Fedora EPEL 8 updates-testing report - epel-devel - Fedora mailing-lists

24 Feb 2021


      The following Fedora EPEL 8 Security updates need testing:
 Age  URL
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-610589457a   prosody-0.11.8-1.el8
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-bfa4482ae0   libmysofa-1.2-4.el8
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-3428ca1a34   ansible-2.9.18-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
chromium-88.0.4324.182-1.el8
    fuse-zip-0.7.2-1.el8
    gnome-shell-extension-topicons-plus-25-2.el8
    html2ps-1.0-0.39.b7.el8
    inxi-3.3.01-1.el8
    isync-1.4.1-1.el8
    mkrdns-3.3-5.20210224gitf6e8414.el8
    mono-6.8.0-4.el8
    nagios-4.4.6-1.el8
    nordugrid-arc-6.10.2-1.el8
    oval-graph-1.2.5-1.el8
    perl-AnyEvent-AIO-1.1-31.el8
    perl-Email-Valid-1.202-12.el8
    perl-Sys-SigAction-0.23-14.el8
    python-apprise-0.9.1-2.el8
    python-ogr-0.21.0-1.el8
    python-pyrsistent-0.17.3-5.el8
    rpkg-1.62-3.el8
    sshguard-2.4.1-5.el8
    wireguard-tools-1.0.20210223-1.el8
Details about builds:
================================================================================
 chromium-88.0.4324.182-1.el8 (FEDORA-EPEL-2021-525253c896)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Update to 88.0.4324.182.   Fixes CVE-2021-21149 CVE-2021-21150 CVE-2021-21151
CVE-2021-21152 CVE-2021-21153 CVE-2021-21154 CVE-2021-21155 CVE-2021-21156
CVE-2021-21157
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 17 2021 Tom Callaway spot@fedoraproject.org - 88.0.4234.182-1
- update to 88.0.4234.182
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1929523 - CVE-2021-21149 chromium-browser: Stack overflow in Data Transfer
        https://bugzilla.redhat.com/show_bug.cgi?id=1929523
  [ 2 ] Bug #1929524 - CVE-2021-21150 chromium-browser: Use after free in Downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1929524
  [ 3 ] Bug #1929525 - CVE-2021-21151 chromium-browser: Use after free in Payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1929525
  [ 4 ] Bug #1929526 - CVE-2021-21152 chromium-browser: Heap buffer overflow in Media
        https://bugzilla.redhat.com/show_bug.cgi?id=1929526
  [ 5 ] Bug #1929527 - CVE-2021-21153 chromium-browser: Stack overflow in GPU Process
        https://bugzilla.redhat.com/show_bug.cgi?id=1929527
  [ 6 ] Bug #1929528 - CVE-2021-21154 chromium-browser: Heap buffer overflow in Tab Strip
        https://bugzilla.redhat.com/show_bug.cgi?id=1929528
  [ 7 ] Bug #1929529 - CVE-2021-21155 chromium-browser: Heap buffer overflow in Tab Strip
        https://bugzilla.redhat.com/show_bug.cgi?id=1929529
  [ 8 ] Bug #1929530 - CVE-2021-21156 chromium-browser: Heap buffer overflow in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1929530
  [ 9 ] Bug #1929531 - CVE-2021-21157 chromium-browser: Use after free in Web Sockets
        https://bugzilla.redhat.com/show_bug.cgi?id=1929531
--------------------------------------------------------------------------------
================================================================================
 fuse-zip-0.7.2-1.el8 (FEDORA-EPEL-2021-153fb48a91)
 Filesystem to navigate, extract, create and modify ZIP archives
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.2.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 22 2021 Vasiliy Glazov vascom2@gmail.com - 0.7.2-1
- Update to 0.7.2
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 0.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 gnome-shell-extension-topicons-plus-25-2.el8 (FEDORA-EPEL-2021-e5f9e2c95f)
 Move all legacy tray icons to the top panel
--------------------------------------------------------------------------------
Update Information:
Build TopIcons Plus at the latest versions compatible for EPEL7 and EPEL8.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 23 2021 Audrey Toskin audrey@tosk.in - 25-2
- Build version 25 for EPEL8.
--------------------------------------------------------------------------------
================================================================================
 html2ps-1.0-0.39.b7.el8 (FEDORA-EPEL-2021-f13fdd59ed)
 HTML to PostScript converter
--------------------------------------------------------------------------------
Update Information:
This update brings a new html2ps package which provides a converter from HTML to
PostScript.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1930783 - Please build html2ps for EPEL 8
        https://bugzilla.redhat.com/show_bug.cgi?id=1930783
--------------------------------------------------------------------------------
================================================================================
 inxi-3.3.01-1.el8 (FEDORA-EPEL-2021-03f4d771ff)
 A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Updato to 3.3.01.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 22 2021 Vasiliy N. Glazov vascom2@gmail.com - 3.3.01-1
- Update to 3.3.01
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 3.2.01-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Jan 10 2021 Vasiliy N. Glazov vascom2@gmail.com - 3.2.01-1
- Update to 3.2.01
* Thu Dec 17 2020 Vasiliy N. Glazov vascom2@gmail.com - 3.2.00-1
- Update to 3.2.00
--------------------------------------------------------------------------------
================================================================================
 isync-1.4.1-1.el8 (FEDORA-EPEL-2021-71d1af6aca)
 Tool to synchronize IMAP4 and Maildir mailboxes
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 1.4.1 (#1931574)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 22 2021 Fabian Affolter mail@fabian-affolter.ch - 1.4.1-1
- Update to latest upstream release 1.4.1 (#1931574)
- Fix CVE-2021-20247 (#1931597, #1931598)
* Thu Feb  4 2021 Fabian Affolter mail@fabian-affolter.ch - 1.4.0-1
- Update to latest upstream release 1.4.0 (#1924724)
* Wed Feb  3 2021 Fabian Affolter mail@fabian-affolter.ch - 1.3.4-1
- Update to latest upstream release 1.3.4 (#1924724)
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1931574 - isync-1.4.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1931574
  [ 2 ] Bug #1931597 - CVE-2021-20247 isync: isync/mbsync: mailbox names returned by IMAP LIST/LSUB not validated [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1931597
  [ 3 ] Bug #1931598 - CVE-2021-20247 isync: isync/mbsync: mailbox names returned by IMAP LIST/LSUB not validated [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1931598
--------------------------------------------------------------------------------
================================================================================
 mkrdns-3.3-5.20210224gitf6e8414.el8 (FEDORA-EPEL-2021-b8509edf56)
 Automatic reverse DNS zone generator
--------------------------------------------------------------------------------
Update Information:
Updated to latest git commit to include license file
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 24 2021 Christian Schuermann spike@fedoraproject.org 3.3-5.20210224gitf6e8414
- Updated to latest git commit to include license file
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 3.3-4.20190902git6b3f3a4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 3.3-3.20190902git6b3f3a4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 3.3-2.20190902git6b3f3a4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 mono-6.8.0-4.el8 (FEDORA-EPEL-2021-d05d628331)
 Cross-platform, Open Source, .NET development framework
--------------------------------------------------------------------------------
Update Information:
fix for Process.Start
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 22 2021 Timotheus Pokorra timotheus.pokorra@solidcharity.com - 6.8.0-4
- backport patch: fix early return in Process.Start (#1839410)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1839410 - URLs don't open: Cannot find the specified file
        https://bugzilla.redhat.com/show_bug.cgi?id=1839410
--------------------------------------------------------------------------------
================================================================================
 nagios-4.4.6-1.el8 (FEDORA-EPEL-2021-4186de3a1a)
 Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2020-13977 BZ1849087 Update to 4.4.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 20 2021 Guido Aulisi guido.aulisi@gmail.com - 4.4.6-1
- Update to 4.4.6
- Fix for CVE-2020-13977 #BZ1849087
- Some spec cleanup
* Tue Feb 18 2020 Stephen Smoogen smooge@fedoraproject.org - 4.4.5-3
- Add change to allow for problems found in mass rebuild and gcc10.
- Fix BZ#1793909
* Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 4.4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1829114 - nagios-4.4.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1829114
  [ 2 ] Bug #1849087 - CVE-2020-13977 nagios: URL injection (post-authentication) vulnerability [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1849087
--------------------------------------------------------------------------------
================================================================================
 nordugrid-arc-6.10.2-1.el8 (FEDORA-EPEL-2021-6b451206ed)
 Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:
NorduGrid ARC 6.10.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 24 2021 Mattias Ellert mattias.ellert@physics.uu.se - 6.10.2-1
- Update to version 6.10.2
* Mon Feb 15 2021 Mattias Ellert mattias.ellert@physics.uu.se - 6.10.1-1
- Update to version 6.10.1
* Wed Feb 10 2021 Mattias Ellert mattias.ellert@physics.uu.se - 6.10.0-1
- Update to version 6.10.0
- Drop RHEL6 support from spec file (EOL)
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 6.9.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Dec 19 2020 awilliam@redhat.com - 6.9.0-2
- Rebuild for libldns soname bump
--------------------------------------------------------------------------------
================================================================================
 oval-graph-1.2.5-1.el8 (FEDORA-EPEL-2021-cb33dc2def)
 Tool for visualization of SCAP rule evaluation results
--------------------------------------------------------------------------------
Update Information:
1.2.5 (Jan Rodak)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 23 2021 Packit Service user-cont-team+packit-service@redhat.com - 1.2.5-1
- 1.2.5 (Jan Rodak)
- Removes unnecessary parameter verbose (Jan Rodak)
- Creates tests for search rules ids (Jan Rodak)
- Updates referenc result data json (Jan Rodak)
- Reworks clients uint tests (Jan Rodak)
- Fixes problem displaying test information (Jan Rodak)
- Appends missing gif to css (Jan Rodak)
- Fixes errors in the browser console (Jan Rodak)
- Moves client tests to a separate directory (Jan Rodak)
- Fixes imports in tests (Jan Rodak)
- Reworks classes for processing commands (Jan Rodak)
- Reworks the client class and create children according to input and output (Jan Rodak)
- Moves client parts to a separate directory (Jan Rodak)
- Fixes problem with entry points (Jan Rodak)
- Fixes links (Jan Rodak)
- Adds information about test suite (Jan Rodak)
- Fixes tests and removes skip missing lib (Jan Rodak)
- Creates requirements (Jan Rodak)
- Creates flake8 config (Jan Rodak)
- Creates tox config (Jan Rodak)
- Fix loading of ARF results when comment node is missing. (Gabriel Becker)
- Updates gitignore (Jan Rodak)
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 perl-AnyEvent-AIO-1.1-31.el8 (FEDORA-EPEL-2021-478dc60d91)
 Truly asynchronous file and directrory I/O
--------------------------------------------------------------------------------
Update Information:
initial build for epel8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 perl-Email-Valid-1.202-12.el8 (FEDORA-EPEL-2021-b314160e0b)
 Check validity of internet email address
--------------------------------------------------------------------------------
Update Information:
initial build for epel8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1850772 - Add perl-Email-Valid to EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1850772
--------------------------------------------------------------------------------
================================================================================
 perl-Sys-SigAction-0.23-14.el8 (FEDORA-EPEL-2021-a6333d6872)
 Perl extension for Consistent Signal Handling
--------------------------------------------------------------------------------
Update Information:
This update brings a new perl-Sys-SigAction package which provides a Perl
extension for consistent signal handling.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1807857 - please build perl-Sys-SigAction on EPEL8
        https://bugzilla.redhat.com/show_bug.cgi?id=1807857
--------------------------------------------------------------------------------
================================================================================
 python-apprise-0.9.1-2.el8 (FEDORA-EPEL-2021-9f774c9857)
 A simple wrapper to many popular notification services used today
--------------------------------------------------------------------------------
Update Information:
Added missing cryptography dependency
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 23 2021 Chris Caron lead2gold@gmail.com - 0.9.1-2
- Added missing cryptography dependency
* Tue Feb 23 2021 Chris Caron lead2gold@gmail.com - 0.9.1-1
- Updated to v0.9.1
-* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.9.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 python-ogr-0.21.0-1.el8 (FEDORA-EPEL-2021-8a4bf7f456)
 One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
New upstream release: 0.21.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 19 2021 Packit Service user-cont-team+packit-service@redhat.com - 0.21.0-1
- Implemented `get_files` for Pagure projects (by [@mfocko](https://github.com/mfocko)).
- Docs are now being autogenerated, present at https://packit.github.io/ogr (by [@mfocko](https://github.com/mfocko)).
--------------------------------------------------------------------------------
================================================================================
 python-pyrsistent-0.17.3-5.el8 (FEDORA-EPEL-2021-d791014436)
 Persistent/Functional/Immutable data structures
--------------------------------------------------------------------------------
Update Information:
Initial package for EPEL8
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
 rpkg-1.62-3.el8 (FEDORA-EPEL-2021-132ea33e45)
 Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
A small patch that fixes connecting rpkg to koji via SSL (login_koji_session).
The method is used when koji.conf has "authtype = ssl". This mode is not enabled
by default, but for example, rfpkg tool uses this.  The issue happened when
koji-1.24 removed deprecated argument ('ca') from method login_koji_session.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 24 2021 Ond��ej Nosek onosek@redhat.com - 1.62-3
- Patch: ca cert was removed on koji-1.24.0
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.62-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 sshguard-2.4.1-5.el8 (FEDORA-EPEL-2021-2e7114e329)
 Protects hosts from brute-force attacks against SSH and other services
--------------------------------------------------------------------------------
Update Information:
- Fixes building of subpackages on EPEL8 - Fixes documentation - Sshguard now
Requires: a backend to ensure a working setup for people who have disabled weak
dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 23 2021 Christopher Engelhard ce@lcts.de 2.4.1-5
- Fix backend path in example spec file
- Remove SysV init related things
- Require a backend
- Fix wrong check for EPEL8
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 2.4.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Sep 11 2020 Christopher Engelhard ce@lcts.de 2.4.1-3
- Revert patch from previous release as it could cause attacks
  to not be blocked.
* Thu Sep  3 2020 Christopher Engelhard ce@lcts.de 2.4.1-2
- add patch that fixes high load when banning many IPs using firewalld
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1931237 - sshguard package doesn't have config file and example is broken
        https://bugzilla.redhat.com/show_bug.cgi?id=1931237
--------------------------------------------------------------------------------
================================================================================
 wireguard-tools-1.0.20210223-1.el8 (FEDORA-EPEL-2021-417d4051c3)
 Fast, modern, secure VPN tunnel
--------------------------------------------------------------------------------
Update Information:
- wg-quick: android: do not free iterated pointer - wg-quick: openbsd: no use
for userspace support - embeddable-wg-library: sync latest from netlink.h -
wincompat: recent mingw has inet_ntop/inet_pton - wincompat: add resource and
manifest and enable lto - wincompat: do not elevate by default - completion: add
help and syncconf completions - sticky-sockets: do not use SO_REUSEADDR - man:
LOG_LEVEL variables changed name - ipc: do not use fscanf with trailing \n -
ipc: read trailing responses after set operation
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 23 2021 Joe Doss joe@solidadmin.com - 1.0.20210223-1
- wg-quick: android: do not free iterated pointer
- wg-quick: openbsd: no use for userspace support
- embeddable-wg-library: sync latest from netlink.h
- wincompat: recent mingw has inet_ntop/inet_pton
- wincompat: add resource and manifest and enable lto
- wincompat: do not elevate by default
- completion: add help and syncconf completions
- sticky-sockets: do not use SO_REUSEADDR
- man: LOG_LEVEL variables changed name
- ipc: do not use fscanf with trailing \n
- ipc: read trailing responses after set operation
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1.0.20200827-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Oct  2 2020 Joe Doss joe@solidadmin.com - 1.0.20200827-2
- Disable contrib/dns-hatchet/apply.sh on Fedora 33+ and RHEL9+
--------------------------------------------------------------------------------