The following Fedora EPEL 6 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-1be509a6b3
viewvc-1.1.28-1.el6
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-db3d7a1399
exim-4.92.3-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
epel-rpm-macros-6-22
json-c12-0.12.1-4.el6
librsync-2.3.0-1.el6
python-regex-2020.5.14-1.el6
Details about builds:
================================================================================
epel-rpm-macros-6-22 (FEDORA-EPEL-2020-ce63786ca8)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Update with added gpgverify macros. Fixes bug #1830646
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 16 2020 Kevin Fenzi <kevin(a)scrye.com> - 6-22
- Update with added gpgverify macros. Fixes bug #1830646
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1830646 - Add gpgverify for EL6
https://bugzilla.redhat.com/show_bug.cgi?id=1830646
--------------------------------------------------------------------------------
================================================================================
json-c12-0.12.1-4.el6 (FEDORA-EPEL-2020-d5bbc97415)
JSON implementation in C (0.12 compatibility package)
--------------------------------------------------------------------------------
Update Information:
- Fix CVE-2020-12762. - Drop the unneeded `%pretrans` scriptlet.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 16 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.12.1-4
- Drop the unneeded %pretrans scriptlet
* Fri May 15 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.12.1-3
- Fix CVE-2020-12762
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1835253 - CVE-2020-12762 json-c: integer overflow and out-of-bounds write via
a large JSON file
https://bugzilla.redhat.com/show_bug.cgi?id=1835253
--------------------------------------------------------------------------------
================================================================================
librsync-2.3.0-1.el6 (FEDORA-EPEL-2020-1ecde69722)
Rsync remote-delta algorithm library
--------------------------------------------------------------------------------
Update Information:
librsync 2.3.0 ============== * Bump minor version from 2.2.1 to 2.3.0 to
reflect additional `rs_sig_args()` and `strong_len=-1` support. * Add public
`rs_sig_args()` function for getting the recommend signature args from the file
size. Added support to rdiff for `--sum-size=-1` to indicate "use minimum size
safe against random block collisions". Added warning output for sum-sizes that
are too small to be safe. Fixed possible rdiff bug affecting popt parsing on
non-little-endian platforms. * Fixed yet more compiler warnings for various
platforms/compilers. * Improved cmake popt handling to find popt dependencies
using PkgConfig. * Tidied internal code and improved tests for `netint.[ch]`,
`tube.c`, and `hashtable.h`. * Improved C99 compatibility. Add `-std=c99
-pedantic` to `CMAKE_C_FLAGS` for gcc and clang. Fix all C99 warnings by making
all code C99 compliant. Tidy all CMake checks, #cmakedefines, and #includes. Fix
64bit support for mdfour checksums. * Usage clarified in rdiff (1) man page.
librsync 2.2.1 ============== * Fix #176 hangs calculating deltas for files
larger than 4GB. librsync 2.2.0 ============== * Bump minor version from
2.1.0 to 2.2.0 to reflect additional RabinKarp rollsum support. * Fix MSVC
builds by adding missing `LIBRSYNC_EXPORT` to variables in `librsync.h`, add
`-DLIBRSYNC_STATIC_DEFINE` to the sumset_test target, and correctly install
`.dll` files in the bin directory. * Add RabinKarp rollsum support and make it
the default. RabinKarp is a much better rolling hash, which reduces the risk of
hash collision corruption and speeds up delta calculations. The rdiff cmd gets a
new `-R (rollsum|rabinkarp)` argument with the default being `rabinkarp`, Use
`-R rollsum` to generate backwards-compatible signatures. * Use single-byte
literal commands for small inserts in deltas. This makes each small insert use 1
less byte in deltas. * Fix multiple warnings (cross-)compiling for windows.
* Change `rs_file_size()` to report -1 instead of 0 for unknown file sizes (not
a regular file). * Add cmake `BUILD_SHARED_LIBS` option for static library
support. `BUILD_SHARED_LIBS` defaults to `ON`, and can be set to `OFF` using
`ccmake .` to build librsync as a static library. * Fix compile errors and add
`.gitignore` entries for MSVS 2019. Fixes `hashtable.h` to be C99 compliant.
librsync 2.1.0 ============== * Bump minor version from 2.0.3 to 2.1.0 to
reflect additions to `librsync.h`. * Fix exporting of private symbols from
librsync library. Add export of useful large file functions `rs_file_open()`,
`rs_file_close()`, and `rs_file_size()` to `librsync.h`. Add export of
`rs_signature_log_stats()` to log signature hashtable hit/miss stats. Improve
rdiff error output. * Updated release process to include stable tarballs. *
Remove redundant and broken `--paranoia` argument from rdiff. * Fix memory
leak of `rs_signature_t->block_sigs` when freeing signatures. * Document delta
file format. * Fix up doxygen comments.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 16 2020 Robert Scheck <robert(a)fedoraproject.org> 2.3.0-1
- Upgrade to 2.3.0
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-regex-2020.5.14-1.el6 (FEDORA-EPEL-2020-3b6f367376)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update to 2020.5.14.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 15 2020 Thomas Moschny <thomas.moschny(a)gmx.de> - 2020.5.14-1
- Update to 2020.5.14.
--------------------------------------------------------------------------------