Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
44 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1f259a45ef openjpeg2-2.3.1-11.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bd790583ee seamonkey-2.53.8-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-4cfaa8ab63 djvulibre-3.5.25.3-24.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
doctest-2.4.6-3.el7
opendmarc-1.4.1.1-3.el7
unrealircd-5.2.1-1.el7
Details about builds:
================================================================================
doctest-2.4.6-3.el7 (FEDORA-EPEL-2021-6c9d74216d)
Feature-rich header-only C++ testing framework
--------------------------------------------------------------------------------
Update Information:
resolves FTFBS https://bugzilla.redhat.com/show_bug.cgi?id=1981037
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 10 2021 Nick Black <dankamongmen(a)gmail.com> - 2.4.6-3
- Patch out -Werror to remedy FTBFS
* Sat Jun 26 2021 Nick Black <dankamongmen(a)gmail.com> - 2.4.6-1
- New upstream release
* Sun Jun 20 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2.4.5-3
- The virtual Provides for doctest-static is no longer arched
* Thu Feb 18 2021 Nick Black <dankamongmen(a)gmail.com> - 2.4.5-2
- Add my patch to work around recent libc blues
--------------------------------------------------------------------------------
================================================================================
opendmarc-1.4.1.1-3.el7 (FEDORA-EPEL-2021-ddb4fcb22a)
A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2021-34555 as well as fix for using /var in service file warning.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 11 2021 Kevin Fenzi <kevin(a)scrye.com> - 1.4.1.1-3
- Fix use of /var/run in service file. Fixes rhbz#1915468
* Sun Jul 11 2021 Kevin Fenzi <kevin(a)scrye.com> - 1.4.1.1-2
- Add patch for CVE-2021-34555. Fixes rhbz#1974707
* Sat Jun 19 2021 Kevin Fenzi <kevin(a)scrye.com> - 1.4.1.1-1
- Update to 1.4.1.1. Fixes rhbz#1972292
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1915468 - /usr/lib/systemd/system/opendmarc.service:8: PIDFile= references a path below legacy directory /var/run/, updating /var/run/opendmarc/opendmarc.pid ��� /run/opendmarc/opendmarc.pid; please update the unit file accordingly.
https://bugzilla.redhat.com/show_bug.cgi?id=1915468
[ 2 ] Bug #1974710 - CVE-2021-34555 opendmarc: remote NULL pointer dereference may lead to a DoS [fedora-34]
https://bugzilla.redhat.com/show_bug.cgi?id=1974710
--------------------------------------------------------------------------------
================================================================================
unrealircd-5.2.1-1.el7 (FEDORA-EPEL-2021-a381126c38)
Open Source IRC server
--------------------------------------------------------------------------------
Update Information:
UnrealIRCd 5.2.1 ================ Enhancements ------------ * The allow
block now uses `allow::mask` instead of `allow::ip` and `allow::hostname`. Users
upgrading will receive a warning but the server will continue to boot. * New
documentation for mask items in the configuration file to show how it works with
1 or more mask items in a block. Also support for negative matching has been
improved and we now support extended server ban syntax. * Combining the new
options from above you can do things like: * `allow { mask ~a:TrustedUser;
class flooders; maxperip 100; }` If TrustedUser authenticates to services using
SASL then he gets in the special class "flooders" with a maxperip of 100. *
`allow { mask { ~S:112233etc; ~S:anotherone; }; class clients; maxperip 10; }`
Users matching one of these certificate fingerprints get a high maximum per ip
of 10. * New block `set::server-linking` * For link blocks with
autoconnect we now default to the strategy 'sequential', meaning we will try the
1st link block first, then the 2nd, then the 3rd, then the 1st again, etc. *
We now have different and lower timeouts for the connect and the handshake. So
we give up a bit more early on servers that are currently down or extremely
lagged. * New security-group block item called `include-mask`. This can be
used to put clients matching a mask into a security group. * New option `lag-
penalty` and `lag-penalty-bytes` in the `set::anti-flood` block. * known-
users can now executes commands at a slightly faster rate than unknown-users.
* It can further be used to allow really trusted users/bots to execute commands
at even higher rates, such as 20 commands per second, without making them IRCOp.
This explained in FAQ: How to allow users to send more commands per second. *
The `REHASH` command is now sufficient to reload SSL/TLS certificates. You no
longer need to use `REHASH -tls`. The same is true for `unrealircdctl rehash`
which now also does the extra steps in `unrealircdctl reloadtls`. The commands
will stay, though, in case you only want to reload the TLS certificates and not
rehash the entire configuration file. * Support for OpenSSL 3.0.0 * Show
microseconds in `TSCTL ALLTIME` * The git version id is now shown in the
`INFO` command on *NIX (ReleaseId). * Extban `~a:*` now matches all
authenticated users and `~a:0` matches all unauthenticated users. * Allow
multiple masks in the `deny link { }` block Fixes ----- * When using
persistent channel history: if you had ANY rehash error (often completely
unrelated to channel history) and you then rehashed again UnrealIRCd would
crash. * When server syncing larger channels we could accidentally skip over
or forget to send a few users. These users would then not be shown on the other
side of the link but are actually in the channel (ghosts) * When using
autoconnect on (very) big networks, the network no longer breaks down (with the
new default strategy 'sequential') * The default ban exemption on `127.*` was
too broad. It also matched hostnames that started with it, allowing such users
to bypass gline/kline/shun (but not zline/gzline). * Channel mode `+d` (so
after `-D`) never took QUITs into account properly. This should now fix things,
so the channel goes `-d` immediately once it is no longer needed. * Give a
better error message when trying to use an unconfirmed account with authprompt.
Module coders / IRC protocol ---------------------------- * We now assume all
services set the SVID field. If your services only sets umode `+r` and does not
use `SVSLOGIN` or `SVSMODE nick +d SVID` then users will not be recognized as
authenticated anymore. * In the `UID` command we now validate the UID
(parameter 6) to start with the SID and contains digits and uppercase only. *
Servers can no longer change moddata of remote clients. That is, it is disabled
by default, but modules can still allow it for certain moddata via
`mreq.remote_write=1`. You can use `#if UNREAL_VERSION_TIME >= 202125` to detect
if this new `.remote_write` option is available. * Removed `HCN` from 005,
since nobody uses this anyway.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 9 2021 Robert Scheck <robert(a)fedoraproject.org> 5.2.1-1
- Upgrade to 5.2.1 (#1978927)
* Fri Jun 25 2021 Robert Scheck <robert(a)fedoraproject.org> 5.2.0.2-1
- Upgrade to 5.2.0.2 (#1976246)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1978927 - unrealircd-5.2.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1978927
--------------------------------------------------------------------------------