Fedora has issued an advisory today (February 10): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/ The issues are fixed upstream in 10.8.1. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 10.8.1
This one is unambiguously for you, DavidG.
Assignee: bugsquad => geiger.david68210
Suggested advisory: ======================== The updated package fixes security vulnerabilities: phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). (CVE-2022-0157) phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF). (CVE-2022-0196, CVE-2022-0197, CVE-2022-0238) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0157 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0196 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0197 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0238 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/57V2CSFU5MKWKL6RJUKMXSD4PCRFTMMQ/ ======================== Updated package in core/updates_testing: ======================== phoronix-test-suite-10.8.2-1.mga8 from SRPM: phoronix-test-suite-10.8.2-1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)CC: (none) => nicolas.salgueroCVE: (none) => CVE-2022-0157, CVE-2022-0196, CVE-2022-0197, CVE-2022-0238Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 10.8.1 => (none)Version: Cauldron => 8Source RPM: phoronix-test-suite-10.4.0-1.mga9.src.rpm => phoronix-test-suite-10.2.1-1.mga8.src.rpmAssignee: geiger.david68210 => qa-bugs
This was fun, note the installation is big and as you install test suites, they are bigger. The following 231 packages are going to be installed: - autoconf-2.70-4.mga8.noarch - automake-1.16.3-1.mga8.noarch - bison-3.7.5-1.mga8.x86_64 - byacc-20200910-1.mga8.x86_64 - ctags-5.8-15.mga8.x86_64 - cvs-1.12.13-32.mga8.x86_64 - cvs-fast-export-1.55-3.mga8.x86_64 - docbook-style-dsssl-1.79-19.mga8.noarch - docbook-style-xsl-1.79.2-5.mga8.noarch - docbook-utils-0.6.14-23.mga8.noarch - flex-2.6.4-5.mga8.x86_64 - ftjam-2.5.3rc2-0.18.mga8.x86_64 - gcc-c++-10.3.0-2.mga8.x86_64 - gcc-gfortran-10.3.0-2.mga8.x86_64 - gettext-devel-0.21-8.mga8.x86_64 - git-2.30.2-1.mga8.x86_64 - git-arch-2.30.2-1.mga8.x86_64 - git-core-2.30.2-1.mga8.x86_64 - git-core-oldies-2.30.2-1.mga8.x86_64 - git-cvs-2.30.2-1.mga8.x86_64 - git-email-2.30.2-1.mga8.x86_64 - git-prompt-2.30.2-1.mga8.x86_64 - git-svn-2.30.2-1.mga8.x86_64 - gitk-2.30.2-1.mga8.x86_64 - glib-gettextize-2.66.8-1.mga8.x86_64 - gtk-doc-1.32-4.mga8.noarch - help2man-1.47.16-1.mga8.noarch - lib64aa-devel-1.4.0-0.rc5.34.mga8.x86_64 - lib64acl-devel-2.2.53-2.mga8.x86_64 - lib64aio-devel-0.3.112-1.mga8.x86_64 - lib64alsa2-devel-1.2.4-1.mga8.x86_64 - lib64atk1.0-devel-2.36.0-1.mga8.x86_64 - lib64boost_regex1.75.0-1.75.0-1.mga8.x86_64 - lib64bsd-devel-0.10.0-2.mga8.x86_64 - lib64cairo-devel-1.16.0-6.1.mga8.x86_64 - lib64datrie-devel-0.2.12-2.mga8.x86_64 - lib64dri-drivers-21.3.6-2.mga8.x86_64 - lib64drm-devel-2.4.109-3.mga8.x86_64 - lib64event-devel-2.1.12-1.mga8.x86_64 - lib64expat-devel-2.2.10-1.2.mga8.x86_64 - lib64ffi-devel-3.3-2.mga8.x86_64 - lib64fftw-devel-3.3.9-1.mga8.x86_64 - lib64fftwmpi3-3.3.9-1.mga8.x86_64 - lib64fftwomp3-3.3.9-1.mga8.x86_64 - lib64flac-devel-1.3.3-3.mga8.x86_64 - lib64fontconfig-devel-2.13.93-4.mga8.x86_64 - lib64freeimage-devel-3.18.0-4.mga8.x86_64 - lib64freeimage3-3.18.0-4.mga8.x86_64 - lib64freetype2-devel-2.10.4-2.mga8.x86_64 - lib64fribidi-devel-1.0.10-1.mga8.x86_64 - lib64gdk_pixbuf2.0-devel-2.42.2-1.mga8.x86_64 - lib64ggi-devel-2.2.2-28.mga8.x86_64 - lib64gii-devel-1.0.2-26.mga8.x86_64 - lib64glapi-devel-21.3.6-2.mga8.x86_64 - lib64glapi0-21.3.6-2.mga8.x86_64 - lib64glesv1_cm1-1.3.2-16.mga8.x86_64 - lib64glew-devel-2.2.0-2.mga8.x86_64 - lib64glew2.2-2.2.0-2.mga8.x86_64 - lib64glib2.0-devel-2.66.8-1.mga8.x86_64 - lib64glvnd-devel-1.3.2-16.mga8.x86_64 - lib64gpm-devel-1.20.7-14.mga8.x86_64 - lib64graphite2-devel-1.3.14-1.mga8.x86_64 - lib64gtk+2.0-devel-2.24.33-1.mga8.x86_64 - lib64gtk-gir2.0-2.24.33-1.mga8.x86_64 - lib64harfbuzz-devel-2.7.4-1.mga8.x86_64 - lib64hwloc-devel-2.3.0-1.mga8.x86_64 - lib64hwloc15-2.3.0-1.mga8.x86_64 - lib64ibverbs-devel-1.2.1-4.mga8.x86_64 - lib64ibverbs1-1.2.1-4.mga8.x86_64 - lib64icu-devel-68.2-1.1.mga8.x86_64 - lib64ilmbase-devel-2.5.7-1.3.mga8.x86_64 - lib64imlib2-devel-1.7.1-1.mga8.x86_64 - lib64jack-devel-1.9.14-1.mga8.x86_64 - lib64jasper-devel-2.0.27-1.mga8.x86_64 - lib64jbig-devel-2.1-7.mga8.x86_64 - lib64jpeg-devel-2.0.6-1.mga8.x86_64 - lib64jxr-devel-1.1-5.mga8.x86_64 - lib64jxr0-1.1-5.mga8.x86_64 - lib64kms1-2.4.109-3.mga8.x86_64 - lib64lcms2-devel-2.11-1.mga8.x86_64 - lib64mesagl-devel-21.3.6-2.mga8.x86_64 - lib64mesagl1-21.3.6-2.mga8.x86_64 - lib64mesaglu1-devel-9.0.1-2.mga8.x86_64 - lib64mesakhr-devel-21.3.6-2.mga8.x86_64 - lib64mesavulkan-drivers-21.3.6-2.mga8.x86_64 - lib64mikmod-devel-3.3.11.1-4.mga8.x86_64 - lib64mikmod3-3.3.11.1-4.mga8.x86_64 - lib64modplug-devel-0.8.9.0-4.mga8.x86_64 - lib64mount-devel-2.36.1-5.mga8.x86_64 - lib64nl-cli3_200-3.5.0-2.mga8.x86_64 - lib64nl-idiag3_200-3.5.0-2.mga8.x86_64 - lib64nl-nf3_200-3.5.0-2.mga8.x86_64 - lib64nl-route3_200-3.5.0-2.mga8.x86_64 - lib64nl-xfrm3_200-3.5.0-2.mga8.x86_64 - lib64nl3-devel-3.5.0-2.mga8.x86_64 - lib64ogg-devel-1.3.4-2.mga8.x86_64 - lib64openal-devel-1.21.0-1.mga8.x86_64 - lib64opencl-devel-2.2.13-1.mga8.x86_64 - lib64openexr-devel-2.5.7-1.3.mga8.x86_64 - lib64opengl0-1.3.2-16.mga8.x86_64 - lib64openjade0-1.3.3-0.pre1.26.mga8.x86_64 - lib64openjpeg-devel-1.5.2-11.mga8.x86_64 - lib64openjpeg2-devel-2.4.0-1.2.mga8.x86_64 - lib64openjpeg5-1.5.2-11.mga8.x86_64 - lib64openmpi-devel-4.0.5-2.mga8.x86_64 - lib64openmpi40-4.0.5-2.mga8.x86_64 - lib64openpmix-devel-3.2.2-1.mga8.x86_64 - lib64openpmix2-3.2.2-1.mga8.x86_64 - lib64opus-devel-1.3.1-3.mga8.x86_64 - lib64osp5-1.5.2-21.mga8.x86_64 - lib64pango1.0-devel-1.48.4-1.mga8.x86_64 - lib64pciaccess-devel-0.16-2.mga8.x86_64 - lib64pcre-devel-8.44-1.mga8.x86_64 - lib64pcre16_0-8.44-1.mga8.x86_64 - lib64pcre32_0-8.44-1.mga8.x86_64 - lib64pixman-devel-0.40.0-1.mga8.x86_64 - lib64png-devel-1.6.37-2.mga8.x86_64 - lib64popt-devel-1.18-1.mga8.x86_64 - lib64portaudio-devel-19.6.0-snapshot20161030.8.mga8.x86_64 - lib64portaudiocpp0-19.6.0-snapshot20161030.8.mga8.x86_64 - lib64raw-devel-0.20.2-1.mga8.x86_64 - lib64raw_r20-0.20.2-1.mga8.x86_64 - lib64rdmacm-devel-1.1.0-4.mga8.x86_64 - lib64rdmacm1-1.1.0-4.mga8.x86_64 - lib64samplerate-devel-0.1.9-4.mga8.x86_64 - lib64SDL-devel-1.2.15-26.mga8.x86_64 - lib64SDL_gfx-devel-2.0.26-2.mga8.x86_64 - lib64SDL_image-devel-1.2.12-14.mga8.x86_64 - lib64SDL_image1.2_0-1.2.12-14.mga8.x86_64 - lib64SDL_net-devel-1.2.8-10.mga8.x86_64 - lib64SDL_net1.2_0-1.2.8-10.mga8.x86_64 - lib64SDL_sound-devel-1.0.3-21.mga8.x86_64 - lib64SDL_sound1.0_1-1.0.3-21.mga8.x86_64 - lib64SDL_ttf-devel-2.0.11-11.mga8.x86_64 - lib64SDL_ttf2.0_0-2.0.11-11.mga8.x86_64 - lib64serf2_2-1.4.0-0.7.mga8.x86_64 - lib64slang-devel-2.3.2-2.mga8.x86_64 - lib64sndio-devel-1.7.0-1.mga8.x86_64 - lib64source-highlight4-3.1.9-8.mga8.x86_64 - lib64speex-devel-1.2.0-3.1.mga8.x86_64 - lib64svn0-1.14.1-1.1.mga8.x86_64 - lib64thai-devel-0.1.28-2.mga8.x86_64 - lib64tiff-devel-4.2.0-1.1.mga8.x86_64 - lib64turbojpeg0-2.0.6-1.mga8.x86_64 - lib64utf8proc2-2.6.1-1.mga8.x86_64 - lib64vorbis-devel-1.3.7-1.mga8.x86_64 - lib64webp-devel-1.1.0-2.mga8.x86_64 - lib64webpdecoder3-1.1.0-2.mga8.x86_64 - lib64x11-devel-1.7.0-1.2.mga8.x86_64 - lib64xau-devel-1.0.9-2.mga8.x86_64 - lib64xcb-damage0-1.14-1.mga8.x86_64 - lib64xcb-devel-1.14-1.mga8.x86_64 - lib64xcb-dpms0-1.14-1.mga8.x86_64 - lib64xcb-record0-1.14-1.mga8.x86_64 - lib64xcb-res0-1.14-1.mga8.x86_64 - lib64xcb-screensaver0-1.14-1.mga8.x86_64 - lib64xcb-xf86dri0-1.14-1.mga8.x86_64 - lib64xcb-xtest0-1.14-1.mga8.x86_64 - lib64xcb-xvmc0-1.14-1.mga8.x86_64 - lib64xcomposite-devel-0.4.5-3.mga8.x86_64 - lib64xcursor-devel-1.2.0-2.mga8.x86_64 - lib64xdamage-devel-1.1.5-2.mga8.x86_64 - lib64xdmcp-devel-1.1.3-2.mga8.x86_64 - lib64xext-devel-1.3.4-2.mga8.x86_64 - lib64xfixes-devel-5.0.3-3.mga8.x86_64 - lib64xft-devel-2.3.3-2.mga8.x86_64 - lib64xi-devel-1.7.10-2.mga8.x86_64 - lib64xinerama-devel-1.1.4-3.mga8.x86_64 - lib64xml2-devel-2.9.10-7.2.mga8.x86_64 - lib64xrandr-devel-1.5.2-2.mga8.x86_64 - lib64xrender-devel-0.9.10-3.mga8.x86_64 - lib64xshmfence-devel-1.3-3.mga8.x86_64 - lib64xxf86vm-devel-1.1.4-4.mga8.x86_64 - libgomp-devel-10.3.0-2.mga8.x86_64 - libpthread-stubs-0.4-3.mga8.x86_64 - libquadmath-devel-10.3.0-2.mga8.x86_64 - libtool-2.4.6-13.mga8.x86_64 - libtool-base-2.4.6-13.mga8.x86_64 - m4-1.4.18-3.mga8.x86_64 - mesa-21.3.6-2.mga8.x86_64 - opencl-headers-2.2-0.20200218.1.mga8.noarch - openjade-1.3.3-0.pre1.26.mga8.x86_64 - openjpeg-1.5.2-11.mga8.x86_64 - openjpeg2-2.4.0-1.2.mga8.x86_64 - openmpi-4.0.5-2.mga8.x86_64 - opensp-1.5.2-21.mga8.x86_64 - pango-doc-1.48.1-1.mga8.noarch - perl-Authen-SASL-2.160.0-12.mga8.noarch - perl-DBI-1.643.0-4.1.mga8.x86_64 - perl-devel-5.32.1-1.1.mga8.x86_64 - perl-Digest-HMAC-1.30.0-11.mga8.noarch - perl-Digest-SHA1-2.130.0-28.mga8.x86_64 - perl-Error-0.170.290-3.mga8.noarch - perl-Git-2.30.2-1.mga8.x86_64 - perl-Git-SVN-2.30.2-1.mga8.x86_64 - perl-libintl-perl-1.320.0-1.mga8.x86_64 - perl-MIME-Base64-3.160.0-1.mga8.x86_64 - perl-OpenGL-0.700.0-8.mga8.x86_64 - perl-SGMLSpm-1.03ii-4.mga8.noarch - perl-SVN-1.14.1-1.1.mga8.x86_64 - perl-Text-Unidecode-1.300.0-4.mga8.noarch - perl-Unicode-EastAsianWidth-12.0.0-2.mga8.noarch - perl-YAML-1.300.0-2.mga8.noarch - phoronix-test-suite-10.8.2-1.mga8.noarch - php-cli-8.1.0-1.mga8.x86_64 - php-curl-8.1.0-1.mga8.x86_64 - php-dom-8.1.0-1.mga8.x86_64 - php-gd-8.1.0-1.mga8.x86_64 - php-ini-8.1.0-1.mga8.x86_64 - php-openssl-8.1.0-1.mga8.x86_64 - php-pcntl-8.1.0-1.mga8.x86_64 - php-pdo-8.1.0-1.mga8.x86_64 - php-posix-8.1.0-1.mga8.x86_64 - php-sockets-8.1.0-1.mga8.x86_64 - php-sqlite3-8.1.0-1.mga8.x86_64 - php-sysvsem-8.1.0-1.mga8.x86_64 - php-sysvshm-8.1.0-1.mga8.x86_64 - php-zlib-8.1.0-1.mga8.x86_64 - python3-pygments-2.7.4-1.1.mga8.noarch - python3-pyparsing-2.4.7-1.mga8.noarch - scons-4.0.1-1.mga8.noarch - source-highlight-3.1.9-8.mga8.x86_64 - subversion-1.14.1-1.1.mga8.x86_64 - systemtap-sdt-devel-4.4-4.mga8.x86_64 - task-c++-devel-2011.0-9.mga8.noarch - task-c-devel-2011.0-9.mga8.noarch - tcsh-6.22.03-1.mga8.x86_64 - texinfo-6.7-3.mga8.x86_64 - valgrind-devel-3.16.1-10.mga8.x86_64 - x11-proto-devel-2020.1-2.mga8.noarch - xsltproc-1.1.34-2.mga8.x86_64 426MB of additional disk space will be used. --- testing result $ phoronix-test-suite install git/x265 $ phoronix-test-suite run git/x265 x265 Git: git/x265-1.1.0 Test 1 of 1 Estimated Trial Run Count: 3 Estimated Time To Completion: 6 Minutes [16:34 CST] Started Run 1 @ 16:28:45 Started Run 2 @ 16:31:53 Started Run 3 @ 16:35:01 H.265 1080p Video Encoding: 3.28 3.27 3.28 Average: 3.28 Frames Per Second Deviation: 0.18% Comparison of 97 OpenBenchmarking.org samples since 8 March 2019; median result: 26.98 Frames Per Second. Box plot of samples: [|-*-----################!#################-----*-----------------| ] ^ This Result (13th Percentile): 3.28 Ryzen 5 PRO 4650G: 51.54 ^ Yes this puppy is a barn burner at 13th percentile I was able to open the web-page. This works. - Works as designed Anybody out there able to beat 3.28 frames per second. ;-)
CC: (none) => brtians1
Oops. Replied on the qa-bugs ml by mistake. :-) On my 9 year old desktop system ... Average: 2.65 Frames Per Second Deviation: 0.87% Comparison of 97 OpenBenchmarking.org samples since 8 March 2019; median result: 26.98 Frames Per Second. Box plot of samples: [ |----*------------------###########################################!###########################################---------------*--*----------------------------------------------| ] ^ This Result (8th Percentile): 2.65
CC: (none) => davidwhodgins
Wow my old (10 year old desktop) rig beat someone. ;-) I'm okaying this as it appears to work as designed.
Whiteboard: (none) => MGA8-64-OK
(In reply to Brian Rockwell from comment #5) > Wow my old (10 year old desktop) rig beat someone. ;-) > > I'm okaying this as it appears to work as designed. The test is testing the video card, not just the cpu. $ lspcidrake -v|grep Card Card:ATI Radeon HD 5000 to HD 6300 (radeon): Advanced Micro Devices, Inc. [AMD/ATI]|Cedar [Radeon HD 5000/6000/7350/8350 Series] [DISPLAY_VGA] (vendor:1002 device:68f9 subv:1043 subd:03ca) Validating the update.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0067.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED
This update also fixed CVE-2022-0571: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KSQH5OWXAMWSM7H6VSBRDGTOE7UIOZHZ/