The following Fedora EPEL 7 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1eae057392 apptainer-1.1.6-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ef27d9fd2b clamav-0.103.8-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dd_rescue-1.99.12-3.el7 guacamole-server-1.5.0-1.el7 librsync-2.3.4-1.el7 openssl11-1.1.1k-5.el7 srm-ifce-1.24.6-1.el7
Details about builds:
================================================================================ dd_rescue-1.99.12-3.el7 (FEDORA-EPEL-2023-cd662199ad) Fault tolerant "dd" utility for rescuing data from bad media -------------------------------------------------------------------------------- Update Information:
fix dd_rhelp detection for dd_rescue -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 18 2023 Michal Ambroz <rebus AT seznam dot cz> - 1.99.12-3 - dd_rhelp - fix dependencies and dd_rescue detection * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.99.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Oct 5 2022 Michal Ambroz <rebus AT seznam dot cz> - 1.99.12-1 - bump to 1.99.12 * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.99.11-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.99.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jul 21 2021 Fedora Release Engineering releng@fedoraproject.org - 1.99.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ guacamole-server-1.5.0-1.el7 (FEDORA-EPEL-2023-887a4577d5) Server-side native components that form the Guacamole proxy -------------------------------------------------------------------------------- Update Information:
# Apache Guacamole 1.5.0 ## User interface / platform * See recordings by clicking on history record (GUACAMOLE-462) * Bug: Web browser could not play large size of session recording file as 1G size (GUACAMOLE-896) * Bug: Additional permissions from groups do not affect user home screen (GUACAMOLE-1275) * Alert users when admins connect to their session (GUACAMOLE-1293) * Allow bundling of library `.jar` files within extensions (GUACAMOLE-1508) * Provide better CSS/structural context for branding and theming extensions (GUACAMOLE-1509) * Automatically trim trailing whitespace from `guacamole.properties` values (GUACAMOLE-1511) * Bug: Cannot copy/paste into admin fields if local clipboard integration is unavailable (GUACAMOLE-1523) * Bug: SessionRecording ���onload��� event fires twice (GUACAMOLE-1545) ## Authentication, integration, and storage * Support storage of sensitive data within key vaults (GUACAMOLE-641) * Add support for querying multiple LDAP servers (GUACAMOLE-957) * Bug: SSL communication by mariadb connector/J is not possible (GUACAMOLE-1453) ## Protocol support / guacd * Add support for OpenSSH private key format (GUACAMOLE-745) * Add support for ED25519 SSH keys (GUACAMOLE-746) * Bug: RDP ���reconnect��� resizing breaks RDPDR (GUACAMOLE-876) * Bug: RDP print process may hang (GUACAMOLE-1115) * Bug: An improper locking bug (e.g., resource leak) due to unreleased lock (GUACAMOLE-1416) * Bug: FreeRDP `DVCPluginEntry` returns `UINT` for all 2.0 versions (GUACAMOLE-1435) * Bug: SSH public key authentication fails with ���Unable to extract public key from private key��� (GUACAMOLE-1504) * libguac-terminal should be a shared library (GUACAMOLE-1538) * Shared recording functionality should be public (GUACAMOLE-1543) ## Internationalization * Polish keyboard layout (GUACAMOLE-1495) ## General housekeeping and cleanup * Bug: `guacenc` build fails against FFmpeg 4.4 (GUACAMOLE-1330) * Bug: Some typo mistakes in some source files (GUACAMOLE-1446) * Update Java/JavaScript dependencies for 1.5.0 (GUACAMOLE-1594) -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 19 2023 Robert Scheck robert@fedoraproject.org - 1:1.5.0-1 - Update to 1.5.0 (#2169593) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2169593 - guacamole-server-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2169593 --------------------------------------------------------------------------------
================================================================================ librsync-2.3.4-1.el7 (FEDORA-EPEL-2023-8ce23a4b55) Rsync remote-delta algorithm library -------------------------------------------------------------------------------- Update Information:
# librsync 2.3.4 * Fix failing tests on only s390x by putting `#include "config.h"` with `/* IWYU pragma: keep */` in most `src/*.c` files. Add `/* IWYU pragma: keep */` to includes in `src/fileutil.c` that are needed on some platforms but not others so upstream can remove the special exemptions to skip this file for the iwyu and iwyu-fix targets in `CMakeLists.txt`. Also add some typecasts to `rollsum.[ch]` and `patch.c` to silence warnings on Windows. # librsync 2.3.3 * Add missing word to `README.md`. * Make delta directly process the input stream if it has enough data. Delta operations will only accumulate data into the internal scoop buffer if the input buffer is too small, otherwise it will process the input directly. This makes delta calculations 5%~15% faster by avoiding extra data copying. * Improve documentation so that Doxygen generates more complete documentation with diagrams, renders better, and is more navigable as markdown docs on GitHub. * Add GitHub action and make targets for `clang-tidy` and `iwyu`. Added `clang-tidy` and `iwyu` make targets for checking code and includes, and `iwyu-fix` for fixing includes. Added `lint.yml` GitHub action to run these checks. Fixed all `clang-tidy` and `iwyu` warnings except for `fileutil.c` with platform related include complications. Added consistent include guards to all headers. Updated and improved documentation in `CONTRIBUTING.md` to include these changes. * Tidy rdiff integration test scripts. Made the filenames and shell arguments for test scripts consistent. * Add better cmake build type configuration support. Added `BuildType.cmake` with better support for selecting the build type and making it default to Debug. * Remove obsolete unused tests. Removed some obsolete mdfour test data files and check-rdiff perl script. * Fix warning for later CMake versions. New CMake versions started complaining about the filename `Findlibb2.cmake` not matching the `LIBB2` variables being used. -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 19 2023 Robert Scheck robert@fedoraproject.org 2.3.4-1 - Upgrade to 2.3.4 (#2170502 #c2) * Sat Feb 18 2023 Robert Scheck robert@fedoraproject.org 2.3.3-1 - Upgrade to 2.3.3 (#2170502) * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 2.3.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 2.3.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 2.3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 2.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2170502 - librsync-2.3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2170502 --------------------------------------------------------------------------------
================================================================================ openssl11-1.1.1k-5.el7 (FEDORA-EPEL-2023-66548f784b) Utilities from the general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information:
- backport from 1.1.1k-9: Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - backport from 1.1.1k-9: Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - backport from 1.1.1k-9: Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - backport from 1.1.1k-9: Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - backport from 1.1.1k-8: Fix no-ec build Resolves: rhbz#2071020 -------------------------------------------------------------------------------- ChangeLog:
* Sun Feb 19 2023 Robert Scheck robert@fedoraproject.org 1.1.1k-5 - backport from 1.1.1k-9: Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - backport from 1.1.1k-9: Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - backport from 1.1.1k-9: Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - backport from 1.1.1k-9: Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 - backport from 1.1.1k-8: Fix no-ec build Resolves: rhbz#2071020 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName https://bugzilla.redhat.com/show_bug.cgi?id=2164440 [ 2 ] Bug #2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation https://bugzilla.redhat.com/show_bug.cgi?id=2164487 [ 3 ] Bug #2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF https://bugzilla.redhat.com/show_bug.cgi?id=2164492 [ 4 ] Bug #2164494 - CVE-2022-4450 openssl: double free after calling PEM_read_bio_ex https://bugzilla.redhat.com/show_bug.cgi?id=2164494 --------------------------------------------------------------------------------
================================================================================ srm-ifce-1.24.6-1.el7 (FEDORA-EPEL-2023-27657b6846) SRM client side library -------------------------------------------------------------------------------- Update Information:
Upstream release v1.24.6 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 17 2023 Mihai Patrascoiu mihai.patrascoiu@cern.ch - 1.24.6-1 - Upstream release 1.24.6 * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 1.24.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Tue Jan 3 2023 Mihai Patrascoiu mihai.patrascoiu@cern.ch - 1.24.5-2 - Rebuild against gsoap-2.8.124 (bugzilla #2155574) --------------------------------------------------------------------------------