Unix News Tutorials Events and Stuff: February 2022

Monday, February 28, 2022

FreeBSD 12.2 end-of-life

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear FreeBSD community,

On March 31, 2022, FreeBSD 12.2 will reach end-of-life and will no longer be
supported by the FreeBSD Security Team. Users of FreeBSD 12.2 are strongly
encouraged to upgrade to a newer release as soon as possible.

After March 31, the supported branches and releases and their expected
end-of-life dates are:

+--------------------------------------------------------------------------+
| Branch | Release | Release Date | Expected EoL |
+-------------+--------------+-------------------+-------------------------+
| stable/13 | N/A | N/A | January 31, 2026 |
+-------------+--------------+-------------------+-------------------------+
| releng/13.0 | 13.0-RELEASE | April 13, 2021 | 13.1-RELEASE + 3 months |
+-------------+--------------+-------------------+-------------------------+
| stable/12 | N/A | N/A | June 30, 2024 |
+-------------+--------------+-------------------+-------------------------+
| releng/12.3 | 12.3-RELEASE | December 7, 2021 | 12.4-RELEASE + 3 months |
+--------------------------------------------------------------------------+

Please refer to https://security.freebsd.org/ for an up-to-date list of
supported releases and the latest security advisories.

- --
The FreeBSD Security Team
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIdoi0ACgkQ05eS9J6n
5cJnfA/+K3AT+vRR2lT3X5qJvJzRzR4XXW0Eo+dscPV6skHB/buomc38Ec5s0eXm
p8hec6KA6yfd3yLhhKR/pi+74t9bYcWvTRuq2YmIvjnpqXv1Cy2UC6E2N1xoeays
aCFvUjy1ibkE457Fr/dyvCBkFwOrXZ3wccP51U7hXQhehap2XxhQQQX9RSIlDl/6
FOLtjJGJ4W5hljyGjXpSFTBYem8iD0bvSDEBCjL9aFNviJ0f4YCV9T3OHEuoTVVQ
i8vj+/Lipwzl4NUh5PtQngyQ8gL00OMpA/vAmsfTAyg3rR29LnZ9aMPng1T5ZkeD
GxmDmYRan7daUpF7mr0BR8NmWcluopGOajqT84WgwasJk6labAmTOU9BJ/cfK5uW
yKI/zgKTwvWFPc1FCImG/SEGk62klxps5pVUbsF5FU2qFxQkddnz2Y78nu+t9Nab
AzSu0WYzbrs6z3kekHjDKeYf8OLpW0x3UgN4PPp1MPR9+JI0lUaQEwWcIq9+NS8u
FOlcf6ZTReXbXFTCWpmiiyNKs+PO/psSFQNMLAPt1WYiRjnD5n/52vssBM8a3mKK
8QcGO2inbqhzvACMnHF/IsO7ryUx8ZOSzig9pt5kqigbeR1pUnR1U9+ir74AfsMR
YOC5W4kLfJrg0Ra26Gx6CrudvhXSqTxKR8Hp/9rArROPJljIUgc=
=6TSH
-----END PGP SIGNATURE-----

List of long term FTBFS packages to be retired tomorrow

Dear maintainers.

Based on the current fail to build from source policy, the following packages
should be retired from Fedora 36 approximately one week before branching.

However, 5 weekly reminders are required and I forgot to start this sooner,
hence the retirement will happen tomorrow, i.e. March 1st 2022.
Since this is after the Beta Freeze,
I will skip retiring components with depending packages.
Such components (if any) will be retired during the next release cycle,
and are included in this report for completeness.

Policy:
https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails_to_install/

The packages in rawhide were not successfully built at least since Fedora 33.

This report is based on dist tags.

Packages collected via:
https://github.com/hroncok/fedora-report-ftbfs-retirements/blob/master/ftbfs-retirements.ipynb

If you see a package that was built, please let me know.
If you see a package that should be exempted from the process, please let me
know and we can work together to get a FESCo approval for that.

If you see a package that can be rebuilt, please do so.

Package (co)maintainers
==========================================================================
libicu65 pwalter
rubygem-cucumber-rails orphan
rubygem-sup dcallagh, jaruga, ruby-packagers-sig, shreyankg
tmux-top ttomecek

All listed packages are leaf packages, nothing depends on them.

Affected (co)maintainers
dcallagh: rubygem-sup
jaruga: rubygem-sup
pwalter: libicu65
ruby-packagers-sig: rubygem-sup
shreyankg: rubygem-sup
ttomecek: tmux-top

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[USN-5309-1] virglrenderer vulnerabilities

==========================================================================
Ubuntu Security Notice USN-5309-1
February 28, 2022

virglrenderer vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in virglrenderer.

Software Description:
- virglrenderer: virtual GPU for KVM virtualization

Details:

It was discovered that virglrenderer incorrectly handled memory. An
attacker inside a guest could use this issue to cause virglrenderer to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-0135)

It was discovered that virglrenderer incorrectly initialized memory. An
attacker inside a guest could possibly use this issue to obtain sensitive
host information. (CVE-2022-0175)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
libvirglrenderer1 0.8.2-5ubuntu0.21.10.1

Ubuntu 20.04 LTS:
libvirglrenderer1 0.8.2-1ubuntu1.1

After a standard system update you need to restart all virtual machines to
make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5309-1
CVE-2022-0135, CVE-2022-0175

Package Information:
https://launchpad.net/ubuntu/+source/virglrenderer/0.8.2-5ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/virglrenderer/0.8.2-1ubuntu1.1

[USN-5307-1] QEMU vulnerabilities

==========================================================================
Ubuntu Security Notice USN-5307-1
February 28, 2022

qemu vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in QEMU.

Software Description:
- qemu: Machine emulator and virtualizer

Details:

Gaoning Pan discovered that QEMU incorrectly handled the floppy disk
emulator. An attacker inside the guest could use this issue to cause QEMU
to crash, resulting in a denial of service. (CVE-2021-20196)

Gaoning Pan discovered that the QEMU vmxnet3 NIC emulator incorrectly
handled certain values. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service. (CVE-2021-20203)

It was discovered that the QEMU vhost-user GPU device contained several
security issues. An attacker inside the guest could use these issues to
cause QEMU to crash, resulting in a denial of service, leak sensitive
information, or possibly execute arbitrary code. This issue only affected
Ubuntu 21.10. (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546)

It was discovered that QEMU incorrectly handled bulk transfers from SPICE
clients. A remote attacker could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2021-3682)

It was discovered that the QEMU UAS device emulation incorrectly handled
certain stream numbers. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 21.10.
(CVE-2021-3713)

It was discovered that the QEMU virtio-net device incorrectly handled
certain buffer addresses. An attacker inside the guest could use this issue
to cause QEMU to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2021-3748)

It was discovered that the QEMU SCSI device emulation incorrectly handled
certain MODE SELECT commands. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2021-3930)

It was discovered that the QEMU ACPI logic incorrectly handled certain
values. An attacker inside the guest could possibly use this issue to cause
QEMU to crash, resulting in a denial of service. This issue only affected
Ubuntu 21.10. (CVE-2021-4158)

Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that the QEMU
virtiofsd device incorrectly handled permissions when creating files. An
attacker inside the guest could use this issue to create files inside the
directory shared by virtiofs with unintended permissions, possibly allowing
privilege escalation. This issue only affected Ubuntu 21.10.
(CVE-2022-0358)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
qemu-system 1:6.0+dfsg-2expubuntu1.2
qemu-system-arm 1:6.0+dfsg-2expubuntu1.2
qemu-system-mips 1:6.0+dfsg-2expubuntu1.2
qemu-system-misc 1:6.0+dfsg-2expubuntu1.2
qemu-system-ppc 1:6.0+dfsg-2expubuntu1.2
qemu-system-s390x 1:6.0+dfsg-2expubuntu1.2
qemu-system-sparc 1:6.0+dfsg-2expubuntu1.2
qemu-system-x86 1:6.0+dfsg-2expubuntu1.2
qemu-system-x86-microvm 1:6.0+dfsg-2expubuntu1.2
qemu-system-x86-xen 1:6.0+dfsg-2expubuntu1.2

Ubuntu 20.04 LTS:
qemu-system 1:4.2-3ubuntu6.21
qemu-system-arm 1:4.2-3ubuntu6.21
qemu-system-mips 1:4.2-3ubuntu6.21
qemu-system-misc 1:4.2-3ubuntu6.21
qemu-system-ppc 1:4.2-3ubuntu6.21
qemu-system-s390x 1:4.2-3ubuntu6.21
qemu-system-sparc 1:4.2-3ubuntu6.21
qemu-system-x86 1:4.2-3ubuntu6.21
qemu-system-x86-microvm 1:4.2-3ubuntu6.21
qemu-system-x86-xen 1:4.2-3ubuntu6.21

Ubuntu 18.04 LTS:
qemu-system 1:2.11+dfsg-1ubuntu7.39
qemu-system-arm 1:2.11+dfsg-1ubuntu7.39
qemu-system-mips 1:2.11+dfsg-1ubuntu7.39
qemu-system-misc 1:2.11+dfsg-1ubuntu7.39
qemu-system-ppc 1:2.11+dfsg-1ubuntu7.39
qemu-system-s390x 1:2.11+dfsg-1ubuntu7.39
qemu-system-sparc 1:2.11+dfsg-1ubuntu7.39
qemu-system-x86 1:2.11+dfsg-1ubuntu7.39

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5307-1
CVE-2021-20196, CVE-2021-20203, CVE-2021-3544, CVE-2021-3545,
CVE-2021-3546, CVE-2021-3682, CVE-2021-3713, CVE-2021-3748,
CVE-2021-3930, CVE-2021-4158, CVE-2022-0358

Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:6.0+dfsg-2expubuntu1.2
https://launchpad.net/ubuntu/+source/qemu/1:4.2-3ubuntu6.21
https://launchpad.net/ubuntu/+source/qemu/1:2.11+dfsg-1ubuntu7.39

[USN-5306-1] WebKitGTK vulnerabilities

==========================================================================
Ubuntu Security Notice USN-5306-1
February 28, 2022

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
libjavascriptcoregtk-4.0-18 2.34.6-0ubuntu0.21.10.1
libwebkit2gtk-4.0-37 2.34.6-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.34.6-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.34.6-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5306-1
CVE-2022-22589, CVE-2022-22590, CVE-2022-22592

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.6-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.34.6-0ubuntu0.20.04.1

[USN-5305-1] MariaDB vulnerabilities

==========================================================================
Ubuntu Security Notice USN-5305-1
February 28, 2022

mariadb-10.3, mariadb-10.5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in MariaDB.

Software Description:
- mariadb-10.5: MariaDB database
- mariadb-10.3: MariaDB database

Details:

Several security issues were discovered in MariaDB and this update includes
new upstream MariaDB versions to fix these issues.

MariaDB has been updated to 10.3.34 in Ubuntu 20.04 LTS and to 10.5.15 in
Ubuntu 21.10.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
mariadb-server 1:10.5.15-0ubuntu0.21.10.1

Ubuntu 20.04 LTS:
mariadb-server 1:10.3.34-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-5305-1
CVE-2021-46659, CVE-2021-46661, CVE-2021-46663, CVE-2021-46664,
CVE-2021-46665, CVE-2021-46668, CVE-2022-24048, CVE-2022-24050,
CVE-2022-24051, CVE-2022-24052

Package Information:
https://launchpad.net/ubuntu/+source/mariadb-10.5/1:10.5.15-0ubuntu0.21.10.1
https://launchpad.net/ubuntu/+source/mariadb-10.3/1:10.3.34-0ubuntu0.20.04.1

[USN-5304-1] PolicyKit vulnerability

==========================================================================
Ubuntu Security Notice USN-5304-1
February 28, 2022

policykit-1 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

policykit-1 could be made to crash if it received specially crafted data.

Software Description:
- policykit-1: framework for managing administrative policies and privileges

Details:

Kevin Backhouse discovered that PolicyKit incorrectly handled file
descriptors. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
policykit-1 0.105-31ubuntu0.2

Ubuntu 20.04 LTS:
policykit-1 0.105-26ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5304-1
CVE-2021-4115

Package Information:
https://launchpad.net/ubuntu/+source/policykit-1/0.105-31ubuntu0.2
https://launchpad.net/ubuntu/+source/policykit-1/0.105-26ubuntu1.3

[USN-5303-1] PHP vulnerability

==========================================================================
Ubuntu Security Notice USN-5303-1
February 28, 2022

php7.4, php8.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS

Summary:

PHP could be made to crash or run programs if it received specially crafted
input.

Software Description:
- php8.0: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
php8.0-cgi 8.0.8-1ubuntu0.2
php8.0-cli 8.0.8-1ubuntu0.2
php8.0-fpm 8.0.8-1ubuntu0.2

Ubuntu 20.04 LTS:
php7.4-cgi 7.4.3-4ubuntu2.9
php7.4-cli 7.4.3-4ubuntu2.9
php7.4-fpm 7.4.3-4ubuntu2.9

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5303-1
CVE-2021-21708

Package Information:
https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.2
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.9

Friday, February 25, 2022

[CentOS-announce] CESA-2022:0620 Important CentOS 7 kernel Security Update

CentOS Errata and Security Advisory 2022:0620 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2022:0620

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
6652fd59e1328ff5e8f2141d6e091685a4e2cb80366a0f729537fb40a17779b8 bpftool-3.10.0-1160.59.1.el7.x86_64.rpm
f8613e068693df3d5e08f956697ae0b595071f7b8c8bbed307faf9dbadef2a8a kernel-3.10.0-1160.59.1.el7.x86_64.rpm
563fbcd370477439a58af9940298f2c82a2b3a37e487abffaa7f2cc6dc359b31 kernel-abi-whitelists-3.10.0-1160.59.1.el7.noarch.rpm
aa2c7472ee44f9db48646789dbda352a7399c0d9f9e2644db03345bfbf705395 kernel-debug-3.10.0-1160.59.1.el7.x86_64.rpm
c9c2a62c7fb170cc9007afb571d8b9beab632b42aaef2f1461f8ba0a2c5f6d9a kernel-debug-devel-3.10.0-1160.59.1.el7.x86_64.rpm
7e0b3e536d03b5890007813734653bd6fbc40e2af79d298e9448d84e81ea4734 kernel-devel-3.10.0-1160.59.1.el7.x86_64.rpm
dc83e35a513a39a6511e6815dff7c318849b1e9ec3399ac8de14115dd8663f84 kernel-doc-3.10.0-1160.59.1.el7.noarch.rpm
4effc7564fc196a4c6411751bedca4e9e01367a459bcaff78bc6849dc7cf71f5 kernel-headers-3.10.0-1160.59.1.el7.x86_64.rpm
394db1fa5c7f0d2612ba1c758328abe415aa0a5677f936aeeb8f95543e5c4110 kernel-tools-3.10.0-1160.59.1.el7.x86_64.rpm
1427f803b91f38e23ae66e6fb49eb6363167e457e76054fcb63fee011d6763b3 kernel-tools-libs-3.10.0-1160.59.1.el7.x86_64.rpm
b96b6f75231c9bd50c073462605d9aa5494f79623d07db42df2d505c858be737 kernel-tools-libs-devel-3.10.0-1160.59.1.el7.x86_64.rpm
b41d7b6dcc5a7a79787391b203c6f01ca8cc2b821d1918b71d1f1e0fd2182b3c perf-3.10.0-1160.59.1.el7.x86_64.rpm
1bc4e395f855f18adf61d113affcda6539558d534fd9b3ed379bfa03301bb5dd python-perf-3.10.0-1160.59.1.el7.x86_64.rpm

Source:
22a7fcd243b980b8329ddfa80be263adf4f581fff94d6d141812ec52be18dd75 kernel-3.10.0-1160.59.1.el7.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2022:0609 Important CentOS 7 python-pillow Security Update

CentOS Errata and Security Advisory 2022:0609 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2022:0609

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
04aafce3a01a8ef79a286f4b1e46007f4ff2310784c8df59fa21c4b9ef862b84 python-pillow-2.0.0-23.gitd1c6db8.el7_9.i686.rpm
e3787987f77c2d6216bcd7f8b59f521fa32928443f39660b17f98be3f0a684a0 python-pillow-2.0.0-23.gitd1c6db8.el7_9.x86_64.rpm
4c0b51e89a2551de7942fb433c79d0f9aa1a872daee24a3859ba5e6e51888012 python-pillow-devel-2.0.0-23.gitd1c6db8.el7_9.i686.rpm
d14497105b68ae6076141f696ba00d9f42a831aa982b7bbacae503f429464e72 python-pillow-devel-2.0.0-23.gitd1c6db8.el7_9.x86_64.rpm
ddd375eab5397ba731106d9d1a805e9a2c6aa4e504e7487eea4ff54190770885 python-pillow-doc-2.0.0-23.gitd1c6db8.el7_9.x86_64.rpm
ec825c7e726b4f918e38b5d16c4713c4f73534bac35c94b116810482f92134c3 python-pillow-qt-2.0.0-23.gitd1c6db8.el7_9.x86_64.rpm
f204489e33ce1fbb9eeba9986ed191914338380781d4fef1e6cb0b7256570389 python-pillow-sane-2.0.0-23.gitd1c6db8.el7_9.x86_64.rpm
f0b50f270ec1c14903fbb91ed28d0134d984399e67c5cab7709b5de27479c361 python-pillow-tk-2.0.0-23.gitd1c6db8.el7_9.x86_64.rpm

Source:
aad39b58ec09afd368ecd7155e01bd3ad88c77f50488f6e3f715698190c46640 python-pillow-2.0.0-23.gitd1c6db8.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0623 CentOS 7 redhat-support-lib-python BugFix Update

CentOS Errata and Bugfix Advisory 2022:0623

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0623

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
3b04769f0fca70f22717ac8026b0938bb9fbc4229eece6d24f30b72db5e9276d redhat-support-lib-python-0.13.0-0.el7_9.noarch.rpm

Source:
697719120bb6efbeed4d9c245f4f4c5e94111bb427c617e39c1c88fefa932520 redhat-support-lib-python-0.13.0-0.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0623 CentOS 7 redhat-support-tool BugFix Update

CentOS Errata and Bugfix Advisory 2022:0623

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0623

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
6800883f09c022594a86d5e180d107e71cc758c3f5f307af8b151a36b1f98818 redhat-support-tool-0.13.0-0.el7_9.noarch.rpm

Source:
9d8d22599fbf50c7fa8ed83ae55fb1cb4f410ceb6127e82a5cf43ae97fcbf5c4 redhat-support-tool-0.13.0-0.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0617 CentOS 7 mdadm BugFix Update

CentOS Errata and Bugfix Advisory 2022:0617

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0617

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
222af4af29ee9e4dea368547514867dd1734fdc205d9dc9b484dd99e567f4d75 mdadm-4.1-9.el7_9.x86_64.rpm

Source:
852f267e480f812900f4d86636efbbbca88d8a216174850a22111378b5826636 mdadm-4.1-9.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0626 CentOS 7 cloud-init BugFix Update

CentOS Errata and Bugfix Advisory 2022:0626

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0626

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
bbe893457383d81228467a2e58df9d5f1d18cbfd30d4cd35b2c717dc660133b7 cloud-init-19.4-7.el7.centos.6.x86_64.rpm

Source:
bfd230ff659493611aa076e11b11232ccb1a9b2a2684c44616adb4879a828ecb cloud-init-19.4-7.el7.centos.6.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0619 CentOS 7 ipmitool BugFix Update

CentOS Errata and Bugfix Advisory 2022:0619

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0619

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
f17b58dd383483f1592c8c3c0bf814ed80d208d19a254620ec541a14c9f5f144 bmc-snmp-proxy-1.8.18-10.el7_9.noarch.rpm
a52fbf59e2e7f8b7b912ee6fd5be7c84450b3ab1d4cb68690cfc3f306086b817 exchange-bmc-os-info-1.8.18-10.el7_9.noarch.rpm
46fcca6c6687e1d7465d0f99ea219de21f84bde74cc822721a5e55a13bf97a0c ipmitool-1.8.18-10.el7_9.x86_64.rpm

Source:
142da5c1fe71abc60870d87656b9894d94cea3d1a01b1863d14b1f95e92dcc7f ipmitool-1.8.18-10.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2022:0621 Moderate CentOS 7 openldap Security Update

CentOS Errata and Security Advisory 2022:0621 Moderate

Upstream details at : https://access.redhat.com/errata/RHSA-2022:0621

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
7dc75ff8c8c8c6b5a6b9fc8c0b75b9ddaaaff8045fabbd17663a334c27c8b9cb openldap-2.4.44-25.el7_9.i686.rpm
a41884a9bea64c478434afa440f59ad7fb2b3251861261bfa51c4a6142be01f3 openldap-2.4.44-25.el7_9.x86_64.rpm
bc3ad50d23ee3913b90b02ecb46fe4404d8bee5abbbce1bcd8310b15ba6abf16 openldap-clients-2.4.44-25.el7_9.x86_64.rpm
5f4ca284587783143968fcdf3917477a4d6a68b7e9106aa1c96b92591e63a261 openldap-devel-2.4.44-25.el7_9.i686.rpm
39ac6caf2f744acfdea88f8f05d08f1cc0f3ead1b5cc458a36db4d7d5553972f openldap-devel-2.4.44-25.el7_9.x86_64.rpm
ecbcdfc04b53ea64ad8edb3e42271b75385cb3a6087173d58c0d0e9ac5074c56 openldap-servers-2.4.44-25.el7_9.x86_64.rpm
8c1a2436bb9993077d1787d888e9de96eb7d1ce37e361e8ed8f64c131ab0b58e openldap-servers-sql-2.4.44-25.el7_9.x86_64.rpm

Source:
0940a8328082a0e31fa66fa445e00ceed3b0b193619dbe1712371296fbd89583 openldap-2.4.44-25.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2022:0628 Low CentOS 7 389-ds-base Security Update

CentOS Errata and Security Advisory 2022:0628 Low

Upstream details at : https://access.redhat.com/errata/RHSA-2022:0628

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
a4b372b0da7c95c62540dcfd5049d2b4cd05abf59cb373d2a9a94bcdce3472c3 389-ds-base-1.3.10.2-15.el7_9.x86_64.rpm
2cfc157959dd7203260a2f727d8590878e5ebaf061e1f17210e36684e46916d4 389-ds-base-devel-1.3.10.2-15.el7_9.x86_64.rpm
9e9a8ce7cbf019108675746a5f67d8ff853fb0b97c72cbd0f4d38b6dad0c96b7 389-ds-base-libs-1.3.10.2-15.el7_9.x86_64.rpm
fe57c2235944b61957f96287d962dc8a6f63af33aa9a45b6bff9fc30a34862f5 389-ds-base-snmp-1.3.10.2-15.el7_9.x86_64.rpm

Source:
f1ec0c69e1b6123f313a343fb10d4fe8241c5856a1eadf7cd818c1777da29cf2 389-ds-base-1.3.10.2-15.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0627 CentOS 7 sssd BugFix Update

CentOS Errata and Bugfix Advisory 2022:0627

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0627

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
1e9ecb13d56ad5c7fa67acece7a0f89c452b11bad3fc66a7589eb57a67fdb766 libipa_hbac-1.16.5-10.el7_9.12.i686.rpm
a4ed3b8d30ed584009accf96a7436d098f14e555ae10c804f398816146a347e6 libipa_hbac-1.16.5-10.el7_9.12.x86_64.rpm
b4bb4d388af0708a559cf09c5a7fc75ab89a349115729620b72c790f28e7422e libipa_hbac-devel-1.16.5-10.el7_9.12.i686.rpm
07b1856027333bf98a662c1c5c7b92d2391deb1108f57f3ca5b27d6ee192f7a0 libipa_hbac-devel-1.16.5-10.el7_9.12.x86_64.rpm
5acff1ca859e33437e5bba88b3f8e1335360828b81bf51c413327aa84347242d libsss_autofs-1.16.5-10.el7_9.12.x86_64.rpm
8d73e99ddd2060604e1a2bddc4b10b1b92cf6f81b0d2a05a103cebd6d052a316 libsss_certmap-1.16.5-10.el7_9.12.i686.rpm
7d44f440dcfa707ff7ed627fb7b3fb3254742dcf60373b386105ea09f4e14293 libsss_certmap-1.16.5-10.el7_9.12.x86_64.rpm
b9cdab2c69719f6bbf7b533475859fb6f47e37976e9c3f8dc8235fb67f98c995 libsss_certmap-devel-1.16.5-10.el7_9.12.i686.rpm
13c6b2ac5e5019a9debc589efedb039c95513584922436476bdc65f0fa84b5e8 libsss_certmap-devel-1.16.5-10.el7_9.12.x86_64.rpm
4eb469f0ca30f89921cee1b76ff6dd7b1c0025256c9be1d13e2d2c4dfbb1b927 libsss_idmap-1.16.5-10.el7_9.12.i686.rpm
a28c0efdadc06bf5a7278211745c542df980210b991db1532357b48d09b0e233 libsss_idmap-1.16.5-10.el7_9.12.x86_64.rpm
08eccef6a2ce6a06f95c7ad30f3fdd7db91e89b3991bbe05cc786dee1ccc9074 libsss_idmap-devel-1.16.5-10.el7_9.12.i686.rpm
bd426d0e03bbd097435638bf127e0f1c2cd5e3fbaa1161378173491fadba6adb libsss_idmap-devel-1.16.5-10.el7_9.12.x86_64.rpm
26e499c5c940c85a9dc99a8198b266b67825eeb218071c6b6d0848d7e3ba9b92 libsss_nss_idmap-1.16.5-10.el7_9.12.i686.rpm
bc347437d264c256ccfc842e7dd7fc5bfc2649f300c61c63b59dc2676631e404 libsss_nss_idmap-1.16.5-10.el7_9.12.x86_64.rpm
4110581b81ae9c5b81888451ef2d92b364bd02c2919a96ed2f541d4b690b1932 libsss_nss_idmap-devel-1.16.5-10.el7_9.12.i686.rpm
cb8ea18480b29a851f5294a367ac6b15344338149139ef7f7230a7888c960c7d libsss_nss_idmap-devel-1.16.5-10.el7_9.12.x86_64.rpm
57060ad1d840d5c5b714fe83a3d14486758cf9d186bea54eeb40b00a53427f02 libsss_simpleifp-1.16.5-10.el7_9.12.i686.rpm
87fe3fb7cde1d8eee7a0811446e9f57ce979666bc9e6e29ac3cc9efc60d86d02 libsss_simpleifp-1.16.5-10.el7_9.12.x86_64.rpm
3494247306924b94b55f3da45af759539e2b9710c85996ca25ee2b838ccaf8d9 libsss_simpleifp-devel-1.16.5-10.el7_9.12.i686.rpm
c5cb7460760e2885f04cef6e4c190e295bc38c25d8654fc325e8b08c5f835ffd libsss_simpleifp-devel-1.16.5-10.el7_9.12.x86_64.rpm
7d581bf8155fdcfdd7570ca3bd524e4ab64b42a8bcbfe776cc2d97ca9fd25264 libsss_sudo-1.16.5-10.el7_9.12.x86_64.rpm
0fb81dae84cc52ddf4eb6a080d15e4a750ae48a9057d60e0322152493282eab8 python-libipa_hbac-1.16.5-10.el7_9.12.x86_64.rpm
08d77e2a53f45806fd7b82661a7ef4d17bedadab7f9241768695eafd2d8f6cf0 python-libsss_nss_idmap-1.16.5-10.el7_9.12.x86_64.rpm
e5bbff1b2c6d054cc79f530eb0647fb1a04ec02c79c456548c0d9082b4d41037 python-sss-1.16.5-10.el7_9.12.x86_64.rpm
e29dd1c6d36379f2cd4d51b34af58306f6334f7eef664b48361f0e5833bb90a7 python-sssdconfig-1.16.5-10.el7_9.12.noarch.rpm
463481903ff9ac36f08f2d63e5bce0da7c84afc7274e5f35ea4d39f73cc6873e python-sss-murmur-1.16.5-10.el7_9.12.x86_64.rpm
3579555a0a1408bf0ffc0c41aa84d2045a42a0fc9536c5b03f837ea3080086a2 sssd-1.16.5-10.el7_9.12.x86_64.rpm
9d64772c1a50450f231fb3e75179eecc94b9aa1ff2a18fe00a4322da5b873623 sssd-ad-1.16.5-10.el7_9.12.x86_64.rpm
3f9b0f657dd2581e1dd7b33d31ff3179c309539c7fadc4275ca679411bbd4f7d sssd-client-1.16.5-10.el7_9.12.i686.rpm
4abd16c4ab5141d33e867b7f35275398808b6ec6c8b49a01a8fe2836089ca1ed sssd-client-1.16.5-10.el7_9.12.x86_64.rpm
4501c2327452af05f97c309a9269b764df7c26f9118e1c6cc2594f1660aefb89 sssd-common-1.16.5-10.el7_9.12.x86_64.rpm
00685f713fa548fd7e60ef95a370789739c4ef8bf55c1102f6d251548a251ed2 sssd-common-pac-1.16.5-10.el7_9.12.x86_64.rpm
8a5fd0b970dc3eb282790ae8ea380ab02a73599a63846085865e041e8624d19b sssd-dbus-1.16.5-10.el7_9.12.x86_64.rpm
f1543bd7c42d040f29b768234c950b37aba8c48f0e6347079bc3d83cd152f2b5 sssd-ipa-1.16.5-10.el7_9.12.x86_64.rpm
f30bed050378d0ff2aec7c2fe523d1b6505bc116cce61a59687efe5e1d2a0014 sssd-kcm-1.16.5-10.el7_9.12.x86_64.rpm
9a755fccab500090f9f294ce722c9245f42f0f67ffbc27667a08f8c94f0e706b sssd-krb5-1.16.5-10.el7_9.12.x86_64.rpm
fdc3d5723bc3c1ed88713853d0c264f40ff05adf61533cdf99fc13598c015d19 sssd-krb5-common-1.16.5-10.el7_9.12.x86_64.rpm
a8405254acf23fb0843ab4e7c57f3684eb7ec1a6feb932b5dd00185927c7d7ad sssd-ldap-1.16.5-10.el7_9.12.x86_64.rpm
5a97b7da594519145c772a191ec16781f3e65f7befa1cb1697ae9bae09c6be3e sssd-libwbclient-1.16.5-10.el7_9.12.x86_64.rpm
250a28dac3da0fc3f250e7d3e7690254c46a1dd5d2663f2573ba5efdae5e0909 sssd-libwbclient-devel-1.16.5-10.el7_9.12.i686.rpm
ecfb16cf527793f6ec8118a181cf88df17babbdd3805563e4cd5e75bfa4846d1 sssd-libwbclient-devel-1.16.5-10.el7_9.12.x86_64.rpm
90ee404ae7f217e125818a3a078d8727a3d722574a1fe488df803a8e74e702b8 sssd-polkit-rules-1.16.5-10.el7_9.12.x86_64.rpm
67a0b1ce4f650123760a584297eade73a87e8a5cd69ee80b0de1e46c6734c7e0 sssd-proxy-1.16.5-10.el7_9.12.x86_64.rpm
bac160608046f1b8a53fee2478c1cf5eacbd98780405257d17db4aa0e88221e9 sssd-tools-1.16.5-10.el7_9.12.x86_64.rpm
31a00a78690dbd25c399c0d6dc257233ed9c90313969f69bafac3ab599e0a3f5 sssd-winbind-idmap-1.16.5-10.el7_9.12.x86_64.rpm

Source:
d052db77060fdb43605dd154465bd4594829a70a46cc74a37b325134bbf1e362 sssd-1.16.5-10.el7_9.12.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0625 CentOS 7 resource-agents BugFix Update

CentOS Errata and Bugfix Advisory 2022:0625

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0625

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
cd0ee0b99212979ff9dd5d920ddf6f8d82ee56bbc646f1e3c3b7e62a102b1186 resource-agents-4.1.1-61.el7_9.15.x86_64.rpm
d2d500ea0189e3f9d7f6ce3102af96d24e0a9a06f89ce42f89346c33e7d48100 resource-agents-aliyun-4.1.1-61.el7_9.15.x86_64.rpm
ce2b479d726968ea27bfbfd9dc3bf20a2ef62e6ab1f4d3b4a0e6d4230a9ef0ec resource-agents-gcp-4.1.1-61.el7_9.15.x86_64.rpm

Source:
c58ee4d67b39ba27fbb2f992f1234d67b80e0145b830513d3a3572aa7fa2a593 resource-agents-4.1.1-61.el7_9.15.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0624 CentOS 7 bind BugFix Update

CentOS Errata and Bugfix Advisory 2022:0624

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0624

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
42b68ad1d87236d5de03de1b7d591b6a993c1067b4bb54558ceaa48a68fff9e1 bind-9.11.4-26.P2.el7_9.9.x86_64.rpm
42ff9328e94163ac1555369afb66d510954eee171420041d8a4d8bcf504fe3f8 bind-chroot-9.11.4-26.P2.el7_9.9.x86_64.rpm
1039cd93e11117af53816432e691fa32ce9f5c6aef8a37f44ed3c7b1291ba097 bind-devel-9.11.4-26.P2.el7_9.9.i686.rpm
7e64442436c5c1978be36615d69bc4f59a79cef4c9a5819e922bc16f290cdc13 bind-devel-9.11.4-26.P2.el7_9.9.x86_64.rpm
56cdf3051f5fd87ff809ab1843192abe235c6093bc0a83213f73bb7ebe2a0f2a bind-export-devel-9.11.4-26.P2.el7_9.9.i686.rpm
bd09bb37e73e22a5b20339a2eafaa7a10698dd1ebf5a8bf4c187d59b68d06a60 bind-export-devel-9.11.4-26.P2.el7_9.9.x86_64.rpm
ebf8758838f5dc246c98cc6f76706eafa07a5083df17f4fbfa2489df5db98458 bind-export-libs-9.11.4-26.P2.el7_9.9.i686.rpm
33233f04e60e9c664a7bf40da5737db125bcf521206e43d06261d80d1b4babe3 bind-export-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
dca184c57d0913cdde1f9f39c446f2cad1f8daa197d290e0f0ee296dc3b345da bind-libs-9.11.4-26.P2.el7_9.9.i686.rpm
3d75be4567f3055d6aa45834620c4fdab40240d0eac958aa3b5401832cf284bb bind-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
5105577688287233ec925ee639d92524c00f6f7490e2c5501c49eeb0f07cd511 bind-libs-lite-9.11.4-26.P2.el7_9.9.i686.rpm
46f776adf7f88106a8e818889463dd616d261bb3462ec68346857a126aee742e bind-libs-lite-9.11.4-26.P2.el7_9.9.x86_64.rpm
ef23d81c590cbf657f32525eaf60a72a65cac4272b7cfa37677546ee5204deb1 bind-license-9.11.4-26.P2.el7_9.9.noarch.rpm
3997f8bf7bec69e2b9fc0ff0a33790347a77cd30140b40f7b9a36ae91591d36e bind-lite-devel-9.11.4-26.P2.el7_9.9.i686.rpm
f59dc733e2e61cc262d571504ef9b62561aab27935f5cc432e2109e165936dac bind-lite-devel-9.11.4-26.P2.el7_9.9.x86_64.rpm
913377ddeda7e9a87688016fb775cfe7ac678ed7b17cab277996497a766e6c67 bind-pkcs11-9.11.4-26.P2.el7_9.9.x86_64.rpm
c0a3bcd41e5beba5e539861177a8ed67f9626d4b21b11ab1b621770a53bf3137 bind-pkcs11-devel-9.11.4-26.P2.el7_9.9.i686.rpm
0f0f20e5079748f9103ff3e0068108043ec9079822de5e46263c2c1f09b6dc0d bind-pkcs11-devel-9.11.4-26.P2.el7_9.9.x86_64.rpm
9e951fe6f09cc5cf1402211e1232a2a92d029d66404daf66003bfc285052a41d bind-pkcs11-libs-9.11.4-26.P2.el7_9.9.i686.rpm
1c0761e63af4f982fec4bf5ddbda7da44c1f6472883839db48386eaaac902785 bind-pkcs11-libs-9.11.4-26.P2.el7_9.9.x86_64.rpm
11e7a9eb9ad854ce3901deb76ff9ab3e462f87d56766b9cda133c1fbcc89d812 bind-pkcs11-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm
4552c0e9031fc5f990a165feb17e2cd243461f760cb80e75769c837d1052f193 bind-sdb-9.11.4-26.P2.el7_9.9.x86_64.rpm
74038c223561306541466c5407569dcc8055567f3cc9a56e7ec106015d2df942 bind-sdb-chroot-9.11.4-26.P2.el7_9.9.x86_64.rpm
ad525efce24792177db9c59af54a5822206dc0ec6f5b18770062ca07e51ac4ca bind-utils-9.11.4-26.P2.el7_9.9.x86_64.rpm

Source:
559f87ad1831a9d2f59e277ebb813e24f8491ae79c16084707f65bcabcbfad43 bind-9.11.4-26.P2.el7_9.9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0616 CentOS 7 sos BugFix Update

CentOS Errata and Bugfix Advisory 2022:0616

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0616

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
1c844415d79cf4e5509e9b7ea70274ecad4b7e52cd6d0810f0df2dda40106afc sos-3.9-5.el7.centos.10.noarch.rpm

Source:
404eccee87cdcfd21706574ec515cf188c8a1f97fff169e2e2edc2cde1781caa sos-3.9-5.el7.centos.10.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CEBA-2022:0518 CentOS 7 java-11-openjdk BugFix Update

CentOS Errata and Bugfix Advisory 2022:0518

Upstream details at : https://access.redhat.com/errata/RHBA-2022:0518

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
17ed16fa6fa0dce15c8b3485e9d01613b70ef05e54ce42b4ead591c57c7f47aa java-11-openjdk-11.0.14.1.1-1.el7_9.i686.rpm
9b6758993720f8e305448717bc270151ffeedba84a7961f0c5e110065eb6f188 java-11-openjdk-11.0.14.1.1-1.el7_9.x86_64.rpm
91265a7a7ea601e581e1e9d0927369baa2509184619fcbfe483ba909db979caa java-11-openjdk-demo-11.0.14.1.1-1.el7_9.i686.rpm
6afa89d1f93f0c18b712d80864bb7c05453680e7c2ef4267277d1a05fc5f3ed5 java-11-openjdk-demo-11.0.14.1.1-1.el7_9.x86_64.rpm
5dc4485c972bd78d1637297056bbcc819f90e800c1681f449d5ab226d2b8772b java-11-openjdk-devel-11.0.14.1.1-1.el7_9.i686.rpm
b1355c30321cdcfe6f3fc6298e8e7995196ed2edc8127aa23cee6fb0def56d65 java-11-openjdk-devel-11.0.14.1.1-1.el7_9.x86_64.rpm
d24b5e95b20420b1e37b28037c9bd5175c6fbfd17e6a78347fb26b2792a126ef java-11-openjdk-headless-11.0.14.1.1-1.el7_9.i686.rpm
d5fa6533d980b7889d1404f6dda42ce2de80411d4079bd78b7ce3257cb36e5de java-11-openjdk-headless-11.0.14.1.1-1.el7_9.x86_64.rpm
4521dde116f75afbb70beca46c5f369e56507e92501cb8051a6caf5aebe62def java-11-openjdk-javadoc-11.0.14.1.1-1.el7_9.i686.rpm
efa7cbf450462d4d95389173c50afbb6786eb202258fbc8ba90ef57e2459561a java-11-openjdk-javadoc-11.0.14.1.1-1.el7_9.x86_64.rpm
7bfed40726a8044b0f0685487bd9f5131499f3c91242720ec1c55565601abd18 java-11-openjdk-javadoc-zip-11.0.14.1.1-1.el7_9.i686.rpm
b5bacd96f28f126743bbc0807bcb665ff0c52ee4b0256b7bcffb9a10f8d18c68 java-11-openjdk-javadoc-zip-11.0.14.1.1-1.el7_9.x86_64.rpm
83d5e8fcf034f22af47eccbbd1c693274a94cfc7afdec007e5cebcb5d3ed2a73 java-11-openjdk-jmods-11.0.14.1.1-1.el7_9.i686.rpm
b82ab048b9697892096528f61737d1713449b0dfdae049f4533ac7d1e469ad0e java-11-openjdk-jmods-11.0.14.1.1-1.el7_9.x86_64.rpm
e2d9e1fc46982332f4c50e35b6e51f62edc6bd78156642b63e2553d404909efa java-11-openjdk-src-11.0.14.1.1-1.el7_9.i686.rpm
e3d2e4fe4672614c07f199cf8ea78ca12ec2e4c5bfee735cbffb6dca84ba91cd java-11-openjdk-src-11.0.14.1.1-1.el7_9.x86_64.rpm
e0d5c3c3503d52c16cbaa1ee54130af69d4b939561a49a2a1591e2049fd69279 java-11-openjdk-static-libs-11.0.14.1.1-1.el7_9.i686.rpm
6b0e694fe0bd25769497d03ebe96ad15e93d707736bcee6eb8e89bae4d0f77c1 java-11-openjdk-static-libs-11.0.14.1.1-1.el7_9.x86_64.rpm

Source:
4b5f866ca2edc5e67a55035193d83186f769979106690b8a32ce5cd36691015b java-11-openjdk-11.0.14.1.1-1.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

[CentOS-announce] CESA-2022:0666 Important CentOS 7 cyrus-sasl Security Update

CentOS Errata and Security Advisory 2022:0666 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2022:0666

The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )

x86_64:
5a07757ffcab76dc74eef1e1537c4ea823f723bae2c05ab1dd29679d95478db1 cyrus-sasl-2.1.26-24.el7_9.i686.rpm
8180d23815951b3c5be397846577728116502dad35bbc2dd67b7c4188244e465 cyrus-sasl-2.1.26-24.el7_9.x86_64.rpm
cf7edef3f54d6a2816515812d2f679ae21bbfb26767bf64e34b73d19a3bce3ae cyrus-sasl-devel-2.1.26-24.el7_9.i686.rpm
b2e43341cc469f66b5495139b62a419c0c671b19535efcdc79df055cc43686e5 cyrus-sasl-devel-2.1.26-24.el7_9.x86_64.rpm
46f713cd31041330e2739c5a644e4f598536096f3e39d6c667a6d044eaa87893 cyrus-sasl-gs2-2.1.26-24.el7_9.i686.rpm
da2b0ffc968803d239f38444842e6792e85494901ff8d0075652f6c2d7aa1800 cyrus-sasl-gs2-2.1.26-24.el7_9.x86_64.rpm
c75dd0b94b1e1300b04edfbfa5a3739573a6f83dc0737110d2f8cfedfc5ab7a2 cyrus-sasl-gssapi-2.1.26-24.el7_9.i686.rpm
816c816facf8421458376b99f244ef91c147063ed4f4955fd0e8dae62eccaeb8 cyrus-sasl-gssapi-2.1.26-24.el7_9.x86_64.rpm
46ac94286722fc2f6f68ec4c0e70152b3d1ff6fac6001d2155f8228d91126574 cyrus-sasl-ldap-2.1.26-24.el7_9.i686.rpm
4a53adae3dd3a8d933f2ec113b7303ce7d9c782edd612d17b8d3badf4c04167e cyrus-sasl-ldap-2.1.26-24.el7_9.x86_64.rpm
4579c7a7925097881dd33b28c72cce227a024a5f071fa4cd0c5bb09cd76d8ec0 cyrus-sasl-lib-2.1.26-24.el7_9.i686.rpm
e1d065bfaef705d407c6134352d1afc64ecf26a5970a0e5282f6dda745483db8 cyrus-sasl-lib-2.1.26-24.el7_9.x86_64.rpm
ffcf7016d990141a16d89aca74ebc89f797e93581bb8c97a08c83f5bf4ae47e4 cyrus-sasl-md5-2.1.26-24.el7_9.i686.rpm
c92bf980488dff6128c5564f2f75712ccb2a9a0f859f4667af435f967eef4c45 cyrus-sasl-md5-2.1.26-24.el7_9.x86_64.rpm
94d6c80d9b08af719fa8a5e007bf753a3f13406d99bcd8411d914c6115c3b571 cyrus-sasl-ntlm-2.1.26-24.el7_9.i686.rpm
995c318e872c57fa7ce17355320c34d3fdd0774343e691cc23d9e9215ad53931 cyrus-sasl-ntlm-2.1.26-24.el7_9.x86_64.rpm
5a42bda7621305ca3bcd588a0c84aac743aba372ea8ee558945564b62173e3f3 cyrus-sasl-plain-2.1.26-24.el7_9.i686.rpm
c960158be24b783ab7fb4a317899b83f806692c1e48426fe46c6bee909357ee5 cyrus-sasl-plain-2.1.26-24.el7_9.x86_64.rpm
925078e3fe326e7212b074bf495287d0fafc0395d9657b439a01b27d1539037e cyrus-sasl-scram-2.1.26-24.el7_9.i686.rpm
4fc0e17577976ecf2487198134b9f2656bdc36caf8e27c75efb6aff14204088e cyrus-sasl-scram-2.1.26-24.el7_9.x86_64.rpm
b1fa72dca82442418098746eaa9881ac7e92678c41e6786a458c28d77235fd5e cyrus-sasl-sql-2.1.26-24.el7_9.i686.rpm
9fc8f4ae81c019b16a882823948eff561fe0f6ad38be509f514a5c287a60d121 cyrus-sasl-sql-2.1.26-24.el7_9.x86_64.rpm

Source:
c49472bd08c6060f53a9dace005b81cf466836790d2dcb407a536820f6319e77 cyrus-sasl-2.1.26-24.el7_9.src.rpm

--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@libera.chat
Twitter: @JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce

Thursday, February 24, 2022

Ubuntu 20.04.4 LTS released

The Ubuntu team is pleased to announce the release of Ubuntu 20.04.4 LTS
(Long-Term Support) for its Desktop, Server, and Cloud products, as well
as other flavours of Ubuntu with long-term support.

Like previous LTS series, 20.04.4 includes hardware enablement stacks
for use on newer hardware. This support is offered on all architectures.

Ubuntu Server defaults to installing the GA kernel; however you may
select the HWE kernel from the installer bootloader.

As usual, this point release includes many updates, and updated
installation media has been provided so that fewer updates will need to
be downloaded after installation. These include security updates and
corrections for other high-impact bugs, with a focus on maintaining
stability and compatibility with Ubuntu 20.04 LTS.

Kubuntu 20.04.4 LTS, Ubuntu Budgie 20.04.4 LTS, Ubuntu MATE 20.04.4 LTS,
Lubuntu 20.04.4 LTS, Ubuntu Kylin 20.04.4 LTS, Ubuntu Studio 20.04.4 LTS,
and Xubuntu 20.04.4 LTS are also now available. More details can be found
in their individual release notes:

https://wiki.ubuntu.com/FocalFossa/ReleaseNotes#Official_flavours

Maintenance updates will be provided for 5 years for Ubuntu Desktop,
Ubuntu Server, Ubuntu Cloud, and Ubuntu Core. All the remaining
flavours will be supported for 3 years. Additional security support is
available with ESM (Extended Security Maintenance).

To get Ubuntu 20.04.4 LTS
-------------------------

In order to download Ubuntu 20.04.4 LTS, visit:

https://ubuntu.com/download

Users of Ubuntu 18.04 LTS will be offered an automatic upgrade to
20.04.4 LTS via Update Manager. For further information about upgrading,
see:

https://help.ubuntu.com/community/FocalUpgrades

As always, upgrades to the latest version of Ubuntu are entirely free of
charge.

We recommend that all users read the 20.04.4 LTS release notes, which
document caveats and workarounds for known issues, as well as more
in-depth notes on the release itself. They are available at:

https://wiki.ubuntu.com/FocalFossa/ReleaseNotes

If you have a question, or if you think you may have found a bug but
aren't sure, you can try asking in any of the following places:

#ubuntu on irc.libera.chat
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
https://ubuntuforums.org
https://askubuntu.com

Help Shape Ubuntu
-----------------

If you would like to help shape Ubuntu, take a look at the list of ways
you can participate at:

https://discourse.ubuntu.com/contribute

About Ubuntu
------------

Ubuntu is a full-featured Linux distribution for desktops, laptops,
clouds and servers, with a fast and easy installation and regular
releases. A tightly-integrated selection of excellent applications is
included, and an incredible variety of add-on software is just a few
clicks away.

Professional services including support are available from Canonical and
hundreds of other companies around the world. For more information
about support, visit:

https://ubuntu.com/support

More Information
----------------

You can learn more about Ubuntu and about this release on our website
listed below:

https://ubuntu.com/

To sign up for future Ubuntu announcements, please subscribe to Ubuntu's
very low volume announcement list at:

https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

On behalf of the Ubuntu Release Team,
Łukasz 'sil2100' Zemczak

--
ubuntu-announce mailing list
ubuntu-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-announce

LibreSSL 3.5.0 Released

We have released LibreSSL 3.5.0, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is a
development release for the 3.5.x branch, and we appreciate additional testing
and feedback before the final release coming soon with OpenBSD 7.1.

It includes the following changes:

* New Features
- The RFC 3779 API was ported from OpenSSL. Many bugs were fixed,
regression tests were added and the code was cleaned up.
- Certificate Transparency was ported from OpenSSL. Many internal
improvements were made, resulting in cleaner and safer code.
Regress coverage was added. libssl does not yet make use of it.
* Portable Improvements
- Fixed various POSIX compliance and other portability issues
found by the port to the Sortix operating system.
- Add libmd as platform specific libraries for Solaris.
Issue reported from (ihsan <at> opencsw org) on libressl ML.
- Set IA-64 compiler flag only if it is HP-UX with IA-64.
Suggested from Larkin Nickle (me <at> larbob org) by libressl ML.
- Enabled and scheduled Coverity scan.
Contributed by Ilya Shipitsin (chipitsine <at> gmail com> on github.
* Compatibility Changes
- Most structs that were previously defined in the following headers
are now opaque as they are in OpenSSL 1.1:
bio.h, bn.h, comp.h, dh.h, dsa.h, evp.h, hmac.h, ocsp.h, rsa.h,
x509.h, x509v3.h, x509_vfy.h
- Switch TLSv1.3 cipher names from AEAD- to OpenSSL's TLS_
OpenSSL added the TLSv1.3 ciphersuites with "RFC names" instead
of using something consistent with the previous naming. Various
test suites expect these names (instead of checking for the much
more sensible cipher numbers). The old names are still accepted
as aliases.
- Subject alternative names and name constraints are now validated
when they are added to certificates. Various interoperability
problems with stacks that validate certificates more strictly
than OpenSSL can be avoided this way.
- Attempt to opportunistically use the host name for SNI in s_client
* Bug fixes
- In some situations, the verifier would discard the error on an
unvalidated certificate chain. This would happen when the
verification callback was in use, instructing the verifier to
continue unconditionally. This could lead to incorrect decisions
being made in software.
- Avoid an infinite loop in SSL_shutdown()
- Fix another return 0 bug in SSL_shutdown()
- Handle zero byte reads/writes that trigger handshakes in the
TLSv1.3 stack
- A long standing memleak in libtls CRL handling was fixed
* Internal Improvements
- Cache the SHA-512 hash instead of the SHA-1 hash and cache
notBefore and notAfter times when X.509 certificates are parsed.
- The X.509 lookup code has been simplified and cleaned up.
- Fixed numerous issues flagged by coverity and the cryptofuzz
project
- Increased the number of Miller-Rabin checks in DH and DSA
key/parameter generation
- Started using the bytestring API in libcrypto for cleaner and
safer code
- Convert {i2d,d2i}_{,EC_,DSA_,RSA_}PUBKEY{,_bio,_fp}() to templated
ASN1
- Convert ASN1_OBJECT_new() to calloc()
- Convert ASN1_STRING_type_new() to calloc()
- Rewrite ASN1_STRING_cmp()
- Use calloc() for X509_CRL_METHOD_new() instead of malloc()
- Convert ASN1_PCTX_new() to calloc()
- Replace asn1_tlc_clear and asn1_tlc_clear_nc macros with a
function
- Consolidate {d2i,i2d}_{pr,pu}.c
- Remove handling of a NULL BUF_MEM from asn1_collect()
- Pull the recursion depth check up to the top of asn1_collect()
- Inline collect_data() in asn1_collect()
- Convert asn1_d2i_ex_primitive()/asn1_collect() from BUF_MEM to CBB
- Clean up d2i_ASN1_BOOLEAN() and i2d_ASN1_BOOLEAN()
- Consolidate ASN.1 universal tag type data
- Rewrite ASN.1 identifier/length parsing in CBS
- Make OBJ_obj2nid() work correctly with NID_undef
- tlsext_tick_lifetime_hint is now an uint32_t
- Untangle ssl3_get_message() return values
- Rename tls13_buffer to tls_buffer
- Fold DTLS_STATE_INTERNAL into DTLS1_STATE
- Provide a way to determine our maximum legacy version
- Mop up enc_read_ctx and read_hash
- Fold SSL_SESSION_INTERNAL into SSL_SESSION
- Use ssl_force_want_read in the DTLS code
- Add record processing limit to DTLS code
- Add explicit CBS_contains_zero_byte() check in CBS_strdup()
- Improve SNI hostname validation
- Ensure SSL_set_tlsext_host_name() is given a valid hostname
- Fix a strange check in the auto DH codepath
- Factor out/rewrite DHE key exchange
- Convert server serialisation of DHE parameters/public key to new
functions
- Check DH public key in ssl_kex_peer_public_dhe()
- Move the minimum DHE key size check into ssl_kex_peer_params_dhe()
- Clean up and refactor server side DHE key exchange
- Provide CBS_get_last_u8()
- Provide CBS_get_u64()
- Provide CBS_add_u64()
- Provide various CBS_peek_* functions
- Use CBS_get_last_u8() to find the content type in TLSv1.3 records
- unifdef TLS13_USE_LEGACY_CLIENT_AUTH
- Correct SSL_get_peer_cert_chain() when used with the TLSv1.3 stack
- Only allow zero length key shares when we know we're doing HRR
- Pull key share group/length CBB code up from
tls13_key_share_public()
- Refactor ssl3_get_server_kex_ecdhe() to separate parsing and
validation
- Return 0 on failure from send/get kex functions in the legacy
stack
- Rename tls13_key_share to tls_key_share
- Allocate and free the EVP_AEAD_CTX struct in
tls13_record_protection
- Convert legacy TLS client to tls_key_share
- Convert legacy TLS server to tls_key_share
- Stop attempting to duplicate the public and private key of dh_tmp
- Rename dh_tmp to dhe_params
- Rename CERT to SSL_CERT and CERT_PKEY to SSL_CERT_PKEY
- Clean up pkey handling in ssl3_get_server_key_exchange()
- Fix GOST skip certificate verify handling
- Simplify tlsext_keyshare_server_parse()
- Plumb decode errors through key share parsing code
- Simplify SSL_get_peer_certificate()
- Cleanup/simplify ssl_cert_type()
- The S3I macro was removed
- The openssl(1) cms and smime subcommands option handling was
converted and the C source was cleaned up.
* Documentation improvements
- 45 new manual pages, most of which were written from scratch.
Documentation coverage of ASN.1 and X.509 code has been
significantly improved.
* API additions and removals
- libssl
API additions
SSL_get0_verified_chain SSL_peek_ex SSL_read_ex SSL_write_ex
API stubs for compatibility
SSL_CTX_get_keylog_callback SSL_CTX_get_num_tickets
SSL_CTX_set_keylog_callback SSL_CTX_set_num_tickets
SSL_get_num_tickets SSL_set_num_tickets
- libcrypto
added API (some of these were previously available as macros):
ASIdOrRange_free ASIdOrRange_new ASIdentifierChoice_free
ASIdentifierChoice_new ASIdentifiers_free ASIdentifiers_new
ASN1_TIME_diff ASRange_free ASRange_new BIO_get_callback_ex
BIO_get_init BIO_set_callback_ex BIO_set_next
BIO_set_retry_reason BN_GENCB_set BN_GENCB_set_old
BN_abs_is_word BN_get_flags BN_is_negative
BN_is_odd BN_is_one BN_is_word BN_is_zero BN_set_flags
BN_to_montgomery BN_with_flags BN_zero_ex CTLOG_STORE_free
CTLOG_STORE_get0_log_by_id CTLOG_STORE_load_default_file
CTLOG_STORE_load_file CTLOG_STORE_new CTLOG_free
CTLOG_get0_log_id CTLOG_get0_name CTLOG_get0_public_key
CTLOG_new CTLOG_new_from_base64 CT_POLICY_EVAL_CTX_free
CT_POLICY_EVAL_CTX_get0_cert CT_POLICY_EVAL_CTX_get0_issuer
CT_POLICY_EVAL_CTX_get0_log_store CT_POLICY_EVAL_CTX_get_time
CT_POLICY_EVAL_CTX_new CT_POLICY_EVAL_CTX_set1_cert
CT_POLICY_EVAL_CTX_set1_issuer
CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE
CT_POLICY_EVAL_CTX_set_time DH_get0_g DH_get0_p DH_get0_priv_key
DH_get0_pub_key DH_get0_q DH_get_length DSA_bits DSA_get0_g
DSA_get0_p DSA_get0_priv_key DSA_get0_pub_key DSA_get0_q
ECDSA_SIG_get0_r ECDSA_SIG_get0_s EVP_AEAD_CTX_free
EVP_AEAD_CTX_new EVP_CIPHER_CTX_buf_noconst
EVP_CIPHER_CTX_get_cipher_data EVP_CIPHER_CTX_set_cipher_data
EVP_MD_CTX_md_data EVP_MD_CTX_pkey_ctx EVP_MD_CTX_set_pkey_ctx
EVP_MD_meth_dup EVP_MD_meth_free EVP_MD_meth_new
EVP_MD_meth_set_app_datasize EVP_MD_meth_set_cleanup
EVP_MD_meth_set_copy EVP_MD_meth_set_ctrl EVP_MD_meth_set_final
EVP_MD_meth_set_flags EVP_MD_meth_set_init
EVP_MD_meth_set_input_blocksize EVP_MD_meth_set_result_size
EVP_MD_meth_set_update EVP_PKEY_asn1_set_check
EVP_PKEY_asn1_set_param_check EVP_PKEY_asn1_set_public_check
EVP_PKEY_check EVP_PKEY_meth_set_check
EVP_PKEY_meth_set_param_check EVP_PKEY_meth_set_public_check
EVP_PKEY_param_check EVP_PKEY_public_check FIPS_mode
FIPS_mode_set IPAddressChoice_free IPAddressChoice_new
IPAddressFamily_free IPAddressFamily_new IPAddressOrRange_free
IPAddressOrRange_new IPAddressRange_free IPAddressRange_new
OBJ_get0_data OBJ_length OCSP_resp_get0_certs OCSP_resp_get0_id
OCSP_resp_get0_produced_at OCSP_resp_get0_respdata
OCSP_resp_get0_signature OCSP_resp_get0_signer
OCSP_resp_get0_tbs_sigalg PEM_write_bio_PrivateKey_traditional
RSA_get0_d RSA_get0_dmp1 RSA_get0_dmq1 RSA_get0_e RSA_get0_iqmp
RSA_get0_n RSA_get0_p RSA_get0_pss_params RSA_get0_q
SCT_LIST_free SCT_LIST_print SCT_LIST_validate SCT_free
SCT_get0_extensions SCT_get0_log_id SCT_get0_signature
SCT_get_log_entry_type SCT_get_signature_nid SCT_get_source
SCT_get_timestamp SCT_get_validation_status SCT_get_version
SCT_new SCT_new_from_base64 SCT_print SCT_set0_extensions
SCT_set0_log_id SCT_set0_signature SCT_set1_extensions
SCT_set1_log_id SCT_set1_signature SCT_set_log_entry_type
SCT_set_signature_nid SCT_set_source SCT_set_timestamp
SCT_set_version SCT_validate SCT_validation_status_string
X509_OBJECT_free X509_OBJECT_new X509_REQ_get0_pubkey
X509_SIG_get0 X509_SIG_getm X509_STORE_CTX_get_by_subject
X509_STORE_CTX_get_num_untrusted
X509_STORE_CTX_get_obj_by_subject X509_STORE_CTX_get_verify
X509_STORE_CTX_get_verify_cb X509_STORE_CTX_set0_verified_chain
X509_STORE_CTX_set_current_cert X509_STORE_CTX_set_error_depth
X509_STORE_CTX_set_verify X509_STORE_get_verify
X509_STORE_get_verify_cb X509_STORE_set_verify
X509_get_X509_PUBKEY X509_get_extended_key_usage
X509_get_extension_flags X509_get_key_usage
X509v3_addr_add_inherit X509v3_addr_add_prefix
X509v3_addr_add_range X509v3_addr_canonize X509v3_addr_get_afi
X509v3_addr_get_range X509v3_addr_inherits
X509v3_addr_is_canonical X509v3_addr_subset
X509v3_addr_validate_path X509v3_addr_validate_resource_set
X509v3_asid_add_id_or_range X509v3_asid_add_inherit
X509v3_asid_canonize X509v3_asid_inherits
X509v3_asid_is_canonical X509v3_asid_subset
X509v3_asid_validate_path X509v3_asid_validate_resource_set
d2i_ASIdOrRange d2i_ASIdentifierChoice d2i_ASIdentifiers
d2i_ASRange d2i_IPAddressChoice d2i_IPAddressFamily
d2i_IPAddressOrRange d2i_IPAddressRange d2i_SCT_LIST
i2d_ASIdOrRange i2d_ASIdentifierChoice i2d_ASIdentifiers
i2d_ASRange i2d_IPAddressChoice i2d_IPAddressFamily
i2d_IPAddressOrRange i2d_IPAddressRange i2d_SCT_LIST
i2d_re_X509_CRL_tbs i2d_re_X509_REQ_tbs i2d_re_X509_tbs i2o_SCT
i2o_SCT_LIST o2i_SCT o2i_SCT_LIST
removed API:
ASN1_check_infinite_end ASN1_const_check_infinite_end EVP_dss
EVP_dss1 EVP_ecdsa HMAC_CTX_cleanup HMAC_CTX_init
NETSCAPE_ENCRYPTED_PKEY_free NETSCAPE_ENCRYPTED_PKEY_new
NETSCAPE_PKEY_free NETSCAPE_PKEY_new NETSCAPE_X509_free
NETSCAPE_X509_new OBJ_bsearch_ex_ PEM_SealFinal PEM_SealInit
PEM_SealUpdate PEM_read_X509_CERT_PAIR
PEM_read_bio_X509_CERT_PAIR PEM_write_X509_CERT_PAIR
PEM_write_bio_X509_CERT_PAIR X509_CERT_PAIR_free
X509_CERT_PAIR_new X509_OBJECT_free_contents asn1_do_adb
asn1_do_lock asn1_enc_free asn1_enc_init asn1_enc_restore
asn1_enc_save asn1_ex_c2i asn1_get_choice_selector
asn1_get_field_ptr asn1_set_choice_selector check_defer
d2i_ASN1_BOOLEAN d2i_NETSCAPE_ENCRYPTED_PKEY d2i_NETSCAPE_PKEY
d2i_NETSCAPE_X509 d2i_Netscape_RSA d2i_RSA_NET
d2i_X509_CERT_PAIR i2d_ASN1_BOOLEAN i2d_NETSCAPE_ENCRYPTED_PKEY
i2d_NETSCAPE_PKEY i2d_NETSCAPE_X509 i2d_Netscape_RSA i2d_RSA_NET
i2d_X509_CERT_PAIR name_cmp obj_cleanup_defer

The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.

[USN-5292-4] snapd regression

==========================================================================
Ubuntu Security Notice USN-5292-4
February 24, 2022

snapd regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

USN-5292-1 introduced a regression in snapd.

Software Description:
- snapd: Daemon and tooling that enable snap packages

Details:

USN-5292-1 fixed a vulnerability in snapd. Unfortunately that update introduced
a regression that could break the fish shell. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

James Troup discovered that snap did not properly manage the permissions for
the snap directories. A local attacker could possibly use this issue to expose
sensitive information. (CVE-2021-3155)

Ian Johnson discovered that snapd did not properly validate content interfaces
and layout paths. A local attacker could possibly use this issue to inject
arbitrary AppArmor policy rules, resulting in a bypass of intended access
restrictions. (CVE-2021-4120)

The Qualys Research Team discovered that snapd did not properly validate the
location of the snap-confine binary. A local attacker could possibly use this
issue to execute other arbitrary binaries and escalate privileges.
(CVE-2021-44730)

The Qualys Research Team discovered that a race condition existed in the snapd
snap-confine binary when preparing a private mount namespace for a snap. A
local attacker could possibly use this issue to escalate privileges and
execute arbitrary code. (CVE-2021-44731)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
snap-confine 2.54.3+21.10.1ubuntu0.2
snapd 2.54.3+21.10.1ubuntu0.2

Ubuntu 20.04 LTS:
snap-confine 2.54.3+20.04.1ubuntu0.2
snapd 2.54.3+20.04.1ubuntu0.2

Ubuntu 18.04 LTS:
snap-confine 2.54.3+18.04.2ubuntu0.2
snapd 2.54.3+18.04.2ubuntu0.2

Ubuntu 16.04 ESM:
snap-confine 2.54.3+16.04.0ubuntu0.1~esm4
snapd 2.54.3+16.04.0ubuntu0.1~esm4

Ubuntu 14.04 ESM:
snap-confine 2.54.3+14.04.0ubuntu0.1~esm3
snapd 2.54.3+14.04.0ubuntu0.1~esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5292-4
https://ubuntu.com/security/notices/USN-5292-1
https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961365, https://bugs.launchpad.net/ubuntu/+source/snapd/+bug/1961791

Package Information:
https://launchpad.net/ubuntu/+source/snapd/2.54.3+21.10.1ubuntu0.2
https://launchpad.net/ubuntu/+source/snapd/2.54.3+20.04.1ubuntu0.2
https://launchpad.net/ubuntu/+source/snapd/2.54.3+18.04.2ubuntu0.2

Wednesday, February 23, 2022

OpenBSD Errata: February 24, 2022 (libexpat)

Errata patches for expat XML library have been released for OpenBSD
6.9 and 7.0.

Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:

https://www.openbsd.org/errata69.html
https://www.openbsd.org/errata70.html

F37 Change: Boost 1.78 upgrade (System-Wide Change proposal)

https://fedoraproject.org/wiki/Changes/F37Boost178

== Summary ==
This change brings Boost 1.78 to Fedora. This will mean Fedora ships
with a recent upstream Boost release.

== Owner ==

* Name: [[User:trodgers| Thomas Rodgers]]
* Email: trodgers@redhat.com

== Detailed Description ==

The aim is to synchronize Fedora with the most recent Boost release.
Because ABI stability is absent from Boost, this entails rebuilding of
all dependent packages. This also entails the change owner assisting
maintainers of client packages in decoding cryptic boost-ese seen in
output from g++.

The equivalent changes for previous releases were
[[Changes/F35Boost176]], [[Changes/F34Boost175]],
[[Changes/F33Boost173]], [[Changes/F30Boost169|Fedora 30 Change]],
[[Changes/F29Boost167|Fedora 29 Change]], [[Changes/F28Boost166|Fedora
28 Change]], [[Changes/F27Boost164|Fedora 27 Change]],
[[Changes/F26Boost163|Fedora 26 Change]], [[Changes/F25Boost161|Fedora
25 Change]], [[Changes/F24Boost160|Fedora 24 Change]],
[[Changes/F23Boost159|Fedora 23 Change]] and
[[Changes/F22Boost158|Fedora 22 Change]].

== Benefit to Fedora ==

Fedora 37 includes Boost 1.78.

Fedora will stay relevant, as far as Boost clients are concerned.

Boost 1.78 does not bring any new components, but includes two new
header-only libraries from Boost 1.77 -
* Describe: A C++14 reflection library. Provides macros for describing
enumerators and struct/class members, and primitives for querying this
information.
* Lambda2: A C++14, dependency-free, single header lambda library.
Allows simple function objects to be constructed via expressions such
as _1 + 5, _1 % 2 == 0, _1 > _2, or _1 == ' ' || _1 == '\t'.

Boost 1.78 also includes many fixes and enhancements to existing components.

== Scope ==
* Proposal owners:
** Build will be done with Boost.Build v2 (which is the
upstream-sanctioned way of building Boost)
** Request a "f37-boost"
[https://docs.pagure.org/releng/sop_adding_side_build_targets.html
build system tag]
([http://lists.fedoraproject.org/pipermail/devel/2011-November/159908.html
discussion]):

** Build boost into that tag (take a look at the
[http://koji.fedoraproject.org/koji/buildinfo?buildID=606493 build
#606493] for inspiration)
** Post a request for rebuilds to fedora-devel
** Work on rebuilding dependent packages in the tag.
** When most is done, re-tag all the packages to rawhide
** Watch fedora-devel and assist in rebuilding broken Boost clients
(by fixing the client, or Boost).

* Other developers:
** Those who depend on Boost DSOs will have to rebuild their packages.
Feature owners will alleviate some of this work as indicated above,
and will assist those whose packages fail to build in debugging them.

* Release engineering: TODO  (a check of an impact with Release Engineering is needed)

* Policies and guidelines:
** Apart from scope, this is business as usual, so no new policies, no
new guidelines.

* Trademark approval: N/A (not needed for this Change)

== Upgrade/compatibility impact ==
* No manual configuration or data migration needed.
* Some impact on other packages needing code changes to rebuild.
Historically this hasn't been too much of a problem and could always
be resolved before deadline.

== How To Test ==
* No special hardware is needed.
* Integration testing simply consists of installing Boost packages
(`dnf install boost`) on Fedora and checking that it does not break
other packages (see below for a way to obtain a list of boost
clients).

== User Experience ==
* Expected to remain largely the same.
* Developers building third-party software on Fedora may need to
rebuild against the new Boost packages, and may need to adjust their
code if the new Boost release is not source-compatible.

== Dependencies ==
Packages that must be rebuilt:
<code>$ dnf repoquery -s --releasever=rawhide --whatrequires
libboost\* --disablerepo=* --enablerepo=fedora | sort -u</code>

All clients:
<code>$ dnf repoquery --releasever=rawhide --archlist=src
--whatrequires boost-devel --disablerepo='*'
--enablerepo=fedora-source</code>

== Contingency Plan ==

* Contingency mechanism: Worst case scenario is to abandon the update
and simply ship F37 with Boost 1.76, which is already in rawhide.
* Blocks release? No
* Blocks product? None

== Documentation ==
* https://www.boost.org/users/history/version_1_78_0.html (released on
8th December 2021)
* https://www.boost.org/users/history/version_1_77_0.html (released on
11 August 2021)
* https://www.boost.org/development/index.html

== Release Notes ==

--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[arch-announce] Arch Linux Leader Election Results

This month we held our leader election, and our current leader Levente Polyák ran unopposed. As per [our election rules](https://wiki.archlinux.org/title/DeveloperWiki:Project_Leader#Election) he is re-elected for a new term.

**Congratulations to Levente Polyak on a new term!**

URL: https://archlinux.org/news/arch-linux-leader-election-results/
_______________________________________________
arch-announce mailing list
arch-announce@lists.archlinux.org
https://lists.archlinux.org/listinfo/arch-announce

Tuesday, February 22, 2022

[USN-5302-1] Linux kernel (OEM) vulnerabilities

==========================================================================
Ubuntu Security Notice USN-5302-1
February 22, 2022

linux-oem-5.14 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oem-5.14: Linux kernel for OEM systems

Details:

Yiqi Sun and Kevin Wang discovered that the cgroups implementation
in the Linux kernel did not properly restrict access to the cgroups
v1 release_agent feature. A local attacker could use this to gain
administrative privileges. (CVE-2022-0492)

Brendan Dolan-Gavitt discovered that the Marvell WiFi-Ex USB device
driver in the Linux kernel did not properly handle some error
conditions. A physically proximate attacker could use this to cause
a denial of service (system crash). (CVE-2021-43976)

Wenqing Liu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate inode types while performing
garbage collection. An attacker could use this to construct a malicious
f2fs image that, when mounted and operated on, could cause a denial
of service (system crash). (CVE-2021-44879)

Samuel Page discovered that the Transparent Inter-Process Communication
(TIPC) protocol implementation in the Linux kernel contained a
stack-based buffer overflow. A remote attacker could use this to
cause a denial of service (system crash) for systems that have a TIPC
bearer configured. (CVE-2022-0435)

Lyu Tao discovered that the NFS implementation in the Linux kernel
did not properly handle requests to open a directory on a regular
file. A local attacker could use this to expose sensitive information
(kernel memory). (CVE-2022-24448)

It was discovered that the YAM AX.25 device driver in the Linux kernel
did not properly deallocate memory in some error conditions. A local
privileged attacker could use this to cause a denial of service
(kernel memory exhaustion). (CVE-2022-24959)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
linux-image-5.14.0-1024-oem 5.14.0-1024.26
linux-image-oem-20.04 5.14.0.1024.22
linux-image-oem-20.04b 5.14.0.1024.22
linux-image-oem-20.04c 5.14.0.1024.22
linux-image-oem-20.04d 5.14.0.1024.22

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-5302-1
CVE-2021-43976, CVE-2021-44879, CVE-2022-0435, CVE-2022-0492,
CVE-2022-24448, CVE-2022-24959

Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-5.14/5.14.0-1024.26

[USN-5301-2] Cyrus SASL vulnerability

==========================================================================
Ubuntu Security Notice USN-5301-2
February 22, 2022

cyrus-sasl2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM

Summary:

Cyrus SASL could run programs if it received specially crafted network
traffic.

Software Description:
- cyrus-sasl2: Cyrus Simple Authentication and Security Layer

Details:

USN-5301-1 fixed a vulnerability in Cyrus. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
libsasl2-modules-sql 2.1.26.dfsg1-14ubuntu0.2+esm1

Ubuntu 14.04 ESM:
libsasl2-modules-sql 2.1.25.dfsg1-17ubuntu0.1~esm2

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5301-2
https://ubuntu.com/security/notices/USN-5301-1
CVE-2022-24407

[USN-5300-1] PHP vulnerabilities

==========================================================================
Ubuntu Security Notice USN-5300-1
February 22, 2022

php7.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM

Summary:

Several security issues were fixed in PHP.

Software Description:
- php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain scripts.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9120)

It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly obtain sensitive information. (CVE-2017-9119)

It was discovered that PHP incorrectly handled certain scripts with XML
parsing functions.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2021-21707)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
php7.0-cgi 7.0.33-0ubuntu0.16.04.16+esm3
php7.0-cli 7.0.33-0ubuntu0.16.04.16+esm3
php7.0-fpm 7.0.33-0ubuntu0.16.04.16+esm3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5300-1
CVE-2015-9253, CVE-2017-8923, CVE-2017-9118, CVE-2017-9119,
CVE-2017-9120, CVE-2021-21707

[USN-5301-1] Cyrus SASL vulnerability

==========================================================================
Ubuntu Security Notice USN-5301-1
February 22, 2022

cyrus-sasl2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Cyrus SASL could run programs if it received specially crafted network
traffic.

Software Description:
- cyrus-sasl2: Cyrus Simple Authentication and Security Layer

Details:

It was discovered that the Cyrus SASL SQL plugin incorrectly handled SQL
input. A remote attacker could use this issue to execute arbitrary SQL
commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 21.10:
libsasl2-modules-sql 2.1.27+dfsg-2.1ubuntu0.1

Ubuntu 20.04 LTS:
libsasl2-modules-sql 2.1.27+dfsg-2ubuntu0.1

Ubuntu 18.04 LTS:
libsasl2-modules-sql 2.1.27~101-g0780600+dfsg-3ubuntu2.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-5301-1
CVE-2022-24407

Package Information:
https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.27+dfsg-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.27+dfsg-2ubuntu0.1

https://launchpad.net/ubuntu/+source/cyrus-sasl2/2.1.27~101-g0780600+dfsg-3ubuntu2.4

F37 Change: Curl-minimal as default (System-Wide Change proposal)

https://fedoraproject.org/wiki/Changes/CurlMinimal_as_Default

== Summary ==
`libcurl-minimal` and `curl-minimal` will be installed by default
instead of `libcurl` and `curl`.
The "minimal" variants provide only a subset of protocols (HTTP, HTTPS, FTP).
The full versions can be explicitly requested as `libcurl-full` and `curl-full`.

== Owner ==
* Name: [[User:Zbyszek| Zbigniew Jędrzejewski-Szmek]]
* Email: zbyszek at in.waw.pl
* Name: [[User:Kdudka| Kamil Dudka]]
* Email: kdudka at redhat.com

== Detailed Description ==

The `curl` package provides two sets of subpackages: `curl`+`libcurl`
and `curl-minimal`+`libcurl+minimal`.
`curl-minimal`+`libcurl-minimal` are compiled with various
semi-obsolete protocols and infrequently-used features disabled:
DICT, GOPHER, IMAP, LDAP, LDAPS, MQTT, NTLM, POP3, RTSP, SMB, SMTP,
SFTP, SCP, TELNET, TFTP, brotli compression, IDN2 names.

(Both variants support HTTP, HTTPS, and FTP.)

`curl-minimal` has `Provides:curl` and `libcurl-minimal` has `Provides:libcurl`.
This means that both sets can be used to satisfy a dependency on
`curl` or `libcurl`.
`curl` has the virtual `Provides:curl-full` and `libcurl` has the
virtual `Provides:libcurl-full`.
The user or another package can explicitly pull in the full variants,
e.g. with `dnf install curl-full`
or `Requires: libcurl-full`.
With this change, `Suggests: libcurl-minimal` or `Suggests:
curl-minimal` will be added to a few packages
that already have a dependency on `libcurl` or `curl`.
Currently, doing this for `systemd` and `rpm` is planned.
Effectively, `dnf` will install the minimal variants, unless another
package has a stronger dependency on the full variants.

== Benefit to Fedora ==
There are two separate motivations for this.

Those infrequently used protocols are less tested than the common ones
and are a source of security bugs.
Most users are not using those protocols anyway, so disabling them
reduces the bug and attack surface.
(In fact, many applications already call `curl_easy_setopt(c,
CURLOPT_PROTOCOLS, …)` to internally
limit what protocols are supported. So even if `libcurl` is swapped
for `libcurl-minimal` for many
uses this will not be a difference.)

The packages for the minimal variants are smaller:
a trivial installation with `curl-minimal`+`libcurl+minimal` is 18 MB
download, 57 MB installed size, 50 packages;
the same with `curl-full` and `libcurl-full` is 21 MB download, 65
installed size, 62 packages.
Thus we save 8 MB, reducing the initial size by 12%.

== Scope ==
* Proposal owners:
Create pull requests to add `Suggests: curl-minimal` or `Suggests:
libcurl-minimal` as appropriate
to packages which already require `curl` or `libcurl`: `rpm` and `systemd`.
This means that any installation (which should be most of them) will
get the minimal variants.

* Other developers:
For packages that use the full variants: add `Recommends: curl-full`
or `Recommends: libcurl-full` or
`Requires: curl-full` or `Requires: libcurl-full` as appropriate.

* Release engineering:
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:

== Upgrade/compatibility impact ==
Users who use curl or another application which uses libcurl with the
removed protocols will lose support for those protocols. They will
need to explicitly install the full variants.

== How To Test ==
`dnf swap curl curl-minimal` or `dnf swap libcurl libcurl-minimal` and
check that `curl` and other applications using `libcurl` still work.

== User Experience ==
This should be not be noticed by users, except as noted above in
Upgrade/compatibility impact.

== Dependencies ==

== Contingency Plan ==

Remove the additions of Suggests, or even add explicit Recommends or Requires.
* Contingency deadline: any time, possibly even after the final release
* Blocks release? No

== Documentation ==
This page should be enough.

== Release Notes ==
`curl-minimal` and `libcurl-minimal` are installed by default. The
support for various obsolete protocols is unavailable by default
through curl (DICT, GOPHER, IMAP, LDAP, LDAPS, MQTT, NTLM, POP3, RTSP,
SMB, SMTP, SFTP, SCP, TELNET, TFTP, brotli compression, IDN2 names).

--
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 36 Bodhi updates-testing Activation and Beta Freeze

Hi all,

Today's an important day on the Fedora 36 schedule[1], with several
significant cut-offs. First of all, today is the Bodhi updates-testing
activation point [2]. That means that from now all Fedora 36 packages must be submitted to updates-testing and pass the relevant
requirements[3] before they will be marked as 'stable' and moved to
the fedora repository.

Today is also the Beta freeze[4]. This means that only packages which
fix accepted blocker or freeze exception bugs[5][6] will be marked as
'stable' and included in the Beta composes. Other builds will remain
in updates-testing until the Beta release is approved, at which point
the Beta freeze is lifted and packages can move to 'stable' as usual
until the Final freeze.

Today is also the Software String freeze[7], which means that strings
marked for translation in Fedora-translated projects should not now be
changed for Fedora 36.

Finally, today is the 'completion deadline' Change Checkpoint[8],
meaning that Fedora 36 Changes must now be 'feature complete or close
enough to completion that a majority of its functionality can be
tested'. All tracking bugs should be on ON_QA state or later to
reflect this.

Regards
Tomáš Hrčka

[1] https://fedorapeople.org/groups/schedule/f-36/f-36-key-tasks.html
[2] https://fedoraproject.org/wiki/Updates_Policy#Bodhi_enabling
[3] https://fedoraproject.org/wiki/Updates_Policy#Branched_release
[4] https://fedoraproject.org/wiki/Milestone_freezes
[5] https://fedoraproject.org/wiki/QA:SOP_blocker_bug_process
[6] https://fedoraproject.org/wiki/QA:SOP_freeze_exception_bug_process
[7] https://fedoraproject.org/wiki/ReleaseEngineering/StringFreezePolicy
[8] https://fedoraproject.org/wiki/Changes/Policy