Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2021-05-26 from 16:00:00 to 17:00:00 US/Eastern
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.
A general agenda is the following:
#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-7
#topic EPEL-8
#topic EPEL-9
#topic Openfloor
#endmeeting
Source: https://calendar.fedoraproject.org//meeting/9854/
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2021-05-26 from 16:00:00 to 17:00:00 US/Eastern
At fedora-meeting(a)irc.freenode.net
The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.
A general agenda is the following:
#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-7
#topic EPEL-8
#topic EPEL-9
#topic Openfloor
#endmeeting
Source: https://apps.fedoraproject.org/calendar/meeting/9854/
The following Fedora EPEL 7 Security updates need testing:
Age URL
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-352a65d3bc djvulibre-3.5.25.3-23.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c44d955770 prosody-0.11.9-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-113abf45ca composer-1.10.22-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4ab96a9920 wordpress-5.1.10-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4b7c1b59f8 upx-3.96-9.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6cc996cdc4 opendmarc-1.4.1-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-969456590e rxvt-unicode-9.21-4.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
caribou0-0.4.21-26.el7
nnn-4.0-1.el7
python-productmd-1.33-1.el7
python3-lxml-4.2.5-4.el7
Details about builds:
================================================================================
caribou0-0.4.21-26.el7 (FEDORA-EPEL-2021-17f170d38c)
A simplified in-place on-screen keyboard
--------------------------------------------------------------------------------
Update Information:
caribou: configurable on screen keyboard crashes with scanning mod
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 24 2021 Pat Riehecky <riehecky(a)fnal.gov> - 0.4.21-26
- Patch to fix crash (rhbz 1962836)
- sync up with Fedora sources
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1962836 - caribou: configurable on screen keyboard with scanning mode
https://bugzilla.redhat.com/show_bug.cgi?id=1962836
--------------------------------------------------------------------------------
================================================================================
nnn-4.0-1.el7 (FEDORA-EPEL-2021-1384af4049)
The missing terminal file browser for X
--------------------------------------------------------------------------------
Update Information:
Update to 4.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 24 2021 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 4.0-1
- Update to 4.0
- Close: rhbz#1949285
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1949285 - nnn-4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1949285
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.33-1.el7 (FEDORA-EPEL-2021-ec03eabb69)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
New upstream release with support for setting main variant in multivariant
treeinfo files.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 24 2021 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.33-1
- New upstream release 1.33
* Fri Apr 16 2021 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.32-1
- New upstream release
* Mon Feb 8 2021 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 1.31-1
- New upstream release
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python3-lxml-4.2.5-4.el7 (FEDORA-EPEL-2021-0fec8057df)
XML processing library combining libxml2/libxslt with the ElementTree API
--------------------------------------------------------------------------------
Update Information:
- Add patch to fix mXSS due to the use of improper parser (#1901633) - Add
patch to fix missing input sanitization for formaction HTML5 attributes that may
lead to XSS (#1941534)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 24 2021 Robert Scheck <robert(a)fedoraproject.org> - 4.2.5-4
- Add patch to fix mXSS due to the use of improper parser (#1901633)
- Add patch to fix missing input sanitization for formaction HTML5
attributes that may lead to XSS (#1941534)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1901633 - CVE-2020-27783 python-lxml: mXSS due to the use of improper parser
https://bugzilla.redhat.com/show_bug.cgi?id=1901633
[ 2 ] Bug #1941534 - CVE-2021-28957 python-lxml: missing input sanitization for formaction HTML5 attributes may lead to XSS
https://bugzilla.redhat.com/show_bug.cgi?id=1941534
--------------------------------------------------------------------------------
roundcubemail in epel7 is very old at this point, and can never be
upgraded because epel7 has too old a php.
It's got 10 CVEs open against it.
I'm planning on retiring it later today.
I can mail epel-announce about it...
kevin
Is anybody else having trouble with using kerberos with fedpkg on el7?
It is working for me on el8, and it used to work for me on el7, but now
on my el7 machine any time I try to do an upload I get
Could not execute upload: Request is unauthorized.
and with fedpkg build I get
Kerberos authentication fails: unable to obtain a session
Could not execute build: Could not login to https://koji.fedoraproject.org/kojihub
This is with fedpkg-1.40-6.el7 installed from epel and after successfully
doing kinit dwd(a)FEDORAPROJECT.ORG.
Dave
The following Fedora EPEL 8 Security updates need testing:
Age URL
13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4f73cb65d7 cacti-1.2.17-1.el8 cacti-spine-1.2.17-1.el8
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f3c561cd8 radare2-5.2.1-2.el8
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-86c73cc3af prosody-0.11.9-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-58bc048b1a upx-3.96-9.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a20d7c1ddd rxvt-unicode-9.26-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bdd3e1ab81 opendmarc-1.4.1-1.el8
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6c72c1c9a5 gromacs-2019.6-2.el8 kokkos-3.0.00-2.el8 slurm-20.11.7-2.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
highway-0.12.1-1.el8
python-aiomqtt-0.1.3-1.el8
python-flask-migrate-2.1.1-10.el8
Details about builds:
================================================================================
highway-0.12.1-1.el8 (FEDORA-EPEL-2021-450e400eba)
Efficient and performance-portable SIMD
--------------------------------------------------------------------------------
Update Information:
Update to 0.12.0 ---- Initial RPM
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1906980 - Review Request: highway - Efficient and performance-portable SIMD
https://bugzilla.redhat.com/show_bug.cgi?id=1906980
[ 2 ] Bug #1963675 - highway-0.12.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1963675
--------------------------------------------------------------------------------
================================================================================
python-aiomqtt-0.1.3-1.el8 (FEDORA-EPEL-2021-4c5252fe46)
An AsyncIO asynchronous wrapper around paho-mqtt
--------------------------------------------------------------------------------
Update Information:
Upstream version 0.1.3 clarifies the license and adds license text files. The
package license is now corrected to ���EPL 1.0 or BSD��� (from ���EPL 1.0���). ----
Upstream version 0.1.2 adds support for newer Python versions (through 3.10).
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1899955 - python-aiomqtt fails to build with Python 3.10: pytest.PytestDeprecationWarning: Passing arguments to pytest.fixture() as positional arguments is deprecated - pass them as a keyword argument instead.
https://bugzilla.redhat.com/show_bug.cgi?id=1899955
[ 2 ] Bug #1923330 - python-aiomqtt: FTBFS in Fedora rawhide/f34
https://bugzilla.redhat.com/show_bug.cgi?id=1923330
[ 3 ] Bug #1962393 - License problems
https://bugzilla.redhat.com/show_bug.cgi?id=1962393
[ 4 ] Bug #1963434 - python-aiomqtt-0.1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1963434
--------------------------------------------------------------------------------
================================================================================
python-flask-migrate-2.1.1-10.el8 (FEDORA-EPEL-2021-b1ef57551a)
SQLAlchemy database migrations for Flask applications using Alembic
--------------------------------------------------------------------------------
Update Information:
Improved `Provides:`. Tests are now executed when building the package. General
spec file improvements.
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 23 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.1.1-10
- Replace %modname with a group of name macros and use them in more places
- Change URL from PyPI to GitHub, and HTTP to HTTPS
- Use %pypi_source macro
- Adjust whitespace to personal preference
- Drop manual Requires; EPEL8 and all Fedoras have automatic dependency generation
- Drop %python3_pkgversion and %python_provide macros, only needed in EPEL
- Stop chmod���ing template files in %prep, as there is no longer anything to fix
- Remove executable bits from files in the Python package (currently __init__.py)
- Express BR���s as python3dist(���)/%{py3_dist ���} and version them
- Run the tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1940466 - Audit and modernize spec file for python-flask-modernize
https://bugzilla.redhat.com/show_bug.cgi?id=1940466
--------------------------------------------------------------------------------