Discover Government News

--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2022-3969b64d4b
2022-07-17 00:57:11.020145
--------------------------------------------------------------------------------Name        : golang-github-shopify-toxiproxy
Product     : Fedora 35
Version     : 2.1.4
Release     : 10.fc35
URL         : https://github.com/Shopify/toxiproxy
Summary     : TCP proxy to simulate network and system conditions for resiliency testing
Description :

Toxiproxy is a framework for simulating network conditions. It's made
specifically to work in testing, CI and development environments, supporting
deterministic tampering with connections, but with support for randomized
chaos and customization. Toxiproxy is the tool you need to prove with tests
that your application doesn't have single points of failure.

Toxiproxy usage consists of two parts. A TCP proxy written in Go (what this
repository contains) and a client communicating with the proxy over HTTP. You
configure your application to make all test connections go through Toxiproxy
and can then manipulate their health via HTTP. See Usage below on how to set
up your project.

--------------------------------------------------------------------------------Update Information:

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs
---  This contains the result from the mass rebuild in F35 for all packages that
require `golang` and provide binaries to mitigate the following CVEs:  `golang`
itself:  -  CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go
CVEs that are a little bit older that will also be  mitigated by the rebuild for
packages that haven't been updated recently)  CVEs in other golang libraries
that affect a subset of Go packages:  - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang:  Denial of service using
InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass
Through User-Controlled Key  ----  Initial import for golang-github-a8m-envsubst
Resolves: rhbz#2074406  ----  Initial package  Resolves: rhbz#2074438  ----Update to v3.14.0 (close rhbz#2105612)  ----  Fix merge  ----  Update to 1.22.1
- Close: rhbz#2077577
--------------------------------------------------------------------------------ChangeLog:

* Sat Jul  9 2022 Maxwell G  - 2.1.4-10
- Rebuild for CVE-2022-{24675,28327,29526 in golang}
* Thu Jan 20 2022 Fedora Release Engineering  - 2.1.4-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go
        https://bugzilla.redhat.com/show_bug.cgi?id=2074406
  [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language
        https://bugzilla.redhat.com/show_bug.cgi?id=2074438
  [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2077577
  [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2105612
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 35: golang-github-shopify-toxiproxy 2022-3969b64d4b

July 16, 2022
Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and ...

Summary

Toxiproxy is a framework for simulating network conditions. It's made

specifically to work in testing, CI and development environments, supporting

deterministic tampering with connections, but with support for randomized

chaos and customization. Toxiproxy is the tool you need to prove with tests

that your application doesn't have single points of failure.

Toxiproxy usage consists of two parts. A TCP proxy written in Go (what this

repository contains) and a client communicating with the proxy over HTTP. You

configure your application to make all test connections go through Toxiproxy

and can then manipulate their health via HTTP. See Usage below on how to set

up your project.

Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs

--- This contains the result from the mass rebuild in F35 for all packages that

require `golang` and provide binaries to mitigate the following CVEs: `golang`

itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go

CVEs that are a little bit older that will also be mitigated by the rebuild for

packages that haven't been updated recently) CVEs in other golang libraries

that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using

InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass

Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst

Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1

- Close: rhbz#2077577

* Sat Jul 9 2022 Maxwell G - 2.1.4-10

- Rebuild for CVE-2022-{24675,28327,29526 in golang}

* Thu Jan 20 2022 Fedora Release Engineering - 2.1.4-9

- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

[ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go

https://bugzilla.redhat.com/show_bug.cgi?id=2074406

[ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language

https://bugzilla.redhat.com/show_bug.cgi?id=2074438

[ 3 ] Bug #2077577 - powerline-go-1.22.1 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2077577

[ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2105612

su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command

line. For more information, refer to the dnf documentation available at

http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

FEDORA-2022-3969b64d4b 2022-07-17 00:57:11.020145 Product : Fedora 35 Version : 2.1.4 Release : 10.fc35 URL : https://github.com/Shopify/toxiproxy Summary : TCP proxy to simulate network and system conditions for resiliency testing Description : Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests that your application doesn't have single points of failure. Toxiproxy usage consists of two parts. A TCP proxy written in Go (what this repository contains) and a client communicating with the proxy over HTTP. You configure your application to make all test connections go through Toxiproxy and can then manipulate their health via HTTP. See Usage below on how to set up your project. Rebuild for CVE-2022-{24675,28327,29526} in golang and other go ecosystem CVEs --- This contains the result from the mass rebuild in F35 for all packages that require `golang` and provide binaries to mitigate the following CVEs: `golang` itself: - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode -CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar -CVE-2022-29526 golang: syscall: faccessat checks wrong group (There are some Go CVEs that are a little bit older that will also be mitigated by the rebuild for packages that haven't been updated recently) CVEs in other golang libraries that affect a subset of Go packages: - CVE-2022-21698 golang-github-prometheus-client: prometheus/client_golang: Denial of service using InstrumentHandlerCounter - CVE-2022-1996 go-restful: Authorization Bypass Through User-Controlled Key ---- Initial import for golang-github-a8m-envsubst Resolves: rhbz#2074406 ---- Initial package Resolves: rhbz#2074438 ----Update to v3.14.0 (close rhbz#2105612) ---- Fix merge ---- Update to 1.22.1 - Close: rhbz#2077577 * Sat Jul 9 2022 Maxwell G - 2.1.4-10 - Rebuild for CVE-2022-{24675,28327,29526 in golang} * Thu Jan 20 2022 Fedora Release Engineering - 2.1.4-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild [ 1 ] Bug #2074406 - Review Request: golang-github-a8m-envsubst - Environment variables substitution for Go https://bugzilla.redhat.com/show_bug.cgi?id=2074406 [ 2 ] Bug #2074438 - Review Request: golang-github-goccy-yaml - YAML support for the Go language https://bugzilla.redhat.com/show_bug.cgi?id=2074438 [ 3 ] Bug #2077577 - powerline-go-1.22.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077577 [ 4 ] Bug #2105612 - golang-github-task-3.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2105612 su -c 'dnf upgrade --advisory FEDORA-2022-3969b64d4b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Change Log

References

Update Instructions

Severity
Product : Fedora 35
Version : 2.1.4
Release : 10.fc35
URL : https://github.com/Shopify/toxiproxy
Summary : TCP proxy to simulate network and system conditions for resiliency testing

Related News