The following Fedora EPEL 7 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-8f7f2eda61
drupal7-7.82-1.el7
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-78aede2789
gifsicle-1.93-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
binaryen-102-1.el7
hdf5-1.8.12-13.el7
libmodulemd2-2.13.0-2.el7
mock-core-configs-36-1.el7
mozilla-ublock-origin-1.37.2-1.el7
nordugrid-arc6-6.13.0-1.el7
python-rsa-3.4.2-3.el7
Details about builds:
================================================================================
binaryen-102-1.el7 (FEDORA-EPEL-2021-76145bd726)
Compiler and toolchain infrastructure library for WebAssembly
--------------------------------------------------------------------------------
Update Information:
Building for EPEL7 to enable future uBlock Origin builds.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2003235 - binaryen-102 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2003235
--------------------------------------------------------------------------------
================================================================================
hdf5-1.8.12-13.el7 (FEDORA-EPEL-2021-cac52e951e)
A general purpose library and file format for storing scientific data
--------------------------------------------------------------------------------
Update Information:
Remove Fedora build flags from h5cc/h5c++/h5fc (bz#1980549)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2021 Orion Poplawski <orion(a)nwra.com> - 1.8.12-13
- Remove Fedora build flags from h5cc/h5c++/h5fc (bz#1980549)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1980549 - h5cc passes through flags from package build process
https://bugzilla.redhat.com/show_bug.cgi?id=1980549
--------------------------------------------------------------------------------
================================================================================
libmodulemd2-2.13.0-2.el7 (FEDORA-EPEL-2021-680e6c44c6)
Module metadata manipulation library
--------------------------------------------------------------------------------
Update Information:
This release adds a workaround for accepting an invalid buildorder
18446744073709551615 as found in RHEL 8 repositories. There are users who use
Fedora to edit RHEL 8 repository metadata.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 14 2021 Petr Pisar <ppisar(a)redhat.com> - 2.13.0-2
- Accept an invalid buildorder 18446744073709551615 found in RHEL 8 repositories
(
https://pagure.io/koji/issue/3025)
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-36-1.el7 (FEDORA-EPEL-2021-01f669b443)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
- Align CentOS Stream 9 with the production configuration - Disable installing
weak dependencies on RHEL rebuilds - Disable installing weak dependencies on
CentOS Stream - Validate GPG signatures for CentOS Stream 9 - Add eurolinux-8
x86_64 and i686 buildroots
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 16 2021 Miroslav Such�� <msuchy(a)redhat.com> 36-1
- config: Align CentOS Stream 9 with the production configuration
(ngompa13(a)gmail.com)
- config: Disable installing weak dependencies on RHEL rebuilds
(ngompa13(a)gmail.com)
- config: Disable installing weak dependencies on CentOS Stream
(ngompa13(a)gmail.com)
- config: Validate GPG signatures for CentOS Stream 9 (ngompa13(a)gmail.com)
- Add eurolinux-8 x86_64 and i686 buildroots (alex(a)euro-linux.com)
--------------------------------------------------------------------------------
================================================================================
mozilla-ublock-origin-1.37.2-1.el7 (FEDORA-EPEL-2021-68d47b481c)
An efficient blocker for Firefox
--------------------------------------------------------------------------------
Update Information:
Update to latest stable release, fixing CVE-2021-36773.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 28 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.37.2-1
- update to 1.37.2 (#1986999)
* Sat Jul 24 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.37.0-1
- update to 1.37.0 (#1985343)
* Sat Jul 17 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.36.2-1
- update to 1.36.2 (#1979628)
* Mon Jul 5 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.36.0-1
- update to 1.36.0 (#1974010)
- update declared version of bundled publicsuffix-list
* Tue Jun 8 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.35.2-1
- update to 1.35.2 (#1954349)
* Fri Apr 23 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.35.0-1
- update to 1.35.0 (#1946869)
* Thu Apr 1 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.34.0-1
- update to 1.34.0 (#1925264)
* Tue Feb 2 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.33.2-1
- update to 1.33.2 (#1922482)
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.32.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 20 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.32.4-1
- update to 1.32.4 (#1918447)
* Thu Aug 20 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.29.0-1
- update to 1.29.0 (#1867396)
- optimize lz4 wasm code per upstream docs
* Thu Aug 6 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.28.4-2
- fix invalid JSON after Patch0 (caught by Raymond Hill)
* Wed Aug 5 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.28.4-1
- update to 1.28.4 (#1857445)
- avoid building on big-endian, wabt doesn't work there
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.28.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 13 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.28.2-3
- add missing explicit BR on python3
* Mon Jul 13 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.28.2-2
- use python3 in build script explicitly
* Sun Jul 12 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.28.2-1
- update to 1.28.2 (#1835275)
- "build" from upstream "source" directly
- drop non-free components from upstream uAssets tarball
* Sun May 3 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.26.2-1
- update to 1.26.2 (#1825039)
* Sun Apr 12 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.26.0-1
- update to 1.26.0 (#1820622)
* Sat Mar 14 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 1.25.2-1
- update to 1.25.2 (#1797341)
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.24.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Dec 1 2019 Dominik Mierzejewski <rpm(a)greysector.net> - 1.24.2-1
- update to 1.24.2 (#1763778)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1988356 - CVE-2021-36773 mozilla-ublock-origin: crafted web sites may cause a
denial of service [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1988356
--------------------------------------------------------------------------------
================================================================================
nordugrid-arc6-6.13.0-1.el7 (FEDORA-EPEL-2021-bf6bf820a2)
Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:
NorduGrid ARC 6.13.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 16 2021 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 6.13.0-1
- Update to version 6.13.0
--------------------------------------------------------------------------------
================================================================================
python-rsa-3.4.2-3.el7 (FEDORA-EPEL-2021-bf6b6fd790)
Pure-Python RSA implementation
--------------------------------------------------------------------------------
Update Information:
Add patch for CVE-2020-25658
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2021 Jason Montleon <jmontleo(a)redhat.com> - 3.4.2-3
- Apply backport patch to fix CVE-2020-25658
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1895780 - CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack
against RSA decryption [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1895780
--------------------------------------------------------------------------------