Topic: Fribidi Patch x86_64

Hey remi team,

We are leveraging your remi repo on Centos7 and AL2 systems in our environment.  We recently came upon an issue with a vulnerability in fribidi, where your remi repo is not offering the latest patch.  Can you get the following patch for Amazon Linux 2 into your repo?

https://alas.aws.amazon.com/AL2/ALAS-2020-1434.html

Current latest:
yum list fribidi
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd, versionlock
6344 packages excluded due to repository priority protections
Installed Packages
fribidi.x86_64                                          1.0.2-0.el7.remi                                          @remi

Re: Fribidi Patch x86_64

NOTICE: EL-7 is old, terribly old, and close to its end of life in ~1 year
Everything is old on EL-7, for modern features, such as recent PHP versions I heartily recommend using a modern distro, so EL-8 or EL-9

For history
amz2 was based on something around 7.2 (is now outdated) with fribidi 0.19
EL 7.7 rebase fribidi to 1.0.2-1.el7 (new API)

Version 1.0.2-0.el7.remi was a simple rebuild for amzn2 users (lower version so real EL users will use the distro version)

fribidi 1.0.2-1.el7_7.1 or fribidi-1.0.2-1.amzn2.1 includes a security fix (CVE-2019-18397)
so the version in my repo is older and no more needed/used.

I've checked with a simple Dockerfile

I will remove it

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Fribidi Patch x86_64

Removed.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Fribidi Patch x86_64

Thank you for the fast response and the change! This got us patched via the upstream vendor (AL2) in this case.