The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-225a030e92 phoronix-test-suite-10.8.2-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-d5db33b633 seamonkey-2.53.11.1-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-cf563ff92c openssl11-1.1.1k-3.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-b3413eba96 chromium-99.0.4844.84-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing inxi-3.3.14-1.el7 libmediainfo-22.03-1.el7 mediainfo-22.03-1.el7 spectre-meltdown-checker-0.45-1.el7 unrealircd-6.0.3-1.el7 Details about builds: ================================================================================ inxi-3.3.14-1.el7 (FEDORA-EPEL-2022-03b6c9931e) A full featured system information script -------------------------------------------------------------------------------- Update Information: Update to 3.3.14. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 2 2022 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 3.3.14-1 - Update to 3.3.14 * Sun Feb 27 2022 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 3.3.13-1 - Update to 3.3.13 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-22.03-1.el7 (FEDORA-EPEL-2022-4d13a8ebb0) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 22.03. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 2 2022 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 22.03-1 - Update to 22.03 * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 21.09-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mediainfo-22.03-1.el7 (FEDORA-EPEL-2022-4d13a8ebb0) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 22.03. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 2 2022 Vasiliy N. Glazov <vascom2@xxxxxxxxx> - 22.03-1 - Update to 22.03 * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 21.09-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ spectre-meltdown-checker-0.45-1.el7 (FEDORA-EPEL-2022-b8803715a9) Spectre & Meltdown vulnerability/mitigation checker for Linux -------------------------------------------------------------------------------- Update Information: An intermediary release with preparatory work needed to integrate support for new vulns BHI and intra-mode BTI (Spectre V2-like), along with other changes that were in the pipe in the last few months: * feat: add `--cpu`, to conduct MSR read/writes and cpuinfo checks on a given CPU/core number. By default, the first core is used (id 0). `--cpu all` is also supported, to query all cores and report whether there is discrepancies between cores * feat: hardware check: add `IPRED_CTRL`, `RRSBA_CTRL`, and `BHI_CTRL` feature bits checks in cpuinfo, these are needed to mitigate BHI and Intra-mode BTI ([https://www.intel.com/content/www/us/en/developer/articles/technical/software- security-guidance/technical-documentation/branch-history-injection.html](https:/ /www.intel.com/content/www/us/en/developer/articles/technical/software-security- guidance/technical-documentation/branch-history-injection.html)) * feat: add subleaf (ecx) != 0 support for `read_cpuid`, needed to query support of new bits in the `IA32_SPEC_CTRL` MSR * feat: add `--allow-msr-write`, and no longer write to MSRs by default, to avoid spurious messages in kernel logs, as more and more distros default having `msr.allow_writes` to `default` (allow but log a warning) or even `off`, which prevents writing from userspace altogether. This also fixes [#385](https://github.com/speed47/spectre-meltdown-checker/issues/385). When the cpuid bit indicating the presence of a write-only MSR is set, we'll now make the assumption that it exists, unless `--allow-msr-write` is specified, in which case we'll also check that. * feat: bsd: for unimplemented CVEs, at least report when CPU is not affected * feat: bsd: implement mitigation detection for the MCEPSC vulnerability * feat: arm: add Cortex A77 and Neoverse-N1 (fixes [#371](https://github.com/speed47/spectre-meltdown-checker/issues/371)) * feat: arm64: phytium: Add CPU Implementer Phytium * feat: arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig * feat: Android: autodetect a better suitable default `TMPDIR` ([#415](https://github.com/speed47/spectre-meltdown-checker/issues/415) [#424](https://github.com/speed47/spectre-meltdown-checker/issues/424)) * fix: retpoline: detection on 5.15.28+ ([#420](https://github.com/speed47/spectre- meltdown-checker/issues/420)) * fix: has_vmm false positive with pcp ([#394](https://github.com/speed47/spectre-meltdown-checker/issues/394)) * fix: is_ucode_blacklisted: fix some model names * fix: refuse to run under MacOS and ESXi ([#398](https://github.com/speed47/spectre-meltdown-checker/issues/398)) * fix: variant4: added case where prctl ssbd status is tagged as 'unknown' * fix: `extract_kernel`: don't overwrite `kernel_err` if already set * chore: only attempt to load `msr` and `cpuid` modules once * chore: `read_cpuid`/`read_msr`/`write_msr`: use named constants for better maintainability * chore: wording: model not vulnerable -> model not affected * chore: update Intel Family 6 models * chore: ensure vars are set before being de-referenced (set -u compat) * chore: update `fwdb` to `v222+i20220208` -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 2 2022 Reto Gantenbein <reto.gantenbein@xxxxxxxxxxxx> - 0.45-1 - Update to 0.45 * Sat Jan 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.44-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.44-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.44-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ unrealircd-6.0.3-1.el7 (FEDORA-EPEL-2022-a3ae41bd1e) Open Source IRC server -------------------------------------------------------------------------------- Update Information: # UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you `/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if the IRCd has been rehashed at least once. After doing a `REHASH` with active clients it will likely corrupt memory. It may take several days until after the rehash for the crash to occur, or even weeks/months on smaller networks (accidental triggering, that is). * A `REHASH` with certain remote includes setups could cause a crash or other weird and confusing problems such as complaining about unable to open an ipv6-database or missing snomask configuration. This only affected some people with remote includes, not all. * Potential out-of-bounds write in sending code. In practice it seems harmless on most servers but this cannot be 100% guaranteed. * Unlikely triggered log message would log uninitialized stack data to the log file or send it to ircops. * Channel ops could not remove halfops from a user (`-h`). * After using the `RESTART` command (not recommended) the new IRCd was often no longer writing to log files. * Fix compile problem if you choose to use cURL remote includes but don't have cURL on the system and ask UnrealIRCd to compile cURL. ## Enhancements * The default text log format on disk changed. It now includes the server name where the event was generated. Without this, it was sometimes difficult to trace problems, since previously it sometimes looked like there was a problem on your server when it was actually another server on the network. * Old log format: `[DATE TIME] subsystem.EVENT_ID loglevel: ........` * New log format: `[DATE TIME] servername subsystem.EVENT_ID loglevel: ........` ## Changes * Any MOTD lines added by services via [`SVSMOTD`](https://www.unrealircd.org/docs/MOTD_and_Rules#SVSMOTD) are now shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously the lines were only shown if you manually ran the MOTD command. ## Protocol * `LIST C<xx` now means: filter on channels that are created less than xx minutes ago. This is the opposite of what we had earlier. `LIST T<xx` is now supported as well (topic changed in last xx minutes), it was already advertised in `ELIST` but support was not enabled previously. -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 2 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 6.0.3-1 - Upgrade to 6.0.3 (#2071197) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2071197 - unrealircd-6.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2071197 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
