The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f6a8bbe365 xerces-c-3.2.5-1.el8 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f6ff23a804 chromium-120.0.6099.129-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
baresip-3.8.0-1.el8 distribution-gpg-keys-1.99-1.el8 libopenmpt-0.7.3-1.el8 libre-3.8.0-1.el8 proftpd-1.3.6e-6.el8 syncthing-1.27.1-1.el8
Details about builds:
================================================================================ baresip-3.8.0-1.el8 (FEDORA-EPEL-2023-31529073f0) Modular SIP user-agent with audio and video support -------------------------------------------------------------------------------- Update Information:
# Baresip v3.8.0 (2023-12-27) - uag: fallback for registrar-less NAT setups - menu: fix outgoing early media limit - menu: add follow up invite timer - rx thread: refactoring part 2 - separate audio receiver - pulse: log underruns/overruns after stream terminated - call: add `call_transp` getter - Decode url in custom header - video: fix thread sanitizer warning - call/rtprecv: fix doxygen comments - uag: use catchall flag for fallback UA selection - audio,aur: `audio_set_player()` only stops auplay - cmake: Fix rpath on MacOS - cmake/plc: use system include to hide third party warnings - cmake: add link paths to rpath - cmake: bump minimum to 3.14 - readme: update supported OpenSSL/LibreSSL versions - cmake: add `RE_LIBS` config and add atomic check - readme: update supported compiler versions - ci: use `actions/checkout@v4` # libre v3.8.0 (2023-12-27) - Update `README.md` - rem/aufile: `aufile_get_length` use `aufmt_sample_size` - rem/aufile: test and fix `aufile_set_position` `nread` - ci/ssl: bump assets release - readme: update supported openssl versions - ci: upgrade android to openssl 3.2.0 - sipsess/connect: don't create a dialog for 100 responses - aubuf: fix build with `re_trace_event` - trace: fix coverity warnings - aumix: fix coverity defect in destructor - main: fix doxygen comment - connect: do not enforce `Contact` header in 1XX responses with `To` tag - test/sipsess: test re-`INVITE` with wait for `ACK` - dialog: fix `rtags` of forking `INVITE` - cmake: add `RE_LIBS` config and add atomic check - ci: use `actions/checkout@v4` -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 28 2023 Robert Scheck robert@fedoraproject.org 3.8.0-1 - Upgrade to 3.8.0 (#2256050) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2256017 - libre-3.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2256017 [ 2 ] Bug #2256050 - baresip-3.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2256050 --------------------------------------------------------------------------------
================================================================================ distribution-gpg-keys-1.99-1.el8 (FEDORA-EPEL-2023-6225827392) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information:
Automatic update for distribution-gpg-keys-1.99-1.el8. ##### **Changelog for distribution-gpg-keys** ``` * Thu Dec 28 2023 Miroslav Such�� msuchy@redhat.com 1.99-1 - update copr keys - Add Qubes OS 4.2 release key - Split AlmaLinux OS 8 GPG public keys to fix microdnf - Update AlmaLinux OS 8 public key ``` -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 28 2023 Miroslav Such�� msuchy@redhat.com 1.99-1 - update copr keys - Add Qubes OS 4.2 release key - Split AlmaLinux OS 8 GPG public keys to fix microdnf - Update AlmaLinux OS 8 public key --------------------------------------------------------------------------------
================================================================================ libopenmpt-0.7.3-1.el8 (FEDORA-EPEL-2023-8fc406cda2) C/C++ library to decode tracker music module (MOD) files -------------------------------------------------------------------------------- Update Information:
The OpenMPT/libopenmpt project released the new stable libopenmpt series 0.7.x -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #2192229 - libopenmpt-0.7.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2192229 --------------------------------------------------------------------------------
================================================================================ libre-3.8.0-1.el8 (FEDORA-EPEL-2023-31529073f0) Generic library for real-time communications -------------------------------------------------------------------------------- Update Information:
# Baresip v3.8.0 (2023-12-27) - uag: fallback for registrar-less NAT setups - menu: fix outgoing early media limit - menu: add follow up invite timer - rx thread: refactoring part 2 - separate audio receiver - pulse: log underruns/overruns after stream terminated - call: add `call_transp` getter - Decode url in custom header - video: fix thread sanitizer warning - call/rtprecv: fix doxygen comments - uag: use catchall flag for fallback UA selection - audio,aur: `audio_set_player()` only stops auplay - cmake: Fix rpath on MacOS - cmake/plc: use system include to hide third party warnings - cmake: add link paths to rpath - cmake: bump minimum to 3.14 - readme: update supported OpenSSL/LibreSSL versions - cmake: add `RE_LIBS` config and add atomic check - readme: update supported compiler versions - ci: use `actions/checkout@v4` # libre v3.8.0 (2023-12-27) - Update `README.md` - rem/aufile: `aufile_get_length` use `aufmt_sample_size` - rem/aufile: test and fix `aufile_set_position` `nread` - ci/ssl: bump assets release - readme: update supported openssl versions - ci: upgrade android to openssl 3.2.0 - sipsess/connect: don't create a dialog for 100 responses - aubuf: fix build with `re_trace_event` - trace: fix coverity warnings - aumix: fix coverity defect in destructor - main: fix doxygen comment - connect: do not enforce `Contact` header in 1XX responses with `To` tag - test/sipsess: test re-`INVITE` with wait for `ACK` - dialog: fix `rtags` of forking `INVITE` - cmake: add `RE_LIBS` config and add atomic check - ci: use `actions/checkout@v4` -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 28 2023 Robert Scheck robert@fedoraproject.org 3.8.0-1 - Upgrade to 3.8.0 (#2256017) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2256017 - libre-3.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2256017 [ 2 ] Bug #2256050 - baresip-3.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2256050 --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.6e-6.el8 (FEDORA-EPEL-2023-3cf7145249) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
Updated build with backported patch to address buffer overflow in FTP command processing (CVE-2023-51713). -------------------------------------------------------------------------------- ChangeLog:
* Wed Dec 27 2023 Paul Howarth paul@city-fan.org - 1.3.6e-6 - Fix one-byte out-of-bounds read, and daemon crash, because of mishandling of quote/backslash semantics (#2255609, GH#1683, CVE-2023-51713) - Use SPDX-format license tag -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2255609 - CVE-2023-51713 proftpd: out-of-bounds buffer read when handling FTP commands https://bugzilla.redhat.com/show_bug.cgi?id=2255609 --------------------------------------------------------------------------------
================================================================================ syncthing-1.27.1-1.el8 (FEDORA-EPEL-2023-28da881deb) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information:
Update to version 1.27.1. - Release notes for version 1.27.0: https://github.com/syncthing/syncthing/releases/tag/v1.27.0 - Release notes for version 1.27.1: https://github.com/syncthing/syncthing/releases/tag/v1.27.1 -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 28 2023 Fabio Valentini decathorpe@gmail.com - 1.27.1-1 - Update to version 1.27.1; Fixes RHBZ#2252714 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org