 Update: p11-kit-0.23.21-2.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-47791b7bd3 2020-09-02 14:55:21.480631 -------------------------------------------------------------------------------- Name : p11-kit Product : Fedora 31 Version : 0.23.21 Release : 2.fc31 URL : http://p11-glue.freedesktop.org/p11-kit.html Summary : Library for loading and sharing PKCS#11 modules Description : p11-kit provides a way to load and enumerate PKCS#11 modules, as well as a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable. -------------------------------------------------------------------------------- Update Information: New upstream release: 0.23.21 -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 18 2020 Packit Service <user-cont-team+packit-service(a)redhat.com> - 0.23.21-2 - new upstream release: 0.23.21 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-47791b7bd3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 31 Update: langtable-0.0.52-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-f70218f526 2020-09-02 14:55:21.480621 -------------------------------------------------------------------------------- Name : langtable Product : Fedora 31 Version : 0.0.52 Release : 1.fc31 URL : https://github.com/mike-fabian/langtable Summary : Guessing reasonable defaults for locale, keyboard layout, territory, and language. Description : langtable is used to guess reasonable defaults for locale, keyboard layout, territory, and language, if part of that information is already known. For example, guess the territory and the keyboard layout if the language is known or guess the language and keyboard layout if the territory is already known. -------------------------------------------------------------------------------- Update Information: Update to 0.0.52; add list_common_keyboards() to public api by Sundeep ANAND <suanand(a)redhat.com> -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 18 2020 Mike FABIAN <mfabian(a)redhat.com> - 0.0.52-1 - Update to 0.0.52 - add list_common_keyboards() to public api by Sundeep ANAND <suanand(a)redhat.com> -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-f70218f526' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

Fedora 31 Update: perl-Getopt-Long-2.52-1.fc31

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2020-6af045f96b 2020-09-02 14:55:21.480608 -------------------------------------------------------------------------------- Name : perl-Getopt-Long Product : Fedora 31 Version : 2.52 Release : 1.fc31 URL : https://metacpan.org/release/Getopt-Long Summary : Extended processing of command line options Description : The Getopt::Long module implements an extended getopt function called GetOptions(). It parses the command line from @ARGV, recognizing and removing specified options and their possible values. It adheres to the POSIX syntax for command line options, with GNU extensions. In general, this means that options have long names instead of single letters, and are introduced with a double dash "--". Support for bundling of command line options, as was the case with the more traditional single-letter approach, is provided but not enabled by default. -------------------------------------------------------------------------------- Update Information: This release fixes reporting an invalid ":s%" options specifier and a documentation. It also adds a mew "given" method to a callback object to return the name of the option passed by a user. It also improves the tests. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 18 2020 Petr Pisar <ppisar(a)redhat.com> - 1:2.52-1 - 2.52 bump * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.51-457 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jun 22 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:2.51-456 - Increase release to favour standalone package * Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.51-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1869726 - perl-Getopt-Long-2.52 is available https://bugzilla.redhat.com/show_bug.cgi?id=1869726 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-6af045f96b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

3 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce September 2020