Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

18 Feb 2022


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-93154093e5   radare2-5.6.0-2.el7
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-5af404a521   varnish-4.0.5-2.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-a22d89c069   snapd-2.54.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
llvm13-13.0.1-1.el7
    netdata-1.33.1-1.el7
    rust-1.58.1-1.el7
    scitokens-cpp-0.7.0-1.el7
Details about builds:
================================================================================
 llvm13-13.0.1-1.el7 (FEDORA-EPEL-2022-dc3bd1f656)
 The Low Level Virtual Machine
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-21658, a TOCTOU race condition in
`std::fs::remove_dir_all`. Privileged programs should be rebuilt if they use
this function on paths that may be manipulated with lesser privileges. For more
details, see the upstream [security advisory](https://blog.rust-
lang.org/2022/01/20/cve-2022-21658.html).  Additional features from 1.58.0:  *
Captured identifiers in format strings * More `#[must_use]` in the standard
library * Stabilized APIs  See the [blog post](https://blog.rust-
lang.org/2022/01/13/Rust-1.58.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1580-2022-01-13) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Josh Stone jistone@redhat.com - 13.0.1-1
- 13.0.1 Release, ported to epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed
        https://bugzilla.redhat.com/show_bug.cgi?id=2041504
--------------------------------------------------------------------------------
================================================================================
 netdata-1.33.1-1.el7 (FEDORA-EPEL-2022-e9efba952e)
 Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 17 2022 Didier Fabert didier.fabert@gmail.com 1.33.1-1
- Update from upstream
- Enable el9 build
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.32.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2046493 - netdata-1.33.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2046493
--------------------------------------------------------------------------------
================================================================================
 rust-1.58.1-1.el7 (FEDORA-EPEL-2022-dc3bd1f656)
 The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-21658, a TOCTOU race condition in
`std::fs::remove_dir_all`. Privileged programs should be rebuilt if they use
this function on paths that may be manipulated with lesser privileges. For more
details, see the upstream [security advisory](https://blog.rust-
lang.org/2022/01/20/cve-2022-21658.html).  Additional features from 1.58.0:  *
Captured identifiers in format strings * More `#[must_use]` in the standard
library * Stabilized APIs  See the [blog post](https://blog.rust-
lang.org/2022/01/13/Rust-1.58.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1580-2022-01-13) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 20 2022 Josh Stone jistone@redhat.com - 1.58.1-1
- Update to 1.58.1.
* Thu Jan 13 2022 Josh Stone jistone@redhat.com - 1.58.0-1
- Update to 1.58.0.
* Wed Jan  5 2022 Josh Stone jistone@redhat.com - 1.57.0-2
- Add rust-std-static-i686-pc-windows-gnu
- Add rust-std-static-x86_64-pc-windows-gnu
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2041504 - CVE-2022-21658 rust: Race condition in remove_dir_all leading to removal of files outside of the directory being removed
        https://bugzilla.redhat.com/show_bug.cgi?id=2041504
--------------------------------------------------------------------------------
================================================================================
 scitokens-cpp-0.7.0-1.el7 (FEDORA-EPEL-2022-7bbf95c6f2)
 C++ Implementation of the SciTokens Library
--------------------------------------------------------------------------------
Update Information:
- Changes from static analysis - If only one key is available, do not error on
no kid - Support at+jwt profile
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 18 2022 Derek Weitzel dweitzel@unl.edu - 0.7.0-1
- Changes from static analysis
- If only one key is available, do not error on no kid
- Support at+jwt profile
--------------------------------------------------------------------------------