The following Fedora EPEL 7 Security updates need testing:
Age URL
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f38c5da36
lib3mf-2.0.1-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7f980da66e
tor-0.3.5.14-1.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-615589a3ad
zarafa-7.1.14-4.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a650134f4f
exim-4.94-2.el7
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-b1d43d7b48
atasm-1.09-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
R-qtl-1.48.1-1.el7
dmtcp-2.6.1~rc1-0.1.el7
eggdrop-1.9.0-1.el7
golang-github-prometheus-2.24.1-4.el7
golang-github-prometheus-node-exporter-1.1.1-2.el7
libmediainfo-21.03-1.el7
libzen-0.4.39-1.el7
mediainfo-21.03-1.el7
Details about builds:
================================================================================
R-qtl-1.48.1-1.el7 (FEDORA-EPEL-2021-733a895881)
Tools for analyzing QTL experiments
--------------------------------------------------------------------------------
Update Information:
qtl 1.48-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.48.1-1
- Update to 1.48-1
--------------------------------------------------------------------------------
================================================================================
dmtcp-2.6.1~rc1-0.1.el7 (FEDORA-EPEL-2021-9f254448f3)
Checkpoint/Restart functionality for Linux processes
--------------------------------------------------------------------------------
Update Information:
Preparing for upstream release 2.3.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 17 2019 Gene Cooperman <gene(a)ccs.neu.edu> - 2.6.1~rc1-0.1
- Preparing for upstream release 2.3.
--------------------------------------------------------------------------------
================================================================================
eggdrop-1.9.0-1.el7 (FEDORA-EPEL-2021-9aea68c7c2)
The world's most popular Open Source IRC bot
--------------------------------------------------------------------------------
Update Information:
Eggdrop v1.9.0 ============== General changes --------------- - Added `CAP`
support, allowing Eggdrop to extend IRC server capabilities - Added support
for SASL authentication - Added a BETA threaded DNS capability, enabled with
the `--enable-tdns` configure flag. This allows asynchronus DNS requests similar
to the what the current DNS module offers, but using host system capability
instead of rewriting it from scratch. Using this means you no longer have to use
the DNS module. - Eggdrop can listen on multiple IPs (and ports) now by using
multiple instances of the `listen` command - Added Twitch support - Added
support for users that change hosts mid-session, usually associated with
authenticating with services (396 raw code and `CHGHOST` capability). - Added
support for the users that change their realname value mid-session (`SETNAME`
capability) - Added the ability for Eggdrop to internally track the away
status of an individual, with some limitations. - Added the `make sslsilent`
option that creates an SSL certificate keypair non-interactively, to assist in
scripted/automated installs - Differentiate between scripted and server `WHOX`
calls, preventing mangling of channel userlists - The `-n` flag is no longer
required to run Eggdrop in terminal mode; just `-t` or `-c` are fine by
themselves - Added some checks to flags added via `.chattr` and `.botattr` to
clearly identify what happens when you add flags that can't co-exist together
Botnet changes -------------- - Removed automatic upgrade to TLS-protected
botnet links with STARTTLS. Based on user feedback, protecting a botnet link is
now at the discretion of the user. Prefixing a port with a `+` will require a
TLS connection, otherwise the connection will be in plaintext. A port not
prefixed with a `+` can still be upgraded with STARTTLS, allowing 1.8 bots and
scripts to initiate a secure connection, but 1.9.0 bots will not attempt the
upgrade. - Added granular userfile sharing flags (bcejnu). Adding these flags
can limit userfile sharing to a combination of bans, invites, exempts, channels,
users, and ignores (or still the s flag for all these). - No longer try
port+1,2,3 when connecting to a botnet port doesn't work the first time Tcl
API changes --------------- - Added the RAWT bind, which will (eventually)
phase out the RAW bind. Implementing the IRCv3 message-tags capability requires
a new way to handle basic IRC messages, and RAWT was added in a way so that a)
RAW binds in old scripts still work and b) the RAWT bind can handle messages
that either do or do not have message-tags attached - Added the INVT bind,
allowing Eggdrop to react to a standard invitation, or the new IRCv3 invite-
notify capability - Added the AWY3 bind, allowing Eggdrop to react to the new
IRCv3 away-notify capability. - Added the refreshchan command, which refreshes
without removing existing channel status information tracked by Eggdrop for
users on a channel. - Added the isaway command, which returns if a user is
listed by the server as away or not, if using the IRCv3 away-notify capability.
If away-notify is not enabled, this command can still be used effectively in
conjunction with `refreshchan w`, described above. - Added the hand2nicks
command, an alternative to the hand2nick command. hand2nicks returns ALL nicks
matching a handle, not just the first one. - Aded the socklist command, an
update to the dcclist command. Returns similar info as a Tcl dict, and adds the
IP to the information. - Use the system's strftime formatting instead of
Eggdrop-provided GNU version/extensions. This could cause formatting differences
or errors between systems. To ensure fully portable code, developers should only
rely on POSIX-compliant formatting specifiers. - The dcclist command now
returns port information and whether or not TLS is in use for that port. This
change could affect field-based parsers depending on this command - Added the
addserver and delserver command, to *gasp* add and delete aserver from Eggdrop's
server list - Modified the listen command to accept an optional IP argument.
This allows Eggdrop to listen on multiple addresses by using multiple listen
commands in the config file or Tcl script. If no IP is specified, 0.0.0.0 is
used as default. As a result of this change, the listen-addr command is no
longer needed and removed from the config file - Added an optional -channel
flag to the end of the is* commands (isban, isexempt, etc). This flag prevents
the is* command from checking the global list and returning a '1' when there is
no channel-specific case - Added several Tcl commands and binds to enable
better interaction with the Twitch gaming service. Because these commands only
work with a Twitch server, they are not included in `tcl-commands.doc` but
rather `twitch-tcl-commands.doc`, located in the `doc/` directory. - Limited
the expiration for new bans, ignores and exempts to 2000 days. Module changes
-------------- - Added the PBKDF2 module, which allows Eggdrop to hash
passwords using the PBKDF2 algorithm. This module is a stepping stone to future,
more adaptable hashing and encryption implementation. IMPORTANT: PLEASE read
`doc/PBKDF2` for more information on how to properly use it, you could
accidentally render old passwords useless! - Added the twitch module, which
allows Eggdrop to connect to the Twitch gaming service. As Twitch offers only a
limited subset of standard IRC functionality, be prepared for some commands or
scripts to work differently than on a normal IRC server. Please read
`doc/TWITCH` for more information. - Added the ident module, which can
automatically interact with a running oidentd service or allow Eggdrop to serve
as its own ident server to respond to ident requests during the server
connection process. Eggdrop config file changes ---------------------------
- Added additional net-types for freenode, Quakenet, and Rizon (`net-type`) -
Added ability to choose specific SSL/TLS protocols to use (`ssl-protocols`) -
Added ability to allow bots to remain linked if userfile sharing fails
(`sharefail-unlink`) - Changed the method Eggdrop uses to add servers from a
`{}` list to the new addserver command - Removed the `listen-addr` command.
See above; the `listen` command now accepts an optional IP argument in lieu of
using `listen-addr` - Added the `show-uname` setting, which allows you to
disable the display of uname info for the host system in things like `.status`
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Robert Scheck <robert(a)fedoraproject.org> 1.9.0-1
- Upgrade to 1.9.0 (#1933540)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1933540 - eggdrop-1.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1933540
--------------------------------------------------------------------------------
================================================================================
golang-github-prometheus-2.24.1-4.el7 (FEDORA-EPEL-2021-5c8b42e206)
Prometheus monitoring system and time series database
--------------------------------------------------------------------------------
Update Information:
Add ExecReload to service file
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 2.24.1-4
- Add ExecReload to service file
--------------------------------------------------------------------------------
================================================================================
golang-github-prometheus-node-exporter-1.1.1-2.el7 (FEDORA-EPEL-2021-2574a70c0f)
Exporter for machine metrics
--------------------------------------------------------------------------------
Update Information:
Fix binary location
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.1.1-2
- Fix binary location
--------------------------------------------------------------------------------
================================================================================
libmediainfo-21.03-1.el7 (FEDORA-EPEL-2021-a1ab6f9c4e)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 21.03-1
- Update to 21.03
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 20.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Nov 7 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 20.09-1
- Update to 20.09
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852958 - CVE-2020-15395 mediainfo: Buffer overflow vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1852958
[ 2 ] Bug #1940985 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940985
[ 3 ] Bug #1940987 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940987
--------------------------------------------------------------------------------
================================================================================
libzen-0.4.39-1.el7 (FEDORA-EPEL-2021-a1ab6f9c4e)
Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 0.4.39-1
- Update to 0.4.39
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.38-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.38-3
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.38-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852958 - CVE-2020-15395 mediainfo: Buffer overflow vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1852958
[ 2 ] Bug #1940985 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940985
[ 3 ] Bug #1940987 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940987
--------------------------------------------------------------------------------
================================================================================
mediainfo-21.03-1.el7 (FEDORA-EPEL-2021-a1ab6f9c4e)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update mediainfo.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 28 2021 Vasiliy N. Glazov <vascom2(a)gmail.com> - 21.03-1
- Update to 21.03
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 20.09-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Nov 7 2020 Vasiliy N. Glazov <vascom2(a)gmail.com> - 20.09-1
- Update to 20.09
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852958 - CVE-2020-15395 mediainfo: Buffer overflow vulnerability [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1852958
[ 2 ] Bug #1940985 - CVE-2020-26797 mediainfo: heap-based buffer overflow via
MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940985
[ 3 ] Bug #1940987 - CVE-2020-26797 libmediainfo: mediainfo: heap-based buffer overflow
via MediaInfoLib::File_Gxf::ChooseParser_ChannelGrouping [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1940987
--------------------------------------------------------------------------------