Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2020-04-10 from 21:00:00 to 22:00:00 UTC
At freenode@fedora-meeting
The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.
A general agenda is the following:
#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-6
#topic EPEL-7
#topic EPEL-8
#topic Openfloor
#endmeeting
Source: https://apps.fedoraproject.org/calendar/meeting/9722/
The following Fedora EPEL 8 Security updates need testing:
Age URL
32 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-02f03affd4 ansible-2.9.6-1.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83cd17b92f nrpe-4.0.2-2.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6637ed458e chromium-80.0.3987.163-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8fcf741d7f cacti-1.2.11-1.el8 cacti-spine-1.2.11-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
geany-1.36-3.el8
geany-plugins-1.36-1.el8
geany-themes-1.27-8.el8
nagios-plugins-2.3.3-1.el8
perl-AWS-Signature4-1.02-2.el8
python-aiohttp-3.6.2-3.el8
squashfuse-0.1.102-1.el8
tcllib-1.19-3.el8
Details about builds:
================================================================================
geany-1.36-3.el8 (FEDORA-EPEL-2020-5392d2e45e)
A fast and lightweight IDE using GTK3
--------------------------------------------------------------------------------
Update Information:
Theis update brings Geany to EPEL8! Have fun with using this on your RHEL8-based
linux distribution of choice!
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1754361 - Request for Geany IDE for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1754361
[ 2 ] Bug #1820110 - [RFE] : geany : epel8 build request
https://bugzilla.redhat.com/show_bug.cgi?id=1820110
--------------------------------------------------------------------------------
================================================================================
geany-plugins-1.36-1.el8 (FEDORA-EPEL-2020-5392d2e45e)
Plugins for Geany
--------------------------------------------------------------------------------
Update Information:
Theis update brings Geany to EPEL8! Have fun with using this on your RHEL8-based
linux distribution of choice!
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1754361 - Request for Geany IDE for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1754361
[ 2 ] Bug #1820110 - [RFE] : geany : epel8 build request
https://bugzilla.redhat.com/show_bug.cgi?id=1820110
--------------------------------------------------------------------------------
================================================================================
geany-themes-1.27-8.el8 (FEDORA-EPEL-2020-5392d2e45e)
A collection of syntax highlighting color schemes for Geany
--------------------------------------------------------------------------------
Update Information:
Theis update brings Geany to EPEL8! Have fun with using this on your RHEL8-based
linux distribution of choice!
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1754361 - Request for Geany IDE for EPEL8
https://bugzilla.redhat.com/show_bug.cgi?id=1754361
[ 2 ] Bug #1820110 - [RFE] : geany : epel8 build request
https://bugzilla.redhat.com/show_bug.cgi?id=1820110
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.3.3-1.el8 (FEDORA-EPEL-2020-b298418b73)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Upgrade to new upstream 2.3.3
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
perl-AWS-Signature4-1.02-2.el8 (FEDORA-EPEL-2020-0133e397df)
Create a version4 signature for Amazon Web Services
--------------------------------------------------------------------------------
Update Information:
This brings the AWS::Signature4 perl module to EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-aiohttp-3.6.2-3.el8 (FEDORA-EPEL-2020-df90ad332e)
Python HTTP client/server for asyncio
--------------------------------------------------------------------------------
Update Information:
Initial EPEL8 package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1759109 - Branch request: python-aiohttp for epel8
https://bugzilla.redhat.com/show_bug.cgi?id=1759109
--------------------------------------------------------------------------------
================================================================================
squashfuse-0.1.102-1.el8 (FEDORA-EPEL-2020-228db9a1ef)
FUSE filesystem to mount squashfs archives
--------------------------------------------------------------------------------
Update Information:
Initial EPEL 8 build
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1809433 - Please branch and build squashfuse for EPEL 8
https://bugzilla.redhat.com/show_bug.cgi?id=1809433
--------------------------------------------------------------------------------
================================================================================
tcllib-1.19-3.el8 (FEDORA-EPEL-2020-1b701e50c7)
The standard Tcl library
--------------------------------------------------------------------------------
Update Information:
Initial import into epel8.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
There does not appear to be an explicit conflict policy for EPEL8:
https://fedoraproject.org/wiki/EPEL/FAQ#Does_EPEL_replace_packages_provided…
I got a report against python3-s3transfer and python3-botocore
conflicting with the CentOS 8 HighAvailability repo. No idea if this is
an issue or not: https://bugzilla.redhat.com/show_bug.cgi?id=1821630
It looks like we have avoided conflicts with the "ha" repos in the past,
and I can enable the rhel-8-for-x86_64-highavailability-rpms repo on my
RHEL8 developer license machine so it does seem available to everyone.
--
Orion Poplawski
Manager of NWRA Technical Systems 720-772-5637
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion(a)nwra.com
Boulder, CO 80301 https://www.nwra.com/
The following Fedora EPEL 6 Security updates need testing:
Age URL
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b1a5eb3ef5 librabbitmq-0.5.2-2.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-22ba261c73 drupal7-ckeditor-1.19-1.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-082ab81e5f php-robrichards-xmlseclibs1-1.4.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
nrpe-4.0.2-1.el6
Details about builds:
================================================================================
nrpe-4.0.2-1.el6 (FEDORA-EPEL-2020-fc983d39e7)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
New upstream version fixes CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2020 Martin Jackson <mhjacks(a)swbell.net> - 4.0.2-1
- New upstream version
- Update patch for indlude_dir
- Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion
- Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816805
[ 2 ] Bug #1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816816
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b1a5eb3ef5 librabbitmq-0.5.2-2.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-22ba261c73 drupal7-ckeditor-1.19-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-082ab81e5f php-robrichards-xmlseclibs1-1.4.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
php-phpseclib-2.0.27-1.el6
prosody-0.11.5-1.el6
Details about builds:
================================================================================
php-phpseclib-2.0.27-1.el6 (FEDORA-EPEL-2020-cdd04820fb)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.27** * SFTP: change the mode with a SETSTAT instead of MKDIR
(#1463) * SFTP: make it so extending SFTP class doesn't cause a segfault
(#1465) * Random::string didn't always return all the requested bytes (#1466)
---- **Version 2.0.26** * SFTP: another attempt at speeding up uploads
(#1455) * SSH2: try logging in with none as an auth method first (#1454) *
ASN1: fix for malformed ASN1 strings (#1456)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Remi Collet <remi(a)remirepo.net> - 2.0.27-1
- update to 2.0.27
* Mon Mar 23 2020 Remi Collet <remi(a)remirepo.net> - 2.0.26-1
- update to 2.0.26
--------------------------------------------------------------------------------
================================================================================
prosody-0.11.5-1.el6 (FEDORA-EPEL-2020-6804a5d4bf)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.5 ============== This release mostly adds command line flags to
force foreground or background operation, which replaces and deprecates the
`daemonize` option in the config file. Fixes and improvements
---------------------- * prosody / mod_posix: Support for command-line flags
to override `daemonize` config option Minor changes ------------- *
mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484:
Websocket masks pong answer)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.5-1
- Upgrade to 0.11.5 (#1816855)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816855 - prosody-0.11.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1816855
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
601 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
343 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7
341 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7
50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-7bc15e9271 coturn-4.5.1.1-3.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb drupal7-ckeditor-1.19-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581 php-robrichards-xmlseclibs1-1.4.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-2.9.6-3.el7
cc65-2.18-12.el7
chromium-80.0.3987.163-1.el7
firefox-pkcs11-loader-3.13.5-1.el7
php-phpseclib-2.0.27-1.el7
prosody-0.11.5-1.el7
python-iso3166-1.0.1-1.el7
python-jmespath-0.9.4-1.el7
python3-jinja2-2.11.1-1.el7
srt-1.2.3-2.el7
vifm-0.10.1-3.el7
webextension-token-signing-1.1.2-1.el7
Details about builds:
================================================================================
ansible-2.9.6-3.el7 (FEDORA-EPEL-2020-89cb0d7bbb)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
# Ansible * Add python3 subpackage. # python-jmespath * Update to 0.9.4. *
Add python3 subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.9.6-3
- Ship ansible-test in both (py2 and py3) variants
* Sun Apr 5 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.9.6-2
- Enable python3 subpackage
--------------------------------------------------------------------------------
================================================================================
cc65-2.18-12.el7 (FEDORA-EPEL-2020-85f63edcb8)
A free C compiler for 6502 based systems
--------------------------------------------------------------------------------
Update Information:
- Add several bugfix patches from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.18-12
- Add several bugfix patches from upstream
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.18-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Nov 20 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.18-10
- Add several bugfix patches from upstream
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.18-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
chromium-80.0.3987.163-1.el7 (FEDORA-EPEL-2020-181270fbae)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Bugfix release from Google for 80.0.3987.162. ---- Update to 80.0.3987.162.
Fixes the following CVEs: * CVE-2020-6450 * CVE-2020-6451 ��� CVE-2020-6452 ----
Update to 80.0.3987.149. Upstream says it fixes "13" security issues, but only
lists these CVEs: * CVE-2020-6422: Use after free in WebGL * CVE-2020-6424: Use
after free in media * CVE-2020-6425: Insufficient policy enforcement in
extensions. * CVE-2020-6426: Inappropriate implementation in V8 *
CVE-2020-6427: Use after free in audio * CVE-2020-6428: Use after free in audio
* CVE-2020-6429: Use after free in audio. * CVE-2019-20503: Out of bounds read
in usersctplib. * CVE-2020-6449: Use after free in audio
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 4 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.163-1
- update to 80.0.3987.163
* Wed Apr 1 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.162-1
- update to 80.0.3987.162
* Wed Mar 18 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.149-1
- update to 80.0.3987.149
* Thu Feb 27 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.132-1
- update to 80.0.3987.132
- disable C++17 changes (this means f32+ will no longer build, but it segfaulted immediately)
* Thu Feb 27 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.122-1
- update to 80.0.3987.122
* Mon Feb 17 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.106-1
- update to 80.0.3987.106
* Wed Feb 5 2020 Tom Callaway <spot(a)fedoraproject.org> - 80.0.3987.87-1
- update to 80.0.3987.87
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 79.0.3945.130-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1815241 - CVE-2020-6424 chromium-browser: Use after free in media
https://bugzilla.redhat.com/show_bug.cgi?id=1815241
[ 2 ] Bug #1815242 - CVE-2020-6425 chromium-browser: Insufficient policy enforcement in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1815242
[ 3 ] Bug #1815243 - CVE-2020-6426 chromium-browser: Inappropriate implementation in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1815243
[ 4 ] Bug #1815244 - CVE-2020-6427 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815244
[ 5 ] Bug #1815245 - CVE-2020-6428 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815245
[ 6 ] Bug #1815247 - CVE-2020-6429 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815247
[ 7 ] Bug #1815248 - CVE-2020-6449 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1815248
[ 8 ] Bug #1815259 - CVE-2020-6422 chromium-browser: Use after free in WebGL
https://bugzilla.redhat.com/show_bug.cgi?id=1815259
[ 9 ] Bug #1820155 - CVE-2020-6450 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1820155
[ 10 ] Bug #1820156 - CVE-2020-6451 chromium-browser: Use after free in WebAudio
https://bugzilla.redhat.com/show_bug.cgi?id=1820156
[ 11 ] Bug #1820157 - CVE-2020-6452 chromium-browser: Heap buffer overflow in media
https://bugzilla.redhat.com/show_bug.cgi?id=1820157
--------------------------------------------------------------------------------
================================================================================
firefox-pkcs11-loader-3.13.5-1.el7 (FEDORA-EPEL-2020-c98e73d0f1)
Helper script for Firefox that sets up the browser for authentication with Estonian ID-card
--------------------------------------------------------------------------------
Update Information:
- Upstream release 3.13.5: Create linux policy to install Firefox extension from
Mozilla Addon store
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Dmitri Smirnov <dmitri(a)smirnov.ee> 3.13.5-1
- Upstream release 3.13.5: Create linux policy to install Firefox extension from Mozilla Addon store
--------------------------------------------------------------------------------
================================================================================
php-phpseclib-2.0.27-1.el7 (FEDORA-EPEL-2020-2221f62c60)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.27** * SFTP: change the mode with a SETSTAT instead of MKDIR
(#1463) * SFTP: make it so extending SFTP class doesn't cause a segfault
(#1465) * Random::string didn't always return all the requested bytes (#1466)
---- **Version 2.0.26** * SFTP: another attempt at speeding up uploads
(#1455) * SSH2: try logging in with none as an auth method first (#1454) *
ASN1: fix for malformed ASN1 strings (#1456)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Remi Collet <remi(a)remirepo.net> - 2.0.27-1
- update to 2.0.27
* Mon Mar 23 2020 Remi Collet <remi(a)remirepo.net> - 2.0.26-1
- update to 2.0.26
--------------------------------------------------------------------------------
================================================================================
prosody-0.11.5-1.el7 (FEDORA-EPEL-2020-f06cb6499c)
Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Prosody 0.11.5 ============== This release mostly adds command line flags to
force foreground or background operation, which replaces and deprecates the
`daemonize` option in the config file. Fixes and improvements
---------------------- * prosody / mod_posix: Support for command-line flags
to override `daemonize` config option Minor changes ------------- *
mod_websocket: Clear mask bit when reflecting ping frames (fixes #1484:
Websocket masks pong answer)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Robert Scheck <robert(a)fedoraproject.org> 0.11.5-1
- Upgrade to 0.11.5 (#1816855)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816855 - prosody-0.11.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1816855
--------------------------------------------------------------------------------
================================================================================
python-iso3166-1.0.1-1.el7 (FEDORA-EPEL-2020-03ad609e02)
Self-contained ISO 3166-1 country definitions
--------------------------------------------------------------------------------
Update Information:
First import for EPEL
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-jmespath-0.9.4-1.el7 (FEDORA-EPEL-2020-89cb0d7bbb)
JSON Matching Expressions
--------------------------------------------------------------------------------
Update Information:
# Ansible * Add python3 subpackage. # python-jmespath * Update to 0.9.4. *
Add python3 subpackage.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 5 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 0.9.4-1
- Update to 0.9.4
- Add python3 subpackage
* Wed Jan 6 2016 Fabio Alessandro Locati <fabio(a)locati.cc> - 0.9.0-2
- Improve to set the Provides tag for EL6 too
--------------------------------------------------------------------------------
================================================================================
python3-jinja2-2.11.1-1.el7 (FEDORA-EPEL-2020-6eb178f109)
General purpose template engine
--------------------------------------------------------------------------------
Update Information:
Update to 2.11.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.11.1-1
- Update to 2.11.1
--------------------------------------------------------------------------------
================================================================================
srt-1.2.3-2.el7 (FEDORA-EPEL-2020-da484c111e)
Secure Reliable Transport protocol tools
--------------------------------------------------------------------------------
Update Information:
Introduce srt for epel7 Switch to gnutls by default
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
vifm-0.10.1-3.el7 (FEDORA-EPEL-2020-d4584d14eb)
File manager with curses interface, which provides Vi[m]-like environment
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1800234 - vifm: FTBFS in Fedora rawhide/f32
https://bugzilla.redhat.com/show_bug.cgi?id=1800234
--------------------------------------------------------------------------------
================================================================================
webextension-token-signing-1.1.2-1.el7 (FEDORA-EPEL-2020-098a916695)
Chrome and Firefox extension for signing with your eID on the web
--------------------------------------------------------------------------------
Update Information:
- Upstream release 1.1.2 - Create linux policy to install Firefox extension from
Mozilla Addon store - Add G2 Latvia card ATR
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2020 Dmitri Smirnov <dmitri(a)smirnov.ee> - 1.1.2-1
- Upstream release 1.1.2
--------------------------------------------------------------------------------