Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

17 Feb 2022


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-f762e66b0d   nodejs-16.14.0-2.el7
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-93154093e5   radare2-5.6.0-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cppcheck-2.7-1.el7
    ddrescue-1.26-1.el7
    fastd-22-6.el7
    libopenmpt-0.6.1-1.el7
    varnish-4.0.5-2.el7
Details about builds:
================================================================================
 cppcheck-2.7-1.el7 (FEDORA-EPEL-2022-e6bec9835c)
 Tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:
Update to 2.7.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb  8 2022 Wolfgang St��ggl c72578@yahoo.de - 2.7-1
- Update to 2.7.
--------------------------------------------------------------------------------
================================================================================
 ddrescue-1.26-1.el7 (FEDORA-EPEL-2022-86a8fc0d13)
 Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:
update to bugfix release 1.26
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 14 2022 Michal Ambroz <rebus AT_ seznam.cz> - 1.26-1
- Update to 1.26
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.25-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering releng@fedoraproject.org - 1.25-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.25-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 1.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2043674 - ddrescue-1.26 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2043674
--------------------------------------------------------------------------------
================================================================================
 fastd-22-6.el7 (FEDORA-EPEL-2022-a18c8501ba)
 Fast and secure tunneling daemon
--------------------------------------------------------------------------------
Update Information:
Update to 22 and first build for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 12 2022 Felix Kaechele felix@kaechele.ca - 22-6
- add conditionals for EL7 around Recommends and Suggests tags
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 22-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad sahana@redhat.com - 22-4
- Rebuilt with OpenSSL 3.0.0
* Wed Jul 21 2021 Fedora Release Engineering releng@fedoraproject.org - 22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jul 10 2021 Bj��rn Esser besser82@fedoraproject.org - 22-2
- Rebuild for versioned symbols in json-c
* Sun Jun 27 2021 Felix Kaechele felix@kaechele.ca - 22-1
- update to 22
- add L2TP kmod recommends to enable L2TP offloading feature
- add git helper macros for easier prerelease testing
* Tue Mar  2 2021 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 21-4
- Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 21-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 libopenmpt-0.6.1-1.el7 (FEDORA-EPEL-2022-8e849710c3)
 C/C++ library to decode tracker music module (MOD) files
--------------------------------------------------------------------------------
Update Information:
# libopenmpt 0.6.1 (2022-01-30)    * [Bug] Linking libmpg123 no longer fails on
OpenBSD.   * [Bug] Possible hang with malformed DMF, DSM, MED, MUS, OKT and
SymMOD files containing 65536 or more patterns when destroying the module.   *
[Bug] Avoid NaNs and infinite values with custom tunings and in the I3DL2Reverb
plugin.   * MIDI macros are now evaluated when seeking.   * The letter ���z��� is
now evaluated in fixed MIDI macros (Z80���ZFF) the same way as in Impulse Tracker.
* MOD: Loosened VBlank timing heuristics so that ���frame of mind��� by Dascon plays
correctly.   * MOD: Validate the contents of ���hidden��� patterns beyond the end of
the order list when the file size matches the expected size when only taken
���official��� patterns into account. This fixes Shofixti Ditty.mod from Star
Control 2 while keeping other (partly broken) modules working.   * MED: Command
20 (reverse sample) is now only applied when it���s next to a note.   * S3M:
Introducing the ���Send OPL key-off when triggering notes��� compatibility setting
broke retrigger for OPL notes again (they retriggered rather than not
retriggering).   * S3M: Retriggering a note no longer resets its pitch after a
portamento.   * S3M: Partially implement retrigger behaviour for stopped notes
in SoundBlaster mode: Like in IT, it is not possible to retrigger a sample that
has already stopped playing.   * DIGI: Improve compatibility with E3x reverse
sample command.   * DSym: Tempos < 32 were treated as tempo slides.   * SymMOD:
Key-off command was not implemented properly.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Michael Schwendt mschwendt@fedoraproject.org - 0.6.1-1
- update to 0.6.1
* Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2048302 - libopenmpt-0.6.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2048302
--------------------------------------------------------------------------------
================================================================================
 varnish-4.0.5-2.el7 (FEDORA-EPEL-2022-5af404a521)
 High-performance HTTP accelerator
--------------------------------------------------------------------------------
Update Information:
A security update. Includes mitigation instructions for VSV00008 aka
CVE-2022-23959  **PLEASE NOTE**: varnish-4.0.5 is marked **END OF LIFE** from
the Varnish Cache upstream project. Please consider upgrading to varnish-6.0
LTS. See https://varnish-cache.org/ for updated packages compatible with VCL 4.0
on el7.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Ingvar Hagelund ingvar@redpill-linpro.com 4.0.5-2
- Added mitigation instructions for VSV00008 aka CVE-2022-23959
  SECURITY, PLEASE NOTE: varnish-4.0.5 is marked END OF LIFE from the
  Varnish Cache upstream project. Please consider upgrading to varnish-6.0 LTS
  See /usr/share/doc/varnish-4.0.5/vsv8_epel7_varnish405.vcl for details.
- Dropped el6 support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2045034 - CVE-2022-23959 varnish: HTTP/1 request smuggling vulnerability [epel-7]
        https://bugzilla.redhat.com/show_bug.cgi?id=2045034
--------------------------------------------------------------------------------