The following Fedora EPEL 7 Security updates need testing: Age URL 556 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 297 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80 python-gnupg-0.4.4-1.el7 295 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-bf56589e5c mbedtls-2.7.13-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-bee5eeedf0 cacti-1.2.9-1.el7 cacti-spine-1.2.9-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-88a247cda8 python3-virtualenv-15.1.0-5.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fb7ac4aee2 hiredis-0.12.1-2.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6 python-waitress-1.4.3-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-99abadf4df python-psutil-5.6.7-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-b1046cc65d python-colander-1.7.0-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5f252e8e10 kea-1.6.0-4.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
git-lfs-2.10.0-1.el7 mock-2.0-2.el7 mock-core-configs-32.3-2.el7 monitorix-3.12.0-1.el7 nordugrid-arc6-6.5.0-1.el7 proftpd-1.3.5e-9.el7 python-pyspf-2.0.14-8.el7
Details about builds:
================================================================================ git-lfs-2.10.0-1.el7 (FEDORA-EPEL-2020-807ce17639) Git extension for versioning large files -------------------------------------------------------------------------------- Update Information:
Update to 2.10.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2020 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.10.0-1 - Update to 2.10.0 * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 2.9.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Tue Jan 7 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.9.2-1 - Update to latest version * Wed Jan 1 2020 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.9.0-1 - Update to latest version * Fri Aug 30 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.8.0-4 - Customize vendor information in version * Fri Aug 30 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.8.0-3 - Update to latest version * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 2.7.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Wed Jul 10 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.7.2-2 - Update to latest Go macros * Wed Apr 24 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.7.2-1 - Update to latest version * Wed Feb 27 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.7.1-1 - Update to latest version * Thu Feb 21 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.7.0-1 - Update to latest version * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 2.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Tue Jan 15 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.6.1-1 - Update to latest version * Mon Jan 14 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.5.2-4 - Rebuilt for dependencies * Tue Oct 23 2018 Nicolas Mailhot nim@fedoraproject.org - 2.5.2-3 - redhat-rpm-config-123 triggers bugs in gosetup, remove it from Go spec files as it���s just an alias - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... --------------------------------------------------------------------------------
================================================================================ mock-2.0-2.el7 (FEDORA-EPEL-2020-56dcc5ffbf) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information:
mock - log reasons why src.rpm can not be installed into chroot - nspawn: non- interactive commands in chroot are executed with --pipe - bind mount local repos to bootstrap chroot (dturecek@redhat.com) - expand the generated config (includes) completely before passing it to eval() (sergio@serjux.com) - do not ignore cleanup_on_success when post_install is True (logans@cottsay.net) - fix fd resource-leak in 'mock --chain' (jcajka@redhat.com) - the --debug-config option only shows the differences from the mock's default configuration - do not expand jinja for --debug-config - don't use chroot.pkg_manager in podman case, we need to install from within the container - --use-bootstrap-image implies --bootstrap-chroot - drop python2 support from spec file, and code too - ammend man page and state that --dnf is the default now - rename --{old,new}-chroot to --isolation - turn ON the jinja rendering a bit earlier - pre-populate loop devices in nspawn chroot as with --isolation=chroot - deepcopy the plugin_conf options from chroot to bootstrap_chroot - simplified implementation of include() config option, accept relative files (jkadlcik@redhat.com, sergio@serjux.com) - lvm_root: fix volume removal in --scrub - bootstrap: don't install shadow-utils, and distribution-gpg-keys - make --sources optional for --buildsrpm mode (sisi.chlupova@gmail.com) - bootstrap: bind-mount normal chroot into bootstrap chroot recursively - add --scrub=bootstrap parameter (frostyx@email.cz) - don't clean bootstrap with --clean - do not call traceLog decorator when no tracing - pre-create builddir before changing it's owner, and when we have proper process privileges - copy /etc/pki/ca-trust/extracted into chroot [GH#397] - change default of 'package_manager' to 'dnf' - always copy distribution-gpg-keys into chroot [GH#308] - support DNF vars added [GH#346] - use jinja macros instead of python variable expansion - get the text representation of error code - --scrub=all also does --scrub=bootstrap (jkadlcik@redhat.com) - success/fail aren't created root-owned - compress_logs: setup defaults to 'gzip' - raise error for --localrepo without --chain - detect that forcearch can not work, and raise obvious error - drop unnecessary privilege escalations which only make unnecessary root-owned files - solve yum.conf vs. dnf.conf inconsistency in code and config - fix mockchain with --bootstrap-chroot (issue/469) - document 'mock --chain -c' in man page mock-core-configs - solve yum.conf vs. dnf.conf inconsistency in config and code - add F32 configs and move rawhide to F33 - make compatibility changes with mock 2.0 - allow host overrides (build-time for now) - use jinja for gpgkey= in rawhide template - add rhel-{7,8}-s390x configs - drop rhel-8-ppc64, it was never supported - fix rhel-7 configs - update epel-8 config template to include modular repos as well as missing non-modular source repo (mmathesi@redhat.com) - drop for a long time useless epel-6-ppc64 config - use template for opensuse, openmandriva, mageia, epel, custom ... - fix epel-6.tpl config bug - set default podman image for centos-stream - remove aarch64 string from repo name in template [RHBZ#1780977] - EOL F29 configs - fix rhelepel configs - allow including configs and templates from relative path (frostyx@email.cz) - configs: drop cost=2000 from fedora-31+-i386 - add missing metadata_expire=0 to epel configs - change default of 'package_manager' to 'dnf', and use 'dnf.conf' - remove rhelbeta-8-* - fixed mageia, opensuse and mandriva configs - fixed fedora 31+ i386 configs -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 7 2020 Pavel Raiskup praiskup@redhat.com 2.0-2 - solve yum.conf vs. dnf.conf inconsistency in code and config - fix mockchain with --bootstrap-chroot (issue/469) - document 'mock --chain -c' in man page * Thu Feb 6 2020 Pavel Raiskup praiskup@redhat.com 2.0-1 - log reasons why src.rpm can not be installed into chroot - nspawn: non-interactive commands in chroot are executed with --pipe - bind mount local repos to bootstrap chroot (dturecek@redhat.com) - expand the generated config (includes) completely before passing it to eval() (sergio@serjux.com) - do not ignore cleanup_on_success when post_install is True (logans@cottsay.net) - fix fd resource-leak in 'mock --chain' (jcajka@redhat.com) - the --debug-config option only shows the differences from the mock's default configuration - do not expand jinja for --debug-config - don't use chroot.pkg_manager in podman case, we need to install from within the container - --use-bootstrap-image implies --bootstrap-chroot - drop python2 support from spec file, and code too - ammend man page and state that --dnf is the default now - rename --{old,new}-chroot to --isolation - turn ON the jinja rendering a bit earlier - pre-populate loop devices in nspawn chroot as with --isolation=chroot - deepcopy the plugin_conf options from chroot to bootstrap_chroot - simplified implementation of include() config option, accept relative files (jkadlcik@redhat.com, sergio@serjux.com) - pass proxy environment to exec of Podman (RHBZ#1772598) - lvm_root: fix volume removal in --scrub - bootstrap: don't install shadow-utils, and distribution-gpg-keys - make --sources optional for --buildsrpm mode (sisi.chlupova@gmail.com) - bootstrap: bind-mount normal chroot into bootstrap chroot recursively - add --scrub=bootstrap parameter (frostyx@email.cz) - don't clean bootstrap with --clean - do not call traceLog decorator when no tracing - pre-create builddir before changing it's owner, and when we have proper process privileges - copy /etc/pki/ca-trust/extracted into chroot [GH#397] - change default of 'package_manager' to 'dnf' - always copy distribution-gpg-keys into chroot [GH#308] - support DNF vars added [GH#346] - use jinja macros instead of python variable expansion - get the text representation of error code - --scrub=all also does --scrub=bootstrap (jkadlcik@redhat.com) - success/fail aren't created root-owned - compress_logs: setup defaults to 'gzip' - raise error for --localrepo without --chain - detect that forcearch can not work, and raise obvious error - drop unnecessary privilege escalations which only make unnecessary root-owned files -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1740421 - selinux is preventing mock-1.4.17-1 from executing RPM scriptlets https://bugzilla.redhat.com/show_bug.cgi?id=1740421 [ 2 ] Bug #1767417 - --forcearch doesn't warn/fail if you don't have qemu-user-static installed https://bugzilla.redhat.com/show_bug.cgi?id=1767417 [ 3 ] Bug #1772598 - use_bootstrap_image doesn't use proxy https://bugzilla.redhat.com/show_bug.cgi?id=1772598 [ 4 ] Bug #1672984 - mock --buildsrpm requires --sources when there are zero sources in the spec file https://bugzilla.redhat.com/show_bug.cgi?id=1672984 [ 5 ] Bug #1743843 - Builds fail with use_bootstrap_container experimental feature enabled https://bugzilla.redhat.com/show_bug.cgi?id=1743843 [ 6 ] Bug #1694420 - [abrt] mock: rmtree(): util.py:231:rmtree:PermissionError: [Errno 13] Permission denied: '/var/lib/mock/fedora-29-x86_64/root/builddir/build/SOURCES' https://bugzilla.redhat.com/show_bug.cgi?id=1694420 [ 7 ] Bug #1762728 - [lvm] can't scrub volume https://bugzilla.redhat.com/show_bug.cgi?id=1762728 --------------------------------------------------------------------------------
================================================================================ mock-core-configs-32.3-2.el7 (FEDORA-EPEL-2020-56dcc5ffbf) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information:
mock - log reasons why src.rpm can not be installed into chroot - nspawn: non- interactive commands in chroot are executed with --pipe - bind mount local repos to bootstrap chroot (dturecek@redhat.com) - expand the generated config (includes) completely before passing it to eval() (sergio@serjux.com) - do not ignore cleanup_on_success when post_install is True (logans@cottsay.net) - fix fd resource-leak in 'mock --chain' (jcajka@redhat.com) - the --debug-config option only shows the differences from the mock's default configuration - do not expand jinja for --debug-config - don't use chroot.pkg_manager in podman case, we need to install from within the container - --use-bootstrap-image implies --bootstrap-chroot - drop python2 support from spec file, and code too - ammend man page and state that --dnf is the default now - rename --{old,new}-chroot to --isolation - turn ON the jinja rendering a bit earlier - pre-populate loop devices in nspawn chroot as with --isolation=chroot - deepcopy the plugin_conf options from chroot to bootstrap_chroot - simplified implementation of include() config option, accept relative files (jkadlcik@redhat.com, sergio@serjux.com) - lvm_root: fix volume removal in --scrub - bootstrap: don't install shadow-utils, and distribution-gpg-keys - make --sources optional for --buildsrpm mode (sisi.chlupova@gmail.com) - bootstrap: bind-mount normal chroot into bootstrap chroot recursively - add --scrub=bootstrap parameter (frostyx@email.cz) - don't clean bootstrap with --clean - do not call traceLog decorator when no tracing - pre-create builddir before changing it's owner, and when we have proper process privileges - copy /etc/pki/ca-trust/extracted into chroot [GH#397] - change default of 'package_manager' to 'dnf' - always copy distribution-gpg-keys into chroot [GH#308] - support DNF vars added [GH#346] - use jinja macros instead of python variable expansion - get the text representation of error code - --scrub=all also does --scrub=bootstrap (jkadlcik@redhat.com) - success/fail aren't created root-owned - compress_logs: setup defaults to 'gzip' - raise error for --localrepo without --chain - detect that forcearch can not work, and raise obvious error - drop unnecessary privilege escalations which only make unnecessary root-owned files - solve yum.conf vs. dnf.conf inconsistency in code and config - fix mockchain with --bootstrap-chroot (issue/469) - document 'mock --chain -c' in man page mock-core-configs - solve yum.conf vs. dnf.conf inconsistency in config and code - add F32 configs and move rawhide to F33 - make compatibility changes with mock 2.0 - allow host overrides (build-time for now) - use jinja for gpgkey= in rawhide template - add rhel-{7,8}-s390x configs - drop rhel-8-ppc64, it was never supported - fix rhel-7 configs - update epel-8 config template to include modular repos as well as missing non-modular source repo (mmathesi@redhat.com) - drop for a long time useless epel-6-ppc64 config - use template for opensuse, openmandriva, mageia, epel, custom ... - fix epel-6.tpl config bug - set default podman image for centos-stream - remove aarch64 string from repo name in template [RHBZ#1780977] - EOL F29 configs - fix rhelepel configs - allow including configs and templates from relative path (frostyx@email.cz) - configs: drop cost=2000 from fedora-31+-i386 - add missing metadata_expire=0 to epel configs - change default of 'package_manager' to 'dnf', and use 'dnf.conf' - remove rhelbeta-8-* - fixed mageia, opensuse and mandriva configs - fixed fedora 31+ i386 configs -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2020 Pavel Raiskup praiskup@redhat.com 32.3-2 - bump version for lost git tag * Fri Feb 21 2020 Pavel Raiskup praiskup@redhat.com 32.3-1 - put back the opensuse-leap-15.1-x86_64 config * Thu Feb 20 2020 Pavel Raiskup praiskup@redhat.com 32.2-1 - use one template for branched fedoras - templatize F31+ i386 - use 'dnf.conf' in mageia, opensuse and openmandriva configs * Sat Feb 8 2020 Pavel Raiskup praiskup@redhat.com 32.1-1 - centos-8 and centos-stream to use dnf.conf * Fri Feb 7 2020 Pavel Raiskup praiskup@redhat.com 32.0-2 - solve yum.conf vs. dnf.conf inconsistency in config and code * Thu Feb 6 2020 Pavel Raiskup praiskup@redhat.com 32.0-1 - add F32 configs and move rawhide to F33 - make compatibility changes with mock 2.0 - allow host overrides (build-time for now) - use jinja for gpgkey= in rawhide template - add rhel-{7,8}-s390x configs - drop rhel-8-ppc64, it was never supported - fix rhel-7 configs - update epel-8 config template to include modular repos as well as missing non-modular source repo (mmathesi@redhat.com) - drop for a long time useless epel-6-ppc64 config - use template for opensuse, openmandriva, mageia, epel, custom ... - fix epel-6.tpl config bug - set default podman image for centos-stream - remove aarch64 string from repo name in template [RHBZ#1780977] - EOL F29 configs - fix rhelepel configs - allow including configs and templates from relative path (frostyx@email.cz) - configs: drop cost=2000 from fedora-31+-i386 - add missing metadata_expire=0 to epel configs - change default of 'package_manager' to 'dnf', and use 'dnf.conf' - remove rhelbeta-8-* -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1740421 - selinux is preventing mock-1.4.17-1 from executing RPM scriptlets https://bugzilla.redhat.com/show_bug.cgi?id=1740421 [ 2 ] Bug #1767417 - --forcearch doesn't warn/fail if you don't have qemu-user-static installed https://bugzilla.redhat.com/show_bug.cgi?id=1767417 [ 3 ] Bug #1772598 - use_bootstrap_image doesn't use proxy https://bugzilla.redhat.com/show_bug.cgi?id=1772598 [ 4 ] Bug #1672984 - mock --buildsrpm requires --sources when there are zero sources in the spec file https://bugzilla.redhat.com/show_bug.cgi?id=1672984 [ 5 ] Bug #1743843 - Builds fail with use_bootstrap_container experimental feature enabled https://bugzilla.redhat.com/show_bug.cgi?id=1743843 [ 6 ] Bug #1694420 - [abrt] mock: rmtree(): util.py:231:rmtree:PermissionError: [Errno 13] Permission denied: '/var/lib/mock/fedora-29-x86_64/root/builddir/build/SOURCES' https://bugzilla.redhat.com/show_bug.cgi?id=1694420 [ 7 ] Bug #1762728 - [lvm] can't scrub volume https://bugzilla.redhat.com/show_bug.cgi?id=1762728 --------------------------------------------------------------------------------
================================================================================ monitorix-3.12.0-1.el7 (FEDORA-EPEL-2020-7c19fe7e3c) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information:
This new version introduces two new modules: the phpfpm.pm and the unbound.pm. The first one will allow to collect PHP-FPM statistics and monitor unlimited number of sites, while the unbound.pm module will collect a lot of statistics of the Unbound running in your local server. There is not possibility to collect Unbound statistics from remote servers. In all, both modules come with a fairly complete statistic graphs. Besides these two new modules, this version includes some interesting new features. It has been finally fixed the bind.pm module to support newer versions of BIND. Now this module relies on Perl XML::LibXML to parse the output of BIND (instead of using Perl XML::Simple). Also, the gensens.pm module includes Battery as its third sensor, and there has been some improvements in the NFS graph for FreeBSD systems. The fail2ban.pm module has also changed the way how the values are shown. From now on, you can choose between absolute and rate values, being the former the default one. The ZFS graph has also changed the way how are shown the Operations and Bandwidth graphs. The rest of new features, changes and bugs fixed are, as always, reflected in the Changes file. Please, check the monitorix.conf(5) man page for all the details. NOTICE: The configuration file monitorix.conf has been extended with important changes. All users still using older versions are encouraged to upgrade to this version. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2020 Jordi Sanfeliu jordi@fibranet.cat - 3.12.0-1 - Updated to 3.12.0. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1805689 - monitorix-3.12.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1805689 --------------------------------------------------------------------------------
================================================================================ nordugrid-arc6-6.5.0-1.el7 (FEDORA-EPEL-2020-4cbb9549c2) Advanced Resource Connector Middleware -------------------------------------------------------------------------------- Update Information:
NorduGrid ARC 6.5.0. -------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 18 2020 Mattias Ellert mattias.ellert@physics.uu.se - 6.5.0-1 - Update to version 6.5.0 - Put the arcctl tool in a separate nordugrid-arc-arcctl package - Add nordugrid-arc-community-rtes package (tech preview) - Split the nordugrid-arc-plugins-globus package into several packages - nordugrid-arc-plugins-globus-common - nordugrid-arc-plugins-gridftp - nordugrid-arc-plugins-lcas-lcmaps - nordugrid-arc-plugins-gridftpjob --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.5e-9.el7 (FEDORA-EPEL-2020-ea579d7782) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
This update addresses a use-after-free vulnerability (CVE-2020-9273): successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 19 2020 Paul Howarth paul@city-fan.org - 1.3.5e-9 - Fix use-after-free vulnerability in memory pools during data transfer (CVE-2020-9273, https://github.com/proftpd/proftpd/issues/903) - mod_sftp: When handling the 'keyboard-interactive' authentication mechanism, as used for (e.g.) PAM, make sure to properly handle DEBUG, IGNORE, DISCONNECT, and UNIMPLEMENTED messages, per RFC 4253 http://bugs.proftpd.org/show_bug.cgi?id=4385 --------------------------------------------------------------------------------
================================================================================ python-pyspf-2.0.14-8.el7 (FEDORA-EPEL-2020-08c57e33f8) Python module and programs for SPF (Sender Policy Framework) -------------------------------------------------------------------------------- Update Information:
Relax and replace LF with space in SPF records (bug #1573072, pb at bieringer dot de). Add back python 2 specific patches. ---- Provide both Python 2 and Python 3 builds of this package. Update to 2.0.14. Please test thoroughly, breakage is expected. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2020 Bojan Smojver bojan@rexursive.com - 2.0.14-8 - add back patch for some python 2 specific problems * Fri Feb 21 2020 Bojan Smojver bojan@rexursive.com - 2.0.14-7 - relax and replace LF with space (bug #1573072, pb at bieringer dot de) * Tue Feb 18 2020 Bojan Smojver bojan@rexursive.com - 2.0.14-6 - add patch to remove lifetime argument to dns.resolver.query() * Mon Feb 17 2020 Bojan Smojver bojan@rexursive.com - 2.0.14-5 - build default (python2) last * Mon Feb 17 2020 Bojan Smojver bojan@rexursive.com - 2.0.14-4 - update to 2.0.14 - build python3 version, while trying to keep the rest as is -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409470 - Please backport python2/3 combined package to epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1409470 [ 2 ] Bug #1573072 - policyd-spf crashes on buggy SPF record entry instead being more relaxed https://bugzilla.redhat.com/show_bug.cgi?id=1573072 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org