The following Fedora EPEL 7 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-33f7b7a10c unrealircd-6.1.4-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-2ff4055b33 php-Smarty-3.1.48-2.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

fedora-license-data-1.37-1.el7 lasso-epel-2.5.1-8.el7 lemonldap-ng-2.18.1-1.el7 rpki-client-8.7-1.el7

Details about builds:

================================================================================ fedora-license-data-1.37-1.el7 (FEDORA-EPEL-2023-e3d488eb05) Fedora Linux license data -------------------------------------------------------------------------------- Update Information:

Automatic update for fedora-license-data-1.37-1.el7. ##### **Changelog for fedora-license-data** ``` * Fri Dec 22 2023 Miroslav Such�� msuchy@redhat.com 1.37-1 - add license HPND-Kevlin-Henney - add license FSFAP-no-warranty- disclaimer - add not allowed license LicenseRef-Nikto - add LicenseRef-Fedora- Firmware * Thu Dec 07 2023 Miroslav Such�� msuchy@redhat.com 1.36-1 - new license: TCP-wrappers - new license: LicenseRef-Not-Copyrightable - new license: SAX-PD-2.0 - new license: radvd ``` -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 22 2023 Miroslav Such�� msuchy@redhat.com 1.37-1 - add license HPND-Kevlin-Henney - add license FSFAP-no-warranty-disclaimer - add not allowed license LicenseRef-Nikto - add LicenseRef-Fedora-Firmware * Thu Dec 7 2023 Miroslav Such�� msuchy@redhat.com 1.36-1 - new license: TCP-wrappers - new license: LicenseRef-Not-Copyrightable - new license: SAX-PD-2.0 - new license: radvd --------------------------------------------------------------------------------

================================================================================ lasso-epel-2.5.1-8.el7 (FEDORA-EPEL-2023-2b32c6f920) Liberty Alliance Single Sign On -------------------------------------------------------------------------------- Update Information:

Initial lasso-epel package to ship missing perl-lasso subpackage. -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 22 2023 Xavier Bachelot xavier@bachelot.org - 2.5.1-8 - Convert to lasso-epel package to ship missing perl-lasso subpackage rhbz#2251952 * Wed Jun 2 2021 Jakub Hrozek jhrozek@redhat.com - 2.5.1-8 - Fix Coverity warning introduced by the previous patch - Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses * Wed Jun 2 2021 Jakub Hrozek jhrozek@redhat.com - 2.5.1-7 - Fix Coverity warning introduced by the previous patch - Related: #1963855 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses * Wed Jun 2 2021 Jakub Hrozek jhrozek@redhat.com - 2.5.1-6 - Resolves: #1963855 - CVE-2021-28091 lasso: XML signature wrapping vulnerability when parsing SAML responses * Tue Aug 6 2019 Jakub Hrozek jhrozek@redhat.com - 2.5.1-5 - Resolves: #1719014 - Expired certificate prevents tests from running - Actually apply the patch file for the previous build - Related: #1730009 - lasso includes "Destination" attribute in SAML AuthnRequest populated with SP AssertionConsumerServiceURL when ECP workflow is used which leads to IdP-side errors * Tue Jul 23 2019 Jakub Hrozek jhrozek@redhat.com - 2.5.1-4 - Resolves: #1730009 - lasso includes "Destination" attribute in SAML AuthnRequest populated with SP AssertionConsumerServiceURL when ECP workflow is used which leads to IdP-side errors * Sun Feb 10 2019 Jakub Hrozek jhrozek@redhat.com - 2.5.1-3 - Resolves: #1634267 - ECP signature check fails with LASSO_DS_ERROR_SIGNATURE_NOT_FOUND when assertion signed instead of response * Fri Jun 17 2016 John Dennis jdennis@redhat.com - 2.5.1-2 - Rebase to upstream 2.5.1 Resolves: #1310860 - add validate_idp_list_test patch * Thu Jun 9 2016 John Dennis jdennis@redhat.com - 2.5.1-1 - Rebase to upstream 2.5.1 Resolves: #1310860 * Thu Sep 3 2015 John Dennis jdennis@redhat.com - 2.5.0-1 - Rebase to upstream, now includes our ECP patches, no need to patch any more Resolves: #1205342 * Tue Sep 1 2015 John Dennis jdennis@redhat.com - 2.4.1-8 - Add explicit minimum dependency on glib2 2.42, for some reason RPM is not automatically detecting the dependency Resolves: #1254989 * Wed Aug 19 2015 John Dennis jdennis@redhat.com - 2.4.1-7 - Add ECP support, brings Lasso up to current upstream tip + revised ECP patches Resolves: #1205342 * Mon Jun 22 2015 John Dennis jdennis@redhat.com - 2.4.1-6 - Add ECP support, brings Lasso up to current upstream tip + ECP patches Resolves: #1205342 * Fri Dec 5 2014 Simo Sorce simo@redhat.com - 2.4.1-5 - Add support for ADFS interoperability - Resolves: #1160803 * Thu Sep 11 2014 Simo Sorce simo@redhat.com - 2.4.1-4 - Add missing covscan related patches previously sent upstream - Related: #1120360 * Thu Sep 11 2014 Simo Sorce simo@redhat.com - 2.4.1-3 - ppc4le fails to build without autoreconf being run first - Resolves: #1140419 * Fri Sep 5 2014 Simo Sorce simo@redhat.com - 2.4.1-2 - Import packge in RHEL7 - Resolves: #1120360 * Thu Aug 28 2014 Simo Sorce simo@redhat.com - 2.4.1-1 - New upstream relase 2.4.1 - Drop patches as they have all been integrated upstream * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 20 2014 Remi Collet rcollet@redhat.com - 2.4.0-4 - rebuild for https://fedoraproject.org/wiki/Changes/Php56 - add numerical prefix to extension configuration file - drop unneeded dependency on pecl - add provides php-lasso * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Apr 25 2014 Simo Sorce simo@redhat.com - 2.4.0-2 - Fixes for arches where pointers and integers do not have the same size (ppc64, s390, etc..) * Mon Apr 14 2014 Stanislav Ochotnicky sochotnicky@redhat.com - 2.4.0-1 - Use OpenJDK instead of GCJ for java bindings * Sat Jan 11 2014 Simo Sorce simo@redhat.com 2.4.0-0 - Update to final 2.4.0 version - Drop all patches, they are now included in 2.4.0 - Change Source URI * Mon Dec 9 2013 Simo Sorce simo@redhat.com 2.3.6-0.20131125.5 - Add patches to fix rpmlint license issues - Add upstream patches to fix some build issues * Thu Dec 5 2013 Simo Sorce simo@redhat.com 2.3.6-0.20131125.4 - Add patch to support automake-1.14 for rawhide * Mon Nov 25 2013 Simo Sorce simo@redhat.com 2.3.6-0.20131125.3 - Initial packaging - Based on the spec file by Jean-Marc Liger jmliger@siris.sorbonne.fr - Code is updated to latest master via a jumbo patch while waiting for official upstream release. - Jumbo patch includes also additional patches sent to upstream list) to build on Fedora 20 - Perl bindings are disabled as they fail to build - Disable doc building as it doesn't ork correctly for now --------------------------------------------------------------------------------

================================================================================ lemonldap-ng-2.18.1-1.el7 (FEDORA-EPEL-2023-76190ad247) Web Single Sign On (SSO) and Access Management -------------------------------------------------------------------------------- Update Information:

Upstream changelog: - https://gitlab.ow2.org/lemonldap-ng/lemonldap- ng/-/releases/v2.18.1 - https://gitlab.ow2.org/lemonldap-ng/lemonldap- ng/-/releases/v2.18.0 -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 22 2023 Clement Oudot clem.oudot@gmail.com - 2.18.1-1 - Update to 2.18.1 * Wed Dec 20 2023 Clement Oudot clem.oudot@gmail.com - 2.18.0-1 - Update to 2.18.0 --------------------------------------------------------------------------------

================================================================================ rpki-client-8.7-1.el7 (FEDORA-EPEL-2023-cb169f2f99) OpenBSD RPKI validator to support BGP Origin Validation -------------------------------------------------------------------------------- Update Information:

# rpki-client 8.7 - Add ability to constrain an RPKI Trust Anchor's effective signing authority to a limited set of Internet numbers. This allows Relying Parties to enjoy the potential benefits of assuming trust, but within a bounded scope. This distribution includes curated constraints files. More information: https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust... anchors - Following a 'failed fetch' (described in RFC 9286), emit a warning and continue with a previously cached Manifest file, if present and still valid. - Emit a warning when the same `manifestNumber` is re-used across multiple issuances. - Emit a warning when the remote repository presents a Manifest with an unexpected `manifestNumber`. Purported new manifests are expected to have a higher `manifestNumber` than previously validated manifests. Otherwise fall back to the previously cached manifest, if it is still valid. This warning can be indicative of manifest replays or of out-of-order publishing. - Require RPKI object files to be of a minimum of 100 bytes in both the RRDP and RSYNC transports. - No longer synchronize directory modtimes in the local cache to align with remote RSYNC repository sources. - Improved CRL extension checking. - Experimental support for the P-256 signature algorithm. - Various refactoring work. -------------------------------------------------------------------------------- ChangeLog:

* Fri Dec 22 2023 Robert Scheck robert@fedoraproject.org 8.7-1 - Upgrade to 8.7 (#2255458) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2255458 - rpki-client-8.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2255458 --------------------------------------------------------------------------------