Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

3 Feb 2022


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4069001f10   miniupnpc-2.0-3.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-90efec73a3   phoronix-test-suite-10.8.1-2.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-c6e9e4be6b   rlwrap-0.45.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
copr-cli-1.98-1.el7
    libdxfrw-1.0.1-3.el7
    librecad-2.2.0-0.13.rc3.el7
    nodejs-16.13.2-7.el7
    php-paragonie-constant-time-encoding-1.1.0-1.el7
    python-copr-1.115-1.el7
Details about builds:
================================================================================
 copr-cli-1.98-1.el7 (FEDORA-EPEL-2022-2fae22aa0b)
 Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
python-copr  - don't BuildRequires pyproject-rpm-macros directly - fix exception
caused by default msg value - raise user-friendly exception when on request
timeout - print human-readable validation errors in APIv3 - remove macros that
reference old Fedoras and EL6 and instroduce EL9  copr-cli  - don't traceback
for missing field in frontend's output - paginate packages list in APIv3 - fix
exit code when a build is canceled - api monitor page to contain pkg_version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb  2 2022 Silvie Chlupova schlupov@redhat.com 1.98-1
- don't traceback for missing field in frontend's output
- paginate packages list in APIv3
- fix exit code when a build is canceled
- api monitor page to contain pkg_version
--------------------------------------------------------------------------------
================================================================================
 libdxfrw-1.0.1-3.el7 (FEDORA-EPEL-2022-5aac445eff)
 Library to read/write DXF files
--------------------------------------------------------------------------------
Update Information:
Update librecad to 2.2.0 rc3. Apply fixes to libdxfrw and librecad for
CVE-2021-45341, CVE-2021-45342, CVE-2021-45343. This also resolves the issue
where some dwg files no longer opened.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb  1 2022 Tom Callaway spot@fedoraproject.org - 1.0.1-3
- apply fixes from upstream, including fix for CVE-2021-45343
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2027148 - librecad-2.2.0-rc3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2027148
  [ 2 ] Bug #2031379 - [regression] .dwg file no longer opens
        https://bugzilla.redhat.com/show_bug.cgi?id=2031379
  [ 3 ] Bug #2046249 - CVE-2021-45341 librecad: buffer overflow in CDataMoji of the jwwlib component allows remote code execution via a crafted JWW document [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2046249
  [ 4 ] Bug #2046253 - CVE-2021-45342 librecad: buffer overflow in CDataList of the jwwlib component allows remote code execution via a crafted JWW document [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2046253
  [ 5 ] Bug #2046257 - CVE-2021-45343 librecad: NULL pointer dereference in the HATCH handling of libdxfrw can lead to DoS via a crafted DXF document [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2046257
--------------------------------------------------------------------------------
================================================================================
 librecad-2.2.0-0.13.rc3.el7 (FEDORA-EPEL-2022-5aac445eff)
 Computer Assisted Design (CAD) Application
--------------------------------------------------------------------------------
Update Information:
Update librecad to 2.2.0 rc3. Apply fixes to libdxfrw and librecad for
CVE-2021-45341, CVE-2021-45342, CVE-2021-45343. This also resolves the issue
where some dwg files no longer opened.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb  1 2022 Tom Callaway spot@fedoraproject.org - 2.2.0-0.13.rc3
- update to rc3
- apply upstream fix for CVE-2021-45342, CVE-2021-45341
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 2.2.0-0.12.rc2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2027148 - librecad-2.2.0-rc3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2027148
  [ 2 ] Bug #2031379 - [regression] .dwg file no longer opens
        https://bugzilla.redhat.com/show_bug.cgi?id=2031379
  [ 3 ] Bug #2046249 - CVE-2021-45341 librecad: buffer overflow in CDataMoji of the jwwlib component allows remote code execution via a crafted JWW document [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2046249
  [ 4 ] Bug #2046253 - CVE-2021-45342 librecad: buffer overflow in CDataList of the jwwlib component allows remote code execution via a crafted JWW document [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2046253
  [ 5 ] Bug #2046257 - CVE-2021-45343 librecad: NULL pointer dereference in the HATCH handling of libdxfrw can lead to DoS via a crafted DXF document [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2046257
--------------------------------------------------------------------------------
================================================================================
 nodejs-16.13.2-7.el7 (FEDORA-EPEL-2022-b07aca13c8)
 JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Lighten some dependencies to make it easier to minimize container footprint Also
build for ppc64le Fix a dependency issue
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb  2 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-7
- Fix incorrect version Provides: for npm (bz#2049873)
* Mon Jan 31 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-6
- Rebuild for more architectures
* Mon Jan 31 2022 Stephen Gallagher sgallagh@redhat.com - 1:16.13.2-5
- Tweak some dependencies on EPEL 7 (bz2048589)
- Add Provides: bundled(zlib)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2048589 - Update version of nodejs requires -devel and -docs and can't be removed without all of nodejs.
        https://bugzilla.redhat.com/show_bug.cgi?id=2048589
--------------------------------------------------------------------------------
================================================================================
 php-paragonie-constant-time-encoding-1.1.0-1.el7 (FEDORA-EPEL-2022-b0d203dd34)
 Constant-Time Character Encoding in PHP Projects
--------------------------------------------------------------------------------
Update Information:
update to 1.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb  3 2022 Fran��ois Kooman fkooman@tuxed.net - 1.1.0-1
- update to 1.1.0
- remove upstreamed patch (PR#16)
--------------------------------------------------------------------------------
================================================================================
 python-copr-1.115-1.el7 (FEDORA-EPEL-2022-2fae22aa0b)
 Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
python-copr  - don't BuildRequires pyproject-rpm-macros directly - fix exception
caused by default msg value - raise user-friendly exception when on request
timeout - print human-readable validation errors in APIv3 - remove macros that
reference old Fedoras and EL6 and instroduce EL9  copr-cli  - don't traceback
for missing field in frontend's output - paginate packages list in APIv3 - fix
exit code when a build is canceled - api monitor page to contain pkg_version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb  2 2022 Silvie Chlupova schlupov@redhat.com 1.115-1
- don't BuildRequires pyproject-rpm-macros directly
- fix exception caused by default msg value
- raise user-friendly exception when on request timeout
- print human-readable validation errors in APIv3
- remove macros that reference old Fedoras and EL6 and instroduce EL9
--------------------------------------------------------------------------------