Release status of the Fedora 27 Final is NO-GO.
The next Go/No-Go meeting is planned on Thursday, November 9th. The GA
date for the F27 Final release moves 2017-Nov-14.
For more details please check the Go/No-Go meeting minutes[1].
[1] https://meetbot.fedoraproject.org/teams/f27-final-and-server-beta-go-no-go-meeting/f27-final-and-server-beta-go-no-go-meeting.2017-11-02-17.00.html
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Monday, November 6, 2017
[USN-3474-1] Liblouis vulnerability
==========================================================================
Ubuntu Security Notice USN-3474-1
November 06, 2017
liblouis vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Liblouis could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- liblouis: Braille translation library - utilities
Details:
Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled
certain files. If a user were tricked into opening a crafted file, an
attacker could possibly use this to cause a denial of service or
potentially execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
liblouis-bin 2.5.3-2ubuntu1.2
liblouis2 2.5.3-2ubuntu1.2
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3474-1
CVE-2014-8184
Package Information:
https://launchpad.net/ubuntu/+source/liblouis/2.5.3-2ubuntu1.2
Ubuntu Security Notice USN-3474-1
November 06, 2017
liblouis vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Liblouis could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- liblouis: Braille translation library - utilities
Details:
Raphael Sanchez Prudencio discovered that Liblouis incorrectly handled
certain files. If a user were tricked into opening a crafted file, an
attacker could possibly use this to cause a denial of service or
potentially execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
liblouis-bin 2.5.3-2ubuntu1.2
liblouis2 2.5.3-2ubuntu1.2
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3474-1
CVE-2014-8184
Package Information:
https://launchpad.net/ubuntu/+source/liblouis/2.5.3-2ubuntu1.2
F28 System Wide Change: Ruby 2.5
= System Wide Change:Ruby 2.5 =
https://fedoraproject.org/wiki/Changes/Ruby_2.5
Change owner(s):
* Vít Ondruch <vondruch AT redhat DOT com>
Ruby 2.5 is the latest stable version of Ruby. Many new features and
improvements are included for the increasingly diverse and expanding
demands for Ruby. With this major update from Ruby 2.4 in Fedora 26 to
Ruby 2.5 in Fedora 28, Fedora becomes the superior Ruby development
platform.
== Detailed Description ==
Ruby 2.5 is upstream's new major release of Ruby. Many new features
and improvements are included.
=== New Features ===
* Top-level constant look-up is removed.
* rescue/else/ensure are allowed inside do/end blocks.
* refinements take place in string interpolations.
* yield_self
=== Other notable changes since 2.4 ===
* Merge Onigmo to 6.1.1. It adds absent operator Note that Ruby 2.4.1
also includes this change.
* Merge bundler to standard libraries.
* Merge rubygems-2.6.13.
* Merge rdoc-6.0.0.beta2. Change lexer IRB based one to Ripper. It
much improves the speed of generating document.
/ Update supported Unicode version to 10.0.0.
== Scope ==
* Proposal owners:
- Finish packaging of Ruby 2.5. Current changes available in
private-ruby-2.5 branch of ruby package in dist-git.
- Rebuilding of Ruby packages providing native extensions (i.e.
packages which depends on libruby).
* Other developers:
- Rebuild of packages with binary extensions (i.e. packages which
depends on libruby) will be handled automatically, but some packages
might need fixes/updates to support Ruby 2.5 properly.
* Release engineering:
- https://pagure.io/releng/issue/7142
- Separate Koji tag for package rebuild will be needed.
* List of deliverables:
N/A (not needed for this Change)
* Policies and guidelines:
N/A (not needed for this Change)
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
https://fedoraproject.org/wiki/Changes/Ruby_2.5
Change owner(s):
* Vít Ondruch <vondruch AT redhat DOT com>
Ruby 2.5 is the latest stable version of Ruby. Many new features and
improvements are included for the increasingly diverse and expanding
demands for Ruby. With this major update from Ruby 2.4 in Fedora 26 to
Ruby 2.5 in Fedora 28, Fedora becomes the superior Ruby development
platform.
== Detailed Description ==
Ruby 2.5 is upstream's new major release of Ruby. Many new features
and improvements are included.
=== New Features ===
* Top-level constant look-up is removed.
* rescue/else/ensure are allowed inside do/end blocks.
* refinements take place in string interpolations.
* yield_self
=== Other notable changes since 2.4 ===
* Merge Onigmo to 6.1.1. It adds absent operator Note that Ruby 2.4.1
also includes this change.
* Merge bundler to standard libraries.
* Merge rubygems-2.6.13.
* Merge rdoc-6.0.0.beta2. Change lexer IRB based one to Ripper. It
much improves the speed of generating document.
/ Update supported Unicode version to 10.0.0.
== Scope ==
* Proposal owners:
- Finish packaging of Ruby 2.5. Current changes available in
private-ruby-2.5 branch of ruby package in dist-git.
- Rebuilding of Ruby packages providing native extensions (i.e.
packages which depends on libruby).
* Other developers:
- Rebuild of packages with binary extensions (i.e. packages which
depends on libruby) will be handled automatically, but some packages
might need fixes/updates to support Ruby 2.5 properly.
* Release engineering:
- https://pagure.io/releng/issue/7142
- Separate Koji tag for package rebuild will be needed.
* List of deliverables:
N/A (not needed for this Change)
* Policies and guidelines:
N/A (not needed for this Change)
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
LibreSSL 2.6.3 Released
We have released LibreSSL 2.6.3, based on OpenBSD 6.2, which will be the new
stable release series. LibreSSL 2.4.x support has also ended. LibreSSL 2.6.3
contains the following changes from the previous stable release:
* Added support for providing CRLs to libtls - once a CRL is provided via
tls_config_set_crl_file(3) or tls_config_set_crl_mem(3), CRL checking is
enabled and required for the full certificate chain.
* Reworked TLS certificate name verification code to more strictly follow RFC
6125.
* Cleaned up and simplified server key exchange EC point handling.
* Removed inconsistent IPv6 handling from BIO_get_accept_socket(), simplified
BIO_get_host_ip() and BIO_accept().
* Added definitions for three OIDs used in EV certificates.
* Relaxed SNI validation to allow non-RFC-compliant clients using literal IP
addresses with SNI to connect to a libtls-based TLS server.
* Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
validation callbacks such as those in relayd.
* Converted explicit clear/free sequences to use freezero(3).
* Fixed the openssl(1) ca command so that it generates certificates with RFC
5280-conformant time.
* Added ASN1_TIME_set_tm(3) to set an ASN.1 time from a struct tm *.
* Added SSL{,_CTX}_set_{min,max}_proto_version(3) functions.
* Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
* Provided a tls_unload_file(3) function that frees the memory returned from a
tls_load_file(3) call, ensuring that the contents become inaccessible.
* Implemented reference counting for libtls tls_config, allowing
tls_config_free(3) to be called as soon as it has been passed to the final
tls_configure(3) call, simplifying lifetime tracking for the application.
* Dropped cipher suites using DSS authentication.
* Removed support for DSS/DSA from libssl.
* Distinguish between self-issued certificates and self-signed certificates.
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
* Added a new TLS extension handling framework and converted all TLS
extensions to use it.
* Improved and added many new manpages. Updated
SSL_{CTX_,}check_private_key(3) manpages with additional cautions regarding
their use.
* Cleaned up and simplified EC key/curve configuration handling.
* Added tls_config_set_ecdhecurves(3) to libtls, which allows the names of the
elliptical curves that may be used during client and server key exchange to
be specified.
* Converted more code paths to use CBB/CBS.
* Removed NPN support - NPN was never standardised and the last draft expired
in October 2012.
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken CryptoPro
clients.
* Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
* Added ability to clamp notafter values in certificates for systems with
32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
* Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
* Provide a useful error with libtls if there are no OCSP URLs in a peer
certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug where a
TLS server with SNI would only return the OCSP staple for the default
keypair.
* If tls_config_parse_protocols(3) is called with a NULL pointer it now
returns the default protocols.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
stable release series. LibreSSL 2.4.x support has also ended. LibreSSL 2.6.3
contains the following changes from the previous stable release:
* Added support for providing CRLs to libtls - once a CRL is provided via
tls_config_set_crl_file(3) or tls_config_set_crl_mem(3), CRL checking is
enabled and required for the full certificate chain.
* Reworked TLS certificate name verification code to more strictly follow RFC
6125.
* Cleaned up and simplified server key exchange EC point handling.
* Removed inconsistent IPv6 handling from BIO_get_accept_socket(), simplified
BIO_get_host_ip() and BIO_accept().
* Added definitions for three OIDs used in EV certificates.
* Relaxed SNI validation to allow non-RFC-compliant clients using literal IP
addresses with SNI to connect to a libtls-based TLS server.
* Added tls_peer_cert_chain_pem() to libtls, useful in private certificate
validation callbacks such as those in relayd.
* Converted explicit clear/free sequences to use freezero(3).
* Fixed the openssl(1) ca command so that it generates certificates with RFC
5280-conformant time.
* Added ASN1_TIME_set_tm(3) to set an ASN.1 time from a struct tm *.
* Added SSL{,_CTX}_set_{min,max}_proto_version(3) functions.
* Imported HKDF (HMAC Key Derivation Function) from BoringSSL.
* Provided a tls_unload_file(3) function that frees the memory returned from a
tls_load_file(3) call, ensuring that the contents become inaccessible.
* Implemented reference counting for libtls tls_config, allowing
tls_config_free(3) to be called as soon as it has been passed to the final
tls_configure(3) call, simplifying lifetime tracking for the application.
* Dropped cipher suites using DSS authentication.
* Removed support for DSS/DSA from libssl.
* Distinguish between self-issued certificates and self-signed certificates.
The certificate verification code has special cases for self-signed
certificates and without this change, self-issued certificates (which it
seems are common place with openvpn/easyrsa) were also being included in
this category.
* Added a new TLS extension handling framework and converted all TLS
extensions to use it.
* Improved and added many new manpages. Updated
SSL_{CTX_,}check_private_key(3) manpages with additional cautions regarding
their use.
* Cleaned up and simplified EC key/curve configuration handling.
* Added tls_config_set_ecdhecurves(3) to libtls, which allows the names of the
elliptical curves that may be used during client and server key exchange to
be specified.
* Converted more code paths to use CBB/CBS.
* Removed NPN support - NPN was never standardised and the last draft expired
in October 2012.
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken CryptoPro
clients.
* Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
* Added ability to clamp notafter values in certificates for systems with
32-bit time_t. This is necessary to conform to RFC 5280 4.1.2.5.
* Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
* Provide a useful error with libtls if there are no OCSP URLs in a peer
certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug where a
TLS server with SNI would only return the OCSP staple for the default
keypair.
* If tls_config_parse_protocols(3) is called with a NULL pointer it now
returns the default protocols.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
F28 Self Contained Change: Sugar 0.112
= Proposed Self Contained Change: Sugar 0.112 =
https://fedoraproject.org/wiki/Changes/Sugar-112
Change owner(s):
* Peter Robinson <pbrobinson at fedoraproject dot org >
Update Sugar to the new upstream 0.112 stable feature release.
== Detailed Description ==
We want to provide the new version of the Sugar desktop environment as
well as more activities to allow further building upon the
collaborative environment.
Users curious about the Sugar interface can test out Sugar on an
existing Fedora system by selecting the Sugar environment from their
display manager.
Developers interested in working on the Sugar interface or writing
activities can have a development platform without needing an XO
laptop.
== Scope ==
* Proposal owners:
Update to the latest Sugar UX, update and test Activities and other
integration with the distro.
* Other developers:
N/A (not a System Wide Change)
* Release engineering:
Ticket #7134: https://pagure.io/releng/issue/7134
* Policies and guidelines:
N/A (not a System Wide Change)
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
https://fedoraproject.org/wiki/Changes/Sugar-112
Change owner(s):
* Peter Robinson <pbrobinson at fedoraproject dot org >
Update Sugar to the new upstream 0.112 stable feature release.
== Detailed Description ==
We want to provide the new version of the Sugar desktop environment as
well as more activities to allow further building upon the
collaborative environment.
Users curious about the Sugar interface can test out Sugar on an
existing Fedora system by selecting the Sugar environment from their
display manager.
Developers interested in working on the Sugar interface or writing
activities can have a development platform without needing an XO
laptop.
== Scope ==
* Proposal owners:
Update to the latest Sugar UX, update and test Activities and other
integration with the distro.
* Other developers:
N/A (not a System Wide Change)
* Release engineering:
Ticket #7134: https://pagure.io/releng/issue/7134
* Policies and guidelines:
N/A (not a System Wide Change)
* Trademark approval:
N/A (not needed for this Change)
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Friday, November 3, 2017
[CentOS-announce] CESA-2017:3111 CentOS 7 liblouis Security Update
CentOS Errata and Security Advisory 2017:3111
Upstream details at : https://access.redhat.com/errata/RHSA-2017:3111
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
e6ef46fa345433ec7740b22689e21231f1010374dea252adb0fedc847031ef38 liblouis-2.5.2-11.el7_4.i686.rpm
f93ed050440a3693b491b5b636f1817ab8efa5259f4e34f3feec6cfa5888fdd7 liblouis-2.5.2-11.el7_4.x86_64.rpm
9111c6e070c75284cd2ef9b33ca666d45e82d4f4ed4ebe8ea4d9e877764d10b0 liblouis-devel-2.5.2-11.el7_4.i686.rpm
a4160979338d91e47722b29a716a183d1a01f45740f40104207849962f0151e4 liblouis-devel-2.5.2-11.el7_4.x86_64.rpm
24430cd6d2e43d3928dc1dc6e42071d1b87e9d6f54d57823f652e0bf1f37106a liblouis-doc-2.5.2-11.el7_4.noarch.rpm
427517b58ef1e5fc4847d61de4f3c89ca08e11c21ea5ceea0ed3f827196cb280 liblouis-python-2.5.2-11.el7_4.noarch.rpm
dd54f37714da0433bf28a4b9f6908319847c0dba1b84a6a062561a23f97c3a92 liblouis-utils-2.5.2-11.el7_4.x86_64.rpm
Source:
deffc7ea7f3ee0210bbcd88c4e66eb8c962cbea9c96e2d393720869c6f1a98d2 liblouis-2.5.2-11.el7_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Upstream details at : https://access.redhat.com/errata/RHSA-2017:3111
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
e6ef46fa345433ec7740b22689e21231f1010374dea252adb0fedc847031ef38 liblouis-2.5.2-11.el7_4.i686.rpm
f93ed050440a3693b491b5b636f1817ab8efa5259f4e34f3feec6cfa5888fdd7 liblouis-2.5.2-11.el7_4.x86_64.rpm
9111c6e070c75284cd2ef9b33ca666d45e82d4f4ed4ebe8ea4d9e877764d10b0 liblouis-devel-2.5.2-11.el7_4.i686.rpm
a4160979338d91e47722b29a716a183d1a01f45740f40104207849962f0151e4 liblouis-devel-2.5.2-11.el7_4.x86_64.rpm
24430cd6d2e43d3928dc1dc6e42071d1b87e9d6f54d57823f652e0bf1f37106a liblouis-doc-2.5.2-11.el7_4.noarch.rpm
427517b58ef1e5fc4847d61de4f3c89ca08e11c21ea5ceea0ed3f827196cb280 liblouis-python-2.5.2-11.el7_4.noarch.rpm
dd54f37714da0433bf28a4b9f6908319847c0dba1b84a6a062561a23f97c3a92 liblouis-utils-2.5.2-11.el7_4.x86_64.rpm
Source:
deffc7ea7f3ee0210bbcd88c4e66eb8c962cbea9c96e2d393720869c6f1a98d2 liblouis-2.5.2-11.el7_4.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: @JohnnyCentOS
_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
Thursday, November 2, 2017
Fedora 27 Server Beta status (4th round) is NO-GO
Due to missing RC for the F27 Server Beta release the release status
of the Fedora 27 Server Beta is NO-GO.
The next Go/No-Go meeting is planned on Thursday, November 9th. The
F27 Server Beta release slips for one week on 2017-Nov-14. The slip
also affects the F27 Server GA and it moves to 2018-Jan-09, having
Go/No-Go meeting on 2018-Jan-04.
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
of the Fedora 27 Server Beta is NO-GO.
The next Go/No-Go meeting is planned on Thursday, November 9th. The
F27 Server Beta release slips for one week on 2017-Nov-14. The slip
also affects the F27 Server GA and it moves to 2018-Jan-09, having
Go/No-Go meeting on 2018-Jan-04.
Regards,
Jan
--
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-17:09.tzdata
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-17:09.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2017-11-02
Credits: Philip Paeps
Affects: All supported versions of FreeBSD
Corrected: 2017-10-30 15:56:17 UTC (stable/11, 11.1-STABLE)
2017-11-02 15:40:19 UTC (releng/11.1, 11.1-RELEASE-p3)
2017-11-02 15:39:49 UTC (releng/11.0, 11.0-RELEASE-p14)
2017-10-30 15:57:48 UTC (stable/10, 10.4-STABLE)
2017-11-02 15:38:54 UTC (releng/10.4, 10.4-RELEASE-p2)
2017-11-02 15:38:24 UTC (releng/10.3, 10.3-RELEASE-p23)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local
timezone. Based on the selected timezone, tzsetup(8) copies one of the
files from /usr/share/zoneinfo to /etc/localtime. This file actually
controls the conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous
FreeBSD releases were released that would affect many people who
live in different countries. Because of these changes, the data in
the zoneinfo files need to be updated, and if the local timezone on
the running system is affected, tzsetup(8) needs to be run so the
/etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one
of the affected timezones if the /usr/share/zoneinfo and /etc/localtime
files are not updated, and all applications on the system that rely on
the system time, such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from
the misc/zoneinfo port and run tzsetup(8) to get the timezone database
corrected.
Applications that store and display times in Coordinated Universal Time
(UTC) are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby,
Java and Perl, may be using different zoneinfo data source, in such
cases these software has to be updated separately. For software
packages that is installed via package collection, they can be
upgraded by doing a `pkg upgrade'.
Following the instructions in this Errata Notice will update all of
the zoneinfo files to be the same as what was released with FreeBSD
release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.1]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.1.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.1.patch.asc
# gpg --verify tzdata-11.1.patch.asc
[FreeBSD 11.0]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.0.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.0.patch.asc
# gpg --verify tzdata-11.0.patch.asc
[FreeBSD 10.4]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.4.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.4.patch.asc
# gpg --verify tzdata-10.4.patch.asc
[FreeBSD 10.3]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.3.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.3.patch.asc
# gpg --verify tzdata-10.3.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r325160
releng/10.3/ r325322
releng/10.4/ r325323
stable/11/ r325159
releng/11.0/ r325324
releng/11.1/ r325325
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<other info on the problem>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:09.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAln7PU1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
aueuIBAA3RuatfFdMtCSZNQ4Dnzis2V7fNQxXDtBz6yKs71TBuNBTlN7I2HjhwSz
/Xi81FZib24J9u95/dk3u5GsMy1YlMh7AX3ktwVkwU1PdbjkCsCSKyIg5VPmvKkP
BS73ksLc82CoEMH74EUoSd0Bp8HRhzXugoO1K8cgtcuXiuOiEfAhrQ6/V8LHwxaX
ISoQfZ2e7Nni0NmevF/18ftQm9xa8dW0957UGBd+W+mg3xsNWlpQa04pSBxoms5N
OVuW5iii7bbtD8rH3jcsqYyeXWyJhd04WoW921EcSspel9tbXByZDqzepkz09skO
xfCKoE7CoJY7DhJcvPjNnu8rTODofXZ8ac3mf60rgkMOwnupo/uR5JrXAry6PZHI
VEv8SyJ2j/hAJ7A1L3Rgd6A9GJ2zbXBRKvDmcz8aodmQBZ34dxwqGpAEudMDX8tK
rbTachnq5WNXKypm3XYql4wNbBvO0f5ooV962HKwflCFG/v5Lm3Zqx+FbpvIoSBq
AwoEvssX4krcBF0buNd3TjKVKJ+6O3G4SKjWlrgGMqUEKFWDbuC41z7N5Cse6dWs
3JVnPsP0EfucAPybiFOrSmJ29mfR9rtQjJeTm498Z3VeQ67pQt+VztKCIA1FU/NO
8elPk05f+cbjRhQgSiFTPuE0M2/0qE9Bj70x2kN7wDOCynEnIek=
=Ri9G
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA512
=============================================================================
FreeBSD-EN-17:09.tzdata Errata Notice
The FreeBSD Project
Topic: Timezone database information update
Category: contrib
Module: zoneinfo
Announced: 2017-11-02
Credits: Philip Paeps
Affects: All supported versions of FreeBSD
Corrected: 2017-10-30 15:56:17 UTC (stable/11, 11.1-STABLE)
2017-11-02 15:40:19 UTC (releng/11.1, 11.1-RELEASE-p3)
2017-11-02 15:39:49 UTC (releng/11.0, 11.0-RELEASE-p14)
2017-10-30 15:57:48 UTC (stable/10, 10.4-STABLE)
2017-11-02 15:38:54 UTC (releng/10.4, 10.4-RELEASE-p2)
2017-11-02 15:38:24 UTC (releng/10.3, 10.3-RELEASE-p23)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The tzsetup(8) program allows the user to specify the default local
timezone. Based on the selected timezone, tzsetup(8) copies one of the
files from /usr/share/zoneinfo to /etc/localtime. This file actually
controls the conversion.
II. Problem Description
Several changes in Daylight Savings Time happened after previous
FreeBSD releases were released that would affect many people who
live in different countries. Because of these changes, the data in
the zoneinfo files need to be updated, and if the local timezone on
the running system is affected, tzsetup(8) needs to be run so the
/etc/localtime is updated.
III. Impact
An incorrect time will be displayed on a system configured to use one
of the affected timezones if the /usr/share/zoneinfo and /etc/localtime
files are not updated, and all applications on the system that rely on
the system time, such as cron(8) and syslog(8), will be affected.
IV. Workaround
The system administrator can install an updated timezone database from
the misc/zoneinfo port and run tzsetup(8) to get the timezone database
corrected.
Applications that store and display times in Coordinated Universal Time
(UTC) are not affected.
V. Solution
Please note that some third party software, for instance PHP, Ruby,
Java and Perl, may be using different zoneinfo data source, in such
cases these software has to be updated separately. For software
packages that is installed via package collection, they can be
upgraded by doing a `pkg upgrade'.
Following the instructions in this Errata Notice will update all of
the zoneinfo files to be the same as what was released with FreeBSD
release.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date. Restart all the affected
applications and daemons, or reboot the system.
2) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Restart all the affected applications and daemons, or reboot the system.
3) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 11.1]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.1.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.1.patch.asc
# gpg --verify tzdata-11.1.patch.asc
[FreeBSD 11.0]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.0.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-11.0.patch.asc
# gpg --verify tzdata-11.0.patch.asc
[FreeBSD 10.4]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.4.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.4.patch.asc
# gpg --verify tzdata-10.4.patch.asc
[FreeBSD 10.3]
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.3.patch
# fetch https://security.FreeBSD.org/patches/EN-17:09/tzdata-10.3.patch.asc
# gpg --verify tzdata-10.3.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all the affected applications and daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r325160
releng/10.3/ r325322
releng/10.4/ r325323
stable/11/ r325159
releng/11.0/ r325324
releng/11.1/ r325325
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<other info on the problem>
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-17:09.tzdata.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEHPf/b631yp++G4yy7Wfs1l3PaucFAln7PU1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDFD
RjdGRjZGQURGNUNBOUZCRTFCOENCMkVENjdFQ0Q2NURDRjZBRTcACgkQ7Wfs1l3P
aueuIBAA3RuatfFdMtCSZNQ4Dnzis2V7fNQxXDtBz6yKs71TBuNBTlN7I2HjhwSz
/Xi81FZib24J9u95/dk3u5GsMy1YlMh7AX3ktwVkwU1PdbjkCsCSKyIg5VPmvKkP
BS73ksLc82CoEMH74EUoSd0Bp8HRhzXugoO1K8cgtcuXiuOiEfAhrQ6/V8LHwxaX
ISoQfZ2e7Nni0NmevF/18ftQm9xa8dW0957UGBd+W+mg3xsNWlpQa04pSBxoms5N
OVuW5iii7bbtD8rH3jcsqYyeXWyJhd04WoW921EcSspel9tbXByZDqzepkz09skO
xfCKoE7CoJY7DhJcvPjNnu8rTODofXZ8ac3mf60rgkMOwnupo/uR5JrXAry6PZHI
VEv8SyJ2j/hAJ7A1L3Rgd6A9GJ2zbXBRKvDmcz8aodmQBZ34dxwqGpAEudMDX8tK
rbTachnq5WNXKypm3XYql4wNbBvO0f5ooV962HKwflCFG/v5Lm3Zqx+FbpvIoSBq
AwoEvssX4krcBF0buNd3TjKVKJ+6O3G4SKjWlrgGMqUEKFWDbuC41z7N5Cse6dWs
3JVnPsP0EfucAPybiFOrSmJ29mfR9rtQjJeTm498Z3VeQ67pQt+VztKCIA1FU/NO
8elPk05f+cbjRhQgSiFTPuE0M2/0qE9Bj70x2kN7wDOCynEnIek=
=Ri9G
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[USN-3426-2] Samba vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3426-2
November 02, 2017
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in XXX-APP-XXX.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-3426-1 fixed several vulnerabilities in Samba. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Stefan Metzmacher discovered that Samba incorrectly enforced SMB
signing in certain situations. A remote attacker could use this issue
to perform a man in the middle attack. (CVE-2017-12150)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled
memory when SMB1 is being used. A remote attacker could possibly use
this issue to obtain server memory contents. (CVE-2017-12163)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
samba 2:3.6.25-0ubuntu0.12.04.13
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3426-2
https://www.ubuntu.com/usn/usn-3426-1
CVE-2017-12150, CVE-2017-12163
Ubuntu Security Notice USN-3426-2
November 02, 2017
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in XXX-APP-XXX.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
USN-3426-1 fixed several vulnerabilities in Samba. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
Stefan Metzmacher discovered that Samba incorrectly enforced SMB
signing in certain situations. A remote attacker could use this issue
to perform a man in the middle attack. (CVE-2017-12150)
Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled
memory when SMB1 is being used. A remote attacker could possibly use
this issue to obtain server memory contents. (CVE-2017-12163)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
samba 2:3.6.25-0ubuntu0.12.04.13
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3426-2
https://www.ubuntu.com/usn/usn-3426-1
CVE-2017-12150, CVE-2017-12163
[USN-3472-1] LibreOffice vulnerabilities
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJZ+yPbAAoJEGVp2FWnRL6T5oQP/iadYGwoSv3d/WfBSlrLpsHm
snN4d7LdpLe53gb8RQiTVqrtSvtdQP/dhJM79x00VIPEvYKCqzz/kkbgCFQ0VD9G
requeFXUxmZh8SB1nsc3TIxpUqwUhyUA4XjywwlU+1+tjXiyLNA0S8ZCcERBOw9l
wwrwAaNozeAPTyGknhd7ZFpfxUiXB3AbT5e9N4I37OOuff7fTFnI7yTKHrM/WRa/
BYNnHAknVZVDWxTWYdTUfyfDKut8OcjbKa70+9UOGwqC8OZ2HcsVeRJapDLswBgW
sHmjT7V5KdlIfdqPqS2tRKkm2zmgruU3a7uhBcak9NYdykAZ4t3fs5Z0znlspy/Y
jt8V851+zVrEliVnPjQwz99ToBGFvNKS6dd2FFOl8Dx4nXYafv7Z3ulLgQj2HT+i
V7MyNA2qXVvzXzyOh9vURSLTJMT5PFGeN7jlkDZqNAkg7STBa+gSAxeQB6GPPI4P
eJeESEJMYY3Yg5o+Va5NG2mr+sScujuz1u9SCY1wjavQiLF5o7M5L69p44uLRmFu
Xyy8CiOG3PhQn8JBhxj6a50RPL1U2uhPzLOC36Zne3onGjmnZh8BtdfGTmXV4Tlk
n59NreEEM2Wh/sC7X7rXNMPQQfIoe6fBdYEYAgwkmL2PolX1YOamx5lIhXJkuUsA
LtVpxyfzlO5KcQ5z+cvN
=5Rm1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3472-1
November 02, 2017
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libreoffice: Office productivity suite
Details:
Marcin Noga discovered that LibreOffice incorrectly handled PPT documents.
If a user were tricked into opening a specially crafted PPT document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12607)
Marcin Noga discovered that LibreOffice incorrectly handled Word documents.
If a user were tricked into opening a specially crafted Word document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12608)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libreoffice-core 1:4.2.8-0ubuntu5.2
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3472-1
CVE-2017-12607, CVE-2017-12608
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5.2
Version: GnuPG v2
iQIcBAEBCgAGBQJZ+yPbAAoJEGVp2FWnRL6T5oQP/iadYGwoSv3d/WfBSlrLpsHm
snN4d7LdpLe53gb8RQiTVqrtSvtdQP/dhJM79x00VIPEvYKCqzz/kkbgCFQ0VD9G
requeFXUxmZh8SB1nsc3TIxpUqwUhyUA4XjywwlU+1+tjXiyLNA0S8ZCcERBOw9l
wwrwAaNozeAPTyGknhd7ZFpfxUiXB3AbT5e9N4I37OOuff7fTFnI7yTKHrM/WRa/
BYNnHAknVZVDWxTWYdTUfyfDKut8OcjbKa70+9UOGwqC8OZ2HcsVeRJapDLswBgW
sHmjT7V5KdlIfdqPqS2tRKkm2zmgruU3a7uhBcak9NYdykAZ4t3fs5Z0znlspy/Y
jt8V851+zVrEliVnPjQwz99ToBGFvNKS6dd2FFOl8Dx4nXYafv7Z3ulLgQj2HT+i
V7MyNA2qXVvzXzyOh9vURSLTJMT5PFGeN7jlkDZqNAkg7STBa+gSAxeQB6GPPI4P
eJeESEJMYY3Yg5o+Va5NG2mr+sScujuz1u9SCY1wjavQiLF5o7M5L69p44uLRmFu
Xyy8CiOG3PhQn8JBhxj6a50RPL1U2uhPzLOC36Zne3onGjmnZh8BtdfGTmXV4Tlk
n59NreEEM2Wh/sC7X7rXNMPQQfIoe6fBdYEYAgwkmL2PolX1YOamx5lIhXJkuUsA
LtVpxyfzlO5KcQ5z+cvN
=5Rm1
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-3472-1
November 02, 2017
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libreoffice: Office productivity suite
Details:
Marcin Noga discovered that LibreOffice incorrectly handled PPT documents.
If a user were tricked into opening a specially crafted PPT document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12607)
Marcin Noga discovered that LibreOffice incorrectly handled Word documents.
If a user were tricked into opening a specially crafted Word document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2017-12608)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
libreoffice-core 1:4.2.8-0ubuntu5.2
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3472-1
CVE-2017-12607, CVE-2017-12608
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5.2
Wednesday, November 1, 2017
long waiting times for COPR jobs
Hello,
lately, COPR pending job queues are holding jobs for pretty long time (even hours). This is a buggy behaviour and we will be doing our best to fix this issue in the following days.lists.linuxfromscratch.org mailing list memberships reminder
This is a reminder, sent out once a month, about your
lists.linuxfromscratch.org mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
lists.linuxfromscratch.org mailing list memberships. It includes your
subscription info and how to use it to change it or unsubscribe from a
list.
You can visit the URLs to change your membership status or
configuration, including unsubscribing, setting digest-style delivery
or disabling delivery altogether (e.g., for a vacation), and so on.
In addition to the URL interfaces, you can also use email to make such
changes. For more info, send a message to the '-request' address of
the list (for example, mailman-request@lists.linuxfromscratch.org)
containing just the word 'help' in the message body, and an email
message will be sent to you with instructions.
If you have questions, problems, comments, etc, send them to
mailman-owner@lists.linuxfromscratch.org. Thanks!
Passwords for reallost1.fbsd2233449@blogger.com:
List Password // URL
---- --------
lfs-announce@lists.linuxfromscratch.org vaozebru
http://lists.linuxfromscratch.org/options/lfs-announce/reallost1.fbsd2233449%40blogger.com
Subscribe to:
Posts (Atom)