The following Fedora EPEL 8 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0e7cdf6123
apptainer-1.2.2-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
duply-2.4.3-1.el8
kitty-0.26.5-9.el8
python-regex-2023.6.3-1.el8
rpki-client-8.5-1.el8
Details about builds:
================================================================================
duply-2.4.3-1.el8 (FEDORA-EPEL-2023-a895e9e6d8)
Wrapper for duplicity
--------------------------------------------------------------------------------
Update Information:
Update to duply 2.4.3 (05.05.2023) - bugfix #134: workaround bash 4.2 and
earlier read bug
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 28 2023 Thomas Moschny <thomas.moschny(a)gmx.de> - 2.4.3-1
- Update to 2.4.3.
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
kitty-0.26.5-9.el8 (FEDORA-EPEL-2023-1a8a33f65f)
Cross-platform, fast, feature full, GPU based terminal emulator
--------------------------------------------------------------------------------
Update Information:
fix CVE
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 30 2023 Pavel Solovev <daron439(a)gmail.com> - 0.26.5-9
- skip flaky on rhel tests
* Sun Jul 30 2023 Pavel Solovev <daron439(a)gmail.com> - 0.26.5-8
- fix CVE-2008-2383
--------------------------------------------------------------------------------
================================================================================
python-regex-2023.6.3-1.el8 (FEDORA-EPEL-2023-0fb4ff4f74)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update python-regex to the latest release.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 30 2023 Thomas Moschny <thomas.moschny(a)gmx.de> - 2022.6.3-1
- Update to 2023.6.3.
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
2022.10.31-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-maint(a)redhat.com> - 2022.10.31-3
- Rebuilt for Python 3.12
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
2022.10.31-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rpki-client-8.5-1.el8 (FEDORA-EPEL-2023-f9d580f593)
OpenBSD RPKI validator to support BGP Origin Validation
--------------------------------------------------------------------------------
Update Information:
# rpki-client 8.5 - ASPA support was updated to draft-ietf-sidrops-aspa-
profile-16. As part of supporting AFI-agnostic ASPAs, the JSON syntax for
Validated ASPA Payloads changed in both filemode and normal output. - Support
for gzip and deflate HTTP Content-Encoding compression was added. This allows
web servers to send RRDP XML in compressed form, saving around 50% of bandwidth.
Zlib was added as a dependency. - File modification timestamps of objects
retrieved via RRDP are now deterministically set to prepare the on-disk cache
for seamless failovers from RRDP to RSYNC. See draft-ietf-sidrops-cms-signing-
time for more information. - A 30%-50% performance improvement was achieved
through libcrypto's partial chains certificate validation feature. Already
validated non-inheriting CA certificates are now marked as trusted roots. This
way it can be ensured that a leaf's delegated resources are properly covered,
and at the same time most validation paths are significantly shortened. -
Improved detection of RRDP session desynchronization: a check was added to
compare whether the delta hashes associated to previously seen serials are
different in newly fetched notification files. - Improved handling of RRDP
deltas in which objects are published, withdrawn, and published again. - A check
to disallow duplicate X.509 certificate extensions was added. - A check to
disallow empty sets of IP Addresses or AS numbers in RFC 3779 extensions was
added. - A compliance check for the proper X.509 Certificate version and CRL
version was added. - A warning is printed when the CMS signing-time attribute in
a Signed Object is missing. - Warnings about unrecoverable message digest
mismatches now include the manifestNumber to aid debugging the cause. - A check
was added to disallow multiple RRDP publish elements for the same file in RRDP
snapshots. If this error condition is encountered, the RRDP transfer is failed
and the RP falls back to rsync. - A compliance check was added to ensure CMS
Signed Objects contain SignedData, in accordance to RFC 6488 section 3 checklist
item 1a. - Compliance checks were added for the version, KeyUsage, and
ExtendedKeyUsage of EE certificates in Manifest, TAK, and GBR Signed Objects. -
A CMS signing-time value being after the X.509 notAfter timestamp was downgraded
from an error to a warning. - A bug was fixed in the handling of CA certificates
which inherit IP resources.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 30 2023 Robert Scheck <robert(a)fedoraproject.org> 8.5-1
- Upgrade to 8.5 (#2227464)
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2227464 - rpki-client-8.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2227464
--------------------------------------------------------------------------------