The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-4ff425606f openssl11-1.1.1k-7.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing clojure-1.8.0-2.el7 libidn2-2.3.7-1.el7 Details about builds: ================================================================================ clojure-1.8.0-2.el7 (FEDORA-EPEL-2024-54270ec4b3) A dynamic programming language that targets the Java Virtual Machine -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-20189 -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 27 2024 Markku Korkeala <Markku Korkeala iki fi> - 1:1.8.0-2 - Add patch clj-2204 to mitigate CVE-2017-20189. * Thu Apr 2 2020 Markku Korkeala <Markku Korkeala iki fi> - 1:1.8.0-1 - New upstream release. - Replace add_maven_depmap macros with mvn_artifact and mvn_install -------------------------------------------------------------------------------- References: [ 1 ] Bug #2259513 - CVE-2017-20189 clojure: executes arbitrary code upon deserialization https://bugzilla.redhat.com/show_bug.cgi?id=2259513 -------------------------------------------------------------------------------- ================================================================================ libidn2-2.3.7-1.el7 (FEDORA-EPEL-2024-695ec45c0f) Library to support IDNA2008 internationalized domain names -------------------------------------------------------------------------------- Update Information: # libidn2 2.3.7 (2024-01-27) - Really include `tests/standalone.sh` in tarball. # libidn2 2.3.6 (2024-01-27) - Bump libtool version numbers to reflect API/ABI addition. - Include `tests/standalone.sh` in tarball. # libidn2 2.3.5 (2024-01-27) - Declaration of future API/ABI backwards compatibility stability. GNU libc `dlopen` libidn2 and use the name `libidn2.so.0` for this. Upstream believes that it will be too challenging to ever do hard ABI break that for normal libraries is justified to remove deprecated APIs. Thus upstream decided that they will support the current ABI for a long time. Of course, if really convincing arguments for doing a ABI break appears in the future upstream may re-consider, but take this as a declaration of intent of will and that future ABI breaks should be discussed and co-ordinated with the glibc team first. - Add public APIs for raw Punycode encoding/decoding. Normal applications rarely need this, but it cleans up the code and allow for external testing of the APIs, and resolve https://gitlab.com/libidn/libidn2/-/issues/80 due to earlier use of weak symbols for internal symbols `_idn2_punycode_encode` and `_idn2_punycode_decode`. Upstream will support these internal symbols for backwards compatibility. This allows a clean migration path for code that is still using the internal names. - Bump required gettext version to 0.19.8 for musl-libc. - Un-deprecate `idn2_to_ascii_4i` and make it `NUL` terminate output. The API `idn2_to_ascii_4i` was deprecated in version 2.1.1 released in 2019-02-08. In that release, the API was also modified to not `NUL`-terminate the output. That is contrary to the old libidn2 behaviour, the behaviour of libidn's API `idna_to_ascii_4i`, and the API documentation for the function. Since upstream is not likely to ever break backwards API/ABI compatibility in libidn2, and the deprecated gaurds leads to some trouble (see report in https://gitlab.com/libidn/libidn2/-/merge_requests/93 upstream decided to un- deprecate this function, as supporting it is not costly and the majority of code that cares about conformance has likely been modified. This will fix the error code and `NUL` termination report in https://gitlab.com/libidn/libidn2/-/issues/100. Upstream still encourage you to use the replacement API/ABI idn2_to_ascii_4i2 instead, when appropriate. - Compiler warning improvements. As before, compiler warnings are enabled by default. You may disable them using `./configure --disable-gcc-warnings` or turn them into fatal errors using `./configure --enable-gcc-warnings=error` to add `-Werror` and sensible `-Wno-error='s`. Based on gnulib's manywarnings, see https://www.gnu.org/software/gnulib//manual/html_node/manywarnings.html. - tests: Added script `tests/standalone.sh` suitable for integrators. The main purpose is to test a system-installed libidn2 library and `idn2` tool, suitable for distributor checking (a'la Debian's autopkgtest/debci). It may also be used to test a newly built libidn2 outside the usual `make check` infrastructure. To check that your system libidn2 library and `idn2` tool is working, invoke the script with `srcdir` as an environment variable indicating where it can be find the source code for libidn2's `tests/` directory (it will use the directory name where the script is by default): `tests/standalone.sh` If your system libidn2 is too old to pass certain tests, disable them using `STANDALONE_DISABLE` like this: `STANDALONE_DISABLE='*punycode*' tests/standalone.sh` See the script for more parameters. If the libidn2 under testing is too old and has known bugs, that should cause tests to fail, which is intentional. - Various minor build fixes and translation updates. - API and ABI is backwards compatible with the previous version. `idn2_punycode_decode`: Add. `idn2_punycode_encode`: Add. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 27 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 2.3.7-1 - Upgrade to 2.3.7 (#2260623) * Sat Jan 27 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 2.3.6-1 - Upgrade to 2.3.6 * Sat Jan 27 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 2.3.5-1 - Upgrade to 2.3.5 * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.4-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2260623 - libidn2-2.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2260623 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
