The following Fedora EPEL 7 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9b53b79398
golang-1.20.12-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
baresip-3.10.0-1.el7
bird2-2.15-1.el7
chromium-122.0.6261.111-1.el7
ganglia-3.7.2-48.el7
libre-3.10.0-1.el7
nagios-4.4.14-1.el7
nagios-plugins-2.4.8-1.el7
Details about builds:
================================================================================
baresip-3.10.0-1.el7 (FEDORA-EPEL-2024-b7cce2930c)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
Baresip v3.10.0 (2024-03-06)
cmake: use default value for CMAKE_C_EXTENSIONS
cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake
test/main: fix NULL pointer arg on err
ci: add Fedora workflow to avoid e.g. rpath issues
mediatrack/start: add audio_decoder_set
config: support distribution-specific/default CA paths
readme: cosmetic changes
ci/fedora: fix dependency
config: add default CA path for Android
transp,tls: add TLS client verification
account,message,ua: secure incoming SIP MESSAGEs
aufile: avoid race condition in case of fast destruction
aufile: join thread if write fails
video: add video_req_keyframe api
call: start streams in sipsess_estab_handler
webrtc: add av1 codec
cmake: fix relative source dir find paths
echo: fix re_snprintf pointer ARG
cmake: Add include PATH so that GST is found also on Debian 11
call: improve glare handling
call: set estdir in call_set_media_direction
audio,aur: start audio player after early-video
ctrl_dbus: add busctl example to module documentation
debian: bump to v3.9.0
release v3.10.0
libre v3.10.0 (2024-03-06)
transp: deref qent only if qentp is not set
sipsess: fix doxygen comments
aufile: fix doxygen comment
ci/codeql: bump action v3
misc: text2pcap helpers (RTP/RTCP capturing)
ci/mingw: bump upload/download-artifact and cache versions
transp,tls: add TLS client verification
fmt/text2pcap: cleanup
ci/android: cache openssl build
ci/misc: fix double push/pull runs
fmt/text2pcap: fix coverity return value warning
sipsess/listen: improve glare handling
conf: add conf_get_i32
debian: bump version v3.9.0
sip/transp: reset tcp timeout on websocket receive
release v3.10.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 10 2024 Robert Scheck <rob...@fedoraproject.org> 3.10.0-1
- Upgrade to 3.10.0 (#2268424)
* Wed Feb 7 2024 Pete Walter <pwal...@fedoraproject.org> - 3.9.0-2
- Rebuild for libvpx 1.14.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268236 - libre-3.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2268236
[ 2 ] Bug #2268424 - baresip-3.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2268424
--------------------------------------------------------------------------------
================================================================================
bird2-2.15-1.el7 (FEDORA-EPEL-2024-56ed925894)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
BIRD 2.15 (2024-03-10)
BGP: Send hold timer
BGP: New options to specify required BGP capabilities
BFD: Improvements to show bfd sessions command
RPKI: New local address configuration option
Linux: Support for more route attributes, including TCP congestion control
algorithm
Support for UDP logging
Static routes can have both nexthop and interface specified
Completion of command options in BIRD client
Many bugfixes and improvements
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 10 2024 Robert Scheck <rob...@fedoraproject.org> - 2.15-1
- Upgrade to 2.15 (#2268900)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268900 - bird-2.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2268900
--------------------------------------------------------------------------------
================================================================================
chromium-122.0.6261.111-1.el7 (FEDORA-EPEL-2024-a461023d55)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 6 2024 Than Ngo <t...@redhat.com> - 122.0.6261.111-1
- upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268541 - CVE-2024-2173 CVE-2024-2174 CVE-2024-2176 chromium:
various flaws [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2268541
--------------------------------------------------------------------------------
================================================================================
ganglia-3.7.2-48.el7 (FEDORA-EPEL-2024-d0c63e8ac2)
Distributed Monitoring System
--------------------------------------------------------------------------------
Update Information:
Update to latest version available in upstream git repo
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 10 2024 Terje Rosten <terje.ros...@ntnu.no> - 3.7.2-48
- Update to commit 185ab6b
* Sun Mar 3 2024 Terje Rosten <terje.ros...@ntnu.no> - 3.7.2-47
- Add more PHP8 patches
* Sat Feb 24 2024 Terje Rosten <terje.ros...@ntnu.no> - 3.7.2-46
- Upgrade to ganglia web 3.7.6
* Mon Feb 5 2024 Terje Rosten <terje.ros...@ntnu.no> - 3.7.2-45
- Fix GCC 14 issue
* Wed Jan 24 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
3.7.2-44
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <rel...@fedoraproject.org> -
3.7.2-43
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
3.7.2-42
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> -
3.7.2-41
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2257251 - Regression: machine_type_func() returns uninitialized
local variable value on aarch64
https://bugzilla.redhat.com/show_bug.cgi?id=2257251
--------------------------------------------------------------------------------
================================================================================
libre-3.10.0-1.el7 (FEDORA-EPEL-2024-b7cce2930c)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
Baresip v3.10.0 (2024-03-06)
cmake: use default value for CMAKE_C_EXTENSIONS
cmake: add /usr/{local,}/include/re and /usr/{local,}/lib{64,} to FindRE.cmake
test/main: fix NULL pointer arg on err
ci: add Fedora workflow to avoid e.g. rpath issues
mediatrack/start: add audio_decoder_set
config: support distribution-specific/default CA paths
readme: cosmetic changes
ci/fedora: fix dependency
config: add default CA path for Android
transp,tls: add TLS client verification
account,message,ua: secure incoming SIP MESSAGEs
aufile: avoid race condition in case of fast destruction
aufile: join thread if write fails
video: add video_req_keyframe api
call: start streams in sipsess_estab_handler
webrtc: add av1 codec
cmake: fix relative source dir find paths
echo: fix re_snprintf pointer ARG
cmake: Add include PATH so that GST is found also on Debian 11
call: improve glare handling
call: set estdir in call_set_media_direction
audio,aur: start audio player after early-video
ctrl_dbus: add busctl example to module documentation
debian: bump to v3.9.0
release v3.10.0
libre v3.10.0 (2024-03-06)
transp: deref qent only if qentp is not set
sipsess: fix doxygen comments
aufile: fix doxygen comment
ci/codeql: bump action v3
misc: text2pcap helpers (RTP/RTCP capturing)
ci/mingw: bump upload/download-artifact and cache versions
transp,tls: add TLS client verification
fmt/text2pcap: cleanup
ci/android: cache openssl build
ci/misc: fix double push/pull runs
fmt/text2pcap: fix coverity return value warning
sipsess/listen: improve glare handling
conf: add conf_get_i32
debian: bump version v3.9.0
sip/transp: reset tcp timeout on websocket receive
release v3.10.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 10 2024 Robert Scheck <rob...@fedoraproject.org> 3.10.0-1
- Upgrade to 3.10.0 (#2268236)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2268236 - libre-3.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2268236
[ 2 ] Bug #2268424 - baresip-3.10.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2268424
--------------------------------------------------------------------------------
================================================================================
nagios-4.4.14-1.el7 (FEDORA-EPEL-2024-8aeeb0702b)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Update to 4.4.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 9 2024 Guido Aulisi <guido.aul...@gmail.com> - 4.4.14-1
- Update to 4.4.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2255413 - Please update branch and build nagios for EPEL 8 and
EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=2255413
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.4.8-1.el7 (FEDORA-EPEL-2024-fbaf5f90da)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.8
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 10 2024 Guido Aulisi <guido.aul...@gmail.com> - 2.4.8-1
- Update to 2.4.8
* Sun May 24 2020 Martin Jackson <mhja...@swbell.net> - 2.3.3-4
- Reinstate ssl_validity. Packager overreacted.
* Tue May 19 2020 Martin Jackson <mhja...@swbell.net> - 2.3.3-3
- Remove ssl_validity as perl-Convert-ASN1 has been retired. BZ#1837397
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2250202 - nagios-plugins-2.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2250202
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
