July 2022 - package-announce - Fedora Mailing-Lists

[SECURITY] Fedora 36 Update: golang-x-tools-0.1.10-3.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-tools Product : Fedora 36 Version : 0.1.10 Release : 3.fc36 URL : https://github.com/golang/tools Summary : Various packages and tools that support the Go programming language Description : This package holds the source for various tools that support the Go programming language. Some of the tools, godoc and vet for example, are included in binary Go distributions. Others, including the Go guru and the test coverage tool, can be fetched with go get. Packages include a type-checker for Go and an implementation of the Static Single Assignment form (SSA) representation for Go programs. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0.1.10-3 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Sat Jul 9 2022 Maxwell G <gotmax(a)e.email> 0.1.10-2 - Rebuild for CVE-2022-{24675,28327,29526 in golang} -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-perf-0-0.16.20210123gitbdcc622.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-perf Product : Fedora 36 Version : 0 Release : 0.16.20210123gitbdcc622.fc36 URL : https://github.com/golang/perf Summary : Performance measurement, storage, and analysis Description : This package holds the source for various tools related to performance measurement, storage, and analysis. - cmd/benchstat contains a command-line tool that computes and 7 compares statistics about benchmarks. - cmd/benchsave contains a command-line tool for publishing benchmark results. - storage contains the https://perfdata.golang.org/ benchmark result storage system. - analysis contains the https://perf.golang.org/ benchmark result analysis system. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.16 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-text-0.3.7-4.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-text Product : Fedora 36 Version : 0.3.7 Release : 4.fc36 URL : https://github.com/golang/text Summary : Go text processing support Description : Text is a repository of text-related packages related to internationalization (i18n) and localization (l10n), such as character encodings, text transformations, and locale-specific text handling. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.3.7-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Thu Jun 30 2022 Stephen Smoogen <smooge(a)fedoraproject.org> - 0.3.7-3 - Add in a minimal bootstrap mode to try and break golang cycle with x packages -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-mobile-0-0.13.20220719git8578da9.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-mobile Product : Fedora 36 Version : 0 Release : 0.13.20220719git8578da9.fc36 URL : https://github.com/golang/mobile Summary : Go support for Mobile devices Description : The Go mobile repository holds packages and build tools for using Go on mobile platforms. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.13 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang * Tue Jul 19 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0-0.12.20220719git8578da9 - Bump to 8578da9835fd365e78a6e63048c103b27a53a82c. Fixes rhbz#2045669. * Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0-0.11 - Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 * Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-0.10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-mod Product : Fedora 36 Version : 0.6.0~dev Release : 4.20220330git9b9b3d8.fc36 URL : https://github.com/golang/mod Summary : Go module mechanics libraries Description : This packages holds packages for writing tools that work directly with Go module mechanics. That is, it is for direct manipulation of Go modules themselves. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0.6.0~dev-4 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-exp-0-0.44.20220330git053ad81.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-exp Product : Fedora 36 Version : 0 Release : 0.44.20220330git053ad81.fc36 URL : https://github.com/golang/exp Summary : Experimental and deprecated Go packages Description : This subrepository holds experimental and deprecated packages. The idea for this subrepository originated as the pkg/exp directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get these packages. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0-0.44 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-debug-0-0.15.20210123gitc934e1b.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-debug Product : Fedora 36 Version : 0 Release : 0.15.20210123gitc934e1b.fc36 URL : https://github.com/golang/debug Summary : Go debugging tools Description : This repository holds utilities and libraries for debugging Go programs. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.15 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-x-lint-0-17.20210123git83fdc39.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-x-lint Product : Fedora 36 Version : 0 Release : 17.20210123git83fdc39.fc36 URL : https://github.com/golang/lint Summary : Linter for Go source code Description : Golint is a linter for Go source code. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0-17 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-sourcegraph-appdash-0-0.10.20210113gitebfcffb.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-sourcegraph-appdash Product : Fedora 36 Version : 0 Release : 0.10.20210113gitebfcffb.fc36 URL : https://github.com/sourcegraph/appdash Summary : Application tracing system for Go, based on Google's Dapper Description : Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin. Appdash allows you to trace the end-to-end handling of requests and operations in your application (for perf and debugging). It displays timings and application-specific metadata for each step, and it displays a tree and timeline for each request and its children. To use appdash, you must instrument your application with calls to an appdash recorder. You can record any type of event or operation. Recorders and schemas for HTTP (client and server) and SQL are provided, and you can write your own. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.10 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

[SECURITY] Fedora 36 Update: golang-storj-drpc-0.0.31-3.fc36

by updates＠fedoraproject.org

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-5038c3236c 2022-07-31 01:30:22.784813 -------------------------------------------------------------------------------- Name : golang-storj-drpc Product : Fedora 36 Version : 0.0.31 Release : 3.fc36 URL : https://github.com/storj/drpc Summary : Lightweight, drop-in replacement for gRPC Description : Lightweight, drop-in replacement for gRPC. -------------------------------------------------------------------------------- Update Information: Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang --- See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities. ---- Update to latest commit as of 20220719 ---- Added Experimental: nebula clients can be configured to act as relays for other nebula clients. Primarily useful when stubborn NATs make a direct tunnel impossible. (#678) Configuration option to report manually specified ip:ports to lighthouses. (#650) Windows arm64 build. (#638) punchy and most lighthouse config options now support hot reloading. (#649) Changed Build against go 1.18. (#656) Promoted routines config from experimental to supported feature. (#702) Dependencies updated. (#664) Fixed Packets destined for the same host that sent it will be returned on MacOS. This matches the default behavior of other operating systems. (#501) unsafe_route configuration will no longer crash on Windows. (#648) A few panics that were introduced in 1.5.x. (#657, #658, #675) Security You can set listen.send_recv_error to control the conditions in which recv_error messages are sent. Sending these messages can expose the fact that Nebula is running on a host, but it speeds up re-handshaking. (#670) Removed x509 config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ---- fix package dir listing ---- resolve build issues and list new shell completion files ---- Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz- snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric -------------------------------------------------------------------------------- ChangeLog: * Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0.0.31-3 - Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

1 year, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce July 2022