Sunday, June 30, 2019
Saturday, June 29, 2019
[USN-4041-2] Linux kernel (HWE) update
==========================================================================
Ubuntu Security Notice USN-4041-2
June 29, 2019
linux-lts-xenial, linux-aws, linux-azure update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-4041-1 provided updates for the Linux kernel in Ubuntu.
This update provides the corresponding updates for the Linux kernel
for Ubuntu 16.04 ESM.
USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately,
the update introduced a regression that interfered with networking
applications that setup very low SO_SNDBUF values. This update fixes
the problem.
We apologize for the inconvenience.
Jonathan Looney discovered that the Linux kernel could be coerced into
segmenting responses into multiple TCP segments. A remote attacker could
construct an ongoing sequence of requests to cause a denial of service.
(CVE-2019-11479)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
linux-image-4.15.0-1049-azure 4.15.0-1049.54~14.04.1
linux-image-4.4.0-1048-aws 4.4.0-1048.52
linux-image-4.4.0-154-generic 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-generic-lpae 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-lowlatency 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc-e500mc 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc-smp 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc64-emb 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc64-smp 4.4.0-154.181~14.04.1
linux-image-aws 4.4.0.1048.49
linux-image-azure 4.15.0.1049.36
linux-image-generic-lpae-lts-xenial 4.4.0.154.135
linux-image-generic-lts-xenial 4.4.0.154.135
linux-image-lowlatency-lts-xenial 4.4.0.154.135
linux-image-powerpc-e500mc-lts-xenial 4.4.0.154.135
linux-image-powerpc-smp-lts-xenial 4.4.0.154.135
linux-image-powerpc64-emb-lts-xenial 4.4.0.154.135
linux-image-powerpc64-smp-lts-xenial 4.4.0.154.135
linux-image-virtual-lts-xenial 4.4.0.154.135
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4041-2
https://usn.ubuntu.com/4041-1
CVE-2019-11479, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
Ubuntu Security Notice USN-4041-2
June 29, 2019
linux-lts-xenial, linux-aws, linux-azure update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
USN-4041-1 provided updates for the Linux kernel in Ubuntu.
This update provides the corresponding updates for the Linux kernel
for Ubuntu 16.04 ESM.
USN-4017-2 fixed vulnerabilities in the Linux kernel. Unfortunately,
the update introduced a regression that interfered with networking
applications that setup very low SO_SNDBUF values. This update fixes
the problem.
We apologize for the inconvenience.
Jonathan Looney discovered that the Linux kernel could be coerced into
segmenting responses into multiple TCP segments. A remote attacker could
construct an ongoing sequence of requests to cause a denial of service.
(CVE-2019-11479)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
linux-image-4.15.0-1049-azure 4.15.0-1049.54~14.04.1
linux-image-4.4.0-1048-aws 4.4.0-1048.52
linux-image-4.4.0-154-generic 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-generic-lpae 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-lowlatency 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc-e500mc 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc-smp 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc64-emb 4.4.0-154.181~14.04.1
linux-image-4.4.0-154-powerpc64-smp 4.4.0-154.181~14.04.1
linux-image-aws 4.4.0.1048.49
linux-image-azure 4.15.0.1049.36
linux-image-generic-lpae-lts-xenial 4.4.0.154.135
linux-image-generic-lts-xenial 4.4.0.154.135
linux-image-lowlatency-lts-xenial 4.4.0.154.135
linux-image-powerpc-e500mc-lts-xenial 4.4.0.154.135
linux-image-powerpc-smp-lts-xenial 4.4.0.154.135
linux-image-powerpc64-emb-lts-xenial 4.4.0.154.135
linux-image-powerpc64-smp-lts-xenial 4.4.0.154.135
linux-image-virtual-lts-xenial 4.4.0.154.135
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4041-2
https://usn.ubuntu.com/4041-1
CVE-2019-11479, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
[USN-4041-1] Linux kernel update
==========================================================================
Ubuntu Security Notice USN-4041-1
June 29, 2019
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM processors
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
Details:
USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu.
Unfortunately, the update introduced a regression that interfered with
networking applications that setup very low SO_SNDBUF values. This
update fixes the problem.
We apologize for the inconvenience.
Jonathan Looney discovered that the Linux kernel could be coerced into
segmenting responses into multiple TCP segments. A remote attacker could
construct an ongoing sequence of requests to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
linux-image-5.0.0-1010-aws 5.0.0-1010.11
linux-image-5.0.0-1010-azure 5.0.0-1010.10
linux-image-5.0.0-1010-gcp 5.0.0-1010.10
linux-image-5.0.0-1010-kvm 5.0.0-1010.11
linux-image-5.0.0-1012-raspi2 5.0.0-1012.12
linux-image-5.0.0-1016-snapdragon 5.0.0-1016.17
linux-image-5.0.0-20-generic 5.0.0-20.21
linux-image-5.0.0-20-generic-lpae 5.0.0-20.21
linux-image-5.0.0-20-lowlatency 5.0.0-20.21
linux-image-aws 5.0.0.1010.10
linux-image-azure 5.0.0.1010.9
linux-image-gcp 5.0.0.1010.10
linux-image-generic 5.0.0.20.21
linux-image-generic-lpae 5.0.0.20.21
linux-image-gke 5.0.0.1010.10
linux-image-kvm 5.0.0.1010.10
linux-image-lowlatency 5.0.0.20.21
linux-image-raspi2 5.0.0.1012.9
linux-image-snapdragon 5.0.0.1016.9
linux-image-virtual 5.0.0.20.21
Ubuntu 18.10:
linux-image-4.18.0-1015-gcp 4.18.0-1015.16
linux-image-4.18.0-1016-kvm 4.18.0-1016.17
linux-image-4.18.0-1018-raspi2 4.18.0-1018.21
linux-image-4.18.0-1020-aws 4.18.0-1020.24
linux-image-4.18.0-1023-azure 4.18.0-1023.24
linux-image-4.18.0-25-generic 4.18.0-25.26
linux-image-4.18.0-25-generic-lpae 4.18.0-25.26
linux-image-4.18.0-25-lowlatency 4.18.0-25.26
linux-image-4.18.0-25-snapdragon 4.18.0-25.26
linux-image-aws 4.18.0.1020.20
linux-image-azure 4.18.0.1023.25
linux-image-gcp 4.18.0.1015.15
linux-image-generic 4.18.0.25.26
linux-image-generic-lpae 4.18.0.25.26
linux-image-gke 4.18.0.1015.15
linux-image-kvm 4.18.0.1016.16
linux-image-lowlatency 4.18.0.25.26
linux-image-powerpc-e500mc 4.18.0.25.26
linux-image-powerpc-smp 4.18.0.25.26
linux-image-powerpc64-emb 4.18.0.25.26
linux-image-powerpc64-smp 4.18.0.25.26
linux-image-raspi2 4.18.0.1018.15
linux-image-snapdragon 4.18.0.25.26
linux-image-virtual 4.18.0.25.26
Ubuntu 18.04 LTS:
linux-image-4.15.0-1017-oracle 4.15.0-1017.19
linux-image-4.15.0-1036-gcp 4.15.0-1036.38
linux-image-4.15.0-1036-gke 4.15.0-1036.38
linux-image-4.15.0-1038-kvm 4.15.0-1038.38
linux-image-4.15.0-1040-raspi2 4.15.0-1040.43
linux-image-4.15.0-1043-aws 4.15.0-1043.45
linux-image-4.15.0-1045-oem 4.15.0-1045.50
linux-image-4.15.0-1057-snapdragon 4.15.0-1057.62
linux-image-4.15.0-54-generic 4.15.0-54.58
linux-image-4.15.0-54-generic-lpae 4.15.0-54.58
linux-image-4.15.0-54-lowlatency 4.15.0-54.58
linux-image-4.18.0-1023-azure 4.18.0-1023.24~18.04.1
linux-image-4.18.0-25-generic 4.18.0-25.26~18.04.1
linux-image-4.18.0-25-generic-lpae 4.18.0-25.26~18.04.1
linux-image-4.18.0-25-lowlatency 4.18.0-25.26~18.04.1
linux-image-4.18.0-25-snapdragon 4.18.0-25.26~18.04.1
linux-image-aws 4.15.0.1043.42
linux-image-azure 4.18.0.1023.21
linux-image-gcp 4.15.0.1036.38
linux-image-generic 4.15.0.54.56
linux-image-generic-hwe-18.04 4.18.0.25.74
linux-image-generic-lpae 4.15.0.54.56
linux-image-generic-lpae-hwe-18.04 4.18.0.25.74
linux-image-gke 4.15.0.1036.39
linux-image-gke-4.15 4.15.0.1036.39
linux-image-kvm 4.15.0.1038.38
linux-image-lowlatency 4.15.0.54.56
linux-image-lowlatency-hwe-18.04 4.18.0.25.74
linux-image-oem 4.15.0.1045.49
linux-image-oracle 4.15.0.1017.20
linux-image-powerpc-e500mc 4.15.0.54.56
linux-image-powerpc-smp 4.15.0.54.56
linux-image-powerpc64-emb 4.15.0.54.56
linux-image-powerpc64-smp 4.15.0.54.56
linux-image-raspi2 4.15.0.1040.38
linux-image-snapdragon 4.15.0.1057.60
linux-image-snapdragon-hwe-18.04 4.18.0.25.74
linux-image-virtual 4.15.0.54.56
linux-image-virtual-hwe-18.04 4.18.0.25.74
Ubuntu 16.04 LTS:
linux-image-4.15.0-1017-oracle 4.15.0-1017.19~16.04.2
linux-image-4.15.0-1036-gcp 4.15.0-1036.38~16.04.1
linux-image-4.15.0-1043-aws 4.15.0-1043.45~16.04.1
linux-image-4.15.0-1049-azure 4.15.0-1049.54
linux-image-4.15.0-54-generic 4.15.0-54.58~16.04.1
linux-image-4.15.0-54-generic-lpae 4.15.0-54.58~16.04.1
linux-image-4.15.0-54-lowlatency 4.15.0-54.58~16.04.1
linux-image-4.4.0-1051-kvm 4.4.0-1051.58
linux-image-4.4.0-1087-aws 4.4.0-1087.98
linux-image-4.4.0-1114-raspi2 4.4.0-1114.123
linux-image-4.4.0-1118-snapdragon 4.4.0-1118.124
linux-image-4.4.0-154-generic 4.4.0-154.181
linux-image-4.4.0-154-generic-lpae 4.4.0-154.181
linux-image-4.4.0-154-lowlatency 4.4.0-154.181
linux-image-4.4.0-154-powerpc-e500mc 4.4.0-154.181
linux-image-4.4.0-154-powerpc-smp 4.4.0-154.181
linux-image-4.4.0-154-powerpc64-emb 4.4.0-154.181
linux-image-4.4.0-154-powerpc64-smp 4.4.0-154.181
linux-image-aws 4.4.0.1087.90
linux-image-aws-hwe 4.15.0.1043.43
linux-image-azure 4.15.0.1049.52
linux-image-gcp 4.15.0.1036.50
linux-image-generic 4.4.0.154.162
linux-image-generic-hwe-16.04 4.15.0.54.75
linux-image-generic-lpae 4.4.0.154.162
linux-image-generic-lpae-hwe-16.04 4.15.0.54.75
linux-image-gke 4.15.0.1036.50
linux-image-kvm 4.4.0.1051.51
linux-image-lowlatency 4.4.0.154.162
linux-image-lowlatency-hwe-16.04 4.15.0.54.75
linux-image-oem 4.15.0.54.75
linux-image-oracle 4.15.0.1017.11
linux-image-powerpc-e500mc 4.4.0.154.162
linux-image-powerpc-smp 4.4.0.154.162
linux-image-powerpc64-emb 4.4.0.154.162
linux-image-powerpc64-smp 4.4.0.154.162
linux-image-raspi2 4.4.0.1114.114
linux-image-snapdragon 4.4.0.1118.110
linux-image-virtual 4.4.0.154.162
linux-image-virtual-hwe-16.04 4.15.0.54.75
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4041-1
CVE-2019-11479, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.0.0-20.21
https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1010.11
https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1010.10
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1010.10
https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1010.11
https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1012.12
https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1016.17
https://launchpad.net/ubuntu/+source/linux/4.18.0-25.26
https://launchpad.net/ubuntu/+source/linux-aws/4.18.0-1020.24
https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1023.24
https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1015.16
https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1016.17
https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1018.21
https://launchpad.net/ubuntu/+source/linux/4.15.0-54.58
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1043.45
https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1023.24~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1036.38
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1036.38
https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-25.26~18.04.1
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1038.38
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1045.50
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1017.19
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1040.43
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1057.62
https://launchpad.net/ubuntu/+source/linux/4.4.0-154.181
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1087.98
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1043.45~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1049.54
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1036.38~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-54.58~16.04.1
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1051.58
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1017.19~16.04.2
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1114.123
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1118.124
Ubuntu Security Notice USN-4041-1
June 29, 2019
linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-raspi2: Linux kernel for Raspberry Pi 2
- linux-snapdragon: Linux kernel for Snapdragon processors
- linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
- linux-oem: Linux kernel for OEM processors
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
Details:
USN-4017-1 fixed vulnerabilities in the Linux kernel for Ubuntu.
Unfortunately, the update introduced a regression that interfered with
networking applications that setup very low SO_SNDBUF values. This
update fixes the problem.
We apologize for the inconvenience.
Jonathan Looney discovered that the Linux kernel could be coerced into
segmenting responses into multiple TCP segments. A remote attacker could
construct an ongoing sequence of requests to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
linux-image-5.0.0-1010-aws 5.0.0-1010.11
linux-image-5.0.0-1010-azure 5.0.0-1010.10
linux-image-5.0.0-1010-gcp 5.0.0-1010.10
linux-image-5.0.0-1010-kvm 5.0.0-1010.11
linux-image-5.0.0-1012-raspi2 5.0.0-1012.12
linux-image-5.0.0-1016-snapdragon 5.0.0-1016.17
linux-image-5.0.0-20-generic 5.0.0-20.21
linux-image-5.0.0-20-generic-lpae 5.0.0-20.21
linux-image-5.0.0-20-lowlatency 5.0.0-20.21
linux-image-aws 5.0.0.1010.10
linux-image-azure 5.0.0.1010.9
linux-image-gcp 5.0.0.1010.10
linux-image-generic 5.0.0.20.21
linux-image-generic-lpae 5.0.0.20.21
linux-image-gke 5.0.0.1010.10
linux-image-kvm 5.0.0.1010.10
linux-image-lowlatency 5.0.0.20.21
linux-image-raspi2 5.0.0.1012.9
linux-image-snapdragon 5.0.0.1016.9
linux-image-virtual 5.0.0.20.21
Ubuntu 18.10:
linux-image-4.18.0-1015-gcp 4.18.0-1015.16
linux-image-4.18.0-1016-kvm 4.18.0-1016.17
linux-image-4.18.0-1018-raspi2 4.18.0-1018.21
linux-image-4.18.0-1020-aws 4.18.0-1020.24
linux-image-4.18.0-1023-azure 4.18.0-1023.24
linux-image-4.18.0-25-generic 4.18.0-25.26
linux-image-4.18.0-25-generic-lpae 4.18.0-25.26
linux-image-4.18.0-25-lowlatency 4.18.0-25.26
linux-image-4.18.0-25-snapdragon 4.18.0-25.26
linux-image-aws 4.18.0.1020.20
linux-image-azure 4.18.0.1023.25
linux-image-gcp 4.18.0.1015.15
linux-image-generic 4.18.0.25.26
linux-image-generic-lpae 4.18.0.25.26
linux-image-gke 4.18.0.1015.15
linux-image-kvm 4.18.0.1016.16
linux-image-lowlatency 4.18.0.25.26
linux-image-powerpc-e500mc 4.18.0.25.26
linux-image-powerpc-smp 4.18.0.25.26
linux-image-powerpc64-emb 4.18.0.25.26
linux-image-powerpc64-smp 4.18.0.25.26
linux-image-raspi2 4.18.0.1018.15
linux-image-snapdragon 4.18.0.25.26
linux-image-virtual 4.18.0.25.26
Ubuntu 18.04 LTS:
linux-image-4.15.0-1017-oracle 4.15.0-1017.19
linux-image-4.15.0-1036-gcp 4.15.0-1036.38
linux-image-4.15.0-1036-gke 4.15.0-1036.38
linux-image-4.15.0-1038-kvm 4.15.0-1038.38
linux-image-4.15.0-1040-raspi2 4.15.0-1040.43
linux-image-4.15.0-1043-aws 4.15.0-1043.45
linux-image-4.15.0-1045-oem 4.15.0-1045.50
linux-image-4.15.0-1057-snapdragon 4.15.0-1057.62
linux-image-4.15.0-54-generic 4.15.0-54.58
linux-image-4.15.0-54-generic-lpae 4.15.0-54.58
linux-image-4.15.0-54-lowlatency 4.15.0-54.58
linux-image-4.18.0-1023-azure 4.18.0-1023.24~18.04.1
linux-image-4.18.0-25-generic 4.18.0-25.26~18.04.1
linux-image-4.18.0-25-generic-lpae 4.18.0-25.26~18.04.1
linux-image-4.18.0-25-lowlatency 4.18.0-25.26~18.04.1
linux-image-4.18.0-25-snapdragon 4.18.0-25.26~18.04.1
linux-image-aws 4.15.0.1043.42
linux-image-azure 4.18.0.1023.21
linux-image-gcp 4.15.0.1036.38
linux-image-generic 4.15.0.54.56
linux-image-generic-hwe-18.04 4.18.0.25.74
linux-image-generic-lpae 4.15.0.54.56
linux-image-generic-lpae-hwe-18.04 4.18.0.25.74
linux-image-gke 4.15.0.1036.39
linux-image-gke-4.15 4.15.0.1036.39
linux-image-kvm 4.15.0.1038.38
linux-image-lowlatency 4.15.0.54.56
linux-image-lowlatency-hwe-18.04 4.18.0.25.74
linux-image-oem 4.15.0.1045.49
linux-image-oracle 4.15.0.1017.20
linux-image-powerpc-e500mc 4.15.0.54.56
linux-image-powerpc-smp 4.15.0.54.56
linux-image-powerpc64-emb 4.15.0.54.56
linux-image-powerpc64-smp 4.15.0.54.56
linux-image-raspi2 4.15.0.1040.38
linux-image-snapdragon 4.15.0.1057.60
linux-image-snapdragon-hwe-18.04 4.18.0.25.74
linux-image-virtual 4.15.0.54.56
linux-image-virtual-hwe-18.04 4.18.0.25.74
Ubuntu 16.04 LTS:
linux-image-4.15.0-1017-oracle 4.15.0-1017.19~16.04.2
linux-image-4.15.0-1036-gcp 4.15.0-1036.38~16.04.1
linux-image-4.15.0-1043-aws 4.15.0-1043.45~16.04.1
linux-image-4.15.0-1049-azure 4.15.0-1049.54
linux-image-4.15.0-54-generic 4.15.0-54.58~16.04.1
linux-image-4.15.0-54-generic-lpae 4.15.0-54.58~16.04.1
linux-image-4.15.0-54-lowlatency 4.15.0-54.58~16.04.1
linux-image-4.4.0-1051-kvm 4.4.0-1051.58
linux-image-4.4.0-1087-aws 4.4.0-1087.98
linux-image-4.4.0-1114-raspi2 4.4.0-1114.123
linux-image-4.4.0-1118-snapdragon 4.4.0-1118.124
linux-image-4.4.0-154-generic 4.4.0-154.181
linux-image-4.4.0-154-generic-lpae 4.4.0-154.181
linux-image-4.4.0-154-lowlatency 4.4.0-154.181
linux-image-4.4.0-154-powerpc-e500mc 4.4.0-154.181
linux-image-4.4.0-154-powerpc-smp 4.4.0-154.181
linux-image-4.4.0-154-powerpc64-emb 4.4.0-154.181
linux-image-4.4.0-154-powerpc64-smp 4.4.0-154.181
linux-image-aws 4.4.0.1087.90
linux-image-aws-hwe 4.15.0.1043.43
linux-image-azure 4.15.0.1049.52
linux-image-gcp 4.15.0.1036.50
linux-image-generic 4.4.0.154.162
linux-image-generic-hwe-16.04 4.15.0.54.75
linux-image-generic-lpae 4.4.0.154.162
linux-image-generic-lpae-hwe-16.04 4.15.0.54.75
linux-image-gke 4.15.0.1036.50
linux-image-kvm 4.4.0.1051.51
linux-image-lowlatency 4.4.0.154.162
linux-image-lowlatency-hwe-16.04 4.15.0.54.75
linux-image-oem 4.15.0.54.75
linux-image-oracle 4.15.0.1017.11
linux-image-powerpc-e500mc 4.4.0.154.162
linux-image-powerpc-smp 4.4.0.154.162
linux-image-powerpc64-emb 4.4.0.154.162
linux-image-powerpc64-smp 4.4.0.154.162
linux-image-raspi2 4.4.0.1114.114
linux-image-snapdragon 4.4.0.1118.110
linux-image-virtual 4.4.0.154.162
linux-image-virtual-hwe-16.04 4.15.0.54.75
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://usn.ubuntu.com/4041-1
CVE-2019-11479, https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
Package Information:
https://launchpad.net/ubuntu/+source/linux/5.0.0-20.21
https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1010.11
https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1010.10
https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1010.10
https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1010.11
https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1012.12
https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1016.17
https://launchpad.net/ubuntu/+source/linux/4.18.0-25.26
https://launchpad.net/ubuntu/+source/linux-aws/4.18.0-1020.24
https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1023.24
https://launchpad.net/ubuntu/+source/linux-gcp/4.18.0-1015.16
https://launchpad.net/ubuntu/+source/linux-kvm/4.18.0-1016.17
https://launchpad.net/ubuntu/+source/linux-raspi2/4.18.0-1018.21
https://launchpad.net/ubuntu/+source/linux/4.15.0-54.58
https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1043.45
https://launchpad.net/ubuntu/+source/linux-azure/4.18.0-1023.24~18.04.1
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1036.38
https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1036.38
https://launchpad.net/ubuntu/+source/linux-hwe/4.18.0-25.26~18.04.1
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1038.38
https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1045.50
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1017.19
https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1040.43
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1057.62
https://launchpad.net/ubuntu/+source/linux/4.4.0-154.181
https://launchpad.net/ubuntu/+source/linux-aws/4.4.0-1087.98
https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1043.45~16.04.1
https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1049.54
https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1036.38~16.04.1
https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-54.58~16.04.1
https://launchpad.net/ubuntu/+source/linux-kvm/4.4.0-1051.58
https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1017.19~16.04.2
https://launchpad.net/ubuntu/+source/linux-raspi2/4.4.0-1114.123
https://launchpad.net/ubuntu/+source/linux-snapdragon/4.4.0-1118.124
Friday, June 28, 2019
Fedora 31 Self-Contained Change proposal: Qt Wayland By Default on Gnome
https://fedoraproject.org/wiki/Changes/Qt_Wayland_By_Default_On_Gnome
== Summary ==
Make Qt applications to run natively on Gnome Wayland session, using
the Qt Wayland platform plugin instead of the XCB plugin which is used
for X11/XWayland. Other desktop environments already run natively on
Wayland sessions, only Gnome is excluded by Qt.
== Owner ==
* Name: [[User:jgrulich| Jan Grulich]]
* Email: <jgrulich@redhat.com>
* Product: Spins / Workstation
* Responsible WG: Desktop
== Detailed Description ==
Qt Wayland plugin has been available for a long time, but it hasn't
been in condition where it could be enabled by default. With Qt 5.12
the state of the Wayland plugin is much better and it's becoming more
and more reliable. It now supports all the needed protocols and has
been enabled by default for non-Gnome Wayland sessions.
With Qt Wayland on Gnome Wayland session we need to support CSD, it's
actually the only way how decorations are going to work in Qt apps
right now. Qt Wayland implements basic decorations, which really
doesn't match Gnome Adwaita theme, therefore there are new CSD being
implemented as part of QGnomePlatform.
To make Qt applications run natively on Wayland we need to modify Qt
5, specifically '''qt5-qtbase''' module, where we allow the Wayland
plugin to be used also for Gnome sessions. The new decorations from
QGnomePlatform will be used automatically once they are fully
implemented and updated in Fedora.
== Benefit to Fedora ==
Qt applications running with the Wayland plugin run generally faster
and smoother on Wayland enabled sessions like Gnome Wayland and better
support HiDPI displays (respects desktop scale) .
== Scope ==
* Proposal owners:
# Modify Qt 5 (qt5-qtbase) to not exclude Gnome when deciding whether
to use the wayland platform plugin
# Update QGnomePlatform with upcoming upstream release including
window decorations
* Other developers:
# Test and watch for regressions.
* Policies and guidelines: N/A
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
Run any Qt application on Gnome Wayland session and check any issues
you may see.
== User Experience ==
* Smoother font rendering compared to Qt applications using XCB plugin
* Honor display scale, better user experience on HiDPI and semi-HiDPI desktops.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: Switch back default to XCB plugin.
* Contingency deadline: Beta Freeze
* Blocks release? No
* Blocks product? product No
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Make Qt applications to run natively on Gnome Wayland session, using
the Qt Wayland platform plugin instead of the XCB plugin which is used
for X11/XWayland. Other desktop environments already run natively on
Wayland sessions, only Gnome is excluded by Qt.
== Owner ==
* Name: [[User:jgrulich| Jan Grulich]]
* Email: <jgrulich@redhat.com>
* Product: Spins / Workstation
* Responsible WG: Desktop
== Detailed Description ==
Qt Wayland plugin has been available for a long time, but it hasn't
been in condition where it could be enabled by default. With Qt 5.12
the state of the Wayland plugin is much better and it's becoming more
and more reliable. It now supports all the needed protocols and has
been enabled by default for non-Gnome Wayland sessions.
With Qt Wayland on Gnome Wayland session we need to support CSD, it's
actually the only way how decorations are going to work in Qt apps
right now. Qt Wayland implements basic decorations, which really
doesn't match Gnome Adwaita theme, therefore there are new CSD being
implemented as part of QGnomePlatform.
To make Qt applications run natively on Wayland we need to modify Qt
5, specifically '''qt5-qtbase''' module, where we allow the Wayland
plugin to be used also for Gnome sessions. The new decorations from
QGnomePlatform will be used automatically once they are fully
implemented and updated in Fedora.
== Benefit to Fedora ==
Qt applications running with the Wayland plugin run generally faster
and smoother on Wayland enabled sessions like Gnome Wayland and better
support HiDPI displays (respects desktop scale) .
== Scope ==
* Proposal owners:
# Modify Qt 5 (qt5-qtbase) to not exclude Gnome when deciding whether
to use the wayland platform plugin
# Update QGnomePlatform with upcoming upstream release including
window decorations
* Other developers:
# Test and watch for regressions.
* Policies and guidelines: N/A
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
Run any Qt application on Gnome Wayland session and check any issues
you may see.
== User Experience ==
* Smoother font rendering compared to Qt applications using XCB plugin
* Honor display scale, better user experience on HiDPI and semi-HiDPI desktops.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: Switch back default to XCB plugin.
* Contingency deadline: Beta Freeze
* Blocks release? No
* Blocks product? product No
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Thursday, June 27, 2019
Fedora 31 System-Wide Change proposal: gawk 5.0.1
https://fedoraproject.org/wiki/Changes/Gawk501
** Note that this has already landed in Rawhide:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IEZZK7WHGF3FWFZNSCG7Z5ZZVUHVFZAF/#IEZZK7WHGF3FWFZNSCG7Z5ZZVUHVFZAF
== Summary ==
New upstream major version of gawk has been released (4.2.1 -> 5.0.X).
Among many changes, the version 5 introduced a namespaces, which may
possible break some of the existing scripts.
== Owner ==
* Name: [[User:jamartis| Jakub Martisko]]
* Email: jamartis@redhat.com
== Detailed Description ==
The new version of gawk has been released. The new version fixes a
number of bugs, some of which were quite significant. Other notable
changes include:
* The regex routines have been replaced with those from GNULIB
* Comment handling in the pretty-printer has been reworked almost
completely from scratch. As a result, comments in many corner cases
that were previously lost are now included in the formatted output.
* Namespaces have been added.
* Gawk now uses the locale settings for ignoring case in single byte
locales, instead of hardwiring in Latin-1.
<s>The introduction of namespaces may break some scripts written for
gawk 4.2.1 due to different variable names.</s> (This is considered to
be a bug by the upstream and there is a patch fixing this)
== Benefit to Fedora ==
See above, the main benefit are several bug fixes.
== Scope ==
* Proposal owners: Update the source archive of the gawk, drop no
longer needed patches.
* Other developers: Some modifications to existing gawk scripts may be
needed. <s>Especially those, using the inplace gawk extension, where
some of the variables have been renamed.</s> (This is considered to be
a bug by the upstream and there is a patch fixing this)
* Release engineering: [https://pagure.io/releng/issue/8489 #8489]
* Policies and guidelines: N/A
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
see above
== How To Test ==
(not provided)
== User Experience ==
(not provided)
== Dependencies ==
dnf repoquery -q --releasever=rawhide --disablerepo='*'
--qf='%{name}' --enablerepo=fedora-source --enablerepo=updates-source
--enablerepo=updates-testing-source --archlist=src --whatrequires
'gawk'
Judy
Macaulay2
acl
apt
autoconf213
avr-binutils
avr-gcc
clucene
cone
crack
dictd
eterm
geomview
git
glibc
gnome-libs
gnome-menus
gpgme
gpm
gscan2pdf
gyachi
japanese-bitmap-fonts
kde-filesystem
kdelibs3
kernel
kernel-tools
krb5
lapack
libAfterImage
libassuan
libecpg
libgcrypt
libgpg-error
libguestfs
libksba
libpaper
libphidget
libpq
libsvm
libtpms
libvirt
linuxdoc-tools
lm_sensors
lxcfs
maildrop
mingw-clucene
nco
netcdf
nss
ocaml
ocaml-calendar
ocaml-csv
ocaml-curl
ocaml-curses
ocaml-expat
ocaml-extlib
ocaml-findlib
ocaml-libvirt
ocaml-pcre
ocaml-ssl
ocaml-xml-light
paperkey
pcb
postgresql
powermanga
quilt
rbldnsd
rpm
rss-glx
samba
selinux-policy
stow
surfraw
swig
systemd
topgit
tzdata
virt-top
xblast
xdg-utils
xfsdump
xschem
xscreensaver
yara
zsh
dnf repoquery -q --releasever=rawhide --disablerepo='*'
--qf='%{name}' --enablerepo=fedora --enablerepo=updates
--enablerepo=updates-testing --whatrequires 'gawk'
R-core
akmods
am-utils
authselect-libs
autoconf213
autofs
backupninja
calamares
centerim
ceph-selinux
check-checkmk
checksec
cloud-utils
cloud-utils-growpart
condor-vm-gahp
copr-backend
coreos-installer
ctdb
dhcp-client
dkms
docbook-utils
dracut-kiwi-oem-dump
e2fsprogs-devel
esh
execstack
flamegraph-stackcollapse
flamegraph-stackcollapse-perf
gawk-abort
gawk-devel
gawk-doc
gawk-errno
gawk-json
gawk-lmdb
gawk-nl_langinfo
gawk-pgsql
gawk-redis
gawk-select
gawk-xml
gawkextlib
geeqie
git-secret
glimmer
groff
gt5
gtkpod
guilt
hylafax+
initscripts
krb5-libs
latex2rtf
lbdb
lde
libguestfs
libsmi
linuxconsoletools
linuxdoc-tools
lorax
ltunify
m17n-db
neofetch
netconsole-service
netdump-server
network-scripts
nfs-utils
ocaml
opari2
pal
pcp
phpPgAdmin
pkgdiff
policycoreutils
prettyping
quilt
rarian
readonly-root
rear
redhat-lsb-core
redis
resource-agents
rf
rpm-build
rpmdevtools
rust-packaging
screenie
selinux-policy
seqan
seqan2-apps
sofia-sip-devel
spectre-meltdown-checker
surfraw
syslog-ng
systemtap-testsuite
testssl
topgit
translate-shell
tuned
tw
twa
txt2man
unity-gtk-module-common
virt-p2v-maker
virt-v2v
vzctl-core
xfce4-dev-tools
xschem
ypserv
zram
== Contingency Plan ==
* Contingency mechanism: Reverting to gawk 4.2.1 if significant issues
are discovered
* Contingency deadline: Beta freeze (?)
* Blocks release? No
* Blocks product? no
== Documentation ==
* http://git.savannah.gnu.org/cgit/gawk.git/tree/NEWS?h=gawk-5.0-stable
* https://www.gnu.org/software/gawk/manual/
* https://www.gnu.org/software/gawk/manual/gawk.html#Namespaces
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
** Note that this has already landed in Rawhide:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IEZZK7WHGF3FWFZNSCG7Z5ZZVUHVFZAF/#IEZZK7WHGF3FWFZNSCG7Z5ZZVUHVFZAF
== Summary ==
New upstream major version of gawk has been released (4.2.1 -> 5.0.X).
Among many changes, the version 5 introduced a namespaces, which may
possible break some of the existing scripts.
== Owner ==
* Name: [[User:jamartis| Jakub Martisko]]
* Email: jamartis@redhat.com
== Detailed Description ==
The new version of gawk has been released. The new version fixes a
number of bugs, some of which were quite significant. Other notable
changes include:
* The regex routines have been replaced with those from GNULIB
* Comment handling in the pretty-printer has been reworked almost
completely from scratch. As a result, comments in many corner cases
that were previously lost are now included in the formatted output.
* Namespaces have been added.
* Gawk now uses the locale settings for ignoring case in single byte
locales, instead of hardwiring in Latin-1.
<s>The introduction of namespaces may break some scripts written for
gawk 4.2.1 due to different variable names.</s> (This is considered to
be a bug by the upstream and there is a patch fixing this)
== Benefit to Fedora ==
See above, the main benefit are several bug fixes.
== Scope ==
* Proposal owners: Update the source archive of the gawk, drop no
longer needed patches.
* Other developers: Some modifications to existing gawk scripts may be
needed. <s>Especially those, using the inplace gawk extension, where
some of the variables have been renamed.</s> (This is considered to be
a bug by the upstream and there is a patch fixing this)
* Release engineering: [https://pagure.io/releng/issue/8489 #8489]
* Policies and guidelines: N/A
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
see above
== How To Test ==
(not provided)
== User Experience ==
(not provided)
== Dependencies ==
dnf repoquery -q --releasever=rawhide --disablerepo='*'
--qf='%{name}' --enablerepo=fedora-source --enablerepo=updates-source
--enablerepo=updates-testing-source --archlist=src --whatrequires
'gawk'
Judy
Macaulay2
acl
apt
autoconf213
avr-binutils
avr-gcc
clucene
cone
crack
dictd
eterm
geomview
git
glibc
gnome-libs
gnome-menus
gpgme
gpm
gscan2pdf
gyachi
japanese-bitmap-fonts
kde-filesystem
kdelibs3
kernel
kernel-tools
krb5
lapack
libAfterImage
libassuan
libecpg
libgcrypt
libgpg-error
libguestfs
libksba
libpaper
libphidget
libpq
libsvm
libtpms
libvirt
linuxdoc-tools
lm_sensors
lxcfs
maildrop
mingw-clucene
nco
netcdf
nss
ocaml
ocaml-calendar
ocaml-csv
ocaml-curl
ocaml-curses
ocaml-expat
ocaml-extlib
ocaml-findlib
ocaml-libvirt
ocaml-pcre
ocaml-ssl
ocaml-xml-light
paperkey
pcb
postgresql
powermanga
quilt
rbldnsd
rpm
rss-glx
samba
selinux-policy
stow
surfraw
swig
systemd
topgit
tzdata
virt-top
xblast
xdg-utils
xfsdump
xschem
xscreensaver
yara
zsh
dnf repoquery -q --releasever=rawhide --disablerepo='*'
--qf='%{name}' --enablerepo=fedora --enablerepo=updates
--enablerepo=updates-testing --whatrequires 'gawk'
R-core
akmods
am-utils
authselect-libs
autoconf213
autofs
backupninja
calamares
centerim
ceph-selinux
check-checkmk
checksec
cloud-utils
cloud-utils-growpart
condor-vm-gahp
copr-backend
coreos-installer
ctdb
dhcp-client
dkms
docbook-utils
dracut-kiwi-oem-dump
e2fsprogs-devel
esh
execstack
flamegraph-stackcollapse
flamegraph-stackcollapse-perf
gawk-abort
gawk-devel
gawk-doc
gawk-errno
gawk-json
gawk-lmdb
gawk-nl_langinfo
gawk-pgsql
gawk-redis
gawk-select
gawk-xml
gawkextlib
geeqie
git-secret
glimmer
groff
gt5
gtkpod
guilt
hylafax+
initscripts
krb5-libs
latex2rtf
lbdb
lde
libguestfs
libsmi
linuxconsoletools
linuxdoc-tools
lorax
ltunify
m17n-db
neofetch
netconsole-service
netdump-server
network-scripts
nfs-utils
ocaml
opari2
pal
pcp
phpPgAdmin
pkgdiff
policycoreutils
prettyping
quilt
rarian
readonly-root
rear
redhat-lsb-core
redis
resource-agents
rf
rpm-build
rpmdevtools
rust-packaging
screenie
selinux-policy
seqan
seqan2-apps
sofia-sip-devel
spectre-meltdown-checker
surfraw
syslog-ng
systemtap-testsuite
testssl
topgit
translate-shell
tuned
tw
twa
txt2man
unity-gtk-module-common
virt-p2v-maker
virt-v2v
vzctl-core
xfce4-dev-tools
xschem
ypserv
zram
== Contingency Plan ==
* Contingency mechanism: Reverting to gawk 4.2.1 if significant issues
are discovered
* Contingency deadline: Beta freeze (?)
* Blocks release? No
* Blocks product? no
== Documentation ==
* http://git.savannah.gnu.org/cgit/gawk.git/tree/NEWS?h=gawk-5.0-stable
* https://www.gnu.org/software/gawk/manual/
* https://www.gnu.org/software/gawk/manual/gawk.html#Namespaces
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Fedora 31 Self-Contained Change proposal: DNF Make Best Mode the Default
https://fedoraproject.org/wiki/Changes/DNF_Default_Best
== Summary ==
Currently, DNF prefers clean dependency resolution over package updates;
a package (almost) silently won't get updated to a newer version if the new
version has dependency problems. DNF will be changed to prefer updates and fail
if they have dependency resolution issues, while the failure has a
temporal or permanent workaround
hint for users who want to use the older behavior.
== Owner ==
* Name: [[User:jmracek| Jaroslav Mracek]]
* Email: jmracek@redhat.com
== Detailed Description ==
Change the built-in default value of the `best` configuration option
from `0` (false) to `1` (true).
As a result, unless `best` is overridden in the `/etc/dnf/dnf.conf`
file or using `--setopt`, it will default to `1`. As a convenience, we
will also put the explicit `best=1` assignment in the shipped
`/etc/dnf/dnf.conf` file for better transparency, and introduce the
new `--nobest` command-line switch.
The purpose of the `--nobest` switch (as a shorthand for
`--setopt=best=0`) is to make it easy for the user to override the
default setting when needed, and it will also be
[https://github.com/rpm-software-management/dnf/pull/1311/commits/9a3e8fd0da49291d30fd1fef527cffb0bf3f047d#diff-6c823931c6d150295e5011fac6529ab9R144
suggested] in the DNF output when a dependency error occurs.
Relevant excerpt from the updated `dnf.conf(5)`:
<pre>
best boolean
When upgrading a package, always try to install its highest version
available, even only to find out some of its deps are not satisfiable.
Enable this if you want to experience broken dependencies in the
repositories firsthand. The default is True.
</pre>
Relevant excerpt from the updated `dnf(8)`:
<pre>
--nobest
Set best option as false, therefore transactions are not limited to
only best candidates.
</pre>
'''Change in DNF output - missing vim-enhanced-2:8.1.1561-1.fc30'''
Original output. DNF succeed with return code 0:
<pre>
sudo dnf upgrade
Last metadata expiration check: 2:16:40 ago on Mon 24 Jun 2019 04:27:16 PM CEST.
Dependencies resolved.
Problem: package vim-enhanced-2:8.1.1471-1.fc30.x86_64 requires
vim-common = 2:8.1.1471-1.fc30, but none of the providers can be
installed
- cannot install both vim-common-2:8.1.1561-1.fc30.x86_64 and
vim-common-2:8.1.1471-1.fc30.x86_64
- problem with installed package vim-enhanced-2:8.1.1471-1.fc30.x86_64
- cannot install the best update candidate for package
vim-common-2:8.1.1471-1.fc30.x86_64
- package vim-enhanced-2:8.1.1561-1.fc30.x86_64 is excluded
===================================================================================================================================
Package Architecture Version
Repository Size
===================================================================================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
vim-common x86_64
2:8.1.1561-1.fc30 updates 6.7
M
Transaction Summary
===================================================================================================================================
Skip 1 Package
Nothing to do.
Complete!
</pre>
Output after the change. DNF fails with return code 1, but proposing
`--nobest` option as an option to resolve the issue:
<pre>
sudo dnf upgrade
Last metadata expiration check: 2:16:36 ago on Mon 24 Jun 2019 04:27:16 PM CEST.
Error:
Problem: package vim-enhanced-2:8.1.1471-1.fc30.x86_64 requires
vim-common = 2:8.1.1471-1.fc30, but none of the providers can be
installed
- cannot install both vim-common-2:8.1.1561-1.fc30.x86_64 and
vim-common-2:8.1.1471-1.fc30.x86_64
- problem with installed package vim-enhanced-2:8.1.1471-1.fc30.x86_64
- cannot install the best update candidate for package
vim-common-2:8.1.1471-1.fc30.x86_64
- package vim-enhanced-2:8.1.1561-1.fc30.x86_64 is excluded
(try to add '--allowerasing' to command line to replace conflicting
packages or '--skip-broken' to skip uninstallable packages or
'--nobest' to use not only best candidate packages)
</pre>
'''Q&A'''
Can be a default of the best configuration option overwritten easily
and permanently by user?
Yes, just add `best=false` to `/etc/dnf/dnf.conf`
<pre>
[main]
best=False
</pre>
Can be a default of the best configuration option overwritten easily
from commandline?
Yes, just add `--nobest` to command
<pre>
dnf upgrade --nobest
</pre>
What about PackageKit and Gnome Software?
<pre>
PackageKit and Gnome Software will be not affected by the change. In
case that the same behavior will be desired for PackageKit, It will
require changes in PackageKit code.
</pre>
What about Microdnf?
<pre>
Microdnf will be not affected by the change. There is a plan to unify
functional parity and behavior DNF with Microdnf but not before Fedora
33.
</pre>
== Benefit to Fedora ==
This change allows the users to be properly notified when a package
cannot be upgraded to the latest version, instead of silently ignoring
it as an upgrade candidate.
Right now, when DNF runs in `best=0` mode, if a package cannot be
upgraded due to dependency problems, it is skipped and a warning is
printed in the transaction summary table. However, this poses a risk
of important security fixes being overlooked by the user in case they
are broken for some reason, such as due to a repository
misconfiguration or inconsistency within the metadata itself.
Moreover, since DNF always exits with the return code `0` (success)
when in `best=0` mode, this mode is especially risky in automated
scripts invoking DNF in `assumeyes` mode in which case such
unsuccessful package upgrades could easily go unnoticed unless the
logs are manually examined after the fact.
The new behavior is also more in line with the generally accepted
software development practice of failing early and failing fast.
As a secondary benefit, broken upgrade paths in the Fedora
repositories will hopefully be noticed, reported and therefore fixed
sooner. Although, we would prefer if such problems would be detected
before we ship them to users.
'''Summary of benefits:'''
# No silently passed problems with updates
# Broken dependencies faster disappear from Fedora distribution
# Problems will be reported more often - opportunity to fix issues
# Increase in stability of Fedora distribution
# Less issues after branching
# Identical behavior of DNF in all distributions - Fedora/RHEL/Mageia/OpenSuse
== Scope ==
* Proposal owners:
The change is already part of the upstream (dnf-4.1.0) and reverted in
Fedora downstream. The change was composed by following pull requests:
https://github.com/rpm-software-management/libdnf/pull/678<br>
https://github.com/rpm-software-management/dnf/pull/1311<br>
https://github.com/rpm-software-management/dnf/pull/1316<br>
https://github.com/rpm-software-management/dnf/pull/1319
We would like to stop the reverting the changes.
* Other developers: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
N/A (not a System Wide Change)
== User Experience ==
Broken upgrades are recognized early, enabling the users to act upon
them by double-checking their repository configuration or filing bugs,
instead of assuming no upgrades are available.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
If there is a massive negative feedback by the rawhide and pre-beta
users, we can revert the
change at the beta freeze. If there is a massive negative feedback by
the beta users, we can
revert the change at final freeze.
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), Yes/No
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Currently, DNF prefers clean dependency resolution over package updates;
a package (almost) silently won't get updated to a newer version if the new
version has dependency problems. DNF will be changed to prefer updates and fail
if they have dependency resolution issues, while the failure has a
temporal or permanent workaround
hint for users who want to use the older behavior.
== Owner ==
* Name: [[User:jmracek| Jaroslav Mracek]]
* Email: jmracek@redhat.com
== Detailed Description ==
Change the built-in default value of the `best` configuration option
from `0` (false) to `1` (true).
As a result, unless `best` is overridden in the `/etc/dnf/dnf.conf`
file or using `--setopt`, it will default to `1`. As a convenience, we
will also put the explicit `best=1` assignment in the shipped
`/etc/dnf/dnf.conf` file for better transparency, and introduce the
new `--nobest` command-line switch.
The purpose of the `--nobest` switch (as a shorthand for
`--setopt=best=0`) is to make it easy for the user to override the
default setting when needed, and it will also be
[https://github.com/rpm-software-management/dnf/pull/1311/commits/9a3e8fd0da49291d30fd1fef527cffb0bf3f047d#diff-6c823931c6d150295e5011fac6529ab9R144
suggested] in the DNF output when a dependency error occurs.
Relevant excerpt from the updated `dnf.conf(5)`:
<pre>
best boolean
When upgrading a package, always try to install its highest version
available, even only to find out some of its deps are not satisfiable.
Enable this if you want to experience broken dependencies in the
repositories firsthand. The default is True.
</pre>
Relevant excerpt from the updated `dnf(8)`:
<pre>
--nobest
Set best option as false, therefore transactions are not limited to
only best candidates.
</pre>
'''Change in DNF output - missing vim-enhanced-2:8.1.1561-1.fc30'''
Original output. DNF succeed with return code 0:
<pre>
sudo dnf upgrade
Last metadata expiration check: 2:16:40 ago on Mon 24 Jun 2019 04:27:16 PM CEST.
Dependencies resolved.
Problem: package vim-enhanced-2:8.1.1471-1.fc30.x86_64 requires
vim-common = 2:8.1.1471-1.fc30, but none of the providers can be
installed
- cannot install both vim-common-2:8.1.1561-1.fc30.x86_64 and
vim-common-2:8.1.1471-1.fc30.x86_64
- problem with installed package vim-enhanced-2:8.1.1471-1.fc30.x86_64
- cannot install the best update candidate for package
vim-common-2:8.1.1471-1.fc30.x86_64
- package vim-enhanced-2:8.1.1561-1.fc30.x86_64 is excluded
===================================================================================================================================
Package Architecture Version
Repository Size
===================================================================================================================================
Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
vim-common x86_64
2:8.1.1561-1.fc30 updates 6.7
M
Transaction Summary
===================================================================================================================================
Skip 1 Package
Nothing to do.
Complete!
</pre>
Output after the change. DNF fails with return code 1, but proposing
`--nobest` option as an option to resolve the issue:
<pre>
sudo dnf upgrade
Last metadata expiration check: 2:16:36 ago on Mon 24 Jun 2019 04:27:16 PM CEST.
Error:
Problem: package vim-enhanced-2:8.1.1471-1.fc30.x86_64 requires
vim-common = 2:8.1.1471-1.fc30, but none of the providers can be
installed
- cannot install both vim-common-2:8.1.1561-1.fc30.x86_64 and
vim-common-2:8.1.1471-1.fc30.x86_64
- problem with installed package vim-enhanced-2:8.1.1471-1.fc30.x86_64
- cannot install the best update candidate for package
vim-common-2:8.1.1471-1.fc30.x86_64
- package vim-enhanced-2:8.1.1561-1.fc30.x86_64 is excluded
(try to add '--allowerasing' to command line to replace conflicting
packages or '--skip-broken' to skip uninstallable packages or
'--nobest' to use not only best candidate packages)
</pre>
'''Q&A'''
Can be a default of the best configuration option overwritten easily
and permanently by user?
Yes, just add `best=false` to `/etc/dnf/dnf.conf`
<pre>
[main]
best=False
</pre>
Can be a default of the best configuration option overwritten easily
from commandline?
Yes, just add `--nobest` to command
<pre>
dnf upgrade --nobest
</pre>
What about PackageKit and Gnome Software?
<pre>
PackageKit and Gnome Software will be not affected by the change. In
case that the same behavior will be desired for PackageKit, It will
require changes in PackageKit code.
</pre>
What about Microdnf?
<pre>
Microdnf will be not affected by the change. There is a plan to unify
functional parity and behavior DNF with Microdnf but not before Fedora
33.
</pre>
== Benefit to Fedora ==
This change allows the users to be properly notified when a package
cannot be upgraded to the latest version, instead of silently ignoring
it as an upgrade candidate.
Right now, when DNF runs in `best=0` mode, if a package cannot be
upgraded due to dependency problems, it is skipped and a warning is
printed in the transaction summary table. However, this poses a risk
of important security fixes being overlooked by the user in case they
are broken for some reason, such as due to a repository
misconfiguration or inconsistency within the metadata itself.
Moreover, since DNF always exits with the return code `0` (success)
when in `best=0` mode, this mode is especially risky in automated
scripts invoking DNF in `assumeyes` mode in which case such
unsuccessful package upgrades could easily go unnoticed unless the
logs are manually examined after the fact.
The new behavior is also more in line with the generally accepted
software development practice of failing early and failing fast.
As a secondary benefit, broken upgrade paths in the Fedora
repositories will hopefully be noticed, reported and therefore fixed
sooner. Although, we would prefer if such problems would be detected
before we ship them to users.
'''Summary of benefits:'''
# No silently passed problems with updates
# Broken dependencies faster disappear from Fedora distribution
# Problems will be reported more often - opportunity to fix issues
# Increase in stability of Fedora distribution
# Less issues after branching
# Identical behavior of DNF in all distributions - Fedora/RHEL/Mageia/OpenSuse
== Scope ==
* Proposal owners:
The change is already part of the upstream (dnf-4.1.0) and reverted in
Fedora downstream. The change was composed by following pull requests:
https://github.com/rpm-software-management/libdnf/pull/678<br>
https://github.com/rpm-software-management/dnf/pull/1311<br>
https://github.com/rpm-software-management/dnf/pull/1316<br>
https://github.com/rpm-software-management/dnf/pull/1319
We would like to stop the reverting the changes.
* Other developers: N/A (not a System Wide Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== How To Test ==
N/A (not a System Wide Change)
== User Experience ==
Broken upgrades are recognized early, enabling the users to act upon
them by double-checking their repository configuration or filing bugs,
instead of assuming no upgrades are available.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
If there is a massive negative feedback by the rawhide and pre-beta
users, we can revert the
change at the beta freeze. If there is a massive negative feedback by
the beta users, we can
revert the change at final freeze.
* Contingency mechanism: (What to do? Who will do it?) N/A (not a
System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), Yes/No
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
[USN-4042-1] poppler vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0U0g8ACgkQZWnYVadE
vpOQVQ/+PYVLWatNbryq6W7zSfr8uLejtIenfYCrRIx3/nqSujBw+Fd7cKsQbLFb
3Xz3oI9qpt6PdmKtFkn+XI5DjAtmgOj6F0gUSQsrww++9SDshBfVnyuR3JY/AJxs
AjHELA+20/6ygnyeYeLFS8CLblaAYsffzzhhj4xUBGmA0iZflZmN4IM54skFjrdB
ZNDX2LtL5FzjAo76ckKo/f7/rsQLTZ0CtINactUc0hKkvD6OyWtx3HZ8QOMNUBJw
ynoJjvsYldrkrYTnmkIOoXZnlTu3Hzv0FH4OvzA38mz7pzZ80BqqKTSxzJwH0crh
uUZK5Rl2UHFWReLnOSVXxVK6P81mI3P+ZKb1jFE8DHnGwD1rxvPRCO+X+S2zdFLt
r+/GpEBnGcM+TwlD8R/Wd3RX8ZfFV0QzzgGv/PL7aDHZlggkMaRaz+XP5TUiSXqN
6/715EBvQ2xfDstjsayciuWKSFPGnRywuUpFAqtNN/BBAIF+DgRdhfmhfYd4P4aY
MqRFgo+cv+t0wNn3FROr+HLaj841NLv7nyusFohHRk7qA9ujHBppO46DUaRGIFxj
6rdZBScrDM7iTvJcvzveTFzFlCNpbSBOb/OKzXPnoXBKCDw/6hA70T5yyykh83qs
Ec6wjQx35oRNhZb5XL4QMshB7cVGIOVEqdGp+ZwWIGAM+6PO8Yc=
=1Uzl
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4042-1
June 27, 2019
poppler vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in poppler.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service, or possibly execute arbitrary
code
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libpoppler85 0.74.0-0ubuntu1.2
poppler-utils 0.74.0-0ubuntu1.2
Ubuntu 18.10:
libpoppler79 0.68.0-0ubuntu1.7
poppler-utils 0.68.0-0ubuntu1.7
Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.9
poppler-utils 0.62.0-2ubuntu2.9
Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.14
poppler-utils 0.41.0-0ubuntu1.14
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4042-1
CVE-2017-9865, CVE-2018-18897, CVE-2018-20662, CVE-2019-10018,
CVE-2019-10019, CVE-2019-10021, CVE-2019-10023, CVE-2019-10872,
CVE-2019-10873, CVE-2019-12293, CVE-2019-9200, CVE-2019-9631,
CVE-2019-9903
Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.74.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/poppler/0.68.0-0ubuntu1.7
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.9
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.14
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0U0g8ACgkQZWnYVadE
vpOQVQ/+PYVLWatNbryq6W7zSfr8uLejtIenfYCrRIx3/nqSujBw+Fd7cKsQbLFb
3Xz3oI9qpt6PdmKtFkn+XI5DjAtmgOj6F0gUSQsrww++9SDshBfVnyuR3JY/AJxs
AjHELA+20/6ygnyeYeLFS8CLblaAYsffzzhhj4xUBGmA0iZflZmN4IM54skFjrdB
ZNDX2LtL5FzjAo76ckKo/f7/rsQLTZ0CtINactUc0hKkvD6OyWtx3HZ8QOMNUBJw
ynoJjvsYldrkrYTnmkIOoXZnlTu3Hzv0FH4OvzA38mz7pzZ80BqqKTSxzJwH0crh
uUZK5Rl2UHFWReLnOSVXxVK6P81mI3P+ZKb1jFE8DHnGwD1rxvPRCO+X+S2zdFLt
r+/GpEBnGcM+TwlD8R/Wd3RX8ZfFV0QzzgGv/PL7aDHZlggkMaRaz+XP5TUiSXqN
6/715EBvQ2xfDstjsayciuWKSFPGnRywuUpFAqtNN/BBAIF+DgRdhfmhfYd4P4aY
MqRFgo+cv+t0wNn3FROr+HLaj841NLv7nyusFohHRk7qA9ujHBppO46DUaRGIFxj
6rdZBScrDM7iTvJcvzveTFzFlCNpbSBOb/OKzXPnoXBKCDw/6hA70T5yyykh83qs
Ec6wjQx35oRNhZb5XL4QMshB7cVGIOVEqdGp+ZwWIGAM+6PO8Yc=
=1Uzl
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4042-1
June 27, 2019
poppler vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in poppler.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that poppler incorrectly handled certain files. If a user
or automated system were tricked into opening a crafted PDF file, an
attacker could cause a denial of service, or possibly execute arbitrary
code
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libpoppler85 0.74.0-0ubuntu1.2
poppler-utils 0.74.0-0ubuntu1.2
Ubuntu 18.10:
libpoppler79 0.68.0-0ubuntu1.7
poppler-utils 0.68.0-0ubuntu1.7
Ubuntu 18.04 LTS:
libpoppler73 0.62.0-2ubuntu2.9
poppler-utils 0.62.0-2ubuntu2.9
Ubuntu 16.04 LTS:
libpoppler58 0.41.0-0ubuntu1.14
poppler-utils 0.41.0-0ubuntu1.14
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4042-1
CVE-2017-9865, CVE-2018-18897, CVE-2018-20662, CVE-2019-10018,
CVE-2019-10019, CVE-2019-10021, CVE-2019-10023, CVE-2019-10872,
CVE-2019-10873, CVE-2019-12293, CVE-2019-9200, CVE-2019-9631,
CVE-2019-9903
Package Information:
https://launchpad.net/ubuntu/+source/poppler/0.74.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/poppler/0.68.0-0ubuntu1.7
https://launchpad.net/ubuntu/+source/poppler/0.62.0-2ubuntu2.9
https://launchpad.net/ubuntu/+source/poppler/0.41.0-0ubuntu1.14
[arch-announce] mariadb 10.4.x update requires manual intervention
The update to **mariadb 10.4.6-1** and later changes configuration layout as recommended by upstream.
The main configuration file moved from `/etc/mysql/my.cnf` (and its include directory `/etc/mysql/my.cnf.d/`) to `/etc/my.cnf` (and `/etc/my.cnf.d/`). Make sure to move your configuration.
Instantiated services (like `mariadb@foo.service`) are no longer configured in separate files (like `/etc/mysql/myfoo.cnf`). Instead move your configuration to configuration blocks with group suffix in main configuration file, one for each service. A block should look something like this:
[mysqld.foo]
datadir = /var/lib/mysql-foo
socket = /run/mysqld/mysqld-foo.sock
...
Like every mariadb feature update this requires the data directory to be updated. With the new configuration in place run:
systemctl restart mariadb.service && mariadb-upgrade -u root -p
URL: https://www.archlinux.org/news/mariadb-104x-update-requires-manual-intervention/
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
The main configuration file moved from `/etc/mysql/my.cnf` (and its include directory `/etc/mysql/my.cnf.d/`) to `/etc/my.cnf` (and `/etc/my.cnf.d/`). Make sure to move your configuration.
Instantiated services (like `mariadb@foo.service`) are no longer configured in separate files (like `/etc/mysql/myfoo.cnf`). Instead move your configuration to configuration blocks with group suffix in main configuration file, one for each service. A block should look something like this:
[mysqld.foo]
datadir = /var/lib/mysql-foo
socket = /run/mysqld/mysqld-foo.sock
...
Like every mariadb feature update this requires the data directory to be updated. With the new configuration in place run:
systemctl restart mariadb.service && mariadb-upgrade -u root -p
URL: https://www.archlinux.org/news/mariadb-104x-update-requires-manual-intervention/
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
Wednesday, June 26, 2019
[USN-4040-2] Expat vulnerability
==========================================================================
Ubuntu Security Notice USN-4040-2
June 26, 2019
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Expat could be made to consume a high amount of RAM and CPU
resources if it received a specially crafted XML file.
Software Description:
- expat: XML parsing C library
Details:
USN-4040-1 fixed a vulnerability in expat. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
lib64expat1 2.1.0-4ubuntu1.4+esm1
libexpat1 2.1.0-4ubuntu1.4+esm1
Ubuntu 12.04 ESM:
lib64expat1 2.0.1-7.2ubuntu1.6
libexpat1 2.0.1-7.2ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4040-2
https://usn.ubuntu.com/4040-1
CVE-2018-20843
Ubuntu Security Notice USN-4040-2
June 26, 2019
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Expat could be made to consume a high amount of RAM and CPU
resources if it received a specially crafted XML file.
Software Description:
- expat: XML parsing C library
Details:
USN-4040-1 fixed a vulnerability in expat. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
lib64expat1 2.1.0-4ubuntu1.4+esm1
libexpat1 2.1.0-4ubuntu1.4+esm1
Ubuntu 12.04 ESM:
lib64expat1 2.0.1-7.2ubuntu1.6
libexpat1 2.0.1-7.2ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4040-2
https://usn.ubuntu.com/4040-1
CVE-2018-20843
[USN-4040-1] Expat vulnerability
==========================================================================
Ubuntu Security Notice USN-4040-1
June 26, 2019
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Expat could be made to consume a high amount of RAM and CPU resources
if it received a specially crafted XML file.
Software Description:
- expat: XML parsing C library
Details:
It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libexpat1 2.2.6-1ubuntu0.19.04
Ubuntu 18.10:
libexpat1 2.2.6-1ubuntu0.18.10
Ubuntu 18.04 LTS:
libexpat1 2.2.5-3ubuntu0.1
Ubuntu 16.04 LTS:
lib64expat1 2.1.0-7ubuntu0.16.04.4
libexpat1 2.1.0-7ubuntu0.16.04.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4040-1
CVE-2018-20843
Package Information:
https://launchpad.net/ubuntu/+source/expat/2.2.6-1ubuntu0.19.04
https://launchpad.net/ubuntu/+source/expat/2.2.6-1ubuntu0.18.10
https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.1
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.4
Ubuntu Security Notice USN-4040-1
June 26, 2019
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Expat could be made to consume a high amount of RAM and CPU resources
if it received a specially crafted XML file.
Software Description:
- expat: XML parsing C library
Details:
It was discovered that Expat incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libexpat1 2.2.6-1ubuntu0.19.04
Ubuntu 18.10:
libexpat1 2.2.6-1ubuntu0.18.10
Ubuntu 18.04 LTS:
libexpat1 2.2.5-3ubuntu0.1
Ubuntu 16.04 LTS:
lib64expat1 2.1.0-7ubuntu0.16.04.4
libexpat1 2.1.0-7ubuntu0.16.04.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4040-1
CVE-2018-20843
Package Information:
https://launchpad.net/ubuntu/+source/expat/2.2.6-1ubuntu0.19.04
https://launchpad.net/ubuntu/+source/expat/2.2.6-1ubuntu0.18.10
https://launchpad.net/ubuntu/+source/expat/2.2.5-3ubuntu0.1
https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.4
Fedora 31 System-Wide Change proposal: Python means Python3
https://fedoraproject.org/wiki/Changes/Python_means_Python3
== Summary ==
In package and command names, "Python" will mean "Python 3".
Users installing and running Python or Python packages without
specifying a version will get Python 3.
Running <code>python</code> will run <code>python3</code>. Running
<code>pytest</code> will run the Python 3 version of pytest, and
similarly for <code>pydoc</code>, <code>pylint</code>, etc.
<code>dnf install python</code> will install {{package|python3}}, and
similarly for other <code>python-*</code> provides, e.g. <code>dnf
install python-requests</code> will install
{{package|python3-requests}}.
This is the final preparation for
[https://fedoraproject.org/wiki/Changes/RetirePython2 the retirement
of Python 2 in Fedora 32] done in line with the
[https://github.com/python/peps/pull/989 soon to be finalized]
upstream recommendations.
== Owner ==
* Name: [[User:Churchyard| Miro Hrončok]]
* Name: [[User:Pviktori| Petr Viktorin]]
* Email: <python-maint@redhat.com>
== Detailed Description ==
=== Motivation ===
The final upstream release of Python 2 is planned for January 2020. No
further fixes will be made upstream. Most of Fedora 31's lifetime is
after that date. Python 2 will be maintained only by its Fedora
maintainers.
In preparation for removing Python 2 from Fedora entirely, we will
make the unqualified name "Python" refer to the fully supported
version.
This is in line with upstream changes to
[https://www.python.org/dev/peps/pep-0394/ PEP 394] recommendations.
(At the time of this writing, these changes are still
[https://github.com/python/peps/pull/989 being finalized], but
recommendations for Linux distributions are accepted.)
This completes the work started with Fedora 23's
[https://fedoraproject.org/wiki/Changes/Python_3_as_Default "Python 3
as Default"] change, with only
[https://fedoraproject.org/wiki/Changes/RetirePython2 removing Python
2] left to do.
=== What is being changed ===
The following changes will be made both in the
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
Python packaging guidelines] and the actual packages.
==== Package provides ====
'''Before:''' Packages with Python 2 modules used to provide the
unversioned <code>python-</code> name. Users could do <code>dnf
install python-requests</code> and the {{package|python2-requests}}
package would be installed.
'''After:''' Packages with Python 3 modules will provide the
unversioned <code>python-</code> name. Users can do <code>dnf install
python-requests</code> and the {{package|python3-requests}} package
will be installed.
This applies to the {{package|python3}}/{{package|python2}} package as
well as packages with Python modules. <code>dnf install python</code>
will install {{package|python3}}.
The vast majority of packages will be updated by changing
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_the_python_provide_macro
the %python-provide macro], with no changes in the individual spec
files. The change owners will change the macro before the mass
rebuild.
==== Python command ====
'''Before:''' The <code>/usr/bin/python</code> command was a symbolic
link to <code>/usr/bin/python2</code> living in the
{{package|python-unversioned-command}} subpackage of
{{package|python2}}. {{package|python2}} recommended
{{package|python-unversioned-command}}, so most users got the command
by default when {{package|python2}} was installed.
'''After:''' The <code>/usr/bin/python</code> command will be a
symbolic link to <code>/usr/bin/python3</code> living in the
{{package|python-unversioned-command}} subpackage of
{{package|python3}}. {{package|python3}} will recommend
{{package|python-unversioned-command}}, so most users will get the
command by default when {{package|python3}} is installed (and it is
installed by default).
==== Other commands ====
Similarly, the Python-specific commands will switch from Python 2 to
Python 3. This includes at least the following commands:
* pip
* python-config
* wheel
* idle
* pydoc
* pytest
* nosetest
* pycodestyle
* pylint
* epylint
* pyreverse
* symilar
* unit2
* msgfmt.py
* pygettext.py
* flask
* ipython
* f2py
* ipdb
* easy_install
* ...
This list is incomplete, automation is yet to be created to discover
all such commands.
Note that applications like <code>pygmentize</code> or
<code>cython</code>, whose behavior doesn't depend on the Python
version, are not affected. (By current guidelines, they should be
already using Python 3 if possible.)
=== Changes needed by Python package maintainers ===
This section of the change covers action needed from Python package
maintainers. Most of the packages need no change, but there are
several exceptions.
==== Packages with ambiguous names ====
Tracked at: https://fedora.portingdb.xyz/namingpolicy/
If your package with a Python 2 module or plugin is named with
unversioned <code>python</code> (such as for example
<code>claws-mail-plugins-python</code> or <code>PyQt4</code>), it
needs to be removed or renamed to have <code>python2</code> in the
name (such as, for example, <code>claws-mail-plugins-python2</code> or
<code>python2-PyQt4</code>).
If your package is an application that happens to be written in Python
2 (such as {{package|calibre}}), no renaming is needed (applications
don't need the <code>python-</code>, <code>python2-</code> or
<code>python3-</code> prefix).
==== Packages with ambiguous requires ====
Tracked at: https://fedora.portingdb.xyz/namingpolicy/
If your package depends on (Requires, BuildRequires, Recommends, etc.)
a Python package with unversioned Python name (such as for example:
systemd-python, python-setuptools, PyQt5, pycairo), it will now get
resolved to the Python 3 version. Such dependencies need to be updated
to specific Python 2 or Python 3 names (such as for example:
pythonX-systemd, pythonX-setuptools, pythonX-qt5, pythonX-cairo where
X is either 2 or 3).
==== Packages with ambiguous provides ====
Most of the backwards compatibility <code>python-*</code> provides are
handled by the %python_provide macro and the change owners will change
the macro behavior, so you don't have to worry about those.
However, sometimes manual provides were added. If your package has
some manual backwards compatibility provides for Python 2 packages,
those need to be moved to the Python 3 packages or removed.
For example, before this change, the {{package|python2-m2crypto}}
package provided and obsoleted <code>m2crypto</code>. Instead, the
{{package|python3-m2crypto}} package should do that after this change.
==== Packages with missing %python_provide ====
The <code>%python_provide</code> macro used to do nothing for Python 3
packages. As such, it was often forgotten and only used with the
Python 2 packages.
Packagers of Python 3 packages should make sure to use the
<code>%python_provide</code> macro according to the guidelines:
%package -n python3-%{srcname}
...
%{?python_provide:%python_provide python3-%{srcname}}
==== Packages with Python versioned commands and tools ====
Some packages have two versions of the provided commands. For example,
the {{package|python2-pytest}} package has
<code>/usr/bin/pytest-2</code> and <code>/usr/bin/pytest-2.7</code>,
the {{package|python3-pytest}} package has
<code>/usr/bin/pytest-3</code> and <code>/usr/bin/pytest-3.X</code>.
The unversioned <code>/usr/bin/pytest</code> command used to be a
symbolic link to <code>/usr/bin/pytest-2</code>. Now it needs to be
changed to <code>/usr/bin/pytest-3</code> and moved to the
{{package|python3-pytest}} package.
For some packages, such duplication makes no sense, because the user
sees no difference. For example, there should be just one
<code>/usr/bin/pygmentize</code> -- the user doesn't care if it runs
on Python 3, Python 2 or if it is written in Rust. This is not a new
rule, but if your package is not following it, now is a good time to
make sure the tool uses Python 3.
==== Packages that need unversioned Python to be Python 2 ====
Since Fedora 29, a
[https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package
specific workaround is needed] to use the <code>python</code> command
as Python 2.
This workaround will now bring Python 3.
If that does not work for your package, you'll need to fix it (patch
it) or retire it from Fedora.
If you only need the <code>python</code> command to mean Python 2
during package build, you can do something like this:
mkdir tmp_path
ln -s %{__python2} tmp_path/python
PATH=$(pwd)/tmp_path:$PATH make ...
However, if your package uses the <code>python</code> command during
runtime, this ugly workaround won't work.
== Benefit to Fedora ==
The name "Python" will not refer to software that will be unmaintained
upstream for most of Fedora 31's lifetime and
[https://fedoraproject.org/wiki/Changes/RetirePython2 retired from
Fedora 32].
== Scope ==
* Proposal owners:
** Changes in {{package|python3}}, {{package|python2}} packages:
*** make <code>/usr/bin/python</code> link to
<code>/usr/bin/python3</code> instead of <code>/usr/bin/python2</code>
(+ the same for other executables there)
*** make {{package|python-unversioned-command}} a subpackage of
{{package|python3}} instead of {{package|python2}}
*** make {{package|python3}} (instead of {{package|python2}})
recommend {{package|python-unversioned-command}}
** Changes in other commands:
*** switch pytest, nosetests, ipython, pip... to python3 (see Detailed
Description for the actual list)
** Changes in {{package|python-rpm-macros}}:
*** make <code>%python_provide</code> provide <code>python-foo</code>
for <code>python3-foo</code> instead of for <code>python2-foo</code>
** Let the mass rebuild change the provides based on the
<code>%python_provide</code> change
** Examine the failures and provide help to package maintainers
** File bugs for remaining packages that provide <code>python-x</code>
or <code>x-python</code> for Python 2
* Other developers (Python package maintainers, see Detailed Description):
** Everybody: Make sure that you require and use python2 or python3
packages explicitly
** If your package provides <code>python-*</code> or
<code>*-python</code> for a Python 2 package by other means than the
<code>%python_provide</code> macro, move that to the Python 3 package
(or remove entirely if not applicable)
** Fix or retire your package if it requires the unversioned
<code>python</code> command to be Python 2
* Release engineering: [https://pagure.io/releng/issue/8482 #8482]
* Policies and guidelines:
** Slightly adapt
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_the_python_provide_macro
the %pyton_provide macro] section of the Python packaging guidelines
and the [https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/
Python Appendix].
* Trademark approval: not needed
== Upgrade/compatibility impact ==
Custom scripts with <code>python</code> shebangs will invoke Python 3
by default, whereas previosuly they invoked Python 2 by default. See
the User Experience section for details.
== How To Test ==
For your favorite Python 3 package, check that it can be installed
with the ambiguous Python name. For example, check that <code>dnf
install python-pip</code> installs {{package|pyhon3-pip}} instead of
{{package|pyhon2-pip}}.
For your favorite Python command, check that it invokes the Python 3
version. For example, check that <code>python</code> runs Python 3.
== User Experience ==
Users who run <code>python</code> directly will get Python 3.
Users who run <code>pip</code> directly will get pip for Python 3.
Users who run <code>pytest</code> directly will get Python 3 pytest
for Python 3.
...
Scripts with ambiguous Python shebangs (<code>#!/usr/bin/python</code>
or <code>#!/usr/bin/env python</code>) will be executed by Python 3 by
default.
If users need the <code>python</code> command or the
<code>#!/usr/bin/env python</code> shebang to run Python 2, they can
easily do that by:
ln -s /usr/bin/python2 ~/.local/bin/python
Similarly, sysadmins can do that system-wide:
ln -s /usr/bin/python2 /usr/local/bin/python
If users don't want the python command at all, they can <code>dnf
remove python-unversioned-command</code>.
== Dependencies ==
Most packages that provide Python version-specific functionality will
be affected. However, the Change owners include proven packagers and
they maintain python-rpm-macros, so most will not need packager
attention.
We depend on the Fedora mass rebuild to adjust macro-generated package provides.
(Also, the PEP 394 update could be delayed, or even rejected/changed.
Even if that happens, this Change will not be affected: Fedora would
depart from following the upstream recommendations.)
There are currently (2019-06-25)
[https://fedora.portingdb.xyz/namingpolicy/ 90 packages left with
ambiguous Python requires]. Those need to be adapted. Lot of them
unfortunately Fail to Build From Source and will be retired before the
Fedora 31 branching.
== Contingency Plan ==
* Contingency mechanism: revert the changes, mass rebuild packages
with the original <code>%python_provide</code> macro
* Contingency deadline: beta freeze
* Blocks release? No
* Blocks product? No
== Documentation ==
* Updated Packaging guidelines
* This Change page
== Release Notes ==
TBD. Check User Experience section.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
In package and command names, "Python" will mean "Python 3".
Users installing and running Python or Python packages without
specifying a version will get Python 3.
Running <code>python</code> will run <code>python3</code>. Running
<code>pytest</code> will run the Python 3 version of pytest, and
similarly for <code>pydoc</code>, <code>pylint</code>, etc.
<code>dnf install python</code> will install {{package|python3}}, and
similarly for other <code>python-*</code> provides, e.g. <code>dnf
install python-requests</code> will install
{{package|python3-requests}}.
This is the final preparation for
[https://fedoraproject.org/wiki/Changes/RetirePython2 the retirement
of Python 2 in Fedora 32] done in line with the
[https://github.com/python/peps/pull/989 soon to be finalized]
upstream recommendations.
== Owner ==
* Name: [[User:Churchyard| Miro Hrončok]]
* Name: [[User:Pviktori| Petr Viktorin]]
* Email: <python-maint@redhat.com>
== Detailed Description ==
=== Motivation ===
The final upstream release of Python 2 is planned for January 2020. No
further fixes will be made upstream. Most of Fedora 31's lifetime is
after that date. Python 2 will be maintained only by its Fedora
maintainers.
In preparation for removing Python 2 from Fedora entirely, we will
make the unqualified name "Python" refer to the fully supported
version.
This is in line with upstream changes to
[https://www.python.org/dev/peps/pep-0394/ PEP 394] recommendations.
(At the time of this writing, these changes are still
[https://github.com/python/peps/pull/989 being finalized], but
recommendations for Linux distributions are accepted.)
This completes the work started with Fedora 23's
[https://fedoraproject.org/wiki/Changes/Python_3_as_Default "Python 3
as Default"] change, with only
[https://fedoraproject.org/wiki/Changes/RetirePython2 removing Python
2] left to do.
=== What is being changed ===
The following changes will be made both in the
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/
Python packaging guidelines] and the actual packages.
==== Package provides ====
'''Before:''' Packages with Python 2 modules used to provide the
unversioned <code>python-</code> name. Users could do <code>dnf
install python-requests</code> and the {{package|python2-requests}}
package would be installed.
'''After:''' Packages with Python 3 modules will provide the
unversioned <code>python-</code> name. Users can do <code>dnf install
python-requests</code> and the {{package|python3-requests}} package
will be installed.
This applies to the {{package|python3}}/{{package|python2}} package as
well as packages with Python modules. <code>dnf install python</code>
will install {{package|python3}}.
The vast majority of packages will be updated by changing
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_the_python_provide_macro
the %python-provide macro], with no changes in the individual spec
files. The change owners will change the macro before the mass
rebuild.
==== Python command ====
'''Before:''' The <code>/usr/bin/python</code> command was a symbolic
link to <code>/usr/bin/python2</code> living in the
{{package|python-unversioned-command}} subpackage of
{{package|python2}}. {{package|python2}} recommended
{{package|python-unversioned-command}}, so most users got the command
by default when {{package|python2}} was installed.
'''After:''' The <code>/usr/bin/python</code> command will be a
symbolic link to <code>/usr/bin/python3</code> living in the
{{package|python-unversioned-command}} subpackage of
{{package|python3}}. {{package|python3}} will recommend
{{package|python-unversioned-command}}, so most users will get the
command by default when {{package|python3}} is installed (and it is
installed by default).
==== Other commands ====
Similarly, the Python-specific commands will switch from Python 2 to
Python 3. This includes at least the following commands:
* pip
* python-config
* wheel
* idle
* pydoc
* pytest
* nosetest
* pycodestyle
* pylint
* epylint
* pyreverse
* symilar
* unit2
* msgfmt.py
* pygettext.py
* flask
* ipython
* f2py
* ipdb
* easy_install
* ...
This list is incomplete, automation is yet to be created to discover
all such commands.
Note that applications like <code>pygmentize</code> or
<code>cython</code>, whose behavior doesn't depend on the Python
version, are not affected. (By current guidelines, they should be
already using Python 3 if possible.)
=== Changes needed by Python package maintainers ===
This section of the change covers action needed from Python package
maintainers. Most of the packages need no change, but there are
several exceptions.
==== Packages with ambiguous names ====
Tracked at: https://fedora.portingdb.xyz/namingpolicy/
If your package with a Python 2 module or plugin is named with
unversioned <code>python</code> (such as for example
<code>claws-mail-plugins-python</code> or <code>PyQt4</code>), it
needs to be removed or renamed to have <code>python2</code> in the
name (such as, for example, <code>claws-mail-plugins-python2</code> or
<code>python2-PyQt4</code>).
If your package is an application that happens to be written in Python
2 (such as {{package|calibre}}), no renaming is needed (applications
don't need the <code>python-</code>, <code>python2-</code> or
<code>python3-</code> prefix).
==== Packages with ambiguous requires ====
Tracked at: https://fedora.portingdb.xyz/namingpolicy/
If your package depends on (Requires, BuildRequires, Recommends, etc.)
a Python package with unversioned Python name (such as for example:
systemd-python, python-setuptools, PyQt5, pycairo), it will now get
resolved to the Python 3 version. Such dependencies need to be updated
to specific Python 2 or Python 3 names (such as for example:
pythonX-systemd, pythonX-setuptools, pythonX-qt5, pythonX-cairo where
X is either 2 or 3).
==== Packages with ambiguous provides ====
Most of the backwards compatibility <code>python-*</code> provides are
handled by the %python_provide macro and the change owners will change
the macro behavior, so you don't have to worry about those.
However, sometimes manual provides were added. If your package has
some manual backwards compatibility provides for Python 2 packages,
those need to be moved to the Python 3 packages or removed.
For example, before this change, the {{package|python2-m2crypto}}
package provided and obsoleted <code>m2crypto</code>. Instead, the
{{package|python3-m2crypto}} package should do that after this change.
==== Packages with missing %python_provide ====
The <code>%python_provide</code> macro used to do nothing for Python 3
packages. As such, it was often forgotten and only used with the
Python 2 packages.
Packagers of Python 3 packages should make sure to use the
<code>%python_provide</code> macro according to the guidelines:
%package -n python3-%{srcname}
...
%{?python_provide:%python_provide python3-%{srcname}}
==== Packages with Python versioned commands and tools ====
Some packages have two versions of the provided commands. For example,
the {{package|python2-pytest}} package has
<code>/usr/bin/pytest-2</code> and <code>/usr/bin/pytest-2.7</code>,
the {{package|python3-pytest}} package has
<code>/usr/bin/pytest-3</code> and <code>/usr/bin/pytest-3.X</code>.
The unversioned <code>/usr/bin/pytest</code> command used to be a
symbolic link to <code>/usr/bin/pytest-2</code>. Now it needs to be
changed to <code>/usr/bin/pytest-3</code> and moved to the
{{package|python3-pytest}} package.
For some packages, such duplication makes no sense, because the user
sees no difference. For example, there should be just one
<code>/usr/bin/pygmentize</code> -- the user doesn't care if it runs
on Python 3, Python 2 or if it is written in Rust. This is not a new
rule, but if your package is not following it, now is a good time to
make sure the tool uses Python 3.
==== Packages that need unversioned Python to be Python 2 ====
Since Fedora 29, a
[https://fedoraproject.org/wiki/Changes/Move_usr_bin_python_into_separate_package
specific workaround is needed] to use the <code>python</code> command
as Python 2.
This workaround will now bring Python 3.
If that does not work for your package, you'll need to fix it (patch
it) or retire it from Fedora.
If you only need the <code>python</code> command to mean Python 2
during package build, you can do something like this:
mkdir tmp_path
ln -s %{__python2} tmp_path/python
PATH=$(pwd)/tmp_path:$PATH make ...
However, if your package uses the <code>python</code> command during
runtime, this ugly workaround won't work.
== Benefit to Fedora ==
The name "Python" will not refer to software that will be unmaintained
upstream for most of Fedora 31's lifetime and
[https://fedoraproject.org/wiki/Changes/RetirePython2 retired from
Fedora 32].
== Scope ==
* Proposal owners:
** Changes in {{package|python3}}, {{package|python2}} packages:
*** make <code>/usr/bin/python</code> link to
<code>/usr/bin/python3</code> instead of <code>/usr/bin/python2</code>
(+ the same for other executables there)
*** make {{package|python-unversioned-command}} a subpackage of
{{package|python3}} instead of {{package|python2}}
*** make {{package|python3}} (instead of {{package|python2}})
recommend {{package|python-unversioned-command}}
** Changes in other commands:
*** switch pytest, nosetests, ipython, pip... to python3 (see Detailed
Description for the actual list)
** Changes in {{package|python-rpm-macros}}:
*** make <code>%python_provide</code> provide <code>python-foo</code>
for <code>python3-foo</code> instead of for <code>python2-foo</code>
** Let the mass rebuild change the provides based on the
<code>%python_provide</code> change
** Examine the failures and provide help to package maintainers
** File bugs for remaining packages that provide <code>python-x</code>
or <code>x-python</code> for Python 2
* Other developers (Python package maintainers, see Detailed Description):
** Everybody: Make sure that you require and use python2 or python3
packages explicitly
** If your package provides <code>python-*</code> or
<code>*-python</code> for a Python 2 package by other means than the
<code>%python_provide</code> macro, move that to the Python 3 package
(or remove entirely if not applicable)
** Fix or retire your package if it requires the unversioned
<code>python</code> command to be Python 2
* Release engineering: [https://pagure.io/releng/issue/8482 #8482]
* Policies and guidelines:
** Slightly adapt
[https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_the_python_provide_macro
the %pyton_provide macro] section of the Python packaging guidelines
and the [https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/
Python Appendix].
* Trademark approval: not needed
== Upgrade/compatibility impact ==
Custom scripts with <code>python</code> shebangs will invoke Python 3
by default, whereas previosuly they invoked Python 2 by default. See
the User Experience section for details.
== How To Test ==
For your favorite Python 3 package, check that it can be installed
with the ambiguous Python name. For example, check that <code>dnf
install python-pip</code> installs {{package|pyhon3-pip}} instead of
{{package|pyhon2-pip}}.
For your favorite Python command, check that it invokes the Python 3
version. For example, check that <code>python</code> runs Python 3.
== User Experience ==
Users who run <code>python</code> directly will get Python 3.
Users who run <code>pip</code> directly will get pip for Python 3.
Users who run <code>pytest</code> directly will get Python 3 pytest
for Python 3.
...
Scripts with ambiguous Python shebangs (<code>#!/usr/bin/python</code>
or <code>#!/usr/bin/env python</code>) will be executed by Python 3 by
default.
If users need the <code>python</code> command or the
<code>#!/usr/bin/env python</code> shebang to run Python 2, they can
easily do that by:
ln -s /usr/bin/python2 ~/.local/bin/python
Similarly, sysadmins can do that system-wide:
ln -s /usr/bin/python2 /usr/local/bin/python
If users don't want the python command at all, they can <code>dnf
remove python-unversioned-command</code>.
== Dependencies ==
Most packages that provide Python version-specific functionality will
be affected. However, the Change owners include proven packagers and
they maintain python-rpm-macros, so most will not need packager
attention.
We depend on the Fedora mass rebuild to adjust macro-generated package provides.
(Also, the PEP 394 update could be delayed, or even rejected/changed.
Even if that happens, this Change will not be affected: Fedora would
depart from following the upstream recommendations.)
There are currently (2019-06-25)
[https://fedora.portingdb.xyz/namingpolicy/ 90 packages left with
ambiguous Python requires]. Those need to be adapted. Lot of them
unfortunately Fail to Build From Source and will be retired before the
Fedora 31 branching.
== Contingency Plan ==
* Contingency mechanism: revert the changes, mass rebuild packages
with the original <code>%python_provide</code> macro
* Contingency deadline: beta freeze
* Blocks release? No
* Blocks product? No
== Documentation ==
* Updated Packaging guidelines
* This Change page
== Release Notes ==
TBD. Check User Experience section.
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Planned Outage - fedoraproject.org/wiki - 2019-06-27 21:00 UTC
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEESz7rprBJHpbnMnrQSzew2A/7u14FAl0Tr0cACgkQSzew2A/7
u17YpA/7B/cywEL8q/xmOujCQo6k6419sjODqRoBC/JH0WU/6eDO7GLjWXAP+sG+
YwSWnLo9YFHQ09tQj00bXKrlTbw6eeX1u58qhmmLy7zVSJDOWuz6/yekoyGrIV8V
33j/xglV5wA8mE3RPNaE1lAVKcDwHXTJ8ErrKk9GIoeSdr5dvFSQzAjzIH9t6i+s
0aOMzIrUzcCE+maWuUdRkoFIU+oIBu1MCtb0BiX6y1DO6ZTgMRBQsc73x27sqvVf
ivB9hyrvFS6pGVG3XphKgRQAh8tt4sTGbS7gi56q/SP9YweG4b6w9nxngnqBXTW7
CDOL8XUKlERgFy++HwAzIztEXs3eEt7LZZ5/vUDGl7itAksF9+uB+oqvBxVqYKgq
esk6GFHIHniktBODxizdKJpBf5C0gGJz83G7b2+BBIK+glXA1t5Gloridx+VVvtc
8i7TaX8mUtBCXRtwIIXODhIIBpgMNXJYcXgCW+coBAWGGW5PeYJhKW1O3DyaUl12
XyeEyTYNv4w+tWjl/PXDXYKJJRAbLE/zJXeDmeQHsS8rg5CK+8q2WQwEpzQyeAF1
WgLbJvZ31D2i4ZdHxuv4ayUGUlBr1RxjvfkrneMI/BU68L13sBwMue3PsgSa3edQ
fddiYK5FF5PDMsBXwwDDWajv60k3zAhDCHnZxZuMbjvdDGA4G14=
=I9Hg
-----END PGP SIGNATURE-----
Planned Outage - fedoraproject.org/wiki - 2019-06-27 21:00 UTC
There will be an outage starting at 2019-06-27 21:00 UTC ,
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2019-06-27 21:00UTC'
Reason for outage:
We will be updating the nodes running mediawiki to Fedora 30 and thus
also upgrading mediawiki to a newer version. The last scheduled upgrade
was aborted due to some issues found in staging. These issues have been
fixed and we are ready to finally upgrade.
Affected Services:
https://fedoraproject.org/wiki
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/7942
Please join #fedora-admin or #fedora-noc on irc.freenode.net
or add comments to the ticket for this outage above.
iQIzBAEBCgAdFiEESz7rprBJHpbnMnrQSzew2A/7u14FAl0Tr0cACgkQSzew2A/7
u17YpA/7B/cywEL8q/xmOujCQo6k6419sjODqRoBC/JH0WU/6eDO7GLjWXAP+sG+
YwSWnLo9YFHQ09tQj00bXKrlTbw6eeX1u58qhmmLy7zVSJDOWuz6/yekoyGrIV8V
33j/xglV5wA8mE3RPNaE1lAVKcDwHXTJ8ErrKk9GIoeSdr5dvFSQzAjzIH9t6i+s
0aOMzIrUzcCE+maWuUdRkoFIU+oIBu1MCtb0BiX6y1DO6ZTgMRBQsc73x27sqvVf
ivB9hyrvFS6pGVG3XphKgRQAh8tt4sTGbS7gi56q/SP9YweG4b6w9nxngnqBXTW7
CDOL8XUKlERgFy++HwAzIztEXs3eEt7LZZ5/vUDGl7itAksF9+uB+oqvBxVqYKgq
esk6GFHIHniktBODxizdKJpBf5C0gGJz83G7b2+BBIK+glXA1t5Gloridx+VVvtc
8i7TaX8mUtBCXRtwIIXODhIIBpgMNXJYcXgCW+coBAWGGW5PeYJhKW1O3DyaUl12
XyeEyTYNv4w+tWjl/PXDXYKJJRAbLE/zJXeDmeQHsS8rg5CK+8q2WQwEpzQyeAF1
WgLbJvZ31D2i4ZdHxuv4ayUGUlBr1RxjvfkrneMI/BU68L13sBwMue3PsgSa3edQ
fddiYK5FF5PDMsBXwwDDWajv60k3zAhDCHnZxZuMbjvdDGA4G14=
=I9Hg
-----END PGP SIGNATURE-----
Planned Outage - fedoraproject.org/wiki - 2019-06-27 21:00 UTC
There will be an outage starting at 2019-06-27 21:00 UTC ,
which will last approximately 2 hours.
To convert UTC to your local time, take a look at
http://fedoraproject.org/wiki/Infrastructure/UTCHowto
or run:
date -d '2019-06-27 21:00UTC'
Reason for outage:
We will be updating the nodes running mediawiki to Fedora 30 and thus
also upgrading mediawiki to a newer version. The last scheduled upgrade
was aborted due to some issues found in staging. These issues have been
fixed and we are ready to finally upgrade.
Affected Services:
https://fedoraproject.org/wiki
Ticket Link:
https://pagure.io/fedora-infrastructure/issue/7942
Please join #fedora-admin or #fedora-noc on irc.freenode.net
or add comments to the ticket for this outage above.
Final reminder: F31 Change proposals that require infra changes due today
If you have a Change proposal that requires changes to Infrastructure,
those proposals must be submitted (i.e. in ChangeReadyForWrangler
category) today, 26 June.
Other deadlines approaching:
* 2019-07-02 — Changes requiring mass rebuild
* 2019-07-02 — System-Wide changes
* 2019-07-23 — Self-contained changes
For more development milestones in the F31 schedule, see:
https://fedorapeople.org/groups/schedule/f-31/f-31-devel-tasks.html
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
those proposals must be submitted (i.e. in ChangeReadyForWrangler
category) today, 26 June.
Other deadlines approaching:
* 2019-07-02 — Changes requiring mass rebuild
* 2019-07-02 — System-Wide changes
* 2019-07-23 — Self-contained changes
For more development milestones in the F31 schedule, see:
https://fedorapeople.org/groups/schedule/f-31/f-31-devel-tasks.html
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
[USN-4038-2] bzip2 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4038-2
June 26, 2019
bzip2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in bzip2.
Software Description:
- bzip2: high-quality block-sorting file compressor - utilities
Details:
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
bzip2 1.0.6-5ubuntu0.1~esm1
lib32bz2-1.0 1.0.6-5ubuntu0.1~esm1
lib64bz2-1.0 1.0.6-5ubuntu0.1~esm1
libbz2-1.0 1.0.6-5ubuntu0.1~esm1
Ubuntu 12.04 ESM:
bzip2 1.0.6-1ubuntu0.1
lib32bz2-1.0 1.0.6-1ubuntu0.1
lib64bz2-1.0 1.0.6-1ubuntu0.1
libbz2-1.0 1.0.6-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4038-2
https://usn.ubuntu.com/4038-1
CVE-2016-3189, CVE-2019-12900
Ubuntu Security Notice USN-4038-2
June 26, 2019
bzip2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in bzip2.
Software Description:
- bzip2: high-quality block-sorting file compressor - utilities
Details:
USN-4038-1 fixed several vulnerabilities in bzip2. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 ESM:
bzip2 1.0.6-5ubuntu0.1~esm1
lib32bz2-1.0 1.0.6-5ubuntu0.1~esm1
lib64bz2-1.0 1.0.6-5ubuntu0.1~esm1
libbz2-1.0 1.0.6-5ubuntu0.1~esm1
Ubuntu 12.04 ESM:
bzip2 1.0.6-1ubuntu0.1
lib32bz2-1.0 1.0.6-1ubuntu0.1
lib64bz2-1.0 1.0.6-1ubuntu0.1
libbz2-1.0 1.0.6-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4038-2
https://usn.ubuntu.com/4038-1
CVE-2016-3189, CVE-2019-12900
[USN-4038-1] bzip2 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-4038-1
June 26, 2019
bzip2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in bzip2.
Software Description:
- bzip2: high-quality block-sorting file compressor - utilities
Details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
bzip2 1.0.6-9ubuntu0.19.04
libbz2-1.0 1.0.6-9ubuntu0.19.04
Ubuntu 18.10:
bzip2 1.0.6-9ubuntu0.18.10
libbz2-1.0 1.0.6-9ubuntu0.18.10
Ubuntu 18.04 LTS:
bzip2 1.0.6-8.1ubuntu0.1
libbz2-1.0 1.0.6-8.1ubuntu0.1
Ubuntu 16.04 LTS:
bzip2 1.0.6-8ubuntu0.1
libbz2-1.0 1.0.6-8ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4038-1
CVE-2016-3189, CVE-2019-12900
Package Information:
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.19.04
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.18.10
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8.1ubuntu0.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.1
Ubuntu Security Notice USN-4038-1
June 26, 2019
bzip2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in bzip2.
Software Description:
- bzip2: high-quality block-sorting file compressor - utilities
Details:
Aladdin Mubaied discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 16.04 LTS. (CVE-2016-3189)
It was discovered that bzip2 incorrectly handled certain files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-12900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
bzip2 1.0.6-9ubuntu0.19.04
libbz2-1.0 1.0.6-9ubuntu0.19.04
Ubuntu 18.10:
bzip2 1.0.6-9ubuntu0.18.10
libbz2-1.0 1.0.6-9ubuntu0.18.10
Ubuntu 18.04 LTS:
bzip2 1.0.6-8.1ubuntu0.1
libbz2-1.0 1.0.6-8.1ubuntu0.1
Ubuntu 16.04 LTS:
bzip2 1.0.6-8ubuntu0.1
libbz2-1.0 1.0.6-8ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4038-1
CVE-2016-3189, CVE-2019-12900
Package Information:
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.19.04
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-9ubuntu0.18.10
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8.1ubuntu0.1
https://launchpad.net/ubuntu/+source/bzip2/1.0.6-8ubuntu0.1
Tuesday, June 25, 2019
Fedora 31 System-Wide Change proposal: Golang 1.13
https://fedoraproject.org/wiki/Changes/golang1.13
== Summary ==
Rebase of Golang package to upcoming version 1.13 in Fedora 31,
including rebuild of all dependent packages(pre-release version of Go
will be used for rebuild, if released version will not be available at
the time of the mass rebuild).
== Owner ==
* Name: [[User:Jcajka| Jakub Čajka]]
* Email: jcajka@redhat.com
== Detailed Description ==
Rebase of Golang package to upcoming version 1.13 in Fedora 31. Golang
1.13 is schedule to be released in Aug.
Due to current nature and state of Go packages, rebuild of dependent
package will be required to pick up the changes.
With this rebase we will slightly deviate from upstream default
config. By setting GOSUMDB=off and GOPROXY=direct, instead of them set
to the default Google's services(or any other provider). This will
still preserve the ability of users to set the nobs to value of their
liking. By setting this we will prevent unintended (personal)
information leaks. There will be no impact on users of the compiler.
== Benefit to Fedora ==
Staying closely behind upstream by providing latest release of golang,
which includes performance improvements and improvements in support
for currently supported platforms among other bug fixes and new
features. For complete list of changes see upstream change notes at
https://tip.golang.org/doc/go1.13 . In result Fedora will be providing
solid development platform for Go language.
== Scope ==
* Proposal owners: Rebase golang package in f31, help with resolving
possible issues found during package rebuilds.
* Other developers: fix possible issues with help from golang maintainers
* Release engineering: Rebuild of dependent packages as part of
planned mass-rebuild. https://pagure.io/releng/issue/8481
* Policies and guidelines: N/A
* Trademark approval: N/A
== Upgrade/compatibility impact ==
None
== How To Test ==
;0.
:a)Install golang 1.13 from rawhide and use it to build your
application(s)/package(s).
:b)Scratch build against rawhide.
;1.
:Your application/package built using golang 1.13 should work as expected.
== User Experience ==
None
== Dependencies ==
(see wiki page)
Not all of listed require re-build as they might not ship binaries.
== Contingency Plan ==
* Contingency mechanism:Reverting to golang version 1.12.X if
significatnt issues are discovered.
* Contingency deadline: Beta Freeze(?)
* Blocks release? No
* Blocks product? No
== Documentation ==
https://tip.golang.org/doc/go1.13
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
== Summary ==
Rebase of Golang package to upcoming version 1.13 in Fedora 31,
including rebuild of all dependent packages(pre-release version of Go
will be used for rebuild, if released version will not be available at
the time of the mass rebuild).
== Owner ==
* Name: [[User:Jcajka| Jakub Čajka]]
* Email: jcajka@redhat.com
== Detailed Description ==
Rebase of Golang package to upcoming version 1.13 in Fedora 31. Golang
1.13 is schedule to be released in Aug.
Due to current nature and state of Go packages, rebuild of dependent
package will be required to pick up the changes.
With this rebase we will slightly deviate from upstream default
config. By setting GOSUMDB=off and GOPROXY=direct, instead of them set
to the default Google's services(or any other provider). This will
still preserve the ability of users to set the nobs to value of their
liking. By setting this we will prevent unintended (personal)
information leaks. There will be no impact on users of the compiler.
== Benefit to Fedora ==
Staying closely behind upstream by providing latest release of golang,
which includes performance improvements and improvements in support
for currently supported platforms among other bug fixes and new
features. For complete list of changes see upstream change notes at
https://tip.golang.org/doc/go1.13 . In result Fedora will be providing
solid development platform for Go language.
== Scope ==
* Proposal owners: Rebase golang package in f31, help with resolving
possible issues found during package rebuilds.
* Other developers: fix possible issues with help from golang maintainers
* Release engineering: Rebuild of dependent packages as part of
planned mass-rebuild. https://pagure.io/releng/issue/8481
* Policies and guidelines: N/A
* Trademark approval: N/A
== Upgrade/compatibility impact ==
None
== How To Test ==
;0.
:a)Install golang 1.13 from rawhide and use it to build your
application(s)/package(s).
:b)Scratch build against rawhide.
;1.
:Your application/package built using golang 1.13 should work as expected.
== User Experience ==
None
== Dependencies ==
(see wiki page)
Not all of listed require re-build as they might not ship binaries.
== Contingency Plan ==
* Contingency mechanism:Reverting to golang version 1.12.X if
significatnt issues are discovered.
* Contingency deadline: Beta Freeze(?)
* Blocks release? No
* Blocks product? No
== Documentation ==
https://tip.golang.org/doc/go1.13
--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
[USN-4036-1] OpenStack Neutron vulnerability
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJLIACgkQZWnYVadE
vpPezA//fpQ8neIwx7H5Fy9ULTZ9TgkX+FY0fukMQweu0FoMptDbW9JyHGZYBlfi
6xHzqOhGjPFS+GtWOTpIWpJaDZc6iTjJzAgfWlkn/lZlCVxMBGYN1fBxMW5heF5m
ENQ2sKbiOoxCasXn6pTxj0C9JmNpk54LEGjLMzYn3HXS3g4ZU9pjgOrW47kTUfnX
0m9pK9iiKgZ7XAj1Pwd8hTlzTze0SRgFGecbmJy7Izq82X6VVyOBPJoiTn1ZOKXX
Rh3w/wODIttoM8p1GlZIgI2CQ2gbdNTDB8Jzy/iphQ/q01Kg89COFZoc5noYEeP4
Pbyymjd++7/ukbu8fJW7trq3ivK3NREId8HHoIkJQj6vPE5lG7kYYtWGYGBM9Y7N
ub4dQyVkj3a7MM1bXPIFiz8vy8jdb8r7Jeg53fKFmMKpdlqKyUH4zr4w3bWMKmlL
qjlS16CsT6wiUWo6OAUCa9844km4bIDp3197WgxizVLSJ2b7Kjk9wEkKEWOtFJAF
HPSQzPuAmW+9OurIT7qGAv/FU7exGOoXc1XsdGGDoFx6HvzHqANBAFmFPp+TKlt7
ruozG6K7iwGgvK5AXkoP7PGb2g+Eh8kvDy7qxS3+AuMiX4cHqGTrGY/jPO5a+mlE
79nqnL3MhRF0ndOaCGswnX9vXoMcN4/JjuC2+ICezJwCwcPP6qs=
=fuFL
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4036-1
June 25, 2019
neutron vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
A system hardening measure could be bypassed.
Software Description:
- neutron: OpenStack Virtual Network Service
Details:
Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly
handled certain security group rules in the iptables firewall module. An
authenticated attacker could possibly use this issue to block further
application of security group rules for other instances.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
python-neutron 2:13.0.2-0ubuntu3.4
python3-neutron 2:13.0.2-0ubuntu3.4
Ubuntu 16.04 LTS:
python-neutron 2:8.4.0-0ubuntu7.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4036-1
CVE-2019-9735
Package Information:
https://launchpad.net/ubuntu/+source/neutron/2:13.0.2-0ubuntu3.4
https://launchpad.net/ubuntu/+source/neutron/2:8.4.0-0ubuntu7.4
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJLIACgkQZWnYVadE
vpPezA//fpQ8neIwx7H5Fy9ULTZ9TgkX+FY0fukMQweu0FoMptDbW9JyHGZYBlfi
6xHzqOhGjPFS+GtWOTpIWpJaDZc6iTjJzAgfWlkn/lZlCVxMBGYN1fBxMW5heF5m
ENQ2sKbiOoxCasXn6pTxj0C9JmNpk54LEGjLMzYn3HXS3g4ZU9pjgOrW47kTUfnX
0m9pK9iiKgZ7XAj1Pwd8hTlzTze0SRgFGecbmJy7Izq82X6VVyOBPJoiTn1ZOKXX
Rh3w/wODIttoM8p1GlZIgI2CQ2gbdNTDB8Jzy/iphQ/q01Kg89COFZoc5noYEeP4
Pbyymjd++7/ukbu8fJW7trq3ivK3NREId8HHoIkJQj6vPE5lG7kYYtWGYGBM9Y7N
ub4dQyVkj3a7MM1bXPIFiz8vy8jdb8r7Jeg53fKFmMKpdlqKyUH4zr4w3bWMKmlL
qjlS16CsT6wiUWo6OAUCa9844km4bIDp3197WgxizVLSJ2b7Kjk9wEkKEWOtFJAF
HPSQzPuAmW+9OurIT7qGAv/FU7exGOoXc1XsdGGDoFx6HvzHqANBAFmFPp+TKlt7
ruozG6K7iwGgvK5AXkoP7PGb2g+Eh8kvDy7qxS3+AuMiX4cHqGTrGY/jPO5a+mlE
79nqnL3MhRF0ndOaCGswnX9vXoMcN4/JjuC2+ICezJwCwcPP6qs=
=fuFL
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4036-1
June 25, 2019
neutron vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
A system hardening measure could be bypassed.
Software Description:
- neutron: OpenStack Virtual Network Service
Details:
Erik Olof Gunnar Andersson discovered that OpenStack Neutron incorrectly
handled certain security group rules in the iptables firewall module. An
authenticated attacker could possibly use this issue to block further
application of security group rules for other instances.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
python-neutron 2:13.0.2-0ubuntu3.4
python3-neutron 2:13.0.2-0ubuntu3.4
Ubuntu 16.04 LTS:
python-neutron 2:8.4.0-0ubuntu7.4
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4036-1
CVE-2019-9735
Package Information:
https://launchpad.net/ubuntu/+source/neutron/2:13.0.2-0ubuntu3.4
https://launchpad.net/ubuntu/+source/neutron/2:8.4.0-0ubuntu7.4
[USN-4037-1] policykit-desktop-privileges update
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJMIACgkQZWnYVadE
vpPW6w//TdYE14X7MtEnooS9YHIKu/zSpqwSWxMgePhz6zWkRZiXzLunY3Ce3rig
o01wy6yex9TKl3vA9PGplpzRxbTBiyn8F9rw2ZkZhfSjbPeb/FPvS/uulFRONd1K
7WTWjV50Xbu+GwxQF1f7XLHwybKsy6P+m25y6J7dDNkAR7ZivDAiSbpAKlCgfI9M
6t3sVFJffJQc0gGxt8/k9AcVI2c6sfZutd9tgZRXesczttQxRXa2xifXwL3SKgeP
tDe93Ej7Rn5vC+hYKHOmU5gBz7rptPrb0y+DgprndcfyRVckkwNaVISQseysaYCm
84ZtIbCoH0VqPcPLOOp1BUsOVnbGvQ721r8ptdn299+0SgwIuIhUhrSvP/Q7/V56
C/WugkycmetDEw0mLLfB5MXg05fhXuzi7CZfqjVCEhPVxJlTEJRqj2P/MTklXAUo
bLbyXMa+DuO1L9/FvNc0qjlrxgUyeB6AUYqqhD+HsIyYKVqrdwnrlGnCtpVh2iCC
Cw606Ek35I6bhYNYOW+mMu1Lhavp63Xcx/YOJLYncLhvxHWhGLvAVauIF98SkIsa
CUesHEkoTAu1vbxQIr/GZmt32yfyEVhTi4BSxAF0dydI3LTYxLxDE3M5WXUqY9pZ
OC8siY3kjKQFKmgTGa9qA9XnR09jfLHQ/8m9g2p4/F+WjvJXlHw=
=7tPH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4037-1
June 25, 2019
policykit-desktop-privileges update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
A security improvement has been made to policykit-desktop-privileges.
Software Description:
- policykit-desktop-privileges: run common desktop actions without password
Details:
The policykit-desktop-privileges Startup Disk Creator policy allowed
administrative users to overwrite disks. As a security improvement, this
operation now requires authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
policykit-desktop-privileges 0.20ubuntu19.04.1
Ubuntu 18.10:
policykit-desktop-privileges 0.20ubuntu18.10.1
Ubuntu 18.04 LTS:
policykit-desktop-privileges 0.20ubuntu18.04.1
Ubuntu 16.04 LTS:
policykit-desktop-privileges 0.20ubuntu16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4037-1
https://launchpad.net/bugs/1832337
Package Information:
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu19.04.1
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu18.10.1
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu18.04.1
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu16.04.1
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJMIACgkQZWnYVadE
vpPW6w//TdYE14X7MtEnooS9YHIKu/zSpqwSWxMgePhz6zWkRZiXzLunY3Ce3rig
o01wy6yex9TKl3vA9PGplpzRxbTBiyn8F9rw2ZkZhfSjbPeb/FPvS/uulFRONd1K
7WTWjV50Xbu+GwxQF1f7XLHwybKsy6P+m25y6J7dDNkAR7ZivDAiSbpAKlCgfI9M
6t3sVFJffJQc0gGxt8/k9AcVI2c6sfZutd9tgZRXesczttQxRXa2xifXwL3SKgeP
tDe93Ej7Rn5vC+hYKHOmU5gBz7rptPrb0y+DgprndcfyRVckkwNaVISQseysaYCm
84ZtIbCoH0VqPcPLOOp1BUsOVnbGvQ721r8ptdn299+0SgwIuIhUhrSvP/Q7/V56
C/WugkycmetDEw0mLLfB5MXg05fhXuzi7CZfqjVCEhPVxJlTEJRqj2P/MTklXAUo
bLbyXMa+DuO1L9/FvNc0qjlrxgUyeB6AUYqqhD+HsIyYKVqrdwnrlGnCtpVh2iCC
Cw606Ek35I6bhYNYOW+mMu1Lhavp63Xcx/YOJLYncLhvxHWhGLvAVauIF98SkIsa
CUesHEkoTAu1vbxQIr/GZmt32yfyEVhTi4BSxAF0dydI3LTYxLxDE3M5WXUqY9pZ
OC8siY3kjKQFKmgTGa9qA9XnR09jfLHQ/8m9g2p4/F+WjvJXlHw=
=7tPH
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4037-1
June 25, 2019
policykit-desktop-privileges update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
A security improvement has been made to policykit-desktop-privileges.
Software Description:
- policykit-desktop-privileges: run common desktop actions without password
Details:
The policykit-desktop-privileges Startup Disk Creator policy allowed
administrative users to overwrite disks. As a security improvement, this
operation now requires authentication.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
policykit-desktop-privileges 0.20ubuntu19.04.1
Ubuntu 18.10:
policykit-desktop-privileges 0.20ubuntu18.10.1
Ubuntu 18.04 LTS:
policykit-desktop-privileges 0.20ubuntu18.04.1
Ubuntu 16.04 LTS:
policykit-desktop-privileges 0.20ubuntu16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4037-1
https://launchpad.net/bugs/1832337
Package Information:
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu19.04.1
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu18.10.1
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu18.04.1
https://launchpad.net/ubuntu/+source/policykit-desktop-privileges/0.20ubuntu16.04.1
[USN-4035-1] Ceph vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJJ4ACgkQZWnYVadE
vpNiEg/8CX2Ymvluuwf7yyViHAO45xaI86kl90i4SiPjndN6RNhZ3KfA8KyX/Dol
2ABrEdZQCmTCX9RUzcS1MekhHT7MzQjBvRizq4v+c7OZHI9H1OwjcDftP+bYqX26
TRYhS/2HBIFK1OgpeAeIa8NlOh6rZ5foc90caiAjyV6TfkdRkjoGFoaU2RBGIpSl
2+Xf/dG456rNKC8+bfVIVDb1KmpUVWd3LhvktXJkyNaOoWugb3FLEKFPA3/YUiXg
eVFWp/Q09T4cGkrERaTZyz9WNMT+3vvyxbq9QXRcjfDkb1eAV17oTrSm69gWnCDJ
inx4osYZzJiE+EEqzThbscU3vjKjH7l5VOKOFO90X7hNN8gnG6+Gfc7JDvhJwoq2
id9++bxQ4sXK8xk9JG53I4AFIUgMYr3mA7wh9dG/GfBSV6sM0NoV5iryXytAfDEf
y6UXthXQON9OdU73Vqw/6/fulZMh0p40Zsn4MwfuFQ/9GQmp678W1Gty2lFBntfg
KJ0l9UV2Eg8hTsJKrbxCw9geCfJx2tmsP8VE8AB/xwYuAW/EQeu4T8IFsNzbZPQE
AdAB47tU/KPZHA2G+6Zyj/Fos8hcmXfztySsqGXbH7iyJmLGLQ/YkDWV+AeMaHuL
RlT7iv3RhmCYzJaZ+D66ctvJ/3+uyILMsvm7/1k21+1fyp0NIlo=
=voua
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4035-1
June 25, 2019
ceph vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
It was discovered that Ceph incorrectly handled read only permissions. An
authenticated attacker could use this issue to obtain dm-crypt encryption
keys. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-14662)
It was discovered that Ceph incorrectly handled certain OMAPs holding
bucket indices. An authenticated attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-16846)
It was discovered that Ceph incorrectly sanitized certain debug logs. A
local attacker could possibly use this issue to obtain encryption key
information. This issue was only addressed in Ubuntu 18.10 and Ubuntu
19.04. (CVE-2018-16889)
It was discovered that Ceph incorrectly handled certain civetweb requests.
A remote attacker could possibly use this issue to consume resources,
leading to a denial of service. This issue only affected Ubuntu 18.10 and
Ubuntu 19.04. (CVE-2019-3821)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
ceph 13.2.4+dfsg1-0ubuntu2.1
ceph-common 13.2.4+dfsg1-0ubuntu2.1
Ubuntu 18.10:
ceph 13.2.4+dfsg1-0ubuntu0.18.10.2
ceph-common 13.2.4+dfsg1-0ubuntu0.18.10.2
Ubuntu 16.04 LTS:
ceph 10.2.11-0ubuntu0.16.04.2
ceph-common 10.2.11-0ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4035-1
CVE-2018-14662, CVE-2018-16846, CVE-2018-16889, CVE-2019-3821
Package Information:
https://launchpad.net/ubuntu/+source/ceph/13.2.4+dfsg1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/ceph/13.2.4+dfsg1-0ubuntu0.18.10.2
https://launchpad.net/ubuntu/+source/ceph/10.2.11-0ubuntu0.16.04.2
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJJ4ACgkQZWnYVadE
vpNiEg/8CX2Ymvluuwf7yyViHAO45xaI86kl90i4SiPjndN6RNhZ3KfA8KyX/Dol
2ABrEdZQCmTCX9RUzcS1MekhHT7MzQjBvRizq4v+c7OZHI9H1OwjcDftP+bYqX26
TRYhS/2HBIFK1OgpeAeIa8NlOh6rZ5foc90caiAjyV6TfkdRkjoGFoaU2RBGIpSl
2+Xf/dG456rNKC8+bfVIVDb1KmpUVWd3LhvktXJkyNaOoWugb3FLEKFPA3/YUiXg
eVFWp/Q09T4cGkrERaTZyz9WNMT+3vvyxbq9QXRcjfDkb1eAV17oTrSm69gWnCDJ
inx4osYZzJiE+EEqzThbscU3vjKjH7l5VOKOFO90X7hNN8gnG6+Gfc7JDvhJwoq2
id9++bxQ4sXK8xk9JG53I4AFIUgMYr3mA7wh9dG/GfBSV6sM0NoV5iryXytAfDEf
y6UXthXQON9OdU73Vqw/6/fulZMh0p40Zsn4MwfuFQ/9GQmp678W1Gty2lFBntfg
KJ0l9UV2Eg8hTsJKrbxCw9geCfJx2tmsP8VE8AB/xwYuAW/EQeu4T8IFsNzbZPQE
AdAB47tU/KPZHA2G+6Zyj/Fos8hcmXfztySsqGXbH7iyJmLGLQ/YkDWV+AeMaHuL
RlT7iv3RhmCYzJaZ+D66ctvJ/3+uyILMsvm7/1k21+1fyp0NIlo=
=voua
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4035-1
June 25, 2019
ceph vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ceph.
Software Description:
- ceph: distributed storage and file system
Details:
It was discovered that Ceph incorrectly handled read only permissions. An
authenticated attacker could use this issue to obtain dm-crypt encryption
keys. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-14662)
It was discovered that Ceph incorrectly handled certain OMAPs holding
bucket indices. An authenticated attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 16.04 LTS.
(CVE-2018-16846)
It was discovered that Ceph incorrectly sanitized certain debug logs. A
local attacker could possibly use this issue to obtain encryption key
information. This issue was only addressed in Ubuntu 18.10 and Ubuntu
19.04. (CVE-2018-16889)
It was discovered that Ceph incorrectly handled certain civetweb requests.
A remote attacker could possibly use this issue to consume resources,
leading to a denial of service. This issue only affected Ubuntu 18.10 and
Ubuntu 19.04. (CVE-2019-3821)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
ceph 13.2.4+dfsg1-0ubuntu2.1
ceph-common 13.2.4+dfsg1-0ubuntu2.1
Ubuntu 18.10:
ceph 13.2.4+dfsg1-0ubuntu0.18.10.2
ceph-common 13.2.4+dfsg1-0ubuntu0.18.10.2
Ubuntu 16.04 LTS:
ceph 10.2.11-0ubuntu0.16.04.2
ceph-common 10.2.11-0ubuntu0.16.04.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4035-1
CVE-2018-14662, CVE-2018-16846, CVE-2018-16889, CVE-2019-3821
Package Information:
https://launchpad.net/ubuntu/+source/ceph/13.2.4+dfsg1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/ceph/13.2.4+dfsg1-0ubuntu0.18.10.2
https://launchpad.net/ubuntu/+source/ceph/10.2.11-0ubuntu0.16.04.2
[USN-4034-1] ImageMagick vulnerabilities
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJIkACgkQZWnYVadE
vpOBjBAAotlbPkuuuvzmzYU/FU3sTS2ogJ2S3i+Zw3nWDyJH41rRw1/kI0+smyyu
vGg1AkvfMllHAAPm8yj1gCI1BJlCubpQsajNQGRY/zwjOHO+c7acru9vfdD7vA+E
Kjz+10/oSwD8cQs+Qc/IIel2+dyhvTNmnxXf5bd1DK6L0dMU+7dnQmKA1kirax3E
bLI4ZK6FPm9EWa2h351Oy+oVoummPmA21kMksHtymBy3yqlyVluvkDhceqCKSRCR
EMYbYe1o11ZlR27td3oBbP0RiA6loVJ3EW6Md1GjCbQSzoXySi8c6fxSqQpbij90
0ssoFdQiAM5vFTTyhZDcy7QYN0h5DQGrvG4myM16Nv+IjRG2mBd2kGTmv5kCvx9c
K+VersNRM1WHJkCNOLELehSefl42UPGYSb720k6k83lJruvQwFbjpljFSsfJPNEr
XM9PhZZJUrImnxczBQRVG6T29O853a7AKL439Tb8l1znpfK12djzPxsZmkPn315q
NHLyk3YWJwsxYgtz2xdlWQASCv3yc6MtoNVGsewOA6SOjwfZaVj3NEztk6UEMVyx
YxziRKBMDPbEKDtLQ+EG+tYb0/RB83U+J7fqUm5eM2RzqOZUKyy5BeDtvYlkK6qs
sjz5+c0DaJ+4afZDAsz57olz2UoE7ok5V/Cfe0SmGXpqPlClJjI=
=njY5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4034-1
June 25, 2019
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Due to a large number of issues discovered in GhostScript that prevent it
from being used by ImageMagick safely, the update for Ubuntu 18.10 and
Ubuntu 19.04 includes a default policy change that disables support for the
Postscript and PDF formats in ImageMagick. This policy can be overridden if
necessary by using an alternate ImageMagick policy configuration.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
imagemagick 8:6.9.10.14+dfsg-7ubuntu2.2
imagemagick-6.q16 8:6.9.10.14+dfsg-7ubuntu2.2
libmagick++-6.q16-8 8:6.9.10.14+dfsg-7ubuntu2.2
libmagickcore-6.q16-6 8:6.9.10.14+dfsg-7ubuntu2.2
libmagickcore-6.q16-6-extra 8:6.9.10.14+dfsg-7ubuntu2.2
Ubuntu 18.10:
imagemagick 8:6.9.10.8+dfsg-1ubuntu2.2
imagemagick-6.q16 8:6.9.10.8+dfsg-1ubuntu2.2
libmagick++-6.q16-8 8:6.9.10.8+dfsg-1ubuntu2.2
libmagickcore-6.q16-6 8:6.9.10.8+dfsg-1ubuntu2.2
libmagickcore-6.q16-6-extra 8:6.9.10.8+dfsg-1ubuntu2.2
Ubuntu 18.04 LTS:
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.7
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.7
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.7
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.7
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.7
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.14
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.14
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.14
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.14
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.14
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4034-1
CVE-2017-12805, CVE-2017-12806, CVE-2018-14434, CVE-2018-15607,
CVE-2018-16323, CVE-2018-16412, CVE-2018-16413, CVE-2018-16644,
CVE-2018-16645, CVE-2018-17965, CVE-2018-17966, CVE-2018-18016,
CVE-2018-18023, CVE-2018-18024, CVE-2018-18025, CVE-2018-18544,
CVE-2018-20467, CVE-2019-10131, CVE-2019-10649, CVE-2019-10650,
CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598,
CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397,
CVE-2019-7398, CVE-2019-9956
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.14+dfsg-7ubuntu2.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.8+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.7
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.14
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0SJIkACgkQZWnYVadE
vpOBjBAAotlbPkuuuvzmzYU/FU3sTS2ogJ2S3i+Zw3nWDyJH41rRw1/kI0+smyyu
vGg1AkvfMllHAAPm8yj1gCI1BJlCubpQsajNQGRY/zwjOHO+c7acru9vfdD7vA+E
Kjz+10/oSwD8cQs+Qc/IIel2+dyhvTNmnxXf5bd1DK6L0dMU+7dnQmKA1kirax3E
bLI4ZK6FPm9EWa2h351Oy+oVoummPmA21kMksHtymBy3yqlyVluvkDhceqCKSRCR
EMYbYe1o11ZlR27td3oBbP0RiA6loVJ3EW6Md1GjCbQSzoXySi8c6fxSqQpbij90
0ssoFdQiAM5vFTTyhZDcy7QYN0h5DQGrvG4myM16Nv+IjRG2mBd2kGTmv5kCvx9c
K+VersNRM1WHJkCNOLELehSefl42UPGYSb720k6k83lJruvQwFbjpljFSsfJPNEr
XM9PhZZJUrImnxczBQRVG6T29O853a7AKL439Tb8l1znpfK12djzPxsZmkPn315q
NHLyk3YWJwsxYgtz2xdlWQASCv3yc6MtoNVGsewOA6SOjwfZaVj3NEztk6UEMVyx
YxziRKBMDPbEKDtLQ+EG+tYb0/RB83U+J7fqUm5eM2RzqOZUKyy5BeDtvYlkK6qs
sjz5+c0DaJ+4afZDAsz57olz2UoE7ok5V/Cfe0SmGXpqPlClJjI=
=njY5
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-4034-1
June 25, 2019
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
Due to a large number of issues discovered in GhostScript that prevent it
from being used by ImageMagick safely, the update for Ubuntu 18.10 and
Ubuntu 19.04 includes a default policy change that disables support for the
Postscript and PDF formats in ImageMagick. This policy can be overridden if
necessary by using an alternate ImageMagick policy configuration.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
imagemagick 8:6.9.10.14+dfsg-7ubuntu2.2
imagemagick-6.q16 8:6.9.10.14+dfsg-7ubuntu2.2
libmagick++-6.q16-8 8:6.9.10.14+dfsg-7ubuntu2.2
libmagickcore-6.q16-6 8:6.9.10.14+dfsg-7ubuntu2.2
libmagickcore-6.q16-6-extra 8:6.9.10.14+dfsg-7ubuntu2.2
Ubuntu 18.10:
imagemagick 8:6.9.10.8+dfsg-1ubuntu2.2
imagemagick-6.q16 8:6.9.10.8+dfsg-1ubuntu2.2
libmagick++-6.q16-8 8:6.9.10.8+dfsg-1ubuntu2.2
libmagickcore-6.q16-6 8:6.9.10.8+dfsg-1ubuntu2.2
libmagickcore-6.q16-6-extra 8:6.9.10.8+dfsg-1ubuntu2.2
Ubuntu 18.04 LTS:
imagemagick 8:6.9.7.4+dfsg-16ubuntu6.7
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.7
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.7
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.7
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.7
Ubuntu 16.04 LTS:
imagemagick 8:6.8.9.9-7ubuntu5.14
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.14
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.14
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.14
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.14
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4034-1
CVE-2017-12805, CVE-2017-12806, CVE-2018-14434, CVE-2018-15607,
CVE-2018-16323, CVE-2018-16412, CVE-2018-16413, CVE-2018-16644,
CVE-2018-16645, CVE-2018-17965, CVE-2018-17966, CVE-2018-18016,
CVE-2018-18023, CVE-2018-18024, CVE-2018-18025, CVE-2018-18544,
CVE-2018-20467, CVE-2019-10131, CVE-2019-10649, CVE-2019-10650,
CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598,
CVE-2019-7175, CVE-2019-7395, CVE-2019-7396, CVE-2019-7397,
CVE-2019-7398, CVE-2019-9956
Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.14+dfsg-7ubuntu2.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.8+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.7
https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.14
Monday, June 24, 2019
[USN-4033-1] libmysofa vulnerability
==========================================================================
Ubuntu Security Notice USN-4033-1
June 24, 2019
libmysofa vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
Summary:
libmysofa could be made to crash if it received specially crafted
input.
Software Description:
- libmysofa: library to read HRTFs stored in the AES69-2015 SOFA format
Details:
It was discovered that a libmysofa component does not properly validate
multiplications and additions, and may crash with some specific input.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libmysofa0 0.6~dfsg0-2ubuntu0.19.04.1
Ubuntu 18.10:
libmysofa0 0.6~dfsg0-2ubuntu0.18.10.1
Ubuntu 18.04 LTS:
libmysofa0 0.6~dfsg0-2ubuntu0.18.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4033-1
CVE-2019-10672
Package Information:
https://launchpad.net/ubuntu/+source/libmysofa/0.6~dfsg0-2ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libmysofa/0.6~dfsg0-2ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/libmysofa/0.6~dfsg0-2ubuntu0.18.04.1
Ubuntu Security Notice USN-4033-1
June 24, 2019
libmysofa vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
Summary:
libmysofa could be made to crash if it received specially crafted
input.
Software Description:
- libmysofa: library to read HRTFs stored in the AES69-2015 SOFA format
Details:
It was discovered that a libmysofa component does not properly validate
multiplications and additions, and may crash with some specific input.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libmysofa0 0.6~dfsg0-2ubuntu0.19.04.1
Ubuntu 18.10:
libmysofa0 0.6~dfsg0-2ubuntu0.18.10.1
Ubuntu 18.04 LTS:
libmysofa0 0.6~dfsg0-2ubuntu0.18.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4033-1
CVE-2019-10672
Package Information:
https://launchpad.net/ubuntu/+source/libmysofa/0.6~dfsg0-2ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libmysofa/0.6~dfsg0-2ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/libmysofa/0.6~dfsg0-2ubuntu0.18.04.1
[CentOS-announce] CEEA-2019:1341 CentOS 7 python-adal Enhancement Update
CentOS Errata and Enhancement Advisory 2019:1341
Upstream details at : https://access.redhat.com/errata/RHEA-2019:1341
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
fe2663af350f36f79fa0673c451db5bd8d7561af969af0e617c280053c218158 python-adal-0.6.0-0.el7_6.1.noarch.rpm
Source:
0ba40817dc6bce65e3a74ba1bbe2c0f2206aaf815b71628aaaca6cea6ba3f9e3 python-adal-0.6.0-0.el7_6.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHEA-2019:1341
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
fe2663af350f36f79fa0673c451db5bd8d7561af969af0e617c280053c218158 python-adal-0.6.0-0.el7_6.1.noarch.rpm
Source:
0ba40817dc6bce65e3a74ba1bbe2c0f2206aaf815b71628aaaca6cea6ba3f9e3 python-adal-0.6.0-0.el7_6.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2019:1343 CentOS 7 python-msrestazure Enhancement Update
CentOS Errata and Enhancement Advisory 2019:1343
Upstream details at : https://access.redhat.com/errata/RHEA-2019:1343
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
bb04c8e22fe081c7d22a3a7df9c856608ce3ed71dff58ef7315d209e967ad962 python-msrestazure-0.5.1-0.el7_6.1.noarch.rpm
Source:
151d5558178b7f72f58f23898ad5a6b8354a4d3ff2cd3aed5e9d993d692d3bef python-msrestazure-0.5.1-0.el7_6.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHEA-2019:1343
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
bb04c8e22fe081c7d22a3a7df9c856608ce3ed71dff58ef7315d209e967ad962 python-msrestazure-0.5.1-0.el7_6.1.noarch.rpm
Source:
151d5558178b7f72f58f23898ad5a6b8354a4d3ff2cd3aed5e9d993d692d3bef python-msrestazure-0.5.1-0.el7_6.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEEA-2019:1342 CentOS 7 python-msrest Enhancement Update
CentOS Errata and Enhancement Advisory 2019:1342
Upstream details at : https://access.redhat.com/errata/RHEA-2019:1342
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
2b7707efdd4389d9360b8675b65ecec0961d8e3a9497ba767c225cffcfcb68ee python-msrest-0.5.4-0.el7_6.1.noarch.rpm
Source:
cf71c5558af8fd15aaf4f88c10606b8211a1c4f867be1eb54a66904430ec6776 python-msrest-0.5.4-0.el7_6.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHEA-2019:1342
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
2b7707efdd4389d9360b8675b65ecec0961d8e3a9497ba767c225cffcfcb68ee python-msrest-0.5.4-0.el7_6.1.noarch.rpm
Source:
cf71c5558af8fd15aaf4f88c10606b8211a1c4f867be1eb54a66904430ec6776 python-msrest-0.5.4-0.el7_6.1.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Subscribe to:
Posts (Atom)