Fedora EPEL 7 updates-testing report

updates@xxxxxxxxxxxxxxxxx · Sat, 2 Jul 2022 00:19:54 +0000 (GMT)

The following builds have been pushed to Fedora EPEL 7 updates-testing

    golang-1.17.10-1.el7
    libeatmydata-130-4.el7

Details about builds:

================================================================================
 golang-1.17.10-1.el7 (FEDORA-EPEL-2022-453673a4ea)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:

Update to 1.17.10, Security fix for CVE-2022-24921, CVE-2022-28327,
CVE-2022-24675, and CVE-2022-29526
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 30 2022 Dave Dykstra <dwd@xxxxxxxxxxxxxxxxx> - 1.17.10-1
- Update to 1.17.10 by cherry-picking the commit from centos8-stream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2064857 - CVE-2022-24921 golang: regexp: stack exhaustion via a deeply nested expression
        https://bugzilla.redhat.com/show_bug.cgi?id=2064857
  [ 2 ] Bug #2077688 - CVE-2022-24675 golang: encoding/pem: fix stack overflow in Decode
        https://bugzilla.redhat.com/show_bug.cgi?id=2077688
  [ 3 ] Bug #2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar
        https://bugzilla.redhat.com/show_bug.cgi?id=2077689
  [ 4 ] Bug #2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
        https://bugzilla.redhat.com/show_bug.cgi?id=2084085
--------------------------------------------------------------------------------

================================================================================
 libeatmydata-130-4.el7 (FEDORA-EPEL-2022-e9c461b01e)
 Library and utilities designed to disable fsync and friends
--------------------------------------------------------------------------------
Update Information:

https://bugzilla.redhat.com/show_bug.cgi?id=2099313 fix which is:
`/usr/libexec/eatmydata.sh` points to `/usr/lib/libeatmydata` rather than
`/usr/lib64`   ``` $ eatmydata sleep 1 eatmydata error: could not find eatmydata
library /usr/lib/libeatmydata.so ```  i.e. the noarch build of the `eatmydata`
package was incorrect.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 11 2022 Stewart Smith <stewart@xxxxxxxxxxxxxxxx> - 130-4
- Fix Summary
- Build eatmydata per-arch as script contains arch specific dirs
  See https://bugzilla.redhat.com/show_bug.cgi?id=2099313
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2099313 - eatmydata error: could not find eatmydata library /usr/lib/libeatmydata.so
        https://bugzilla.redhat.com/show_bug.cgi?id=2099313
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure