Next NYC*BUG:
Using Shell as a Deployment Tool, Ivan Ivanov
2019-02-06 @ 18:45 - Suspenders, 108 Greenwich Street, 2nd Floor (hopefully)
Abstract:
Tools like Ansible provide a convenient way to deploy software.
However, they come with complexity that may not be justified for certain
tasks. The presentation will describe a real-world use case of
converting an ansible-based deployment procedure to shell scripts in
order to simplify it. I will explain how it is done and why it is done.
More info:
https://www.nycbug.org/index?action=view&id=10664
_______________________________________________
announce mailing list
announce@lists.nycbug.org
http://lists.nycbug.org:8080/mailman/listinfo/announce
Thursday, January 31, 2019
[USN-3877-1] LibVNCServer vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxTVmsACgkQZWnYVadE
vpMRfA/9EFcoI9EGPqbYamJbzL9t/PJfMFkF8KMDshgLOQN/Y2yfidfFOcwBNT0R
AAQtkafUSSbkPREtZ1Z4SB70rwpg29f6SUjis+1hqKGtx9j7EHBBo9pE0zIpWpPx
T0RxTmoZ8CJCPMpxRud1S0UOJVqKG01HMqBnEkMoHoR+Bf1WJnE0lW3AP5bnJlzn
CvBHEX+cAnR77DKdTzokLHKQh+Lhw13cpnKa8T6ZqWkfWOO0MYWHJKBiqfozpvPv
6LrmMJkPVu53jLXy9hPXSMAdXt9jve84rmi4vF0ciDu8D4EEXO9mkXkkB3JYLtBJ
czq49KR3n3CitlF/NwvsFO2ZHluxbYJMsbeQ9pbcseNFxIlJLJFgHGvHI+MRilGV
qrYwWUGzrwHD0pH7tLErBzBcLqlZhj+fcPGQPQ7jgT0+Yb3jgd98lnjdnexFc14G
i+74llH8uDNI7RfbdxocpyxTc9HgH8F963yQlofkScmaJzV+Z7ZviRNNQ1wNhjOj
m4g9h2+AtsNHCBiBKvrAWvnJTcTvCXf0Wew8qNt0olF2akd93au3zJSkiHc9wKBN
aARpoBrXQ4shA8EamlzTcaT/RFv4gu8ckuuGBBJBo2Z83nqoEIDKRFWWsxHDQ4Xz
EmASKnMdS/5xJTnt87OEui5JeZylWgDZwRhm8bodqRHc2AM2NYY=
=DSbu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3877-1
January 31, 2019
libvncserver vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in LibVNCServer.
Software Description:
- libvncserver: vnc server library
Details:
It was discovered that LibVNCServer incorrectly handled certain operations.
A remote attacker able to connect to applications using LibVNCServer could
possibly use this issue to obtain sensitive information, cause a denial of
service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libvncclient1 0.9.11+dfsg-1.1ubuntu0.1
libvncserver1 0.9.11+dfsg-1.1ubuntu0.1
Ubuntu 18.04 LTS:
libvncclient1 0.9.11+dfsg-1ubuntu1.1
libvncserver1 0.9.11+dfsg-1ubuntu1.1
Ubuntu 16.04 LTS:
libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.3
libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.3
Ubuntu 14.04 LTS:
libvncserver0 0.9.9+dfsg-1ubuntu1.4
After a standard system update you need to restart LibVNCServer
applications to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3877-1
CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020,
CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024,
CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-6307
Package Information:
https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.4
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxTVmsACgkQZWnYVadE
vpMRfA/9EFcoI9EGPqbYamJbzL9t/PJfMFkF8KMDshgLOQN/Y2yfidfFOcwBNT0R
AAQtkafUSSbkPREtZ1Z4SB70rwpg29f6SUjis+1hqKGtx9j7EHBBo9pE0zIpWpPx
T0RxTmoZ8CJCPMpxRud1S0UOJVqKG01HMqBnEkMoHoR+Bf1WJnE0lW3AP5bnJlzn
CvBHEX+cAnR77DKdTzokLHKQh+Lhw13cpnKa8T6ZqWkfWOO0MYWHJKBiqfozpvPv
6LrmMJkPVu53jLXy9hPXSMAdXt9jve84rmi4vF0ciDu8D4EEXO9mkXkkB3JYLtBJ
czq49KR3n3CitlF/NwvsFO2ZHluxbYJMsbeQ9pbcseNFxIlJLJFgHGvHI+MRilGV
qrYwWUGzrwHD0pH7tLErBzBcLqlZhj+fcPGQPQ7jgT0+Yb3jgd98lnjdnexFc14G
i+74llH8uDNI7RfbdxocpyxTc9HgH8F963yQlofkScmaJzV+Z7ZviRNNQ1wNhjOj
m4g9h2+AtsNHCBiBKvrAWvnJTcTvCXf0Wew8qNt0olF2akd93au3zJSkiHc9wKBN
aARpoBrXQ4shA8EamlzTcaT/RFv4gu8ckuuGBBJBo2Z83nqoEIDKRFWWsxHDQ4Xz
EmASKnMdS/5xJTnt87OEui5JeZylWgDZwRhm8bodqRHc2AM2NYY=
=DSbu
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3877-1
January 31, 2019
libvncserver vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in LibVNCServer.
Software Description:
- libvncserver: vnc server library
Details:
It was discovered that LibVNCServer incorrectly handled certain operations.
A remote attacker able to connect to applications using LibVNCServer could
possibly use this issue to obtain sensitive information, cause a denial of
service, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libvncclient1 0.9.11+dfsg-1.1ubuntu0.1
libvncserver1 0.9.11+dfsg-1.1ubuntu0.1
Ubuntu 18.04 LTS:
libvncclient1 0.9.11+dfsg-1ubuntu1.1
libvncserver1 0.9.11+dfsg-1ubuntu1.1
Ubuntu 16.04 LTS:
libvncclient1 0.9.10+dfsg-3ubuntu0.16.04.3
libvncserver1 0.9.10+dfsg-3ubuntu0.16.04.3
Ubuntu 14.04 LTS:
libvncserver0 0.9.9+dfsg-1ubuntu1.4
After a standard system update you need to restart LibVNCServer
applications to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3877-1
CVE-2018-15126, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020,
CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024,
CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-6307
Package Information:
https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libvncserver/0.9.11+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libvncserver/0.9.10+dfsg-3ubuntu0.16.04.3
https://launchpad.net/ubuntu/+source/libvncserver/0.9.9+dfsg-1ubuntu1.4
[USN-3871-2] Linux kernel regression
==========================================================================
Ubuntu Security Notice USN-3871-2
January 31, 2019
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Multiple regressions were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. Unfortunately, that update introduced regressions with docking
station displays and mounting ext4 file systems with the meta_bg
option enabled. This update fixes the problems.
We apologize for the inconvenience.
Original advisory details:
Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10876, CVE-2018-10879)
Wen Xu discovered that a buffer overflow existed in the ext4 filesystem
implementation in the Linux kernel. An attacker could use this to construct
a malicious ext4 image that, when mounted, could cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2018-10877)
Wen Xu discovered that an out-of-bounds write vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10878, CVE-2018-10882)
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in inode
bodies. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10880)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel could possibly perform an out of bounds write when updating the
journal for an inline file. An attacker could use this to construct a
malicious ext4 image that, when mounted, could cause a denial of service
(system crash). (CVE-2018-10883)
It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations. An
attacker with access to debugfs could use this to cause a denial of service
or possibly gain additional privileges. (CVE-2018-9516)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-45-generic 4.15.0-45.48
linux-image-4.15.0-45-generic-lpae 4.15.0-45.48
linux-image-4.15.0-45-lowlatency 4.15.0-45.48
linux-image-4.15.0-45-snapdragon 4.15.0-45.48
linux-image-generic 4.15.0.45.47
linux-image-generic-lpae 4.15.0.45.47
linux-image-lowlatency 4.15.0.45.47
linux-image-snapdragon 4.15.0.45.47
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3871-2
https://usn.ubuntu.com/usn/usn-3871-1
https://launchpad.net/bugs/1813663, https://launchpad.net/bugs/1813727
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-45.48
Ubuntu Security Notice USN-3871-2
January 31, 2019
linux regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Multiple regressions were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04
LTS. Unfortunately, that update introduced regressions with docking
station displays and mounting ext4 file systems with the meta_bg
option enabled. This update fixes the problems.
We apologize for the inconvenience.
Original advisory details:
Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10876, CVE-2018-10879)
Wen Xu discovered that a buffer overflow existed in the ext4 filesystem
implementation in the Linux kernel. An attacker could use this to construct
a malicious ext4 image that, when mounted, could cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2018-10877)
Wen Xu discovered that an out-of-bounds write vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10878, CVE-2018-10882)
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in inode
bodies. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10880)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel could possibly perform an out of bounds write when updating the
journal for an inline file. An attacker could use this to construct a
malicious ext4 image that, when mounted, could cause a denial of service
(system crash). (CVE-2018-10883)
It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations. An
attacker with access to debugfs could use this to cause a denial of service
or possibly gain additional privileges. (CVE-2018-9516)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-45-generic 4.15.0-45.48
linux-image-4.15.0-45-generic-lpae 4.15.0-45.48
linux-image-4.15.0-45-lowlatency 4.15.0-45.48
linux-image-4.15.0-45-snapdragon 4.15.0-45.48
linux-image-generic 4.15.0.45.47
linux-image-generic-lpae 4.15.0.45.47
linux-image-lowlatency 4.15.0.45.47
linux-image-snapdragon 4.15.0.45.47
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3871-2
https://usn.ubuntu.com/usn/usn-3871-1
https://launchpad.net/bugs/1813663, https://launchpad.net/bugs/1813727
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-45.48
[USN-3876-2] Avahi vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3876-2
January 31, 2019
avahi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Avahi.
Software Description:
- avahi: Avahi IPv4LL network address configuration daemon
Details:
USN-3876-1 fixed a vulnerability in Avahi. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Chad Seaman discovered that Avahi incorrectly handled certain
messages.
An attacker could possibly use this issue to cause a denial of
service.
(CVE-2017-6519, CVE-2018-1000845)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
avahi-daemon 0.6.30-5ubuntu2.3
libavahi-core7 0.6.30-5ubuntu2.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3876-2
https://usn.ubuntu.com/usn/usn-3876-1
CVE-2017-6519, CVE-2018-1000845
Ubuntu Security Notice USN-3876-2
January 31, 2019
avahi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Avahi.
Software Description:
- avahi: Avahi IPv4LL network address configuration daemon
Details:
USN-3876-1 fixed a vulnerability in Avahi. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Chad Seaman discovered that Avahi incorrectly handled certain
messages.
An attacker could possibly use this issue to cause a denial of
service.
(CVE-2017-6519, CVE-2018-1000845)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
avahi-daemon 0.6.30-5ubuntu2.3
libavahi-core7 0.6.30-5ubuntu2.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3876-2
https://usn.ubuntu.com/usn/usn-3876-1
CVE-2017-6519, CVE-2018-1000845
[USN-3876-1] Avahi vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3876-1
January 31, 2019
Ubuntu Security Notice USN-3876-1
January 31, 2019
avahi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Avahi.
Software Description:
- avahi: Avahi IPv4LL network address configuration daemon
Details:
Chad Seaman discovered that Avahi incorrectly handled certain messages.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2017-6519, CVE-2018-1000845)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
avahi-daemon 0.7-4ubuntu2.1
libavahi-core7 0.7-4ubuntu2.1
Ubuntu 18.04 LTS:
avahi-daemon 0.7-3.1ubuntu1.2
libavahi-core7 0.7-3.1ubuntu1.2
Ubuntu 16.04 LTS:
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3
libavahi-core7 0.6.32~rc+dfsg-1ubuntu2.3
Ubuntu 14.04 LTS:
avahi-daemon 0.6.31-4ubuntu1.3
libavahi-core7 0.6.31-4ubuntu1.3
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3876-1
CVE-2017-6519, CVE-2018-1000845
Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu2.1
https://launchpad.net/ubuntu/+source/avahi/0.7-3.1ubuntu1.2
https://launchpad.net/ubuntu/+source/avahi/0.6.32~rc+dfsg-1ubuntu2.3
https://launchpad.net/ubuntu/+source/avahi/0.6.31-4ubuntu1.3
Re: Fedora 30 Mass Rebuild
Hi all,
Fedora 30 Mass Rebuild will start in few minutes. We are preparing for the final steps and will run mass rebuild once everything is in place.
On Wed, Jan 30, 2019 at 4:02 AM Mohan Boddu <mboddu@bhujji.com> wrote:
Hi all,Per the Fedora 30 schedule[1] we are supposed to start the mass rebuild on Jan 30th 2019, but due to known bug with gcc it got pushed by a day and will start on Jan 31st 2019[2]. We are doing a mass rebuild for Fedora 30 for all the changes listed inThis is a heads up that it will be done in a side tag and moved overwhen completed. We will be running scripts to output failure stats.please be sure to let releng know if you see any bugs in the reporting.You can contact releng in #fedora-releng on freenode.Failures can be seenhttps://kojipkgs.fedoraproject.org/mass-rebuild/f30-failures.htmlThings still needing rebuiltRegards
Wednesday, January 30, 2019
[USN-3875-1] OpenJDK vulnerability
==========================================================================
Ubuntu Security Notice USN-3875-1
January 30, 2019
openjdk-8, openjdk-lts vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
Java applets or applications could be made to expose sensitive
information.
Software Description:
- openjdk-lts: Open Source Java implementation
- openjdk-8: Open Source Java implementation
Details:
It was discovered that a memory disclosure issue existed in the OpenJDK
Library subsystem. An attacker could use this to expose sensitive
information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
openjdk-11-jdk 11.0.1+13-3ubuntu3.18.10.1
openjdk-11-jre 11.0.1+13-3ubuntu3.18.10.1
openjdk-11-jre-headless 11.0.1+13-3ubuntu3.18.10.1
Ubuntu 16.04 LTS:
openjdk-8-jdk 8u191-b12-2ubuntu0.16.04.1
openjdk-8-jre 8u191-b12-2ubuntu0.16.04.1
openjdk-8-jre-headless 8u191-b12-2ubuntu0.16.04.1
openjdk-8-jre-jamvm 8u191-b12-2ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3875-1
CVE-2019-2422
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.1+13-3ubuntu3.18.10.1
https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-2ubuntu0.16.04.1
Ubuntu Security Notice USN-3875-1
January 30, 2019
openjdk-8, openjdk-lts vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
Java applets or applications could be made to expose sensitive
information.
Software Description:
- openjdk-lts: Open Source Java implementation
- openjdk-8: Open Source Java implementation
Details:
It was discovered that a memory disclosure issue existed in the OpenJDK
Library subsystem. An attacker could use this to expose sensitive
information and possibly bypass Java sandbox restrictions. (CVE-2019-2422)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
openjdk-11-jdk 11.0.1+13-3ubuntu3.18.10.1
openjdk-11-jre 11.0.1+13-3ubuntu3.18.10.1
openjdk-11-jre-headless 11.0.1+13-3ubuntu3.18.10.1
Ubuntu 16.04 LTS:
openjdk-8-jdk 8u191-b12-2ubuntu0.16.04.1
openjdk-8-jre 8u191-b12-2ubuntu0.16.04.1
openjdk-8-jre-headless 8u191-b12-2ubuntu0.16.04.1
openjdk-8-jre-jamvm 8u191-b12-2ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any Java
applications or applets to make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3875-1
CVE-2019-2422
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.1+13-3ubuntu3.18.10.1
https://launchpad.net/ubuntu/+source/openjdk-8/8u191-b12-2ubuntu0.16.04.1
[USN-3874-1] Firefox vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAlxSL6IACgkQYR+97NWU
bg+ETwf7BMUXzWYejb4dv039fcLW+JTsoQwuS7RoRhpSdb/HdK66IdQtV5bEQ51A
EANsFVo5xiKpQyWRs6lVIzMbQgItZxEW7qfld92xGYrHm9pYidkYxlA88GvoX+kS
offbWd5yNARrbQLpyQsB+yhBVioxGBItgv8dnG7Z/CNRLFNW+dInNg2j8OGkXWdF
hHEcVxgblj6Hui+rQvHgUSaZ942jvPD2DzO5fxRboRLZfmYVQEPxVv/bJqoOFLYI
QlgoGYHXJmf7fnE0HrPfNITxIKNCIeXAQzjD4CUmNbx7yadzetfA9SBuyMgVXALc
5xurehe3U1bbkB0yejMbingiujyPXA==
=qPpv
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3874-1
January 30, 2019
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, gain additional
privileges by escaping the sandbox, or execute arbitrary code.
(CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503,
CVE-2018-18504, CVE-2018-18505)
It was discovered that Firefox allowed PAC files to specify that requests
to localhost are sent through the proxy to another server. If proxy
auto-detection is enabled, an attacker could potentially exploit this to
conduct attacks on local services and tools. (CVE-2018-18506)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
firefox 65.0+build2-0ubuntu0.18.10.1
Ubuntu 18.04 LTS:
firefox 65.0+build2-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
firefox 65.0+build2-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 65.0+build2-0ubuntu0.14.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3874-1
CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503,
CVE-2018-18504, CVE-2018-18505, CVE-2018-18506
Package Information:
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.14.04.1
iQEzBAEBCgAdFiEERN//5MGgCOgyKeIFYR+97NWUbg8FAlxSL6IACgkQYR+97NWU
bg+ETwf7BMUXzWYejb4dv039fcLW+JTsoQwuS7RoRhpSdb/HdK66IdQtV5bEQ51A
EANsFVo5xiKpQyWRs6lVIzMbQgItZxEW7qfld92xGYrHm9pYidkYxlA88GvoX+kS
offbWd5yNARrbQLpyQsB+yhBVioxGBItgv8dnG7Z/CNRLFNW+dInNg2j8OGkXWdF
hHEcVxgblj6Hui+rQvHgUSaZ942jvPD2DzO5fxRboRLZfmYVQEPxVv/bJqoOFLYI
QlgoGYHXJmf7fnE0HrPfNITxIKNCIeXAQzjD4CUmNbx7yadzetfA9SBuyMgVXALc
5xurehe3U1bbkB0yejMbingiujyPXA==
=qPpv
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3874-1
January 30, 2019
firefox vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, gain additional
privileges by escaping the sandbox, or execute arbitrary code.
(CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503,
CVE-2018-18504, CVE-2018-18505)
It was discovered that Firefox allowed PAC files to specify that requests
to localhost are sent through the proxy to another server. If proxy
auto-detection is enabled, an attacker could potentially exploit this to
conduct attacks on local services and tools. (CVE-2018-18506)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
firefox 65.0+build2-0ubuntu0.18.10.1
Ubuntu 18.04 LTS:
firefox 65.0+build2-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
firefox 65.0+build2-0ubuntu0.16.04.1
Ubuntu 14.04 LTS:
firefox 65.0+build2-0ubuntu0.14.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3874-1
CVE-2018-18500, CVE-2018-18501, CVE-2018-18502, CVE-2018-18503,
CVE-2018-18504, CVE-2018-18505, CVE-2018-18506
Package Information:
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.16.04.1
https://launchpad.net/ubuntu/+source/firefox/65.0+build2-0ubuntu0.14.04.1
Outage 2019-02-02 13:00 UTC -> 15:00 UTC
This outage is a replacement of an earlier one in December which had to be cancelled.
There will be an outage starting at 2019-02-02 13:00 UTC,
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
or run:
date -d '2019-02-02 13:00UTC'
Reason for outage:
Various switches at the colocation are needing updates and reboots to get latest firmware working. While the outage should not take the entire 2 hours, it is being blocked out in case there are problems which are not realized and need backing out or other changes.
Affected Services:
all build services
most web services
copr and all other cloud services.
Ticket Link:
Please join #fedora-admin or #fedora-noc on irc.freenode.net
or add comments to the ticket for this outage above.
Stephen J Smoogen.
[USN-3873-1] Open vSwitch vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxRrbIACgkQZWnYVadE
vpNXlA//cxJ+QnZvFPM7KKyfWcQVx4s8CMW0iNsgfBG0aLv3L1vHEaLAcx3JW/0f
pxJNyldqsjV7cKMwu21+ok2GOWqxpZGRdEOeYwBh6skhXKF5qYOWorNcN7Z1ZcBK
WnnfSlHaE7FH2P8HVAvZUtfL+BSIy7IhYPfROGp+QKnjPdtD6wBsBr4teN2ZbMsz
Xgmnyf/f0X78osDfg1NaR7oJoChQN9A/oz+EvVOz/PeOgol33UCWO0DgwrsuQvuo
du8hDDMQiR3lSHqxiFvkWWiF8G5P2aZMUNVYh2++jjQsCiQKjwUXDhbntQ1A+9aX
whhpT/HjfdgFy5SEu+7NEIkEMG38OqKmNwI769bGREzyr9wvIn5TlkFUYAFLOvKr
Mny1AY/Zpvi4GArjOkCL73QrFVCgPpGjOagC7xgzy1Rwg3mTy08aJPrnPiOvFShI
KrPypjmAcNc0rwrx3lEMww7i4f/Mym3iBFem1tGMeD0NRLq+7g1IPScQNg6K2/Q7
rlgBNHog8iKLONwSTjErm32JmJfbsAbhyXP+uqQFb1tcuLMdlggrUSXx72h5cySs
0q9JYy/HVS1/Gwwke9pSy3O8s+Su9zSWuuhwiQqO6bT2h+abCmXijGi/5C2Qga42
ZDNRZy93xq2umDBFKJyAxBaJ6tq1ZTmtnWKJ4UtoKniFhofg5fE=
=K/JG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3873-1
January 30, 2019
openvswitch vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Open vSwitch.
Software Description:
- openvswitch: Ethernet virtual switch
Details:
It was discovered that Open vSwitch incorrectly decoded certain packets. A
remote attacker could possibly use this issue to cause Open vSwitch to
crash, resulting in a denial of service. (CVE-2018-17204)
It was discovered that Open vSwitch incorrectly handled processing certain
flows. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-17205)
It was discovered that Open vSwitch incorrectly handled BUNDLE action
decoding. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. (CVE-2018-17206)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
openvswitch-common 2.9.2-0ubuntu0.18.04.3
Ubuntu 16.04 LTS:
openvswitch-common 2.5.5-0ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3873-1
CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
Package Information:
https://launchpad.net/ubuntu/+source/openvswitch/2.9.2-0ubuntu0.18.04.3
https://launchpad.net/ubuntu/+source/openvswitch/2.5.5-0ubuntu0.16.04.2
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxRrbIACgkQZWnYVadE
vpNXlA//cxJ+QnZvFPM7KKyfWcQVx4s8CMW0iNsgfBG0aLv3L1vHEaLAcx3JW/0f
pxJNyldqsjV7cKMwu21+ok2GOWqxpZGRdEOeYwBh6skhXKF5qYOWorNcN7Z1ZcBK
WnnfSlHaE7FH2P8HVAvZUtfL+BSIy7IhYPfROGp+QKnjPdtD6wBsBr4teN2ZbMsz
Xgmnyf/f0X78osDfg1NaR7oJoChQN9A/oz+EvVOz/PeOgol33UCWO0DgwrsuQvuo
du8hDDMQiR3lSHqxiFvkWWiF8G5P2aZMUNVYh2++jjQsCiQKjwUXDhbntQ1A+9aX
whhpT/HjfdgFy5SEu+7NEIkEMG38OqKmNwI769bGREzyr9wvIn5TlkFUYAFLOvKr
Mny1AY/Zpvi4GArjOkCL73QrFVCgPpGjOagC7xgzy1Rwg3mTy08aJPrnPiOvFShI
KrPypjmAcNc0rwrx3lEMww7i4f/Mym3iBFem1tGMeD0NRLq+7g1IPScQNg6K2/Q7
rlgBNHog8iKLONwSTjErm32JmJfbsAbhyXP+uqQFb1tcuLMdlggrUSXx72h5cySs
0q9JYy/HVS1/Gwwke9pSy3O8s+Su9zSWuuhwiQqO6bT2h+abCmXijGi/5C2Qga42
ZDNRZy93xq2umDBFKJyAxBaJ6tq1ZTmtnWKJ4UtoKniFhofg5fE=
=K/JG
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3873-1
January 30, 2019
openvswitch vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Open vSwitch.
Software Description:
- openvswitch: Ethernet virtual switch
Details:
It was discovered that Open vSwitch incorrectly decoded certain packets. A
remote attacker could possibly use this issue to cause Open vSwitch to
crash, resulting in a denial of service. (CVE-2018-17204)
It was discovered that Open vSwitch incorrectly handled processing certain
flows. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-17205)
It was discovered that Open vSwitch incorrectly handled BUNDLE action
decoding. A remote attacker could possibly use this issue to cause Open
vSwitch to crash, resulting in a denial of service. (CVE-2018-17206)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
openvswitch-common 2.9.2-0ubuntu0.18.04.3
Ubuntu 16.04 LTS:
openvswitch-common 2.5.5-0ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3873-1
CVE-2018-17204, CVE-2018-17205, CVE-2018-17206
Package Information:
https://launchpad.net/ubuntu/+source/openvswitch/2.9.2-0ubuntu0.18.04.3
https://launchpad.net/ubuntu/+source/openvswitch/2.5.5-0ubuntu0.16.04.2
Vagrant 2.2 with QEMU Session
https://fedoraproject.org/wiki/Changes/Vagrant_2.2_with_QEMU_Session
== Summary ==
Upgrade to Vagrant 2.2, the latest stable version of Vagrant. Enable
QEMU Session by default.
== Owner ==
* Name: [[User:pvalena | Pavel Valena]], [[User:vondruch | Vit Ondruch]]
* Email: pvalena@redhat.com, vondruch@redhat.com
* Release notes owner:
== Detailed Description ==
Vagrant 2.2 is new upstream's major release, that includes many
features, improvements, and and bug fixes.
Using '''qemu:///session''' instead of '''qemu:///system''' Vagrant
will run unprivileged.
== Benefit to Fedora ==
* Enable QEMU Session by default. With this, there's no need for user
to input any password, or be present in some group. Everyone is able
to use Vagrant, regardless of group or other ACLs.
* Add host support for void linux
* Add support for VirtualBox 6.0
* Add command for uploading files to guest
== Scope ==
* Proposal owners:
** Finish packaging Vagrant 2.2. Current changes:
https://src.fedoraproject.org/rpms/vagrant/pull-request/17
** Finish packaging Vagrant-Libvirt plugin. Current changes:
https://src.fedoraproject.org/rpms/vagrant-libvirt/pull-request/3
** Work has been done in a Copr repository:
https://copr.fedorainfracloud.org/coprs/pvalena/vagrant/
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issues #8085]
** [[Fedora_Program_Management/ReleaseBlocking/Fedora{{FedoraVersionNumber|next}}|List
of deliverables]]: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Because of QEMU Session enabled by defailt, a failure occurs with if
Vagrantfile contains:
```
test_vm.vm.network :private_network, :ip => "172.16.0.2"
```
or similar.
Can be solved by setting `libvirt.qemu_use_session = false` in Vagrantfile.
== How To Test ==
* No special hardware is needed.
* Install Vagrant
* Run ```vagrant version```
* Use your Vagrantfiles or create new as before
* If something doesn't work as it should, let us know.
== User Experience ==
New features that come with Vagrant 2.2 will be available.
Users will not need to add themseles to any group, or have root ACLs
and input a password every time they use Vagrant.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: N/A (not a System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A (not a System Wide Change)
== Documentation ==
https://www.vagrantup.com/docs/
== Release Notes ==
https://github.com/hashicorp/vagrant/blob/master/CHANGELOG.md
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Upgrade to Vagrant 2.2, the latest stable version of Vagrant. Enable
QEMU Session by default.
== Owner ==
* Name: [[User:pvalena | Pavel Valena]], [[User:vondruch | Vit Ondruch]]
* Email: pvalena@redhat.com, vondruch@redhat.com
* Release notes owner:
== Detailed Description ==
Vagrant 2.2 is new upstream's major release, that includes many
features, improvements, and and bug fixes.
Using '''qemu:///session''' instead of '''qemu:///system''' Vagrant
will run unprivileged.
== Benefit to Fedora ==
* Enable QEMU Session by default. With this, there's no need for user
to input any password, or be present in some group. Everyone is able
to use Vagrant, regardless of group or other ACLs.
* Add host support for void linux
* Add support for VirtualBox 6.0
* Add command for uploading files to guest
== Scope ==
* Proposal owners:
** Finish packaging Vagrant 2.2. Current changes:
https://src.fedoraproject.org/rpms/vagrant/pull-request/17
** Finish packaging Vagrant-Libvirt plugin. Current changes:
https://src.fedoraproject.org/rpms/vagrant-libvirt/pull-request/3
** Work has been done in a Copr repository:
https://copr.fedorainfracloud.org/coprs/pvalena/vagrant/
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issues #8085]
** [[Fedora_Program_Management/ReleaseBlocking/Fedora{{FedoraVersionNumber|next}}|List
of deliverables]]: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Because of QEMU Session enabled by defailt, a failure occurs with if
Vagrantfile contains:
```
test_vm.vm.network :private_network, :ip => "172.16.0.2"
```
or similar.
Can be solved by setting `libvirt.qemu_use_session = false` in Vagrantfile.
== How To Test ==
* No special hardware is needed.
* Install Vagrant
* Run ```vagrant version```
* Use your Vagrantfiles or create new as before
* If something doesn't work as it should, let us know.
== User Experience ==
New features that come with Vagrant 2.2 will be available.
Users will not need to add themseles to any group, or have root ACLs
and input a password every time they use Vagrant.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: N/A (not a System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A (not a System Wide Change)
== Documentation ==
https://www.vagrantup.com/docs/
== Release Notes ==
https://github.com/hashicorp/vagrant/blob/master/CHANGELOG.md
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Fedora 30 Mass Rebuild
Hi all,
Per the Fedora 30 schedule[1] we are supposed to start the mass rebuild on Jan 30th 2019, but due to known bug with gcc it got pushed by a day and will start on Jan 31st 2019[2]. We are doing a mass rebuild for Fedora 30 for all the changes listed in
This is a heads up that it will be done in a side tag and moved over
when completed. We will be running scripts to output failure stats.
please be sure to let releng know if you see any bugs in the reporting.
You can contact releng in #fedora-releng on freenode.
Failures can be seen
Things still needing rebuilt
Regards
Tuesday, January 29, 2019
REMINDER: Software string freeze in one week
This is your reminder that the software string freeze deadline is
Tuesday, 5 February 2019.
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Tuesday, 5 February 2019.
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: MongoDB Removal
https://fedoraproject.org/wiki/Changes/MongoDB_Removal
== Summary ==
Fedora has determined that the Server Side Public Licensev1 (SSPL) is
not a Free Software License. Therefore, we need to drop MongoDB from
Fedora.
== Owner ==
* Name: [[User:panovotn| Patrik Novotný]]
<!-- Include you email address that you can be reached should people
want to contact you about helping with your change, status is
requested, or technical issues need to be resolved. If the change
proposal is owned by a SIG, please also add a primary contact person.
-->
* Email: panovotn@redhat.com
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Fedora has determined that the Server Side Public Licensev1 (SSPL) is
not a Free Software License. Therefore, we need to drop MongoDB from
Fedora.
== Owner ==
* Name: [[User:panovotn| Patrik Novotný]]
<!-- Include you email address that you can be reached should people
want to contact you about helping with your change, status is
requested, or technical issues need to be resolved. If the change
proposal is owned by a SIG, please also add a primary contact person.
-->
* Email: panovotn@redhat.com
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: Improved GRUB menu
https://fedoraproject.org/wiki/Changes/ImprovedGrubMenu
== Summary ==
Improve the GRUB menu by only having the default boot option for each
installed operating system in the main menu, and the other options
into a sub-menu. This would better organize the boot options and lead
to an easier and seamless boot experience.
== Owner ==
* Name: [[User:Javierm|Javier Martinez Canillas]]
* Email: javierm@redhat.com
== Detailed Description ==
The current GRUB menu is confusing, specially when multiple operating
systems are installed. The Fedora boot entries are added first and
then the ones for the other installed operating systems.
The main menu contains all the boot entries for Fedora but only the
default boot entry for the other operating systems, the non-default
boot entries for the other installed operating systems are placed into
a per operating system sub-menu.
An example of how the GRUB menu currently looks can be found at
[https://javierm.fedorapeople.org/grub2/menu/fedora_menu.png
https://javierm.fedorapeople.org/grub2/menu/fedora_menu.png]
This can be improved by adding a sub-menu for the Fedora non-default
boot entries, as is already the case for the other installed operating
systems. This will make the boot entries for all the operating systems
consistent.
Another improvement would be to group all the default options for the
operating systems as one section, followed by another section that
groups all the sub-menus for the non-default options.
A tentative design made by Allan Day for the improved GRUB menu can be
found at [https://wiki.gnome.org/Design/OS/BootOptions#Tentative_Design
https://wiki.gnome.org/Design/OS/BootOptions#Tentative_Design]
For Fedora, the boot option in the main menu will either be the
selected default boot entry or if no default was chosen, the latest
installed kernel. For the other installed operating systems, the boot
option in the main menu will be the latest kernel as found by GRUB's
os-prober script.
== Benefit to Fedora ==
Making the menu less confusing and with better organized boot options
will lead to a better user experience and make easier for users to
choose the operating systems to boot.
== Scope ==
* Proposal owners:
# Change GRUB to implement the changes as described in the "Detailed
Description" section.
# Make sure this is all properly documented in release-notes, etc.
* Other developers:
# Test and watch for regressions.
* Policies and guidelines: The policies and guidelines do not need to
be updated.
* Trademark approval: No changes needed.
== Upgrade/compatibility impact ==
The changes are in the grub.cfg file generated at install time by
Anaconda. Users can manually enable this after an upgrade by executing
gru2-mkconfig to regenerate their grub.cfg file.
== How To Test ==
# Single OS test
## Install Fedora in a VM.
## On boot the default boot option is in the main menu and the other
options (e.g: rescue boot option) are in a sub-menu.
# Multi boot test
## Install Fedora on a machine which other operating system installed.
## On boot the default boot options for the operating systems are in
the main menu and the other options in sub-menus.
== User Experience ==
A simpler and easier to understand GRUB boot menu. Choosing which
operating system to boot should be simpler and involve less steps.
== Dependencies ==
None
== Contingency Plan ==
* Contingency mechanism: Revert the GRUB changes.
* Contingency deadline: Beta Freeze
* Blocks release? No
* Blocks product? None
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Improve the GRUB menu by only having the default boot option for each
installed operating system in the main menu, and the other options
into a sub-menu. This would better organize the boot options and lead
to an easier and seamless boot experience.
== Owner ==
* Name: [[User:Javierm|Javier Martinez Canillas]]
* Email: javierm@redhat.com
== Detailed Description ==
The current GRUB menu is confusing, specially when multiple operating
systems are installed. The Fedora boot entries are added first and
then the ones for the other installed operating systems.
The main menu contains all the boot entries for Fedora but only the
default boot entry for the other operating systems, the non-default
boot entries for the other installed operating systems are placed into
a per operating system sub-menu.
An example of how the GRUB menu currently looks can be found at
[https://javierm.fedorapeople.org/grub2/menu/fedora_menu.png
https://javierm.fedorapeople.org/grub2/menu/fedora_menu.png]
This can be improved by adding a sub-menu for the Fedora non-default
boot entries, as is already the case for the other installed operating
systems. This will make the boot entries for all the operating systems
consistent.
Another improvement would be to group all the default options for the
operating systems as one section, followed by another section that
groups all the sub-menus for the non-default options.
A tentative design made by Allan Day for the improved GRUB menu can be
found at [https://wiki.gnome.org/Design/OS/BootOptions#Tentative_Design
https://wiki.gnome.org/Design/OS/BootOptions#Tentative_Design]
For Fedora, the boot option in the main menu will either be the
selected default boot entry or if no default was chosen, the latest
installed kernel. For the other installed operating systems, the boot
option in the main menu will be the latest kernel as found by GRUB's
os-prober script.
== Benefit to Fedora ==
Making the menu less confusing and with better organized boot options
will lead to a better user experience and make easier for users to
choose the operating systems to boot.
== Scope ==
* Proposal owners:
# Change GRUB to implement the changes as described in the "Detailed
Description" section.
# Make sure this is all properly documented in release-notes, etc.
* Other developers:
# Test and watch for regressions.
* Policies and guidelines: The policies and guidelines do not need to
be updated.
* Trademark approval: No changes needed.
== Upgrade/compatibility impact ==
The changes are in the grub.cfg file generated at install time by
Anaconda. Users can manually enable this after an upgrade by executing
gru2-mkconfig to regenerate their grub.cfg file.
== How To Test ==
# Single OS test
## Install Fedora in a VM.
## On boot the default boot option is in the main menu and the other
options (e.g: rescue boot option) are in a sub-menu.
# Multi boot test
## Install Fedora on a machine which other operating system installed.
## On boot the default boot options for the operating systems are in
the main menu and the other options in sub-menus.
== User Experience ==
A simpler and easier to understand GRUB boot menu. Choosing which
operating system to boot should be simpler and involve less steps.
== Dependencies ==
None
== Contingency Plan ==
* Contingency mechanism: Revert the GRUB changes.
* Contingency deadline: Beta Freeze
* Blocks release? No
* Blocks product? None
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Monday, January 28, 2019
[USN-3872-1] Linux kernel (HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3872-1
January 29, 2019
linux-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)
Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the crypto subsystem of the Linux kernel leaked
uninitialized memory to user space in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2018-19854)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.18.0-14-generic 4.18.0-14.15~18.04.1
linux-image-4.18.0-14-generic-lpae 4.18.0-14.15~18.04.1
linux-image-4.18.0-14-lowlatency 4.18.0-14.15~18.04.1
linux-image-4.18.0-14-snapdragon 4.18.0-14.15~18.04.1
linux-image-generic-hwe-18.04 4.18.0.14.64
linux-image-generic-lpae-hwe-18.04 4.18.0.14.64
linux-image-lowlatency-hwe-18.04 4.18.0.14.64
linux-image-snapdragon-hwe-18.04 4.18.0.14.64
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3872-1
CVE-2018-14625, CVE-2018-16882, CVE-2018-19407, CVE-2018-19854
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-14.15~18.04.1
Ubuntu Security Notice USN-3872-1
January 29, 2019
linux-hwe vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)
Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the crypto subsystem of the Linux kernel leaked
uninitialized memory to user space in some situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2018-19854)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.18.0-14-generic 4.18.0-14.15~18.04.1
linux-image-4.18.0-14-generic-lpae 4.18.0-14.15~18.04.1
linux-image-4.18.0-14-lowlatency 4.18.0-14.15~18.04.1
linux-image-4.18.0-14-snapdragon 4.18.0-14.15~18.04.1
linux-image-generic-hwe-18.04 4.18.0.14.64
linux-image-generic-lpae-hwe-18.04 4.18.0.14.64
linux-image-lowlatency-hwe-18.04 4.18.0.14.64
linux-image-snapdragon-hwe-18.04 4.18.0.14.64
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3872-1
CVE-2018-14625, CVE-2018-16882, CVE-2018-19407, CVE-2018-19854
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-14.15~18.04.1
[USN-3871-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3871-1
January 29, 2019
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10876, CVE-2018-10879)
Wen Xu discovered that a buffer overflow existed in the ext4 filesystem
implementation in the Linux kernel. An attacker could use this to construct
a malicious ext4 image that, when mounted, could cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2018-10877)
Wen Xu discovered that an out-of-bounds write vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10878, CVE-2018-10882)
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in inode
bodies. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10880)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel could possibly perform an out of bounds write when updating the
journal for an inline file. An attacker could use this to construct a
malicious ext4 image that, when mounted, could cause a denial of service
(system crash). (CVE-2018-10883)
It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations. An
attacker with access to debugfs could use this to cause a denial of service
or possibly gain additional privileges. (CVE-2018-9516)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-44-generic 4.15.0-44.47
linux-image-4.15.0-44-generic-lpae 4.15.0-44.47
linux-image-4.15.0-44-lowlatency 4.15.0-44.47
linux-image-4.15.0-44-snapdragon 4.15.0-44.47
linux-image-generic 4.15.0.44.46
linux-image-generic-lpae 4.15.0.44.46
linux-image-lowlatency 4.15.0.44.46
linux-image-snapdragon 4.15.0.44.46
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3871-1
CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879,
CVE-2018-10880, CVE-2018-10882, CVE-2018-10883, CVE-2018-14625,
CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407,
CVE-2018-9516
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-44.47
Ubuntu Security Notice USN-3871-1
January 29, 2019
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Wen Xu discovered that a use-after-free vulnerability existed in the ext4
filesystem implementation in the Linux kernel. An attacker could use this
to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10876, CVE-2018-10879)
Wen Xu discovered that a buffer overflow existed in the ext4 filesystem
implementation in the Linux kernel. An attacker could use this to construct
a malicious ext4 image that, when mounted, could cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2018-10877)
Wen Xu discovered that an out-of-bounds write vulnerability existed in the
ext4 filesystem implementation in the Linux kernel. An attacker could use
this to construct a malicious ext4 image that, when mounted, could cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-10878, CVE-2018-10882)
Wen Xu discovered that the ext4 filesystem implementation in the Linux
kernel did not properly ensure that xattr information remained in inode
bodies. An attacker could use this to construct a malicious ext4 image
that, when mounted, could cause a denial of service (system crash).
(CVE-2018-10880)
Wen Xu discovered that the ext4 file system implementation in the Linux
kernel could possibly perform an out of bounds write when updating the
journal for an inline file. An attacker could use this to construct a
malicious ext4 image that, when mounted, could cause a denial of service
(system crash). (CVE-2018-10883)
It was discovered that a race condition existed in the vsock address family
implementation of the Linux kernel that could lead to a use-after-free
condition. A local attacker in a guest virtual machine could use this to
expose sensitive information (host machine kernel memory). (CVE-2018-14625)
Cfir Cohen discovered that a use-after-free vulnerability existed in the
KVM implementation of the Linux kernel, when handling interrupts in
environments where nested virtualization is in use (nested KVM
virtualization is not enabled by default in Ubuntu kernels). A local
attacker in a guest VM could possibly use this to gain administrative
privileges in a host machine. (CVE-2018-16882)
Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the kernel
stack of an arbitrary task. A local attacker could use this to expose
sensitive information. (CVE-2018-17972)
Jann Horn discovered that the mremap() system call in the Linux kernel did
not properly flush the TLB when completing, potentially leaving access to a
physical page after it has been released to the page allocator. A local
attacker could use this to cause a denial of service (system crash), expose
sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)
Wei Wu discovered that the KVM implementation in the Linux kernel did not
properly ensure that ioapics were initialized. A local attacker could use
this to cause a denial of service (system crash). (CVE-2018-19407)
It was discovered that the debug interface for the Linux kernel's HID
subsystem did not properly perform bounds checking in some situations. An
attacker with access to debugfs could use this to cause a denial of service
or possibly gain additional privileges. (CVE-2018-9516)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
linux-image-4.15.0-44-generic 4.15.0-44.47
linux-image-4.15.0-44-generic-lpae 4.15.0-44.47
linux-image-4.15.0-44-lowlatency 4.15.0-44.47
linux-image-4.15.0-44-snapdragon 4.15.0-44.47
linux-image-generic 4.15.0.44.46
linux-image-generic-lpae 4.15.0.44.46
linux-image-lowlatency 4.15.0.44.46
linux-image-snapdragon 4.15.0.44.46
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/usn/usn-3871-1
CVE-2018-10876, CVE-2018-10877, CVE-2018-10878, CVE-2018-10879,
CVE-2018-10880, CVE-2018-10882, CVE-2018-10883, CVE-2018-14625,
CVE-2018-16882, CVE-2018-17972, CVE-2018-18281, CVE-2018-19407,
CVE-2018-9516
Package Information:
https://launchpad.net/ubuntu/+source/linux/4.15.0-44.47
[USN-3870-1] Spice vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxPZ2gACgkQZWnYVadE
vpN5VBAAkAcbwpXIVhUO6RYBvyfz/vBN0h1Abp4ENY76Ag5QUPi01Wu6zZ1QNytf
mbh6rSStUSU4OioBYtOGDZR17DRpaAjfEEMbu+XSG2wpa8ZOObieKXsBdnnfgZFE
rJsuyhqjdpNuyITGMHQYD0PjhmQkvJ74p3k4hC8D0s0Dd2xWoC7nnYD/YGA2WZIM
s2C0Zrt6WQtYeKU2GX3v51/BSGcKKn+zYjacXmq7onRSCJJ4SQAjrE6mSL906+t/
TQqmFb9gQ3kEm/mJ016EYx5nl2RiwNPPbU1khkcSNJhSMAO7eyeJ1qoQCXs7jM/2
YmzFR76e+yfUsGypUzmJvRecqr1dcFBS7X6bSQmvS+s9VJ6/Sm7ln1nS1Mcn2Vze
1xLUULKPF0Fq6D9Pl7gQczw95951S7R1F2twG1mBmC0GzSj8fh3ZVEWI+UYpNGq1
HimRQ+FFeIs7D4vsLCaIpxAdAlSzuytlJpzRGEUAcWmNFWrOczWmx8YDw0Cjs7oI
nC142G6SLbXXekRIrOTshVVu9zgEyMaed1loe2w/7fuRy3sfE0aQYZ+GfXXfrZoB
Ke+oRoSh1U/laks6Isn7Tsq75VExojxP7bBjF08LQ/CTJA93n3ipU1KnBa6/2bHK
apRebFoOC1oXxxCqqfpNKkIL2Yh4OCwjcIeXj6AZys2vglDCA/o=
=GZzB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3870-1
January 28, 2019
spice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Spice could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- spice: SPICE protocol client and server library
Details:
Christophe Fergeau discovered that Spice incorrectly handled memory. A
remote attacker could use this to cause Spice to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libspice-server1 0.14.0-1ubuntu4.2
Ubuntu 18.04 LTS:
libspice-server1 0.14.0-1ubuntu2.4
Ubuntu 16.04 LTS:
libspice-server1 0.12.6-4ubuntu0.4
Ubuntu 14.04 LTS:
libspice-server1 0.12.4-0nocelt2ubuntu1.8
After a standard system update you need to restart qemu guests to make all
the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3870-1
CVE-2019-3813
Package Information:
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu4.2
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu2.4
https://launchpad.net/ubuntu/+source/spice/0.12.6-4ubuntu0.4
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.8
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxPZ2gACgkQZWnYVadE
vpN5VBAAkAcbwpXIVhUO6RYBvyfz/vBN0h1Abp4ENY76Ag5QUPi01Wu6zZ1QNytf
mbh6rSStUSU4OioBYtOGDZR17DRpaAjfEEMbu+XSG2wpa8ZOObieKXsBdnnfgZFE
rJsuyhqjdpNuyITGMHQYD0PjhmQkvJ74p3k4hC8D0s0Dd2xWoC7nnYD/YGA2WZIM
s2C0Zrt6WQtYeKU2GX3v51/BSGcKKn+zYjacXmq7onRSCJJ4SQAjrE6mSL906+t/
TQqmFb9gQ3kEm/mJ016EYx5nl2RiwNPPbU1khkcSNJhSMAO7eyeJ1qoQCXs7jM/2
YmzFR76e+yfUsGypUzmJvRecqr1dcFBS7X6bSQmvS+s9VJ6/Sm7ln1nS1Mcn2Vze
1xLUULKPF0Fq6D9Pl7gQczw95951S7R1F2twG1mBmC0GzSj8fh3ZVEWI+UYpNGq1
HimRQ+FFeIs7D4vsLCaIpxAdAlSzuytlJpzRGEUAcWmNFWrOczWmx8YDw0Cjs7oI
nC142G6SLbXXekRIrOTshVVu9zgEyMaed1loe2w/7fuRy3sfE0aQYZ+GfXXfrZoB
Ke+oRoSh1U/laks6Isn7Tsq75VExojxP7bBjF08LQ/CTJA93n3ipU1KnBa6/2bHK
apRebFoOC1oXxxCqqfpNKkIL2Yh4OCwjcIeXj6AZys2vglDCA/o=
=GZzB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3870-1
January 28, 2019
spice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Spice could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- spice: SPICE protocol client and server library
Details:
Christophe Fergeau discovered that Spice incorrectly handled memory. A
remote attacker could use this to cause Spice to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
libspice-server1 0.14.0-1ubuntu4.2
Ubuntu 18.04 LTS:
libspice-server1 0.14.0-1ubuntu2.4
Ubuntu 16.04 LTS:
libspice-server1 0.12.6-4ubuntu0.4
Ubuntu 14.04 LTS:
libspice-server1 0.12.4-0nocelt2ubuntu1.8
After a standard system update you need to restart qemu guests to make all
the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3870-1
CVE-2019-3813
Package Information:
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu4.2
https://launchpad.net/ubuntu/+source/spice/0.14.0-1ubuntu2.4
https://launchpad.net/ubuntu/+source/spice/0.12.6-4ubuntu0.4
https://launchpad.net/ubuntu/+source/spice/0.12.4-0nocelt2ubuntu1.8
Orphaned packages to be retired
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
I plan to retire packages that were already announced 3 times next Monday.
Unorphan/unretire packages at https://pagure.io/releng/issues
(I still cannot unorphan packages, but rest assured that I monitor the tracker
and I'm not retiring packages that have open request for unorphaning.)
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Remarks: Some packages are falsely reported as orphaned for 60+ weeks.
The issue was reported and I won't retire them sooner than after real 6 weeks.
Sorry about that.
Package (co)maintainers Status Change
================================================================================
RunSnakeRun orphan 2 weeks ago
autotrash frafra, orphan, robyduck 4 weeks ago
bouml orphan 6 weeks ago
bouml-doc orphan 6 weeks ago
catkin orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
dnsyo codeblock, orphan 2 weeks ago
ecryptfs-simple orphan 6 weeks ago
fasd orphan 4 weeks ago
hoard orphan 29 weeks ago
jlibrtp orphan 6 weeks ago
jmake orphan 6 weeks ago
labyrinth orphan 0 weeks ago
memaker orphan 0 weeks ago
python-ceilometermiddleware orphan 68 weeks ago
python-cookies adamwill, orphan 4 weeks ago
python-gencpp orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-genlisp orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-genmsg orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-genpy orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-gnocchiclient orphan 77 weeks ago
python-kafka orphan 77 weeks ago
python-pankoclient orphan 77 weeks ago
python-pytimeparse orphan 77 weeks ago
python-ripe-atlas-cousteau orphan 4 weeks ago
python-ripe-atlas-sagan orphan 4 weeks ago
python-socketIO-client orphan 4 weeks ago
ripe-atlas-tools orphan 4 weeks ago
ros-release orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
rospack orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
scout orphan 0 weeks ago
toothchart orphan 0 weeks ago
tristripper orphan 6 weeks ago
unp mstuchli, orphan, python-sig 2 weeks ago
wifi-radar blackfile, orphan 4 weeks ago
winetricks ekulik, orphan, raphgro, tc01 1 weeks ago
xword orphan 0 weeks ago
The following packages require above mentioned packages:
Depending on: catkin (4), status change: 2019-01-20 (1 weeks ago)
python-gencpp (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-gencpp-0.3.4-14.20130623git403d067.fc29.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
python-genlisp (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-genlisp-0.3.3-14.20130623git8790a17.fc29.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
python-genmsg (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-genmsg-0.3.10-16.20130617git95ca00d.fc28.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
python-genpy (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-genpy-0.3.7-16.20130623giteddf66e.fc29.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
Depending on: python-cookies (1), status change: 2018-12-29 (4 weeks ago)
python-responses (maintained by: athoscr)
python-responses-0.9.0-5.fc30.src requires python3-cookies = 2.2.1-14.fc30
python3-responses-0.9.0-5.fc30.noarch requires python3.7dist(cookies) = 2.2.1
Depending on: python-kafka (1), status change: 2017-08-04 (77 weeks ago)
python-oslo-messaging (maintained by: apevec, gchamoul, markmc, ndipanov,
openstack-sig)
python-oslo-messaging-5.35.1-1.fc30.src requires python2-kafka = 1.4.3-1.fc29,
python3-kafka = 1.4.3-1.fc29
python2-oslo-messaging-tests-5.35.1-1.fc30.noarch requires python2-kafka =
1.4.3-1.fc29
python3-oslo-messaging-tests-5.35.1-1.fc30.noarch requires python3-kafka =
1.4.3-1.fc29
Depending on: python-pytimeparse (1), status change: 2017-08-04 (77 weeks ago)
python-agate (maintained by: jujens)
python-agate-1.6.1-4.fc30.src requires python3dist(pytimeparse) = 1.1.5
python3-agate-1.6.1-4.fc30.noarch requires python3.7dist(pytimeparse) = 1.1.5
Depending on: python-socketIO-client (1), status change: 2018-12-28 (4 weeks ago)
python-ripe-atlas-cousteau (maintained by: orphan)
python-ripe-atlas-cousteau-1.3-9.fc30.src requires python3-socketIO-client =
0.7.2-3.fc30
Depending on: ros-release (1), status change: 2019-01-20 (1 weeks ago)
fawkes (maintained by: rmattes, thofmann, timn)
fawkes-devenv-1.0.1-18.fc29.i686 requires ros-release = 5.0-12.fc29
Depending on: rospack (1), status change: 2019-01-20 (1 weeks ago)
fawkes (maintained by: rmattes, thofmann, timn)
fawkes-devenv-1.0.1-18.fc29.i686 requires rospack = 2.0.14-20.fc29,
rospack-devel = 2.0.14-20.fc29
Affected (co)maintainers
adamwill: python-cookies
apevec: python-kafka
athoscr: python-cookies
blackfile: wifi-radar
codeblock: dnsyo
ekulik: winetricks
frafra: autotrash
gchamoul: python-kafka
jujens: python-pytimeparse
markmc: python-kafka
mstuchli: unp
ndipanov: python-kafka
openstack-sig: python-kafka
python-sig: unp
raphgro: winetricks
rmattes: catkin, rospack, python-genpy, python-genmsg, python-gencpp,
ros-release, python-genlisp
robotics-sig: catkin, rospack, python-genpy, python-genmsg, python-gencpp,
ros-release, python-genlisp
robyduck: autotrash
tc01: winetricks
thofmann: catkin, rospack, python-genpy, python-genmsg, python-gencpp,
ros-release, python-genlisp
timn: ros-release, rospack
Orphans (36): RunSnakeRun autotrash bouml bouml-doc catkin dnsyo
ecryptfs-simple fasd hoard jlibrtp jmake labyrinth memaker
python-ceilometermiddleware python-cookies
python-gencpp python-genlisp python-genmsg python-genpy
python-gnocchiclient python-kafka python-pankoclient
python-pytimeparse python-ripe-atlas-cousteau
python-ripe-atlas-sagan python-socketIO-client
ripe-atlas-tools ros-release rospack scout toothchart
tristripper unp wifi-radar winetricks xword
Orphans (dependend on) (7): catkin python-cookies
python-kafka python-pytimeparse python-socketIO-client ros-release
rospack
Orphans (rawhide) for at least 6 weeks (dependend on) (2):
python-kafka python-pytimeparse
Orphans (rawhide) (not depended on) (29): RunSnakeRun autotrash bouml
bouml-doc dnsyo ecryptfs-simple fasd hoard jlibrtp jmake labyrinth
memaker python-ceilometermiddleware python-gencpp
python-genlisp python-genmsg python-genpy python-gnocchiclient
python-pankoclient python-ripe-atlas-cousteau
python-ripe-atlas-sagan ripe-atlas-tools scout
toothchart tristripper unp wifi-radar winetricks xword
Orphans (rawhide) for at least 6 weeks (not dependend on) (10): bouml
bouml-doc ecryptfs-simple hoard jlibrtp jmake
python-ceilometermiddleware python-gnocchiclient
python-pankoclient tristripper
Depending packages (rawhide) (10): fawkes python-agate python-gencpp
python-genlisp python-genmsg python-genpy python-oslo-messaging
python-responses python-ripe-atlas-cousteau
transmission-remote-cli
Packages depending on packages orphaned (rawhide) for more than 6
weeks (3): python-agate python-oslo-messaging
transmission-remote-cli
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
I plan to retire packages that were already announced 3 times next Monday.
Unorphan/unretire packages at https://pagure.io/releng/issues
(I still cannot unorphan packages, but rest assured that I monitor the tracker
and I'm not retiring packages that have open request for unorphaning.)
Note: If you received this mail directly you (co)maintain one of the affected
packages or a package that depends on one. Please adopt the affected package or
retire your depending package to avoid broken dependencies, otherwise your
package will be retired when the affected package gets retired.
Remarks: Some packages are falsely reported as orphaned for 60+ weeks.
The issue was reported and I won't retire them sooner than after real 6 weeks.
Sorry about that.
Package (co)maintainers Status Change
================================================================================
RunSnakeRun orphan 2 weeks ago
autotrash frafra, orphan, robyduck 4 weeks ago
bouml orphan 6 weeks ago
bouml-doc orphan 6 weeks ago
catkin orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
dnsyo codeblock, orphan 2 weeks ago
ecryptfs-simple orphan 6 weeks ago
fasd orphan 4 weeks ago
hoard orphan 29 weeks ago
jlibrtp orphan 6 weeks ago
jmake orphan 6 weeks ago
labyrinth orphan 0 weeks ago
memaker orphan 0 weeks ago
python-ceilometermiddleware orphan 68 weeks ago
python-cookies adamwill, orphan 4 weeks ago
python-gencpp orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-genlisp orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-genmsg orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-genpy orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
python-gnocchiclient orphan 77 weeks ago
python-kafka orphan 77 weeks ago
python-pankoclient orphan 77 weeks ago
python-pytimeparse orphan 77 weeks ago
python-ripe-atlas-cousteau orphan 4 weeks ago
python-ripe-atlas-sagan orphan 4 weeks ago
python-socketIO-client orphan 4 weeks ago
ripe-atlas-tools orphan 4 weeks ago
ros-release orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
rospack orphan, rmattes, robotics-sig, 1 weeks ago
thofmann
scout orphan 0 weeks ago
toothchart orphan 0 weeks ago
tristripper orphan 6 weeks ago
unp mstuchli, orphan, python-sig 2 weeks ago
wifi-radar blackfile, orphan 4 weeks ago
winetricks ekulik, orphan, raphgro, tc01 1 weeks ago
xword orphan 0 weeks ago
The following packages require above mentioned packages:
Depending on: catkin (4), status change: 2019-01-20 (1 weeks ago)
python-gencpp (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-gencpp-0.3.4-14.20130623git403d067.fc29.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
python-genlisp (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-genlisp-0.3.3-14.20130623git8790a17.fc29.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
python-genmsg (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-genmsg-0.3.10-16.20130617git95ca00d.fc28.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
python-genpy (maintained by: orphan, rmattes, robotics-sig, thofmann)
python-genpy-0.3.7-16.20130623giteddf66e.fc29.src requires catkin-devel =
0.4.5-19.gitd4f1f24.fc29
Depending on: python-cookies (1), status change: 2018-12-29 (4 weeks ago)
python-responses (maintained by: athoscr)
python-responses-0.9.0-5.fc30.src requires python3-cookies = 2.2.1-14.fc30
python3-responses-0.9.0-5.fc30.noarch requires python3.7dist(cookies) = 2.2.1
Depending on: python-kafka (1), status change: 2017-08-04 (77 weeks ago)
python-oslo-messaging (maintained by: apevec, gchamoul, markmc, ndipanov,
openstack-sig)
python-oslo-messaging-5.35.1-1.fc30.src requires python2-kafka = 1.4.3-1.fc29,
python3-kafka = 1.4.3-1.fc29
python2-oslo-messaging-tests-5.35.1-1.fc30.noarch requires python2-kafka =
1.4.3-1.fc29
python3-oslo-messaging-tests-5.35.1-1.fc30.noarch requires python3-kafka =
1.4.3-1.fc29
Depending on: python-pytimeparse (1), status change: 2017-08-04 (77 weeks ago)
python-agate (maintained by: jujens)
python-agate-1.6.1-4.fc30.src requires python3dist(pytimeparse) = 1.1.5
python3-agate-1.6.1-4.fc30.noarch requires python3.7dist(pytimeparse) = 1.1.5
Depending on: python-socketIO-client (1), status change: 2018-12-28 (4 weeks ago)
python-ripe-atlas-cousteau (maintained by: orphan)
python-ripe-atlas-cousteau-1.3-9.fc30.src requires python3-socketIO-client =
0.7.2-3.fc30
Depending on: ros-release (1), status change: 2019-01-20 (1 weeks ago)
fawkes (maintained by: rmattes, thofmann, timn)
fawkes-devenv-1.0.1-18.fc29.i686 requires ros-release = 5.0-12.fc29
Depending on: rospack (1), status change: 2019-01-20 (1 weeks ago)
fawkes (maintained by: rmattes, thofmann, timn)
fawkes-devenv-1.0.1-18.fc29.i686 requires rospack = 2.0.14-20.fc29,
rospack-devel = 2.0.14-20.fc29
Affected (co)maintainers
adamwill: python-cookies
apevec: python-kafka
athoscr: python-cookies
blackfile: wifi-radar
codeblock: dnsyo
ekulik: winetricks
frafra: autotrash
gchamoul: python-kafka
jujens: python-pytimeparse
markmc: python-kafka
mstuchli: unp
ndipanov: python-kafka
openstack-sig: python-kafka
python-sig: unp
raphgro: winetricks
rmattes: catkin, rospack, python-genpy, python-genmsg, python-gencpp,
ros-release, python-genlisp
robotics-sig: catkin, rospack, python-genpy, python-genmsg, python-gencpp,
ros-release, python-genlisp
robyduck: autotrash
tc01: winetricks
thofmann: catkin, rospack, python-genpy, python-genmsg, python-gencpp,
ros-release, python-genlisp
timn: ros-release, rospack
Orphans (36): RunSnakeRun autotrash bouml bouml-doc catkin dnsyo
ecryptfs-simple fasd hoard jlibrtp jmake labyrinth memaker
python-ceilometermiddleware python-cookies
python-gencpp python-genlisp python-genmsg python-genpy
python-gnocchiclient python-kafka python-pankoclient
python-pytimeparse python-ripe-atlas-cousteau
python-ripe-atlas-sagan python-socketIO-client
ripe-atlas-tools ros-release rospack scout toothchart
tristripper unp wifi-radar winetricks xword
Orphans (dependend on) (7): catkin python-cookies
python-kafka python-pytimeparse python-socketIO-client ros-release
rospack
Orphans (rawhide) for at least 6 weeks (dependend on) (2):
python-kafka python-pytimeparse
Orphans (rawhide) (not depended on) (29): RunSnakeRun autotrash bouml
bouml-doc dnsyo ecryptfs-simple fasd hoard jlibrtp jmake labyrinth
memaker python-ceilometermiddleware python-gencpp
python-genlisp python-genmsg python-genpy python-gnocchiclient
python-pankoclient python-ripe-atlas-cousteau
python-ripe-atlas-sagan ripe-atlas-tools scout
toothchart tristripper unp wifi-radar winetricks xword
Orphans (rawhide) for at least 6 weeks (not dependend on) (10): bouml
bouml-doc ecryptfs-simple hoard jlibrtp jmake
python-ceilometermiddleware python-gnocchiclient
python-pankoclient tristripper
Depending packages (rawhide) (10): fawkes python-agate python-gencpp
python-genlisp python-genmsg python-genpy python-oslo-messaging
python-responses python-ripe-atlas-cousteau
transmission-remote-cli
Packages depending on packages orphaned (rawhide) for more than 6
weeks (3): python-agate python-oslo-messaging
transmission-remote-cli
--
The script creating this output is run and developed by Fedora
Release Engineering. Please report issues at its pagure instance:
https://pagure.io/releng/
The sources of this script can be found at:
https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: Retire YUM 3
(Note this change was previously submitted for Fedora 29:
https://pagure.io/fesco/issue/2064)
https://fedoraproject.org/wiki/Changes/Retire_YUM_3
== Summary ==
Remove yum (v3) and all related packages from Fedora.
== Owner ==
* Name: [[User:mdomonko|Michal Domonkos]]
* Email: mdomonko@redhat.com
== Detailed Description ==
Remove packages from the distribution:
* createrepo
* yum
* yum-langpacks
* yum-utils
* yum-metadata-parser
* yum-updatesd
* python-urlgrabber
All these packages should no longer be used and all software using
them should be migrated to DNF.
Compatibility:
* Important packages such as yum, createrepo or yum-utils will be
provided/obsoleted by relevant packages from the dnf stack
* Important executables such yum, repoquery, createrepo, etc. will be
provided either as new executables or via symlinks
== Benefit to Fedora ==
Drop an old package manager that has no active upstream development.
Move existing users to DNF which that has active development.
Secondary benefit is reducing number of packages in Fedora that still
depend on Python 2.
== Scope ==
* Proposal owners: Remove packages from the distribution: createrepo,
yum, yum-langpacks, yum-utils, yum-metadata-parser, yum-updatesd,
python-urlgrabber
* Other developers: Either remove packages from the distribution or
switch them to DNF
* Release engineering: [https://pagure.io/releng/issue/7588 #7588]
* Policies and guidelines: N/A
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Any tool based on YUM 3 Python API will stop working. This applies on
any 3rd party software which won't be changed in Fedora as part of
this change.
CLI compatibility will be provided by DNF.
== How To Test ==
Repoclosure passes after dropping the packages.
== User Experience ==
There shouldn't be any impact on YUM users because the functionality
is provided by DNF already.
Users of tools listed in the Dependencies section shouldn't see any
difference if the migration to DNF is done properly.
== Dependencies ==
The list of source packages (SRPMs) that still depend on some of the
yum-related packages to be removed:
(see wiki page)
== Contingency Plan ==
* Contingency mechanism: Do not remove the packages in the current release.
* Contingency deadline: Beta Freeze
* Blocks release? No
* Blocks product? No
== Documentation ==
N/A
== Release Notes ==
Inform end-users about removing the YUM 3 stack and definitive migration to DNF.
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
https://pagure.io/fesco/issue/2064)
https://fedoraproject.org/wiki/Changes/Retire_YUM_3
== Summary ==
Remove yum (v3) and all related packages from Fedora.
== Owner ==
* Name: [[User:mdomonko|Michal Domonkos]]
* Email: mdomonko@redhat.com
== Detailed Description ==
Remove packages from the distribution:
* createrepo
* yum
* yum-langpacks
* yum-utils
* yum-metadata-parser
* yum-updatesd
* python-urlgrabber
All these packages should no longer be used and all software using
them should be migrated to DNF.
Compatibility:
* Important packages such as yum, createrepo or yum-utils will be
provided/obsoleted by relevant packages from the dnf stack
* Important executables such yum, repoquery, createrepo, etc. will be
provided either as new executables or via symlinks
== Benefit to Fedora ==
Drop an old package manager that has no active upstream development.
Move existing users to DNF which that has active development.
Secondary benefit is reducing number of packages in Fedora that still
depend on Python 2.
== Scope ==
* Proposal owners: Remove packages from the distribution: createrepo,
yum, yum-langpacks, yum-utils, yum-metadata-parser, yum-updatesd,
python-urlgrabber
* Other developers: Either remove packages from the distribution or
switch them to DNF
* Release engineering: [https://pagure.io/releng/issue/7588 #7588]
* Policies and guidelines: N/A
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Any tool based on YUM 3 Python API will stop working. This applies on
any 3rd party software which won't be changed in Fedora as part of
this change.
CLI compatibility will be provided by DNF.
== How To Test ==
Repoclosure passes after dropping the packages.
== User Experience ==
There shouldn't be any impact on YUM users because the functionality
is provided by DNF already.
Users of tools listed in the Dependencies section shouldn't see any
difference if the migration to DNF is done properly.
== Dependencies ==
The list of source packages (SRPMs) that still depend on some of the
yum-related packages to be removed:
(see wiki page)
== Contingency Plan ==
* Contingency mechanism: Do not remove the packages in the current release.
* Contingency deadline: Beta Freeze
* Blocks release? No
* Blocks product? No
== Documentation ==
N/A
== Release Notes ==
Inform end-users about removing the YUM 3 stack and definitive migration to DNF.
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: Fish 3.0
https://fedoraproject.org/wiki/Changes/Fish_3.0
== Summary ==
Update [https://fishshell.com/ Fish] to 3.0.
== Owner ==
* Name: [[User:ignatenkobrain|Igor Gnatenko]]
* Email: ignatenkobrain@fedoraproject.org
== Detailed Description ==
Not only update it in F30 but also provide new version as opt-in for
F28 and F29.
== Benefit to Fedora ==
The new version of Fish has quite some number of bugfixes, features
and performance improvements.
== Scope ==
* Proposal owners: Put fish 3.0 into a module (that means it will be
available for F28 and F29) and mark it as default in Rawhide.
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issue/8077 #8077]
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
* Process and job expansion has largely been removed. <code>%</code>
will no longer perform these expansions, except for <code>%self</code>
for the PID of the current shell. Additionally, job management
commands (<code>disown</code>, <code>wait</code>, <code>bg</code>,
<code>fg</code> and <code>kill</code>) will expand job specifiers
starting with <code>%</code>
([https://github.com/fish-shell/fish-shell/issues/4230 #4230],
[https://github.com/fish-shell/fish-shell/issues/1202 #1202]).
* <code>set x[1] x[2] a b</code>, to set multiple elements of an array
at once, is no longer valid syntax
([https://github.com/fish-shell/fish-shell/issues/4236 #4236]).
* A literal <code>{}</code> now expands to itself, rather than
nothing. This makes working with <code>find -exec</code> easier
([https://github.com/fish-shell/fish-shell/issues/1109 #1109],
[https://github.com/fish-shell/fish-shell/pull/4632 #4632]).
* Literally accessing a zero-index is now illegal syntax and is caught
by the parser ([https://github.com/fish-shell/fish-shell/issues/4862
#4862]). (fish indices start at 1)
* Successive commas in brace expansions are handled in less surprising
manner. For example, <code>{,,,}</code> expands to four empty strings
rather than an empty string, a comma and an empty string again
([https://github.com/fish-shell/fish-shell/issues/3002 #3002],
[https://github.com/fish-shell/fish-shell/pull/4632 #4632]).
* <code>for</code> loop control variables are no longer local to the
<code>for</code> block
([https://github.com/fish-shell/fish-shell/issues/1935 #1935]).
* Variables set in <code>if</code> and <code>while</code> conditions
are available outside the block
([https://github.com/fish-shell/fish-shell/issues/4820 #4820]).
* Local exported (<code>set -lx</code>) vars are now visible to
functions ([https://github.com/fish-shell/fish-shell/issues/1091
#1091]).
* The new <code>math</code> builtin (see below) does not support
logical expressions; <code>test</code> should be used instead
([https://github.com/fish-shell/fish-shell/issues/4777 #4777]).
* Range expansion will now behave sensibly when given a single
positive and negative index (<code>$foo[5..-1]</code> or
<code>$foo[-1..5]</code>), clamping to the last valid index without
changing direction if the list has fewer elements than expected.
* <code>read</code> now uses <code>-s</code> as short for
<code>--silent</code> (à la <code>bash</code>); <code>--shell</code>'s
abbreviation (formerly <code>-s</code>) is now <code>-S</code> instead
([https://github.com/fish-shell/fish-shell/issues/4490 #4490]).
* <code>cd</code> no longer resolves symlinks. fish now maintains a
virtual path, matching other shells
([https://github.com/fish-shell/fish-shell/issues/3350 #3350]).
* <code>source</code> now requires an explicit <code>-</code> as the
filename to read from the terminal
([https://github.com/fish-shell/fish-shell/issues/2633 #2633]).
* Arguments to <code>end</code> are now errors, instead of being
silently ignored.
* The names <code>argparse</code>, <code>read</code>,
<code>set</code>, <code>status</code>, <code>test</code> and
<code>[</code> are now reserved and not allowed as function names.
This prevents users unintentionally breaking stuff
([https://github.com/fish-shell/fish-shell/issues/3000 #3000]).
* The <code>fish_user_abbreviations</code> variable is no longer used;
abbreviations will be migrated to the new storage format
automatically.
* The <code>FISH_READ_BYTE_LIMIT</code> variable is now called
<code>fish_byte_limit</code>
([https://github.com/fish-shell/fish-shell/issues/4414 #4414]).
* Environment variables are no longer split into arrays based on the
record separator character on startup. Instead, variables are not
split, unless their name ends in PATH, in which case they are split on
colons ([https://github.com/fish-shell/fish-shell/issues/436 #436]).
* The <code>history</code> builtin's <code>--with-time</code> option
has been removed; this has been deprecated in favor of
<code>--show-time</code> since 2.7.0
([https://github.com/fish-shell/fish-shell/pull/4403 #4403]).
* The internal variables <code>__fish_datadir</code> and
<code>__fish_sysconfdir</code> are now known as
<code>__fish_data_dir</code> and <code>__fish_sysconf_dir</code>
respectively.
== How To Test ==
0. Make sure to have modular repositories enabled
1. Run dnf module install fish:3
2. Try out normal workload in fish
== User Experience ==
* fish now supports <code>&&</code> (like <code>and</code>),
<code>||</code> (like <code>or</code>), and <code>!</code> (like
<code>not</code>), for better migration from POSIX-compliant shells
([https://github.com/fish-shell/fish-shell/issues/4620 #4620]).
* fish may be started in private mode via <code>fish --private</code>.
Private mode fish sessions do not have access to the history file and
any commands evaluated in private mode are not persisted for future
sessions. A session variable <code>$fish_private_mode</code> can be
queried to detect private mode and adjust the behavior of scripts
accordingly to respect the user's wish for privacy.
* A new <code>wait</code> command for waiting on backgrounded
processes ([https://github.com/fish-shell/fish-shell/pull/4498
#4498]).
* <code>alias</code> has a new <code>--save</code> option to save the
generated function immediately
([https://github.com/fish-shell/fish-shell/pull/4878 #4878]).
* <code>funced</code> has a new <code>--save</code> option to
automatically save the edited function after successfully editing
([https://github.com/fish-shell/fish-shell/pull/4668 #4668]).
* <code>history search</code> supports globs for wildcard searching
([https://github.com/fish-shell/fish-shell/issues/3136 #3136]) and has
a new <code>--reverse</code> option to show entries from oldest to
newest ([https://github.com/fish-shell/fish-shell/pull/4375 #4375]).
* <code>set</code> has new <code>--append</code> and
<code>--prepend</code> options
([https://github.com/fish-shell/fish-shell/issues/1326 #1326]).
* <code>set</code> has a new <code>--show</code> option to show lots
of information about variables
([https://github.com/fish-shell/fish-shell/issues/4265 #4265]).
* <code>string match</code> with an empty pattern and
<code>--entire</code> in glob mode now matches everything instead of
nothing ([https://github.com/fish-shell/fish-shell/issues/4971
#4971]).
* <code>string split</code> supports a new <code>--no-empty</code>
option to exclude empty strings from the result
([https://github.com/fish-shell/fish-shell/pull/4779 #4779]).
* <code>string</code> has new subcommands <code>split0</code> and
<code>join0</code> for working with NUL-delimited output.
* <code>string</code> no longer stops processing text after NUL
characters ([https://github.com/fish-shell/fish-shell/issues/4605
#4605])
* <code>string escape</code> has a new <code>--style regex</code>
option for escaping strings to be matched literally in
<code>string</code> regex operations.
* <code>test</code> now supports floating point values in numeric comparisons.
* Pressing Ctrl-C while running a script now reliably terminates fish
([https://github.com/fish-shell/fish-shell/issues/5253 #5253]).
See https://fishshell.com/release_notes.html for more.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A
* Contingency deadline: N/A (not a System Wide Change)
== Documentation ==
https://fishshell.com/release_notes.html
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Update [https://fishshell.com/ Fish] to 3.0.
== Owner ==
* Name: [[User:ignatenkobrain|Igor Gnatenko]]
* Email: ignatenkobrain@fedoraproject.org
== Detailed Description ==
Not only update it in F30 but also provide new version as opt-in for
F28 and F29.
== Benefit to Fedora ==
The new version of Fish has quite some number of bugfixes, features
and performance improvements.
== Scope ==
* Proposal owners: Put fish 3.0 into a module (that means it will be
available for F28 and F29) and mark it as default in Rawhide.
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issue/8077 #8077]
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
* Process and job expansion has largely been removed. <code>%</code>
will no longer perform these expansions, except for <code>%self</code>
for the PID of the current shell. Additionally, job management
commands (<code>disown</code>, <code>wait</code>, <code>bg</code>,
<code>fg</code> and <code>kill</code>) will expand job specifiers
starting with <code>%</code>
([https://github.com/fish-shell/fish-shell/issues/4230 #4230],
[https://github.com/fish-shell/fish-shell/issues/1202 #1202]).
* <code>set x[1] x[2] a b</code>, to set multiple elements of an array
at once, is no longer valid syntax
([https://github.com/fish-shell/fish-shell/issues/4236 #4236]).
* A literal <code>{}</code> now expands to itself, rather than
nothing. This makes working with <code>find -exec</code> easier
([https://github.com/fish-shell/fish-shell/issues/1109 #1109],
[https://github.com/fish-shell/fish-shell/pull/4632 #4632]).
* Literally accessing a zero-index is now illegal syntax and is caught
by the parser ([https://github.com/fish-shell/fish-shell/issues/4862
#4862]). (fish indices start at 1)
* Successive commas in brace expansions are handled in less surprising
manner. For example, <code>{,,,}</code> expands to four empty strings
rather than an empty string, a comma and an empty string again
([https://github.com/fish-shell/fish-shell/issues/3002 #3002],
[https://github.com/fish-shell/fish-shell/pull/4632 #4632]).
* <code>for</code> loop control variables are no longer local to the
<code>for</code> block
([https://github.com/fish-shell/fish-shell/issues/1935 #1935]).
* Variables set in <code>if</code> and <code>while</code> conditions
are available outside the block
([https://github.com/fish-shell/fish-shell/issues/4820 #4820]).
* Local exported (<code>set -lx</code>) vars are now visible to
functions ([https://github.com/fish-shell/fish-shell/issues/1091
#1091]).
* The new <code>math</code> builtin (see below) does not support
logical expressions; <code>test</code> should be used instead
([https://github.com/fish-shell/fish-shell/issues/4777 #4777]).
* Range expansion will now behave sensibly when given a single
positive and negative index (<code>$foo[5..-1]</code> or
<code>$foo[-1..5]</code>), clamping to the last valid index without
changing direction if the list has fewer elements than expected.
* <code>read</code> now uses <code>-s</code> as short for
<code>--silent</code> (à la <code>bash</code>); <code>--shell</code>'s
abbreviation (formerly <code>-s</code>) is now <code>-S</code> instead
([https://github.com/fish-shell/fish-shell/issues/4490 #4490]).
* <code>cd</code> no longer resolves symlinks. fish now maintains a
virtual path, matching other shells
([https://github.com/fish-shell/fish-shell/issues/3350 #3350]).
* <code>source</code> now requires an explicit <code>-</code> as the
filename to read from the terminal
([https://github.com/fish-shell/fish-shell/issues/2633 #2633]).
* Arguments to <code>end</code> are now errors, instead of being
silently ignored.
* The names <code>argparse</code>, <code>read</code>,
<code>set</code>, <code>status</code>, <code>test</code> and
<code>[</code> are now reserved and not allowed as function names.
This prevents users unintentionally breaking stuff
([https://github.com/fish-shell/fish-shell/issues/3000 #3000]).
* The <code>fish_user_abbreviations</code> variable is no longer used;
abbreviations will be migrated to the new storage format
automatically.
* The <code>FISH_READ_BYTE_LIMIT</code> variable is now called
<code>fish_byte_limit</code>
([https://github.com/fish-shell/fish-shell/issues/4414 #4414]).
* Environment variables are no longer split into arrays based on the
record separator character on startup. Instead, variables are not
split, unless their name ends in PATH, in which case they are split on
colons ([https://github.com/fish-shell/fish-shell/issues/436 #436]).
* The <code>history</code> builtin's <code>--with-time</code> option
has been removed; this has been deprecated in favor of
<code>--show-time</code> since 2.7.0
([https://github.com/fish-shell/fish-shell/pull/4403 #4403]).
* The internal variables <code>__fish_datadir</code> and
<code>__fish_sysconfdir</code> are now known as
<code>__fish_data_dir</code> and <code>__fish_sysconf_dir</code>
respectively.
== How To Test ==
0. Make sure to have modular repositories enabled
1. Run dnf module install fish:3
2. Try out normal workload in fish
== User Experience ==
* fish now supports <code>&&</code> (like <code>and</code>),
<code>||</code> (like <code>or</code>), and <code>!</code> (like
<code>not</code>), for better migration from POSIX-compliant shells
([https://github.com/fish-shell/fish-shell/issues/4620 #4620]).
* fish may be started in private mode via <code>fish --private</code>.
Private mode fish sessions do not have access to the history file and
any commands evaluated in private mode are not persisted for future
sessions. A session variable <code>$fish_private_mode</code> can be
queried to detect private mode and adjust the behavior of scripts
accordingly to respect the user's wish for privacy.
* A new <code>wait</code> command for waiting on backgrounded
processes ([https://github.com/fish-shell/fish-shell/pull/4498
#4498]).
* <code>alias</code> has a new <code>--save</code> option to save the
generated function immediately
([https://github.com/fish-shell/fish-shell/pull/4878 #4878]).
* <code>funced</code> has a new <code>--save</code> option to
automatically save the edited function after successfully editing
([https://github.com/fish-shell/fish-shell/pull/4668 #4668]).
* <code>history search</code> supports globs for wildcard searching
([https://github.com/fish-shell/fish-shell/issues/3136 #3136]) and has
a new <code>--reverse</code> option to show entries from oldest to
newest ([https://github.com/fish-shell/fish-shell/pull/4375 #4375]).
* <code>set</code> has new <code>--append</code> and
<code>--prepend</code> options
([https://github.com/fish-shell/fish-shell/issues/1326 #1326]).
* <code>set</code> has a new <code>--show</code> option to show lots
of information about variables
([https://github.com/fish-shell/fish-shell/issues/4265 #4265]).
* <code>string match</code> with an empty pattern and
<code>--entire</code> in glob mode now matches everything instead of
nothing ([https://github.com/fish-shell/fish-shell/issues/4971
#4971]).
* <code>string split</code> supports a new <code>--no-empty</code>
option to exclude empty strings from the result
([https://github.com/fish-shell/fish-shell/pull/4779 #4779]).
* <code>string</code> has new subcommands <code>split0</code> and
<code>join0</code> for working with NUL-delimited output.
* <code>string</code> no longer stops processing text after NUL
characters ([https://github.com/fish-shell/fish-shell/issues/4605
#4605])
* <code>string escape</code> has a new <code>--style regex</code>
option for escaping strings to be matched literally in
<code>string</code> regex operations.
* <code>test</code> now supports floating point values in numeric comparisons.
* Pressing Ctrl-C while running a script now reliably terminates fish
([https://github.com/fish-shell/fish-shell/issues/5253 #5253]).
See https://fishshell.com/release_notes.html for more.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A
* Contingency deadline: N/A (not a System Wide Change)
== Documentation ==
https://fishshell.com/release_notes.html
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: Haskell GHC 8.4 and Stackage LTS 12
https://fedoraproject.org/wiki/Changes/GHC_8.4
== Summary ==
Update the ghc Haskell compiler version from 8.2.2 to 8.4.4 and
Haskell packages to Stackage LTS 12 versions.
== Owner ==
* Name: [[User:Petersen| Jens Petersen]]
* Email: <petersen@redhat.com>
* Name: [[Haskell_SIG]]
* Email: <haskell@lists.fedoraproject.org>
== Detailed Description ==
The Fedora Haskell packages will be updated to
[https://downloads.haskell.org/~ghc/8.4.4/docs/html/users_guide/8.4.4-notes.html
ghc-8.4.4] and [https://www.stackage.org/lts-12 Stackage LTS 12]
versions.
== Benefit to Fedora ==
This updates Fedora to the latest stable release of GHC 8.4, with a
focus on performance, stability, consolidation, and numerous cleanups
throughout the compiler:
* Further refinement of TypeInType, including significant improvements
in error messages.
* Improvements in code generation resulting in noticable performance
improvements in some types of programs.
* Core library improvements, including phase 2 of the Semigroup/Monoid proposal
* Many improvements to instance deriving
* The resolution of nearly 300 other tickets for the 8.4.1 major
release, and further bugfixes in the subsequent stable minor version
releases
== Scope ==
* Proposal owners:
** Request f30-ghc Koji sidetag for building
([https://pagure.io/releng/issue/8014 done])
** Update the ghc master branch to version 8.4.4 (rebasing to version
from the ghc:8.4 module stream)
** Update Haskell packages to Stackage LTS 12 versions using `cabal-rpm update`
** Rebuild all packages in `rpmbuild-order` locally
** Some old unused libraries no longer in Stackage may be retired from
Rawhide at this time.
** If time permits there may be some packaging changes: to add back
doc subpackages and use explicit files list in .spec files
** Build everything in the Koji f30-ghc sidetag in `rpmbuild-order`
** Request releng to move all the rebuilt packages into Rawhide
** Add Obsoletes needed for any deprecated packages
* Other developers: all required packages will be rebuilt by the
Haskell SIG, though we are open to support from any of the few
packagers outside the SIG
* Release engineering: [https://pagure.io/releng/issue/8014 issue #8014]
** List of deliverables: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Users will need to recompile their Haskell code with the new version
of ghc and libraries.
== How To Test ==
* `dnf install ghc-*-devel`
* `dnf install cabal-install pandoc ShellCheck`
* `cabal update && cabal install some-pkg`
* `ghci`
* `dnf update ghc-*-devel`
== User Experience ==
Users will have the latest really stable Haskell package releases
available to them through the official Fedora repo.
(Note the latest Stackage LTS 13 release is actually with the newer
ghc-8.6 major version but it has some issues including not building on
s390x yet and less packages and maturity, so we are deliberately not
jumping a major release for this change.)
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?): Proposal
owner will revert git master branches to the mass rebuilt F29 versions
package set
* Contingency deadline: Before branching of F30
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.1-released
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.2-released
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.3-released
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.4-released
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Update the ghc Haskell compiler version from 8.2.2 to 8.4.4 and
Haskell packages to Stackage LTS 12 versions.
== Owner ==
* Name: [[User:Petersen| Jens Petersen]]
* Email: <petersen@redhat.com>
* Name: [[Haskell_SIG]]
* Email: <haskell@lists.fedoraproject.org>
== Detailed Description ==
The Fedora Haskell packages will be updated to
[https://downloads.haskell.org/~ghc/8.4.4/docs/html/users_guide/8.4.4-notes.html
ghc-8.4.4] and [https://www.stackage.org/lts-12 Stackage LTS 12]
versions.
== Benefit to Fedora ==
This updates Fedora to the latest stable release of GHC 8.4, with a
focus on performance, stability, consolidation, and numerous cleanups
throughout the compiler:
* Further refinement of TypeInType, including significant improvements
in error messages.
* Improvements in code generation resulting in noticable performance
improvements in some types of programs.
* Core library improvements, including phase 2 of the Semigroup/Monoid proposal
* Many improvements to instance deriving
* The resolution of nearly 300 other tickets for the 8.4.1 major
release, and further bugfixes in the subsequent stable minor version
releases
== Scope ==
* Proposal owners:
** Request f30-ghc Koji sidetag for building
([https://pagure.io/releng/issue/8014 done])
** Update the ghc master branch to version 8.4.4 (rebasing to version
from the ghc:8.4 module stream)
** Update Haskell packages to Stackage LTS 12 versions using `cabal-rpm update`
** Rebuild all packages in `rpmbuild-order` locally
** Some old unused libraries no longer in Stackage may be retired from
Rawhide at this time.
** If time permits there may be some packaging changes: to add back
doc subpackages and use explicit files list in .spec files
** Build everything in the Koji f30-ghc sidetag in `rpmbuild-order`
** Request releng to move all the rebuilt packages into Rawhide
** Add Obsoletes needed for any deprecated packages
* Other developers: all required packages will be rebuilt by the
Haskell SIG, though we are open to support from any of the few
packagers outside the SIG
* Release engineering: [https://pagure.io/releng/issue/8014 issue #8014]
** List of deliverables: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
Users will need to recompile their Haskell code with the new version
of ghc and libraries.
== How To Test ==
* `dnf install ghc-*-devel`
* `dnf install cabal-install pandoc ShellCheck`
* `cabal update && cabal install some-pkg`
* `ghci`
* `dnf update ghc-*-devel`
== User Experience ==
Users will have the latest really stable Haskell package releases
available to them through the official Fedora repo.
(Note the latest Stackage LTS 13 release is actually with the newer
ghc-8.6 major version but it has some issues including not building on
s390x yet and less packages and maturity, so we are deliberately not
jumping a major release for this change.)
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?): Proposal
owner will revert git master branches to the mass rebuilt F29 versions
package set
* Contingency deadline: Before branching of F30
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.1-released
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.2-released
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.3-released
* https://ghc.haskell.org/trac/ghc/blog/ghc-8.4.4-released
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: SWID tag enablement
https://fedoraproject.org/wiki/Changes/SWID_Tag_Enablement
== Summary ==
Provide tools to allow users and developers to create Software
Identity (SWID) tags for Fedora installs and repositories.
== Owner ==
* Name: [[User:adelton|Jan Pazdziora]]
* Email: jpazdziora@redhat.com
== Detailed Description ==
SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying
software installed on a system. We already have SWID tags in
fedora-release to identify the overall release+edition of Fedora. We
will add tools to allow users to
* list installed tags
* create and install individual tags identifying RPMs
* add pre-built tags to repositories
* automatically update local tags as packages are installed, updated and removed
This will involve standalone tools to query and build SWID tags and to
add prebuilt tags to dnf repositories, and plugins for dnf/libdnf to
build and download tags.
== Benefit to Fedora ==
Fedora will be usable to users and developers interested in the SWID
functionality being added to relevant other tools, such as
OpenSCAP-1.3.
== Scope ==
* Proposal owners:
** Add python SWID tools (swidq, rpm2swidtag)
** add SWID metadata awareness to createrepo (but this will not be
used in Fedora, only enabled for user use), agreeing metadata format
with dnf team
** add dnf and libdnf plugins (no core dnf/libdnf changes expected)
* Other developers: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
N/A (not a System Wide Change)
== User Experience ==
No change unless users choose to enable SWID tags.
If requested, SWID tags will be either built automatically on demand
for installed RPMs, or downloaded from a repository that the user has
added SWID tags to, at the user's choice. swidq will allow the user
to see all installed tags and their relationships.
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), No
* Blocks product? No
== Release Notes ==
Inform users of new capabilities and how they can be used with the
existing tags in fedora-release-*
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Provide tools to allow users and developers to create Software
Identity (SWID) tags for Fedora installs and repositories.
== Owner ==
* Name: [[User:adelton|Jan Pazdziora]]
* Email: jpazdziora@redhat.com
== Detailed Description ==
SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying
software installed on a system. We already have SWID tags in
fedora-release to identify the overall release+edition of Fedora. We
will add tools to allow users to
* list installed tags
* create and install individual tags identifying RPMs
* add pre-built tags to repositories
* automatically update local tags as packages are installed, updated and removed
This will involve standalone tools to query and build SWID tags and to
add prebuilt tags to dnf repositories, and plugins for dnf/libdnf to
build and download tags.
== Benefit to Fedora ==
Fedora will be usable to users and developers interested in the SWID
functionality being added to relevant other tools, such as
OpenSCAP-1.3.
== Scope ==
* Proposal owners:
** Add python SWID tools (swidq, rpm2swidtag)
** add SWID metadata awareness to createrepo (but this will not be
used in Fedora, only enabled for user use), agreeing metadata format
with dnf team
** add dnf and libdnf plugins (no core dnf/libdnf changes expected)
* Other developers: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
N/A (not a System Wide Change)
== User Experience ==
No change unless users choose to enable SWID tags.
If requested, SWID tags will be either built automatically on demand
for installed RPMs, or downloaded from a repository that the user has
added SWID tags to, at the user's choice. swidq will allow the user
to see all installed tags and their relationships.
== Contingency Plan ==
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), No
* Blocks product? No
== Release Notes ==
Inform users of new capabilities and how they can be used with the
existing tags in fedora-release-*
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
F30 Self-Contained Change proposal: LXQt 0.14.0
https://fedoraproject.org/wiki/Changes/LXQt_0.14.0
== Summary ==
Update LXQt to 0.14.0 in Fedora.
== Owner ==
* Name: [[User:Zsun|Zamir SUN]]
* Email: zsun#AT#fedoraproject.org <!--- bugzilla account : sztsian #
gmail.com -->
== Detailed Description ==
LXQt just released with a bunch of bugfixes. It's always good to keep
Fedora users running on most recent software.
Detailed LXQt release note is available
[https://lxqt.org/release/2019/01/25/lxqt-0140/ here].
== Benefit to Fedora ==
This change brings bug fixes and enhancements to LXQt in Fedora.
== Scope ==
* Proposal owners:
1. Update all the LXQt related packages in Fedora.
2. Drop lxqt-l10n from Fedora 30 which is obsoleted since LXQt 0.14.0
3. Fix comps and/or kickstart if needed.
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issue/8076 #8076] (a
check of an impact with Release Engineering is needed)
** List of deliverables: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== User Experience ==
Users shouldn't feel any difference rather than bug fixes and new features.
== Dependencies ==
The package libqtxdg will be updated. Only Deepin related packages
depends on this. In theory the Deepin change owner will need to be
reminded. In reality I am also the DeepinDE change owner, so there
aren't any risk for this aspect.
== Contingency Plan ==
* Contingency mechanism: Not announcing the update.
* Contingency deadline: Fedora 30 Beta Freeze
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Update LXQt to 0.14.0 in Fedora.
== Owner ==
* Name: [[User:Zsun|Zamir SUN]]
* Email: zsun#AT#fedoraproject.org <!--- bugzilla account : sztsian #
gmail.com -->
== Detailed Description ==
LXQt just released with a bunch of bugfixes. It's always good to keep
Fedora users running on most recent software.
Detailed LXQt release note is available
[https://lxqt.org/release/2019/01/25/lxqt-0140/ here].
== Benefit to Fedora ==
This change brings bug fixes and enhancements to LXQt in Fedora.
== Scope ==
* Proposal owners:
1. Update all the LXQt related packages in Fedora.
2. Drop lxqt-l10n from Fedora 30 which is obsoleted since LXQt 0.14.0
3. Fix comps and/or kickstart if needed.
* Other developers: N/A (not a System Wide Change)
* Release engineering: [https://pagure.io/releng/issue/8076 #8076] (a
check of an impact with Release Engineering is needed)
** List of deliverables: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== User Experience ==
Users shouldn't feel any difference rather than bug fixes and new features.
== Dependencies ==
The package libqtxdg will be updated. Only Deepin related packages
depends on this. In theory the Deepin change owner will need to be
reminded. In reality I am also the DeepinDE change owner, so there
aren't any risk for this aspect.
== Contingency Plan ==
* Contingency mechanism: Not announcing the update.
* Contingency deadline: Fedora 30 Beta Freeze
* Blocks release? N/A (not a System Wide Change)
* Blocks product? N/A
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
Fedora Program Manager
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Subscribe to:
Posts (Atom)