@gotmax23 : I noticed that you just did a Koji build for snapd-2.56.2-2.fc35 to fix a CVE. Currently most F36 users probably also have snapd-2.56.2 since it was pushed to stable before being replaced with a lower version which fixes the CVEs (see #2105619 ). Can you check the F36 version and do a build for that also if necessary? Thanks.
I filed #2105619 for checking if the newer version is vulnerable.
From #fedora-admin :
<nirik> robatino: it's because the older one was in the go rebuild update and went stable after that one. ;( FEDORA-2022-fae3ecee19
<robatino> thanks. is it fixable without another update?
<robatino> i guess most people don't run distro-sync and won't notice
<nirik> well, I could fix the tagging, but... is that newer version also fixed for the CVE that the rebuild was done for?
<robatino> i do it once in a while for QA since these things happen
<robatino> no idea
<nirik> ie, it might need another rebuild now...
<nirik> go is all static, so I guess it depends on where the fix is...
The 2.55.3-2.fc36 packages can be seen in https://dl.fedoraproject.org/pub/fedora/linux/updates/36/Everything/x86_64/Packages/s/ . The corresponding directory for F35 has the correct 2.56.2-1.fc35 packages.
On F36 I have these packages installed as of June 29, but "dnf distro-sync" wants to downgrade snap-confine, snapd and snapd-selinux to 2.55.3-2.fc36, which is not even in Bodhi. I see nothing in Bugzilla.
bump
In fact, I checked 3 of my machines with the same F36 kernels installed and all 3 are basically the same - the initramfs size jumped from 5.17.13 to 5.17.14 and then only increased slightly in 5.18.4.
Here's my initramfs sizes. For some reason it jumped between the two 5.17 kernels and stayed about the same with 5.18.
-rw-------. 1 root root 21M Jun 9 13:57 /boot/initramfs-5.17.13-300.fc36.x86_64.img -rw-------. 1 root root 33M Jun 14 22:48 /boot/initramfs-5.17.14-300.fc36.x86_64.img -rw-------. 1 root root 34M Jun 16 16:47 /boot/initramfs-5.18.4-201.fc36.x86_64.img
The last +1 karma should have submitted this for stable so someone needs to fix the one failing test.
The one failed test is the same one that never stopped failing on FEDORA-2022-a3abe509e9 (firefox-100.0.2-2.fc36) and kept it from ever going stable.
bump
@gotmax23 : Please see my comments in FEDORA-2022-9986fbb3d7 concerning the possible failure to fix this CVE in the F36 version (since snapd-2.56.2-1.fc36 was pushed to stable before being replaced by snapd-2.55.3-2.fc36, and most people on stable releases don't check for downgrades).