[SECURITY] Fedora 36 Update: golang-x-tools-0.1.10-3.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-tools
Product : Fedora 36
Version : 0.1.10
Release : 3.fc36
URL : https://github.com/golang/tools
Summary : Various packages and tools that support the Go programming language
Description :
This package holds the source for various tools that support the Go programming
language.
Some of the tools, godoc and vet for example, are included in binary Go
distributions.
Others, including the Go guru and the test coverage tool, can be fetched with go
get.
Packages include a type-checker for Go and an implementation of the Static
Single Assignment form (SSA) representation for Go programs.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0.1.10-3
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
* Sat Jul 9 2022 Maxwell G <gotmax(a)e.email> 0.1.10-2
- Rebuild for CVE-2022-{24675,28327,29526 in golang}
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-perf-0-0.16.20210123gitbdcc622.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-perf
Product : Fedora 36
Version : 0
Release : 0.16.20210123gitbdcc622.fc36
URL : https://github.com/golang/perf
Summary : Performance measurement, storage, and analysis
Description :
This package holds the source for various tools related to performance
measurement, storage, and analysis.
- cmd/benchstat contains a command-line tool that computes and 7
compares statistics about benchmarks.
- cmd/benchsave contains a command-line tool for publishing benchmark
results.
- storage contains the https://perfdata.golang.org/ benchmark result
storage system.
- analysis contains the https://perf.golang.org/ benchmark result analysis
system.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.16
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-text-0.3.7-4.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-text
Product : Fedora 36
Version : 0.3.7
Release : 4.fc36
URL : https://github.com/golang/text
Summary : Go text processing support
Description :
Text is a repository of text-related packages related to internationalization
(i18n) and localization (l10n), such as character encodings, text
transformations, and locale-specific text handling.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0.3.7-4
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Thu Jun 30 2022 Stephen Smoogen <smooge(a)fedoraproject.org> - 0.3.7-3
- Add in a minimal bootstrap mode to try and break golang cycle with x packages
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-mobile-0-0.13.20220719git8578da9.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-mobile
Product : Fedora 36
Version : 0
Release : 0.13.20220719git8578da9.fc36
URL : https://github.com/golang/mobile
Summary : Go support for Mobile devices
Description :
The Go mobile repository holds packages and build tools for using Go on mobile
platforms.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.13
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
* Tue Jul 19 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 0-0.12.20220719git8578da9
- Bump to 8578da9835fd365e78a6e63048c103b27a53a82c. Fixes rhbz#2045669.
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0-0.11
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-0.10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-mod
Product : Fedora 36
Version : 0.6.0~dev
Release : 4.20220330git9b9b3d8.fc36
URL : https://github.com/golang/mod
Summary : Go module mechanics libraries
Description :
This packages holds packages for writing tools that work directly with Go module
mechanics. That is, it is for direct manipulation of Go modules themselves.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0.6.0~dev-4
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-exp-0-0.44.20220330git053ad81.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-exp
Product : Fedora 36
Version : 0
Release : 0.44.20220330git053ad81.fc36
URL : https://github.com/golang/exp
Summary : Experimental and deprecated Go packages
Description :
This subrepository holds experimental and deprecated packages.
The idea for this subrepository originated as the pkg/exp directory of the main
repository, but its presence there made it unavailable to users of the binary
downloads of the Go installation. The subrepository has therefore been created
to make it possible to go get these packages.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0-0.44
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-debug-0-0.15.20210123gitc934e1b.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-debug
Product : Fedora 36
Version : 0
Release : 0.15.20210123gitc934e1b.fc36
URL : https://github.com/golang/debug
Summary : Go debugging tools
Description :
This repository holds utilities and libraries for debugging Go programs.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.15
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-x-lint-0-17.20210123git83fdc39.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-x-lint
Product : Fedora 36
Version : 0
Release : 17.20210123git83fdc39.fc36
URL : https://github.com/golang/lint
Summary : Linter for Go source code
Description :
Golint is a linter for Go source code.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0-17
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-sourcegraph-appdash-0-0.10.20210113gitebfcffb.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-sourcegraph-appdash
Product : Fedora 36
Version : 0
Release : 0.10.20210113gitebfcffb.fc36
URL : https://github.com/sourcegraph/appdash
Summary : Application tracing system for Go, based on Google's Dapper
Description :
Appdash is an application tracing system for Go, based on Google's Dapper and
Twitter's Zipkin.
Appdash allows you to trace the end-to-end handling of requests and operations
in your application (for perf and debugging). It displays timings and
application-specific metadata for each step, and it displays a tree and timeline
for each request and its children.
To use appdash, you must instrument your application with calls to an appdash
recorder. You can record any type of event or operation. Recorders and schemas
for HTTP (client and server) and SQL are provided, and you can write your own.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> - 0-0.10
- Rebuild for CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in
golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months
[SECURITY] Fedora 36 Update: golang-storj-drpc-0.0.31-3.fc36
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-5038c3236c
2022-07-31 01:30:22.784813
--------------------------------------------------------------------------------
Name : golang-storj-drpc
Product : Fedora 36
Version : 0.0.31
Release : 3.fc36
URL : https://github.com/storj/drpc
Summary : Lightweight, drop-in replacement for gRPC
Description :
Lightweight, drop-in replacement for gRPC.
--------------------------------------------------------------------------------
Update Information:
Rebuild to mitigate
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang ---
See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more
information about the specific vulnerabilities. ---- Update to latest commit
as of 20220719 ---- Added Experimental: nebula clients can be configured
to act as relays for other nebula clients. Primarily useful when stubborn
NATs make a direct tunnel impossible. (#678) Configuration option to report
manually specified ip:ports to lighthouses. (#650) Windows arm64 build.
(#638) punchy and most lighthouse config options now support hot reloading.
(#649) Changed Build against go 1.18. (#656) Promoted routines config
from experimental to supported feature. (#702) Dependencies updated. (#664)
Fixed Packets destined for the same host that sent it will be returned on
MacOS. This matches the default behavior of other operating systems. (#501)
unsafe_route configuration will no longer crash on Windows. (#648) A few
panics that were introduced in 1.5.x. (#657, #658, #675) Security You can
set listen.send_recv_error to control the conditions in which recv_error
messages are sent. Sending these messages can expose the fact that Nebula is
running on a host, but it speeds up re-handshaking. (#670) Removed x509
config stanza support has been removed. (#685) ---- bump to v4.2.0-rc1 ----
fix package dir listing ---- resolve build issues and list new shell
completion files ---- Release of stargz snapshotter v0.12.0. Please see the
release note for details: https://github.com/containerd/stargz-
snapshotter/releases/tag/v0.12.0 ---- Fix extracting network metric
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 19 2022 Maxwell G <gotmax(a)e.email> 0.0.31-3
- Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-5038c3236c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
1 year, 9 months