The following Fedora EPEL 7 Security updates need testing:
Age URL
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d69636a383 tor-0.3.5.12-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0fe15b3c39 rpki-client-6.8p1-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad pngcheck-2.4.0-2.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-62ef58ec56 openssl11-1.1.1g-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-46fc6c7982 seamonkey-2.53.5-2.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3097b2d5db chromium-86.0.4240.198-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4b568a793a golang-1.15.5-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a2eeb128a9 drupal7-7.74-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
libmodulemd2-2.10.0-2.el7
mock-core-configs-33.3-1.el7
root-6.22.04-1.el7
rust-1.48.0-1.el7
safekeep-1.5.1-1.el7
Details about builds:
================================================================================
libmodulemd2-2.10.0-2.el7 (FEDORA-EPEL-2020-17e02b5de4)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
# libmodulemd 2.10.0 # Ale�� Mat��j (6) * Add modulemd-obsoletes * Add
modulemd-obsoletes to modulemd-module-stream * Add modulemd-obsoletes to
modulemd-module * Add modulemd-obsoletes to modulemd-module-index/merger *
Convert modulemd-obsoletes dates to ISO 8601 format * Update documentation with
eols and 2.10 index # Merlin Mathesius (32) * Address detected Coverity scan
defects * TRAVIS: Bump Fedora version used for Coverity scan * Add tests for
modulemd_load_string() * Clarify difference between MMD_YAML_ERROR_UNPARSEABLE
and MMD_YAML_ERROR_PARSE * Enhance the travis build scripts and Dockerfile
templates so that the common mmd_run_docker_tests() launcher function can also
launch the Coverity scan. This enhancement made it a simple matter to switch the
Coverity scan to run on CentOS 8 instead of Fedora. * Add StreamV3 object
(#487) * Correct minor issues with MMD_INIT_YAML_STRING() and
MMD_REINIT_YAML_STRING() not using the given _string argument. * Add YAML emit
capabilities to BuildConfig object. * Add "equals" function for BuildConfig
objects. * Increase timeout for debug tests. * modulemd-packager v3 spec
fixup: include "arches" in per-configuration "buildopts" * Implement PackagerV3
mapping to StreamV2/StreamV3 * Spec updates to modulemd-stream v3 and modulemd-
packager v3 to specify module stream dependencies as single-element lists
instead of scalars. * Implemention and test updates to reflect modulemd-stream
v3 and modulemd-packager v3 spec changes to specify module stream dependencies
as single-element lists instead of scalars. * Implement StreamV2 to StreamV3
upgrading * Add placeholder modulemd_module_stream_upgrade_ext() * Update
modulemd_module_stream_upgrade_v2_to_v3_ext() argument to ModulemdModuleStreamV2
instead of ModulemdModuleStream * Added a lot of commentary to the StreamV2 to
StreamV3 stream expansion process * Initial integration of StreamV2 to StreamV3
upgrading * Use proper GOobject type casting for BuildConfig * ModuleIndex
stream mdversion is no longer allowed to change on-the-fly * Adjust new XMD
tests added by PR#504 to preset index stream mdversion * Fill in default module
license if necessary when mapping PackagerV3 to StreamV2. * StreamV3 license
emitting bug fix * Refactor module/stream name autogeneration into separate
functions * Autogen module/stream names when converting PackagerV3 for adding
to index * Add wrapper script to simplify running valgrind tests * modulemd-
validator: fix use of wrong loop index variable * Enable determining which sub-
document(s) are the cause of a batch load failure * Add generalized function to
debug dump any sub-document failures * Catch and sensibly report StreamV2
upgrade missing dependencies error * Revise tests for easier debugging # Neal
Gompa (1) * CI: Fix installation of dependencies on openSUSE Tumbleweed #
Peter Pentchev (1) * Correct some typographical errors. # Stephen Gallagher
(51) * Bump version in meson.build to 2.9.5 * Drop custom valgrind test *
Replace all references to the 'master' branch * Docs must be on the 'master'
branch due to Github limitations * validator: Add support for compressed YAML
* fixup! validator: Add support for compressed YAML * Create rpmbuild directory
* Disable LTO * TRAVIS: Add Fedora 33 to test hosts * Correct typo in
documentation * Update test for newer bash versions * Fix incorrect error type
* Update python formatting with python-black 20.8 * Add convenience functions
for loading the index * Add modulemd-packager and modulemd-stream v3 document
specs. * Do not treat OpenMandriva tests as blocking * Merge remote-tracking
branch 'upstream/main' into mmdv3-devel * Add BuildConfig object * Add common
mmd_parse_xmd() function * Add 'default' property to ModulemdProfile * Add
PackagerV3 object * Tools: Tag with bare version as well * Enable source-git
functionality for Fedora * Fix README * Merge branch 'main' into mmdv3-devel
* CI: replace RPM creation with packit * Merge remote-tracking branch
'upstream/main' into mmdv3-devel * Always output quoted stream name * Merge
branch 'main' into mmdv3-devel * Apply clang-format changes * Change the
specification of `ref` * Handle XMD for ModuleStreamV3 in python * Don't fail
tests locally when overrides are changing * Container-based build setup *
Conditionalize overrides * Merge branch 'container' into mmdv3-devel * Allow
tests to fail on openSUSE Tumbleweed * Merge branch 'main' into mmdv3-devel *
Fix python style issues * Fix memory leak in rpmmap test * Merge branch 'main'
into mmdv3-devel * Suppress Coverity false-positive * Add Coverity modeling
file to upstream sources * Improve valgrind performance in CI * Add
modulmd_str_set_new() * Add Modulemd.UpgradeHelper object * Fix up override
handling in tests * Fix up memory errors detected by clang * Run coverity
modeling file through clang-format * Make UpgradeHelper private * Use
UpgradeHelper during upgrades
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 20 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 2.10.0-2
- Fix integer size issue on 32-bit platforms
* Fri Nov 20 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 2.10.0-1
- Release 2.10.0
- https://github.com/fedora-modularity/libmodulemd/releases/tag/libmodulemd-2…
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.9.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 25 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 2.9.4-2
- Rebuilt for Python 3.9
* Wed May 20 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 2.9.4-1
- new upstream release: 2.9.4
* Wed May 20 2020 Stephen Gallagher <sgallagh(a)redhat.com> - 2.9.4-2.9.300520.1gitgc19757c
- new upstream release: 2.9.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1863048 - implement support for Obsoletes module metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1863048
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-33.3-1.el7 (FEDORA-EPEL-2020-c5ac5ed572)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
mock-core-configs v33.1 - v33.3 - ELN fixups (mmathesi(a)redhat.com,
jkonecny(a)redhat.com) - EPEL: fix repo-id and name= - Add missing repos to CentOS
6 and CentOS 7 configs - Do --disablerepo=centos-sclo* in templates - Add plain
CentOS 6/7/8 configs (without epel) - EPEL Playground depends on normal EPEL
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 20 2020 Pavel Raiskup <praiskup(a)redhat.com> 33.3-1
- ELN should use for build Everything repository (jkonecny(a)redhat.com)
* Wed Nov 11 2020 Pavel Raiskup <praiskup(a)redhat.com> 33.2-1
- Add missing CRB repository (jkonecny(a)redhat.com)
* Wed Nov 11 2020 Pavel Raiskup <praiskup(a)redhat.com> 33.1-1
- ELN fixups (mmathesi(a)redhat.com)
- EPEL: fix repo-id and name=
- Add missing repos to CentOS 6 and CentOS 7 configs
- Do --disablerepo=centos-sclo* in templates
- Add plain CentOS 6/7/8 configs (without epel)
- EPEL Playground depends on normal EPEL
--------------------------------------------------------------------------------
================================================================================
root-6.22.04-1.el7 (FEDORA-EPEL-2020-1022859854)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
ROOT 6.22.04
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 13 2020 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 6.22.04-1
- Update to 6.22.04
- Drop patch root-xrootd5-compat.patch (accepted upstream)
* Sat Nov 7 2020 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 6.22.02-4
- Rebuild for C++ standard library __GLIBCXX__ 20201016
--------------------------------------------------------------------------------
================================================================================
rust-1.48.0-1.el7 (FEDORA-EPEL-2020-3a0a6514d6)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.48.0: - Easier linking in rustdoc - Adding search aliases -
Library changes, including `[T; N]: TryFrom<Vec<T>>` See the [blog
post](https://blog.rust-lang.org/2020/11/19/Rust-1.48.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1480-2020-11-19) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 19 2020 Josh Stone <jistone(a)redhat.com> - 1.48.0-1
- Update to 1.48.0.
* Sat Oct 10 2020 Jeff Law <law(a)redhat.com> - 1.47.0-2
- Re-enable LTO
--------------------------------------------------------------------------------
================================================================================
safekeep-1.5.1-1.el7 (FEDORA-EPEL-2020-7d86c43257)
The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:
Latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 17 2020 Frank Crawford <frank(a)crawford.emu.id.au> 1.5.1-1
- Latest upstream release
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d69636a383 tor-0.3.5.12-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0fe15b3c39 rpki-client-6.8p1-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-339db397ad pngcheck-2.4.0-2.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-62ef58ec56 openssl11-1.1.1g-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-46fc6c7982 seamonkey-2.53.5-2.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-3097b2d5db chromium-86.0.4240.198-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4b568a793a golang-1.15.5-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a2eeb128a9 drupal7-7.74-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
iotop-c-1.15-1.el7
python3-mod_wsgi-4.7.1-2.el7
Details about builds:
================================================================================
iotop-c-1.15-1.el7 (FEDORA-EPEL-2020-9235b349a9)
Simple top-like I/O monitor (implemented in C)
--------------------------------------------------------------------------------
Update Information:
Initial packaging for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python3-mod_wsgi-4.7.1-2.el7 (FEDORA-EPEL-2020-ec9bfc51f4)
A WSGI interface for Python web applications in Apache
--------------------------------------------------------------------------------
Update Information:
- Add provides for python36-mod_wsgi - Add obsoletes for python36-mod_wsgi
(previously packaged in third party repo)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 19 2020 Carl George <carl(a)george.computer> - 4.7.1-2
- Add provides for python36-mod_wsgi
- Add obsoletes for python36-mod_wsgi (previously packaged in third party repo)
--------------------------------------------------------------------------------
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2020-11-20 from 21:00:00 to 22:00:00 UTC
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.
A general agenda is the following:
#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-6
#topic EPEL-7
#topic EPEL-8
#topic Openfloor
#endmeeting
Source: https://apps.fedoraproject.org/calendar/meeting/9854/
The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2aa68c5f5e tor-0.4.3.7-1.el8
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-317c124dc0 rpki-client-6.8p1-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6c93c61069 pngcheck-2.4.0-2.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b3000c1eea seamonkey-2.53.5-2.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5b5debb24b chromium-86.0.4240.198-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
psutils-2.04-1.el8
python-curtsies-0.3.4-2.el8
python-managesieve-0.6-4.el8
python-pyemby-1.6-1.el8
python-pynuvo-0.2-1.el8
python-rangeparser-0.1.3-2.el8
python-waqiasync-1.0.0-1.el8
rubberband-1.9.0-1.el8
xpra-4.0.5-2.el8
xrootd-5.0.3-2.el8
Details about builds:
================================================================================
psutils-2.04-1.el8 (FEDORA-EPEL-2020-0ae0b74db2)
PostScript utilities
--------------------------------------------------------------------------------
Update Information:
This release fixes handling a paper size when parsing an offset. It also fixes a
warning about an undefined variable.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 18 2020 Petr Pisar <ppisar(a)redhat.com> - 2.04-1
- 2.04 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1898868 - psutils-2.04 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1898868
--------------------------------------------------------------------------------
================================================================================
python-curtsies-0.3.4-2.el8 (FEDORA-EPEL-2020-a095e0e62d)
Curses-like terminal wrapper, with colored strings
--------------------------------------------------------------------------------
Update Information:
Initial build for EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1782780 - RFE - please build a python(3)-curtsies package for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1782780
--------------------------------------------------------------------------------
================================================================================
python-managesieve-0.6-4.el8 (FEDORA-EPEL-2020-09d5da6037)
Accessing a Sieve-Server for managing Sieve scripts
--------------------------------------------------------------------------------
Update Information:
Initial release of package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1892756 - Review Request: python-managesieve - Accessing a Sieve-Server for managing Sieve scripts
https://bugzilla.redhat.com/show_bug.cgi?id=1892756
--------------------------------------------------------------------------------
================================================================================
python-pyemby-1.6-1.el8 (FEDORA-EPEL-2020-31bd190097)
Python module to interact with a Emby media server
--------------------------------------------------------------------------------
Update Information:
Initial package for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-pynuvo-0.2-1.el8 (FEDORA-EPEL-2020-eece3260c1)
Python API for talking to Nuvo multi zone amplifier
--------------------------------------------------------------------------------
Update Information:
Initial package for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-rangeparser-0.1.3-2.el8 (FEDORA-EPEL-2020-3c89d630f8)
Parses a list of ranges or numbers
--------------------------------------------------------------------------------
Update Information:
Update summary (#1888981)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-waqiasync-1.0.0-1.el8 (FEDORA-EPEL-2020-8b794af0b7)
Python API for aqicn.org
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
rubberband-1.9.0-1.el8 (FEDORA-EPEL-2020-3d4e57454b)
Audio time-stretching and pitch-shifting library
--------------------------------------------------------------------------------
Update Information:
Changes in Rubber Band v1.9 * Fix incorrect numbering of pitch speed/quality
flags in the auxiliary C wrapper header. The effect of this was that code
using the C wrapper that intended to select the higher-quality pitch-shift
mode was actually choosing the higher-speed mode, and vice versa. (The third
mode - high-consistency, commonly used in real-time applications - was
correct.) Thanks to Michael Bradshaw for reporting this. * Improve error
handling in command-line utility * Fix failure to build with FFTW_SINGLE_ONLY
defined * Fix some compiler warnings The API is unchanged except for the fix
noted above, as a result of which the minor version number has been increased.
The library is binary compatible with version 1.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 17 2020 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 1.9.0-1
- Update to 1.9.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1877826 - rubberband-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1877826
--------------------------------------------------------------------------------
================================================================================
xpra-4.0.5-2.el8 (FEDORA-EPEL-2020-274b91652d)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
- Release 4.0.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 18 2020 Antonio Trande <sagitter(a)fedoraproject.org> - 4.0.5-2
- Fix BR packages for epel8
* Wed Nov 18 2020 Antonio Trande <sagitter(a)fedoraproject.org> - 4.0.5-1
- Release 4.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1898795 - xpra-4.0.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1898795
--------------------------------------------------------------------------------
================================================================================
xrootd-5.0.3-2.el8 (FEDORA-EPEL-2020-e4af8091d4)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
xrootd 5.0.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 18 2020 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.0.3-2
- Correct plugin version checking to prevent false negatives
- Fix wrong section number in xrootdfs.1 manpage
- Use system tinyxml library (unbundle)
* Thu Nov 12 2020 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.0.3-1
- Update to version 5.0.3
- Drop patches (accepted upstream or previously backported)
* Mon Nov 2 2020 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1:5.0.2-2
- Fix for XrdPosix failing to compile with glibc 2.33 (2.32.9000)
--------------------------------------------------------------------------------
The following builds have been pushed to Fedora EPEL 6 updates-testing
drupal7-7.74-1.el6
golang-1.15.5-1.el6
Details about builds:
================================================================================
drupal7-7.74-1.el6 (FEDORA-EPEL-2020-bc1fdbed24)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
- https://www.drupal.org/project/drupal/releases/7.74 -
https://www.drupal.org/sa-core-2020-012 -
https://www.drupal.org/project/drupal/releases/7.73 -
https://www.drupal.org/sa-core-2020-007
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 18 2020 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.74-1
- Update to 7.74
- SA-CORE-2020-007 / CVE-2020-13666
- SA-CORE-2020-012 / CVE-2020-13671
--------------------------------------------------------------------------------
================================================================================
golang-1.15.5-1.el6 (FEDORA-EPEL-2020-3012d075c2)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
* Rebase to go1.15.5 * Security fix for CVE-2020-28362, CVE-2020-28367 and
CVE-2020-28366
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 16 2020 Jakub ��ajka <jcajka(a)redhat.com> - 1.15.5-1
- Rebase to go1.15.5
- Security fix for CVE-2020-28362, CVE-2020-28367 and CVE-2020-28366
- Resolves: BZ#1897637, BZ#1897645 and BZ#1897648
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers
https://bugzilla.redhat.com/show_bug.cgi?id=1897635
[ 2 ] Bug #1897643 - CVE-2020-28366 golang: malicious symbol names can lead to code execution at build time
https://bugzilla.redhat.com/show_bug.cgi?id=1897643
[ 3 ] Bug #1897646 - CVE-2020-28367 golang: improper validation of cgo flags can lead to code execution at build time
https://bugzilla.redhat.com/show_bug.cgi?id=1897646
--------------------------------------------------------------------------------