Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

4 Jun 2020


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 660  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
 402  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   python-gnupg-0.4.4-1.el7
 400  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   bubblewrap-0.3.3-2.el7
 109  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6   python-waitress-1.4.3-1.el7
  49  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-19d171a465   python34-3.4.10-5.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-ed6bc3c8d4   golang-1.13.11-1.el7
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-05b9f2eac5   sympa-6.2.56-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-6f2a4db251   mbedtls-2.7.15-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c47d3538f7   cacti-1.2.12-1.el7 cacti-spine-1.2.12-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-101619ac61   jq-1.6-2.el7 oniguruma-6.8.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fmf-0.12-1.el7
    pdns-recursor-4.1.16-1.el7
    perl-Test-TempDir-0.10-15.el7
    perl-Test2-0.000044-3.el7
    php-composer-xdebug-handler-1.4.2-1.el7
    php-zstd-0.9.0-1.el7
    resalloc-3.2-1.el7
Details about builds:
================================================================================
 fmf-0.12-1.el7 (FEDORA-EPEL-2020-3880ddcb72)
 Flexible Metadata Format
--------------------------------------------------------------------------------
Update Information:
Fix cache issue in utils.fetch
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun  4 2020 Petr ��pl��chal psplicha@redhat.com - 0.12-1
- Do git pull in utils.fetch
- Make fetch._run official as utils.run
--------------------------------------------------------------------------------
================================================================================
 pdns-recursor-4.1.16-1.el7 (FEDORA-EPEL-2020-03f2097af0)
 Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  3 2020 Ruben Kerkhof ruben@rubenkerkhof.com - 4.1.16-1
- Upstream released new version
  Fixes CVE-2020-10995, CVE-2020-12244 and CVE-2020-10030
  See https://doc.powerdns.com/recursor/changelog/4.1.html#change-4.1.16 for more details
  Switch to Boost 1.69 to fix build on ppc64le
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1837296 - pdns-recursor-4.3.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1837296
  [ 2 ] Bug #1838002 - bump powerdns to at lat 4.1.16 to fix CVEs
        https://bugzilla.redhat.com/show_bug.cgi?id=1838002
  [ 3 ] Bug #1839800 - CVE-2020-10995 CVE-2020-12244 CVE-2020-10030 pdns-recursor: multiple vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1839800
  [ 4 ] Bug #1840184 - CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840184
  [ 5 ] Bug #1840185 - CVE-2020-10030 pdns-recursor: stack-based out-of-bounds read via a larger hostname [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840185
  [ 6 ] Bug #1840192 - CVE-2020-12244 pdns-recursor: incorrect handling of records in the answer section of a NXDOMAIN response lacking an SOA allows an attacker to bypass DNSSEC validation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840192
  [ 7 ] Bug #1840193 - CVE-2020-12244 pdns-recursor: incorrect handling of records in the answer section of a NXDOMAIN response lacking an SOA allows an attacker to bypass DNSSEC validation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840193
  [ 8 ] Bug #1840281 - CVE-2020-10995 pdns-recursor: issue in DNS protocol allows malicious parties to use recursive DNS services to attack third party authoritative name servers [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840281
  [ 9 ] Bug #1840282 - CVE-2020-10995 pdns-recursor: issue in DNS protocol allows malicious parties to use recursive DNS services to attack third party authoritative name servers [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1840282
--------------------------------------------------------------------------------
================================================================================
 perl-Test-TempDir-0.10-15.el7 (FEDORA-EPEL-2020-eecf7a6753)
 Temporary files support for testing
--------------------------------------------------------------------------------
Update Information:
This package contains the Perl module Test::TempDir, which provides temporary
directory creation with testing in mind.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1843173 - perl-Test-TempDir is wanted in EPEL7
        https://bugzilla.redhat.com/show_bug.cgi?id=1843173
--------------------------------------------------------------------------------
================================================================================
 perl-Test2-0.000044-3.el7 (FEDORA-EPEL-2020-1e6db211d2)
 Framework for writing test tools that all work together
--------------------------------------------------------------------------------
Update Information:
This update brings you a new perl-Test2 package that provides a framework for
writing the test tools.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1843426 - Review Request: perl-Test2 - Framework for writing test tools that all work together
        https://bugzilla.redhat.com/show_bug.cgi?id=1843426
--------------------------------------------------------------------------------
================================================================================
 php-composer-xdebug-handler-1.4.2-1.el7 (FEDORA-EPEL-2020-5c7475b2fa)
 Restarts a process without Xdebug
--------------------------------------------------------------------------------
Update Information:
**Version 1.4.2** - 2020-06-04  * Fixed: ignore SIGINTs to let the restarted
process handle them.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun  4 2020 Remi Collet remi@remirepo.net - 1.4.2-1
- update to 1.4.2
--------------------------------------------------------------------------------
================================================================================
 php-zstd-0.9.0-1.el7 (FEDORA-EPEL-2020-183db0fbc4)
 Zstandard extension
--------------------------------------------------------------------------------
Update Information:
Upstream **version 0.9.0** promoted to stable.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun  4 2020 Remi Collet remi@remirepo.net - 0.9.0-1
- update to 0.9.0 (stable)
--------------------------------------------------------------------------------
================================================================================
 resalloc-3.2-1.el7 (FEDORA-EPEL-2020-2ef3712f01)
 Resource allocator for expensive resources - client tooling
--------------------------------------------------------------------------------
Update Information:
- new configuration option cmd_release - command to be run before resource as
reusable again - after server restart, schedule all inconsistent resources to be
(mitigates issue#41) - systemd service is restarted upon failure (just in case)
----  new version v3.1, improved resource checker  ----  new 3.0 version - new
possibility to re-use resources, and client requests can survive server restart
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun  2 2020 Pavel Raiskup praiskup@redhat.com - 3.2-1
- new configuration option cmd_release - command to be run before we mark the
  resource as reusable again
- after server restart, schedule all inconsistent resources to be terminated
  (mitigates issue#41)
- systemd service is restarted upon failure (just in case)
* Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 3.1-2
- Rebuilt for Python 3.9
* Tue May 26 2020 Pavel Raiskup praiskup@redhat.com - 3.1-1
- new version v3.1, improved resource checker
* Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 3.0-2
- Rebuilt for Python 3.9
* Sun May 17 2020 Pavel Raiskup praiskup@redhat.com - 3.0-1
- new 3.0 version - new possibility to re-use resources, and client requests can
  survive server restarts
* Thu Jan 30 2020 Fedora Release Engineering releng@fedoraproject.org - 2.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct  3 2019 Miro Hron��ok mhroncok@redhat.com - 2.6-3
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hron��ok mhroncok@redhat.com - 2.6-2
- Rebuilt for Python 3.8
* Fri Aug  2 2019 Pavel Raiskup praiskup@redhat.com - 2.6-1
- don't assign resources to closed tickets
* Fri Jul 26 2019 Fedora Release Engineering releng@fedoraproject.org - 2.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 13 2019 Pavel Raiskup praiskup@redhat.com - 2.5-1
- thread safety - don't change os.environ
* Tue Jun 11 2019 Pavel Raiskup praiskup@redhat.com - 2.4-1
- fix improperly handled thread communication
--------------------------------------------------------------------------------