The following Fedora EPEL 7 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2d515d4692 binaryen-104-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-673d6fb241 libmetalink-0.1.3-5.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4dd661d32b prosody-0.11.12-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-04da0327c7 clamav-0.103.5-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-f37ca1b24a guacamole-server-1.4.0-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-92a697e332 zabbix40-4.0.37-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-c99f63fce9 zabbix50-5.0.19-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
golang-1.16.13-1.el7
js-jquery-ui-1.13.0-1.el7
monitorix-3.14.0-1.el7
nodejs-16.13.2-2.el7
Details about builds:
================================================================================
golang-1.16.13-1.el7 (FEDORA-EPEL-2022-14c15afabc)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to go1.16.13, copied from f35
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 18 2022 Dave Dykstra <dwd(a)fedoraproject.org> - 1.16.13-1
- Update to go1.16.13, copied from f35
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2013628 - golang-1.16 for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=2013628
--------------------------------------------------------------------------------
================================================================================
js-jquery-ui-1.13.0-1.el7 (FEDORA-EPEL-2022-cd2d056fd2)
jQuery user interface
--------------------------------------------------------------------------------
Update Information:
jQuery UI update for EPEL 7.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 11 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.13.0-1
- Update to version 1.13.0
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.12.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
monitorix-3.14.0-1.el7 (FEDORA-EPEL-2022-9065800cb5)
A free, open source, lightweight system monitoring tool
--------------------------------------------------------------------------------
Update Information:
This new version introduces three new modules: nvme.pm, which is capable of
monitoring an unlimited number of NVM Express (NVMe) devices, the amdgpu.pm, to
monitor also an unlimited number of AMD GPU graphic cards, and nvidiagpu.pm
which can be seen as an extended version of the current module nvidia.pm, as it
comes with more detailed statistics. The rest of new features, changes and bugs
fixed are, as always, reflected in the Changes file.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 18 2022 Jordi Sanfeliu <jordi(a)fibranet.cat> - 3.14.0-1
- Updated to 3.14.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041810 - monitorix-3.14.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2041810
--------------------------------------------------------------------------------
================================================================================
nodejs-16.13.2-2.el7 (FEDORA-EPEL-2022-bf9c411793)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update EPEL 7 to Node.js 16.x
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.13.2-2
- Add support for building on EPEL 7
* Tue Jan 11 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.13.2-1
- Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)
- Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)
- Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)
- Prototype pollution via `console.table` properties (Low)(CVE-2022-21824)
* Thu Dec 2 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.13.1-2
- Enable building for EPEL 8 modules
* Thu Dec 2 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.13.1-1
- Update to 16.13.1
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Thu Nov 25 2021 Honza Horak <hhorak(a)redhat.com> - 1:16.13.0-3
- Make sure binary node-gyp is executable
Resolves: #2026615
* Mon Nov 1 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.13.0-1
- Update to 16.13.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- Add support for epel8
* Mon Oct 25 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.12.0-1
- Update to 16.12.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Wed Oct 13 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.11.1-1
- Update to 16.11.1
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Thu Sep 23 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.10.0-1
- Update to 16.10.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Tue Sep 14 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.9.1-4
- Correct the bad merge of corepack fix
* Tue Sep 14 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.9.1-3
- Drop auto-dependency on PowerShell introduced by corepack
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 1:16.9.1-2
- Rebuilt with OpenSSL 3.0.0
* Mon Sep 13 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.9.1-1
- Update to 16.9.1
- Add experimental 'corepack' tool
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Tue Aug 31 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.8.0-1
- Update to 16.8.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Wed Aug 11 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.6.2-1
- Update to 16.6.2
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Tue Aug 3 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.6.1-1
- Update to 16.6.1
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- Fixes v8 regression introduced in 16.6.0
* Mon Aug 2 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.6.0-1
- Update to 16.6.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:16.5.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jul 20 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.5.0-1
- Update to 16.5.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Fri Jul 2 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.4.1-2
- Re-add support for v8 development headers
* Thu Jul 1 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.4.1-1
- Update to 16.4.1
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Wed Jun 23 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.4.0-1
- Update to 16.4.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Fri Jun 4 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.3.0-1
- Update to 16.3.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
* Wed May 19 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.2.0-1
- Update to 16.2.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- Fix changelog version numbers
* Tue May 4 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.1.0-1
- Update to 16.1.0
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md#…
- Drop upstreamed patch
* Thu Apr 29 2021 Stephen Gallagher <sgallagh(a)redhat.com> - 1:16.0.0-1
- First release of Node.js 16.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041022 - Provide nodejs for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=2041022
--------------------------------------------------------------------------------
Last week, I retired the `nodejs` package from EPEL 7 because it was
(I believed) stuck on Node.js 6.x due to insufficient dependency
support. Apparently, this broke a few things like uglify-js[1], so I
spent today looking into whether I could get Node.js 16.x to work (the
latest LTS release) and it turns out that I can indeed bludgeon it
into working. I have a COPR[2] with a build of Node.js 16.x for EPEL 7
available to try while I await releng unretiring[3] the package.
Please note: Node.js 16.x is a SIGNIFICANT version jump. It is very
probably that some of your Node packages may not work properly against
it. I urge anyone who is maintaining any such packages in EPEL 7 to
try them out against the aforementioned COPR prior to my building it
in EPEL proper.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2041022
[2] https://copr.fedorainfracloud.org/coprs/sgallagh/nodejs_epel7/
[3] https://pagure.io/releng/issue/10541
Dear all,
You are kindly invited to the meeting:
EPEL Steering Committee on 2022-01-19 from 16:00:00 to 17:00:00 US/Eastern
At fedora-meeting(a)irc.libera.chat
The meeting will be about:
This is the weekly EPEL Steering Committee Meeting.
A general agenda is the following:
#meetingname EPEL
#topic Intros
#topic Old Business
#topic EPEL-7
#topic EPEL-8
#topic EPEL-9
#topic Openfloor
#endmeeting
Source: https://calendar.fedoraproject.org//meeting/9854/
Hello maintainers.
Currently, we build all EPEL variants against CentOS "base" in Fedora
Copr, i.e. epel-* configs means CentOS+EPEL. By the end of January 2022
CentOS 8 mirrors will start disappearing, pushing us to change the configs
to avoid build failures.
We would like to start the migration to the RHEL base as soon as possible,
so we are at least a bit "ahead" the change. So we can start resolving
the issues.
There doesn't seem to be a real blocker, or known issue.
- We got enough subscriptions from Red Hat for Fedora Copr purposes to
start building against official RHEL channels.
- The Mock + configs is stuck in Bodhi for now, but it doesn't block
Copr to apply for the change earlier. This is mostly about community
decision that 'fedpkg mockbuild' is not aligned, yet, not that Mock is
broken.
- The remaining problem seemed to be the s390x architecture, as the
emulation being _currently_ done wouldn't work with Red Hat
subscriptions, see details in [1] discussion. But thanks to IBM
sponsoring us IBM Cloud access we should be OK to deploy the s390x
arch support in Fedora Copr at the same time with the EPEL change
(this will go in a separate announcement).
**So the plan is to move to RHEL + EPEL next Monday, 2022-01-17.** If
everything works well at least.
Side note from me... Note that EPEL 9 in Fedora Copr is still CentOS
Stream 9 + EPEL 9 ATM. This will change to "RHEL 9 + EPEL 9" once RHEL 9
is generally available (subscribed content). Might seem as a
complication for users, but it's actually not - it is good thing we can
start working on EPEL 9 now. So I want to congratulate to EPEL community
here, the fact we have stream in place allows us to bring EPEL 9 up before
actually RHEL is available. That's an awesome step (jump) forward
compared to previous releases!
[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org…
Pavel
The following Fedora EPEL 8 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-2f3bfb7a61 prosody-0.11.12-1.el8
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-7b6c6495c2 clamav-0.103.5-1.el8
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-806b3f5921 guacamole-server-1.4.0-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
R-Rcpp-1.0.8-1.el8
golang-github-prometheus-2.32.1-1.el8
msoffcrypto-tool-4.11.0-5.el8
squashfuse-0.1.104-1.el8
Details about builds:
================================================================================
R-Rcpp-1.0.8-1.el8 (FEDORA-EPEL-2022-e60b26f403)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
Rcpp 1.0.8
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.0.8-1
- Update to 1.0.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041330 - Version 1.0.8 was released, please update it.
https://bugzilla.redhat.com/show_bug.cgi?id=2041330
--------------------------------------------------------------------------------
================================================================================
golang-github-prometheus-2.32.1-1.el8 (FEDORA-EPEL-2022-d652ca9a79)
Prometheus monitoring system and time series database
--------------------------------------------------------------------------------
Update Information:
Update to 2.32.1 Close: rhbz#2008820 Close: rhbz#2019206 Close: rhbz#2008986
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.32.1-1
- Update to 2.32.1 Close: rhbz#2008820 Close: rhbz#2019206 Close:
rhbz#2008986
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2008820 - golang-github-prometheus-2.33.0-rc.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2008820
[ 2 ] Bug #2008986 - prometheus stopped working after update from 2.24.1-6.fc34.x86_64 to 2.30.0-1.fc34.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=2008986
[ 3 ] Bug #2019206 - golang-github-prometheus should allow for all commandline options
https://bugzilla.redhat.com/show_bug.cgi?id=2019206
--------------------------------------------------------------------------------
================================================================================
msoffcrypto-tool-4.11.0-5.el8 (FEDORA-EPEL-2022-e8ab9f66b6)
Python tool for decrypting MS Office files with passwords or other keys
--------------------------------------------------------------------------------
Update Information:
- Switch the test runner in `%check` from deprecated nose to pytest - Drop
undesired and unused build dependency on coverage
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 4.11.0-5
- Switch the test runner in %check from deprecated nose to pytest
- Drop undesired and unused build dependency on coverage
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.11.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 4.11.0-3
- Rebuilt for Python 3.10
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
squashfuse-0.1.104-1.el8 (FEDORA-EPEL-2022-b0b7931b09)
FUSE filesystem to mount squashfs archives
--------------------------------------------------------------------------------
Update Information:
## Release 0.1.104 Minor bug fixes and improvements - Various bug fixes, new
platform support - Support libfuse version 3. - MacOS idle timeout support ##
Release 0.1.103 Fix crash bug when underlying IO fails. Fix scanf format to be
C99 compliant.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2022 Michel Alexandre Salim <salimma(a)fedoraproject.org> 0.1.104-1
- Update to 0.1.104
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1527989 - squashfuse-0.1.104 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1527989
--------------------------------------------------------------------------------