Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 2077054

Summary: Rebuild usd with updated stb_image-{devel,static} for CVE-2022-28041
Product: [Fedora] Fedora Reporter: Ben Beasley <code>
Component: usdAssignee: Ben Beasley <code>
Status: CLOSED ERRATA QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: code, luya_tfz, negativo17
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: usd-21.08-19.fc34 usd-21.11-11.fc35 usd-22.03-8.fc36 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-04-29 06:56:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2077019    

Description Ben Beasley 2022-04-20 14:51:21 UTC
Once “stb” updates and buildroot overrides are ready for bug 2077020, rebuild usd in all supported Fedora releases with the latest stb-image-devel in order to pick up the patch for CVE-2022-28041, and issue corresponding security updates.

Comment 1 Ben Beasley 2022-04-20 14:55:50 UTC
I’m going to wait for https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546, currently in “testing→stable”, before creating the F36 update, and for https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae41947c20, which hits stable tomorrow, before creating the F35 update. I don’t really want to “reset the clock” on those two updates.

Comment 2 Fedora Update System 2022-04-20 18:39:19 UTC
FEDORA-2022-832689aa6b has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-832689aa6b

Comment 3 Fedora Update System 2022-04-21 21:48:05 UTC
FEDORA-2022-832689aa6b has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-832689aa6b`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-832689aa6b

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Fedora Update System 2022-04-22 11:21:12 UTC
FEDORA-2022-61f6ee6353 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353

Comment 5 Fedora Update System 2022-04-22 11:24:17 UTC
FEDORA-2022-c87bba6546 has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546

Comment 6 Ben Beasley 2022-04-22 13:07:07 UTC
I decided to edit https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546 for F36 with a new usd build after all. Now all releases have updates at some stage of pending/testing/stable for this.

Comment 7 Fedora Update System 2022-04-23 17:13:12 UTC
FEDORA-2022-c87bba6546 has been pushed to the Fedora 36 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-c87bba6546`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87bba6546

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2022-04-23 19:06:41 UTC
FEDORA-2022-61f6ee6353 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-61f6ee6353`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 9 Fedora Update System 2022-04-29 06:56:21 UTC
FEDORA-2022-832689aa6b has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2022-05-01 19:39:10 UTC
FEDORA-2022-61f6ee6353 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 11 Fedora Update System 2022-05-07 04:16:33 UTC
FEDORA-2022-c87bba6546 has been pushed to the Fedora 36 stable repository.
If problem still persists, please make note of it in this bug report.