Fedora EPEL 8 updates-testing report - epel-devel - Fedora mailing-lists

28 Sep 2022


      The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4c26d6c15b   knot-resolver-5.5.3-1.el8
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-9f67252d52   chromium-105.0.5195.125-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ImageMagick-6.9.12.64-1.el8
    apptainer-1.1.0-1.el8
    dkms-3.0.7-1.el8
    fennel-1.2.0-1.el8
    mock-core-configs-37.8-1.el8
    openbabel-3.1.1-14.el8
    openssl3-3.0.1-41.el8.1
    python-dnslib-0.9.21-1.el8
Details about builds:
================================================================================
 ImageMagick-6.9.12.64-1.el8 (FEDORA-EPEL-2022-63f85dcc14)
 An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Update ImageMagick to 6.9.12.64 (#2129597)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 S��rgio Basto sergio@serjux.com - 1:6.9.12.64-1
- Update ImageMagick to 6.9.12.64 (#2129597)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129597 - ImageMagick-6.9.12.64 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2129597
--------------------------------------------------------------------------------
================================================================================
 apptainer-1.1.0-1.el8 (FEDORA-EPEL-2022-531e44bc7e)
 Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.0  ----  Update to upstream 1.1.0-rc.3  ----  update to upstream
1.1.0-rc.2  ----  Update to 1.1.0~rc.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Dave Dykstra dwd@fedoraproject.org - 1.1.0
- Update to upstream 1.1.0.  Uncomment the requiring of fuse2fs on el7.
* Tue Sep  6 2022 Dave Dykstra dwd@fedoraproject.org - 1.1.0-rc.3
- Update to upstream 1.1.0~rc.3.  Uncomment setting squashfuse_version and
  the requiring of fuse2fs on el7.
* Wed Aug 17 2022 Dave Dykstra dwd@fedoraproject.org - 1.1.0~rc.2
- Update to upstream 1.1.0~rc.2.  Remove customizations put into
  1.1.0-rc.1 packaging except for f35 inclusion of golang source.
* Tue Aug  2 2022 Dave Dykstra dwd@fedoraproject.org - 1.1.0~rc.1
- Update to upstream 1.1.0~rc.1
- Require fuse2fs package on el7
- Require fuse-overlayfs everywhere for cases that kernel overlayfs
  does not support 
- Add patch for 32-bit compilation
* Wed Jul  6 2022 Dave Dykstra dwd@fedoraproject.org - 1.0.3
- Update to upstream 1.0.3
* Tue May 10 2022 Dave Dykstra dwd@fedoraproject.org - 1.0.2
- Update to upstream 1.0.2
* Wed Mar 16 2022 Dave Dykstra dwd@fedoraproject.org - 1.0.1
- Update to upstream 1.0.1
- Remove patch from pr 299, not needed anymore
* Thu Mar  3 2022 Dave Dykstra dwd@fedoraproject.org - 1.0.0
- Initial release from upstream 1.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2130297 - apptainer-1.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2130297
--------------------------------------------------------------------------------
================================================================================
 dkms-3.0.7-1.el8 (FEDORA-EPEL-2022-c39424ac9e)
 Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 3.0.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Simone Caronni negativo17@gmail.com - 3.0.7-1
- Update to 3.0.7.
* Tue Aug  9 2022 Simone Caronni negativo17@gmail.com - 3.0.6-2
- Adjust kernel devel subpackage requirements.
--------------------------------------------------------------------------------
================================================================================
 fennel-1.2.0-1.el8 (FEDORA-EPEL-2022-4d9bf21fc5)
 A Lisp that compiles to Lua
--------------------------------------------------------------------------------
Update Information:
## New Forms - Add `fcollect` macro for range ���comprehension���  ## New Features -
Make `include` splice modules in where they���re used instead of at the top - Add
`ast-source` function to API to get file/line info from AST nodes - Show errors
using terminal control codes instead of arrow indicator - Parser now includes
column information (byte-based) in AST nodes - For greater consistency, add
&into/&until to certain looping constructs  ## Bug Fixes - Duplicate table keys
no longer crash the compiler - Don���t print stack trace for compiler errors in
built-in macros - Fix an issue with native modules in `--compile-binary` -
Improve argument handling so unused arguments get passed on to script - Fix a
bug where macros modifying table literals would emit incorrect output - Fix a
bug in the REPL where parser errors display the error message as `nil` - Fix a
bug when nil were emitted by unquote in a macro, and the macro was not compiled
correctly because the resulting list length was calculated incorrectly - Fix a
REPL bug where `,doc m.foo` did not resolve multisym to macro for macro modules
loaded as macro table via `(import-macros m :my.macro.module)`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Michel Alexandre Salim salimma@fedoraproject.org 1.2.0-1
- Update to 1.2.0
* Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org 1.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2121958 - fennel-1.2.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2121958
--------------------------------------------------------------------------------
================================================================================
 mock-core-configs-37.8-1.el8 (FEDORA-EPEL-2022-16891c41d0)
 Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- openEuler 22.03 configs added (yikunkero@gmail.com) - openEuler 20.03 configs
added (yikunkero@gmail.com) - Oracle Linux 9 configs added (a.samets@gmail.com)
- change license to spdx (msuchy@redhat.com) - Update to AlmaLinux Quay.io repo
(srbala@gmail.com) - EPEL Koji repo not exposed when we are on EPEL Next
(miro@hroncok.cz)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Pavel Raiskup praiskup@redhat.com 37.8-1
- openEuler 22.03 configs added (yikunkero@gmail.com)
- openEuler 20.03 configs added (yikunkero@gmail.com)
- Oracle Linux 9 configs added (a.samets@gmail.com)
- change license to spdx (msuchy@redhat.com)
- Update to AlmaLinux Quay.io repo (srbala@gmail.com)
- EPEL Koji repo not exposed when we are on EPEL Next (miro@hroncok.cz)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2129571 - RFE - add oraclelinux-9 configuration to mock-core-configs
        https://bugzilla.redhat.com/show_bug.cgi?id=2129571
--------------------------------------------------------------------------------
================================================================================
 openbabel-3.1.1-14.el8 (FEDORA-EPEL-2022-6ad4f1fee1)
 Chemistry software file format converter
--------------------------------------------------------------------------------
Update Information:
- New packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Antonio Trande sagitter@fedoraproject.org - 3.1.1-14
- Fix EPEL builds
* Tue Sep 27 2022 Antonio Trande sagitter@fedoraproject.org - 3.1.1-13
- New rebuild
* Sun Aug  7 2022 Antonio Trande sagitter@fedoraproject.org - 3.1.1-12
- Add profile file openbabel3.sh (rhbz#2112710)
* Thu Aug  4 2022 Scott Talbert swt@techie.net - 3.1.1-11
- Rebuild with wxWidgets 3.2
* Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 3.1.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul  8 2022 Antonio Trande sagitter@fedoraproject.org - 3.1.1-9
- Patched for rhbz#2105259
* Mon Jun 13 2022 Python Maint python-maint@redhat.com - 3.1.1-8
- Rebuilt for Python 3.11
* Mon May 30 2022 Jitka Plesnikova jplesnik@redhat.com - 3.1.1-7
- Perl 5.36 rebuild
* Thu Jan 27 2022 V��t Ondruch vondruch@redhat.com - 3.1.1-6
- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_3.1
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 3.1.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 openssl3-3.0.1-41.el8.1 (FEDORA-EPEL-2022-3bebee4625)
 Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Sync with CentOS Stream 9's openssl to pick up CVE fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Michel Alexandre Salim salimma@fedoraproject.org 3.0.1-41.1
- Merge c9s openssl changes to pick up CVE fixes
* Thu Aug 11 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-41
- Zeroize public keys as required by FIPS 140-3
  Related: rhbz#2102542
- Add FIPS indicator for HKDF
  Related: rhbz#2114772
* Fri Aug  5 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-40
- Deal with DH keys in FIPS mode according FIPS-140-3 requirements
  Related: rhbz#2102536
- Deal with ECDH keys in FIPS mode according FIPS-140-3 requirements
  Related: rhbz#2102537
- Use signature for RSA pairwise test according FIPS-140-3 requirements
  Related: rhbz#2102540
- Reseed all the parent DRBGs in chain on reseeding a DRBG
  Related: rhbz#2102541
* Mon Aug  1 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-39
- Use RSA-OAEP in FIPS RSA encryption/decryption FIPS self-test
- Use Use digest_sign & digest_verify in FIPS signature self test
- Use FFDHE2048 in Diffie-Hellman FIPS self-test
  Resolves: rhbz#2102535
* Thu Jul 14 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-38
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
  initialized.
  Resolves: rhbz#2103289
- Improve AES-GCM performance on Power9 and Power10 ppc64le
  Resolves: rhbz#2051312
- Improve ChaCha20 performance on Power10 ppc64le
  Resolves: rhbz#2051312
* Tue Jul  5 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-37
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
  Resolves: CVE-2022-2097
* Thu Jun 16 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-36
- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
- Related: rhbz#2085088
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available if key length is enough
- Related: rhbz#2053289
- Improve diagnostics when passing unsupported groups in TLS
- Related: rhbz#2070197
- Fix PPC64 Montgomery multiplication bug
- Related: rhbz#2098199
- Strict certificates validation shouldn't allow explicit EC parameters
- Related: rhbz#2058663
- CVE-2022-2068: the c_rehash script allows command injection
- Related: rhbz#2098277
* Wed Jun  8 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-35
- Add explicit indicators for signatures in FIPS mode and mark signature
  primitives as unapproved.
  Resolves: rhbz#2087147
* Fri Jun  3 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-34
- Some OpenSSL test certificates are expired, updating
- Resolves: rhbz#2092456
* Thu May 26 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-33
- CVE-2022-1473 openssl: OPENSSL_LH_flush() breaks reuse of memory
- Resolves: rhbz#2089444
- CVE-2022-1343 openssl: Signer certificate verification returned
  inaccurate response when using OCSP_NOCHECKS
- Resolves: rhbz#2087911
- CVE-2022-1292 openssl: c_rehash script allows command injection
- Resolves: rhbz#2090362
- Revert "Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode"
  Related: rhbz#2087147
- Use KAT for ECDSA signature tests, s390 arch
- Resolves: rhbz#2069235
* Thu May 19 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-32
- `openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
- Resolves: rhbz#2083240
- Ciphersuites with RSA KX should be filterd in FIPS mode
- Related: rhbz#2085088
- In FIPS mode, signature verification works with keys of arbitrary size
  above 2048 bit, and only with 1024, 1280, 1536, 1792 bits for keys
  below 2048 bits
- Resolves: rhbz#2077884
* Wed May 18 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-31
- Disable SHA-1 signature verification in FIPS mode
- Disable EVP_PKEY_sign/EVP_PKEY_verify in FIPS mode
  Resolves: rhbz#2087147
* Mon May 16 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-30
- Use KAT for ECDSA signature tests
- Resolves: rhbz#2069235
* Thu May 12 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-29
- `-config` argument of openssl app should work properly in FIPS mode
- Resolves: rhbz#2083274
- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
- Resolves: rhbz#2063947
* Fri May  6 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-28
- OpenSSL should not accept custom elliptic curve parameters
- Resolves rhbz#2066412
- OpenSSL should not accept explicit curve parameters in FIPS mode
- Resolves rhbz#2058663
* Fri May  6 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-27
- Change FIPS module version to include hash of specfile, patches and sources
  Resolves: rhbz#2070550
* Thu May  5 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-26
- OpenSSL FIPS module should not build in non-approved algorithms
- Resolves: rhbz#2081378
* Mon May  2 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-25
- FIPS provider should block RSA encryption for key transport.
- Other RSA encryption options should still be available
- Resolves: rhbz#2053289
* Thu Apr 28 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-24
- Fix regression in evp_pkey_name2type caused by tr_TR locale fix
  Resolves: rhbz#2071631
* Wed Apr 20 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-23
- Fix openssl curl error with LANG=tr_TR.utf8
- Resolves: rhbz#2071631
* Mon Mar 28 2022 Dmitry Belyavskiy dbelyavs@redhat.com - 1:3.0.1-22
- FIPS provider should block RSA encryption for key transport
- Resolves: rhbz#2053289
* Tue Mar 22 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-21
- Fix occasional internal error in TLS when DHE is used
- Resolves: rhbz#2004915
* Fri Mar 18 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-20
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
  no OpenSSL library context is set
- Resolves: rhbz#2065400
* Fri Mar 18 2022 Clemens Lang cllang@redhat.com - 1:3.0.1-19
- Fix TLS connections with SHA1 signatures if rh-allow-sha1-signatures = yes
- Resolves: rhbz#2065400
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2089472 - CVE-2022-1343 openssl3: openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2089472
  [ 2 ] Bug #2095814 - CVE-2022-1292 openssl3: openssl: c_rehash script allows command injection [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2095814
  [ 3 ] Bug #2099970 - CVE-2022-2068 openssl3: openssl: the c_rehash script allows command injection [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2099970
  [ 4 ] Bug #2105033 - CVE-2022-2097 openssl3: openssl: AES OCB fails to encrypt some bytes [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2105033
--------------------------------------------------------------------------------
================================================================================
 python-dnslib-0.9.21-1.el8 (FEDORA-EPEL-2022-6319bfdcaa)
 Simple library to encode/decode DNS packets
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.9.21
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2022 Fabian Affolter mail@fabian-affolter.ch - 0.9.21-1
- Update to latest upstream release 0.9.21
- Fix for CVE-2022-22846 (closes rhbz#2042610, closes rhbz#2042611)
* Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 0.9.14-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint python-maint@redhat.com - 0.9.14-6
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 0.9.14-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 0.9.14-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun  4 2021 Python Maint python-maint@redhat.com - 0.9.14-3
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.9.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2042610 - CVE-2022-22846 python-dnslib: client does not validate DNS transaction ID
        https://bugzilla.redhat.com/show_bug.cgi?id=2042610
--------------------------------------------------------------------------------