The following Fedora EPEL 7 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-30f3deb00a
chromium-112.0.5615.165-1.el7
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18a0e3fa23
apptainer-1.1.8-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
baresip-3.1.0-1.el7
libre-3.1.0-1.el7
zarafa-7.1.14-6.el7
Details about builds:
================================================================================
baresip-3.1.0-1.el7 (FEDORA-EPEL-2023-f0cf349021)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
# Baresip v3.1.0 (2023-04-27) - config: add `net_af` config setting - gzrtp: RX
thread - safe stop - ci: avoid hardcoded OpenSSL path on macOS - fix cmake
modules - cmake/mqtt: fix `MOSQUITTO_LIBRARY` - mc: send module event whenever
receiver is stopped - menu: limit early audio TX streams - call: check if SIP
UPDATE is allowed, but always update local media - account: increase line
handler size to 1024 characters - cmake: avoid include of `/usr/local/include` -
call,audio: respect SDP media dir on audio start similar to video - video:
refactor paced and burst sending - ctrl_dbus,ice,png_vf: Fix format string usage
- menu limit early video - play: flush of the aubuf directly before the replay
starts - stream: fix setting of RTP tos for IPv6 - call: only flush audio stream
when stream starts - menu: use busy tone when call declined (scode 603) - ua:
incoming DTMF `key=0` should be reported as DTMF end - video: fix possible 32bit
overflow - ua: deref call on `reset_transp` fail - uag: avoid transport reset if
local address has not changed - ci: add gcc-12 for Ubuntu 22.04 (ubuntu-latest)
- docs: remove librem from README files # libre v3.1.0 (2023-04-27) - ci:
bump mingw openssl to 3.1.0 - thread: add `cnd_timedwait()` - Add tls and http
apis for post handshake - ci/sanitizers: add multi thread testing - ci/win: use
separate retest step - thread: fix `pthread_setname_np` thread pointer deref -
ci: add FreeBSD test - cmake: bump minimum version of OpenSSL to 1.1.1 - ci:
avoid hardcoded OpenSSL path on macOS - sip,uri,test: Escape SIP URIs - udp: add
a lock for the helpers list - rem/vidmix: add position index handling - aubuf:
set auframe fields correct in read_auframe loop - list: refactor/optimize
`list_insert_sorted` - ci/freebsd: remove openssl-devel - tmr: add
`tmr_continue()` - ci,cmake: replace C99 check by strict C99 and C11 checks -
atomic: Fix missing memory order arguments in MSVC atomic functions - thread:
remove win32 `SetThreadDescription`
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 27 2023 Robert Scheck <robert(a)fedoraproject.org> 3.1.0-1
- Upgrade to 3.1.0 (#2190310)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2190309 - libre-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2190309
[ 2 ] Bug #2190310 - baresip-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2190310
--------------------------------------------------------------------------------
================================================================================
libre-3.1.0-1.el7 (FEDORA-EPEL-2023-f0cf349021)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
# Baresip v3.1.0 (2023-04-27) - config: add `net_af` config setting - gzrtp: RX
thread - safe stop - ci: avoid hardcoded OpenSSL path on macOS - fix cmake
modules - cmake/mqtt: fix `MOSQUITTO_LIBRARY` - mc: send module event whenever
receiver is stopped - menu: limit early audio TX streams - call: check if SIP
UPDATE is allowed, but always update local media - account: increase line
handler size to 1024 characters - cmake: avoid include of `/usr/local/include` -
call,audio: respect SDP media dir on audio start similar to video - video:
refactor paced and burst sending - ctrl_dbus,ice,png_vf: Fix format string usage
- menu limit early video - play: flush of the aubuf directly before the replay
starts - stream: fix setting of RTP tos for IPv6 - call: only flush audio stream
when stream starts - menu: use busy tone when call declined (scode 603) - ua:
incoming DTMF `key=0` should be reported as DTMF end - video: fix possible 32bit
overflow - ua: deref call on `reset_transp` fail - uag: avoid transport reset if
local address has not changed - ci: add gcc-12 for Ubuntu 22.04 (ubuntu-latest)
- docs: remove librem from README files # libre v3.1.0 (2023-04-27) - ci:
bump mingw openssl to 3.1.0 - thread: add `cnd_timedwait()` - Add tls and http
apis for post handshake - ci/sanitizers: add multi thread testing - ci/win: use
separate retest step - thread: fix `pthread_setname_np` thread pointer deref -
ci: add FreeBSD test - cmake: bump minimum version of OpenSSL to 1.1.1 - ci:
avoid hardcoded OpenSSL path on macOS - sip,uri,test: Escape SIP URIs - udp: add
a lock for the helpers list - rem/vidmix: add position index handling - aubuf:
set auframe fields correct in read_auframe loop - list: refactor/optimize
`list_insert_sorted` - ci/freebsd: remove openssl-devel - tmr: add
`tmr_continue()` - ci,cmake: replace C99 check by strict C99 and C11 checks -
atomic: Fix missing memory order arguments in MSVC atomic functions - thread:
remove win32 `SetThreadDescription`
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 27 2023 Robert Scheck <robert(a)fedoraproject.org> 3.1.0-1
- Upgrade to 3.1.0 (#2190309)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2190309 - libre-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2190309
[ 2 ] Bug #2190310 - baresip-3.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2190310
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.14-6.el7 (FEDORA-EPEL-2023-342b96903b)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
- Backported patch from Debian to fix CVE-2022-26562 (#2192126)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 30 2023 Robert Scheck <robert(a)fedoraproject.org> 7.1.14-6
- Backported patch from Debian to fix CVE-2022-26562 (#2192126)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2192126 - CVE-2022-26562: zarafa: Missing account validation in
ECPAMAuthenticateUser()
https://bugzilla.redhat.com/show_bug.cgi?id=2192126
--------------------------------------------------------------------------------