[SECURITY] Fedora 31 Update: lua-5.3.5-8.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-c83556709c
2020-09-03 16:25:10.755342
--------------------------------------------------------------------------------
Name : lua
Product : Fedora 31
Version : 5.3.5
Release : 8.fc31
URL : http://www.lua.org/
Summary : Powerful light-weight programming language
Description :
Lua is a powerful light-weight programming language designed for
extending applications. Lua is also frequently used as a
general-purpose, stand-alone language. Lua is free software.
Lua combines simple procedural syntax with powerful data description
constructs based on associative arrays and extensible semantics. Lua
is dynamically typed, interpreted from bytecodes, and has automatic
memory management with garbage collection, making it ideal for
configuration, scripting, and rapid prototyping.
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2020-24370 .
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 19 2020 Tom Callaway <spot(a)fedoraproject.org> - 5.3.5-8
- fix CVE-2020-24370
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.3.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1870290 - CVE-2020-24370 lua: segmentation fault in getlocal and setlocal functions in ldebug.c
https://bugzilla.redhat.com/show_bug.cgi?id=1870290
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-c83556709c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
[SECURITY] Fedora 31 Update: curl-7.66.0-3.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-126a0dd319
2020-09-03 16:25:10.755327
--------------------------------------------------------------------------------
Name : curl
Product : Fedora 31
Version : 7.66.0
Release : 3.fc31
URL : https://curl.haxx.se/
Summary : A utility for getting files from remote servers (FTP, HTTP, and others)
Description :
curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.
--------------------------------------------------------------------------------
Update Information:
- fix expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY`
option set (CVE-2020-8231)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 19 2020 Kamil Dudka <kdudka(a)redhat.com> - 7.66.0-3
- libcurl: wrong connect-only connection (CVE-2020-8231)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1868032 - CVE-2020-8231 curl: Expired pointer dereference via multi API with `CURLOPT_CONNECT_ONLY` option set
https://bugzilla.redhat.com/show_bug.cgi?id=1868032
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-126a0dd319' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 31 Update: python-productmd-1.27-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-724817ea52
2020-09-03 16:25:10.755231
--------------------------------------------------------------------------------
Name : python-productmd
Product : Fedora 31
Version : 1.27
Release : 1.fc31
URL : https://github.com/release-engineering/productmd
Summary : Library providing parsers for metadata related to OS installation
Description :
Python library providing parsers for metadata related to composes
and installation media.
--------------------------------------------------------------------------------
Update Information:
New upstream release fixing validation of treeinfo files for optional variants.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 19 2020 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.27-1
- New upstream release 1.27
- Switch sources to tar.gz
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.26-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sun May 24 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1.26-2
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-724817ea52' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 33 Update: kbd-2.3.0-2.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-81fea835a4
2020-09-02 19:48:37.720145
--------------------------------------------------------------------------------
Name : kbd
Product : Fedora 33
Version : 2.3.0
Release : 2.fc33
URL : http://www.kbd-project.org/
Summary : Tools for configuring the console (keyboard, virtual terminals, etc.)
Description :
The kbd package contains tools for managing a Linux
system's console's behavior, including the keyboard, the screen
fonts, the virtual terminals and font files.
--------------------------------------------------------------------------------
Update Information:
This update backports a [change to the behaviour of `grep -L`](https://git.savan
nah.gnu.org/cgit/grep.git/commit/?id=0435ebca64fbafcd62008c991dd9377d8a79...)
that, more or less, returns it to the behaviour from grep 3.1. Changes in grep
3.2 and 3.3 introduced some consequences that people [found
bizarre](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28105), and the change in
3.3 also [broke `zgrep -L`](https://www.mail-archive.com/zutils-
bug(a)nongnu.org/msg00119.html). The `zgrep -L` bug actually caused a problem in
kbd, which is why that package is also in this update. The kbd spec relies on a
`zgrep -L` call to filter out console keyboard maps converted from xkb maps
which cannot input ASCII. These are usually layouts for inputting non-Latin
alphabets which, in graphical environments, the user expects to switch with a
Latin-capable layout; there is no corresponding ability to easily switch between
console layouts, so there are usually 'internally switchable' layouts for the
languages that use those alphabets, which use modifier keys to allow inputting
of both the Latin alphabet and the 'native' alphabet within a single console
layout. We do not want to 'override' these carefully built 'legacy' console
layouts with converted xkb layouts that cannot input Latin characters at all, so
we intend to strip those from the shipped package. However, because
`kbd-2.3.0-1.fc33` was built with the broken `zgrep -L` behaviour, the `zgrep
-L` call which is supposed to strip non-Latin-capable layouts instead left those
in but stripped out a bunch of other layouts, so the set of console layouts
shipped in `kbd-misc-2.3.0-1.fc33` was very badly wrong. The `kbd-
misc-2.3.0-2.fc33` build in this update corrects this and includes the correct
set of layouts. The bug meant that many languages which should use an
'internally switchable' console layout, including Russian, instead got a broken
xkb-converted layout which could not input Latin characters. This could render
encrypted or console-only installs difficult or impossible to use at all.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 28 2020 Adam Williamson <awilliam(a)redhat.com> - 2.3.0-2
- Rebuild with grep #1872913 fix to correctly drop non-ASCII layouts
Resolves: #1872922
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1863830 - grep: FTBFS in Fedora rawhide/f33
https://bugzilla.redhat.com/show_bug.cgi?id=1863830
[ 2 ] Bug #1872913 - zgrep -l / zgrep -L behaviour broken in Fedora 33+
https://bugzilla.redhat.com/show_bug.cgi?id=1872913
[ 3 ] Bug #1872922 - xkb-converted console layouts that cannot input ASCII not stripped due to grep / zgrep -L bug ; causes several languages to have broken console layouts
https://bugzilla.redhat.com/show_bug.cgi?id=1872922
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-81fea835a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 33 Update: grep-3.4-5.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-81fea835a4
2020-09-02 19:48:37.720145
--------------------------------------------------------------------------------
Name : grep
Product : Fedora 33
Version : 3.4
Release : 5.fc33
URL : http://www.gnu.org/software/grep/
Summary : Pattern matching utilities
Description :
The GNU versions of commonly used grep utilities. Grep searches through
textual input for lines which contain a match to a specified pattern and then
prints the matching lines. GNU's grep utilities include grep, egrep and fgrep.
GNU grep is needed by many scripts, so it shall be installed on every system.
--------------------------------------------------------------------------------
Update Information:
This update backports a [change to the behaviour of `grep -L`](https://git.savan
nah.gnu.org/cgit/grep.git/commit/?id=0435ebca64fbafcd62008c991dd9377d8a79...)
that, more or less, returns it to the behaviour from grep 3.1. Changes in grep
3.2 and 3.3 introduced some consequences that people [found
bizarre](https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28105), and the change in
3.3 also [broke `zgrep -L`](https://www.mail-archive.com/zutils-
bug(a)nongnu.org/msg00119.html). The `zgrep -L` bug actually caused a problem in
kbd, which is why that package is also in this update. The kbd spec relies on a
`zgrep -L` call to filter out console keyboard maps converted from xkb maps
which cannot input ASCII. These are usually layouts for inputting non-Latin
alphabets which, in graphical environments, the user expects to switch with a
Latin-capable layout; there is no corresponding ability to easily switch between
console layouts, so there are usually 'internally switchable' layouts for the
languages that use those alphabets, which use modifier keys to allow inputting
of both the Latin alphabet and the 'native' alphabet within a single console
layout. We do not want to 'override' these carefully built 'legacy' console
layouts with converted xkb layouts that cannot input Latin characters at all, so
we intend to strip those from the shipped package. However, because
`kbd-2.3.0-1.fc33` was built with the broken `zgrep -L` behaviour, the `zgrep
-L` call which is supposed to strip non-Latin-capable layouts instead left those
in but stripped out a bunch of other layouts, so the set of console layouts
shipped in `kbd-misc-2.3.0-1.fc33` was very badly wrong. The `kbd-
misc-2.3.0-2.fc33` build in this update corrects this and includes the correct
set of layouts. The bug meant that many languages which should use an
'internally switchable' console layout, including Russian, instead got a broken
xkb-converted layout which could not input Latin characters. This could render
encrypted or console-only installs difficult or impossible to use at all.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 26 2020 Adam Williamson <awilliam(a)redhat.com> - 3.4-5
- Backport fix for upstream #28105 to fix zgrep
Resolves: rhbz#1872913
- Remove some non-portable tests that fail on armv7hl (Paul Eggert)
Resolves: rhbz#1863830
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4-4
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Tom Stellard <tstellar(a)redhat.com> - 3.4-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1863830 - grep: FTBFS in Fedora rawhide/f33
https://bugzilla.redhat.com/show_bug.cgi?id=1863830
[ 2 ] Bug #1872913 - zgrep -l / zgrep -L behaviour broken in Fedora 33+
https://bugzilla.redhat.com/show_bug.cgi?id=1872913
[ 3 ] Bug #1872922 - xkb-converted console layouts that cannot input ASCII not stripped due to grep / zgrep -L bug ; causes several languages to have broken console layouts
https://bugzilla.redhat.com/show_bug.cgi?id=1872922
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-81fea835a4' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 33 Update: gjs-1.65.91-3.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-2de3731beb
2020-09-02 15:41:58.309936
--------------------------------------------------------------------------------
Name : gjs
Product : Fedora 33
Version : 1.65.91
Release : 3.fc33
URL : https://wiki.gnome.org/Projects/Gjs
Summary : Javascript Bindings for GNOME
Description :
Gjs allows using GNOME libraries from Javascript. It's based on the
Spidermonkey Javascript engine from Mozilla and the GObject introspection
framework.
--------------------------------------------------------------------------------
Update Information:
This update backports the [proposed
fix](https://gitlab.gnome.org/GNOME/gjs/-/merge_requests/483) for a bug which
causes a warning/error "g_variant_unref: assertion 'value != NULL' failed" to
appear frequently in the system logs when running GNOME. There are no other
changes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 28 2020 Adam Williamson <awilliam(a)redhat.com> - 1.65.91-3
- Backport MR #483 to fix frequent g_variant_unref errors in journal
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1873644 - Frequent "g_variant_unref: assertion 'value != NULL' failed" journal messages
https://bugzilla.redhat.com/show_bug.cgi?id=1873644
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-2de3731beb' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
[SECURITY] Fedora 33 Update: selinux-policy-3.14.6-25.fc33
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-8f3381648b
2020-09-02 15:41:58.309847
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 33
Version : 3.14.6
Release : 25.fc33
URL : https://github.com/fedora-selinux/selinux-policy
Summary : SELinux policy configuration
Description :
SELinux Base package for SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
New F33 selinux-policy build.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 27 2020 Zdenek Pytela <zpytela(a)redhat.com> - 3.14.6-25
- Allow certmonger fowner capability
- The nfsdcld service is now confined by SELinux
- Change transitions for ~/.config/Yubico
- Allow all users to connect to systemd-userdbd with a unix socket
- Add file context for ~/.config/Yubico
- Allow syslogd_t domain to read/write tmpfs systemd-bootchart files
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Revert "Allow passwd to get attributes in proc_t"
- Revert "Allow login_pgm attribute to get attributes in proc_t"
- Allow login_pgm attribute to get attributes in proc_t
- Allow passwd to get attributes in proc_t
- Allow traceroute_t and ping_t to bind generic nodes.
- Create macro corenet_icmp_bind_generic_node()
- Allow unconfined_t to node_bind icmp_sockets in node_t domain
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1848929 - ping causes AVC
https://bugzilla.redhat.com/show_bug.cgi?id=1848929
[ 2 ] Bug #1853730 - Multiple "denied { getattr } for pid=856 comm="login" name="/" dev="proc"" AVCs with Fedora-Rawhide-20200703.n.0
https://bugzilla.redhat.com/show_bug.cgi?id=1853730
[ 3 ] Bug #1865748 - SELinux prevents systemd-nspawn from launching a machine
https://bugzilla.redhat.com/show_bug.cgi?id=1865748
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-8f3381648b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 31 Update: p11-kit-0.23.21-2.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-47791b7bd3
2020-09-02 14:55:21.480631
--------------------------------------------------------------------------------
Name : p11-kit
Product : Fedora 31
Version : 0.23.21
Release : 2.fc31
URL : http://p11-glue.freedesktop.org/p11-kit.html
Summary : Library for loading and sharing PKCS#11 modules
Description :
p11-kit provides a way to load and enumerate PKCS#11 modules, as well
as a standard configuration setup for installing PKCS#11 modules in
such a way that they're discoverable.
--------------------------------------------------------------------------------
Update Information:
New upstream release: 0.23.21
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 18 2020 Packit Service <user-cont-team+packit-service(a)redhat.com> - 0.23.21-2
- new upstream release: 0.23.21
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-47791b7bd3' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 31 Update: langtable-0.0.52-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-f70218f526
2020-09-02 14:55:21.480621
--------------------------------------------------------------------------------
Name : langtable
Product : Fedora 31
Version : 0.0.52
Release : 1.fc31
URL : https://github.com/mike-fabian/langtable
Summary : Guessing reasonable defaults for locale, keyboard layout, territory, and language.
Description :
langtable is used to guess reasonable defaults for locale, keyboard layout,
territory, and language, if part of that information is already known. For
example, guess the territory and the keyboard layout if the language
is known or guess the language and keyboard layout if the territory is
already known.
--------------------------------------------------------------------------------
Update Information:
Update to 0.0.52; add list_common_keyboards() to public api by Sundeep ANAND
<suanand(a)redhat.com>
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 18 2020 Mike FABIAN <mfabian(a)redhat.com> - 0.0.52-1
- Update to 0.0.52
- add list_common_keyboards() to public api by Sundeep ANAND <suanand(a)redhat.com>
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-f70218f526' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months
Fedora 31 Update: perl-Getopt-Long-2.52-1.fc31
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-6af045f96b
2020-09-02 14:55:21.480608
--------------------------------------------------------------------------------
Name : perl-Getopt-Long
Product : Fedora 31
Version : 2.52
Release : 1.fc31
URL : https://metacpan.org/release/Getopt-Long
Summary : Extended processing of command line options
Description :
The Getopt::Long module implements an extended getopt function called
GetOptions(). It parses the command line from @ARGV, recognizing and removing
specified options and their possible values. It adheres to the POSIX syntax
for command line options, with GNU extensions. In general, this means that
options have long names instead of single letters, and are introduced with
a double dash "--". Support for bundling of command line options, as was the
case with the more traditional single-letter approach, is provided but not
enabled by default.
--------------------------------------------------------------------------------
Update Information:
This release fixes reporting an invalid ":s%" options specifier and a
documentation. It also adds a mew "given" method to a callback object to return
the name of the option passed by a user. It also improves the tests.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 18 2020 Petr Pisar <ppisar(a)redhat.com> - 1:2.52-1
- 2.52 bump
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.51-457
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:2.51-456
- Increase release to favour standalone package
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:2.51-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1869726 - perl-Getopt-Long-2.52 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1869726
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-6af045f96b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
3 years, 8 months