The following Fedora EPEL 8 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0e7cdf6123 apptainer-1.2.2-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
duply-2.4.3-1.el8 kitty-0.26.5-9.el8 python-regex-2023.6.3-1.el8 rpki-client-8.5-1.el8
Details about builds:
================================================================================ duply-2.4.3-1.el8 (FEDORA-EPEL-2023-a895e9e6d8) Wrapper for duplicity -------------------------------------------------------------------------------- Update Information:
Update to duply 2.4.3 (05.05.2023) - bugfix #134: workaround bash 4.2 and earlier read bug -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 28 2023 Thomas Moschny thomas.moschny@gmx.de - 2.4.3-1 - Update to 2.4.3. * Wed Jul 19 2023 Fedora Release Engineering releng@fedoraproject.org - 2.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ kitty-0.26.5-9.el8 (FEDORA-EPEL-2023-1a8a33f65f) Cross-platform, fast, feature full, GPU based terminal emulator -------------------------------------------------------------------------------- Update Information:
fix CVE -------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 30 2023 Pavel Solovev daron439@gmail.com - 0.26.5-9 - skip flaky on rhel tests * Sun Jul 30 2023 Pavel Solovev daron439@gmail.com - 0.26.5-8 - fix CVE-2008-2383 --------------------------------------------------------------------------------
================================================================================ python-regex-2023.6.3-1.el8 (FEDORA-EPEL-2023-0fb4ff4f74) Alternative regular expression module, to replace re -------------------------------------------------------------------------------- Update Information:
Update python-regex to the latest release. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 30 2023 Thomas Moschny thomas.moschny@gmx.de - 2022.6.3-1 - Update to 2023.6.3. * Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 2022.10.31-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint python-maint@redhat.com - 2022.10.31-3 - Rebuilt for Python 3.12 * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 2022.10.31-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ rpki-client-8.5-1.el8 (FEDORA-EPEL-2023-f9d580f593) OpenBSD RPKI validator to support BGP Origin Validation -------------------------------------------------------------------------------- Update Information:
# rpki-client 8.5 - ASPA support was updated to draft-ietf-sidrops-aspa- profile-16. As part of supporting AFI-agnostic ASPAs, the JSON syntax for Validated ASPA Payloads changed in both filemode and normal output. - Support for gzip and deflate HTTP Content-Encoding compression was added. This allows web servers to send RRDP XML in compressed form, saving around 50% of bandwidth. Zlib was added as a dependency. - File modification timestamps of objects retrieved via RRDP are now deterministically set to prepare the on-disk cache for seamless failovers from RRDP to RSYNC. See draft-ietf-sidrops-cms-signing- time for more information. - A 30%-50% performance improvement was achieved through libcrypto's partial chains certificate validation feature. Already validated non-inheriting CA certificates are now marked as trusted roots. This way it can be ensured that a leaf's delegated resources are properly covered, and at the same time most validation paths are significantly shortened. - Improved detection of RRDP session desynchronization: a check was added to compare whether the delta hashes associated to previously seen serials are different in newly fetched notification files. - Improved handling of RRDP deltas in which objects are published, withdrawn, and published again. - A check to disallow duplicate X.509 certificate extensions was added. - A check to disallow empty sets of IP Addresses or AS numbers in RFC 3779 extensions was added. - A compliance check for the proper X.509 Certificate version and CRL version was added. - A warning is printed when the CMS signing-time attribute in a Signed Object is missing. - Warnings about unrecoverable message digest mismatches now include the manifestNumber to aid debugging the cause. - A check was added to disallow multiple RRDP publish elements for the same file in RRDP snapshots. If this error condition is encountered, the RRDP transfer is failed and the RP falls back to rsync. - A compliance check was added to ensure CMS Signed Objects contain SignedData, in accordance to RFC 6488 section 3 checklist item 1a. - Compliance checks were added for the version, KeyUsage, and ExtendedKeyUsage of EE certificates in Manifest, TAK, and GBR Signed Objects. - A CMS signing-time value being after the X.509 notAfter timestamp was downgraded from an error to a warning. - A bug was fixed in the handling of CA certificates which inherit IP resources. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 30 2023 Robert Scheck robert@fedoraproject.org 8.5-1 - Upgrade to 8.5 (#2227464) * Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 8.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2227464 - rpki-client-8.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2227464 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org