The following Fedora EPEL 7 Security updates need testing: Age URL 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-6cc996cdc4 opendmarc-1.4.1-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-969456590e rxvt-unicode-9.21-4.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0fec8057df python3-lxml-4.2.5-4.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-17f170d38c caribou0-0.4.21-26.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-7e9a7ecfb4 slurm-20.11.7-3.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-0402b44d82 chromium-90.0.4430.212-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-1f259a45ef openjpeg2-2.3.1-11.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-15abda18e1 singularity-3.7.4-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-9eaea6f65c audacious-plugins-4.0.5-4.el7 fluidsynth-2.1.8-4.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f706ca6458 radsecproxy-1.9.0-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing IP2Location-8.4.0-2.el7 elements-alexandria-2.19-1.el7 nginx-1.20.1-2.el7 sourcextractor++-0.15-1.el7 xpanes-4.1.3-1.el7 Details about builds: ================================================================================ IP2Location-8.4.0-2.el7 (FEDORA-EPEL-2021-6dce2db7d1) Tools for mapping IP address to geolocation information -------------------------------------------------------------------------------- Update Information: update to 8.4.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 2 2021 Peter Bieringer <pb@xxxxxxxxxxxx> - 8.4.0-2 - update to 8.4.0 - add upstream patch fixing https://github.com/chrislim2888/IP2Location-C-Library/issues/47 -------------------------------------------------------------------------------- ================================================================================ elements-alexandria-2.19-1.el7 (FEDORA-EPEL-2021-b528562ee4) A lightweight C++ utility library -------------------------------------------------------------------------------- Update Information: New releases of * Alexandria 2.19 * SourceXtractor++ 0.15 -------------------------------------------------------------------------------- ChangeLog: * Mon May 31 2021 Alejandro Alvarez Ayllon <aalvarez@xxxxxxxxxxxxxxxxx> - 2.19-1 - Release 2.19 * Mon May 10 2021 Alejandro Alvarez Ayllon <aalvarez@xxxxxxxxxxxxxxxxx> - 2.18-3 - Rebuild for gcc11.1 * Wed Apr 21 2021 Alejandro Alvarez Ayllon <aalvarez@xxxxxxxxxxxxxxxxx> - 2.18-2 - Rebuild for Fedora 35 -------------------------------------------------------------------------------- ================================================================================ nginx-1.20.1-2.el7 (FEDORA-EPEL-2021-8c50b78c57) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: Fix log permissions issue ---- # nginx 1.20.1 for EPEL 7 ## Changes ### Log file ownership (potential user impact) **Note** that the ownership of log files has changed to `root:root` and the mode changed to `700` (from `770`) to address CVE-2016-1247. This should not affect general operation, as this is the default for log directories and also what httpd uses but if you use external tools to process the log files you may want to check continued operation after this update. ### OpenSSL 1.1 nginx in EPEL 7 is now built against OpenSSL 1.1 to allow the use of TLSv1.3. ### Default Config changes Dropped `default_server` and `location /` directives so that it can be overridden in `conf.d` without needing to touch the default config. Note that the first `server` (as defined in the default config) and `root` will continue to serve the default `index.html` as long as no other `server` is defined. ### Logrotate nginx now handles creation of new log files to ensure correct permissions. ### Installation nginx no longer requires `nginx-all-modules` to allow for a leaner install. ### Service start The systemd unit will now wait for the `network-online.target`. Previously, start up could fail if DNS names were used for some config options (such as `proxy_pass`) and these names were not resolvable at service start time. ### Service reload The systemd unit now uses `nginx -s` to only reload the service if the configuration is valid. In previous versions an invalid configuration could take down nginx upon reload. Please consult http://nginx.org/en/CHANGES-1.20 for all changes to nginx since the current EPEL 7 release of 1.16.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 1 2021 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1:1.20.1-2 - use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2 * Tue May 25 2021 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1:1.20.1-1 - update to 1.20.1 (fixes CVE-2021-23017) * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1:1.20.0-4 - Perl 5.34 rebuild * Fri Apr 30 2021 Lubos Uhliarik <luhliari@xxxxxxxxxx> - 1:1.20.0-3 - Related: #1636235 - centralizing default index.html on nginx * Wed Apr 21 2021 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1:1.20.0-2 - sync rawhide and EPEL7 spec files again - systemd service reload now checks config file (rhbz#1565377) - drop nginx requirement on nginx-all-modules (rhbz#1708799) - let nginx handle log creation on logrotate (rhbz#1683388) - have log directory owned by root (rhbz#1390183, CVE-2016-1247) - remove obsolete --with-ipv6 (src PR#8) - correction: pcre2 is actually not supported by nginx, reintroduce pcre * Wed Apr 21 2021 Felix Kaechele <heffer@xxxxxxxxxxxxxxxxx> - 1:1.20.0-1 - update to 1.20.0 - sync with mainline spec file - order configure options alphabetically for easier comparinggit - add --with-compat option (rhbz#1834452) - add patch to fix PIDFile race condition (rhbz#1869026) - use pcre2 instead of pcre (rhbz#1938984) - add Wants=network-online.target to systemd unit (rhbz#1943779) * Mon Feb 22 2021 Lubos Uhliarik <luhliari@xxxxxxxxxx> - 1:1.18.0-5 - Resolves: #1931402 - drop gperftools module * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:1.18.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1964821 - CVE-2021-23017 nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1964821 [ 2 ] Bug #1966367 - nginx doesn't reopen the log file https://bugzilla.redhat.com/show_bug.cgi?id=1966367 -------------------------------------------------------------------------------- ================================================================================ sourcextractor++-0.15-1.el7 (FEDORA-EPEL-2021-b528562ee4) A program that extracts a catalog of sources from astronomical images, and the successor of SExtractor -------------------------------------------------------------------------------- Update Information: New releases of * Alexandria 2.19 * SourceXtractor++ 0.15 -------------------------------------------------------------------------------- ChangeLog: * Mon May 31 2021 Alejandro Alvarez Ayllon <aalvarez@xxxxxxxxxxxxxxxxx> - 0.15-1 - Release 0.15 * Mon May 10 2021 Alejandro Alvarez Ayllon <aalvarez@xxxxxxxxxxxxxxxxx> - 0.14-2 - Rebuild for gcc11.1 -------------------------------------------------------------------------------- ================================================================================ xpanes-4.1.3-1.el7 (FEDORA-EPEL-2021-1c76b77799) Awesome tmux-based terminal divider -------------------------------------------------------------------------------- Update Information: Latest upstream 4.1.3 -------------------------------------------------------------------------------- ChangeLog: * Mon May 31 2021 Carl George <carl@george.computer> - 4.1.3-1 - Latest upstream * Thu Jan 28 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.1.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
