The following Fedora EPEL 7 Security updates need testing: Age URL 472 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 213 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 211 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8a7207a341 libidn2-2.3.0-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-aff200699c mingw-libidn2-2.3.0-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-b1761c2898 imapfilter-2.6.15-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-1a5ac407f8 jhead-3.04-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d6b0a398c2 clamav-0.101.5-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-06a2efa1e8 tnef-1.4.18-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-9007659871 chromium-78.0.3904.108-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
bitlbee-3.6-1.el7 bitlbee-facebook-1.2.0-1.el7 mlpack-3.2.2-1.el7 proftpd-1.3.5e-8.el7 python-jaydebeapi-1.1.1-8.el7 sympa-6.2.48-3.el7 vertica-python-0.10.0-1.el7
Details about builds:
================================================================================ bitlbee-3.6-1.el7 (FEDORA-EPEL-2019-70465bd8c8) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information:
BitlBee 3.6 =========== IRC/Core -------- * Add server-time IRCv3 capability * Add PROXY command for haproxy/stunnel * Large performance improvements for large contact lists * Many UX/documentation improvements * Added built-in crash handler that writes to `/var/lib/bitlbee/crash.log` * Try to join long spaceless lines in paste_buffer without a newline. The main use case for this is pasting long URLs and not breaking them * Fix status message being set to null accidentally * Fix handling utf8 nick renames when loading configs * Fix SSL's SNI with hostnames starting with a digit * Show correct nick when `rename -del` is used Twitter ------- * Disable the stream setting by default. Filter streams still work. * Update default character limit to 280 chars * Fix quote tweet url display. Jabber ------ * Try to join anyway after "Already present in chat" * Fix chat joins when ext_jid is provided for your own user. Seen with Biboumi (a gateway from XMPP to IRC) * Handle always_use_nicks more gracefully to reduce nick change noise OTR --- * Don't block attempts to connect/smp/smpq to "offline" users Removed dead protocols ---------------------- * msn: Use the skypeweb purple plugin instead. * skype (the dbus based thing): ditto. * yahoo: It's so dead even the replacement protocol died. * oscar: AIM is dead, for ICQ use the icyque purple plugin instead. For plugin devs --------------- * Add datadir to pkgconfig file and config.h * Add "bitlbee-set-account-password" purple signal (for hangouts) * Support libpurple 2.12.0's PURPLE_MESSAGE_REMOTE_SEND for groupchat self-messages (for slack) Packaging/distro specific stuff ------------------------------- * `bitlbee@.service` now sends stderr to syslog instead of the socket * debian: only enable `bitlbee.service`, not `bitlbee.socket` too * cygwin: portability fixes for plugins * Support OpenSSL 1.1 built without backwards compat -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 29 2019 Robert Scheck robert@fedoraproject.org 3.6-1 - Upgrade to 3.6 * Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 3.5.2-0.3.20180919git0b1448f - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 3.5.2-0.2.20180919git0b1448f - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Sep 19 2018 Adam Williamson awilliam@redhat.com - 3.5.2-0.1.20180919git0b1448f - Bump to latest git snapshot (for openssl 1.1 and twitter fixes) * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 3.5.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 3.5.1-6 - Rebuilt for Python 3.7 * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 3.5.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering releng@fedoraproject.org - 3.5.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 3.5.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering releng@fedoraproject.org - 3.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1673881 - bitlbee-3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1673881 --------------------------------------------------------------------------------
================================================================================ bitlbee-facebook-1.2.0-1.el7 (FEDORA-EPEL-2019-9e82a2e05a) Facebook protocol plugin for BitlBee -------------------------------------------------------------------------------- Update Information:
bitlbee-facebook 1.2.0 ====================== * Fix ERROR_QUEUE_OVERFLOW on login by bumping orca agent version * Fix "Failed to read fixed header" with TLS 1.3 / GnuTLS 3.6.x * Add workplace chat support (enable the "work" setting to use it) -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 7 2019 David Cantrell dcantrell@redhat.com - 1.2.0-1 - Upgrade to 1.2.0 * Wed Jul 24 2019 Fedora Release Engineering releng@fedoraproject.org - 1.1.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 1.1.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 1.1.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 1.1.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ mlpack-3.2.2-1.el7 (FEDORA-EPEL-2019-85d6cc012f) Scalable, fast C++ machine learning library -------------------------------------------------------------------------------- Update Information:
Update to latest stable version. -------------------------------------------------------------------------------- ChangeLog:
* Wed Nov 27 2019 Ryan Curtin ryan@ratml.org - 3.2.2-1 - Update to latest stable version. --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.5e-8.el7 (FEDORA-EPEL-2019-72ead04703) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update addresses a number of bugs affecting processing of CRLs in mod_tls, including possible null pointer dereferences and missing some checks. Thanks to Lionel Debroux for reporting them. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 29 2019 Paul Howarth paul@city-fan.org - 1.3.5e-8 - Fix handling of CRL lookups by properly using issuer for lookups, and guarding against null pointers (GH#858, GH#859, GH#860, GH#861, CVE-2019-19269) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1777975 - CVE-2019-19269 proftpd: NULL pointer dereference when validating the certificate of a client connecting to the server https://bugzilla.redhat.com/show_bug.cgi?id=1777975 [ 2 ] Bug #1778222 - CVE-2019-19272 proftpd: NULL pointer dereference in tls_verify_crl when validating the certificate of a client https://bugzilla.redhat.com/show_bug.cgi?id=1778222 [ 3 ] Bug #1778231 - CVE-2019-19271 proftpd: A wrong iteration variable, used when checking a client certificate against CRL entries, can cause some CRL entries to be ignored https://bugzilla.redhat.com/show_bug.cgi?id=1778231 [ 4 ] Bug #1778258 - CVE-2019-19270 proftpd: failure to check for the appropriate field of a CRL entry prevents some valid CRLs from being taken into account https://bugzilla.redhat.com/show_bug.cgi?id=1778258 --------------------------------------------------------------------------------
================================================================================ python-jaydebeapi-1.1.1-8.el7 (FEDORA-EPEL-2019-1cc43d3a46) Bridge from JDBC database drivers to Python DB-API -------------------------------------------------------------------------------- Update Information:
removing python2 support as there isn't requires (python-jpype) for that in epel7 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 1.1.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1760983 - EPEL7 - python2-jaydebeapi won't install on RHEL 7.7 https://bugzilla.redhat.com/show_bug.cgi?id=1760983 --------------------------------------------------------------------------------
================================================================================ sympa-6.2.48-3.el7 (FEDORA-EPEL-2019-ec6be94229) Powerful multilingual List Manager -------------------------------------------------------------------------------- Update Information:
- Add dependency on Socket6 and IO::Socket::IP (or alternatively Socket6 and IO::Socket::INET6 on EL6). - Add patch to fix ldap 2 level query. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 29 2019 Xavier Bachelot xavier@bachelot.org 6.2.48-3 - Add patch to fix compile executables test on F32. - Add dependency on Socket6 and IO::Socket::IP (or alternatively Socket6 and IO::Socket::INET6 on EL6). - Add patch to fix ldap 2 level query. - Re-enable Crypt::SMIME for EL8. - Re-enable all web subpackages for EL8. --------------------------------------------------------------------------------
================================================================================ vertica-python-0.10.0-1.el7 (FEDORA-EPEL-2019-67a2df9e9c) A native Python adapter for the Vertica database -------------------------------------------------------------------------------- Update Information:
Bump to new version -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 29 2019 Jakub Jedelsky jakub.jedelsky@gmail.com - 0.10.0-1 - Update to version 0.10.0 - support python3 by default -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1742251 - vertica-python-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1742251 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org