The following Fedora EPEL 6 Security updates need testing:
Age URL
22 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12f1eb1b1f tomcat-7.0.94-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
dmlite-1.13.0-1.el6
gfal2-util-1.5.3-1.el6
mozilla-https-everywhere-2019.6.27-2.el6
Details about builds:
================================================================================
dmlite-1.13.0-1.el6 (FEDORA-EPEL-2019-14d7147b2b)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
Bugfixes and source code consolidation.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.13.0-1
- New upstream release 1.13.0
--------------------------------------------------------------------------------
================================================================================
gfal2-util-1.5.3-1.el6 (FEDORA-EPEL-2019-03a7c6e915)
GFAL2 utility tools
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2019 Andrea Manzi <amanzi(a)cern.ch> - 1.5.3-1
- New upstream release
* Sun Feb 17 2019 Andrea Manzi <amanzi(a)cern.ch> - 1.5.2-1
- New upstream release
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Feb 20 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 1.5.1-3
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2019.6.27-2.el6 (FEDORA-EPEL-2019-94be830804)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
- Making stylistic changes for mobile friendliness in Fennec - Inclusion and use
of the lib-wasm submodule, lowering memory overhead - Refactor secure cookie
logic - Code cleanup - Fix bug where link HTML is replaced in cancel page,
instead of text - Bundled ruleset updates
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2019 Russell Golden <niveusluna(a)fedoraproject.org> - 2019.6.27-2
- Whoops. Fix date on previous changelog entry.
* Thu Jul 11 2019 Russell Golden <niveusluna(a)fedoraproject.org> - 2019.6.27-1
- Making stylistic changes for mobile friendliness in Fennec
- Inclusion and use of the lib-wasm submodule, lowering memory overhead
- Refactor secure cookie logic
- Code cleanup
- Fix bug where link HTML is replaced in cancel page, instead of text
- Bundled ruleset updates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1717242 - mozilla-https-everywhere-2019.6.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1717242
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
331 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
107 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7
73 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7
70 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7
42 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1 hostapd-2.8-1.el7
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b94f559810 chromium-75.0.3770.100-2.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6459239aba radare2-3.6.0-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897 dosbox-0.74.3-2.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8ec09fab8d freetds-1.1.11-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-670ca3c5f3 pyxdg-0.25-8.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dmlite-1.13.0-1.el7
gfal2-util-1.5.3-1.el7
knot-2.8.2-1.el7
knot-resolver-4.1.0-1.el7
mozilla-https-everywhere-2019.6.27-2.el7
squirrelmail-1.4.23-1.el7.20190710
Details about builds:
================================================================================
dmlite-1.13.0-1.el7 (FEDORA-EPEL-2019-c012ac3144)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
Bugfixes and source code consolidation.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 Oliver Keeble <oliver.keeble(a)cern.ch> - 1.13.0-1
- New upstream release 1.13.0
--------------------------------------------------------------------------------
================================================================================
gfal2-util-1.5.3-1.el7 (FEDORA-EPEL-2019-121fa0b8d9)
GFAL2 utility tools
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2019 Andrea Manzi <amanzi(a)cern.ch> - 1.5.3-1
- New upstream release
* Sun Feb 17 2019 Andrea Manzi <amanzi(a)cern.ch> - 1.5.2-1
- New upstream release
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Feb 20 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 1.5.1-3
- Update Python 2 dependency declarations to new packaging standards
(See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
knot-2.8.2-1.el7 (FEDORA-EPEL-2019-487a6fb279)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Rebase to Knot DNS 2.8.2 and Knot Resolver 4.1.0
-------------------------------------------------------------------- - Knot DNS
update should be seamless (however users are advised to read https://www.knot-
dns.cz/docs/2.8/html/migration.html#upgrade-2-7-x-to-2-8-x ) - Knot Resolver
update might require config update for non-default configurations, please refer
to https://knot-resolver.readthedocs.io/en/stable/upgrading.html - manual
service restart may be required (or reboot)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2019 Tomas Krizek <tomas.krizek(a)nic.cz> - 2.8.2-1
- rebase to latest upstream version 2.8.2
--------------------------------------------------------------------------------
================================================================================
knot-resolver-4.1.0-1.el7 (FEDORA-EPEL-2019-487a6fb279)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Rebase to Knot DNS 2.8.2 and Knot Resolver 4.1.0
-------------------------------------------------------------------- - Knot DNS
update should be seamless (however users are advised to read https://www.knot-
dns.cz/docs/2.8/html/migration.html#upgrade-2-7-x-to-2-8-x ) - Knot Resolver
update might require config update for non-default configurations, please refer
to https://knot-resolver.readthedocs.io/en/stable/upgrading.html - manual
service restart may be required (or reboot)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 Tomas Krizek <tomas.krizek(a)nic.cz> - 4.1.0-1
- update to new upstream version 4.1.0
- add kres-cache-gc.service
* Wed May 29 2019 Tomas Krizek <tomas.krizek(a)nic.cz> - 4.0.0.-1
- rebase to new upstream release 4.0.0
- bump Knot DNS libraries to 2.8 (ABI compat)
- use new upstream build system - meson
- add knot-resolver-module-http package along with new lua dependecies
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 10 2019 Tomas Krizek <tomas.krizek(a)nic.cz> - 3.2.1-1
Knot Resolver 3.2.1 (2019-01-10)
================================
Bugfixes
--------
- trust_anchors: respect validity time range during TA bootstrap (!748)
- fix TLS rehandshake handling (!739)
- make TLS_FORWARD compatible with GnuTLS 3.3 (!741)
- special thanks to Grigorii Demidov for his long-term work on Knot Resolver!
Improvements
------------
- improve handling of timeouted outgoing TCP connections (!734)
- trust_anchors: check syntax of public keys in DNSKEY RRs (!748)
- validator: clarify message about bogus non-authoritative data (!735)
- dnssec validation failures contain more verbose reasoning (!735)
- new function trust_anchors.summary() describes state of DNSSEC TAs (!737),
and logs new state of trust anchors after start up and automatic changes
- trust anchors: refuse revoked DNSKEY even if specified explicitly,
and downgrade missing the SEP bit to a warning
* Mon Dec 17 2018 Tomas Krizek <tomas.krizek(a)nic.cz> - 3.2.0-1
Knot Resolver 3.2.0 (2018-12-17)
================================
New features
------------
- module edns_keepalive to implement server side of RFC 7828 (#408)
- module nsid to implement server side of RFC 5001 (#289)
- module bogus_log provides .frequent() table (!629, credit Ulrich Wisser)
- module stats collects flags from answer messages (!629, credit Ulrich Wisser)
- module view supports multiple rules with identical address/TSIG specification
and keeps trying rules until a "non-chain" action is executed (!678)
- module experimental_dot_auth implements an DNS-over-TLS to auth protocol
(!711, credit Manu Bretelle)
- net.bpf bindings allow advanced users to use eBPF socket filters
Bugfixes
--------
- http module: only run prometheus in parent process if using --forks=N,
as the submodule collects metrics from all sub-processes as well.
- TLS fixes for corner cases (!700, !714, !716, !721, !728)
- fix build with -DNOVERBOSELOG (#424)
- policy.{FORWARD,TLS_FORWARD,STUB}: respect net.ipv{4,6} setting (!710)
- avoid SERVFAILs due to certain kind of NS dependency cycles, again
(#374) this time seen as 'circular dependency' in verbose logs
- policy and view modules do not overwrite result finished requests (!678)
Improvements
------------
- Dockerfile: rework, basing on Debian instead of Alpine
- policy.{FORWARD,TLS_FORWARD,STUB}: give advantage to IPv6
when choosing whom to ask, just as for iteration
- use pseudo-randomness from gnutls instead of internal ISAAC (#233)
- tune the way we deal with non-responsive servers (!716, !723)
- documentation clarifies interaction between policy and view modules (!678, !730)
Module API changes
------------------
- new layer is added: answer_finalize
- kr_request keeps ::qsource.packet beyond the begin layer
- kr_request::qsource.tcp renamed to ::qsource.flags.tcp
- kr_request::has_tls renamed to ::qsource.flags.tls
- kr_zonecut_add(), kr_zonecut_del() and kr_nsrep_sort() changed parameters slightly
* Fri Nov 2 2018 Tomas Krizek <tomas.krizek(a)nic.cz> - 3.1.0-1
Knot Resolver 3.1.0 (2018-11-02)
================================
Incompatible changes
--------------------
- hints.use_nodata(true) by default; that's what most users want
- libknot >= 2.7.2 is required
Improvements
------------
- cache: handle out-of-space SIGBUS slightly better (#197)
- daemon: improve TCP timeout handling (!686)
Bugfixes
--------
- cache.clear('name'): fix some edge cases in API (#401)
- fix error handling from TLS writes (!669)
- avoid SERVFAILs due to certain kind of NS dependency cycles (#374)
* Mon Aug 20 2018 Tomas Krizek <tomas.krizek(a)nic.cz> - 3.0.0-1
Knot Resolver 3.0.0 (2018-08-20)
================================
Incompatible changes
--------------------
- cache: fail lua operations if cache isn't open yet (!639)
By default cache is opened *after* reading the configuration,
and older versions were silently ignoring cache operations.
Valid configuration must open cache using `cache.open()` or `cache.size =`
before executing cache operations like `cache.clear()`.
- libknot >= 2.7.1 is required, which brings also larger API changes
- in case you wrote custom Lua modules, please consult
https://knot-resolver.readthedocs.io/en/latest/lib.html#incompatible-change…
- in case you wrote custom C modules, please see compile against
Knot DNS 2.7 and adjust your module according to messages from C compiler
- DNS cookie module (RFC 7873) is not available in this release,
it will be later reworked to reflect development in IEFT dnsop working group
- version module was permanently removed because it was not really used by users;
if you want to receive notifications abou new releases please subscribe to
https://lists.nic.cz/cgi-bin/mailman/listinfo/knot-resolver-announce
Bugfixes
--------
- fix multi-process race condition in trust anchor maintenance (!643)
- ta_sentinel: also consider static trust anchors not managed via RFC 5011
Improvements
------------
- reorder_RR() implementation is brought back
- bring in performace improvements provided by libknot 2.7
- cache.clear() has a new, more powerful API
- cache documentation was improved
- old name "Knot DNS Resolver" is replaced by unambiguous "Knot Resolver"
to prevent confusion with "Knot DNS" authoritative server
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-2019.6.27-2.el7 (FEDORA-EPEL-2019-09ae45c369)
HTTPS enforcement extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
- Making stylistic changes for mobile friendliness in Fennec - Inclusion and use
of the lib-wasm submodule, lowering memory overhead - Refactor secure cookie
logic - Code cleanup - Fix bug where link HTML is replaced in cancel page,
instead of text - Bundled ruleset updates
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 11 2019 Russell Golden <niveusluna(a)fedoraproject.org> - 2019.6.27-2
- Whoops. Fix date on previous changelog entry.
* Thu Jul 11 2019 Russell Golden <niveusluna(a)fedoraproject.org> - 2019.6.27-1
- Making stylistic changes for mobile friendliness in Fennec
- Inclusion and use of the lib-wasm submodule, lowering memory overhead
- Refactor secure cookie logic
- Code cleanup
- Fix bug where link HTML is replaced in cancel page, instead of text
- Bundled ruleset updates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1717242 - mozilla-https-everywhere-2019.6.27 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1717242
--------------------------------------------------------------------------------
================================================================================
squirrelmail-1.4.23-1.el7.20190710 (FEDORA-EPEL-2019-aabd063c30)
webmail client written in php
--------------------------------------------------------------------------------
Update Information:
updated to 1.4 branch snapshot containing several security fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 Michal Hlavinka <mhlavink(a)redhat.com> - 1.4.23-1.20190710
- squirrelmail updated to newer snapshot
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.23-1.20180816
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Aug 16 2018 Michal Hlavinka <mhlavink(a)redhat.com> - 1.4.23-0.20180816
- update squirrelmail to a svn snapshot, as latest stable release is over 8 years old
- fixes CVE-2018-14950, CVE-2018-14951, CVE-2018-14952, CVE-2018-14953, CVE-2018-14954,
CVE-2018-14955
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.22-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.22-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4.22-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Jul 13 2017 Petr Pisar <ppisar(a)redhat.com> - 1.4.22-20
- perl dependency renamed to perl-interpreter
<https://fedoraproject.org/wiki/Changes/perl_Package_to_Install_Core_Modules>
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1616100 - CVE-2018-14955 squirrelmail: persistent XSS in message display via SVG animations [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616100
[ 2 ] Bug #1616097 - CVE-2018-14954 squirrelmail: persistent XSS in message display the formaction attribute [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616097
[ 3 ] Bug #1616094 - CVE-2018-14953 squirrelmail: persistent XSS in message display via a "<math xlink:href=" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616094
[ 4 ] Bug #1616090 - CVE-2018-14952 squirrelmail: persistent XSS in message display via a "<math><maction xlink:href=" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616090
[ 5 ] Bug #1616087 - CVE-2018-14951 squirrelmail: persistent XSS in message display via a "<form action='data:text" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616087
[ 6 ] Bug #1616084 - CVE-2018-14950 squirrelmail: persistent XSS in message display via a "<svg><a xlink:href=" [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1616084
[ 7 ] Bug #1560341 - CVE-2018-8741 SquirrelMail: Directory traversal flaw in Deliver.class.php can allow a remote attacker to retrieve or delete arbitrary files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1560341
[ 8 ] Bug #1724405 - squirrelmail 1.4.23 for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1724405
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12f1eb1b1f tomcat-7.0.94-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
fedfind-4.2.7-1.el6
netdata-1.16.0-1.el6
perl-Fsdb-2.67-1.el6
Details about builds:
================================================================================
fedfind-4.2.7-1.el6 (FEDORA-EPEL-2019-6704cdd144)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
fedfind 4.2.6 contains a single change. The regex used to identify respin
release images is updated to match the current name format. This fixes fedfind
so it is once again able to find these "releases". (The author would be happy if
the respin maintainer would stop changing the darn name format on a whim).
fedfind 4.2.7 improves the implementation of the `version` attribute so that it
is better for updates and updates-testing composes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 Adam Williamson <awilliam(a)redhat.com> - 4.2.7-1
- New release 4.2.7: fix 'version' for update composes
* Tue Jul 9 2019 Adam Williamson <awilliam(a)redhat.com> - 4.2.6-1
- New release 4.2.6: update the respin image regex, again
--------------------------------------------------------------------------------
================================================================================
netdata-1.16.0-1.el6 (FEDORA-EPEL-2019-1a76eb70da)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 8 2019 Didier Fabert <didier.fabert(a)gmail.com> 1.16.0-1
- Update from upstream
--------------------------------------------------------------------------------
================================================================================
perl-Fsdb-2.67-1.el6 (FEDORA-EPEL-2019-f5dd6eccd7)
A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:
See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 John Heidemann <johnh(a)isi.edu> 2.67-1
- See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
330 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7
106 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294 cinnamon-3.6.7-5.el7
72 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7
69 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7
41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1 hostapd-2.8-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b94f559810 chromium-75.0.3770.100-2.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-6459239aba radare2-3.6.0-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12067fc897 dosbox-0.74.3-2.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8ec09fab8d freetds-1.1.11-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-670ca3c5f3 pyxdg-0.25-8.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ensmallen-1.15.1-1.el7
fedfind-4.2.7-1.el7
netdata-1.16.0-1.el7
perl-Fsdb-2.67-1.el7
Details about builds:
================================================================================
ensmallen-1.15.1-1.el7 (FEDORA-EPEL-2019-96c517757d)
Header-only C++ library for efficient mathematical optimization
--------------------------------------------------------------------------------
Update Information:
Add new package (new dependency of mlpack).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1706659 - Review Request: ensmallen - header-only C++ library for efficient mathematical optimization
https://bugzilla.redhat.com/show_bug.cgi?id=1706659
--------------------------------------------------------------------------------
================================================================================
fedfind-4.2.7-1.el7 (FEDORA-EPEL-2019-0c8ba1ef2c)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
fedfind 4.2.6 contains a single change. The regex used to identify respin
release images is updated to match the current name format. This fixes fedfind
so it is once again able to find these "releases". (The author would be happy if
the respin maintainer would stop changing the darn name format on a whim).
fedfind 4.2.7 improves the implementation of the `version` attribute so that it
is better for updates and updates-testing composes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 Adam Williamson <awilliam(a)redhat.com> - 4.2.7-1
- New release 4.2.7: fix 'version' for update composes
* Tue Jul 9 2019 Adam Williamson <awilliam(a)redhat.com> - 4.2.6-1
- New release 4.2.6: update the respin image regex, again
--------------------------------------------------------------------------------
================================================================================
netdata-1.16.0-1.el7 (FEDORA-EPEL-2019-65675d41d5)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 8 2019 Didier Fabert <didier.fabert(a)gmail.com> 1.16.0-1
- Update from upstream
--------------------------------------------------------------------------------
================================================================================
perl-Fsdb-2.67-1.el7 (FEDORA-EPEL-2019-f86c4db4f3)
A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:
See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 10 2019 John Heidemann <johnh(a)isi.edu> 2.67-1
- See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-12f1eb1b1f tomcat-7.0.94-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
cc65-2.18-6.el6
distribution-gpg-keys-1.32-1.el6
python-enlighten-1.3.0-1.el6
Details about builds:
================================================================================
cc65-2.18-6.el6 (FEDORA-EPEL-2019-e766e79d45)
A free C compiler for 6502 based systems
--------------------------------------------------------------------------------
Update Information:
- Add an upstream patch to fix ld65 behaviour. - Clarify the purpose of the
devel package in its %description a bit more verbose.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 5 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.18-6
- Clarify the purpose of the devel package in its %description
a bit more verbose
* Fri Jul 5 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.18-5
- Add an upstream patch to fix ld65 behaviour
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.32-1.el6 (FEDORA-EPEL-2019-0bda5e3b31)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- Update Copr keys - Add OpenMandriva package signing key - add Zimbra key
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 8 2019 Miroslav Such�� <msuchy(a)redhat.com> 1.32-1
- Update Copr keys
- Add OpenMandriva package signing key
- add Zimbra key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1727751 - distribution-gpg-keys-1.32-1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1727751
--------------------------------------------------------------------------------
================================================================================
python-enlighten-1.3.0-1.el6 (FEDORA-EPEL-2019-99f3b7d8d2)
Enlighten Progress Bar
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 8 2019 Avram Lubkin <aviso(a)rockhopper.net> - 1.3.0-1
- Update to 1.3.0
--------------------------------------------------------------------------------
# EPEL-8 Production Layout
## TL; DR:
1. EPEL-8 will have a multi-phase rollout into production.
2. EPEL-8.0 will build using existing grobisplitter in order to use a
'flattened' build system without modules.
3. EPEL-8.1 will start in staging without grobisplitter and using default
modules via mock.
4. The staging work will allow for continual development changes in koji,
'ursa-prime', and MBS functionality to work without breaking Fedora 31 or
initial EPEL-8.0 builds.
5. EPEL-8.1 is tentatively to be ready by November 2019 after Fedora 31
around the time that RHEL-8.1 may release (if it uses a 6 month cadence.)
## Multi-phase rollout
[As documented elsewhere](
https://smoogespace.blogspot.com/2019/06/epel-8.html) EPEL-8 has been
slowly rolling out due to the many changes in RHEL and in the Fedora build
system since EPEL-7 was initiated in 2014. Trying to roll out an EPEL-8
which was 'final' and thus the way it always will be was too prone to
failure as we find we have to constantly change plans to match reality.
We will be rolling out EPEL-8 in a multi-phase release cycle. Each cycle
will allow for hopefully greater functionality for developers and
consumers. On the flip side, we will find that we have to change
expectations of what can and can not be delivered inside of EPEL over that
time.
Phases:
1. 8.0 will be a 'minimal viability'. Due to unshipped development
libraries and the lack of building replacement modules, not all packages
will be able to build. Instead only non-modular RPMs which can rely on only
'default' modules will work. Packages must also only rely on what is
shipped in RHEL-8.0 BaseOS/AppStream/CodeReadyBuilder channels versus any
'unshipped -devel' packages.
2. 8.1 will add on 'minimal modularity'. Instead of using a flattened build
system, we will look at updating koji to have basic knowledge of
modularity, use a tool to tag in packages from modules as needed, and
possibly add in the Module Build System (MBS) in order to ship modules.
3. 8.2 will finish adding in the Module Build System and will enable gating
and CI into the workflow so that packages can tested faster.
Due to the fact that the phases will change how EPEL is produced, there may
be need to be mass rebuilds between each one. There will also be changes in
policies about what packages are allowed to be in EPEL and how they would
be allowed.
## Problems with koji, modules and mock
If you are wanting to build packages in mock, you can set up a lot of
controls in ``/etc/mock/foo.cfg`` which will turn on and off modules as
needed so that you can enable the ``javapackages-tools`` or ``virt-devel``
module so that packages like ``libssh2-devel`` or ``javapackages-local``
are available. However koji does not allow this control per channel because
it is meant to completely control what packages are brought into a
buildroot. Every build records what packages were used to build an artifact
and koji will create a special mock config file to pull in those items.
This allows for a high level of auditability and confirmation that the
package stored is the package built, and that what was built used certain
things.
For building an operating system like Fedora or Red Hat Enterprise Linux
(RHEL), this works great because you can show how things were done 2-3
years later when trying to debug something else. However when koji does not
'own' the lifecycle of packages this becomes problematic. In building EPEL,
the RHEL packages are given to the buildroot via external repositories.
This means that koji does not fully know the lifecycle of the packages it
'pulls' in to the buildroot. In a basic mode it will choose packages it has
built/knows about first, then packages from the buildroot, and if there is
a conflict from external packages will try to choose the one with the
highest ``epoch-version-release-timestamp`` so that only the newest version
is in. (If the timestamp is the same, it tends to refuse to use both
packages).
An improvement to this was adding code to ``mergerepo`` which allows for
dnf to make a choice on which packages to use between repositories. This
allows for mock's dnf to pull in modules without the repositories having
been mangled or 'flattened' as with grobisplitter. However, it is not a
complete story. For DNF to know which modules to pull in it needs to set an
environment variable for the platform (for fedora releases it is something
like f30 and for RHEL it is el8). Koji doesn't know how to do this so the
solution would be to set it in the build systems
``/etc/mock/site-defaults.cfg`` but that would affect all builds and would
cause problems for building Fedora on the same build system.
## Grobisplitter
A second initiative to deal with building with modules was to try and take
modules out of the equation completely. Since a module is a virtual
repository embedded in a real one, you should be able to pull them apart
and make new ones. [Grobisplitter](
https://pagure.io/puiterwijk/grobisplitter) was designed to do this to help
get CentOS-8 ready and also allow for EPEL to bootstrap using a minimal
buildset. While working on this, we found that we needed also parts of the
'--bare' koji work because certain python packages have the same src.rpm
name-version but different releases which koji would kick out.
Currently grobisplitter does not put in any information about the module it
'spat' out. This will affect building when dnf starts seeing metadata in
individual rpms which says 'this is part of a module and needs to be
installed as such'.
## Production plans
We are trying to determine which tool will work better long term in order
to make EPEL-8.0 and EPEL-8.1 work.
### EPEL-8.0
| Start Date | End Date | Work Planned | Party Involved |
| ---------- | ---------- | ------------ | -------------- |
| 2019-07-01 | 2019-07-05 | Lessons Learned | Smoogen, Mohan |
| 2019-07-01 | 2019-07-05 | Documentation | Smoogen |
| 2019-07-08 | 2019-07-12 | Release Build work | Mohan, Fenzi |
| 2019-07-08 | 2019-07-12 | Call for packages | Smoogen |
| 2019-07-15 | 2019-07-19 | Initial branching | Mohan, Dawson |
| 2019-07-22 | 2019-07-31 | First branch/test | Dawson, et al |
| 2019-08-01 | 2019-08-01 | EPEL-8.0 GA | EPEL Steering Committee |
| 2019-08-01 | 2019-08-08 | Lessons Learned | Smoogen, et al |
| 2019-08-01 | 2019-08-08 | Revise documentation | Smoogen, et al |
| 2019-09-01 | 2019-09-01 | Bodhi gating turned on | Mohan |
#### EPEL-8.0 Production Breakout
1. **Lessons Learned.** Document the steps and lessons learned from the
previous time frame. Because previous EPEL spin-ups have been done multiple
years apart, what was known is forgotten and has to be relearned. By
capturing it, we hope that EPEL-9 does not take as long.
2. **Documentation.** Write documents on what was done to set up the
environment and what is expected in the next section (how to branch to
EPEL-8, how to build with EPEL-8, dealing with unshipped packages, updated
FAQ)
3. **Call for Packages** This will be going over the steps that packagers
need to follow to get packages branched to EPEL-8.
4. **Release Build Work.** This is setting up the builders and environment
in production. Most of the steps should be repeats of what was done in
staging with additional work done in bodhi to have signing and composes work
5. **Initial Branching.** This where the first set of packages are needed
to be branched and built for EPEL-8: epel-release, epel-rpm-macros,
fedpkg-minimal, fedpkg (and all the things needed for it).
6. **First Branch** Going over the various tickets for EPEL-8 packages, a
reasonable sample will be branched. Work will be done with the packagers on
problems they find. This will continue as needed.
7. **EPEL-8.0 GA** Branching can follow normal processes to get done.
8. **Lessons Learned.** Go over problems and feed into other groups
backlogs.
9. **Documentation** Update previous documents and add any that were found
to be needed.
### EPEL-8.1
| Start Date | End Date | Work Planned | Party Involved |
| ---------- | ---------- | ------------ | -------------- |
| 2019-07-01 | 2019-07-05 | Lessons Learned | Fenzi, Contyk, et al |
| 2019-07 | ???? | Groom Koji changes needed | ??? |
| 2019-07 | ???? | Write/Test Koji changes needed | ??? |
| 2019-07 | ???? | Non-modular RPM in staging | ??? |
| 2019-07 | ???? | MBS in staging | ??? |
| 2019-08? | ???? | Implement Koji changes? | ??? |
| 2019-08? | ???? | Implement bodhi compose in staging? | ??? |
| 2019-09? | ???? | Close off 8.1 beta | ??? |
| 2019-09? | ???? | Lessons learned | ??? |
| 2019-09? | ???? | Begin changes in prod? | ??? |
| 2019-10? | ???? | Open module builds in EPEL | ??? |
| 2019-11? | ???? | EPEL-8.1 GA | EPEL Steering Committee |
| 2019-11? | ???? | Lessons Learned | ??? |
| 2019-11? | ???? | Revise documentation | ??? |
#### EPEL-8.1 Production Breakout
This follows the staging and production of the 8.0 with additional work in
order to make working with modules work in builds. Most of these dates and
layers need to be filled out in future meetings. The main work will be
adding in allowing a program code-named 'Ursa-Prime' to help build
non-modular rpms using modules as dependencies. This will allow for
grobisplitter to be replaced with a program that has long term maintenance.
--
Stephen J Smoogen.