bojan pushed to rpms/xrdp (f38). "Update to 0.9.23. CVE-2023-40184."
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:21:27 UTC
From 3f2b82ce95c1b5b2cf8f1ad1eab777f280977dfb Mon Sep 17 00:00:00 2001
From: Bojan Smojver <bojan(a)rexursive.com>
Date: Aug 31 2023 17:47:14 +0000
Subject: Update to 0.9.23. CVE-2023-40184.
---
diff --git a/.gitignore b/.gitignore
index e89526c..4fff72a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@ xrdp-cvs-03-17-2010.tar.gz
/xrdp-0.9.21.tar.gz
/xrdp-0.9.22.tar.gz
/xrdp-0.9.22.1.tar.gz
+/xrdp-0.9.23.tar.gz
diff --git a/sources b/sources
index 8d4382d..508bb5a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (xrdp-0.9.22.1.tar.gz) = a96f261bf9e3ecadbc305d265fb3384f4378627c1e518febd7a12e830218d73ff107615bfb591901f0b9c241203c14c9392dbd2dde053f687685af8961891d5f
+SHA512 (xrdp-0.9.23.tar.gz) = 95d20e9f8aedb9d5d77d5103f58190232e2d510f8d77a4dae5d764ac61b18a5a2d1a2ec0c857da38940c9c10e930204b87e2e39dfc7b512d05124a613a5b79bd
diff --git a/xrdp.spec b/xrdp.spec
index 1442b86..611cdf4 100644
--- a/xrdp.spec
+++ b/xrdp.spec
@@ -16,8 +16,8 @@
Summary: Open source remote desktop protocol (RDP) server
Name: xrdp
Epoch: 1
-Version: 0.9.22.1
-Release: 4%{?dist}
+Version: 0.9.23
+Release: 1%{?dist}
License: ASL 2.0 and GPLv2+ and MIT
URL: http://www.xrdp.org/
Source0: https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xrdp-%...
@@ -298,6 +298,10 @@ fi
%{_datadir}/selinux/*/%{name}.pp
%changelog
+* Fri Sep 1 2023 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.23-1
+- Update to 0.9.23
+- CVE-2023-40184
+
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:0.9.22.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
https://src.fedoraproject.org/rpms/xrdp/c/3f2b82ce95c1b5b2cf8f1ad1eab777f...
9Â months
bojan pushed to rpms/xrdp (f39). "Update to 0.9.23. CVE-2023-40184."
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:21:17 UTC
From 3f2b82ce95c1b5b2cf8f1ad1eab777f280977dfb Mon Sep 17 00:00:00 2001
From: Bojan Smojver <bojan(a)rexursive.com>
Date: Aug 31 2023 17:47:14 +0000
Subject: Update to 0.9.23. CVE-2023-40184.
---
diff --git a/.gitignore b/.gitignore
index e89526c..4fff72a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,3 +27,4 @@ xrdp-cvs-03-17-2010.tar.gz
/xrdp-0.9.21.tar.gz
/xrdp-0.9.22.tar.gz
/xrdp-0.9.22.1.tar.gz
+/xrdp-0.9.23.tar.gz
diff --git a/sources b/sources
index 8d4382d..508bb5a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (xrdp-0.9.22.1.tar.gz) = a96f261bf9e3ecadbc305d265fb3384f4378627c1e518febd7a12e830218d73ff107615bfb591901f0b9c241203c14c9392dbd2dde053f687685af8961891d5f
+SHA512 (xrdp-0.9.23.tar.gz) = 95d20e9f8aedb9d5d77d5103f58190232e2d510f8d77a4dae5d764ac61b18a5a2d1a2ec0c857da38940c9c10e930204b87e2e39dfc7b512d05124a613a5b79bd
diff --git a/xrdp.spec b/xrdp.spec
index 1442b86..611cdf4 100644
--- a/xrdp.spec
+++ b/xrdp.spec
@@ -16,8 +16,8 @@
Summary: Open source remote desktop protocol (RDP) server
Name: xrdp
Epoch: 1
-Version: 0.9.22.1
-Release: 4%{?dist}
+Version: 0.9.23
+Release: 1%{?dist}
License: ASL 2.0 and GPLv2+ and MIT
URL: http://www.xrdp.org/
Source0: https://github.com/neutrinolabs/xrdp/releases/download/v%{version}/xrdp-%...
@@ -298,6 +298,10 @@ fi
%{_datadir}/selinux/*/%{name}.pp
%changelog
+* Fri Sep 1 2023 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.23-1
+- Update to 0.9.23
+- CVE-2023-40184
+
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:0.9.22.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
https://src.fedoraproject.org/rpms/xrdp/c/3f2b82ce95c1b5b2cf8f1ad1eab777f...
9Â months
pagure pushed to rpms/nss (rawhide). "Update NSS to 3.93.0"
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:20:53 UTC
From d11658ac7e072dc4e1d04b333541c8b81cbe8622 Mon Sep 17 00:00:00 2001
From: Krenzelok Frantisek <krenzelok.frantisek(a)gmail.com>
Date: Aug 31 2023 03:45:16 +0000
Subject: Update NSS to 3.93.0
---
diff --git a/.gitignore b/.gitignore
index 5db6588..5cfabf8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -83,3 +83,4 @@ TestUser51.cert
/nss-3.90-with-nspr-4.35.tar.gz
/nss-3.91-with-nspr-4.35.tar.gz
/nss-3.92-with-nspr-4.35.tar.gz
+/nss-3.93-with-nspr-4.35.tar.gz
diff --git a/nss.spec b/nss.spec
index 3f1fa76..ad8f24f 100644
--- a/nss.spec
+++ b/nss.spec
@@ -1,5 +1,5 @@
%global nspr_version 4.35.0
-%global nss_version 3.92.0
+%global nss_version 3.93.0
# NOTE: To avoid NVR clashes of nspr* packages:
# - reset %%{nspr_release} to 1, when updating %%{nspr_version}
# - increment %%{nspr_version}, when updating the NSS part only
@@ -7,7 +7,7 @@
%global nss_release %baserelease
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
# release number between nss and nspr are different.
-%global nspr_release %[%baserelease+10]
+%global nspr_release %[%baserelease+11]
# only need to update this as we added new
# algorithms under nss policy control
%global crypto_policies_version 20210118
@@ -1088,6 +1088,9 @@ update-crypto-policies &> /dev/null || :
%changelog
+* Thu Aug 31 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.93.0-1
+- Update NSS to 3.93.0
+
* Tue Aug 1 2023 Frantisek Krenzelok <krenzelok.frantisek(a)gmail.com> - 3.92.0-1
- Update NSS to 3.92.0
diff --git a/sources b/sources
index a90f69d..d342e47 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
-SHA512 (nss-3.92-with-nspr-4.35.tar.gz) = 72810b62cea08c40200ea499a478e05483fa2b336f516c15776beb1ad7f8e8a7b69da8ffb7688f2b50a4725c1973d1c34e53a94e55657d2c4496b593af8959b1
+SHA512 (nss-3.93-with-nspr-4.35.tar.gz) = efe85e09021ca363df35d092b32463b359b2a23fc6e761949e944ba4209b09bdf007fc69015086a278c999411d62b9dba6fbedfb8a7c962ed40e406de45bc28e
https://src.fedoraproject.org/rpms/nss/c/d11658ac7e072dc4e1d04b333541c8b8...
9Â months
pagure pushed to tests/selinux (main). "test if cups-pdf can connect
to /run/systemd/userdb/io.systemd.DynamicUser (..more)"
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:17:15 UTC
From 23c3caa982fb1c8262d9bd4f05b98995057c1bf3 Mon Sep 17 00:00:00 2001
From: Milos Malik <mmalik(a)redhat.com>
Date: Aug 30 2023 13:02:03 +0000
Subject: test if cups-pdf can connect to /run/systemd/userdb/io.systemd.DynamicUser
A recent samba and cups-pdf testing revealed that SELinux prevents
the cups-pdf processes from connecting to UNIX stream socket:
* /run/systemd/userdb/io.systemd.DynamicUser (kernel_t)
The TC reproduces the situation.
In order to support the whole cups-pdf functionality, I believe that
SELinux policy should allow the action. The TC looks for appropriate
policy rules.
The TC covers BZ#2234765.
---
diff --git a/selinux-policy/cups-pdf-and-similar/Makefile b/selinux-policy/cups-pdf-and-similar/Makefile
index b3668ab..c5b6428 100644
--- a/selinux-policy/cups-pdf-and-similar/Makefile
+++ b/selinux-policy/cups-pdf-and-similar/Makefile
@@ -72,6 +72,7 @@ $(METADATA): Makefile
@echo "Bug: 1594271" >> $(METADATA) # Fedora 28
@echo "Bug: 1700442" >> $(METADATA) # Fedora 28
@echo "Bug: 1832521" >> $(METADATA) # Fedora 32
+ @echo "Bug: 2234765" >> $(METADATA) # RHEL-9
rhts-lint $(METADATA)
diff --git a/selinux-policy/cups-pdf-and-similar/main.fmf b/selinux-policy/cups-pdf-and-similar/main.fmf
index 45a71bd..b037121 100644
--- a/selinux-policy/cups-pdf-and-similar/main.fmf
+++ b/selinux-policy/cups-pdf-and-similar/main.fmf
@@ -43,6 +43,7 @@ link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1594271
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1700442
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=1832521
+ - verifies: https://bugzilla.redhat.com/show_bug.cgi?id=2234765
adjust:
- enabled: false
when: distro == rhel-4, rhel-5, rhel-6, rhel-alt-7
diff --git a/selinux-policy/cups-pdf-and-similar/runtest.sh b/selinux-policy/cups-pdf-and-similar/runtest.sh
index 9820e7d..86c5aab 100755
--- a/selinux-policy/cups-pdf-and-similar/runtest.sh
+++ b/selinux-policy/cups-pdf-and-similar/runtest.sh
@@ -109,6 +109,10 @@ rlJournalStart
rlPhaseStartTest "bz#1832521"
rlSESearchRule "allow cups_pdf_t cups_pdf_t : unix_dgram_socket { create connect } [ ]"
rlPhaseEnd
+
+ rlPhaseStartTest "bz#2234765"
+ rlSESearchRule "allow cups_pdf_t kernel_t : unix_stream_socket { connectto } [ ]"
+ rlPhaseEnd
fi
rlPhaseStartTest "real scenario -- confined users"
https://src.fedoraproject.org/tests/selinux/c/23c3caa982fb1c8262d9bd4f05b...
9Â months
remi pushed to rpms/php-phpunit-php-code-coverage10 (f38). "v10.1.4
(..more)"
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:15:25 UTC
From 6cddd290a37011b790a67871db17cc3485bafa93 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi(a)fedoraproject.org>
Date: Sep 01 2023 06:15:00 +0000
Subject: v10.1.4
enable test suite
(cherry picked from commit 98ed4e30c2552e8a679339ad8a10d807b14a7ba5)
---
diff --git a/.gitignore b/.gitignore
index 74caaa2..44aa9f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/php-phpunit-php-code-coverage10-10.1.2-db1497e.tgz
/php-phpunit-php-code-coverage10-10.1.3-be1fe46.tgz
+/php-phpunit-php-code-coverage10-10.1.4-cd59bb3.tgz
diff --git a/php-phpunit-php-code-coverage10.spec b/php-phpunit-php-code-coverage10.spec
index 582f534..a50429b 100644
--- a/php-phpunit-php-code-coverage10.spec
+++ b/php-phpunit-php-code-coverage10.spec
@@ -7,11 +7,10 @@
# Please, preserve the changelog entries
#
-# disabled until phpunit10 available
-%bcond_with tests
+%bcond_without tests
# Github
-%global gh_commit be1fe461fdc917de2a29a452ccf2657d325b443d
+%global gh_commit cd59bb34756a16ca8253ce9b2909039c227fff71
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_vendor sebastianbergmann
%global gh_project php-code-coverage
@@ -25,7 +24,7 @@
%global ver_major 10
Name: php-%{pk_vendor}-%{pk_project}%{ver_major}
-Version: 10.1.3
+Version: 10.1.4
Release: 1%{?dist}
Summary: PHP code coverage information, version %{ver_major}
@@ -197,6 +196,10 @@ exit $ret
%changelog
+* Fri Sep 1 2023 Remi Collet <remi(a)remirepo.net> - 10.1.4-1
+- update to 10.1.4
+- Enable test suite
+
* Thu Jul 27 2023 Remi Collet <remi(a)remirepo.net> - 10.1.3-1
- update to 10.1.3
diff --git a/sources b/sources
index 6aee5c8..58cb7e5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (php-phpunit-php-code-coverage10-10.1.3-be1fe46.tgz) = cb40d486ce563973524828a2c5e49a75eaf9e8c06252b681c6e9f236354674698568397060b5bf1f616610a0cf6b705da2f3ab1781f17b6eb919843a138dc08b
+SHA512 (php-phpunit-php-code-coverage10-10.1.4-cd59bb3.tgz) = 5e76b356468ad726b26c62bbf8d891337b694c57a6c7f77bc73386c7e993ba46bff13db6b1e60de682c167c64d33511a1b4792ab798220e54bf504f9adc450c4
https://src.fedoraproject.org/rpms/php-phpunit-php-code-coverage10/c/6cdd...
9Â months
remi pushed to rpms/php-phpunit-php-code-coverage10 (f39). "v10.1.4
(..more)"
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:14:44 UTC
From 98ed4e30c2552e8a679339ad8a10d807b14a7ba5 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi(a)fedoraproject.org>
Date: Sep 01 2023 06:14:23 +0000
Subject: v10.1.4
enable test suite
---
diff --git a/.gitignore b/.gitignore
index 74caaa2..44aa9f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/php-phpunit-php-code-coverage10-10.1.2-db1497e.tgz
/php-phpunit-php-code-coverage10-10.1.3-be1fe46.tgz
+/php-phpunit-php-code-coverage10-10.1.4-cd59bb3.tgz
diff --git a/php-phpunit-php-code-coverage10.spec b/php-phpunit-php-code-coverage10.spec
index 9e469fb..f040d79 100644
--- a/php-phpunit-php-code-coverage10.spec
+++ b/php-phpunit-php-code-coverage10.spec
@@ -7,11 +7,10 @@
# Please, preserve the changelog entries
#
-# disabled until phpunit10 available
-%bcond_with tests
+%bcond_without tests
# Github
-%global gh_commit be1fe461fdc917de2a29a452ccf2657d325b443d
+%global gh_commit cd59bb34756a16ca8253ce9b2909039c227fff71
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_vendor sebastianbergmann
%global gh_project php-code-coverage
@@ -25,7 +24,7 @@
%global ver_major 10
Name: php-%{pk_vendor}-%{pk_project}%{ver_major}
-Version: 10.1.3
+Version: 10.1.4
Release: 1%{?dist}
Summary: PHP code coverage information, version %{ver_major}
@@ -197,6 +196,10 @@ exit $ret
%changelog
+* Fri Sep 1 2023 Remi Collet <remi(a)remirepo.net> - 10.1.4-1
+- update to 10.1.4
+- Enable test suite
+
* Thu Jul 27 2023 Remi Collet <remi(a)remirepo.net> - 10.1.3-1
- update to 10.1.3
diff --git a/sources b/sources
index 6aee5c8..58cb7e5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (php-phpunit-php-code-coverage10-10.1.3-be1fe46.tgz) = cb40d486ce563973524828a2c5e49a75eaf9e8c06252b681c6e9f236354674698568397060b5bf1f616610a0cf6b705da2f3ab1781f17b6eb919843a138dc08b
+SHA512 (php-phpunit-php-code-coverage10-10.1.4-cd59bb3.tgz) = 5e76b356468ad726b26c62bbf8d891337b694c57a6c7f77bc73386c7e993ba46bff13db6b1e60de682c167c64d33511a1b4792ab798220e54bf504f9adc450c4
https://src.fedoraproject.org/rpms/php-phpunit-php-code-coverage10/c/98ed...
9Â months
remi pushed to rpms/php-phpunit-php-code-coverage10 (rawhide). "v10.1.4"
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:13:51 UTC
From 0cfb56969b1f7b9678d067edfd4ae9cb4c37c98b Mon Sep 17 00:00:00 2001
From: Remi Collet <remi(a)fedoraproject.org>
Date: Sep 01 2023 06:13:41 +0000
Subject: v10.1.4
---
diff --git a/.gitignore b/.gitignore
index 74caaa2..44aa9f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
/php-phpunit-php-code-coverage10-10.1.2-db1497e.tgz
/php-phpunit-php-code-coverage10-10.1.3-be1fe46.tgz
+/php-phpunit-php-code-coverage10-10.1.4-cd59bb3.tgz
diff --git a/php-phpunit-php-code-coverage10.spec b/php-phpunit-php-code-coverage10.spec
index 0ebfdc3..940bd81 100644
--- a/php-phpunit-php-code-coverage10.spec
+++ b/php-phpunit-php-code-coverage10.spec
@@ -10,7 +10,7 @@
%bcond_without tests
# Github
-%global gh_commit be1fe461fdc917de2a29a452ccf2657d325b443d
+%global gh_commit cd59bb34756a16ca8253ce9b2909039c227fff71
%global gh_short %(c=%{gh_commit}; echo ${c:0:7})
%global gh_vendor sebastianbergmann
%global gh_project php-code-coverage
@@ -24,8 +24,8 @@
%global ver_major 10
Name: php-%{pk_vendor}-%{pk_project}%{ver_major}
-Version: 10.1.3
-Release: 2%{?dist}
+Version: 10.1.4
+Release: 1%{?dist}
Summary: PHP code coverage information, version %{ver_major}
# SPDX: Main license is BSD-3-Clause
@@ -196,6 +196,9 @@ exit $ret
%changelog
+* Fri Sep 1 2023 Remi Collet <remi(a)remirepo.net> - 10.1.4-1
+- update to 10.1.4
+
* Wed Aug 23 2023 Remi Collet <remi(a)remirepo.net> - 10.1.3-2
- Enable test suite
diff --git a/sources b/sources
index 6aee5c8..58cb7e5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (php-phpunit-php-code-coverage10-10.1.3-be1fe46.tgz) = cb40d486ce563973524828a2c5e49a75eaf9e8c06252b681c6e9f236354674698568397060b5bf1f616610a0cf6b705da2f3ab1781f17b6eb919843a138dc08b
+SHA512 (php-phpunit-php-code-coverage10-10.1.4-cd59bb3.tgz) = 5e76b356468ad726b26c62bbf8d891337b694c57a6c7f77bc73386c7e993ba46bff13db6b1e60de682c167c64d33511a1b4792ab798220e54bf504f9adc450c4
https://src.fedoraproject.org/rpms/php-phpunit-php-code-coverage10/c/0cfb...
9Â months
tagoh pushed to rpms/google-noto-fonts (f39). "Add bz reference in
changelog"
by notificationsï¼ fedoraproject.org
Notification time stamped 2023-09-01 06:06:25 UTC
From 251e69ed91d2b0a3019611653ffe46a1df4ee847 Mon Sep 17 00:00:00 2001
From: Akira TAGOH <akira(a)tagoh.org>
Date: Aug 31 2023 11:41:07 +0000
Subject: Add bz reference in changelog
---
diff --git a/google-noto-fonts.spec b/google-noto-fonts.spec
index 18d54d4..5672da1 100644
--- a/google-noto-fonts.spec
+++ b/google-noto-fonts.spec
@@ -1235,6 +1235,7 @@ done
* Thu Aug 31 2023 Akira TAGOH <tagoh(a)redhat.com> - 20230801-3
- Add Noto Sans Sinhala as monospace for a workaround that
Noto Serif Sinhala is picked up for monospace.
+ Resolves: rhbz#2236485
* Thu Aug 3 2023 Akira TAGOH <tagoh(a)redhat.com> - 20230801-2
- Make some Indic families default
https://src.fedoraproject.org/rpms/google-noto-fonts/c/251e69ed91d2b0a301...
9Â months