The following Fedora EPEL 7 Security updates need testing: Age URL 39 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-f005e1b879 debmirror-2.35-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-73042a5f27 stb-0-0.7.20211022gitaf1a5bc.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing java-latest-openjdk-17.0.1.0.12-1.rolling.el7 mock-core-configs-36.2-1.el7 perl-Spreadsheet-XLSX-0.16-1.el7 radsecproxy-1.9.1-1.el7 yadifa-2.5.3-1.el7 Details about builds: ================================================================================ java-latest-openjdk-17.0.1.0.12-1.rolling.el7 (FEDORA-EPEL-2021-9db00036f5) OpenJDK 17 Runtime Environment -------------------------------------------------------------------------------- Update Information: New in release OpenJDK 17.0.1 (2021-10-19): ---------------------------------------------------------------- Live versions of these release notes can be found at: - https://builds.shipilev.net/backports-monitor/release-notes-17.0.1.txt Security fixes -------------------------- - JDK-8263314: Enhance XML Dsig modes - JDK-8265167, CVE-2021-35556: Richer Text Editors - JDK-8265574: Improve handling of sheets - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - JDK-8265776: Improve Stream handling for SSL - JDK-8266097, CVE-2021-35561: Better hashing support - JDK-8266103: Better specified spec values - JDK-8266109: More Resilient Classloading - JDK-8266115: More Manifest Jar Loading - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - JDK-8266689, CVE-2021-35567: More Constrained Delegation - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - JDK-8267712: Better LDAP reference processing - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - JDK-8267735, CVE-2021-35586: Better BMP support - JDK-8268193: Improve requests of certificates - JDK-8268199: Correct certificate requests - JDK-8268205: Enhance DTLS client handshake - JDK-8268500: Better specified ParameterSpecs - JDK-8268506: More Manifest Digests - JDK-8269618, CVE-2021-35603: Better session identification - JDK-8269624: Enhance method selection support - JDK-8270398: Enhance canonicalization - JDK-8270404: Better canonicalization Other changes ---------------------------- - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certi fication/QuoVadisCA.java fails, Certificate has been revoked - JDK-8261088: Repeatable annotations without @Target cannot have containers that target module declarations - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" - JDK-8263531: Remove unused buffer int - JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java - JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type - JDK-8267666: Add option to jcmd GC.heap_dump to use existing file - JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected - JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info. - JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance - JDK-8268963: [IR Framework] Some default regexes matching on PrintOptoAssembly in IRNode.java do not work on all platforms - JDK-8269297: Bump version numbers for JDK 17.0.1 - JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient - JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events - JDK-8269763: The JEditorPane is blank after JDK-8265167 - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers - JDK-8269882: stack-use-after-scope in NewObjectA - JDK-8269897: Shenandoah: Resolve UNKNOWN access strength, where possible - JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status - JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags - JDK-8270094: Shenandoah: Provide human-readable labels for test configurations - JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode - JDK-8270098: ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross- Realm Setup - JDK-8270280: security/infra/java/security/cert/CertPathValidator /certification/LetsEncryptCA.java OCSP response error - JDK-8270344: Session resumption errors - JDK-8271203: C2: assert(iff->Opcode() == Op_If || iff->Opcode() == Op_CountedLoopEnd || iff->Opcode() == Op_RangeCheck) failed: Check this code when new subtype is added - JDK-8271276: C2: Wrong JVM state used for receiver null check - JDK-8271335: Updating RE Configs for BUILD REQUEST 17.0.1+4 - JDK-8271589: fatal error with variable shift count integer rotate operation. - JDK-8271723: Unproblemlist runtime/InvocationTests/invokevirtualTests.java - JDK-8271730: Client authentication using RSASSA-PSS fails after correct certificate requests - JDK-8271925: ZGC: Arraycopy stub passes invalid oop to load barrier - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon - JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj - JDK-8272326: java/util/Random/RandomTestMoments.java had two Gaussian fails - JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790 - JDK-8272472: StackGuardPages test doesn't build with glibc 2.34 - JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182 - JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used - JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848 - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertP athValidator/certification/BuypassCA.java no longer needs ocspEnabled - JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed - JDK-8273358: macOS Monterey does not have the font Times needed by Serif Notes on individual issues: ------------------------------------------- security-libs/java.security: JDK-8271434: Removed IdenTrust Root Certificate The following root certificate from IdenTrust has been removed from the `cacerts` keystore: Alias Name: identrustdstx3 [jdk] Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 20 2021 Petra Alice Mikova <pmikova@xxxxxxxxxx> - 1:17.0.1.0.12-1.rolling - October CPU update to jdk 17.0.1+12 - dropped commented-out source line - bumped buildjdkver to 17 * Mon Oct 11 2021 Andrew Hughes <gnu.andrew@xxxxxxxxxx> - 1:17.0.0.0.35-3.rolling - Update release notes to document the major changes between OpenJDK 11 & 17. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2012821 - java-latest-openjdk / epel7: libfontmanager.so has missing dependency on harfbuzz library https://bugzilla.redhat.com/show_bug.cgi?id=2012821 -------------------------------------------------------------------------------- ================================================================================ mock-core-configs-36.2-1.el7 (FEDORA-EPEL-2021-8ff88433d1) Mock core config files basic chroots -------------------------------------------------------------------------------- Update Information: Fix ELN - bump to F36 needed -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 26 2021 Pavel Raiskup <praiskup@xxxxxxxxxx> 36.2-1 - bump eln to F36 (praiskup@xxxxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ perl-Spreadsheet-XLSX-0.16-1.el7 (FEDORA-EPEL-2021-24c1957e4f) Perl extension for reading Microsoft Excel 2007 files -------------------------------------------------------------------------------- Update Information: Spreadsheet::XLSX 0.16 ====================== - Added GitHub repository - Fix RT #125112: Update module name in comments and POD - Improve POD - Improve kwalitee test -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.16-1 - Upgrade to 0.16 (#2017154) * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sat May 22 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.15-17 - Perl 5.34 rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jun 23 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.15-14 - Perl 5.32 rebuild * Thu Jan 30 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri May 31 2019 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.15-11 - Perl 5.30 rebuild * Sat Feb 2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jun 29 2018 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.15-8 - Perl 5.28 rebuild * Fri Feb 9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Tue Jun 6 2017 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.15-5 - Perl 5.26 rebuild * Sat Feb 11 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Mon May 16 2016 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.15-3 - Perl 5.24 rebuild * Thu Feb 4 2016 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2017154 - perl-Spreadsheet-XLSX-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=2017154 -------------------------------------------------------------------------------- ================================================================================ radsecproxy-1.9.1-1.el7 (FEDORA-EPEL-2021-bbd4159912) Generic RADIUS proxy with RadSec support -------------------------------------------------------------------------------- Update Information: radsecproxy 1.9.1 (2021-10-25) ============================== Misc ---- - OpenSSL 3.0 compatibility Bug Fixes --------- - Fix refused startup with openssl < 1.1 - Fix compiler issue for Fedora 33 on s390x - Fix small memory leak in config parser - Fix lazy certificate check when connecting to TLS servers - Fix connect is aborted if first host in list has invalid certificate - Fix setstacksize for glibc 2.34 - Fix system defaults/settings for TLS version not honored -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.9.1-1 - Upgrade to 1.9.1 (#2017132) * Tue Sep 14 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.9.0-5 - Use -Wno-error=deprecated-declarations with OpenSSL 3.0.0 * Tue Sep 14 2021 Sahana Prasad <sahana@xxxxxxxxxx> - 1.9.0-4 - Rebuilt with OpenSSL 3.0.0 * Mon Jul 26 2021 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.9.0-3 - Added upstream patch to fix setstacksize() for glibc >= 2.34 * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.9.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2017132 - radsecproxy-1.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2017132 -------------------------------------------------------------------------------- ================================================================================ yadifa-2.5.3-1.el7 (FEDORA-EPEL-2021-5fffcd2c80) Lightweight authoritative Name Server with DNSSEC capabilities -------------------------------------------------------------------------------- Update Information: 20211025: YADIFA 2.5.3-public - Fixes a critical issue that could cause yadifad to crash handling certain DNS packet with privileged access. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 25 2021 Denis Fateyev <denis@xxxxxxxxxxx> - 2.5.3-1 - Update to 2.5.3 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2017051 - yadifa-2.5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2017051 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
