Fedora EPEL 8 updates-testing report - epel-devel - Fedora mailing-lists

14 Jul 2020


      The following Fedora EPEL 8 Security updates need testing:
 Age  URL
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-8e909a0e81   coturn-4.5.1.3-1.el8
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f1828228be   xrdp-0.9.13.1-1.el8
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-13c6cbc484   python-gnupg-0.4.6-1.el8
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-2f1d845c76   python-rsa-3.4.2-15.el8
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-9239b6fa50   botan2-2.12.1-2.el8
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ff58160b15   libslirp-4.3.1-1.el8
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-672e6676c7   seamonkey-2.53.3-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
bdsync-0.11.2-1.el8
    cacti-1.2.13-1.el8
    cacti-spine-1.2.13-1.el8
    cpuid-20200427-1.el8
    mbedtls-2.16.7-1.el8
    nnn-3.3-1.el8
    pdns-4.3.0-5.el8
    perl-MooseX-Types-DateTime-MoreCoercions-0.15-15.el8
    puppet-6.14.0-1.el8
    python-natlas-libnmap-0.7.1-1.el8
    python-readme-renderer-24.0-3.el8
    singularity-3.6.0-1.el8
    sipcalc-1.1.6-17.el8
    ufdbGuard-1.34.5-2.el8
    wsdd-0.6.1-1.el8
Details about builds:
================================================================================
 bdsync-0.11.2-1.el8 (FEDORA-EPEL-2020-21c2b8d984)
 Remote sync for block devices
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 cacti-1.2.13-1.el8 (FEDORA-EPEL-2020-12d0e14fab)
 An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.13  Release notes:
https://www.cacti.net/release_notes.php?version=1.2.13
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Morten Stevens mstevens@fedoraproject.org - 1.2.13-1
- Update to 1.2.13
- CVE-2020-11022, CVE-2020-11023, CVE-2020-13625, CVE-2020-14295
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1849133 - CVE-2020-14295 cacti: SQL injection in color.php can lead to remote command execution
        https://bugzilla.redhat.com/show_bug.cgi?id=1849133
--------------------------------------------------------------------------------
================================================================================
 cacti-spine-1.2.13-1.el8 (FEDORA-EPEL-2020-12d0e14fab)
 Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.13  Release notes:
https://www.cacti.net/release_notes.php?version=1.2.13
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Morten Stevens mstevens@fedoraproject.org - 1.2.13-1
- Update to 1.2.13
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1849133 - CVE-2020-14295 cacti: SQL injection in color.php can lead to remote command execution
        https://bugzilla.redhat.com/show_bug.cgi?id=1849133
--------------------------------------------------------------------------------
================================================================================
 cpuid-20200427-1.el8 (FEDORA-EPEL-2020-d662b4c136)
 Dumps information about the CPU(s)
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 20200427 (rhbz#1828251)
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1828251 - cpuid-20200427.src is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1828251
--------------------------------------------------------------------------------
================================================================================
 mbedtls-2.16.7-1.el8 (FEDORA-EPEL-2020-1c906e59bb)
 Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.16.7  Security advisory: https://tls.mbed.org/tech-
updates/security-advisories/mbedtls-security-advisory-2020-07
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Morten Stevens mstevens@fedoraproject.org - 2.16.7-1
- Update to 2.16.7
- Security Advisory 2020-07
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1851867 - CVE-2020-10941 mbedtls: cache attack against RSA key import in SGX
        https://bugzilla.redhat.com/show_bug.cgi?id=1851867
--------------------------------------------------------------------------------
================================================================================
 nnn-3.3-1.el8 (FEDORA-EPEL-2020-90fe2de3db)
 The missing terminal file browser for X
--------------------------------------------------------------------------------
Update Information:
Update to 3.3 (#1856600)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Robert-Andr�� Mauchin zebob.m@gmail.com - 3.3-1
- Update to 3.3 (#1856600)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1856600 - nnn-3.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1856600
--------------------------------------------------------------------------------
================================================================================
 pdns-4.3.0-5.el8 (FEDORA-EPEL-2020-2a2993896a)
 A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- Updated file permissions
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Morten Stevens mstevens@fedoraproject.org - 4.3.0-5
- Updated file permissions
* Sun Jun 14 2020 Adrian Reber adrian@lisas.de - 4.3.0-4
- Rebuilt for protobuf 3.12
* Thu Jun  4 2020 Morten Stevens mstevens@fedoraproject.org - 4.3.0-3
- Rebuilt for Boost 1.73
--------------------------------------------------------------------------------
================================================================================
 perl-MooseX-Types-DateTime-MoreCoercions-0.15-15.el8 (FEDORA-EPEL-2020-2ed70197e0)
 Extensions to MooseX::Types::DateTime
--------------------------------------------------------------------------------
Update Information:
Add new package to EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850776 - Add perl-MooseX-Types-DateTime-MoreCoercions to EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1850776
--------------------------------------------------------------------------------
================================================================================
 puppet-6.14.0-1.el8 (FEDORA-EPEL-2020-e13502b7fa)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
Build of puppet 6.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1748525 - build of puppet for EPEL 8
        https://bugzilla.redhat.com/show_bug.cgi?id=1748525
--------------------------------------------------------------------------------
================================================================================
 python-natlas-libnmap-0.7.1-1.el8 (FEDORA-EPEL-2020-d6cdd624a2)
 Python library for nmap tasks, parse and compare/diff scan results
--------------------------------------------------------------------------------
Update Information:
Initial package for Fedora
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 python-readme-renderer-24.0-3.el8 (FEDORA-EPEL-2020-7e8ab683f9)
 Safely render long_description/README files in Warehouse
--------------------------------------------------------------------------------
Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1852793 - Please provide python-readme-renderer for EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1852793
--------------------------------------------------------------------------------
================================================================================
 singularity-3.6.0-1.el8 (FEDORA-EPEL-2020-442e619b4a)
 Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream 3.6.0.  Remove patch #4679 for el8.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 14 2020 Dave Dykstra dwd@fedoraproject.org - 3.6.0-1
- Upgrade to upstream 3.6.0.  Remove patch #4679 for el8, since
  golang-12 is now available for that build machine.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1828680 - singularity-3.6.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1828680
--------------------------------------------------------------------------------
================================================================================
 sipcalc-1.1.6-17.el8 (FEDORA-EPEL-2020-d5e4fcbe28)
 An "advanced" console based ip subnet calculator
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL 8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412939 - sipcalc package missing from el7
        https://bugzilla.redhat.com/show_bug.cgi?id=1412939
--------------------------------------------------------------------------------
================================================================================
 ufdbGuard-1.34.5-2.el8 (FEDORA-EPEL-2020-f50061e899)
 A URL filter for squid
--------------------------------------------------------------------------------
Update Information:
Initial build.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1426863 - unmaintained?  package ufdbguard instead?
        https://bugzilla.redhat.com/show_bug.cgi?id=1426863
  [ 2 ] Bug #1856464 - Review Request: ufdbGuard - A URL filter for squid
        https://bugzilla.redhat.com/show_bug.cgi?id=1856464
--------------------------------------------------------------------------------
================================================================================
 wsdd-0.6.1-1.el8 (FEDORA-EPEL-2020-6f70a8210b)
 Web Services Dynamic Discovery host daemon
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.  Copied from
https://github.com/christgau/wsdd/releases : Version 0.6.1 - ignore unknown
interface indexes from Netlink message on Linux (caused "error in main loop") -
prevent hosts from not being discovered due to misplaced socket registration at
selector  Version 0.6 - new operation 'discovery' operation mode to scan for
other hosts,   exposed via minimalistic socket-based API - improved handling of
address changes (prevents termination when   system is currently starting up but
no IP address has been assigned) - usage of tentative IPv6 addresses is avoided
on Linux - chroot now works also an machines with international domain/host name
- fixed handling of invalid messages - improved FreeBSD rc.d script - code
heavily refactored
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 13 2020 Sam P survient@fedoraproject.org - 0.6.1-1
- Updated to upstream latest release
--------------------------------------------------------------------------------