Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

7 Apr 2020


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 602  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
 344  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   python-gnupg-0.4.4-1.el7
 341  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   bubblewrap-0.3.3-2.el7
  51  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6   python-waitress-1.4.3-1.el7
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b23fa957bb   drupal7-ckeditor-1.19-1.el7
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-16bf726581   php-robrichards-xmlseclibs1-1.4.3-1.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-181270fbae   chromium-80.0.3987.163-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cacti-1.2.11-1.el7
    cacti-spine-1.2.11-1.el7
    libmediainfo-20.03-1.el7
    libprelude-5.1.1-1.el7
    libpreludedb-5.1.0-2.el7
    libzen-0.4.38-1.el7
    mediainfo-20.03-1.el7
    nagios-4.4.5-7.el7
    netdata-1.21.0-1.el7
    nrpe-4.0.2-1.el7
    openfortivpn-1.13.3-1.el7
    purple-discord-0-27.20200405gitdb7dc79.el7
    python-pexpect-4.8.0-1.el7
Details about builds:
================================================================================
 cacti-1.2.11-1.el7 (FEDORA-EPEL-2020-34295ace88)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.11  Release notes:
https://www.cacti.net/release_notes.php?version=1.2.11
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Morten Stevens mstevens@fedoraproject.org - 1.2.11-1
- Update to 1.2.11
--------------------------------------------------------------------------------
================================================================================
 cacti-spine-1.2.11-1.el7 (FEDORA-EPEL-2020-34295ace88)
 Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.11  Release notes:
https://www.cacti.net/release_notes.php?version=1.2.11
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Morten Stevens mstevens@fedoraproject.org - 1.2.11-1
- Update to 1.2.11
--------------------------------------------------------------------------------
================================================================================
 libmediainfo-20.03-1.el7 (FEDORA-EPEL-2020-c4a578b4cc)
 Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update mediainfo to 20.03.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr  3 2020 Vasiliy N. Glazov vascom2@gmail.com - 20.03-1
- Update to 20.03
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 19.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820795 - libzen-0.4.38 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1820795
--------------------------------------------------------------------------------
================================================================================
 libprelude-5.1.1-1.el7 (FEDORA-EPEL-2020-a95fcaedde)
 Secure Connections between all Sensors and the Prelude Manager
--------------------------------------------------------------------------------
Update Information:
Bump version 5.1.1  Bump soname
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Thomas Andrejak thomas.andrejak@gmail.com - 5.1.1-1
- Bump version 5.1.1
--------------------------------------------------------------------------------
================================================================================
 libpreludedb-5.1.0-2.el7 (FEDORA-EPEL-2020-a95fcaedde)
 Framework for easy access to the IDMEF database
--------------------------------------------------------------------------------
Update Information:
Bump version 5.1.1  Bump soname
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Thomas Andrejak thomas.andrejak@gmail.com - 5.1.0-2
- Rebuild
* Mon Apr  6 2020 Thomas Andrejak thomas.andrejak@gmail.com - 5.1.0-1
- Bump version 5.1.0
--------------------------------------------------------------------------------
================================================================================
 libzen-0.4.38-1.el7 (FEDORA-EPEL-2020-c4a578b4cc)
 Shared library for libmediainfo and medianfo*
--------------------------------------------------------------------------------
Update Information:
Update mediainfo to 20.03.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr  3 2020 Vasiliy N. Glazov vascom2@gmail.com - 0.4.38-1
- Update to 0.4.38
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 0.4.37-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 0.4.37-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb  1 2019 Fedora Release Engineering releng@fedoraproject.org - 0.4.37-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.4.37-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb  7 2018 Fedora Release Engineering releng@fedoraproject.org - 0.4.37-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820795 - libzen-0.4.38 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1820795
--------------------------------------------------------------------------------
================================================================================
 mediainfo-20.03-1.el7 (FEDORA-EPEL-2020-c4a578b4cc)
 Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update mediainfo to 20.03.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr  3 2020 Vasiliy N. Glazov vascom2@gmail.com - 20.03-1
- Update to 20.03
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 19.09-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820795 - libzen-0.4.38 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1820795
--------------------------------------------------------------------------------
================================================================================
 nagios-4.4.5-7.el7 (FEDORA-EPEL-2020-3e2935b6e2)
 Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Revert to Smooge's last good build (4.4.5-3)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Martin Jackson mhjacks@swbell.net - 4.4.5-7
- Revert to Smooge's last good build
* Tue Feb 18 2020 Stephen Smoogen smooge@fedoraproject.org - 4.4.5-3
- Add change to allow for problems found in mass rebuild and gcc10.
- Fix BZ#1793909
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 4.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Aug 29 2019 Stephen Smoogen smooge@fedoraproject.org - 4.4.5-1
- Move to 4.4.5
- Updated patches to cleanly patch
* Fri Jul 26 2019 Stephen Smoogen smooge@fedoraproject.org - 4.4.3-7
- Try to put in fixes to allow this to work on EL8
* Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 4.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova jplesnik@redhat.com - 4.4.3-5
- Perl 5.30 rebuild
* Fri Feb 22 2019 Stephen Smoogen smooge@fedoraproject.org - 4.4.3-4
- Fix BZ#1674258 add explicite User and Group to systemctl startup.
- Problem was missed because some config files had this set in them
* Tue Feb  5 2019 Stephen Smoogen smooge@fedoraproject.org - 4.4.3-3
- Fix BZ#1672027
- Patch for daemon did not have enough endif in them. However test looks superfluous
* Fri Feb  1 2019 Fedora Release Engineering releng@fedoraproject.org - 4.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 netdata-1.21.0-1.el7 (FEDORA-EPEL-2020-db9ff4507d)
 Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Didier Fabert didier.fabert@gmail.com 1.21.0-1
- Update from upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821125 - netdata-1.21.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1821125
--------------------------------------------------------------------------------
================================================================================
 nrpe-4.0.2-1.el7 (FEDORA-EPEL-2020-b6453e2708)
 Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
New upstream version fixing CVEs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Martin Jackson mhjacks@swbell.net - 4.0.2-1
- New upstream version
- Update patch for indlude_dir
- Fix BZ#1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion
- Fix BZ#1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1816805 - CVE-2020-6581 nrpe: insufficient filtering and incorrect parsing of the configuration file may lead to command injection [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1816805
  [ 2 ] Bug #1816816 - CVE-2020-6582 nrpe: heap-based buffer overflow due to a wrong integer type conversion [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1816816
--------------------------------------------------------------------------------
================================================================================
 openfortivpn-1.13.3-1.el7 (FEDORA-EPEL-2020-19aca4f76e)
 Client for PPP+SSL VPN tunnel services
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version.  ----  Update to latest upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr  6 2020 Dimitri Papadopoulos dpo@sfr.fr - 1.13.3-1
- Update to latest upstream version
- Re-enable systemd
* Mon Mar 23 2020 Adrien Verg�� adrienverge@gmail.com - 1.13.1-1
- Update to latest upstream version
- Remove systemd requirement, cf. https://github.com/adrienverge/openfortivpn/pull/586#issuecomment-602428740
* Sun Mar 22 2020 Adrien Verg�� adrienverge@gmail.com - 1.13.0-2
- Add systemd requirement, cf. https://github.com/adrienverge/openfortivpn/pull/586#issuecomment-602183264
* Sun Mar 22 2020 Adrien Verg�� adrienverge@gmail.com - 1.13.0-1
- Update to latest upstream version
--------------------------------------------------------------------------------
================================================================================
 purple-discord-0-27.20200405gitdb7dc79.el7 (FEDORA-EPEL-2020-1ece290462)
 Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated purple plugins to latest snapshots.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Vitaly Zaitsev vitaly@easycoding.org - 0-27.20200405gitdb7dc79
- Updated to latest snapshot.
* Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 0-26.20190805git250a8a0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 python-pexpect-4.8.0-1.el7 (FEDORA-EPEL-2020-9ae9d78566)
 Unicode-aware Pure Python Expect-like module
--------------------------------------------------------------------------------
Update Information:
Update to new upstream release 4.8.0 and re-enable tests (#1821711)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr  7 2020 Scott Talbert swt@techie.net - 4.8.0-1
- Update to new upstream release 4.8.0 and re-enable tests (#1821711)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821711 - Please update it to >= 4.7
        https://bugzilla.redhat.com/show_bug.cgi?id=1821711
--------------------------------------------------------------------------------