The following Fedora EPEL 6 Security updates need testing: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-a61d9e64ef sympa-6.2.54-1.el6 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-c807deec30 mbedtls-2.7.14-1.el6 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-658581cb5f php-horde-Horde-Form-2.0.20-1.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing preproc-0.2-2.el6 preproc-rpmspec-0.3-2.el6 rpkg-macros-0.4-2.el6 tomcat-7.0.100-2.el6 Details about builds: ================================================================================ preproc-0.2-2.el6 (FEDORA-EPEL-2020-e83c1b30a8) Simple text preprocessor -------------------------------------------------------------------------------- Update Information: Introduction of tools to do rpm spec file preprocessing before srpm build to dynamically generate parts of spec file based on git or other "external" context. Please, see https://lists.fedoraproject.org/archives/list/devel@lists. fedoraproject.org/thread/FSVFSQJ5R4WKLH7WIYZQ22CUXAEYZPNK/ for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 10 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.2-2 - rebuild because of koji break down * Tue Mar 10 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.2-1 - encoding fixes - make regular-expression only implementation - add NOTE into help/man about usage of preproc on uknown files * Tue Mar 3 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.1-1 - use cmd_repr helper to properly render the executed command - strip starting and ending whitespaces if any - change to working email - pass now required path to git_vcs macro in spec file - source env before sourcing anything else - fix spec files after CACHE to OUTPUT rename - fix rpkg-util spec files - build fix for rhel6 - provide man pages statically and add regen.sh - add some explanation for tags matching - allow multiple lines inside {{{}}}, fix expression for quoted strings so that the closest quote is matched - add missing BRs - move preproc and rpkg macro defs into separate packages -------------------------------------------------------------------------------- ================================================================================ preproc-rpmspec-0.3-2.el6 (FEDORA-EPEL-2020-e83c1b30a8) Minimalistic tool for rpm spec-file preprocessing -------------------------------------------------------------------------------- Update Information: Introduction of tools to do rpm spec file preprocessing before srpm build to dynamically generate parts of spec file based on git or other "external" context. Please, see https://lists.fedoraproject.org/archives/list/devel@lists. fedoraproject.org/thread/FSVFSQJ5R4WKLH7WIYZQ22CUXAEYZPNK/ for details. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 11 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.3-2 - Rebuild * Tue Mar 10 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.3-1 - no change, just a new tag * Mon Mar 9 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.2-1 - update description in spec * Sun Mar 8 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.1-1 - odd support for macros that produce files (git_archive/git_pack) - replace --in-space with --output - add note about the need to trust the spec files that are being preprocessed - initial commit -------------------------------------------------------------------------------- ================================================================================ rpkg-macros-0.4-2.el6 (FEDORA-EPEL-2020-e83c1b30a8) Set of preproc macros for rpkg utility -------------------------------------------------------------------------------- Update Information: Introduction of tools to do rpm spec file preprocessing before srpm build to dynamically generate parts of spec file based on git or other "external" context. Please, see https://lists.fedoraproject.org/archives/list/devel@lists. fedoraproject.org/thread/FSVFSQJ5R4WKLH7WIYZQ22CUXAEYZPNK/ for details. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 10 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.4-2 - rebuild due to koji break down * Tue Mar 10 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.4-1 - remove shebangs in library files according to Fedora review - changes according to review - usage of %{_prefix} in spec, g-w for pack_sources - use git-core on Fedoras * Fri Mar 6 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.3-1 - fix warning about unset git indetity in test_submodule_sources - skip test for submodule_sources on epel6 - add missing sleep in tests, add TODO - fix changelog renderring for legacy git as there is no points-at option - resolve problem in git_pack and submodules for epel7 * Wed Mar 4 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.2-1 - fix bug on centos7 bash in is_physical_subpath function * Wed Mar 4 2020 clime <clime@xxxxxxxxxxxxxxxxx> 0.1-1 - initial release -------------------------------------------------------------------------------- ================================================================================ tomcat-7.0.100-2.el6 (FEDORA-EPEL-2020-81c37f8ff5) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information: This update includes a rebase from 7.0.99 up to 7.0.100 which resolves one CVE along with various other bugs/features: * rhbz#1806805 CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability **WARNING** - This update does *not* enforce the change in defaults for the AJP Connector like the upstream fix does. This is done to prevent breakage of current installations, but it is highly advised to review your AJP Connector configuration to ensure that it is only accessible by your proxy! For more information see the [Tomcat Security Page](https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100) and the [Tomcat Security Considerations Document](https://tomcat.apache.org/tomcat-7.0-doc/security- howto.html#Connectors). -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 12 2020 Coty Sutherland <csutherl@xxxxxxxxxx> - 1:7.0.100-2 - Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration * Thu Mar 5 2020 Coty Sutherland <csutherl@xxxxxxxxxx> - 1:7.0.100-1 - Update to 7.0.100 - Resolves: rhbz#1806805 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
