January 2021 - epel-devel - Fedora Mailing-Lists

by updates＠fedoraproject.org

The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-83ab5bb91b opensmtpd-6.8.0p2-1.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-b68969af8c chromium-88.0.4324.96-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-403074b7e0 seamonkey-2.53.6-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing R-qtl-1.47.9-1.el8 lua-readline-2.8-1.el8 monitorix-3.13.1-1.el8 nx-libs-3.5.99.25-4.el8 rlwrap-0.44-1.el8 youtube-dl-2021.01.24.1-1.el8 yubico-piv-tool-2.2.0-1.el8 Details about builds: ================================================================================ R-qtl-1.47.9-1.el8 (FEDORA-EPEL-2021-b797df647f) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information: R-qtl 1.47-9 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 27 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.47.9-1 - Update to 1.47-9 * Mon Jan 25 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.46.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Aug 10 2020 Tom Callaway <spot(a)fedoraproject.org> - 1.46.2-5 - rebuild for FlexiBLAS R * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.46.2-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.46.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ lua-readline-2.8-1.el8 (FEDORA-EPEL-2021-21532ad9b8) Lua interface to the readline and history libraries -------------------------------------------------------------------------------- Update Information: - Update to 2.8 - Fix the reported version, it was not bumped for 2.8 - Use Fedora-specific linker flags (thanks to Robert Scheck <robert(a)fedoraproject.org>) - Add basic loadability checks (Robert) - Pull in lua-rpm-macros explicitly on EL <= 7 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 2.8-1 - Update to 2.8 - Fix the reported version, it was not bumped for 2.8 - Use Fedora-specific linker flags (thanks to Robert Scheck <robert(a)fedoraproject.org>) - Add basic loadability checks (Robert) - Pull in lua-rpm-macros explicitly on EL <= 7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1914667 - Lack of Fedora-specific linker flags https://bugzilla.redhat.com/show_bug.cgi?id=1914667 [ 2 ] Bug #1914686 - lua-readline-2.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1914686 -------------------------------------------------------------------------------- ================================================================================ monitorix-3.13.1-1.el8 (FEDORA-EPEL-2021-aadbebf090) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information: This new version fixes a security bug introduced in the 3.13.0 version that lead the HTTP built-in server to bypass the Basic Authentication when the option hosts_deny is not defined, which is the default. Besides this fix, this version also updates the main configuration file to add the option hosts_deny = all by default inside the auth subsection, in an attempt to make the default behaviour more clear. All users using the 3.13.0 version are advised and encouraged to upgrade to this new version, which resolves the security issue. ---- This new version introduces three new modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of an unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are both also capable of monitoring an unlimited number of Redis and Tinyproxy servers respectively. This version also includes some interesting new features. The new CSS theming support will allow people to create their own color themes. The new support for the ss command in port.pm and nginx.pm modules. The ability to map the device names and also to include a title name in disk.pm module. The new stacked visualization of network stats available on a number of modules, and more. Also with this new version, Monitorix is able to be executed as a regular user instead of root. This is of course subject to the capabilities of each module to get statistics without using the superuser. The rest of new features, changes and bugs fixed are, as always, reflected in the Changes file. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 27 2021 Jordi Sanfeliu <jordi(a)fibranet.cat> - 3.13.1-1 - Updated to 3.13.1. * Fri Jan 22 2021 Jordi Sanfeliu <jordi(a)fibranet.cat> - 3.13.0-1 - Updated to 3.13.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919169 - monitorix-3.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1919169 [ 2 ] Bug #1920998 - monitorix-3.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920998 -------------------------------------------------------------------------------- ================================================================================ nx-libs-3.5.99.25-4.el8 (FEDORA-EPEL-2021-3b4b144e1b) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information: Disable extraneous debug logging that can fill disks -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Orion Poplawski <orion(a)nwra.com> - 3.5.99.25-4 - Add upstream patch to quiet logging * Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.99.25-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1916491 - nxagent logs exessively to session.log https://bugzilla.redhat.com/show_bug.cgi?id=1916491 -------------------------------------------------------------------------------- ================================================================================ rlwrap-0.44-1.el8 (FEDORA-EPEL-2021-92f4e70166) Wrapper for GNU readline -------------------------------------------------------------------------------- Update Information: ## New Features - rlwrap is now aware of multi-byte characters and correctly handles prompts (or things that look like prompts, e.g. progress indicators) that contain them. - rlwrap filters can now also filter signals (see RlwrapFilter(3pm)), changing them, or providing extra input to the rlwrapped command. - Key sequences can now be bound to rlwrap-direct-keypress (using a new readline command rlwrap-direct-prefix) (contributed by Yuri d'Elia) ## Bug fixes - now works with the readline 8.1 (which exposed an old bug caused by rlwrap mis-handling enabled bracketed-paste) - binding accept-line to a key would make pressing that key mess up the display -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 0.44-1 - Update to 0.44 * Fri Dec 4 2020 Jeff Law <law(a)redhat.com> - 0.43-8 - Fix out of bounds read in configure generated code caught by gcc-11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1918577 - upgrade rlwrap https://bugzilla.redhat.com/show_bug.cgi?id=1918577 [ 2 ] Bug #1920859 - rlwrap-7c1e432 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920859 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2021.01.24.1-1.el8 (FEDORA-EPEL-2021-417125ab38) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to version 2021.01.24.1 ---- Update to version 2021.01.16 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 27 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.24.1-1 - Update to 2021.01.24.1 * Mon Jan 18 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.16-1 - Update to 2021.01.16 * Fri Jan 8 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.08-1 - Update to 2021.01.08 * Tue Jan 5 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.03-2 - Update to 2021.01.03 * Sun Jan 3 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.03-1 - Update to 2021.01.03 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1916977 - youtube-dl-2021.01.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1916977 [ 2 ] Bug #1920080 - youtube-dl-2021.01.24.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920080 -------------------------------------------------------------------------------- ================================================================================ yubico-piv-tool-2.2.0-1.el8 (FEDORA-EPEL-2021-60c6c91676) Tool for interacting with the PIV applet on a YubiKey -------------------------------------------------------------------------------- Update Information: Finally EPEL8 release! -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1918362 - yubico-piv-tool-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1918362 --------------------------------------------------------------------------------

3 hours, 54 minutes

1
0
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 41 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a9fc09599 openjpeg2-2.3.1-10.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f1768ebc94 opensmtpd-6.8.0p2-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e06cd0281c zabbix30-3.0.31-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e30a25d6d0 chromium-88.0.4324.96-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4e3398c399 libssh-0.7.7-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c09d7045f3 seamonkey-2.53.6-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing R-qtl-1.47.9-1.el7 monitorix-3.13.1-1.el7 nx-libs-3.5.99.25-4.el7 youtube-dl-2021.01.24.1-1.el7 Details about builds: ================================================================================ R-qtl-1.47.9-1.el7 (FEDORA-EPEL-2021-46fabd09df) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information: R-qtl 1.47-9 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 27 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.47.9-1 - Update to 1.47-9 * Mon Jan 25 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.46.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Aug 10 2020 Tom Callaway <spot(a)fedoraproject.org> - 1.46.2-5 - rebuild for FlexiBLAS R * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.46.2-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.46.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jun 5 2020 Tom Callaway <spot(a)fedoraproject.org> - 1.46.2-2 - rebuild for R 4 -------------------------------------------------------------------------------- ================================================================================ monitorix-3.13.1-1.el7 (FEDORA-EPEL-2021-ba217a684f) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information: This new version fixes a security bug introduced in the 3.13.0 version that lead the HTTP built-in server to bypass the Basic Authentication when the option hosts_deny is not defined, which is the default. Besides this fix, this version also updates the main configuration file to add the option hosts_deny = all by default inside the auth subsection, in an attempt to make the default behaviour more clear. All users using the 3.13.0 version are advised and encouraged to upgrade to this new version, which resolves the security issue. ---- This new version introduces three new modules: the long-awaited pgsql.pm capable of monitoring up to 9 databases of an unlimited number of PostgreSQL servers, the redis.pm and tinyproxy.pm which are both also capable of monitoring an unlimited number of Redis and Tinyproxy servers respectively. This version also includes some interesting new features. The new CSS theming support will allow people to create their own color themes. The new support for the ss command in port.pm and nginx.pm modules. The ability to map the device names and also to include a title name in disk.pm module. The new stacked visualization of network stats available on a number of modules, and more. Also with this new version, Monitorix is able to be executed as a regular user instead of root. This is of course subject to the capabilities of each module to get statistics without using the superuser. The rest of new features, changes and bugs fixed are, as always, reflected in the Changes file. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 27 2021 Jordi Sanfeliu <jordi(a)fibranet.cat> - 3.13.1-1 - Updated to 3.13.1. * Fri Jan 22 2021 Jordi Sanfeliu <jordi(a)fibranet.cat> - 3.13.0-1 - Updated to 3.13.0. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919169 - monitorix-3.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1919169 [ 2 ] Bug #1920998 - monitorix-3.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920998 -------------------------------------------------------------------------------- ================================================================================ nx-libs-3.5.99.25-4.el7 (FEDORA-EPEL-2021-cf7a3c6e2b) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information: Disable extraneous debug logging that can fill disks -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Orion Poplawski <orion(a)nwra.com> - 3.5.99.25-4 - Add upstream patch to quiet logging * Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5.99.25-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1916491 - nxagent logs exessively to session.log https://bugzilla.redhat.com/show_bug.cgi?id=1916491 -------------------------------------------------------------------------------- ================================================================================ youtube-dl-2021.01.24.1-1.el7 (FEDORA-EPEL-2021-19bb0eb2b6) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information: Update to version 2021.01.24.1 ---- Update to version 2021.01.16 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 27 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.24.1-1 - Update to 2021.01.24.1 * Mon Jan 18 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.16-1 - Update to 2021.01.16 * Fri Jan 8 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.08-1 - Update to 2021.01.08 * Tue Jan 5 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.03-2 - Update to 2021.01.03 * Sun Jan 3 2021 David Schw��rer <davidsch(a)fedoraproject.org> - 2021.01.03-1 - Update to 2021.01.03 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1916977 - youtube-dl-2021.01.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1916977 [ 2 ] Bug #1920080 - youtube-dl-2021.01.24.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1920080 --------------------------------------------------------------------------------

4 hours, 2 minutes

1
0
0 / 0

RHEL contacting EPEL maintainers when package goes into RHEL

by Troy Dawson

This last week in the EPEL Steering Committee meeting, we talked about what happens when an EPEL package gets pulled in and released in RHEL. There were a couple of people who said that had happened to them and they were totally un-aware that it was going to happen. I contacted a couple people in Red Hat and found out that part of the New Package procedure includes an EPEL check. If the package is in EPEL they are supposed to contact the EPEL maintainer. They are also supposed to have the NVR higher than the EPEL version. This is a new procedure, implemented in June 2020. If you are a EPEL package maintainer, and your package was pulled into RHEL 7 or 8, and you were not contacted, please let me know. Red Hat wants this procedure to work, because when things go wrong, it affects their customers. Their current way of finding out who to contact is to do the following curl https://src.fedoraproject.org/_dg/bzoverrides/rpms/<package name> example $ curl https://src.fedoraproject.org/_dg/bzoverrides/rpms/git-lfs { "epel_assignee": "carlwgeorge", "fedora_assignee": "qulogic" } If anyone knows of a better way to find the EPEL maintainer, please let me know and I'll pass it on. Troy Dawson

14 hours, 1 minute

2
1
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 40 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a9fc09599 openjpeg2-2.3.1-10.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f1768ebc94 opensmtpd-6.8.0p2-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e06cd0281c zabbix30-3.0.31-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e30a25d6d0 chromium-88.0.4324.96-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing libssh-0.7.7-1.el7 seamonkey-2.53.6-1.el7 tito-0.6.16-1.el7 Details about builds: ================================================================================ libssh-0.7.7-1.el7 (FEDORA-EPEL-2021-4e3398c399) A library implementing the SSH protocol -------------------------------------------------------------------------------- Update Information: Update to version 0.7.7 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Andreas Schneider <asn(a)redhat.com> - 0.7.7-1 - Update to version 0.7.7 - resovles: #1781781 - Fix CVE-2019-14889 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1781781 - CVE-2019-14889 libssh: unsanitized location in scp could lead to unwanted command execution [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1781781 -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.53.6-1.el7 (FEDORA-EPEL-2021-c09d7045f3) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to 2.53.6 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 22 2021 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.53.6-1 - update to 2.53.6 - build with own GNUmakefile, spec file cleanup * Tue Nov 17 2020 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.53.5-3 - add media-document patch (mozbz#1677768) - add packed_simd patch (mozbz#1617782) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919103 - seamonkey-2.53.6.source is available https://bugzilla.redhat.com/show_bug.cgi?id=1919103 -------------------------------------------------------------------------------- ================================================================================ tito-0.6.16-1.el7 (FEDORA-EPEL-2021-b41f765389) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: - Fix manpage generation on Fedora Rawhide (F34) - Ignore spectool warnings - Skip nonexisting extra sources - Fix `copy_extra_sources` for remote URLs - Use `--no-rebuild-srpm` for scratch builds in KojiReleaser -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Jakub Kadlcik <frostyx(a)email.cz> 0.6.16-1 - Fix manpage generation on Fedora Rawhide (F34) - Ignore spectool warnings - Skip nonexisting extra sources - Fix copy_extra_sources for remote URLs - Use --no-rebuild-srpm for scratch builds in KojiReleaser --------------------------------------------------------------------------------

1 day, 4 hours

1
0
0 / 0

Fedora EPEL 8 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 8 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-83ab5bb91b opensmtpd-6.8.0p2-1.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-b68969af8c chromium-88.0.4324.96-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing java-latest-openjdk-15.0.2.0.7-0.rolling.el8 netbox-2.10.4-1.el8 python-cheroot-8.5.2-1.el8 seamonkey-2.53.6-1.el8 tito-0.6.16-1.el8 tkrzw-0.9.3-5.el8 Details about builds: ================================================================================ java-latest-openjdk-15.0.2.0.7-0.rolling.el8 (FEDORA-EPEL-2021-6beabd2b7a) OpenJDK 15 Runtime Environment -------------------------------------------------------------------------------- Update Information: OpenJDK 15 January update -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:15.0.2.0.7-0.rolling - Update to jdk-15.0.2.0+7 - Add release notes for 15.0.1.0 & 15.0.2.0 - Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly. - Still use 15.0.x rather than 15.0.x.0 for file naming, as the trailing zero is omitted from tags. - Cleanup debug package descriptions and version number placement. - Remove unused patch files. * Tue Jan 19 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:15.0.1.9-10.rolling - Use -march=i686 for x86 builds if -fcf-protection is detected (needs CMOV) * Tue Dec 22 2020 Jiri Vanek <jvanek(a)redhat.com> - 1:15.0.1.9-9.rolling - fixed missing condition for fastdebug packages being counted as debug ones * Sat Dec 19 2020 Jiri Vanek <jvanek(a)redhat.com> - 1:15.0.1.9-8.rolling - removed lib-style provides for fastdebug_suffix_unquoted * Sat Dec 19 2020 Jiri Vanek <jvanek(a)redhat.com> - 1:15.0.1.9-6.rolling - many cosmetic changes taken from more maintained jdk11 - introduced debug_arches, bootstrap_arches, systemtap_arches, fastdebug_arches, sa_arches, share_arches, shenandoah_arches, zgc_arches instead of various hardcoded ifarches - updated systemtap - added requires excludes for debug pkgs - removed redundant logic around jsa files - added runtime requires of lksctp-tools and libXcomposite% - added and used Source15 TestSecurityProperties.java, but is made always positive as jdk15 now does not honor system policies - s390x excluded form fastdebug build * Thu Dec 17 2020 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:15.0.1.9-5.rolling - introduced nm based check to verify alt-java on x86_64 is patched, and no other alt-java or java is patched - patch600 rh1750419-redhat_alt_java.patch amended to die, if it is used wrongly - introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures * Wed Dec 9 2020 Jiri Vanek <jvanek(a)redhat.com> - 1:15.0.1.9-4.rolling - moved wrongly placed licenses to accompany other ones - this bad placement was killng parallel-installability and thus having bad impact to leapp if used * Tue Dec 1 2020 Jiri Vanek <jvanek(a)redhat.com> - 1:15.0.1.9-3.rolling - added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch - no longer copying of java->alt-java as it is created by patch600 -------------------------------------------------------------------------------- ================================================================================ netbox-2.10.4-1.el8 (FEDORA-EPEL-2021-3a253243ce) IP address management (IPAM) and data center infrastructure management (DCIM) -------------------------------------------------------------------------------- Update Information: Update to 2.10.4 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Igor Raits <ignatenkobrain(a)fedoraproject.org> - 2.10.4-1 - Update to 2.10.4 -------------------------------------------------------------------------------- ================================================================================ python-cheroot-8.5.2-1.el8 (FEDORA-EPEL-2021-848a87b9dc) Highly-optimized, pure-python HTTP server -------------------------------------------------------------------------------- Update Information: update to 8.5.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 19 2021 Dan Radez <dradez(a)redhat.com> - 8.5.2-1 - update to 8.5.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1920461 - cheroot (cherrypy) indefinitely hangs under a moderate rate of requests and never recovers https://bugzilla.redhat.com/show_bug.cgi?id=1920461 -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.53.6-1.el8 (FEDORA-EPEL-2021-403074b7e0) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to 2.53.6 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 22 2021 Dmitry Butskoy <Dmitry(a)Butskoy.name> 2.53.6-1 - update to 2.53.6 - add media-document patch (mozbz#1677768) - build with own GNUmakefile, spec file cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919103 - seamonkey-2.53.6.source is available https://bugzilla.redhat.com/show_bug.cgi?id=1919103 -------------------------------------------------------------------------------- ================================================================================ tito-0.6.16-1.el8 (FEDORA-EPEL-2021-6aab938561) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: - Fix manpage generation on Fedora Rawhide (F34) - Ignore spectool warnings - Skip nonexisting extra sources - Fix `copy_extra_sources` for remote URLs - Use `--no-rebuild-srpm` for scratch builds in KojiReleaser -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Jakub Kadlcik <frostyx(a)email.cz> 0.6.16-1 - Fix manpage generation on Fedora Rawhide (F34) - Ignore spectool warnings - Skip nonexisting extra sources - Fix copy_extra_sources for remote URLs - Use --no-rebuild-srpm for scratch builds in KojiReleaser -------------------------------------------------------------------------------- ================================================================================ tkrzw-0.9.3-5.el8 (FEDORA-EPEL-2021-714f2c3ae3) A straightforward implementation of DBM -------------------------------------------------------------------------------- Update Information: Link new RHBZ bug for ExcludeArch ---- 'Required: pkgconfig' removed from -devel -------------------------------------------------------------------------------- ChangeLog: --------------------------------------------------------------------------------

1 day, 4 hours

1
0
0 / 0

pybind11 in RHEL 8, but no action needed

by Tomas Orsava

Hi, I'm working on adding pybind11 to RHEL 8 and so I wanted to let you, the EPEL maintainer, know what's coming. I'm preparing pybind11 for a new Python stack in RHEL, so it will not conflict in name or files with your subpackages `python2-pybind11` and `python3-pybind11` (for Python 3.6) because their files are namespaced with the Python version. However, as the pybind11-devel package has files that are not namespaced with the Python version, the devel package in RHEL *will* conflict with the files of yours. I have added a conflicts tag so this is handled properly by yum. The most important thing to note is that the RHEL pybind11 packages will be in a non-default stream of a module in the CRB repo. Users will have to enable both the CRB and the module/stream explicitly to see the packages. Therefore, I belive you don't need to take any action and can keep your package as is, even after pybind11 is released in RHEL. The relevant guidelines rule [0]: "In EPEL8 or later, it is also permitted to provide an alternative non-modular package to any package found only in a non-default RHEL module." [0] https://fedoraproject.org/wiki/EPEL/GuidelinesAndPolicies#Policy All the best, and let me know if you have any questions, Tomas Orsava

1 day, 15 hours

1
0
0 / 0

Fedora EPEL 8 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 8 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-83ab5bb91b opensmtpd-6.8.0p2-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing GraphicsMagick-1.3.36-2.el8 beakerlib-1.23-1.el8 bpytop-1.0.61-1.el8 chromium-88.0.4324.96-1.el8 icewm-2.1.1-1.el8 lua-rpm-macros-1-3.el8 perl-LWP-Online-1.08-29.el8 Details about builds: ================================================================================ GraphicsMagick-1.3.36-2.el8 (FEDORA-EPEL-2021-a67c7cb2e0) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: Fix urw-font bundling on epel-8 builds -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 25 2021 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.36-2 - fix bundled urw font install (#1911008) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919997 - Unable to read font https://bugzilla.redhat.com/show_bug.cgi?id=1919997 -------------------------------------------------------------------------------- ================================================================================ beakerlib-1.23-1.el8 (FEDORA-EPEL-2021-e89b265534) A shell-level integration testing library -------------------------------------------------------------------------------- Update Information: - TestResults state indicator - profiling code - rebased yash to 1.1 - fixed rlAssertLesser - fixed failed library load name logging ---- - ability to parse fmf id references - ability the use simpler library name - library(foo), {url: '../foo.git', name: '/'}, meaming the library is n the root folder - ability put library even deeper in the tree - library(foo/path/to/the/library), {url: '../foo.git', name: '/path/to/the/library'} - rebased yash to 1.0 - and few more minor fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.23-1 - TestResults state indicator - profiling code - rebased yash to 1.1 - fixed rlAssertLesser - fixed failed library load name logging * Fri Jan 15 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.22-1 - ability to parse fmf id references - ability the use simpler library name - library(foo), {url: '../foo.git', name: '/'}, meaming the library is n the root folder - ability put library even deeper in the tree - library(foo/path/to/the/library), {url: '../foo.git', name: '/path/to/the/library'} - rebased yash to 1.0 - and few more minor fixes -------------------------------------------------------------------------------- ================================================================================ bpytop-1.0.61-1.el8 (FEDORA-EPEL-2021-d3023e0da5) Linux/OSX/FreeBSD resource monitor -------------------------------------------------------------------------------- Update Information: Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 25 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.61-1 - build(update): 1.0.61 * Sat Jan 23 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.60-1 - build(update): 1.0.60 * Mon Jan 11 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.59-1 - build(update): 1.0.59 * Sun Jan 10 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.58-1 - build(update): 1.0.58 * Wed Jan 6 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.57-1 - build(update): 1.0.57 * Tue Jan 5 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.56-1 - build(update): 1.0.56 * Sat Jan 2 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.55-1 - build(update): 1.0.55 * Thu Dec 31 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.54-1 - build(update): 1.0.54 * Wed Dec 30 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.53-1 - build(update): 1.0.53 * Sat Dec 19 2020 Artem Polishchuk <ego.cordatus(a)gmail.com> - 1.0.51-1 - build(update): 1.0.51 -------------------------------------------------------------------------------- ================================================================================ chromium-88.0.4324.96-1.el8 (FEDORA-EPEL-2021-b68969af8c) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: This is probably not the update you want. Let me be clear, it does fix the security vulnerabilities in this list: CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21117 CVE-2021-21128 But it will not behave like Google Chrome does. Google has announced that it is cutting off access to the Sync and "other Google Exclusive" APIs from all builds except Google Chrome. This will make the EPEL Chromium build significantly less functional (along with every other distro packaged Chromium). It is noteworthy that Google _gave_ the builders of distribution Chromium packages these access rights back in 2013 via API keys, specifically so that we could have open source builds of Chromium with (near) feature parity to Chrome. And now they're taking it away. The reasoning given for this change? Google does not want users to be able to "access their personal Chrome Sync data (such as bookmarks) ... with a non-Google, Chromium-based browser." They're not closing a security hole, they're just requiring that everyone use Chrome. Or to put it bluntly, they do not want you to access their Google API functionality without using proprietary software (Google Chrome). There is no good reason for Google to do this, other than to force people to use Chrome. I gave a lot of thought to whether I wanted to continue to maintain the Chromium package in EPEL, given that many (most?) users will be confused/annoyed when API functionality like sync and geolocation stops working for no good reason. Ultimately, I decided to continue for now, because there were at least some users who didn't mind, and if I stopped, someone else would start over and run blindly into this problem. I would say that you might want to reconsider whether you want to use Chromium or not. If you want the full "Google" experience, you can run the proprietary Chrome. If you want to use a FOSS browser that isn't hobbled, there is a Firefox package in whatever EL flavor you're using. Oh, last, but not least, Google isn't shutting off the API access until March 15, 2021, but I have gone ahead and disabled it starting with this update. I'd rather you read about it here (even though most users will never see this) than have it just happen. ---- Update Chromium to 87.0.4280.141. Fixes: CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 20 2021 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4324.96-1 - 88 goes from beta to stable - disable use of api keys (Google shut off API access) * Wed Jan 13 2021 Tom Callaway <spot(a)fedoraproject.org> - update to 87.0.4280.141 * Wed Dec 30 2020 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4324.50-1 - update to 88.0.4324.50 - drop patches 74 & 75 (applied upstream) * Thu Dec 17 2020 Tom Callaway <spot(a)fedoraproject.org> - add two patches for missing headers to build with gcc 11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1913624 - CVE-2021-21106 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1913624 [ 2 ] Bug #1913625 - CVE-2021-21107 chromium-browser: Use after free in drag and drop https://bugzilla.redhat.com/show_bug.cgi?id=1913625 [ 3 ] Bug #1913626 - CVE-2021-21108 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1913626 [ 4 ] Bug #1913627 - CVE-2021-21109 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1913627 [ 5 ] Bug #1913629 - CVE-2021-21110 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913629 [ 6 ] Bug #1913630 - CVE-2021-21111 chromium-browser: Insufficient policy enforcement in WebUI https://bugzilla.redhat.com/show_bug.cgi?id=1913630 [ 7 ] Bug #1913631 - CVE-2021-21112 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1913631 [ 8 ] Bug #1913632 - CVE-2021-21113 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1913632 [ 9 ] Bug #1913633 - CVE-2020-16043 chromium-browser: Insufficient data validation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1913633 [ 10 ] Bug #1913634 - CVE-2021-21114 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913634 [ 11 ] Bug #1913635 - CVE-2020-15995 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1913635 [ 12 ] Bug #1913636 - CVE-2021-21115 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913636 [ 13 ] Bug #1913637 - CVE-2021-21116 chromium-browser: Heap buffer overflow in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913637 [ 14 ] Bug #1918218 - CVE-2021-21118 chromium-browser: Insufficient data validation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1918218 [ 15 ] Bug #1918219 - CVE-2021-21119 chromium-browser: Use after free in Media https://bugzilla.redhat.com/show_bug.cgi?id=1918219 [ 16 ] Bug #1918220 - CVE-2021-21120 chromium-browser: Use after free in WebSQL https://bugzilla.redhat.com/show_bug.cgi?id=1918220 [ 17 ] Bug #1918222 - CVE-2021-21121 chromium-browser: Use after free in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1918222 [ 18 ] Bug #1918223 - CVE-2021-21122 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1918223 [ 19 ] Bug #1918224 - CVE-2021-21123 chromium-browser: Insufficient data validation in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918224 [ 20 ] Bug #1918225 - CVE-2021-21124 chromium-browser: Potential user after free in Speech Recognizer https://bugzilla.redhat.com/show_bug.cgi?id=1918225 [ 21 ] Bug #1918226 - CVE-2021-21125 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918226 [ 22 ] Bug #1918227 - CVE-2021-21126 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1918227 [ 23 ] Bug #1918228 - CVE-2021-21127 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1918228 [ 24 ] Bug #1918229 - CVE-2021-21129 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918229 [ 25 ] Bug #1918230 - CVE-2021-21130 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918230 [ 26 ] Bug #1918231 - CVE-2021-21131 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918231 [ 27 ] Bug #1918232 - CVE-2021-21132 chromium-browser: Inappropriate implementation in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1918232 [ 28 ] Bug #1918233 - CVE-2021-21133 chromium-browser: Insufficient policy enforcement in Downloads https://bugzilla.redhat.com/show_bug.cgi?id=1918233 [ 29 ] Bug #1918235 - CVE-2021-21134 chromium-browser: Incorrect security UI in Page Info https://bugzilla.redhat.com/show_bug.cgi?id=1918235 [ 30 ] Bug #1918236 - CVE-2021-21135 chromium-browser: Inappropriate implementation in Performance API https://bugzilla.redhat.com/show_bug.cgi?id=1918236 [ 31 ] Bug #1918237 - CVE-2021-21136 chromium-browser: Insufficient policy enforcement in WebView https://bugzilla.redhat.com/show_bug.cgi?id=1918237 [ 32 ] Bug #1918238 - CVE-2021-21137 chromium-browser: Inappropriate implementation in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1918238 [ 33 ] Bug #1918239 - CVE-2021-21138 chromium-browser: Use after free in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1918239 [ 34 ] Bug #1918240 - CVE-2021-21139 chromium-browser: Inappropriate implementation in iframe sandbox https://bugzilla.redhat.com/show_bug.cgi?id=1918240 [ 35 ] Bug #1918241 - CVE-2021-21140 chromium-browser: Uninitialized Use in USB https://bugzilla.redhat.com/show_bug.cgi?id=1918241 [ 36 ] Bug #1918242 - CVE-2021-21141 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918242 -------------------------------------------------------------------------------- ================================================================================ icewm-2.1.1-1.el8 (FEDORA-EPEL-2021-1daf1e3147) Window manager designed for speed, usability, and consistency -------------------------------------------------------------------------------- Update Information: Update to 2.1.1 ---- Update to latest version -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 25 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.1.1-1 - build(update): 2.1.1 * Sat Jan 23 2021 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.1.0-1 - build(update): 2.1.0 -------------------------------------------------------------------------------- ================================================================================ lua-rpm-macros-1-3.el8 (FEDORA-EPEL-2021-85d639bb48) The common Lua RPM macros -------------------------------------------------------------------------------- Update Information: - Modify several conditionals to support RHEL 9+ and drop ancient Fedora 17 - Add explicit conflict with older lua-devel - Require rpm, not redhat-rpm-config -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 1 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1-3 - Modify several conditionals to support RHEL 9+ and drop ancient Fedora 17 - Add explicit conflict with older lua-devel - Require rpm, not redhat-rpm-config -------------------------------------------------------------------------------- ================================================================================ perl-LWP-Online-1.08-29.el8 (FEDORA-EPEL-2021-279e83be5c) Check whether your process has an access to the web -------------------------------------------------------------------------------- Update Information: This release provides a new perl-LWP-Online package which checks whether a host is connected to the Internet. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919732 - Please build perl-LWP-Online for EPEL 8 https://bugzilla.redhat.com/show_bug.cgi?id=1919732 --------------------------------------------------------------------------------

2 days, 4 hours

1
0
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 38 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a9fc09599 openjpeg2-2.3.1-10.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f1768ebc94 opensmtpd-6.8.0p2-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e06cd0281c zabbix30-3.0.31-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing beakerlib-1.23-1.el7 chromium-88.0.4324.96-1.el7 lua-rpm-macros-1-3.el7 purple-facebook-0.9.6-7.el7 Details about builds: ================================================================================ beakerlib-1.23-1.el7 (FEDORA-EPEL-2021-3ffe638633) A shell-level integration testing library -------------------------------------------------------------------------------- Update Information: - TestResults state indicator - profiling code - rebased yash to 1.1 - fixed rlAssertLesser - fixed failed library load name logging ---- - ability to parse fmf id references - ability the use simpler library name - library(foo), {url: '../foo.git', name: '/'}, meaming the library is n the root folder - ability put library even deeper in the tree - library(foo/path/to/the/library), {url: '../foo.git', name: '/path/to/the/library'} - rebased yash to 1.0 - and few more minor fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 26 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.23-1 - TestResults state indicator - profiling code - rebased yash to 1.1 - fixed rlAssertLesser - fixed failed library load name logging * Fri Jan 15 2021 Dalibor Pospisil <dapospis(a)redhat.com> - 1.22-1 - ability to parse fmf id references - ability the use simpler library name - library(foo), {url: '../foo.git', name: '/'}, meaming the library is n the root folder - ability put library even deeper in the tree - library(foo/path/to/the/library), {url: '../foo.git', name: '/path/to/the/library'} - rebased yash to 1.0 - and few more minor fixes -------------------------------------------------------------------------------- ================================================================================ chromium-88.0.4324.96-1.el7 (FEDORA-EPEL-2021-e30a25d6d0) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information: This is probably not the update you want. Let me be clear, it does fix the security vulnerabilities in this list: CVE-2020-16044 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124 CVE-2021-21125 CVE-2021-21126 CVE-2021-21127 CVE-2021-21129 CVE-2021-21130 CVE-2021-21131 CVE-2021-21132 CVE-2021-21133 CVE-2021-21134 CVE-2021-21135 CVE-2021-21136 CVE-2021-21137 CVE-2021-21138 CVE-2021-21139 CVE-2021-21140 CVE-2021-21141 CVE-2021-21117 CVE-2021-21128 But it will not behave like Google Chrome does. Google has announced that it is cutting off access to the Sync and "other Google Exclusive" APIs from all builds except Google Chrome. This will make the EPEL Chromium build significantly less functional (along with every other distro packaged Chromium). It is noteworthy that Google _gave_ the builders of distribution Chromium packages these access rights back in 2013 via API keys, specifically so that we could have open source builds of Chromium with (near) feature parity to Chrome. And now they're taking it away. The reasoning given for this change? Google does not want users to be able to "access their personal Chrome Sync data (such as bookmarks) ... with a non-Google, Chromium-based browser." They're not closing a security hole, they're just requiring that everyone use Chrome. Or to put it bluntly, they do not want you to access their Google API functionality without using proprietary software (Google Chrome). There is no good reason for Google to do this, other than to force people to use Chrome. I gave a lot of thought to whether I wanted to continue to maintain the Chromium package in EPEL, given that many (most?) users will be confused/annoyed when API functionality like sync and geolocation stops working for no good reason. Ultimately, I decided to continue for now, because there were at least some users who didn't mind, and if I stopped, someone else would start over and run blindly into this problem. I would say that you might want to reconsider whether you want to use Chromium or not. If you want the full "Google" experience, you can run the proprietary Chrome. If you want to use a FOSS browser that isn't hobbled, there is a Firefox package in whatever EL flavor you're using. Oh, last, but not least, Google isn't shutting off the API access until March 15, 2021, but I have gone ahead and disabled it starting with this update. I'd rather you read about it here (even though most users will never see this) than have it just happen. ---- Update Chromium to 87.0.4280.141. Fixes: CVE-2021-21106 CVE-2021-21107 CVE-2021-21108 CVE-2021-21109 CVE-2021-21110 CVE-2021-21111 CVE-2021-21112 CVE-2021-21113 CVE-2020-16043 CVE-2021-21114 CVE-2020-15995 CVE-2021-21115 CVE-2021-21116 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 20 2021 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4324.96-1 - 88 goes from beta to stable - disable use of api keys (Google shut off API access) * Wed Jan 13 2021 Tom Callaway <spot(a)fedoraproject.org> - update to 87.0.4280.141 * Wed Dec 30 2020 Tom Callaway <spot(a)fedoraproject.org> - 88.0.4324.50-1 - update to 88.0.4324.50 - drop patches 74 & 75 (applied upstream) * Thu Dec 17 2020 Tom Callaway <spot(a)fedoraproject.org> - add two patches for missing headers to build with gcc 11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1913624 - CVE-2021-21106 chromium-browser: Use after free in autofill https://bugzilla.redhat.com/show_bug.cgi?id=1913624 [ 2 ] Bug #1913625 - CVE-2021-21107 chromium-browser: Use after free in drag and drop https://bugzilla.redhat.com/show_bug.cgi?id=1913625 [ 3 ] Bug #1913626 - CVE-2021-21108 chromium-browser: Use after free in media https://bugzilla.redhat.com/show_bug.cgi?id=1913626 [ 4 ] Bug #1913627 - CVE-2021-21109 chromium-browser: Use after free in payments https://bugzilla.redhat.com/show_bug.cgi?id=1913627 [ 5 ] Bug #1913629 - CVE-2021-21110 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913629 [ 6 ] Bug #1913630 - CVE-2021-21111 chromium-browser: Insufficient policy enforcement in WebUI https://bugzilla.redhat.com/show_bug.cgi?id=1913630 [ 7 ] Bug #1913631 - CVE-2021-21112 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1913631 [ 8 ] Bug #1913632 - CVE-2021-21113 chromium-browser: Heap buffer overflow in Skia https://bugzilla.redhat.com/show_bug.cgi?id=1913632 [ 9 ] Bug #1913633 - CVE-2020-16043 chromium-browser: Insufficient data validation in networking https://bugzilla.redhat.com/show_bug.cgi?id=1913633 [ 10 ] Bug #1913634 - CVE-2021-21114 chromium-browser: Use after free in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913634 [ 11 ] Bug #1913635 - CVE-2020-15995 chromium-browser: Out of bounds write in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1913635 [ 12 ] Bug #1913636 - CVE-2021-21115 chromium-browser: Use after free in safe browsing https://bugzilla.redhat.com/show_bug.cgi?id=1913636 [ 13 ] Bug #1913637 - CVE-2021-21116 chromium-browser: Heap buffer overflow in audio https://bugzilla.redhat.com/show_bug.cgi?id=1913637 [ 14 ] Bug #1918218 - CVE-2021-21118 chromium-browser: Insufficient data validation in V8 https://bugzilla.redhat.com/show_bug.cgi?id=1918218 [ 15 ] Bug #1918219 - CVE-2021-21119 chromium-browser: Use after free in Media https://bugzilla.redhat.com/show_bug.cgi?id=1918219 [ 16 ] Bug #1918220 - CVE-2021-21120 chromium-browser: Use after free in WebSQL https://bugzilla.redhat.com/show_bug.cgi?id=1918220 [ 17 ] Bug #1918222 - CVE-2021-21121 chromium-browser: Use after free in Omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1918222 [ 18 ] Bug #1918223 - CVE-2021-21122 chromium-browser: Use after free in Blink https://bugzilla.redhat.com/show_bug.cgi?id=1918223 [ 19 ] Bug #1918224 - CVE-2021-21123 chromium-browser: Insufficient data validation in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918224 [ 20 ] Bug #1918225 - CVE-2021-21124 chromium-browser: Potential user after free in Speech Recognizer https://bugzilla.redhat.com/show_bug.cgi?id=1918225 [ 21 ] Bug #1918226 - CVE-2021-21125 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918226 [ 22 ] Bug #1918227 - CVE-2021-21126 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1918227 [ 23 ] Bug #1918228 - CVE-2021-21127 chromium-browser: Insufficient policy enforcement in extensions https://bugzilla.redhat.com/show_bug.cgi?id=1918228 [ 24 ] Bug #1918229 - CVE-2021-21129 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918229 [ 25 ] Bug #1918230 - CVE-2021-21130 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918230 [ 26 ] Bug #1918231 - CVE-2021-21131 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918231 [ 27 ] Bug #1918232 - CVE-2021-21132 chromium-browser: Inappropriate implementation in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1918232 [ 28 ] Bug #1918233 - CVE-2021-21133 chromium-browser: Insufficient policy enforcement in Downloads https://bugzilla.redhat.com/show_bug.cgi?id=1918233 [ 29 ] Bug #1918235 - CVE-2021-21134 chromium-browser: Incorrect security UI in Page Info https://bugzilla.redhat.com/show_bug.cgi?id=1918235 [ 30 ] Bug #1918236 - CVE-2021-21135 chromium-browser: Inappropriate implementation in Performance API https://bugzilla.redhat.com/show_bug.cgi?id=1918236 [ 31 ] Bug #1918237 - CVE-2021-21136 chromium-browser: Insufficient policy enforcement in WebView https://bugzilla.redhat.com/show_bug.cgi?id=1918237 [ 32 ] Bug #1918238 - CVE-2021-21137 chromium-browser: Inappropriate implementation in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1918238 [ 33 ] Bug #1918239 - CVE-2021-21138 chromium-browser: Use after free in DevTools https://bugzilla.redhat.com/show_bug.cgi?id=1918239 [ 34 ] Bug #1918240 - CVE-2021-21139 chromium-browser: Inappropriate implementation in iframe sandbox https://bugzilla.redhat.com/show_bug.cgi?id=1918240 [ 35 ] Bug #1918241 - CVE-2021-21140 chromium-browser: Uninitialized Use in USB https://bugzilla.redhat.com/show_bug.cgi?id=1918241 [ 36 ] Bug #1918242 - CVE-2021-21141 chromium-browser: Insufficient policy enforcement in File System API https://bugzilla.redhat.com/show_bug.cgi?id=1918242 -------------------------------------------------------------------------------- ================================================================================ lua-rpm-macros-1-3.el7 (FEDORA-EPEL-2021-04c8b733bd) The common Lua RPM macros -------------------------------------------------------------------------------- Update Information: - Modify several conditionals to support RHEL 9+ and drop ancient Fedora 17 - Add explicit conflict with older lua-devel - Require rpm, not redhat-rpm-config -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 1 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 1-3 - Modify several conditionals to support RHEL 9+ and drop ancient Fedora 17 - Add explicit conflict with older lua-devel - Require rpm, not redhat-rpm-config -------------------------------------------------------------------------------- ================================================================================ purple-facebook-0.9.6-7.el7 (FEDORA-EPEL-2021-a73924ae7b) Facebook protocol plugin for purple2 -------------------------------------------------------------------------------- Update Information: - Add patch fixing taNewMessage bug. - Add patch bumping FB_ORCA_AGENT version. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 25 2021 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.6-7 - Add patch fixing taNewMessage bug - Add patch bumping FB_ORCA_AGENT version * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.6-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1919561 - Pidgin does not connect to FB anymore (patch exists) https://bugzilla.redhat.com/show_bug.cgi?id=1919561 --------------------------------------------------------------------------------

2 days, 5 hours

1
0
0 / 0

Fedora EPEL 8 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 8 Security updates need testing: Age URL 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-e976495093 coturn-4.5.2-1.el8 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-47ea069c76 chromium-87.0.4280.141-1.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-83ab5bb91b opensmtpd-6.8.0p2-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing ansible-2.9.17-1.el8 clusterssh-4.16-1.el8 hstr-2.3-1.el8 tracer-0.7.5-1.el8 zabbix40-4.0.27-1.el8 Details about builds: ================================================================================ ansible-2.9.17-1.el8 (FEDORA-EPEL-2021-9410919d75) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to 2.9.17 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Kevin Fenzi <kevin(a)scrye.com> - 2.9.17-1 - Update to 2.9.17. -------------------------------------------------------------------------------- ================================================================================ clusterssh-4.16-1.el8 (FEDORA-EPEL-2021-43502babf9) Secure concurrent multiple server terminal control -------------------------------------------------------------------------------- Update Information: - Update to 4.16 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1858408 - Please build clusterssh for epel8 https://bugzilla.redhat.com/show_bug.cgi?id=1858408 -------------------------------------------------------------------------------- ================================================================================ hstr-2.3-1.el8 (FEDORA-EPEL-2021-d9c0f729f5) Suggest box like shell history completion -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Leigh Scott <leigh123linux(a)gmail.com> - 2.3-1 - Update to 2.3 * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ tracer-0.7.5-1.el8 (FEDORA-EPEL-2021-04f450cf3d) Finds outdated running applications in your system -------------------------------------------------------------------------------- Update Information: This is a maintenance release mainly to drop some deprecated or not-really necessary system dependencies. - Drop `python3-future` dependency in favor of `python3-six` - Drop `python3-beautifulsoup4` dependency in favor of built-in `xml.dom` - Drop `python3-nose` dependency in favor of `pytest3-instead` -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Jakub Kadlcik <frostyx(a)email.cz> 0.7.5-1 - Depend on python3-six instead of python3-future (frostyx(a)email.cz) - Drop beautifulsoup4 in favor of built-in xml.dom (frostyx(a)email.cz) - Drop nosetests dependency, use pytest instead (frostyx(a)email.cz) -------------------------------------------------------------------------------- ================================================================================ zabbix40-4.0.27-1.el8 (FEDORA-EPEL-2021-ae79bd1daf) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 4.0.27 https://www.zabbix.com/rn/rn4.0.27 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Orion Poplawski <orion(a)nwra.com> - Update to 4.0.27 - Do not unbundle jquery (bz#1825697) * Mon Apr 20 2020 Orion Poplawski <orion(a)nwra.com> - 4.0.19-3 - Fix chmod/chown in scriptlet * Mon Apr 20 2020 Vit Mojzis <vmojzis(a)redhat.com> - 4.0.19-2 - Add SELinux subpackage * Sun Apr 19 2020 Orion Poplawski <orion(a)nwra.com> - 4.0.19-1 - Update to 4.0.19 - Update to jquery 3 (bz#1825697) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1825697 - Missing dependencies web-assets-httpd and js-jquery1 for zabbix40-web 4.0.17-1.el8 https://bugzilla.redhat.com/show_bug.cgi?id=1825697 --------------------------------------------------------------------------------

3 days, 4 hours

1
0
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 37 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-4a9fc09599 openjpeg2-2.3.1-10.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-5843fdc72c adplug-2.3.3-1.el7 audacious-plugins-4.0.5-3.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6bfa86551f coturn-4.5.2-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-d851c69e59 chromium-87.0.4280.141-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f1768ebc94 opensmtpd-6.8.0p2-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing ansible-2.9.17-1.el7 python3-pytest-mock-1.10.4-1.el7 tracer-0.7.5-1.el7 zabbix30-3.0.31-1.el7 zabbix40-4.0.27-1.el7 Details about builds: ================================================================================ ansible-2.9.17-1.el7 (FEDORA-EPEL-2021-feed31f153) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to 2.9.17 bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Kevin Fenzi <kevin(a)scrye.com> - 2.9.17-1 - Update to 2.9.17. -------------------------------------------------------------------------------- ================================================================================ python3-pytest-mock-1.10.4-1.el7 (FEDORA-EPEL-2021-9e37bff701) Thin-wrapper around the mock package for easier use with py.test -------------------------------------------------------------------------------- Update Information: Build for epel 7 -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1909425 - Please build python3-pytest-mock for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1909425 -------------------------------------------------------------------------------- ================================================================================ tracer-0.7.5-1.el7 (FEDORA-EPEL-2021-a17954e4fb) Finds outdated running applications in your system -------------------------------------------------------------------------------- Update Information: This is a maintenance release mainly to drop some deprecated or not-really necessary system dependencies. - Drop `python3-future` dependency in favor of `python3-six` - Drop `python3-beautifulsoup4` dependency in favor of built-in `xml.dom` - Drop `python3-nose` dependency in favor of `pytest3-instead` -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Jakub Kadlcik <frostyx(a)email.cz> 0.7.5-1 - Depend on python3-six instead of python3-future (frostyx(a)email.cz) - Drop beautifulsoup4 in favor of built-in xml.dom (frostyx(a)email.cz) - Drop nosetests dependency, use pytest instead (frostyx(a)email.cz) -------------------------------------------------------------------------------- ================================================================================ zabbix30-3.0.31-1.el7 (FEDORA-EPEL-2021-e06cd0281c) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 3.0.31 Bug Fixes ZBX-17600 Fixed security vulnerability CVE-2020-11800 (remote code execution) -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Orion Poplawski <orion(a)nwra.com> - Update to 3.0.31 CVE-2020-11800 (bz#1886282) -------------------------------------------------------------------------------- ================================================================================ zabbix40-4.0.27-1.el7 (FEDORA-EPEL-2021-f7685de27a) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: Update to 4.0.27 https://www.zabbix.com/rn/rn4.0.27 -------------------------------------------------------------------------------- ChangeLog: * Sun Jan 24 2021 Orion Poplawski <orion(a)nwra.com> - 4.0.27 - Update to 4.0.27 --------------------------------------------------------------------------------

3 days, 5 hours

1
0
0 / 0

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

epel-devel January 2021