The following Fedora EPEL 7 Security updates need testing:
Age URL
127 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7
77 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
61 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
52 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a3c72c5e5 chromium-68.0.3440.106-3.el7
33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896 myrepos-1.20180726-1.el7
24 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc87c43cdd libbson-1.3.5-6.el7
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c906338b6b libmad-0.15.1b-26.el7
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f13feb5e4b sensible-utils-0.0.12-2.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-aa0030f9a1 php-horde-nag-4.2.19-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e8e2e2acac strongswan-5.7.1-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6e8b488d2 clamav-0.100.2-2.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a9ac6a18d2 libgit2-0.26.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libuv-1.23.2-1.el7
mosquitto-1.5.3-1.el7
purple-facebook-0.9.5-11.9ff9acf9fa14.el7
s3fs-fuse-1.84-3.el7
Details about builds:
================================================================================
libuv-1.23.2-1.el7 (FEDORA-EPEL-2018-d797366c77)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Update to the latest libuv 1.23.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 11 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1.23.2-1
- Update to 1.23.2
- https://github.com/libuv/libuv/blob/v1.23.2/ChangeLog
* Tue Sep 11 2018 Stephen Gallagher <sgallagh(a)redhat.com> - 1.23.0-1
- Update to 1.23.0
- https://github.com/libuv/libuv/blob/v1.23.0/ChangeLog
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.5.3-1.el7 (FEDORA-EPEL-2018-aa66b877bb)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Release 1.5.3 Security: * Fix CVE-2018-12543. If a message is sent to
Mosquitto with a topic that begins with $, but is not $SYS, then an assert that
should be unreachable is triggered and Mosquitto will exit. Broker: * Elevate
log level to warning for situation when socket limit is hit. * Remove
requirement to use `user root` in snap package config files. * Fix retained
messages not sent by bridges on outgoing topics at the first connection. *
Documentation fixes. * Fix duplicate clients being added to by_id hash before
the old client was removed. * Fix Windows version not starting if include_dir
did not contain any files. Build: * Various fixes to ease building. Further
details here: http://mosquitto.org/ChangeLog.txt
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 14 2018 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.5.3-1
- 1.5.3 release
* Thu Sep 20 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.2-2
- Use WITH_BUNDLED_DEPS=no
* Thu Sep 20 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.2-1
- Update to new upstream version 1.5.2
* Mon Aug 20 2018 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.5.1-1
- 1.5.1 release
* Fri Jul 20 2018 John W. Linville <linville(a)redhat.com> - 1.5-5
- Add previously unnecessary BuildRequires for gcc-c++
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat May 26 2018 Rich Mattes <richmattes(a)gmail.com> - 1.5-3
- Add network-online.target and documentation to unitfile
* Sat May 26 2018 Rich Mattes <richmattes(a)gmail.com> - 1.5-2
- Use upstream systemd service and enable systemd notification support
(rhbz#1410654)
* Sun May 20 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5-2
- Update to new upstream version 1.5 (rhbz#1580115)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1588904 - CVE-2017-7654 mosquitto: Memory leak allows unauthenticated clients to send crafted CONNECT packets causing a denial of service [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1588904
[ 2 ] Bug #1588901 - CVE-2017-7653 mosquitto: Improper handling of UTF-8 strings allows malicious clients to cause other clients to disconnect [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1588901
--------------------------------------------------------------------------------
================================================================================
purple-facebook-0.9.5-11.9ff9acf9fa14.el7 (FEDORA-EPEL-2018-01af2ad74b)
Facebook protocol plugin for purple2
--------------------------------------------------------------------------------
Update Information:
- Backported upstream patch for Facebook Work Chat. - Backported pull-request
adding an option to show inactive friends as away. - Backported pull-request
fixing compiler warnings. - Add disclaimer to %description. - Optimize
sortability of patches. - Refactor patches for smooth alignment.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-11.9ff9acf9fa14
- Backported upstream patch for Facebook Work Chat
* Sat Oct 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-10.9ff9acf9fa14
- Optimize sortability of patches
- Refactor patches for smooth alignment
- Remove empty line from spec file
* Fri Oct 5 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-9.9ff9acf9fa14
- Update Patch101 to match upstream PR
* Thu Oct 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-8.9ff9acf9fa14
- Backported pull-request fixing compiler warnings
* Thu Oct 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-7.9ff9acf9fa14
- Add disclaimer to %description
* Thu Oct 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-6.9ff9acf9fa14
- Backported pull-request adding an option to show inactive friends as away
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.5-5.9ff9acf9fa14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
s3fs-fuse-1.84-3.el7 (FEDORA-EPEL-2018-9a65bf65cb)
FUSE-based file system backed by Amazon S3
--------------------------------------------------------------------------------
Update Information:
Require fuse package on runtime to allow mounting with systemd, mount command or
/etc/fstab (#1637669)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 14 2018 Julio Gonzalez Gil <git(a)juliogonzalez.es> - 1.84-3
- Require fuse package on runtime to allow mounting with systemd,
mount command or /etc/fstab (#1637669)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637669 - s3fs unable to mount volumes via mount or systemd unless fuse package is installed
https://bugzilla.redhat.com/show_bug.cgi?id=1637669
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
124 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7
74 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7
58 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
49 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3a3c72c5e5 chromium-68.0.3440.106-3.el7
30 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896 myrepos-1.20180726-1.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bc87c43cdd libbson-1.3.5-6.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c906338b6b libmad-0.15.1b-26.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f13feb5e4b sensible-utils-0.0.12-2.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1345280fd0 php-horde-Horde-Core-2.31.6-1.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c1f95f55fd php-horde-horde-5.2.20-1.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9209f8af0b php-horde-kronolith-4.2.25-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-59650a08fe zchunk-0.9.11-1.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-aa0030f9a1 php-horde-nag-4.2.19-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-e8e2e2acac strongswan-5.7.1-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6e8b488d2 clamav-0.100.2-2.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a9ac6a18d2 libgit2-0.26.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libebml-1.3.5-1.el7
libmatroska-1.4.8-1.el7
mkvtoolnix-27.0.0-2.el7
Details about builds:
================================================================================
libebml-1.3.5-1.el7 (FEDORA-EPEL-2018-964d83615f)
Extensible Binary Meta Language library
--------------------------------------------------------------------------------
Update Information:
This is a major update for mkvtoolnix in EPEL7, from 7.4.0 to the latest 27.0.0
(same as current Fedora), so the list of changes is too long to list here. See
upstream [changelog](https://mkvtoolnix.download/doc/NEWS.md) for details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 23 2017 Dominik Mierzejewski <rpm(a)greysector.net> - 1.3.5-1
- update to 1.3.5 (#1483228)
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Aug 19 2016 Dominik Mierzejewski <rpm(a)greysector.net> - 1.3.4-1
- update to 1.3.4 (#1352294)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636462 - mkvtoolnix-27.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1636462
--------------------------------------------------------------------------------
================================================================================
libmatroska-1.4.8-1.el7 (FEDORA-EPEL-2018-964d83615f)
Open audio/video container format library
--------------------------------------------------------------------------------
Update Information:
This is a major update for mkvtoolnix in EPEL7, from 7.4.0 to the latest 27.0.0
(same as current Fedora), so the list of changes is too long to list here. See
upstream [changelog](https://mkvtoolnix.download/doc/NEWS.md) for details.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 7 2017 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.8-1
- Update to 1.4.8 (#1495383)
* Tue Apr 18 2017 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.7-1
- Update to 1.4.7 (#1431305)
- Use license and make build macros
- Make -devel require the same arch of main package
- Sync libebml version requirement between main and -devel
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Aug 19 2016 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.5-1
- Update to 1.4.5 (#1352477)
- Bump min required libebml version to 1.3.4
- use https for URLs
* Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Thu Oct 22 2015 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.4-1
- Update to 1.4.4 (required by mkvtoolnix 8.5.x)
- Bump min required libebml version to 1.3.3
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sat Apr 11 2015 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.2-3
- rebuilt for gcc-5.0.0-0.22.fc23
* Thu Mar 5 2015 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.2-2
- rebuilt for gcc-5.0
* Wed Jan 14 2015 Dominik Mierzejewski <rpm(a)greysector.net> - 1.4.2-1
- Update to 1.4.2
- Bump min required libebml version to 1.3.1
- Adapt specfile to the new autotools-based build system
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636462 - mkvtoolnix-27.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1636462
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-27.0.0-2.el7 (FEDORA-EPEL-2018-964d83615f)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
This is a major update for mkvtoolnix in EPEL7, from 7.4.0 to the latest 27.0.0
(same as current Fedora), so the list of changes is too long to list here. See
upstream [changelog](https://mkvtoolnix.download/doc/NEWS.md) for details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 8 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 27.0.0-2
- add explicit BR on xsltproc
- fix keyring creation for sig verification with older gpg2 version
- use devtoolset-7 g++ for C++14 support
- skip appstream data validation for now (#1636955)
- don't include man page translations on ppc64 (#1497544)
* Sat Oct 6 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 27.0.0-1
- update to 27.0.0 (#1636462)
- mkvinfo has no GUI again, moved back to main package
- add missing BR: gcc-c++
- new dependency required to build GUIs: cmark
- disable built-in update check (#1515687)
- verify GPG signature of the source
- requires libmatroska >= 1.4.8
- requires libebml >= 1.3.5
- add Provides: for bundled librmff
- new dependency introduced by upstream (Qt5Multimedia)
- rename desktop files to fix task switcher icons under Wayland
- unbundle json
- clean up prep section
- autogenerate localized files list
- BR docbook-style-xsl and fix check for it
- update Source and main URLs
- add Provides: for bundled avilib
- wxGTK GUI is gone
- use license macro to tag the license text file
- unbundle drake
- drop manual desktop file installation, upstream does it properly now
- unbundle utf8cpp
- remove bundled libebml and libmatroska so that they don't get used
accidentally if available version is too low
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636462 - mkvtoolnix-27.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1636462
--------------------------------------------------------------------------------
I thought devtoolset was now available for building EPEL packages, but
I've just tried with something that needs a more recent gcc than el6's
but neither devtoolset-6 nor -7 are found. Should that work?