Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

22 Feb 2023


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-66548f784b   openssl11-1.1.1k-5.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fedpkg-1.44-1.el7
    gssntlmssp-1.2.0-1.el7
    rpkg-1.66-2.el7
    singularity-ce-3.11.0-1.el7
Details about builds:
================================================================================
 fedpkg-1.44-1.el7 (FEDORA-EPEL-2023-4b6252389d)
 Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
A new release presents these changes:  *
https://docs.pagure.org/fedpkg/releases/1.44.html *
https://docs.pagure.org/rpkg/releases/1.66.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 20 2023 Ond��ej Nosek onosek@redhat.com - 1.44-1
- Do not execute unittests for old bodhi-client (onosek)
- New command `disable-monitoring` (onosek)
- Set default_branch_merge to 'rawhide' (otto.liljalaakso)
- `fedpkg update`: can handle $EDITOR with arguments - #492 (onosek)
- Add Jenkinsfile for CI (onosek)
* Mon Jan 30 2023 Miro Hron��ok mhroncok@redhat.com - 1.43-3
- Rebuilt to change Python shebangs to /usr/bin/python3.6 on EPEL 8
* Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.43-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 gssntlmssp-1.2.0-1.el7 (FEDORA-EPEL-2023-acd256a168)
 GSSAPI NTLMSSP Mechanism
--------------------------------------------------------------------------------
Update Information:
Patches several CVEs reported by GitHub Security Lab CVE-2023-25563
CVE-2023-25564 CVE-2023-25565 CVE-2023-25566 CVE-2023-25567
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 21 2023 Simo Sorce simo@samba.org - 1.2.0-1
- Security release 1.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2172024 - CVE-2023-25563 gssntlmssp: multiple out-of-bounds read when decoding NTLM fields [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2172024
  [ 2 ] Bug #2172025 - CVE-2023-25564 gssntlmssp: memory corruption when decoding UTF16 strings [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2172025
  [ 3 ] Bug #2172026 - CVE-2023-25565 gssntlmssp: incorrect free when decoding target information [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2172026
  [ 4 ] Bug #2172027 - CVE-2023-25566 gssntlmssp: memory leak when parsing usernames [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2172027
  [ 5 ] Bug #2172028 - CVE-2023-25567 gssntlmssp: out-of-bounds read when decoding target information [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2172028
--------------------------------------------------------------------------------
================================================================================
 rpkg-1.66-2.el7 (FEDORA-EPEL-2023-4b6252389d)
 Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
A new release presents these changes:  *
https://docs.pagure.org/fedpkg/releases/1.44.html *
https://docs.pagure.org/rpkg/releases/1.66.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 21 2023 Ond��ej Nosek onosek@redhat.com - 1.66-2
- rebuild for unification of all branches
* Mon Feb 20 2023 Ond��ej Nosek onosek@redhat.com - 1.66-1
- container-build: document --compose-ids overrides any new composes (kdreyer)
- Use srpm when scratch-building from dirty repo - #652 (otto.liljalaakso)
- Code cleanup in tests/test_cli.py (otto.liljalaakso)
- Reduce indentation in assert_build helper (otto.liljalaakso)
- Allow empty commits - 494 (msuchy)
- Allow forcing download of all sources - #650 (otto.liljalaakso)
- Add test case for not downloading unused sources (otto.liljalaakso)
- Support 'results_dir=subdir' when building from srpm - #648
  (otto.liljalaakso)
- Use local branch name as release when there is no remote (otto.liljalaakso)
- Allow downstreams to define a default release (otto.liljalaakso)
- Switch load_branch_merge to use multiple return (otto.liljalaakso)
- Unittests for 'git push' hook script (onosek)
- Checking a repo configuration before 'git push' with a git hook script - 491
  (onosek)
- Fix skipping NVR check with autorelease (nils)
- pyrpkg.spec.SpecFile: More lenient parser for Source/Patch lines (fweimer)
- Fix URL in CHANGELOG.rst (tmz)
- Add Jenkinsfile for CI (onosek)
- mockbuild: escape rpm command under mock - rhbz#2130349 (onosek)
- Fixes for exploded SRPM layouts - #633 (tdawson)
- `fedpkg local` does not show rpmbuild output - rhbz#2124809 (onosek)
--------------------------------------------------------------------------------
================================================================================
 singularity-ce-3.11.0-1.el7 (FEDORA-EPEL-2023-d6affefa87)
 Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Upgrade to 3.11.0 upstream version. This is a compatible upgrade to a new
upstream minor version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 21 2023 David Trudgian dtrudg@sylabs.io - 3.11.0-1
- Upgrade to 3.11.0 upstream version.
- This is a compatible upgrade to a new upstream minor version.
--------------------------------------------------------------------------------