The following Fedora EPEL 7 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-517f0a8a49 drupal7-i18n-1.31-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-10049c7b14 libbsd-0.11.7-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fedora-license-data-1.8-1.el7
Details about builds:
================================================================================
fedora-license-data-1.8-1.el7 (FEDORA-EPEL-2022-b871db6e37)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Add Public Domain license text used in libselinux - Make LicenseRef for GPLv2
with UPX exception more SPDX-confrmant - Add the equivalent LicenseRef-UPX and
LicenseRef-GPL-2.0-or-later WITH UPX
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.8-1
- Add Public Domain license text used in libselinux (plautrba(a)redhat.com)
- Make LicenseRef for GPLv2 with UPX exception more SPDX-confrmant
(rfontana(a)redhat.com)
- Add the equivalent LicenseRef-UPX and LicenseRef-GPL-2.0-or-later WITH UPX
(rfontana(a)redhat.com)
* Wed Nov 2 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.7-1
- redefine JSON format
- Also use rich-deps on EL 8 (miro(a)hroncok.cz)
- Once again, abandon the toml module, use tomllib/tomli/tomli-w instead
(miro(a)hroncok.cz)
- Fix typos in license review template (dcavalca(a)fedoraproject.org)
- rename [fedora]name to [fedora]legacy-name
- rename [fedora]abbreviation to [fedora]legacy-abbreviation
- Revise toml for GPL-2.0-or-later WITH x11vnc-openssl-exception
(rfontana(a)redhat.com)
- Add FSFULLRWD (rfontana(a)redhat.com)
- Add OFL-1.1-RFN as allowed-fonts (rfontana(a)redhat.com)
- use tomllib instead of toml
- document availablity of fedora-licenses.json artifact
* Thu Oct 13 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.6-1
- Add MS-LPL as not-allowed
- Add ISO-8879 to not-allowed with big usage exception
- Delete redundant license info from README.md
- Add LicenseRef-Glyphicons as not-allowed
- Add Spencer-99
- Add LicenseRef-UPX as not-allowed
- Add LicenseRef-STREAM as not-allowed
- Simplify overcomplicated condition to evaluate if a license is approved
- Handle licenses with only SPDX identifier in mkjson.py
* Mon Oct 3 2022 msuchy <msuchy(a)redhat.com> - 1.5-1
- 1.5 release
* Mon Sep 19 2022 msuchy <msuchy(a)redhat.com> - 1.4-1
- 1.4 release
* Mon May 2 2022 David Cantrell <dcantrell(a)redhat.com> - 1.0-1
- Initial build
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bf8500ac5b python-slixmpp-1.7.1-1.el8
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-08012668ea libbsd-0.11.7-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
advancecomp-2.4-1.el8
castxml-0.4.8-1.el8
fedora-license-data-1.8-1.el8
icewm-3.2.2-2.el8
kronosnet-epel-1.24-4.1.el8
Details about builds:
================================================================================
advancecomp-2.4-1.el8 (FEDORA-EPEL-2022-da88fe53cf)
Recompression utilities for .png, .mng, .zip and .gz files
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016, CVE-2022-35017,
CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.4-1
- Update to 2.4 (close RHBZ#2145023)
- Security fix for CVE-2022-35014, CVE-2022-35015, CVE-2022-35016,
CVE-2022-35017, CVE-2022-35018, CVE-2022-35019, CVE-2022-35020
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-5
- Identify bundled 7-Zip as ���7zip��� rather than ���7z���
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-4
- Add a comment about upstream tests
* Thu Nov 24 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 2.3-3
- Stricter file globs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2127376 - CVE-2022-35014 advancecomp: SEGV via invalid read address
https://bugzilla.redhat.com/show_bug.cgi?id=2127376
[ 2 ] Bug #2127378 - CVE-2022-35015 advancecomp: heap-buffer-overflow in le_uint32_read() in lib/endianrw.h
https://bugzilla.redhat.com/show_bug.cgi?id=2127378
[ 3 ] Bug #2127380 - CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in data.cc
https://bugzilla.redhat.com/show_bug.cgi?id=2127380
[ 4 ] Bug #2127383 - CVE-2022-35017 advancecomp: heap-buffer-overflow in mng_delta_addition() in mng.c
https://bugzilla.redhat.com/show_bug.cgi?id=2127383
[ 5 ] Bug #2127386 - CVE-2022-35018 advancecomp: SEGV via invalid read memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127386
[ 6 ] Bug #2127389 - CVE-2022-35019 advancecomp: SEGV via invalid write memory access
https://bugzilla.redhat.com/show_bug.cgi?id=2127389
[ 7 ] Bug #2127394 - CVE-2022-35020 advancecomp: heap buffer overflow via the component inflate()
https://bugzilla.redhat.com/show_bug.cgi?id=2127394
--------------------------------------------------------------------------------
================================================================================
castxml-0.4.8-1.el8 (FEDORA-EPEL-2022-eab213460c)
C-family abstract syntax tree XML output tool
--------------------------------------------------------------------------------
Update Information:
CastXML 0.4.8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.4.8-1
- Update to version 0.4.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2145095 - castxml-0.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2145095
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.8-1.el8 (FEDORA-EPEL-2022-3d9b9bb5a7)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Add Public Domain license text used in libselinux - Make LicenseRef for GPLv2
with UPX exception more SPDX-confrmant - Add the equivalent LicenseRef-UPX and
LicenseRef-GPL-2.0-or-later WITH UPX
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.8-1
- Add Public Domain license text used in libselinux (plautrba(a)redhat.com)
- Make LicenseRef for GPLv2 with UPX exception more SPDX-confrmant
(rfontana(a)redhat.com)
- Add the equivalent LicenseRef-UPX and LicenseRef-GPL-2.0-or-later WITH UPX
(rfontana(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
icewm-3.2.2-2.el8 (FEDORA-EPEL-2022-9343c36dd7)
Window manager designed for speed, usability, and consistency
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 17 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 3.2.2-1
- chore: Update to 3.2.2
--------------------------------------------------------------------------------
================================================================================
kronosnet-epel-1.24-4.1.el8 (FEDORA-EPEL-2022-e836710b9d)
Multipoint-to-Multipoint VPN daemon
--------------------------------------------------------------------------------
Update Information:
Merge epel8-next into epel8 now that EL8.7 has caught up with CentOS Stream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Davide Cavalca <dcavalca(a)fedoraproject.org> - 1.24-4.1
- Merge epel8-next into epel8 now that EL8.7 has caught up with CentOS Stream
Resolves: rhbz#2144202
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2144202 - Problem: package libknet1-compress-bzip2-plugin-1.24-3.1.el8.x86_64 requires libknet1(x86-64) = 1.22-2.el8_6, but none of the providers can be installed
https://bugzilla.redhat.com/show_bug.cgi?id=2144202
--------------------------------------------------------------------------------
The following builds have been pushed to Fedora EPEL 9 updates-testing
fakeroot-1.30.1-1.el9
ghc9.2-9.2.5-14.el9
knot-3.2.3-1.el9
libbsd-0.11.7-1.el9
llvm12-12.0.1-6.el9
php-pecl-mongodb-1.15.0-1.el9
python-yara-4.2.3-1.el9
Details about builds:
================================================================================
fakeroot-1.30.1-1.el9 (FEDORA-EPEL-2022-dee545c42a)
Gives a fake root environment
--------------------------------------------------------------------------------
Update Information:
Update fakeroot to 1.30.1 (#2139595)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 S��rgio Basto <sergio(a)serjux.com> - 1.30.1-1
- Update fakeroot to 1.30.1 (#2139595)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.29-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sun May 22 2022 S��rgio Basto <sergio(a)serjux.com> - 1.29-1
- Update fakeroot to 1.29 (#2089064)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139595 - fakeroot-1.30.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139595
--------------------------------------------------------------------------------
================================================================================
ghc9.2-9.2.5-14.el9 (FEDORA-EPEL-2022-e8a8f0a151)
Glasgow Haskell Compiler
--------------------------------------------------------------------------------
Update Information:
- https://www.haskell.org/ghc/blog/20221107-ghc-9.2.5-released.html -
https://downloads.haskell.org/~ghc/9.2.5/docs/html/users_guide/9.2.5-notes.…
- base-4.16.4.0 and process-1.6.16.0 - backport packaging changes from ghc9.4 -
enable hadrian
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 7 2022 Jens Petersen <petersen(a)redhat.com> - 9.2.5-14
- https://www.haskell.org/ghc/blog/20221107-ghc-9.2.5-released.html
- https://downloads.haskell.org/~ghc/9.2.5/docs/html/users_guide/9.2.5-notes.…
- base-4.16.4.0 and process-1.6.16.0
- backport packaging changes from ghc9.4
- epel9: enable hadrian
- F35,F36: disable armv7hl due to failing (#2142238)
--------------------------------------------------------------------------------
================================================================================
knot-3.2.3-1.el9 (FEDORA-EPEL-2022-b36a31f2ce)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS 3.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 21 2022 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.2.3-1
- Update to 3.2.3
--------------------------------------------------------------------------------
================================================================================
libbsd-0.11.7-1.el9 (FEDORA-EPEL-2022-13cfdabccc)
Library providing BSD-compatible functions for portability
--------------------------------------------------------------------------------
Update Information:
# libbsd 0.11.7 - Portability fixes for the Hurd - Fix ELF support for big
endian SH - Sync the `arc4random(3)` implementation from OpenBSD - Adjust
declaration shadowing to match new glibc additions - Manual pages and
documentation cleanups - Manual page rewrite to get rid of a BSD-4-Clause
license # libbsd 0.11.6 - Build system and test suite fixes for musl -
Removal of unused OpenBSD support for `arc4random()` - LoongArch support for
`nlist()` # libbsd 0.11.5 - Build system and test suite regression fixes -
Documentation on how to build the project # libbsd 0.11.4 - Further rework
of the libmd wrapping code, to simplify it again, and make it work even when we
do not need SHA-2 functions - Fix builds with LTO - Various build system
fixes - Various portability fixes - Various documentation fixes # libbsd
0.11.3 - Rework of the libmd wrapping code to not require users to explicitly
link against libmd - Various build system fixes - Various portability fixes
# libbsd 0.11.2 - Update `<sys/queue.h>` from FreeBSD - Import some
`closefrom()` changes from sudo - Make `closefrom()` use `close_range()`
syscall on Linux when available - Update `libbsd(7)` man page with updates in
0.11.0 # libbsd 0.11.0/0.11.1 - Export `strnvisx()` function - New
`recallocarray()` and `freezero()` from OpenBSD - New pwcache module from
OpenBSD - New `timespec(3bsd)` man page alias to `timeval(3bsd)` - New
progname implementation for Windows - New `LIBBSD_VIS_OPENBSD` selection macro
- Switch from embedded hashing function implementations to use libmd - Various
man pages cleanups - Various portability fixes - Various memory leak fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Robert Scheck <robert(a)fedoraproject.org> - 0.11.7-1
- Update to 0.11.7 (#1742611)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1742611 - libbsd-0.11.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1742611
--------------------------------------------------------------------------------
================================================================================
llvm12-12.0.1-6.el9 (FEDORA-EPEL-2022-5ec4a98fec)
The Low Level Virtual Machine
--------------------------------------------------------------------------------
Update Information:
initial build for epel9
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 5 2022 Jens Petersen <petersen(a)redhat.com> - 12.0.1-6
- python3-recommonmark is only in Fedora
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 12.0.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 12.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Jan 8 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 12.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/LIBFFI34
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 12.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jul 12 2021 Tom Stellard <tstellar(a)redhat.com> - 12.0.1-1
- 12.0.1 Release
* Wed Jun 30 2021 Tom Stellard <tstellar(a)redhat.com> - llvm-12.0.1~rc3-1
- 12.0.1-rc3 Release
* Fri May 28 2021 Tom Stellard <tstellar(a)redhat.com> - 12.0.1~rc1-2
- Stop installing lit tests
* Wed May 26 2021 Tom Stellard <tstellar(a)redhat.com> - llvm-12.0.1~rc1-1
- 12.0.1-rc1 Release
* Mon May 17 2021 sguelton(a)redhat.com - 12.0.0-7
- Fix handling of llvm-config
* Mon May 3 2021 kkleine(a)redhat.com - 12.0.0-6
- More verbose builds thanks to python3-psutil
* Sat May 1 2021 sguelton(a)redhat.com - 12.0.0-5
- Fix llvm-config install
* Tue Apr 27 2021 sguelton(a)redhat.com - 12.0.0-4
- Provide default empty value for exec_suffix when not in compat mode
* Tue Apr 27 2021 sguelton(a)redhat.com - 12.0.0-3
- Fix llvm-config install
* Tue Apr 20 2021 sguelton(a)redhat.com - 12.0.0-2
- Backport compat package fix
* Thu Apr 15 2021 Tom Stellard <tstellar(a)redhat.com> - 12.0.0-1
- 12.0.0 Release
* Thu Apr 8 2021 sguelton(a)redhat.com - 12.0.0-0.11.rc5
- New upstream release candidate
* Tue Apr 6 2021 sguelton(a)redhat.com - 12.0.0-0.10.rc4
- Patch test case for compatibility with llvm-test latout
* Fri Apr 2 2021 sguelton(a)redhat.com - 12.0.0-0.9.rc4
- New upstream release candidate
* Wed Mar 31 2021 Jonathan Wakely <jwakely(a)redhat.com> - 12.0.0-0.8.rc3
- Rebuilt for removed libstdc++ symbols (#1937698)
* Thu Mar 11 2021 sguelton(a)redhat.com - 12.0.0-0.7.rc3
- LLVM 12.0.0 rc3
* Wed Mar 10 2021 Kalev Lember <klember(a)redhat.com> - 12.0.0-0.6.rc2
- Add llvm-static(major) provides to the -static subpackage
* Tue Mar 9 2021 sguelton(a)redhat.com - 12.0.0-0.5.rc2
- rebuilt
* Tue Mar 2 2021 sguelton(a)redhat.com - 12.0.0-0.4.rc2
- Change CI working dir
* Wed Feb 24 2021 sguelton(a)redhat.com - 12.0.0-0.3.rc2
- 12.0.0-rc2 release
* Tue Feb 16 2021 Dave Airlie <airlied(a)redhat.com> - 12.0.0-0.2.rc1
- Enable LLVM_USE_PERF to allow perf integration
* Tue Feb 2 2021 Serge Guelton - 12.0.0-0.1.rc1
- 12.0.0-rc1 release
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 11.1.0-0.3.rc2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Serge Guelton - 11.1.0-0.2.rc2
- 11.1.0-rc2 release
* Thu Jan 14 2021 Serge Guelton - 11.1.0-0.1.rc1
- 11.1.0-rc1 release
* Tue Jan 5 2021 Serge Guelton - 11.0.1-3.rc2
- Waive extra test case
* Sun Dec 20 2020 sguelton(a)redhat.com - 11.0.1-2.rc2
- 11.0.1-rc2 release
* Tue Dec 1 2020 sguelton(a)redhat.com - 11.0.1-1.rc1
- 11.0.1-rc1 release
* Sat Oct 31 2020 Jeff Law <law(a)redhat.com> - 11.0.0-2
- Fix missing #include for gcc-11
* Wed Oct 14 2020 Josh Stone <jistone(a)redhat.com> - 11.0.0-1
- Fix coreos-installer test crash on s390x (rhbz#1883457)
* Mon Oct 12 2020 sguelton(a)redhat.com - 11.0.0-0.11
- llvm 11.0.0 - final release
* Thu Oct 8 2020 sguelton(a)redhat.com - 11.0.0-0.10.rc6
- 11.0.0-rc6
* Fri Oct 2 2020 sguelton(a)redhat.com - 11.0.0-0.9.rc5
- 11.0.0-rc5 Release
* Sun Sep 27 2020 sguelton(a)redhat.com - 11.0.0-0.8.rc3
- Fix NVR
* Thu Sep 24 2020 sguelton(a)redhat.com - 11.0.0-0.2.rc3
- Obsolete patch for rhbz#1862012
* Thu Sep 24 2020 sguelton(a)redhat.com - 11.0.0-0.1.rc3
- 11.0.0-rc3 Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2112763 - please branch llvm12 for epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2112763
--------------------------------------------------------------------------------
================================================================================
php-pecl-mongodb-1.15.0-1.el9 (FEDORA-EPEL-2022-2475891e0f)
MongoDB driver for PHP
--------------------------------------------------------------------------------
Update Information:
**php-pecl-mongodb 1.15.0** Bug * [PHPC-2132] - get_module_info() test
function may fail to match some phpinfo() values * [PHPC-2148] - Error if
RewrapManyDataKey is called with masterKey and without provider * [PHPC-2149] -
ClientEncryption::createDataKey() may leak when processing masterKey option *
[PHPC-2159] - Consider enums and traits in BSON decoding instantiatable checks
Epic * [PHPC-2093] - Key Management API New Feature * [PHPC-2083] - BSON
handling for enum classes Task * [PHPC-1710] - Document upcoming signature
changes in interfaces * [PHPC-1929] - ReadConcern tests need not exhaustively
test each constant * [PHPC-1945] - Remove class_exists checks from SKIPIF blocks
in Decimal128 tests * [PHPC-2064] - SKIPIF output may be ignored for tests using
skip_if_not_clean on PHP 8.1 * [PHPC-2111] - Replace zend_parse_parameter_calls
with PHONGO_PARSE_PARAMETERS macros * [PHPC-2115] - Remove manual fetching of
DateTimeImmutable class entry * [PHPC-2117] - Test with PHP 8.2 on GitHub
Actions * [PHPC-2118] - Use debian11 and include MongoDB 6.0 for load balancer
testing * [PHPC-2124] - Ensure that null is still accepted for optional
parameters * [PHPC-2128] - Create stub files for functions * [PHPC-2130] -
Remove proto definitions from source files * [PHPC-2136] - Final modifier should
precede method visibility in stub files * [PHPC-2143] - Add Windows builds to
GitHub Actions and publish DLLs for releases * [PHPC-2146] - Refactor type map
struct * [PHPC-2147] - Update AppVeyor config to clone PHP fork of the Windows
SDK * [PHPC-2153] - Test with PHP 8.2 on Evergreen * [PHPC-2154] - Test with PHP
8.2 on Appveyor * [PHPC-2166] - Use void keyword in prototypes for functions
that take no parameters Improvement * [PHPC-1708] - Add return type
information to final classes * [PHPC-1711] - Add return type information to
interfaces * [PHPC-1928] - Remove unnecessary casts to zend_long * [PHPC-1944] -
Add final modifier to __set_state methods * [PHPC-2015] - Use stub files to
generate arginfo * [PHPC-2101] - Default Binary constructor $type parameter to
TYPE_GENERIC * [PHPC-2103] - Allow applications to detect crypt_shared
availability * [PHPC-2120] - Upgrade libmongocrypt dependency to 1.5.2 *
[PHPC-2125] - Reduce expected removeKeyAltName operations to a single
findOneAndUpdate * [PHPC-2126] - Allow RewrapManyDataKeyResult.bulkWriteResult
to be optional * [PHPC-2142] - WriteResult getters should return null and emit
deprecation notice for w:0 writes and return zero otherwise if libmongoc result
is omitted * [PHPC-2151] - Validate masterKey option for createDataKey() and
rewrapManyDataKey() * [PHPC-2168] - Use consistent int types for APM fields and
snprintf for string conversions
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Remi Collet <remi(a)remirepo.net> - 1.15.0-1
- update to 1.15.0
- raise dependency on libbson and libmongoc 1.23.1
--------------------------------------------------------------------------------
================================================================================
python-yara-4.2.3-1.el9 (FEDORA-EPEL-2022-f8a6cc64cf)
Python binding for the YARA pattern matching tool
--------------------------------------------------------------------------------
Update Information:
python-yara for EL9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Michal Ambroz <rebus at, seznam.cz> - 4.2.3-1
- Rebuilt for yara-4.2.3 - second service :)
* Tue Aug 9 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 4.2.0-5
- Rebuilt for yara-4.2.3
* Mon Aug 8 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 4.2.0-4
- Skip testModuleData again for F36, fixes rhbz#2116289
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 4.2.0-2
- Rebuilt for Python 3.11
* Fri May 27 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 4.2.0-1
- Bump to 4.2.0 rhbz#2063287 fixes FTBFS rhbz#2064646
- Minor changes to spec, like using https for URL
- Simplify some of checks for different builds
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Nov 10 2021 Michal Ambroz <rebus at, seznam.cz> - 4.1.3-2
- rebuild due to koji hickup
* Wed Nov 10 2021 Michal Ambroz <rebus at, seznam.cz> - 4.1.3-1
- bump the python-yara as well to 4.1.3
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 4.1.0-2
- Rebuilt for Python 3.10
* Tue Apr 27 2021 Michal Ambroz <rebus at, seznam.cz> - 4.1.0-1
- bump the python-yara as well to 4.1.0
* Tue Apr 27 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-3
- rebuild for new version of yara 4.1.0
* Sun Apr 25 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-2
- rebuild for epel
* Sat Mar 13 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.5-1
- bump to version 4.0.5
* Wed Feb 10 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.4-1
- bump to version 4.0.4
* Thu Feb 4 2021 Michal Ambroz <rebus at, seznam.cz> - 4.0.3-1
- bump to version 4.0.3
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2119598 - Please branch and build python-yara in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2119598
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-517f0a8a49 drupal7-i18n-1.31-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
knot-3.2.3-1.el7
libbsd-0.11.7-1.el7
resalloc-openstack-9.4-1.el7
Details about builds:
================================================================================
knot-3.2.3-1.el7 (FEDORA-EPEL-2022-f51f68af39)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS 3.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 21 2022 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.2.3-1
- Update to 3.2.3
--------------------------------------------------------------------------------
================================================================================
libbsd-0.11.7-1.el7 (FEDORA-EPEL-2022-10049c7b14)
Library providing BSD-compatible functions for portability
--------------------------------------------------------------------------------
Update Information:
# libbsd 0.11.7 - Portability fixes for the Hurd - Fix ELF support for big
endian SH - Sync the `arc4random(3)` implementation from OpenBSD - Adjust
declaration shadowing to match new glibc additions - Manual pages and
documentation cleanups - Manual page rewrite to get rid of a BSD-4-Clause
license # libbsd 0.11.6 - Build system and test suite fixes for musl -
Removal of unused OpenBSD support for `arc4random()` - LoongArch support for
`nlist()` # libbsd 0.11.5 - Build system and test suite regression fixes -
Documentation on how to build the project # libbsd 0.11.4 - Further rework
of the libmd wrapping code, to simplify it again, and make it work even when we
do not need SHA-2 functions - Fix builds with LTO - Various build system
fixes - Various portability fixes - Various documentation fixes # libbsd
0.11.3 - Rework of the libmd wrapping code to not require users to explicitly
link against libmd - Various build system fixes - Various portability fixes
# libbsd 0.11.2 - Update `<sys/queue.h>` from FreeBSD - Import some
`closefrom()` changes from sudo - Make `closefrom()` use `close_range()`
syscall on Linux when available - Update `libbsd(7)` man page with updates in
0.11.0 # libbsd 0.11.0/0.11.1 - Export `strnvisx()` function - New
`recallocarray()` and `freezero()` from OpenBSD - New pwcache module from
OpenBSD - New `timespec(3bsd)` man page alias to `timeval(3bsd)` - New
progname implementation for Windows - New `LIBBSD_VIS_OPENBSD` selection macro
- Switch from embedded hashing function implementations to use libmd - Various
man pages cleanups - Various portability fixes - Various memory leak fixes
# libbsd 0.10.0 - Several security related fixes for `nlist()` - Preliminary
and partial Windows porting - Fix for a leak in the vis family of functions
- Fix for a configure check to not unnecessarily link against librt - General
portability fixes for musl, uClibc, macOS and GNU/kFreeBSD - New architectures
support for `nlist()` - Switch the `<err.h>` `*c()` functions to be standalone
and add `err()`, `warn()`, `errx()` and `warnx()` familiy of functions in case
the system lacks them - Several man page fixes # libbsd 0.9.0/0.9.1 - Add
`__arraycount()` macro - Add `flopenat()` function - Add `strtoi()` and
`strtou()` functions - Add several new vis and unvis functions - Add
`pidfile_fileno()` function, and `struct pidfh` is now opaque - The
`humanize_number()` now understands `HN_IEC_PREFIXES` - The `fmtcheck()`
function supports all standard `printf(3)` conversions - The `getentropy()`,
and thus `arc4random()` functions will not block anymore on Linux on boot when
there's not enough entropy available - The `arc4random()` function handles
direct `clone()` calls better # libbsd 0.8.7 Fixes the `nlist()` unit test on
IA64, handles glibc now providing some of the functions, restores support for
old gcc, and documents the availability of `arcrandom(3)` on other BSDs
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Robert Scheck <robert(a)fedoraproject.org> - 0.11.7-1
- Update to 0.11.7 (#1742611)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Sep 9 2020 Jeff Law <law(a)redhat.com> - 0.10.0-5
- Use symver attribute for symbol versioning
Fix configure test compromised by LTO
Fix nlist test compromised by LTO
Re-enable LTO
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 1 2020 Jeff Law <law(a)redhat.com> - 0.10.0-3
- Disable LTO
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Aug 22 2019 Eric Smith <brouhaha(a)fedoraproject.org> - 0.10.0-1
- Update to 0.10.1. (#1742611)
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue May 22 2018 Eric Smith <brouhaha(a)fedoraproject.org> - 0.9.1-1
- Update to 0.9.1. (#1538853)
* Tue May 22 2018 Eric Smith <brouhaha(a)fedoraproject.org> - 0.8.6-3
- Mark explicit_bzero() and reallocarray() as compat symbols. (#1408465)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Nov 21 2017 Jens Petersen <petersen(a)redhat.com> - 0.8.6-1
- update to 0.8.6 (#1462722)
- fixes manpage conflict (#1504831)
- condition the gcc deprecation patch on epel < 7
- clean up spec file
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Dec 23 2016 Eric Smith <brouhaha(a)fedoraproject.org> - 0.8.3-2
- Add patch for GCC deprecated attribute to allow building on GCC < 4.5
(needed for EL5 and EL6).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1789459 - CVE-2019-20367 libbsd: Out-of-bounds read in nlist.c
https://bugzilla.redhat.com/show_bug.cgi?id=1789459
--------------------------------------------------------------------------------
================================================================================
resalloc-openstack-9.4-1.el7 (FEDORA-EPEL-2022-29a87261f4)
Resource allocator scripts for OpenStack
--------------------------------------------------------------------------------
Update Information:
new upstream release, compat fix for F37
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Pavel Raiskup <praiskup(a)redhat.com> - 9.4-1
- new upstream release, compat fix for F37
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-bf8500ac5b python-slixmpp-1.7.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
fakeroot-1.30.1-1.el8
firejail-0.9.70-2.el8
knot-3.2.3-1.el8
libbsd-0.11.7-1.el8
resalloc-openstack-9.4-1.el8
Details about builds:
================================================================================
fakeroot-1.30.1-1.el8 (FEDORA-EPEL-2022-1a44a808f0)
Gives a fake root environment
--------------------------------------------------------------------------------
Update Information:
Update fakeroot to 1.30.1 (#2139595)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 S��rgio Basto <sergio(a)serjux.com> - 1.30.1-1
- Update fakeroot to 1.30.1 (#2139595)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.29-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sun May 22 2022 S��rgio Basto <sergio(a)serjux.com> - 1.29-1
- Update fakeroot to 1.29 (#2089064)
* Sun Apr 10 2022 S��rgio Basto <sergio(a)serjux.com> - 1.28-2
- Drop po4a as Debian did and renamed patches that came from Debian
* Fri Apr 8 2022 S��rgio Basto <sergio(a)serjux.com> - 1.28-1
- Update fakeroot to 1.28 (#2060992)
* Fri Jan 28 2022 S��rgio Basto <sergio(a)serjux.com> - 1.27-1
- Update fakeroot to 1.27 (#2041663)
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.26-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139595 - fakeroot-1.30.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139595
--------------------------------------------------------------------------------
================================================================================
firejail-0.9.70-2.el8 (FEDORA-EPEL-2022-48019cb68c)
Linux namespaces sandbox program
--------------------------------------------------------------------------------
Update Information:
Disable D-Bus proxy support (xdg-dbus-proxy is not available in EPEL8)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 0.9.70-2
- Disable D-Bus proxy support (xdg-dbus-proxy is not available in EPEL8)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2141000 - Current release of firejail ( firejail-0.9.70-1.el8 ) requires xdg-dbus-proxy which is not available
https://bugzilla.redhat.com/show_bug.cgi?id=2141000
--------------------------------------------------------------------------------
================================================================================
knot-3.2.3-1.el8 (FEDORA-EPEL-2022-96a3c0af7a)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS 3.2.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 21 2022 Jakub Ru��i��ka <jakub.ruzicka(a)nic.cz> - 3.2.3-1
- Update to 3.2.3
--------------------------------------------------------------------------------
================================================================================
libbsd-0.11.7-1.el8 (FEDORA-EPEL-2022-08012668ea)
Library providing BSD-compatible functions for portability
--------------------------------------------------------------------------------
Update Information:
# libbsd 0.11.7 - Portability fixes for the Hurd - Fix ELF support for big
endian SH - Sync the `arc4random(3)` implementation from OpenBSD - Adjust
declaration shadowing to match new glibc additions - Manual pages and
documentation cleanups - Manual page rewrite to get rid of a BSD-4-Clause
license # libbsd 0.11.6 - Build system and test suite fixes for musl -
Removal of unused OpenBSD support for `arc4random()` - LoongArch support for
`nlist()` # libbsd 0.11.5 - Build system and test suite regression fixes -
Documentation on how to build the project # libbsd 0.11.4 - Further rework
of the libmd wrapping code, to simplify it again, and make it work even when we
do not need SHA-2 functions - Fix builds with LTO - Various build system
fixes - Various portability fixes - Various documentation fixes # libbsd
0.11.3 - Rework of the libmd wrapping code to not require users to explicitly
link against libmd - Various build system fixes - Various portability fixes
# libbsd 0.11.2 - Update `<sys/queue.h>` from FreeBSD - Import some
`closefrom()` changes from sudo - Make `closefrom()` use `close_range()`
syscall on Linux when available - Update `libbsd(7)` man page with updates in
0.11.0 # libbsd 0.11.0/0.11.1 - Export `strnvisx()` function - New
`recallocarray()` and `freezero()` from OpenBSD - New pwcache module from
OpenBSD - New `timespec(3bsd)` man page alias to `timeval(3bsd)` - New
progname implementation for Windows - New `LIBBSD_VIS_OPENBSD` selection macro
- Switch from embedded hashing function implementations to use libmd - Various
man pages cleanups - Various portability fixes - Various memory leak fixes
# libbsd 0.10.0 - Several security related fixes for `nlist()` - Preliminary
and partial Windows porting - Fix for a leak in the vis family of functions
- Fix for a configure check to not unnecessarily link against librt - General
portability fixes for musl, uClibc, macOS and GNU/kFreeBSD - New architectures
support for `nlist()` - Switch the `<err.h>` `*c()` functions to be standalone
and add `err()`, `warn()`, `errx()` and `warnx()` familiy of functions in case
the system lacks them - Several man page fixes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 24 2022 Robert Scheck <robert(a)fedoraproject.org> - 0.11.7-1
- Update to 0.11.7 (#1742611)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Sep 9 2020 Jeff Law <law(a)redhat.com> - 0.10.0-5
- Use symver attribute for symbol versioning
Fix configure test compromised by LTO
Fix nlist test compromised by LTO
Re-enable LTO
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 1 2020 Jeff Law <law(a)redhat.com> - 0.10.0-3
- Disable LTO
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Aug 22 2019 Eric Smith <brouhaha(a)fedoraproject.org> - 0.10.0-1
- Update to 0.10.1. (#1742611)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1789459 - CVE-2019-20367 libbsd: Out-of-bounds read in nlist.c
https://bugzilla.redhat.com/show_bug.cgi?id=1789459
--------------------------------------------------------------------------------
================================================================================
resalloc-openstack-9.4-1.el8 (FEDORA-EPEL-2022-15837c244e)
Resource allocator scripts for OpenStack
--------------------------------------------------------------------------------
Update Information:
new upstream release, compat fix for F37
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 23 2022 Pavel Raiskup <praiskup(a)redhat.com> - 9.4-1
- new upstream release, compat fix for F37
--------------------------------------------------------------------------------
Now that EPEL 9 is in full swing, I'd like to start planning ahead for
what comes next. CentOS Stream 10 is expected to be available in
2024. We should be able to start EPEL 10 around the same time. Until
then, we have the opportunity to evaluate what we can improve in EPEL.
I am proposing a new workflow and structure for EPEL 10. The high
level summary is for EPEL 10 to have unique branches, build targets,
and repos for each minor version of RHEL 10, including CentOS Stream
10 as the upcoming minor version. This would be a significant change
from how EPEL works today, but I think it would address several pain
points for maintainers and users. I am opening this topic for
discussion as early as possible before the EPEL 10 launch to gather
feedback. Please note that this is currently just a proposal and has
yet to be voted on by the EPEL Steering Committee.
Please visit this thread on the Fedora Discussion site for the full proposal.
https://discussion.fedoraproject.org/t/epel-10-proposal/44304
I would also ask that feedback be provided there instead of as email
replies here on the list.
--
Carl George