The following Fedora EPEL 7 Security updates need testing: Age URL 763 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 503 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b bubblewrap-0.3.3-2.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-49c5f31e92 python-pip-epel-8.1.2-14.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-864bc6779e chromium-85.0.4183.83-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-83bdeb2965 ansible-2.9.13-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0a324e529d drupal7-7.72-1.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-f9a066663b mbedtls-2.7.17-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-25e525a9ca seamonkey-2.53.4-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-918ad695f6 proftpd-1.3.5e-10.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-d968abb383 golang-1.15.2-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing IP2Location-8.0.9-9.20200916git6e49424.el7 mock-2.6-1.el7 mock-core-configs-33-1.el7 nginx-1.16.1-2.el7 perl-URI-cpan-1.007-3.el7 python-ldap3-2.8.1-1.el7 Details about builds: ================================================================================ IP2Location-8.0.9-9.20200916git6e49424.el7 (FEDORA-EPEL-2020-f4d76a2061) C library for mapping IP address to geolocation information -------------------------------------------------------------------------------- Update Information: subpackage data-sample: add suffix "SAMPLE" to included BIN files, fix file permissions ---- add patch to sync with upstream -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ mock-2.6-1.el7 (FEDORA-EPEL-2020-0996fb7a3c) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: mock - because of the mock-filesystem change, we need to enforce upgrade of the old mock-core-configs package - set the DNF user_agent in dnf.conf (msuchy@xxxxxxxxxx) - introduce mock-filesystem subpackage (msuchy@xxxxxxxxxx) - add showrc plugin to record the output of rpm --showrc (riehecky@xxxxxxxx) - document which packages we need in buildroot (msuchy@xxxxxxxxxx) - macros without leading '%' like config_opts['macros']['macroname'] work fine again (issue#605) mock-core-cofnigs - provide the Fedora ELN mock configuration - some adjustments were done for the new mock-filesystem package https://github.com/rpm-software-management/mock/wiki/Release-Notes-2.6 - the --recurse option implies --continue - fix --chain --continue option - fail when --continue/--recurse is used without --chain - fix _copy_config() for broken symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with --rebuild - handle exceptions from command_parse() method - fail verbosely for --chain & --resultdir combination - allow using -a|--addrepo with /absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode - use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even with isolation=simple (msuchy@xxxxxxxxxx) - dump the reason for particular package build fail in --chain - raise PkgError when the source RPM can not be installed -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 15 2020 Pavel Raiskup <praiskup@xxxxxxxxxx> 2.6-1 - the --recurse option implies --continue - fix --chain --continue option - fail when --continue/--recurse is used without --chain - fix _copy_config() for broken symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with --rebuild - handle exceptions from command_parse() method - fail verbosely for --chain & --resultdir combination - allow using -a|--addrepo with /absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode - use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even with isolation=simple (msuchy@xxxxxxxxxx) - dump the reason for particular package build fail in --chain - raise PkgError when the source RPM can not be installed * Thu Sep 3 2020 Pavel Raiskup <praiskup@xxxxxxxxxx> 2.5-2 - because of the mock-filesystem change, we need to enforce upgrade of the old mock-core-configs package * Thu Sep 3 2020 Pavel Raiskup <praiskup@xxxxxxxxxx> 2.5-1 - set the DNF user_agent in dnf.conf (msuchy@xxxxxxxxxx) - introduce mock-filesystem subpackage (msuchy@xxxxxxxxxx) - add showrc plugin to record the output of rpm --showrc (riehecky@xxxxxxxx) - document which packages we need in buildroot (msuchy@xxxxxxxxxx) - macros without leading '%' like config_opts['macros']['macroname'] work fine again (issue#605) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode https://bugzilla.redhat.com/show_bug.cgi?id=1857918 [ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances https://bugzilla.redhat.com/show_bug.cgi?id=1878924 -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-33-1.el7 (FEDORA-EPEL-2020-0996fb7a3c) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: mock - because of the mock-filesystem change, we need to enforce upgrade of the old mock-core-configs package - set the DNF user_agent in dnf.conf (msuchy@xxxxxxxxxx) - introduce mock-filesystem subpackage (msuchy@xxxxxxxxxx) - add showrc plugin to record the output of rpm --showrc (riehecky@xxxxxxxx) - document which packages we need in buildroot (msuchy@xxxxxxxxxx) - macros without leading '%' like config_opts['macros']['macroname'] work fine again (issue#605) mock-core-cofnigs - provide the Fedora ELN mock configuration - some adjustments were done for the new mock-filesystem package https://github.com/rpm-software-management/mock/wiki/Release-Notes-2.6 - the --recurse option implies --continue - fix --chain --continue option - fail when --continue/--recurse is used without --chain - fix _copy_config() for broken symlinks in dst= (rhbz#1878924) - auto-download the source RPMs from web with --rebuild - handle exceptions from command_parse() method - fail verbosely for --chain & --resultdir combination - allow using -a|--addrepo with /absolute/path/argument - add support for -a/--addrepo in normal --rebuild mode - use systemd-nspawn --resolv-conf=off - create /etc/localtime as symlink even with isolation=simple (msuchy@xxxxxxxxxx) - dump the reason for particular package build fail in --chain - raise PkgError when the source RPM can not be installed -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 3 2020 Pavel Raiskup <praiskup@xxxxxxxxxx> 33-1 - bump version to 33, as we already ship F33 configs - because of the mock-filesystem change, depend on mock 2.5 * Thu Sep 3 2020 Pavel Raiskup <praiskup@xxxxxxxxxx> 32.8-1 - set the DNF user_agent in dnf.conf (msuchy@xxxxxxxxxx) - add Fedora ELN configs - introduce mock-filesystem subpackage (msuchy@xxxxxxxxxx) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1857918 - RFE: --addrepo does not work with --rebuild && --resultdir should warn for --chain mode https://bugzilla.redhat.com/show_bug.cgi?id=1857918 [ 2 ] Bug #1878924 - mock fails in _copy_config with FileNotFoundError for /etc/resolv.conf in some circumstances https://bugzilla.redhat.com/show_bug.cgi?id=1878924 -------------------------------------------------------------------------------- ================================================================================ nginx-1.16.1-2.el7 (FEDORA-EPEL-2020-0f3f88c479) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: fix 404.html location and indenting (rhbz#1409685) include patch for CVE-2019-20372 (rhbz#1790280) -------------------------------------------------------------------------------- ChangeLog: * Sun Jun 7 2020 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1:1.16.1-2 - fix 404.html location and indenting (rhbz#1409685) - include patch for CVE-2019-20372 (rhbz#1790280) - rework patches to work with %autosetup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1409685 - a typo for 404 handler in the default server section https://bugzilla.redhat.com/show_bug.cgi?id=1409685 [ 2 ] Bug #1790280 - CVE-2019-20372 nginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1790280 [ 3 ] Bug #1867261 - EPEL7 nginx package contains CVEs and it's two major versions behind. https://bugzilla.redhat.com/show_bug.cgi?id=1867261 -------------------------------------------------------------------------------- ================================================================================ perl-URI-cpan-1.007-3.el7 (FEDORA-EPEL-2020-3cdcbc56e0) URLs that refer to things on the CPAN -------------------------------------------------------------------------------- Update Information: This is the first build of perl-URI-cpan. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1876259 - Review Request: perl-URI-cpan - URLs that refer to things on the CPAN https://bugzilla.redhat.com/show_bug.cgi?id=1876259 -------------------------------------------------------------------------------- ================================================================================ python-ldap3-2.8.1-1.el7 (FEDORA-EPEL-2020-703be62e91) Strictly RFC 4511 conforming LDAP V3 pure Python client -------------------------------------------------------------------------------- Update Information: Update to 2.8.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 15 2020 Avram Lubkin <aviso@xxxxxxxxxxxxxx> - 2.8.1-1 - Update to 2.8.1 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
