The following Fedora EPEL 7 Security updates need testing: Age URL 763 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 503 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-49c5f31e92 python-pip-epel-8.1.2-14.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-864bc6779e chromium-85.0.4183.83-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83bdeb2965 ansible-2.9.13-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0a324e529d drupal7-7.72-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f9a066663b mbedtls-2.7.17-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-25e525a9ca seamonkey-2.53.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-918ad695f6 proftpd-1.3.5e-10.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d968abb383 golang-1.15.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
IP2Location-8.0.9-9.20200916git6e49424.el7 mock-2.6-1.el7 mock-core-configs-33-1.el7 nginx-1.16.1-2.el7 perl-URI-cpan-1.007-3.el7 python-ldap3-2.8.1-1.el7
Details about builds:
================================================================================ IP2Location-8.0.9-9.20200916git6e49424.el7 (FEDORA-EPEL-2020-f4d76a2061) C library for mapping IP address to geolocation information -------------------------------------------------------------------------------- Update Information:
subpackage data-sample: add suffix "SAMPLE" to included BIN files, fix file permissions ---- add patch to sync with upstream -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ mock-2.6-1.el7 (FEDORA-EPEL-2020-0996fb7a3c) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information:
mock - because of the mock-filesystem change, we need to enforce upgrade of the old mock-core-configs package - set the DNF user_agent in dnf.conf (msuchy@redhat.com) - introduce mock-filesystem subpackage (msuchy@redhat.com) - add showrc plugin to record the output of rpm --showrc (riehecky@fnal.gov) - document which packages we need in buildroot (msuchy@redhat.com) - macros without leading '%' like config_opts['macros']['macroname'] work fine again (issue#605) mock-core-cofnigs - provide the Fedora ELN mock configuration - some adjustments were done for the new mock-filesystem package https://github.com/rpm-software-management/mock/wiki/Release-Notes-2.6 - the --recurse option implies --continue - fix --chain --continue option - fail when --continue/--recurse is used without --chain - fix _copy_config() for broken symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with --rebuild - handle exceptions from command_parse() method - fail verbosely for --chain & --resultdir combination - allow using -a|--addrepo with /absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode - use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even with isolation=simple (msuchy@redhat.com) - dump the reason for particular package build fail in --chain - raise PkgError when the source RPM can not be installed -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 15 2020 Pavel Raiskup praiskup@redhat.com 2.6-1 - the --recurse option implies --continue - fix --chain --continue option - fail when --continue/--recurse is used without --chain - fix _copy_config() for broken symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with --rebuild - handle exceptions from command_parse() method - fail verbosely for --chain & --resultdir combination - allow using -a|--addrepo with /absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode - use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even with isolation=simple (msuchy@redhat.com) - dump the reason for particular package build fail in --chain - raise PkgError when the source RPM can not be installed * Thu Sep 3 2020 Pavel Raiskup praiskup@redhat.com 2.5-2 - because of the mock-filesystem change, we need to enforce upgrade of the old mock-core-configs package * Thu Sep 3 2020 Pavel Raiskup praiskup@redhat.com 2.5-1 - set the DNF user_agent in dnf.conf (msuchy@redhat.com) - introduce mock-filesystem subpackage (msuchy@redhat.com) - add showrc plugin to record the output of rpm --showrc (riehecky@fnal.gov) - document which packages we need in buildroot (msuchy@redhat.com) - macros without leading '%' like config_opts['macros']['macroname'] work fine again (issue#605) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode https://bugzilla.redhat.com/show_bug.cgi?id=1857918 [ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances https://bugzilla.redhat.com/show_bug.cgi?id=1878924 --------------------------------------------------------------------------------
================================================================================ mock-core-configs-33-1.el7 (FEDORA-EPEL-2020-0996fb7a3c) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information:
mock - because of the mock-filesystem change, we need to enforce upgrade of the old mock-core-configs package - set the DNF user_agent in dnf.conf (msuchy@redhat.com) - introduce mock-filesystem subpackage (msuchy@redhat.com) - add showrc plugin to record the output of rpm --showrc (riehecky@fnal.gov) - document which packages we need in buildroot (msuchy@redhat.com) - macros without leading '%' like config_opts['macros']['macroname'] work fine again (issue#605) mock-core-cofnigs - provide the Fedora ELN mock configuration - some adjustments were done for the new mock-filesystem package https://github.com/rpm-software-management/mock/wiki/Release-Notes-2.6 - the --recurse option implies --continue - fix --chain --continue option - fail when --continue/--recurse is used without --chain - fix _copy_config() for broken symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with --rebuild - handle exceptions from command_parse() method - fail verbosely for --chain & --resultdir combination - allow using -a|--addrepo with /absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode - use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even with isolation=simple (msuchy@redhat.com) - dump the reason for particular package build fail in --chain - raise PkgError when the source RPM can not be installed -------------------------------------------------------------------------------- ChangeLog:
* Thu Sep 3 2020 Pavel Raiskup praiskup@redhat.com 33-1 - bump version to 33, as we already ship F33 configs - because of the mock-filesystem change, depend on mock 2.5 * Thu Sep 3 2020 Pavel Raiskup praiskup@redhat.com 32.8-1 - set the DNF user_agent in dnf.conf (msuchy@redhat.com) - add Fedora ELN configs - introduce mock-filesystem subpackage (msuchy@redhat.com) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode https://bugzilla.redhat.com/show_bug.cgi?id=1857918 [ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances https://bugzilla.redhat.com/show_bug.cgi?id=1878924 --------------------------------------------------------------------------------
================================================================================ nginx-1.16.1-2.el7 (FEDORA-EPEL-2020-0f3f88c479) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information:
fix 404.html location and indenting (rhbz#1409685) include patch for CVE-2019-20372 (rhbz#1790280) -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 7 2020 Felix Kaechele heffer@fedoraproject.org - 1:1.16.1-2 - fix 404.html location and indenting (rhbz#1409685) - include patch for CVE-2019-20372 (rhbz#1790280) - rework patches to work with %autosetup -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409685 - a typo for 404 handler in the default server section https://bugzilla.redhat.com/show_bug.cgi?id=1409685 [ 2 ] Bug #1790280 - CVE-2019-20372 nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1790280 [ 3 ] Bug #1867261 - EPEL7 nginx package contains CVEs and it's two major versions behind. https://bugzilla.redhat.com/show_bug.cgi?id=1867261 --------------------------------------------------------------------------------
================================================================================ perl-URI-cpan-1.007-3.el7 (FEDORA-EPEL-2020-3cdcbc56e0) URLs that refer to things on the CPAN -------------------------------------------------------------------------------- Update Information:
This is the first build of perl-URI-cpan. -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1876259 - Review Request: perl-URI-cpan - URLs that refer to things on the CPAN https://bugzilla.redhat.com/show_bug.cgi?id=1876259 --------------------------------------------------------------------------------
================================================================================ python-ldap3-2.8.1-1.el7 (FEDORA-EPEL-2020-703be62e91) Strictly RFC 4511 conforming LDAP V3 pure Python client -------------------------------------------------------------------------------- Update Information:
Update to 2.8.1 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 15 2020 Avram Lubkin aviso@rockhopper.net - 2.8.1-1 - Update to 2.8.1 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org