Rebuild to mitigate CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang


See https://groups.google.com/g/golang-dev/c/frczlF8OFQ0/m/4lrZh5BHDgAJ for more information about the specific vulnerabilities.


Update to latest commit as of 20220719


Added

Experimental: nebula clients can be configured to act as relays for other nebula clients.
Primarily useful when stubborn NATs make a direct tunnel impossible. (#678)

Configuration option to report manually specified ip:ports to lighthouses. (#650)

Windows arm64 build. (#638)

punchy and most lighthouse config options now support hot reloading. (#649)

Changed

Build against go 1.18. (#656)

Promoted routines config from experimental to supported feature. (#702)

Dependencies updated. (#664)

Fixed

Packets destined for the same host that sent it will be returned on MacOS.
This matches the default behavior of other operating systems. (#501)

unsafe_route configuration will no longer crash on Windows. (#648)

A few panics that were introduced in 1.5.x. (#657, #658, #675)

Security

You can set listen.send_recv_error to control the conditions in which
recv_error messages are sent. Sending these messages can expose the fact
that Nebula is running on a host, but it speeds up re-handshaking. (#670)

Removed

x509 config stanza support has been removed. (#685)

bump to v4.2.0-rc1


fix package dir listing


resolve build issues and list new shell completion files


Release of stargz snapshotter v0.12.0. Please see the release note for details: https://github.com/containerd/stargz-snapshotter/releases/tag/v0.12.0


Fix extracting network metric

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2022-5038c3236c

This update's test gating status has been changed to 'waiting'.

2 months ago

This update has obsoleted golang-x-mobile-0-0.12.20220719git8578da9.fc36, and has inherited its bugs and notes.

2 months ago

This update has obsoleted nebula-1.6.0-1.fc36, and has inherited its bugs and notes.

2 months ago

This update has obsoleted podman-4.2.0~rc1-2.fc36, and has inherited its bugs and notes.

2 months ago

This update has obsoleted skopeo-1.9.0-3.fc36, and has inherited its bugs and notes.

2 months ago

This update has obsoleted stargz-snapshotter-0.12.0-1.fc36, and has inherited its bugs and notes.

2 months ago

This update has obsoleted xe-guest-utilities-latest-7.30.0-5.fc36, and has inherited its bugs and notes.

2 months ago

gotmax23 edited this update.

2 months ago

This update's test gating status has been changed to 'failed'.

2 months ago

@gotmax23 Can you remove the podman-4.2.0~rc1-3 build from this update. We don't want it to land in the updates repo.

gotmax23 edited this update.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

I will remove it later. I'm AFK right now. Do know that it will be vulnerable to CVEs until you push another update. Next time, please don't push commits to distgit that you don't want to be built.

@gotmax23 well, we want it to be built and in updates-testing, just not in updates. Is there a form or something I could fill out for an exception for podman, buildah, skopeo and other tools maintained by the containers team?

gotmax23 edited this update.

Removed build(s):

  • podman-4.2.0~rc1-3.fc36

Karma has been reset.

2 months ago

This update has been submitted for testing by gotmax23.

2 months ago

@lsm5, that's not really how updates-testing works. It's for ensuring that updates are tested before they get pushed to stable. If you want to test RCs and not have them pushed, you should do it in COPR, in upstream CI, or somewhere else.

This update's test gating status has been changed to 'failed'.

2 months ago

This update has been pushed to testing.

2 months ago
User Icon decathorpe commented & provided feedback 2 months ago
karma

Syncthing continues to work fine after the rebuild.

User Icon atim provided feedback 2 months ago
karma
User Icon mhayden commented & provided feedback a month ago
karma

No issues noted.

User Icon andilinux commented & provided feedback a month ago
karma

works

gotmax23 edited this update.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'failed'.

a month ago

This update's test gating status has been changed to 'waiting'.

a month ago

This update's test gating status has been changed to 'passed'.

a month ago

This update has been submitted for stable by bodhi.

a month ago

This update has been pushed to stable.

a month ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
4
Signed
Content Type
RPM
Test Gating
Builds
89
Settings
Unstable by Karma
-3
Stable by Karma
2
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
a month ago
modified
a month ago
golang-github-chromedp-cdproto-0-0.9.20220719git285dfb4.fc36
golang-k8s-sample-controller-1.22.0-5.fc36
golang-mongodb-mongo-driver-1.4.5-7.fc36
golang-mvdan-sh-3-3.4.3-5.fc36
golang-mvdan-xurls-2.2.0-7.fc36
golang-rsc-pdf-0.1.1-11.fc36
golang-sigs-k8s-aws-iam-authenticator-0.5.2-8.fc36
golang-sourcegraph-appdash-0-0.10.20210113gitebfcffb.fc36
golang-starlark-0-0.8.20210113gite81fc95.fc36
golang-storj-drpc-0.0.31-3.fc36
golang-vbom-util-0-0.12.20190520gitefcd4e0.fc36
golang-x-debug-0-0.15.20210123gitc934e1b.fc36
golang-x-exp-0-0.44.20220330git053ad81.fc36
golang-x-lint-0-17.20210123git83fdc39.fc36
golang-x-mobile-0-0.13.20220719git8578da9.fc36
golang-x-mod-0.6.0~dev-4.20220330git9b9b3d8.fc36
golang-x-perf-0-0.16.20210123gitbdcc622.fc36
golang-x-text-0.3.7-4.fc36
golang-x-tools-0.1.10-3.fc36
golist-0.10.1-10.fc36
goloris-0-0.7.20200326gita59fafb.fc36
gomtree-0.4.0-12.fc36
google-guest-agent-20201217.02-5.fc36
gotags-1.4.1-9.fc36
gotun-0-0.15.gita9dbe4d.fc36
grafana-7.5.15-4.fc36
gron-0.7.1-3.fc36
grpcurl-1.8.6-4.fc36
hakrevdns-0-0.6.20201116git9fa2d59.fc36
hcloud-1.30.0-2.fc36
htmltest-0.15.0-4.fc36
httprobe-0.1.2-7.fc36
hugo-0.93.3-6.fc36
hulk-0-0.7.20200620git9670699.fc36
ignition-2.14.0-3.fc36
jid-0.7.6-10.fc36
kata-containers-2.3.3-2.fc36.2
kiln-0.3.1-4.fc36
kompose-1.17.0-10.fc36
kubernetes-1.24.1-3.fc36
manifest-tool-2.0.3-3.fc36
mass3-0-0.7.20200627gite1d5f1a.fc36
meg-0.2.4-7.fc36
meshbird-2.3-7.fc36
micro-2.0.8-6.fc36
moby-engine-20.10.17-5.fc36
mqttcli-0.2.3-3.fc36
nats-server-2.1.9-7.fc36
nebula-1.6.0-2.fc36
netscanner-0-0.6.20201116git8baab36.fc36
nex-20210330-4.fc36
oci-seccomp-bpf-hook-1.2.6-2.fc36
ohmybackup-0-0.7.20200526git50f2fce.fc36
open-policy-agent-0.31.0-7.fc36
origin-3.11.2-7.fc36
osbuild-composer-57-2.fc36
pack-0.27.0-3.fc36
podman-tui-0.5.0-2.fc36
popub-0-0.14.20171007git6ffa11c.fc36
powerline-go-1.22.1-3.fc36
reg-0.16.1-9.fc36
reposurgeon-4.32-3.fc36
restic-0.12.1-4.fc36
runc-1.1.2-3.fc36
shellz-1.5.0-8.fc36
shhgit-0.2-8.fc36
skopeo-1.9.0-4.fc36
snapd-2.56.2-4.fc36
snowcrash-0-0.8.20201119git49b99ad.fc36
source-to-image-1.3.1-5.fc36
stargz-snapshotter-0.12.0-2.fc36
subfinder-2.5.2-3.fc36
swig-4.0.2-17.fc36
syncthing-1.20.3-2.fc36
sysutil-0-0.8.20200615git15668db.fc36
terrier-0.0.2-7.fc36
tiedot-3.4-9.fc36
tmux-top-0.1.1-3.fc36
toolbox-0.0.99.3-6.fc36
vgrep-2.6.0-3.fc36
vultr-2.0.3-6.fc36
vultr-cli-2.14.2-3.fc36
webanalyze-0.3.1-7.fc36
weldr-client-35.5-3.fc36
wgctrl-0-0.12.20210811git4253848.fc36
xe-guest-utilities-latest-7.30.0-6.fc36
xq-0.0.7-5.fc36
yggdrasil-0.2.98^1.ffb580f-0.3.20220127gitffb580f.fc36
yubihsm-connector-3.0.3-4.fc36

Automated Test Results