The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9b53b79398 golang-1.20.12-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing baresip-3.10.0-1.el7 bird2-2.15-1.el7 chromium-122.0.6261.111-1.el7 ganglia-3.7.2-48.el7 libre-3.10.0-1.el7 nagios-4.4.14-1.el7 nagios-plugins-2.4.8-1.el7 Details about builds: ================================================================================ baresip-3.10.0-1.el7 (FEDORA-EPEL-2024-b7cce2930c) Modular SIP user-agent with audio and video support -------------------------------------------------------------------------------- Update Information: Baresip v3.10.0 (2024-03-06) cmake: use default value for CMAKE_C_EXTENSIONS cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake test/main: fix NULL pointer arg on err ci: add Fedora workflow to avoid e.g. rpath issues mediatrack/start: add audio_decoder_set config: support distribution-specific/default CA paths readme: cosmetic changes ci/fedora: fix dependency config: add default CA path for Android transp,tls: add TLS client verification account,message,ua: secure incoming SIP MESSAGEs aufile: avoid race condition in case of fast destruction aufile: join thread if write fails video: add video_req_keyframe api call: start streams in sipsess_estab_handler webrtc: add av1 codec cmake: fix relative source dir find paths echo: fix re_snprintf pointer ARG cmake: Add include PATH so that GST is found also on Debian 11 call: improve glare handling call: set estdir in call_set_media_direction audio,aur: start audio player after early-video ctrl_dbus: add busctl example to module documentation debian: bump to v3.9.0 release v3.10.0 libre v3.10.0 (2024-03-06) transp: deref qent only if qentp is not set sipsess: fix doxygen comments aufile: fix doxygen comment ci/codeql: bump action v3 misc: text2pcap helpers (RTP/RTCP capturing) ci/mingw: bump upload/download-artifact and cache versions transp,tls: add TLS client verification fmt/text2pcap: cleanup ci/android: cache openssl build ci/misc: fix double push/pull runs fmt/text2pcap: fix coverity return value warning sipsess/listen: improve glare handling conf: add conf_get_i32 debian: bump version v3.9.0 sip/transp: reset tcp timeout on websocket receive release v3.10.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.0-1 - Upgrade to 3.10.0 (#2268424) * Wed Feb 7 2024 Pete Walter <pwalter@xxxxxxxxxxxxxxxxx> - 3.9.0-2 - Rebuild for libvpx 1.14.x -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268236 - libre-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268236 [ 2 ] Bug #2268424 - baresip-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268424 -------------------------------------------------------------------------------- ================================================================================ bird2-2.15-1.el7 (FEDORA-EPEL-2024-56ed925894) BIRD Internet Routing Daemon -------------------------------------------------------------------------------- Update Information: BIRD 2.15 (2024-03-10) BGP: Send hold timer BGP: New options to specify required BGP capabilities BFD: Improvements to show bfd sessions command RPKI: New local address configuration option Linux: Support for more route attributes, including TCP congestion control algorithm Support for UDP logging Static routes can have both nexthop and interface specified Completion of command options in BIRD client Many bugfixes and improvements -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 2.15-1 - Upgrade to 2.15 (#2268900) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268900 - bird-2.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268900 -------------------------------------------------------------------------------- ================================================================================ chromium-122.0.6261.111-1.el7 (FEDORA-EPEL-2024-a461023d55) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information: Upstream security release 122.0.6261.111 * High CVE-2024-2173: Out of bounds memory access in V8 * High CVE-2024-2174: Inappropriate implementation in V8 * High CVE-2024-2176: Use after free in FedCM -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 6 2024 Than Ngo <than@xxxxxxxxxx> - 122.0.6261.111-1 - upstream security release 122.0.6261.111 * High CVE-2024-2173: Out of bounds memory access in V8 * High CVE-2024-2174: Inappropriate implementation in V8 * High CVE-2024-2176: Use after free in FedCM -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268541 - CVE-2024-2173 CVE-2024-2174 CVE-2024-2176 chromium: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268541 -------------------------------------------------------------------------------- ================================================================================ ganglia-3.7.2-48.el7 (FEDORA-EPEL-2024-d0c63e8ac2) Distributed Monitoring System -------------------------------------------------------------------------------- Update Information: Update to latest version available in upstream git repo -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Terje Rosten <terje.rosten@xxxxxxx> - 3.7.2-48 - Update to commit 185ab6b * Sun Mar 3 2024 Terje Rosten <terje.rosten@xxxxxxx> - 3.7.2-47 - Add more PHP8 patches * Sat Feb 24 2024 Terje Rosten <terje.rosten@xxxxxxx> - 3.7.2-46 - Upgrade to ganglia web 3.7.6 * Mon Feb 5 2024 Terje Rosten <terje.rosten@xxxxxxx> - 3.7.2-45 - Fix GCC 14 issue * Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.2-44 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.2-43 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.2-42 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.7.2-41 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2257251 - Regression: machine_type_func() returns uninitialized local variable value on aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=2257251 -------------------------------------------------------------------------------- ================================================================================ libre-3.10.0-1.el7 (FEDORA-EPEL-2024-b7cce2930c) Generic library for real-time communications -------------------------------------------------------------------------------- Update Information: Baresip v3.10.0 (2024-03-06) cmake: use default value for CMAKE_C_EXTENSIONS cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake test/main: fix NULL pointer arg on err ci: add Fedora workflow to avoid e.g. rpath issues mediatrack/start: add audio_decoder_set config: support distribution-specific/default CA paths readme: cosmetic changes ci/fedora: fix dependency config: add default CA path for Android transp,tls: add TLS client verification account,message,ua: secure incoming SIP MESSAGEs aufile: avoid race condition in case of fast destruction aufile: join thread if write fails video: add video_req_keyframe api call: start streams in sipsess_estab_handler webrtc: add av1 codec cmake: fix relative source dir find paths echo: fix re_snprintf pointer ARG cmake: Add include PATH so that GST is found also on Debian 11 call: improve glare handling call: set estdir in call_set_media_direction audio,aur: start audio player after early-video ctrl_dbus: add busctl example to module documentation debian: bump to v3.9.0 release v3.10.0 libre v3.10.0 (2024-03-06) transp: deref qent only if qentp is not set sipsess: fix doxygen comments aufile: fix doxygen comment ci/codeql: bump action v3 misc: text2pcap helpers (RTP/RTCP capturing) ci/mingw: bump upload/download-artifact and cache versions transp,tls: add TLS client verification fmt/text2pcap: cleanup ci/android: cache openssl build ci/misc: fix double push/pull runs fmt/text2pcap: fix coverity return value warning sipsess/listen: improve glare handling conf: add conf_get_i32 debian: bump version v3.9.0 sip/transp: reset tcp timeout on websocket receive release v3.10.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.0-1 - Upgrade to 3.10.0 (#2268236) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268236 - libre-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268236 [ 2 ] Bug #2268424 - baresip-3.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2268424 -------------------------------------------------------------------------------- ================================================================================ nagios-4.4.14-1.el7 (FEDORA-EPEL-2024-8aeeb0702b) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information: Update to 4.4.14 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 9 2024 Guido Aulisi <guido.aulisi@xxxxxxxxx> - 4.4.14-1 - Update to 4.4.14 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2255413 - Please update branch and build nagios for EPEL 8 and EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=2255413 -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-2.4.8-1.el7 (FEDORA-EPEL-2024-fbaf5f90da) Host/service/network monitoring program plugins for Nagios -------------------------------------------------------------------------------- Update Information: Update to 2.4.8 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 10 2024 Guido Aulisi <guido.aulisi@xxxxxxxxx> - 2.4.8-1 - Update to 2.4.8 * Sun May 24 2020 Martin Jackson <mhjacks@xxxxxxxxxx> - 2.3.3-4 - Reinstate ssl_validity. Packager overreacted. * Tue May 19 2020 Martin Jackson <mhjacks@xxxxxxxxxx> - 2.3.3-3 - Remove ssl_validity as perl-Convert-ASN1 has been retired. BZ#1837397 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250202 - nagios-plugins-2.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250202 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue