The following Fedora EPEL 7 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9b53b79398 golang-1.20.12-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a461023d55 chromium-122.0.6261.111-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing apptainer-1.3.0-1.el7 baresip-3.10.1-1.el7 hardinfo2-2.0.15-4.el7 xorgxrdp-0.9.20-1.el7 xrdp-0.9.25-2.el7 Details about builds: ================================================================================ apptainer-1.3.0-1.el7 (FEDORA-EPEL-2024-88b6d1940a) Application and environment virtualization formerly known as Singularity -------------------------------------------------------------------------------- Update Information: Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0 - Update to upstream 1.3.0 * Thu Feb 15 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0~rc.2 - Update to upstream 1.3.0-rc.2 * Wed Jan 10 2024 Dave Dykstra <dwd@xxxxxxxx> - 1.3.0~rc.1 - Update to upstream 1.3.0-rc.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268820 - CVE-2024-28176 go-jose: resource exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2268820 [ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data https://bugzilla.redhat.com/show_bug.cgi?id=2268854 -------------------------------------------------------------------------------- ================================================================================ baresip-3.10.1-1.el7 (FEDORA-EPEL-2024-f51b53c59b) Modular SIP user-agent with audio and video support -------------------------------------------------------------------------------- Update Information: Baresip v3.10.1 (2024-03-12) Security Release (possible Denial of Service): A wrong or manipulated incoming RTP Timestamp can cause the baresip process to hang forever, for details see: #2954 aureceiver: fix mtx_unlock on discard -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.1-1 - Upgrade to 3.10.1 (#2269261) * Mon Mar 11 2024 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.10.0-2 - Added upstream patch to fix mtx_unlock on discard in aureceiver -------------------------------------------------------------------------------- References: [ 1 ] Bug #2269261 - baresip-3.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2269261 -------------------------------------------------------------------------------- ================================================================================ hardinfo2-2.0.15-4.el7 (FEDORA-EPEL-2024-393603a1a5) System Information and Benchmark for Linux Systems -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Felix Wang <topazus@xxxxxxxxxxx> - 2.0.15-4 - fix build on epel 7; correct license * Tue Mar 12 2024 Felix Wang <topazus@xxxxxxxxxxx> - 2.0.15-3 - fix build on epel 7; do not use ninja-nuild on epel * Tue Mar 12 2024 Felix Wang <topazus@xxxxxxxxxxx> - 2.0.15-2 - Fix build issues on epel 7 and 8 * Sun Mar 10 2024 topazus <topazus@xxxxxxxxxxx> - 2.0.15-1 - initial import -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.9.20-1.el7 (FEDORA-EPEL-2024-f59a6b70a7) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.25 (2024/03/11) Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. General announcements This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. Security fixes No new security fixes in this release. Bug fixes Backport touchpad inertial scrolling (#2364 #2424 #2948). New features If the client announces support for the Image RemoteFX codec it is logged (back- port of #2946) Internal changes FreeBSD CI version bumped to 13.2 from 12.4 (#2897) Some test timeouts have been increased for slow CI machines (#2903) Known issues On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869) xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867) General annoucements xorgxrdp 0.9.20 This is the last v0.9.x release. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. New features Too fast scroll mitigation A fundamental solution for too fast scrolling issue by @seflerZ has been backported from devel version to v0.9 (#265 #286). This fix requires xrdp v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together. The following former workaround added at v0.9.19 has been removed. It takes no effect anymore. [SessionVariables] (some existing lines) XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes What's Changed [v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286 Bump version to v0.9.20 by @metalefty in #292 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 12 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.20-1 - Bump up to 0.9.20 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 26 2023 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.19-7 - run autoreconf before build, to avoid problems on F39 * Sat Jul 22 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat Jan 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.9.19-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Nov 14 2022 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.19-5 - Insert glamoregl module into xorg.conf for glamor package - Add missed Xorg server dependencies into glamor package * Fri Nov 4 2022 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 0.9.19-4 - Build alternative binary with glamor enabled -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.25-2.el7 (FEDORA-EPEL-2024-f59a6b70a7) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.25 (2024/03/11) Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. General announcements This is the last v0.9.x version which is released regularly. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. Security fixes No new security fixes in this release. Bug fixes Backport touchpad inertial scrolling (#2364 #2424 #2948). New features If the client announces support for the Image RemoteFX codec it is logged (back- port of #2946) Internal changes FreeBSD CI version bumped to 13.2 from 12.4 (#2897) Some test timeouts have been increased for slow CI machines (#2903) Known issues On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869) xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867) General annoucements xorgxrdp 0.9.20 This is the last v0.9.x release. v0.9.x will be maintained for a while but less actively. New releases will happen only when severe security vulnerabilities or critical bugs are found. We have created a fund on Open Collective. Support us if you like xrdp! Direct donations to each developer via GitHub Sponsors are also welcomed. New features Too fast scroll mitigation A fundamental solution for too fast scrolling issue by @seflerZ has been backported from devel version to v0.9 (#265 #286). This fix requires xrdp v0.9.25 so use xrdp v0.9.25 and xorgxrdp v0.9.20 together. The following former workaround added at v0.9.19 has been removed. It takes no effect anymore. [SessionVariables] (some existing lines) XRDP_XORG_TOUCHPAD_SCROLL_HACK=yes What's Changed [v0.9] Backport touchpad inertial scrolling by @metalefty @seflerZ in #286 Bump version to v0.9.20 by @metalefty in #292 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1:0.9.25-2 - Add upstream PR 2994 * Tue Mar 12 2024 Bojan Smojver <bojan@xxxxxxxxxxxxx> - 1:0.9.25-1 - Update to 0.9.25 * Sat Jan 27 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1:0.9.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
