The following Fedora EPEL 6 Security updates need testing:
Age URL
39
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-5aca1d385d
remctl-3.14-1.el6
36
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-dd6e4a3f0b
python34-3.4.8-1.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-db2f6088bd
seamonkey-2.49.3-1.el6
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-228dbec48f
mysql-mmm-2.2.1-3.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
dislocker-0.7.1-8.el6
fedpkg-1.33-1.el6
mbedtls-2.7.3-1.el6
Details about builds:
================================================================================
dislocker-0.7.1-8.el6 (FEDORA-EPEL-2018-f6b914dd07)
Utility to access BitLocker encrypted volumes
--------------------------------------------------------------------------------
Update Information:
Mbed TLS 2.7.3 ============== Security -------- * (2.7, 2.1) Fixed an issue
in the X.509 module which could lead to a buffer overread during certificate
validation. Additionally, the issue could also lead to unnecessary callback
checks being made or to some validation checks to be omitted. The overread could
be triggered remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with a non
DER-compliant certificate. Found by luocm. Fixes #825. * (2.7, 2.1) Fixed the
buffer length assertion in the ssl_parse_certificate_request() function which
could lead to an arbitrary overread of the message buffer. The overreads could
be caused by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug data. *
(2.7, 2.1) Fixed a client-side bug in the validation of the server's ciphersuite
choice which could potentially lead to the client accepting a ciphersuite it
didn't offer or a ciphersuite that could not be used with the TLS or DTLS
version chosen by the server. This could lead to corruption of internal data
structures for some configurations. Bugfix ------ * (2.7) Fixed a spurious
uninitialized variable warning in cmac.c. Fix independently contributed by Brian
J Murray and David Brown. * (2.7, 2.1) Added missing dependencies in test
suites that led to build failures in configurations that omit certain hashes or
public-key algorithms. Fixes #1040. * (2.7) Fixed a C89 incompatibility issue
in benchmark.c. Contributed by Brendan Shanks. Fixes #1353. * (2.7, 2.1) Added
missing dependencies for MBEDTLS_HAVE_TIME_DATE and MBEDTLS_VERSION_FEATURES in
some test suites. Contributed by Deomid Ryabkov. Fixes #1299, #1475. * (2.7,
2.1) Fixed the Makefile build process for building shared libraries on Mac OS X.
Fixed by mnacamura. * (2.7, 2.1) Fixed parsing of PKCS#8 encoded Elliptic
Curve keys. Previously Mbed TLS was unable to parse keys which had only the
optional parameters field of the ECPrivateKey structure. Found by Jethro
Beekman, fixed in #1379. * (2.7, 2.1) Added an optimisation to return the
plaintext data more quickly on unpadded CBC decryption, as stated in the
mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. * (2.7,
2.1) Fixed the overriding and ignoring of return values when parsing and writing
to a file in the pk_sign program. Found by kevlut in #1142. * (2.7, 2.1) Fixed
buffer length assertions in the ssl_parse_certificate_request() function which
led to a potential one byte overread of the message buffer. * (2.7, 2.1) Fixed
invalid buffer sizes being passed to zlib during record compression and
decompression. Changes ------- * (2.7) Added support for cmake builds where
Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and
Arne Schwabe. * (2.7, 2.1) Improved the testing of configurations that omit
certain hashes or public-key algorithms. Includes contributions by Gert van
Dijk. * (2.7, 2.1) Improved negative testing of X.509 parsing. * (2.7, 2.1)
Does not define global mutexes for readdir() and gmtime() in configurations
where the feature is disabled. Found and fixed by Gergely Budai. * (2.7, 2.1)
Provided an empty implementation of mbedtls_pkcs5_pbes2() when
MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 without
PBES2. Fixed by Marcos Del Sol Vives. * (2.7, 2.1) Improved the documentation
of mbedtls_net_accept(). Contributed by Ivan Krylov. * (2.7, 2.1) Improved the
documentation of mbedtls_ssl_write(). Suggested by Paul Sokolovsky in #1356. *
(2.7, 2.1) Added an option in the Makefile to support ar utilities where the
operation letter must not be prefixed by '-', such as LLVM. Found and fixed by
Alex Hixon. * (2.7, 2.1) Added the ability to allow configuration of the
shared library extension by setting the DLEXT environment variable when using
the project makefiles. * (2.7, 2.1) Changed the SSL module, such that when
f_send, f_recv or f_recv_timeout report transmitting more than the required
length, they now return an error. Raised by Sam O'Connor in #1245. * (2.7,
2.1) Improved the robustness of mbedtls_ssl_derive_keys() against the use of
HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan
Chen. Fixes #1437.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 17 2018 Robert Scheck <robert(a)fedoraproject.org> 0.7.1-8
- Rebuilt for mbed TLS 2.7.3/2.9.0 (libmbedcrypto.so.2)
--------------------------------------------------------------------------------
================================================================================
fedpkg-1.33-1.el6 (FEDORA-EPEL-2018-f464f7f4a1)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
- Allow running tests against specified rpkg (cqi) - Fix test due to rpkg uses
getpass.getuser (cqi) - Getting bodhi version works with Python 3 - #213 (cqi) -
Detect Bodhi client by major version - #204 (cqi) - Allow requesting modular
repositories without bug ID - #197 (rdossant) - Fix test
test_verify_sls_invalid_date - #209 (cqi) - Copy pip-pycurl to ensure pycurl is
installed correctly (cqi) - Fix unicode issue for update command in Python 3 -
#206 (cqi) - Fix a few E722 code styles errors (cqi) - Fix fake PDC URL in test
(cqi) - Use tox to run tests with multiple Python versions (cqi) - Reword error
message for missing pagure token - #194 (cqi) - Tell which token ACL is required
for request-repo - #195 (cqi) - Rename incorrect references of Koshei to be
Anitya (mprahl)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 14 2018 Chenxiong Qi <cqi(a)redhat.com> - 1.33-1
- Allow running tests against specified rpkg (cqi)
- Fix test due to rpkg uses getpass.getuser (cqi)
- Getting bodhi version works with Python 3 - #213 (cqi)
- Detect Bodhi client by major version - #204 (cqi)
- Allow requesting modular repositories without bug ID - #197 (rdossant)
- Fix test test_verify_sls_invalid_date - #209 (cqi)
- Copy pip-pycurl to ensure pycurl is installed correctly (cqi)
- Fix unicode issue for update command in Python 3 - #206 (cqi)
- Fix a few E722 code styles errors (cqi)
- Fix fake PDC URL in test (cqi)
- Use tox to run tests with multiple Python versions (cqi)
- Reword error message for missing pagure token - #194 (cqi)
- Tell which token ACL is required for request-repo - #195 (cqi)
- Rename incorrect references of Koshei to be Anitya (mprahl)
* Thu May 10 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1.32-2
- Switch to Python 3 on Fedora > 28 and EL > 7
- Drop Groups
- Switch to %{buildroot}
- Switch to %py_build and _install
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.7.3-1.el6 (FEDORA-EPEL-2018-f6b914dd07)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
Mbed TLS 2.7.3 ============== Security -------- * (2.7, 2.1) Fixed an issue
in the X.509 module which could lead to a buffer overread during certificate
validation. Additionally, the issue could also lead to unnecessary callback
checks being made or to some validation checks to be omitted. The overread could
be triggered remotely, while the other issues would require a non DER-compliant
certificate to be correctly signed by a trusted CA, or a trusted CA with a non
DER-compliant certificate. Found by luocm. Fixes #825. * (2.7, 2.1) Fixed the
buffer length assertion in the ssl_parse_certificate_request() function which
could lead to an arbitrary overread of the message buffer. The overreads could
be caused by receiving a malformed algorithms section which was too short. In
builds with debug output, this overread data was output with the debug data. *
(2.7, 2.1) Fixed a client-side bug in the validation of the server's ciphersuite
choice which could potentially lead to the client accepting a ciphersuite it
didn't offer or a ciphersuite that could not be used with the TLS or DTLS
version chosen by the server. This could lead to corruption of internal data
structures for some configurations. Bugfix ------ * (2.7) Fixed a spurious
uninitialized variable warning in cmac.c. Fix independently contributed by Brian
J Murray and David Brown. * (2.7, 2.1) Added missing dependencies in test
suites that led to build failures in configurations that omit certain hashes or
public-key algorithms. Fixes #1040. * (2.7) Fixed a C89 incompatibility issue
in benchmark.c. Contributed by Brendan Shanks. Fixes #1353. * (2.7, 2.1) Added
missing dependencies for MBEDTLS_HAVE_TIME_DATE and MBEDTLS_VERSION_FEATURES in
some test suites. Contributed by Deomid Ryabkov. Fixes #1299, #1475. * (2.7,
2.1) Fixed the Makefile build process for building shared libraries on Mac OS X.
Fixed by mnacamura. * (2.7, 2.1) Fixed parsing of PKCS#8 encoded Elliptic
Curve keys. Previously Mbed TLS was unable to parse keys which had only the
optional parameters field of the ECPrivateKey structure. Found by Jethro
Beekman, fixed in #1379. * (2.7, 2.1) Added an optimisation to return the
plaintext data more quickly on unpadded CBC decryption, as stated in the
mbedtls_cipher_update() documentation. Contributed by Andy Leiserson. * (2.7,
2.1) Fixed the overriding and ignoring of return values when parsing and writing
to a file in the pk_sign program. Found by kevlut in #1142. * (2.7, 2.1) Fixed
buffer length assertions in the ssl_parse_certificate_request() function which
led to a potential one byte overread of the message buffer. * (2.7, 2.1) Fixed
invalid buffer sizes being passed to zlib during record compression and
decompression. Changes ------- * (2.7) Added support for cmake builds where
Mbed TLS is a subproject. Fix contributed independently by Matthieu Volat and
Arne Schwabe. * (2.7, 2.1) Improved the testing of configurations that omit
certain hashes or public-key algorithms. Includes contributions by Gert van
Dijk. * (2.7, 2.1) Improved negative testing of X.509 parsing. * (2.7, 2.1)
Does not define global mutexes for readdir() and gmtime() in configurations
where the feature is disabled. Found and fixed by Gergely Budai. * (2.7, 2.1)
Provided an empty implementation of mbedtls_pkcs5_pbes2() when
MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2 without
PBES2. Fixed by Marcos Del Sol Vives. * (2.7, 2.1) Improved the documentation
of mbedtls_net_accept(). Contributed by Ivan Krylov. * (2.7, 2.1) Improved the
documentation of mbedtls_ssl_write(). Suggested by Paul Sokolovsky in #1356. *
(2.7, 2.1) Added an option in the Makefile to support ar utilities where the
operation letter must not be prefixed by '-', such as LLVM. Found and fixed by
Alex Hixon. * (2.7, 2.1) Added the ability to allow configuration of the
shared library extension by setting the DLEXT environment variable when using
the project makefiles. * (2.7, 2.1) Changed the SSL module, such that when
f_send, f_recv or f_recv_timeout report transmitting more than the required
length, they now return an error. Raised by Sam O'Connor in #1245. * (2.7,
2.1) Improved the robustness of mbedtls_ssl_derive_keys() against the use of
HMAC functions with non-HMAC ciphersuites. Independently contributed by Jiayuan
Chen. Fixes #1437.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 16 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.3-1
- Update to 2.7.3
* Fri Apr 6 2018 Morten Stevens <mstevens(a)fedoraproject.org> - 2.7.2-1
- Update to 2.7.2
--------------------------------------------------------------------------------