The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9c790c33f7 netatalk-3.1.18-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a0ec47d7c6 composer-2.6.5-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-3a968a9e97 chromium-117.0.5938.149-1.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-61870984c8 mbedtls-2.28.5-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
apptainer-1.2.4-1.el9 gaupol-1.13-2.el9 libcue-2.3.0-1.el9 python-ogr-0.47.0-1.el9 python-openslide-1.3.1-3.el9 texlive-extension-20200406-34.el9 tmt-1.28.2-1.el9 trafficserver-9.2.3-1.el9 yt-dlp-2023.10.07-1.el9
Details about builds:
================================================================================ apptainer-1.2.4-1.el9 (FEDORA-EPEL-2023-18afa1ea0d) Application and environment virtualization formerly known as Singularity -------------------------------------------------------------------------------- Update Information:
Update to upstream 1.2.4 -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Dave Dykstra dwd@fnal.gov - 1.2.4 - Update to upstream 1.2.4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2243304 - apptainer-1.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2243304 --------------------------------------------------------------------------------
================================================================================ gaupol-1.13-2.el9 (FEDORA-EPEL-2023-ca38a4f4c4) Editor for text-based subtitle files -------------------------------------------------------------------------------- Update Information:
Update Gaupol to 1.13 and add a weak dependency on mpv for media previews. ## 2023-10-08: Gaupol 1.13 - Fix translations missing for enums - Fix Python 3.12 compatibility and drop support for Python < 3.4 - Add Chinese (China) translation -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Benjamin A. Beasley code@musicinmybrain.net - 1.13-2 - Fedora, EPEL9: add a weak dependency on mpv - This is upstream���s preferred media player for previews, and the only supported one packaged in Fedora and EPEL * Wed Oct 11 2023 Benjamin A. Beasley code@musicinmybrain.net - 1.13-1 - Update to 1.13 (close RHBZ#2242996) * Wed Oct 11 2023 Yaakov Selkowitz yselkowi@redhat.com - 1.12-6 - Fix flatpak build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2242996 - gaupol-1.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242996 --------------------------------------------------------------------------------
================================================================================ libcue-2.3.0-1.el9 (FEDORA-EPEL-2023-b4fc9c3fdb) Cue sheet parser library -------------------------------------------------------------------------------- Update Information:
This update provides a new release of libcue that includes the fix for a serious security issue that could cause arbitrary code execution, tracked as CVE-2023-43641. See [this write-up by Kevin Backhouse](https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on- gnome-cve-2023-43641/) for details. Thanks to Kevin for discovering the issue and writing the fix. It also includes another small bug fix. -------------------------------------------------------------------------------- ChangeLog:
* Tue Oct 10 2023 Adam Williamson awilliam@redhat.com - 2.3.0-1 - New release 2.3.0 - Drop merged patch * Tue Oct 10 2023 Adam Williamson awilliam@redhat.com - 2.2.1-13 - Fix CVE-2023-43641 (Kevin Backhouse) * Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 2.2.1-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 2.2.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 2.2.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 2.2.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2243168 - CVE-2023-43641 libcue: a out-of-bounds array access leads to RCE [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243168 --------------------------------------------------------------------------------
================================================================================ python-ogr-0.47.0-1.el9 (FEDORA-EPEL-2023-01b34367b7) One API for multiple git forges -------------------------------------------------------------------------------- Update Information:
Automatic update for python-ogr-0.47.0-1.el9. ##### **Changelog for python- ogr** ``` * Wed Oct 11 2023 Packit hello@packit.dev - 0.47.0-1 - Added support for removing users/groups from a project and possibility to check for groups with permissions to modify a PR. (#815) - Resolves rhbz#2125279 * Fri Oct 06 2023 Packit hello@packit.dev - 0.46.2-1 - Added missing README to package metadata. ``` ---- Automatic update for python-ogr-0.46.2-1.el9. ##### **Changelog for python-ogr** ``` * Fri Oct 06 2023 Packit hello@packit.dev - 0.46.2-1 - Added missing README to package metadata. ``` -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Packit hello@packit.dev - 0.47.0-1 - Added support for removing users/groups from a project and possibility to check for groups with permissions to modify a PR. (#815) - Resolves rhbz#2125279 * Fri Oct 6 2023 Packit hello@packit.dev - 0.46.2-1 - Added missing README to package metadata. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2125279 - python-ogr-0.47.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2125279 --------------------------------------------------------------------------------
================================================================================ python-openslide-1.3.1-3.el9 (FEDORA-EPEL-2023-12a678ef1d) Python bindings for the OpenSlide library -------------------------------------------------------------------------------- Update Information:
- Update docs to transform images to sRGB using the default rendering intent of the image���s ICC profile, rather than absolute colorimetric intent. - Fix SPDX license identifier. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Benjamin Gilbert bgilbert@backtick.net - 1.3.1-3 - Use correct SPDX license identifier * Sun Oct 8 2023 Benjamin Gilbert bgilbert@backtick.net - 1.3.1-2 - Fix tests on EPEL 9 * Sun Oct 8 2023 Benjamin Gilbert bgilbert@backtick.net - 1.3.1-1 - New release - Drop obsolete versioned dependency on OpenSlide - Drop obsolete Provides/Obsoletes --------------------------------------------------------------------------------
================================================================================ texlive-extension-20200406-34.el9 (FEDORA-EPEL-2023-856c0e7861) TeX formatting system -------------------------------------------------------------------------------- Update Information:
added texlive-boondox, texlive-fontaxes, texlive-IEEEtran and texlive-newtx -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Than Ngo than@redhat.com - 20200406-34 - fixed bz#2242153, add support of IEEEtran, boondox, fontaxes, newtx -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2242153 - Please branch and build IEEEtrans in epel9 https://bugzilla.redhat.com/show_bug.cgi?id=2242153 --------------------------------------------------------------------------------
================================================================================ tmt-1.28.2-1.el9 (FEDORA-EPEL-2023-d3ffb2a15b) Test Management Tool -------------------------------------------------------------------------------- Update Information:
Automatic update for tmt-1.28.2-1.el9. ##### **Changelog for tmt** ``` * Wed Oct 11 2023 Petr ��pl��chal psplicha@redhat.com - 1.28.2 - Build man page during the `release` action * Wed Oct 11 2023 Petr ��pl��chal psplicha@redhat.com - 1.28.1 - Remove the `.dev0` suffix from the spec `Version` * Fri Oct 06 2023 Petr ��pl��chal psplicha@redhat.com - 1.28.0 - Update the `release` action with `hatch` changes - Fix the multihost web test to work with container - Add `skip` as a supported custom result outcome - Add docs for the new `--update-missing` option - Remove irrelevant mention of `rhel-8` in the spec - Record start/end time & duration of test checks - Add `--update-missing` to update phase fields only when not set by fmf - Add --skip-prepare-verify-ssh and --post-install- script to artemis plugin (#2347) - Force tmt-link pre-commit to use fmf 1.3.0 which brings new features (#2376) - Add logging of applied adjust rules - Handle all context dimension values case insensitive - Hide `OPTIONLESS_FIELDS` from `tmt plan show` - Add context into the `html` report - Display test check results in `display` report output - Fix creation of guest data from plugin options - Allow wider output - Beaker plugin is negating Beaker operators by default - Include link to the data directory in the html report - Teach logging methods to handle common types - Move the copr repository to the `teemtee` group - Add a new `cpu` property `stepping` to hardware - Extract beakerlib phase name to a failure log - Always show the real beaker job id - Create a production copr build for each release - AVC denials check for tests (#2331) - Add nice & colorfull help to "make" targets - Include more dependencies in the dev environment - Stop using the `_version.py` file - Replace `opt()` for `--dry/--force` with properties - Update build names for copr/main and pull requests - Use `hatch` and `pyproject`, refactor `tmt.spec` - Use dataclass for log record details instead of typed dict - Refactor html report plugin to use existing template rendering - Narrow type of hardware constraint variants - Refactor parameters of `Plan._iter_steps()` - Use `format_value()` instead of `pprint()` - Use the minimal plan to test imported plan execution - Refactor exception rendering to use generators - Add the `export` callback for fields (#2288) - Update a verified-by link for the beaker provision - Multi-string help texts converted to multiline strings - Make the upload to PyPI working again - Hide command event debug logs behind a log topic (#2281) - Replace `pkg_resources` with `importlib.resources` - Wrap `click.Choice` use with `choices` parameter - Lower unnecessary verbosity of podman commands - Move check-related code into `tmt.checks` - Disable `systemd-resolved` to prevent dns failures - Adjust test coverage for deep beakerlib libraries - Document migration from provision.fmf to tmt (#2325) - Remove TBD of initiator context for Packit - Fix output indentation of imported plans - Copr repo with a group owner requires quotes ``` -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Petr ��pl��chal psplicha@redhat.com - 1.28.2 - Build man page during the `release` action * Wed Oct 11 2023 Petr ��pl��chal psplicha@redhat.com - 1.28.1 - Remove the `.dev0` suffix from the spec `Version` * Fri Oct 6 2023 Petr ��pl��chal psplicha@redhat.com - 1.28.0 - Update the `release` action with `hatch` changes - Fix the multihost web test to work with container - Add `skip` as a supported custom result outcome - Add docs for the new `--update-missing` option - Remove irrelevant mention of `rhel-8` in the spec - Record start/end time & duration of test checks - Add `--update-missing` to update phase fields only when not set by fmf - Add --skip-prepare-verify-ssh and --post-install-script to artemis plugin (#2347) - Force tmt-link pre-commit to use fmf 1.3.0 which brings new features (#2376) - Add logging of applied adjust rules - Handle all context dimension values case insensitive - Hide `OPTIONLESS_FIELDS` from `tmt plan show` - Add context into the `html` report - Display test check results in `display` report output - Fix creation of guest data from plugin options - Allow wider output - Beaker plugin is negating Beaker operators by default - Include link to the data directory in the html report - Teach logging methods to handle common types - Move the copr repository to the `teemtee` group - Add a new `cpu` property `stepping` to hardware - Extract beakerlib phase name to a failure log - Always show the real beaker job id - Create a production copr build for each release - AVC denials check for tests (#2331) - Add nice & colorfull help to "make" targets - Include more dependencies in the dev environment - Stop using the `_version.py` file - Replace `opt()` for `--dry/--force` with properties - Update build names for copr/main and pull requests - Use `hatch` and `pyproject`, refactor `tmt.spec` - Use dataclass for log record details instead of typed dict - Refactor html report plugin to use existing template rendering - Narrow type of hardware constraint variants - Refactor parameters of `Plan._iter_steps()` - Use `format_value()` instead of `pprint()` - Use the minimal plan to test imported plan execution - Refactor exception rendering to use generators - Add the `export` callback for fields (#2288) - Update a verified-by link for the beaker provision - Multi-string help texts converted to multiline strings - Make the upload to PyPI working again - Hide command event debug logs behind a log topic (#2281) - Replace `pkg_resources` with `importlib.resources` - Wrap `click.Choice` use with `choices` parameter - Lower unnecessary verbosity of podman commands - Move check-related code into `tmt.checks` - Disable `systemd-resolved` to prevent dns failures - Adjust test coverage for deep beakerlib libraries - Document migration from provision.fmf to tmt (#2325) - Remove TBD of initiator context for Packit - Fix output indentation of imported plans - Copr repo with a group owner requires quotes --------------------------------------------------------------------------------
================================================================================ trafficserver-9.2.3-1.el9 (FEDORA-EPEL-2023-834ef33019) Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server -------------------------------------------------------------------------------- Update Information:
Update to upstream 9.2.3 Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456 -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Jered Floyd jered@redhat.com 9.2.3-1 - Update to upstream 9.2.3 - Resolves CVE-2023-44487, CVE-2023-41752, CVE-2023-39456 * Wed Oct 4 2023 Jered Floyd jered@redhat.com 9.2.2-2 - Use OpenSSL 1.1.x from EPEL on RHEL 7 to fix Chrome 117+ bugs -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2242988 - trafficserver-9.2.3-rc0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2242988 [ 2 ] Bug #2243251 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243251 [ 3 ] Bug #2243252 - [Major Incident] CVE-2023-44487 trafficserver: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2243252 --------------------------------------------------------------------------------
================================================================================ yt-dlp-2023.10.07-1.el9 (FEDORA-EPEL-2023-f06290bec2) A command-line program to download videos from online video platforms -------------------------------------------------------------------------------- Update Information:
Update to 2023.10.07. -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 11 2023 Marcus M��ller marcus_fedora@baseband.digital - 2023.10.07-1 - Update to 2023.10.07. - Fixes rhbz#2243274 - Fixes rhbz#2240465 * Sat Jul 22 2023 Fedora Release Engineering releng@fedoraproject.org - 2023.07.06-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2240465 - yt-dlp-2023.10.07 is available https://bugzilla.redhat.com/show_bug.cgi?id=2240465 [ 2 ] Bug #2243274 - yt-dlp 2023.07.06 broken on YouTube Playlist links https://bugzilla.redhat.com/show_bug.cgi?id=2243274 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org