Fedora EPEL 8 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 8 Security updates need testing:
Age URL
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83cd17b92f nrpe-4.0.2-2.el8
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8fcf741d7f cacti-1.2.11-1.el8 cacti-spine-1.2.11-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-dfc01a6be3 chromium-81.0.4044.113-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
ansible-2.9.7-1.el8
colordiff-1.0.19-1.el8
darktable-3.0.2-1.el8
libwebsockets-4.0.1-2.el8
mosquitto-1.6.9-2.el8
oval-graph-1.1.1-1.el8
pylibacl-0.5.4-3.el8
python-dominate-2.5.1-1.el8
python-scramp-1.1.1-1.el8
python-winsspi-0.0.9-1.el8
terminator-1.92-1.el8
testcloud-0.3.2-1.el8
votca-csg-1.6-1.el8
votca-tools-1.6-1.el8
votca-xtp-1.6-1.el8
Details about builds:
================================================================================
ansible-2.9.7-1.el8 (FEDORA-EPEL-2020-5af12f8767)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to bugfix and security update 2.9.7. See
https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v...
for detailed changes. ---- Update to upstream 2.9.6 and fix for 2 CVES:
CVE-2020-1737, CVE-2020-1739
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.7-1
- Update to 2.9.7.
- fixes CVE-2020-1733 CVE-2020-1735 CVE-2020-1740 CVE-2020-1746 CVE-2020-1753 CVE-2020-10684 CVE-2020-10685 CVE-2020-10691
- Drop the -s from the shebang to allow ansible to use locally installed modules.
* Fri Mar 6 2020 Kevin Fenzi <kevin(a)scrye.com> - 2.9.6-1
- Update to 2.9.6. Fixes bug #1810373
- fixes for CVE-2020-1737, CVE-2020-1739
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1805319 - CVE-2020-1740 ansible: secrets readable after ansible-vault edit [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805319
[ 2 ] Bug #1805322 - CVE-2020-1739 ansible: svn module leaks password when specified as a parameter [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805322
[ 3 ] Bug #1805326 - CVE-2020-1738 ansible: module package can be selected by the ansible facts [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805326
[ 4 ] Bug #1805329 - CVE-2020-1737 ansible: Extract-Zip function in win_unzip module does not check extracted path [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805329
[ 5 ] Bug #1805332 - CVE-2020-1736 ansible: atomic_move primitive sets permissive permissions [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805332
[ 6 ] Bug #1805336 - CVE-2020-1735 ansible: path injection on dest parameter in fetch module [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805336
[ 7 ] Bug #1805339 - CVE-2020-1734 ansible: shell enabled by default in a pipe lookup plugin subprocess [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805339
[ 8 ] Bug #1805342 - CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1805342
[ 9 ] Bug #1808472 - CVE-2020-1746 ansible: Information disclosure issue in ldap_attr and ldap_entry modules [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1808472
[ 10 ] Bug #1810373 - ansible-2.9.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1810373
[ 11 ] Bug #1811933 - CVE-2020-1753 ansible: kubectl connection plugin leaks sensitive information [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1811933
[ 12 ] Bug #1816311 - CVE-2020-10684 ansible: code injection when using ansible_facts as a subkey [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816311
[ 13 ] Bug #1816312 - CVE-2020-10685 ansible: modules which use files encrypted with vault are not properly cleaned up [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1816312
[ 14 ] Bug #1817979 - CVE-2020-10691 ansible: archive traversal vulnerability in ansible-galaxy collection install [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1817979
[ 15 ] Bug #1825070 - ansible-2.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825070
--------------------------------------------------------------------------------
================================================================================
colordiff-1.0.19-1.el8 (FEDORA-EPEL-2020-c099c5066b)
Color terminal highlighter for diff files
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.19. Changes in this version: * Add `difffile` color option,
allowing more git-like coloring (separate color for header of each changed file)
* Provide support for 24-bit colour strings
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2020 Richard Fearn <richardfearn(a)gmail.com> - 1.0.19-1
- Update to 1.0.19
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.18-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
darktable-3.0.2-1.el8 (FEDORA-EPEL-2020-96d9d5c5bc)
Utility to organize and develop raw images
--------------------------------------------------------------------------------
Update Information:
3.0.2 release
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Germano Massullo <germano.massullo(a)gmail.com> - 3.0.2-1
- 3.0.2 release
- Removed 4447-legacy_params.patch
--------------------------------------------------------------------------------
================================================================================
libwebsockets-4.0.1-2.el8 (FEDORA-EPEL-2020-61ef29a530)
A lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:
This is the libwebsockets C library for lightweight websocket clients and
servers.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.6.9-2.el8 (FEDORA-EPEL-2020-1f0e0e9d03)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Mosquitto is an open source message broker that implements the MQ Telemetry
Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of
carrying out messaging using a publish/subscribe model. This makes it suitable
for "machine to machine" messaging such as with low power sensors or mobile
devices such as phones, embedded computers or micro-controllers like the
Arduino.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
oval-graph-1.1.1-1.el8 (FEDORA-EPEL-2020-1860fb4343)
Tool for visualization of SCAP rule evaluation results
--------------------------------------------------------------------------------
Update Information:
release 1.1.1 ---- Fixes the required dependency ---- release 1.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2020 Jan Rodak <jrodak(a)redhat.com> - 1.1.1-1
- release 1.1.1
* Fri Apr 17 2020 Jan Rodak <jrodak(a)redhat.com> - 1.1.0-2
- Fixes the required dependency
* Wed Apr 15 2020 Jan Rodak <jrodak(a)redhat.com> - 1.1.0-1
- release 1.1.0
--------------------------------------------------------------------------------
================================================================================
pylibacl-0.5.4-3.el8 (FEDORA-EPEL-2020-1fa883bc10)
POSIX.1e ACLs library wrapper for Python
--------------------------------------------------------------------------------
Update Information:
Release for EPEL-8 with Python2 and Python3 versions
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-dominate-2.5.1-1.el8 (FEDORA-EPEL-2020-6f66312795)
Python library for HTML documents
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 2.5.1 (rhbz#1697397)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-scramp-1.1.1-1.el8 (FEDORA-EPEL-2020-405e72da3e)
An implementation of the SCRAM protocol
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 1.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 29 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.1.1-1
- Update to latest upstream release 1.1.1
--------------------------------------------------------------------------------
================================================================================
python-winsspi-0.0.9-1.el8 (FEDORA-EPEL-2020-4c72fff7d9)
Windows SSPI library in Python
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.0.9 (rhbz#1821092)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 0.0.9-1
- Update to latest upstream release 0.0.9 (rhbz#1821092)
* Mon Apr 6 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 0.0.8-1
- Update to latest upstream release 0.0.8 (rhbz#1821092)
* Mon Mar 30 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 0.0.7-1
- Use LICENSE file shipped in source tarball
- Update to latest upstream release 0.0.7 (rhbz#1814977)
* Fri Mar 27 2020 Fabian Affolter <mail(a)fabian-affolter.ch> - 0.0.5-1
- Update to latest upstream release 0.0.5 (rhbz#1814977)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821092 - python-winsspi-0.0.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1821092
--------------------------------------------------------------------------------
================================================================================
terminator-1.92-1.el8 (FEDORA-EPEL-2020-6850774286)
Store and run multiple GNOME terminals in one window
--------------------------------------------------------------------------------
Update Information:
This update brings the new Terminator release 1.92 to RHEL8 based linux
installation box near you. This is the first release of the new Terminator Team
at GitHub (https://github.com/gnome-terminator/terminator). It finally supports
Python 3 and fixes a lot of bugs. You can find a detailed changelog here:
https://github.com/gnome-terminator/terminator/blob/master/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
testcloud-0.3.2-1.el8 (FEDORA-EPEL-2020-ab6f9314fb)
Tool for running cloud images locally
--------------------------------------------------------------------------------
Update Information:
- Require only libguestfs-tools-c from libguestfs - Bump default RAM size to 768
MB - Fix for libvirt >= 6.0 - Fix DeprecationWarning: invalid escape sequence \w
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2020 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 0.3.2-1
- Require only libguestfs-tools-c from libguestfs
- Bump default RAM size to 768 MB
- Fix for libvirt >= 6.0
- Fix DeprecationWarning: invalid escape sequence \w
--------------------------------------------------------------------------------
================================================================================
votca-csg-1.6-1.el8 (FEDORA-EPEL-2020-a059b2b410)
VOTCA coarse-graining engine
--------------------------------------------------------------------------------
Update Information:
Bump Votca Package to 1.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Christoph Junghans <junghans(a)votca.org> - 1.6-1
- Version bump to v1.6 (bug #1825473)
* Mon Feb 10 2020 Christoph Junghans <junghans(a)votca.org> - 1.6~rc2-1
- Version bump to 1.6~rc2
- Drop 473.patch - merged upstream
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6-0.3rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Dec 12 2019 Christoph Junghans <junghans(a)votca.org> - 1.6-0.2rc1
- Added upstream 473.patch to fix 32bit build
* Thu Dec 5 2019 Christoph Junghans <junghans(a)votca.org> - 1.6-0.1rc1
- Version bump to 1.6_rc1 (bug #1779848)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1825473 - votca-csg-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825473
[ 2 ] Bug #1825474 - votca-tools-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825474
[ 3 ] Bug #1825475 - votca-xtp-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825475
--------------------------------------------------------------------------------
================================================================================
votca-tools-1.6-1.el8 (FEDORA-EPEL-2020-a059b2b410)
VOTCA tools library
--------------------------------------------------------------------------------
Update Information:
Bump Votca Package to 1.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Christoph Junghans <junghans(a)votca.org> - 1.6-1
- Version bump to v1.6 (bug #1825474)
* Mon Feb 10 2020 Christoph Junghans <junghans(a)votca.org> - 1.6~rc2-1
- Version bump to 1.6~rc2
- Drop 196.patch, 197.patch and 199.patch - merged upstream
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6-0.4rc1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Dec 12 2019 Christoph Junghans <junghans(a)votca.org> - 1.6-0.3rc1
- Added upstream 196.patch to failing table test
- Added upstream 199.patch to fix 32bit builds
* Thu Dec 5 2019 Christoph Junghans <junghans(a)votca.org> - 1.6-0.2rc1
- Added upstream 197.patch to fix CMake files
* Thu Dec 5 2019 Christoph Junghans <junghans(a)votca.org> - 1.6-0.1rc1
- Version bump to 1.6_rc1 (bug #1779862)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1825473 - votca-csg-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825473
[ 2 ] Bug #1825474 - votca-tools-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825474
[ 3 ] Bug #1825475 - votca-xtp-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825475
--------------------------------------------------------------------------------
================================================================================
votca-xtp-1.6-1.el8 (FEDORA-EPEL-2020-a059b2b410)
VOTCA excitation and charge properties module
--------------------------------------------------------------------------------
Update Information:
Bump Votca Package to 1.6
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1825473 - votca-csg-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825473
[ 2 ] Bug #1825474 - votca-tools-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825474
[ 3 ] Bug #1825475 - votca-xtp-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1825475
--------------------------------------------------------------------------------