The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-63588ab702 woff-0.20091126-11.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-058d69433a snapd-2.57.6-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-735d1baeca brotli-1.0.9-10.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing coturn-4.6.1-1.el7 ipv6calc-4.0.2-67.el7 libbsd-0.11.7-2.el7 Details about builds: ================================================================================ coturn-4.6.1-1.el7 (FEDORA-EPEL-2022-884f4fd70c) TURN/STUN & ICE Server -------------------------------------------------------------------------------- Update Information: # Coturn 4.6.1 * Fix memory corruption on socket close -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 4 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 4.6.1-1 - Upgrade to 4.6.1 (#2150608) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2150608 - coturn-4.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2150608 -------------------------------------------------------------------------------- ================================================================================ ipv6calc-4.0.2-67.el7 (FEDORA-EPEL-2022-251556b8c1) IPv6 address format change and calculation utility -------------------------------------------------------------------------------- Update Information: Final release 4.0.2 -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 4 2022 Peter Bieringer <pb@xxxxxxxxxxxx> - 4.0.2-67 - Final release 4.0.2 -------------------------------------------------------------------------------- ================================================================================ libbsd-0.11.7-2.el7 (FEDORA-EPEL-2022-10049c7b14) Library providing BSD-compatible functions for portability -------------------------------------------------------------------------------- Update Information: # libbsd 0.11.7 - Portability fixes for the Hurd - Fix ELF support for big endian SH - Sync the `arc4random(3)` implementation from OpenBSD - Adjust declaration shadowing to match new glibc additions - Manual pages and documentation cleanups - Manual page rewrite to get rid of a BSD-4-Clause license # libbsd 0.11.6 - Build system and test suite fixes for musl - Removal of unused OpenBSD support for `arc4random()` - LoongArch support for `nlist()` # libbsd 0.11.5 - Build system and test suite regression fixes - Documentation on how to build the project # libbsd 0.11.4 - Further rework of the libmd wrapping code, to simplify it again, and make it work even when we do not need SHA-2 functions - Fix builds with LTO - Various build system fixes - Various portability fixes - Various documentation fixes # libbsd 0.11.3 - Rework of the libmd wrapping code to not require users to explicitly link against libmd - Various build system fixes - Various portability fixes # libbsd 0.11.2 - Update `<sys/queue.h>` from FreeBSD - Import some `closefrom()` changes from sudo - Make `closefrom()` use `close_range()` syscall on Linux when available - Update `libbsd(7)` man page with updates in 0.11.0 # libbsd 0.11.0/0.11.1 - Export `strnvisx()` function - New `recallocarray()` and `freezero()` from OpenBSD - New pwcache module from OpenBSD - New `timespec(3bsd)` man page alias to `timeval(3bsd)` - New progname implementation for Windows - New `LIBBSD_VIS_OPENBSD` selection macro - Switch from embedded hashing function implementations to use libmd - Various man pages cleanups - Various portability fixes - Various memory leak fixes # libbsd 0.10.0 - Several security related fixes for `nlist()` - Preliminary and partial Windows porting - Fix for a leak in the vis family of functions - Fix for a configure check to not unnecessarily link against librt - General portability fixes for musl, uClibc, macOS and GNU/kFreeBSD - New architectures support for `nlist()` - Switch the `<err.h>` `*c()` functions to be standalone and add `err()`, `warn()`, `errx()` and `warnx()` familiy of functions in case the system lacks them - Several man page fixes # libbsd 0.9.0/0.9.1 - Add `__arraycount()` macro - Add `flopenat()` function - Add `strtoi()` and `strtou()` functions - Add several new vis and unvis functions - Add `pidfile_fileno()` function, and `struct pidfh` is now opaque - The `humanize_number()` now understands `HN_IEC_PREFIXES` - The `fmtcheck()` function supports all standard `printf(3)` conversions - The `getentropy()`, and thus `arc4random()` functions will not block anymore on Linux on boot when there's not enough entropy available - The `arc4random()` function handles direct `clone()` calls better # libbsd 0.8.7 Fixes the `nlist()` unit test on IA64, handles glibc now providing some of the functions, restores support for old gcc, and documents the availability of `arcrandom(3)` on other BSDs -------------------------------------------------------------------------------- ChangeLog: * Sun Dec 4 2022 Mikel Olasagasti Uranga <mikel@xxxxxxxxxxxxxxx> - 0.11.7-2 - Add runtime requirement on libmd-devel to libbsd-devel (#2148612) * Thu Nov 24 2022 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.11.7-1 - Update to 0.11.7 (#1742611) * Thu Jul 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue Jan 26 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Sep 9 2020 Jeff Law <law@xxxxxxxxxx> - 0.10.0-5 - Use symver attribute for symbol versioning Fix configure test compromised by LTO Fix nlist test compromised by LTO Re-enable LTO * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jul 1 2020 Jeff Law <law@xxxxxxxxxx> - 0.10.0-3 - Disable LTO * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.10.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Aug 22 2019 Eric Smith <brouhaha@xxxxxxxxxxxxxxxxx> - 0.10.0-1 - Update to 0.10.1. (#1742611) * Thu Jul 25 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 1 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue May 22 2018 Eric Smith <brouhaha@xxxxxxxxxxxxxxxxx> - 0.9.1-1 - Update to 0.9.1. (#1538853) * Tue May 22 2018 Eric Smith <brouhaha@xxxxxxxxxxxxxxxxx> - 0.8.6-3 - Mark explicit_bzero() and reallocarray() as compat symbols. (#1408465) * Wed Feb 7 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.8.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Tue Nov 21 2017 Jens Petersen <petersen@xxxxxxxxxx> - 0.8.6-1 - update to 0.8.6 (#1462722) - fixes manpage conflict (#1504831) - condition the gcc deprecation patch on epel < 7 - clean up spec file * Thu Aug 3 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.8.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.8.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.8.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Dec 23 2016 Eric Smith <brouhaha@xxxxxxxxxxxxxxxxx> - 0.8.3-2 - Add patch for GCC deprecated attribute to allow building on GCC < 4.5 (needed for EL5 and EL6). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1789459 - CVE-2019-20367 libbsd: Out-of-bounds read in nlist.c https://bugzilla.redhat.com/show_bug.cgi?id=1789459 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
