[EPEL-devel] Fedora EPEL 7 updates-testing report

[updates]

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 485  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   
condor-8.6.11-1.el7
 227  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   
python-gnupg-0.4.4-1.el7
 224  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   
bubblewrap-0.3.3-2.el7
  13  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-72ead04703   
proftpd-1.3.5e-8.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-cd462a69ad   
python3-requests-2.14.2-2.el7
   8  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-eb770d67f7   
knot-resolver-4.3.0-1.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-de07c8591e   
cacti-1.2.8-1.el7 cacti-spine-1.2.8-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    chromium-79.0.3945.79-1.el7
    hitch-1.5.2-1.el7
    libuv-1.34.0-1.el7
    nsd-4.2.4-1.el7
    perl-Lchown-1.01-14.el7
    rsnapshot-1.4.3-1.el7
    spectre-meltdown-checker-0.43-1.el7

Details about builds:


================================================================================
 chromium-79.0.3945.79-1.el7 (FEDORA-EPEL-2019-ad1ffea646)
 A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:

Update to Chromium 79. Fixes the usual giant pile of bugs and security issues.
This time, the list is:  CVE-2019-13725 CVE-2019-13726 CVE-2019-13727
CVE-2019-13728 CVE-2019-13729 CVE-2019-13730 CVE-2019-13732 CVE-2019-13734
CVE-2019-13735 CVE-2019-13736 CVE-2019-13737 CVE-2019-13738 CVE-2019-13739
CVE-2019-13740 CVE-2019-13741 CVE-2019-13742 CVE-2019-13743 CVE-2019-13744
CVE-2019-13745 CVE-2019-13746 CVE-2019-13747 CVE-2019-13748 CVE-2019-13749
CVE-2019-13750 CVE-2019-13751 CVE-2019-13752 CVE-2019-13753 CVE-2019-13754
CVE-2019-13755 CVE-2019-13756 CVE-2019-13757 CVE-2019-13758 CVE-2019-13759
CVE-2019-13761 CVE-2019-13762 CVE-2019-13763  CVE-2019-13764
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 10 2019 Tom Callaway <s...@fedoraproject.org> - 79.0.3945.79-1
- update to 79.0.3945.79
* Wed Dec  4 2019 Tom Callaway <s...@fedoraproject.org> - 79.0.3945.56-2
- fix lib provides filtering
* Tue Dec  3 2019 Tom Callaway <s...@fedoraproject.org> - 79.0.3945.56-1
- update to current beta (rawhide only)
- switch to upstream patch for clock_nanosleep fix
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1782008 - CVE-2019-13763 chromium-browser: Insufficient policy 
enforcement in payments
        https://bugzilla.redhat.com/show_bug.cgi?id=1782008
  [ 2 ] Bug #1782004 - CVE-2019-13757 chromium-browser: Incorrect security UI 
in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1782004
  [ 3 ] Bug #1782007 - CVE-2019-13762 chromium-browser: Insufficient policy 
enforcement in downloads
        https://bugzilla.redhat.com/show_bug.cgi?id=1782007
  [ 4 ] Bug #1782006 - CVE-2019-13761 chromium-browser: Incorrect security UI 
in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1782006
  [ 5 ] Bug #1782005 - CVE-2019-13759 chromium-browser: Incorrect security UI 
in interstitials
        https://bugzilla.redhat.com/show_bug.cgi?id=1782005
  [ 6 ] Bug #1782003 - CVE-2019-13756 chromium-browser: Incorrect security UI 
in printing
        https://bugzilla.redhat.com/show_bug.cgi?id=1782003
  [ 7 ] Bug #1781999 - CVE-2019-13752 chromium-browser: Out of bounds read in 
SQLite
        https://bugzilla.redhat.com/show_bug.cgi?id=1781999
  [ 8 ] Bug #1782002 - CVE-2019-13755 chromium-browser: Insufficient policy 
enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1782002
  [ 9 ] Bug #1782000 - CVE-2019-13753 chromium-browser: Out of bounds read in 
SQLite
        https://bugzilla.redhat.com/show_bug.cgi?id=1782000
  [ 10 ] Bug #1782001 - CVE-2019-13754 chromium-browser: Insufficient policy 
enforcement in extensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1782001
  [ 11 ] Bug #1781998 - CVE-2019-13751 chromium-browser: Uninitialized Use in 
SQLite
        https://bugzilla.redhat.com/show_bug.cgi?id=1781998
  [ 12 ] Bug #1781997 - CVE-2019-13750 chromium-browser: Insufficient data 
validation in SQLite
        https://bugzilla.redhat.com/show_bug.cgi?id=1781997
  [ 13 ] Bug #1781992 - CVE-2019-13746 chromium-browser: Insufficient policy 
enforcement in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781992
  [ 14 ] Bug #1781995 - CVE-2019-13749 chromium-browser: Incorrect security UI 
in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781995
  [ 15 ] Bug #1781991 - CVE-2019-13745 chromium-browser: Insufficient policy 
enforcement in audio
        https://bugzilla.redhat.com/show_bug.cgi?id=1781991
  [ 16 ] Bug #1781994 - CVE-2019-13748 chromium-browser: Insufficient policy 
enforcement in developer tools
        https://bugzilla.redhat.com/show_bug.cgi?id=1781994
  [ 17 ] Bug #1781993 - CVE-2019-13747 chromium-browser: Uninitialized Use in 
rendering
        https://bugzilla.redhat.com/show_bug.cgi?id=1781993
  [ 18 ] Bug #1781989 - CVE-2019-13742 chromium-browser: Incorrect security UI 
in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781989
  [ 19 ] Bug #1781987 - CVE-2019-13740 chromium-browser: Incorrect security UI 
in sharing
        https://bugzilla.redhat.com/show_bug.cgi?id=1781987
  [ 20 ] Bug #1781990 - CVE-2019-13743 chromium-browser: Incorrect security UI 
in external protocol handling
        https://bugzilla.redhat.com/show_bug.cgi?id=1781990
  [ 21 ] Bug #1781985 - CVE-2019-13738 chromium-browser: Insufficient policy 
enforcement in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1781985
  [ 22 ] Bug #1781988 - CVE-2019-13741 chromium-browser: Insufficient 
validation of untrusted input in Blink
        https://bugzilla.redhat.com/show_bug.cgi?id=1781988
  [ 23 ] Bug #1781986 - CVE-2019-13739 chromium-browser: Incorrect security UI 
in Omnibox
        https://bugzilla.redhat.com/show_bug.cgi?id=1781986
  [ 24 ] Bug #1781984 - CVE-2019-13737 chromium-browser: Insufficient policy 
enforcement in autocomplete
        https://bugzilla.redhat.com/show_bug.cgi?id=1781984
  [ 25 ] Bug #1781983 - CVE-2019-13736 chromium-browser: Integer overflow in 
PDFium
        https://bugzilla.redhat.com/show_bug.cgi?id=1781983
  [ 26 ] Bug #1781982 - CVE-2019-13764 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781982
  [ 27 ] Bug #1781981 - CVE-2019-13735 chromium-browser: Out of bounds write in 
V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781981
  [ 28 ] Bug #1781980 - CVE-2019-13734 chromium-browser: Out of bounds write in 
SQLite
        https://bugzilla.redhat.com/show_bug.cgi?id=1781980
  [ 29 ] Bug #1781979 - CVE-2019-13732 chromium-browser: Use after free in 
WebAudio
        https://bugzilla.redhat.com/show_bug.cgi?id=1781979
  [ 30 ] Bug #1781978 - CVE-2019-13730 chromium-browser: Type Confusion in V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781978
  [ 31 ] Bug #1781975 - CVE-2019-13727 chromium-browser: Insufficient policy 
enforcement in WebSockets
        https://bugzilla.redhat.com/show_bug.cgi?id=1781975
  [ 32 ] Bug #1781977 - CVE-2019-13729 chromium-browser: Use after free in 
WebSockets
        https://bugzilla.redhat.com/show_bug.cgi?id=1781977
  [ 33 ] Bug #1781976 - CVE-2019-13728 chromium-browser: Out of bounds write in 
V8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781976
  [ 34 ] Bug #1781974 - CVE-2019-13726 chromium-browser: Heap buffer overflow 
in password manager
        https://bugzilla.redhat.com/show_bug.cgi?id=1781974
  [ 35 ] Bug #1782021 - CVE-2019-13744 chromium-browser: Insufficient policy 
enforcement in cookies
        https://bugzilla.redhat.com/show_bug.cgi?id=1782021
  [ 36 ] Bug #1782017 - CVE-2019-13758 chromium-browser: Insufficient policy 
enforcement in navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1782017
  [ 37 ] Bug #1781973 - CVE-2019-13725 chromium-browser: Use after free in 
Bluetooth
        https://bugzilla.redhat.com/show_bug.cgi?id=1781973
--------------------------------------------------------------------------------


================================================================================
 hitch-1.5.2-1.el7 (FEDORA-EPEL-2019-0be7890e83)
 Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:

New upstream releases 1.5.1 and 1.5.2. From the upstream changelog:  * Support
for TCP Fast Open. It is disabled by default * Various code cleanups and minor
bug fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 27 2019 Ingvar Hagelund <ing...@redpill-linpro.com> - 1.5.2-1
- New upstream release
- Removed patches merged upstream
* Tue Nov 26 2019 Ingvar Hagelund <ing...@redpill-linpro.com> - 1.5.1-1
- New upstream release
- Added a patch working around upstream bug #322
- Example config now sets debug-level=1 and logs to syslog
--------------------------------------------------------------------------------


================================================================================
 libuv-1.34.0-1.el7 (FEDORA-EPEL-2019-39eb4afe6e)
 Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:

Update to libuv 1.34.0  https://github.com/libuv/libuv/blob/v1.34.0/ChangeLog
----  Update to Node.js upstream release 12.13.1
https://nodejs.org/en/blog/release/v12.13.1/  Also fixes an issue where running
`npm -g` was risky on RPM-installed systems. Fedora's packaged NPM will now
install global content in /usr/local instead of /usr where it could conflict
with RPM-provided versions.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec  6 2019 Stephen Gallagher <sgall...@redhat.com> - 1.34.0-1
- Update to 1.34.0
- https://github.com/libuv/libuv/blob/v1.34.0/ChangeLog
* Mon Dec  2 2019 Stephen Gallagher <sgall...@redhat.com> - 1.33.1-1
- Update to 1.33.1
- Drop upstreamed patch
- https://github.com/libuv/libuv/blob/v1.33.1/ChangeLog
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1779518 - libuv-1.34.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1779518
  [ 2 ] Bug #1690818 - nodejs-12.3.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1690818
  [ 3 ] Bug #1565256 - NPM permanently breaks after "npm update -g"
        https://bugzilla.redhat.com/show_bug.cgi?id=1565256
--------------------------------------------------------------------------------


================================================================================
 nsd-4.2.4-1.el7 (FEDORA-EPEL-2019-de62919a55)
 Fast and lean authoritative DNS Name Server
--------------------------------------------------------------------------------
Update Information:

Resolves: rhbz#1772468 nsd-4.2.4 is available
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 11 2019 Paul Wouters <pwout...@redhat.com> - 4.2.4-1
- Resolves: rhbz#1772468 nsd-4.2.4 is available
- Updated nsd.conf page for new upstream option(s)
- Properly mark license file.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1772468 - nsd-4.2.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1772468
--------------------------------------------------------------------------------


================================================================================
 perl-Lchown-1.01-14.el7 (FEDORA-EPEL-2019-eb06b4c644)
 Use the lchown(2) system call from Perl
--------------------------------------------------------------------------------
Update Information:

Added the package to EPEL branches
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 26 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.01-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 31 2019 Jitka Plesnikova <jples...@redhat.com> - 1.01-13
- Perl 5.30 rebuild
* Fri Feb  1 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.01-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.01-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 28 2018 Jitka Plesnikova <jples...@redhat.com> - 1.01-10
- Perl 5.28 rebuild
* Fri Mar  2 2018 Petr Pisar <ppi...@redhat.com> - 1.01-9
- Adapt to removing GCC from a build root (bug #1547165)
* Thu Feb  8 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 1.01-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug  3 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 1.01-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 1.01-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jun  4 2017 Jitka Plesnikova <jples...@redhat.com> - 1.01-5
- Perl 5.26 rebuild
* Sat Feb 11 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 1.01-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Sun May 15 2016 Jitka Plesnikova <jples...@redhat.com> - 1.01-3
- Perl 5.24 rebuild
* Thu Feb  4 2016 Fedora Release Engineering <rel...@fedoraproject.org> - 1.01-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Mon Feb  1 2016 Jitka Plesnikova <jples...@redhat.com> - 1.01-1
- Initial release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1781826 - Please build perl-Lchown for EPEL 6, 7 and 8
        https://bugzilla.redhat.com/show_bug.cgi?id=1781826
--------------------------------------------------------------------------------


================================================================================
 rsnapshot-1.4.3-1.el7 (FEDORA-EPEL-2019-6f33b901f5)
 Local and remote filesystem snapshot utility
--------------------------------------------------------------------------------
Update Information:

- Upgrade to 1.4.3 (#1443553, #1646191, #1741427) - Extend spec file
compatibility to cover RHEL/CentOS 6 - Add run-time requirement for perl(Lchown)
(#1494775)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 11 2019 Robert Scheck <rob...@fedoraproject.org> - 1.4.3-1
- Upgrade to 1.4.3 (#1443553, #1646191, #1741427)
- Extend spec file compatibility to cover RHEL/CentOS 6
- Add run-time requirement for perl(Lchown) (#1494775)
* Fri Jul 26 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.4.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sat Feb  2 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.4.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.4.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb  9 2018 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.4.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.4.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.4.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1782091 - rsnapshot 1.4.3 available. Please build for EL7 (and EL8)
        https://bugzilla.redhat.com/show_bug.cgi?id=1782091
  [ 2 ] Bug #1646191 - Please include latest rsnapshot version (with PR #179 
merged)
        https://bugzilla.redhat.com/show_bug.cgi?id=1646191
  [ 3 ] Bug #1741427 - Restore rsync error code 23 as an important warning
        https://bugzilla.redhat.com/show_bug.cgi?id=1741427
  [ 4 ] Bug #1443553 - Backups fail when configuration has mixed lvm and 
non-lvm backup points
        https://bugzilla.redhat.com/show_bug.cgi?id=1443553
  [ 5 ] Bug #1494775 - rsnapshot seems to require perl-Lchown
        https://bugzilla.redhat.com/show_bug.cgi?id=1494775
--------------------------------------------------------------------------------


================================================================================
 spectre-meltdown-checker-0.43-1.el7 (FEDORA-EPEL-2019-0e780ac343)
 Spectre & Meltdown vulnerability/mitigation checker for Linux
--------------------------------------------------------------------------------
Update Information:

Update to 0.43. Changes:  * feat: implement TAA detection (CVE-2019-11135) *
feat: implement MCEPSC / iTLB Multihit detection (CVE-2018-12207) * feat: taa:
add TSX_CTRL MSR detection in hardware info * feat: fwdb: use both Intel GitHub
repo and MCEdb to build our firmware version database * feat: use `--live` with
`--kernel`/`--config`/`--map` to override file detection in live mode * enh:
rework the vuln logic of MDS with `--paranoid` (fixes
[#307](https://github.com/speed47/spectre-meltdown-checker/issues/307)) * enh:
explain that Enhanced IBRS is better for performance than classic IBRS * enh:
kernel: autodetect customized arch kernels from cmdline * enh: kernel
decompression: better tolerance against missing tools * enh: mock: implement
reading from `/proc/cmdline` * fix: variant3a: Silvermont CPUs are not
vulnerable to variant 3a * fix: lockdown: detect Red Hat locked down kernels
(impacts MSR writes) * fix: lockdown: detect locked down mode in vanilla 5.4+
kernels * fix: sgx: on locked down kernels, fallback to CPUID bit for detection
* fix: fwdb: builtin version takes precedence if the local cached version is
older * fix: pteinv: don't check kernel image if not available * fix: silence
useless error from grep (fixes [#322](https://github.com/speed47/spectre-
meltdown-checker/issues/322)) * fix: msr: fix msr module detection under Ubuntu
19.10 (fixes [#316](https://github.com/speed47/spectre-meltdown-
checker/issues/316)) * fix: mocking value for read_msr * chore: rename mcedb
cmdline parameters to fwdb, and change db version scheme * chore: fwdb: update
to v130.20191104+i20191027
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 11 2019 Reto Gantenbein <reto.gantenb...@linuxmonk.ch> - 0.43-1
- Update to 0.43
* Fri Jul 26 2019 Fedora Release Engineering <rel...@fedoraproject.org> - 0.42-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org